A feature processing method and system for intellectual property circulation data, and a storage medium
By employing a triple verification mechanism and progressive encryption, the security issues of intellectual property transfer data during transmission and storage are resolved, achieving full-process data confidentiality and traceability, and enhancing the security and controllability of intellectual property transfer data.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHENZHEN QIANXING INTELLECTUAL PROPERTY SERVICES CO LTD
- Filing Date
- 2026-04-22
- Publication Date
- 2026-07-14
AI Technical Summary
Existing intellectual property management and transaction systems fail to effectively encrypt intellectual property transfer data in real time, making the data vulnerable to theft, tampering, or unauthorized access during transmission and storage, and lacking comprehensive security control.
A triple verification mechanism is adopted, consisting of login permission verification, device feature code verification, and data read/write software matching. This is combined with progressive exclusive encryption of application number, type number, and classification number, as well as symmetric encryption, hash verification, and key obfuscation binding of device verification code, to achieve full-process secure encryption of intellectual property transfer data.
It achieves secure and comprehensive encryption control over the entire process of intellectual property transfer data, accurately identifies and warns against unauthorized access, data tampering, and violations, and ensures the confidentiality and security of the data.
Smart Images

Figure CN122389074A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the technical field of information security, and in particular to a method, system, and storage medium for feature processing of intellectual property transfer data. Background Technology
[0002] With the increasingly frequent commercial operation and market-based transfer of intellectual property rights, intellectual property transfer data, as a key carrier of core information such as ownership, transaction price, licensing model, and transfer trajectory, is increasingly demonstrating its commercial and competitive value. This has created a demand for the confidentiality of intellectual property transfer data throughout the entire process of collection, transmission, storage, and use.
[0003] Existing intellectual property management and transaction-related systems mostly employ account-based access control to achieve data confidentiality. This primarily relies on traditional information security measures such as setting login accounts, tiered access permissions, and role-based authorization to verify the identity and restrict the scope of data access. This approach only controls the data access point, focusing on preventing unauthorized entities from logging into the system.
[0004] In the actual interaction and use of intellectual property transfer data, existing solutions generally do not implement real-time encryption processing for data content. Data is mostly presented in plain text during the transfer process, making it easy for it to be stolen, tampered with, or viewed without authorization in transmission links, storage media, and calling interfaces. Summary of the Invention
[0005] To enhance the confidentiality of intellectual property data, this application provides a method, system, and storage medium for feature processing of intellectual property transfer data.
[0006] Firstly, this application provides a method for feature processing of intellectual property transfer data, employing the following technical solution: A method for feature processing of intellectual property transfer data includes the following steps: Login verification is performed based on the input login information. If the verification is successful, the operation permissions corresponding to the login information are retrieved from the preset permission database; otherwise, a login failure message is displayed. Based on operation permissions, the system retrieves the query content and the device feature code of the current device. According to the query content, the system extracts the corresponding intellectual property content from the preset information database. The system matches the device feature code with the preset device verification database, which stores device verification codes, each of which corresponds to a data read / write software marker. If the match is successful, the system outputs the device verification code corresponding to the device feature code. Otherwise, the system displays a device verification failure message and sends it to the backend for storage. The intellectual property content and the device verification code are encrypted to obtain encrypted data. The encrypted data and the device verification code are packaged into return data and sent to the current device. After the current device receives the return data, it extracts the device verification code and encrypted data from it. It decrypts the encrypted data according to the device verification code to obtain the intellectual property content, and also extracts the data read / write software mark from the device verification code. If the device currently has read / write software installed that corresponds to the data read / write software tag, then the data read / write software tag is invoked to read / write intellectual property content, generate read / write logs, and send the read / write logs to the backend for storage; otherwise, a software verification failure message is displayed and sent to the backend for storage.
[0007] By adopting the above technical solution, a triple verification mechanism of login permission verification, device feature code verification, and read / write software matching is implemented. Combined with the encrypted calculation and targeted decryption of intellectual property content and device verification code, the entire process of intellectual property transfer data is securely controlled from multiple dimensions, including the access subject, the device used, and the operating software. This effectively prevents data from being illegally stolen, viewed without authorization, or read / written in violation of regulations. At the same time, read / write logs are retained to ensure traceability of operation behavior, which greatly improves the confidentiality and security of intellectual property transfer data.
[0008] Optionally, the step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: Extract the application number from the query content. If an application number is extracted, the number of application numbers is obtained as the number of numbers. If the number of numbers is greater than one, the longest or largest application number is taken as the verification number. Otherwise, the application number is used as the verification number. The existence of the verification number is verified based on the information database. If the existence verification passes, the intellectual property content is updated and encrypted according to the verification number, and the new intellectual property content is obtained by encrypting the verification number and the intellectual property content. The reverse process of updating the encryption number is stored in the intellectual property content; the current device extracts the reverse process from the new intellectual property content and restores the intellectual property content before the encryption number update based on the reverse process.
[0009] By adopting the above technical solution, the existence verification is completed by extracting and screening the application number as the verification number, and then the intellectual property content is updated and encrypted with a unique number based on the verification number. At the same time, the encryption reverse process is embedded in the data. This not only uses the unique application number to improve the targeting and anti-cracking of encryption, effectively preventing data from being tampered with or illegally decrypted, but also allows legitimate devices to quickly restore the original data through the reverse process. While strengthening the encryption security of intellectual property transfer data, it also ensures the convenience and integrity of data decryption in legitimate use scenarios.
[0010] Optionally, the step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: Extract the application number information from the query content or intellectual property content. If the application number information is extracted, obtain the type number from the application number. Existence verification of type numbers is performed based on an information database; If the existence verification passes, the intellectual property content is encrypted by offsetting the type number, and the new intellectual property content is obtained by offsetting the encoding of the intellectual property content using the type number. The reverse process of number offset encryption is stored in the intellectual property content; the current device extracts the reverse process from the new intellectual property content and restores the intellectual property content before number offset encryption based on the reverse process.
[0011] By adopting the above technical solution, the application number type code is extracted from the query content or intellectual property content and its existence is verified. Based on the type code, the intellectual property content encoding is encrypted with number offset. At the same time, the encryption reverse process is embedded in the data. This not only relies on the inherent type code of the intellectual property itself to achieve lightweight and differentiated targeted encryption, effectively improving the data's anti-tampering and anti-illegal cracking security capabilities, but also allows legitimate devices to quickly restore the original content based on the reverse process. While strengthening the data confidentiality performance, it also ensures the efficiency and convenience of encryption and decryption operations, adapting to the actual interactive use needs of intellectual property circulation data.
[0012] Optionally, the step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: If the application number and application number information are not extracted, the classification number information is extracted based on the query content or intellectual property content. If the classification number information is not mentioned, the corresponding classification number information is matched from the preset classification recognition database. The classification number value is calculated based on the classification number information. The intellectual property content is then encrypted by type offset based on the classification number value. The new intellectual property content is obtained by offsetting the encoding of the intellectual property content using the classification number value. The process of calculating the classification number and the reverse process of type offset encryption are stored in the intellectual property content; the current device extracts the reverse process from the new intellectual property content and restores the intellectual property content before type offset encryption based on the reverse process.
[0013] By adopting the above technical solution, when the application number and application number information are not extracted, classification number information is directly extracted or matched from a preset classification identification database. The numerical value is calculated based on the classification number that intellectual property rights must possess, and type offset encryption is carried out. At the same time, the classification number value calculation and encryption reverse process are stored, which realizes the comprehensive encryption protection of various types of intellectual property transfer data, eliminates encryption blind spots, and uses the inherent classification number to ensure the stability and uniqueness of the encryption basis. This effectively enhances the security performance of data against tampering and unauthorized viewing, while allowing legitimate devices to quickly restore the original content through the reverse process. This comprehensively improves the confidentiality capability while taking into account the convenience of decryption and use.
[0014] Optionally, the step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: Encryption algorithm steps: A hash code is generated by performing a hash operation based on the intellectual property content and the device verification code. A symmetric encryption mechanism is used, with the device verification code as a dynamic security key, to encrypt the intellectual property content, resulting in ciphertext of the intellectual property content. The device verification code, which serves as the dynamic security key, is sequentially processed through digest and obfuscation to obtain key obfuscation digest information; The key obfuscation digest information is bound and stored with the ciphertext of intellectual property content, and then integrated with the aforementioned hash code to form a single fused ciphertext; Decryption algorithm steps: The structure of a single fused ciphertext is parsed to separate the hash code, key obfuscation digest information, and intellectual property content ciphertext. The key obfuscation digest information is reverse obfuscated and the digest is verified to restore the valid device verification code; The same symmetric encryption algorithm as the encryption stage is used, and the device verification code obtained from the reconstruction is used as the key to decrypt the ciphertext of the intellectual property content and restore the original intellectual property content. The integrity of the decrypted intellectual property content is verified by combining the hash code with the device verification code, thus completing the data tracing and restoration of the original content.
[0015] By adopting the above technical solution, the device verification code is used as a dynamic symmetric key to encrypt the intellectual property content. At the same time, a verification code is generated through hash operation, and the key itself is digested and obfuscated before being bound to the ciphertext to form a fused ciphertext. During decryption, structural parsing, key restoration, and hash integrity verification are performed. This not only utilizes the unique characteristics of the device to achieve targeted encryption protection of intellectual property data, effectively resisting data theft, tampering, and illegal cracking, but also completes data integrity verification and operation traceability. While significantly improving the confidentiality and security of intellectual property transfer data, it also ensures the traceability and reliability of data use.
[0016] Optionally, the method further includes the following steps: Based on the cumulative number of device verification failure prompts and software verification failure prompts; If the number of prompts exceeds the preset limit within a preset time period, the system will retrieve login information from the current device for forwarding or copying intellectual property content, and obtain the target address corresponding to the forwarding or copying operation. Based on the target address, the system will match the corresponding target platform from the preset address database. If the match fails, an alarm for abnormal data paths will be triggered. Initialize the number of prompts.
[0017] By adopting the above technical solution, the system accumulates and counts the number of device verification failures and software verification failures. When the number of failures exceeds a preset threshold within a set time period, it automatically monitors the forwarding and copying of intellectual property content and verifies the legality of the target platform. It also promptly triggers data anomaly path alarms for abnormal target addresses that fail to match. This enables the system to accurately identify and warn of risky behaviors such as illegal external transmission and unauthorized transfer of intellectual property data. It achieves dynamic control and security auditing of data transfer paths, further improving the full-process protection capability of intellectual property transfer data and the efficiency of tracing violations.
[0018] Optionally, the method further includes the following steps: Within a set time period, the system retrieves the access frequency and operation data volume corresponding to the login information. If the access frequency exceeds the preset set frequency and the operation data volume exceeds the preset set data volume, an access data anomaly alarm is triggered.
[0019] By adopting the above technical solution, and by monitoring the access frequency and operation data volume of the corresponding login information in real time within a set period, and by combining dual preset thresholds to determine anomalies and trigger access data anomaly alarms, it is possible to accurately identify violations such as high-frequency batch access and malicious crawling of intellectual property transfer data. This enables dynamic monitoring and risk warning of data access behavior, effectively prevents security risks of illegal batch retrieval and illegal theft of intellectual property data, and further improves the security control accuracy of the intellectual property data access process.
[0020] Optionally, the method further includes the following steps: Within a set time period, obtain the access frequency and operation data volume corresponding to the login information. If the access frequency is greater than the preset base frequency and the operation data volume is greater than the preset base data volume, calculate the ratio of the access frequency to the base frequency as the frequency ratio, and calculate the ratio of the operation data volume to the base quantity as the data volume ratio. The adjustment value is calculated based on the frequency ratio and the data volume ratio, and the set quantity is adjusted inversely proportionally based on the adjustment value. Among them, the base frequency is less than the set frequency, and the base data volume is less than the set data volume.
[0021] By adopting the above technical solution, the frequency of login information access and the amount of operation data are statistically analyzed in real time. When the basic threshold is exceeded, the frequency ratio and the data volume ratio are further calculated to generate an adjustment value. Based on this, the judgment threshold for verification failure prompts is adjusted inversely. The security control standard can be adaptively optimized according to the degree of abnormality of the user's actual access behavior, avoiding the rigidity of control caused by fixed thresholds. This enables dynamic and refined control of intellectual property data access risks, effectively improving the sensitivity of abnormal behavior identification and the pertinence of risk prevention and control.
[0022] Secondly, this application provides a feature processing system for intellectual property transfer data, which adopts the following technical solution: A feature processing system for intellectual property transfer data includes a processor, wherein the processor performs the steps of the feature processing method for intellectual property transfer data as described in any one of the preceding claims.
[0023] Thirdly, this application provides a storage medium, which adopts the following technical solution: A storage medium storing a program, which, when executed by a processor, implements the steps of the feature processing method for intellectual property transfer data described in any one of the preceding claims.
[0024] In summary, this application includes at least one of the following beneficial technical effects: By constructing a triple verification system of login permission verification, device feature code verification, and data read / write software matching, coupled with progressive exclusive encryption based on application number, type number, and classification number, and symmetric encryption, hash verification, and key obfuscation binding protection combined with device verification code, this application achieves secure encryption control of the entire process of intellectual property transfer data without blind spots; at the same time, through cumulative monitoring of verification failures, identification of abnormal transfer paths, high-frequency batch access warnings, and adaptive threshold dynamic adjustment mechanisms, it can accurately identify and warn of various security risks such as illegal access, data tampering, unauthorized dissemination, and malicious crawling; coupled with full-process read / write log retention to achieve traceability of operation behavior, this application comprehensively improves the confidentiality, integrity, and controllability of intellectual property transfer data from multiple dimensions such as access subject, device used, data content, transfer path, and abnormal behavior, effectively enhancing the pertinence, flexibility, and practicality of data security protection. Attached Figure Description
[0025] Figure 1 This is a flowchart illustrating the steps of a feature processing method for intellectual property transfer data.
[0026] Figure 2 This is a diagram of the first implementation sub-steps for obtaining encrypted data by encrypting intellectual property content and device verification codes.
[0027] Figure 3 This is a diagram of the second implementation sub-step for obtaining encrypted data by encrypting the intellectual property content and the device verification code.
[0028] Figure 4 This is a diagram of the third implementation sub-step for obtaining encrypted data by encrypting the intellectual property content and the device verification code. Detailed Implementation
[0029] The embodiments of this application are described in detail below, and examples of the embodiments are shown in the accompanying drawings.
[0030] In the description of this specification, the references to "certain embodiments," "one embodiment," "some embodiments," "illustrative embodiment," "example," "specific example," or "some examples" refer to specific features, structures, materials, or characteristics described in connection with the described embodiment or example, which are included in at least one embodiment or example of this application. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.
[0031] This application discloses a feature processing method for intellectual property transfer data, applied to the entire process of data security management in intellectual property commercial operation, market transactions, licensing and filing, and ownership changes. Addressing the technical problems of intellectual property transfer data being easily stolen, tampered with, and accessed without authorization during transmission, storage, and retrieval, it provides refined security control over the entire process of data collection, verification, encryption, interaction, and auditing. Figure 1 The specific steps of the method are as follows: S100 Login Information Verification and Hierarchical Acquisition of Operation Permissions The front-end interactive interface receives login information input by the user. The login information includes the user account and login password, and may also include at least one of the following: enterprise unified identity authentication token, SMS verification code, U-shield key or biometric feature information, which is used to uniquely identify the user's identity.
[0032] The backend identity authentication module performs field-by-field verification of login information, comparing the user input information with the standard identity information pre-stored in the permission database. The permission database is pre-configured with a table mapping the identity credentials and permissions of different user roles.
[0033] If the verification results are consistent, the login verification is deemed successful. The permission allocation module retrieves the corresponding operation permissions from the permission database based on the user role associated with the login information. The operation permissions are divided into data query permissions, partial field viewing permissions, full content read and write permissions, data export permissions, and circulation operation permissions. Different permissions correspond to different intellectual property data access scopes and operation types. If the verification results are inconsistent, the login verification is deemed to have failed. The front-end interface will pop up a login failure prompt box in real time, with the prompt content including the reason for the error and the remaining number of retries. At the same time, the identity authentication module will record this failure, including the login account, login time, login IP address, and error information, and upload it to the back-end log server for permanent storage as a basis for subsequent security audits and anomaly investigations.
[0034] S200 equipment feature acquisition, intellectual property data extraction, and equipment legality verification After obtaining operation permissions, users can enter query commands through the front-end interface. The system parses the query commands to obtain the query content, which includes search conditions such as intellectual property application number, right holder name, transfer type, and query time period.
[0035] At the same time, the device feature acquisition module calls the underlying interface of the current terminal device to collect the unique device feature code of the current device. The device feature code includes one or more combinations of the device MAC address, CPU serial number, hard disk serial number, device UUID, and motherboard serial number, to ensure that the device feature is unique and cannot be arbitrarily tampered with.
[0036] The data retrieval module performs exact matching or fuzzy search in a preset information database based on the query content. The information database stores full data on intellectual property transfer, including core data such as ownership information, transaction price information, licensing mode, multiple transfer trajectory, and legal status information. After the search is completed, the module extracts the complete intellectual property content that matches the query content.
[0037] The device verification module matches and compares the collected device feature codes with the preset device verification database one by one. The device verification database is a pre-entered whitelist of legitimate devices. The database stores verified and authorized device verification codes. Each device verification code is bound to a corresponding data read / write software tag. The data read / write software tag is used to specify a unique compliant read / write tool that can securely process intellectual property data, limiting the data to be operated only in the specified software environment.
[0038] If the device signature code matches a device verification code in the device verification library, the device is determined to be a legitimate and authorized device. The device verification module outputs the device verification code corresponding to the device signature code and proceeds to the subsequent data encryption process. If a match fails or no corresponding record is found, it is determined to be an unauthorized device access. The front-end interface displays a device verification failure message, and at the same time, information such as device signature, query content, operation time, and user account is uploaded to the back-end server for storage, which is used for abnormal device tracking and risk warning.
[0039] S300 data encryption calculation, data packet transmission and local decryption and restoration The encryption module uses the extracted intellectual property content and the legitimate device verification code as encryption factors to perform encryption calculations and generate encrypted data. The encryption calculations employ symmetric encryption or hash obfuscation encryption methods to ensure that the intellectual property content exists in ciphertext form during transmission links and interface calls, thus eliminating the risk of plaintext leakage.
[0040] The data encapsulation module encapsulates and packages the generated encrypted data and the corresponding device verification code according to a preset data format to form standardized return data. The return data includes a data header identifier, a ciphertext segment, and a device identifier segment. It is sent to the current user device through an encrypted transmission protocol. The transmission process uses an SSL / TLS encrypted channel to prevent the data from being intercepted and tampered with.
[0041] After the device receives the returned data, the local parsing module performs structural parsing on the returned data, separating and extracting the device verification code and encrypted data. The decryption module uses the device verification code as the decryption key or decryption basis to perform reverse decryption operations on the encrypted data, restoring the original intellectual property content that can be read and processed. At the same time, the information parsing unit extracts the corresponding data reading and writing software markers from the configuration information bound to the device verification code for subsequent software environment verification.
[0042] S400 read / write software legitimacy verification, data operation, and read / write log archiving. The software detection module scans the list of installed applications on the current device, reads the unique identifier, version information, and digital signature of each software, and compares them item by item with the extracted data read / write software tags to determine whether the current device has installed and can run normally compliant read / write software that matches the tags.
[0043] If the test result shows that the corresponding compliant read and write software has been installed, and the software's digital signature is valid and the version meets security requirements, the software environment verification is deemed to have passed, and the system will automatically call the compliant read and write software to perform read and write operations such as viewing, editing, and exporting intellectual property content; During operation, the log generation module generates structured read and write logs in real time. The log content includes user account, operation time, device feature code, read and write software information, operation type, operation data range, and IP address. After the logs are generated, they are uploaded to the backend log server in real time for encrypted storage to ensure that the operation behavior is tamper-proof and fully traceable.
[0044] If no matching compliant read / write software is detected, or if the software signature is invalid or the version poses a security risk, the software verification is deemed to have failed. A software verification failure message will pop up on the front-end interface, prohibiting any read / write operations on intellectual property content. At the same time, the software verification failure information, device information, and user operation behavior will be sent to the back-end server for storage, forming a complete record of abnormal behavior to provide data support for subsequent security management and accountability for violations.
[0045] Reference Figure 2 This step is the first implementation of "encrypting the intellectual property content and the device verification code to obtain encrypted data" in S300. It constructs a unique encryption factor through the inherent application number of the intellectual property, further improving the targeting and security of data encryption. The specific sub-steps are as follows: S311 Application Number Extraction and Verification Number Filtering The encryption module parses the query content obtained from S200, identifies and extracts the application number from the query content using preset regular expression matching rules. The matching rules for the application number are pre-configured to conform to standard formats in the intellectual property field (such as patent application numbers "country code + year + type code + serial number + check digit", trademark application numbers "year + serial number", etc.) to ensure the accuracy of the extracted application number.
[0046] If at least one application number is extracted after parsing, the total number of extracted application numbers is counted as the number of numbers. If the number of numbers is greater than one, that is, the query content contains multiple application numbers of intellectual property targets, the verification number is determined through a dual screening logic: first, the character length of each application number is compared and the application number with the longest character length is selected; if there are cases where the character lengths are the same, the application number is converted into a numerical form, non-numeric characters are ignored, and the application number with the largest value is selected as the final verification number. If the number of numbers is equal to one, then the extracted application number is directly used as the verification number; If no application number is retrieved, proceed to other encryption sub-processes, such as encryption processes based on classification numbers.
[0047] S312 Existence Verification of Verification Number The data verification unit sends the selected verification numbers to the information database to perform dual verification of existence and validity. Existence verification: Check whether there is an intellectual property record in the information database that completely matches the verification number, and confirm the real existence of the intellectual property subject corresponding to the verification number; Validity verification: Simultaneously check the intellectual property status corresponding to the verification number (such as whether it is a valid right, whether it is in circulation, and whether it matches the current query user's operation permission scope) to prevent invalid or unauthorized numbers from participating in encryption.
[0048] If both existence and validity checks pass, proceed to the next encryption step; if either check fails, the encryption prerequisite is deemed not met, a check failure signal is generated and fed back to the backend, and the basic encryption method (encryption only using the device verification code) is used to process the intellectual property content.
[0049] S313 Number Update Encryption Based on Verification Number The encryption module employs a dual encryption strategy of "number embedding + content obfuscation," as detailed below: 1. Number preprocessing: Convert the verification number to a hexadecimal string, and extract the first 16 characters as the core encryption factor. If the verification number is less than 16 characters, pad it with zeros; if it is more than 16 characters, take the middle 16 characters. 2. Content segmentation: The extracted intellectual property content is divided into several data blocks according to data type (text, tables, attached image metadata, etc.). The size of each data block is set to 1024 bytes. The last block that is less than 1024 bytes is processed according to its actual size. 3. Block Encryption: Perform an XOR operation on each data block, XORing each byte of the data block with the corresponding byte of the core encryption factor to obtain an encrypted data block; at the same time, embed the verification number into the reserved field in the header of each encrypted data block (occupying 8 bytes), forming an encrypted data block with a numbered identifier; 4. Integration and Reconstruction: All encrypted data blocks with numbered identifiers are assembled in the order of the original data blocks to form new intellectual property content, and the numbering is updated and encrypted.
[0050] S314 Reverse Decryption Process Storage and Local Restoration After completing the number update encryption, the encryption module embeds key information from the reverse decryption process into the metadata field of the new intellectual property content. The reverse decryption process includes: Verification ID extraction rules (position of reserved field in header, truncation length); The generation method of core encryption factors (hexadecimal conversion, zero-padding / truncation rules); The reverse operation logic of XOR operation (the same XOR factor and byte correspondence as in the encryption stage).
[0051] After receiving the returned data containing new intellectual property content, the local decryption module first extracts the reverse decryption process information from the metadata field and restores the original data according to the following steps: 1. Extract the verification number fragment from the reserved field in the header of each encrypted data block and concatenate them to obtain the complete verification number; 2. Restore the core encryption factors according to preset rules to ensure consistency with the encryption stage; 3. Perform an inverse XOR operation on each encrypted data block to obtain the original data block; 4. Assemble the original data blocks in their original order to restore the complete intellectual property content before the numbering update and encryption, and then combine it with the device verification code to complete the final decryption.
[0052] Reference Figure 3 In another implementation, regarding the step of encrypting the intellectual property content and the device verification code to obtain encrypted data, this application also provides a number offset encryption refinement scheme based on the application number type code. This scheme relies on the inherent type code of the intellectual property application number as the basis for encryption offset, achieving lightweight and more targeted content encryption. The specific implementation sub-steps are as follows: S321 Application Number Information Extraction and Type Number Analysis The system first performs text retrieval and field parsing on the query content or the extracted intellectual property content. Through preset regular expression matching rules for intellectual property application numbers, it accurately extracts the application number information. The application number information follows the standard coding rules of the State Intellectual Property Office and includes a combination of numbers, letters and check digits.
[0053] If the application number information in a valid format is successfully extracted, the type number in the application number is parsed and obtained according to the preset application number field splitting logic. This type number is a fixed number or character in the application number used to identify the type of intellectual property. For example, the special type code in the patent application number represents the invention patent, utility model patent, and design patent, and the type code in the trademark application number represents the trademark type and application channel, etc., to ensure that the type number has uniqueness and fixed standardization.
[0054] If no valid application number information is extracted, the process will directly proceed to the subsequent encryption implementation process based on the classification number, ensuring that the encryption process is uninterrupted and without blind spots.
[0055] Existence and validity verification of type number S322 The system transmits the parsed type number to the background information database and performs an existence verification operation: it retrieves the preset intellectual property type code lookup table in the information database to determine whether the type number is a legally registered code, and at the same time checks whether the type number matches the type of the corresponding intellectual property content to avoid type number forgery or mismatch leading to encryption failure.
[0056] If the existence verification passes, confirming that the type number is authentic, valid, and matches the intellectual property content, the system proceeds to the number offset encryption stage. If the verification fails, the type number is deemed abnormal, the system automatically switches to the basic device verification code encryption mode, and uploads the type number verification anomaly record to the backend server for storage, ensuring that data encryption security is not affected.
[0057] S323 Type-based Intellectual Property Content Number Offset Encryption The encryption module uses the type number as the encoding offset base value to perform offset encryption processing on the character encoding of the intellectual property content: first, the type number is converted into a decimal value as the offset step size, and then the text and data fields of the intellectual property content are encoded and converted one by one. For characters with ASCII encoding and Unicode encoding, forward numerical offset is performed in sequence according to the offset step size to obtain the new encoding combination after offset, and then the new intellectual property content after encoding and encryption is reconstructed.
[0058] During the offset encryption process, the encryption module performs offset operations on the intellectual property content by field blocks, distinguishing between core flow data and supplementary explanatory data with differentiated offset precision. Core data uses full field offset, while supplementary data uses key character offset, thus improving encryption operation efficiency while ensuring encryption strength.
[0059] S324 Reverse Process Storage and Original Content Restoration After encryption is completed, the system will embed the complete reverse process information of this number offset encryption into the metadata field or the reserved field at the end of the data of the new intellectual property content for storage. The reverse process information specifically includes key decryption parameters such as type number value, encoding offset step size, character encoding format, block offset rules and offset start position.
[0060] After receiving the encrypted new intellectual property content, the local parsing module first extracts the reverse process information from the content, and then performs reverse numerical offset on the encrypted character encoding according to the reverse offset logic with the same type number offset step size, restores the original encoding value one by one, and finally recovers the original intellectual property content before the number offset encryption. Then, combined with the device check code, it completes the subsequent overall data decryption and read / write verification, realizing the closed-loop matching of encryption and decryption.
[0061] Reference Figure 4 In another implementation, for scenarios where the application number and application number information have not been extracted, this application provides a type offset encryption refinement scheme based on classification numbers. This scheme builds an encryption foundation based on the essential classification numbers for intellectual property, ensuring a seamless and comprehensive encryption process. The specific implementation sub-steps are as follows: S331 Classification Number Information Extraction and Missing Matching Supplement The encryption preprocessing module first determines the results of the preceding processes (application number extraction and application number type number extraction). If it is confirmed that no valid application number or application number information has been obtained, the classification number extraction mechanism is initiated. 1. Direct extraction of classification numbers: The query content (such as search keywords and technical field descriptions) obtained from S200 and the extracted intellectual property content (as claimed, specification abstracts, trademark / patent classification label fields) are parsed. Through preset classification number regular expression matching rules, the system adapts to standard formats such as IPC International Patent Classification, Nice Classification, and copyright classification codes, such as the hierarchical structure of IPC classification numbers "department + major category + minor category + major group / minor group", and accurately extracts the classification number information. 2. Missing Classification Number Matching: If no valid classification number information is obtained by direct extraction, a preset classification recognition database call process is triggered. The classification recognition database pre-stores a comprehensive intellectual property classification system table, including classification numbers, corresponding technical field keywords, right feature descriptions, application scenarios, and other related data. It adopts a dual algorithm of "keyword semantic matching + feature vector comparison" to calculate the similarity between the core features of the query content or intellectual property content and the classification association information in the database. The similarity threshold is set at 85%, and a unique corresponding classification number information is obtained. If there are multiple classification numbers that meet the similarity threshold, the classification number with the highest relevance (largest similarity value) is selected as the final encrypted classification number.
[0062] S332 Classification Number Numerical Conversion Calculation The encryption module performs a standardized numerical transformation on the extracted or matched classification number information to ensure that the classification number is converted into a quantitative benchmark that can be used for offset encryption. The specific calculation process is as follows: 1. Classification number preprocessing: Remove non-numeric characters from the classification number, such as letters and separators " / " and "-" in the IPC classification number, and retain the pure numeric sequence. For example, process the IPC classification number "G06F16 / 2458" into "06162458"; 2. Hierarchical weight allocation: Assign weight coefficients to each number segment according to the hierarchical structure of the classification number (such as department, major category, minor category, major group, minor group). The higher the level, the greater the weight. For example, the weight of the number segment corresponding to the department is 0.4, the major category is 0.3, the minor category is 0.15, the major group is 0.1, and the minor group is 0.05. 3. Weighted summation calculation: After converting the numerical segments of each level into decimal values, multiply them by the corresponding weight coefficients, and then sum all the product results to obtain the final classification number value (retaining integers and rounding off the decimal part); if the classification number is a single level (such as the copyright work classification code), then directly convert the classification number numerical sequence into a decimal value as the classification number value.
[0063] S333 Encryption Based on Classification Number Value Type Offset An encryption strategy of "full-field offset + core field enhancement" is adopted, using the classification number value as the basic offset step size to perform layered offset encryption on the encoding of intellectual property content: 1. Unified Encoding Format: First, convert all data fields (text, values, metadata) of the intellectual property content to UTF-8 encoding format to ensure encoding consistency; 2. Field offset processing: Core circulation fields (such as ownership, transaction price, license period, number of circulations, etc.): The offset step size is 1.2 times the value of the classification number. Each byte of the field code is offset in the positive direction. For example, if the classification number value is 100, the offset step size is 120. The byte with the code value of 0x61 (character "a") becomes 0x61+0x78=0xD9 after offset. Non-core auxiliary fields (such as descriptions, notes, formatting annotations, attachment indexes, etc.): The field code is shifted positively by using the classification number as the basic offset step. 3. Overflow handling mechanism: If the offset encoded value exceeds the valid range of UTF-8 encoding, a "circular offset" strategy is adopted, that is, the excess part is counted again from the starting value of the encoding to ensure the validity of the encrypted encoding; 4. Data Reconstruction: All offset-processed field codes are concatenated in the original data structure order to form encrypted new intellectual property content.
[0064] S334 Calculation Process, Reverse Decryption Information Storage, and Original Content Restoration After encryption, the system embeds two types of key information into the metadata reserved fields of the new intellectual property content (occupying 32 bytes of fixed storage space) for binding and storage: 1. Classification number numerical calculation process information: including the original text of the classification number, rules for removing non-numeric characters, hierarchical weight allocation table, and weighted summation formula; 2. Type offset encryption reverse process information: including encoding format (UTF-8), core / non-core field division rules, offset step size (basic step size, reinforcement step size), and overflow loop handling logic.
[0065] After receiving the encrypted new intellectual property content, the local decryption module restores the original data according to the following process: 1. Information Extraction: Parse the classification number calculation process and reverse encryption information from the reserved fields in the metadata; 2. Classification number value restoration: Derive the value in reverse according to the stored calculation rules to verify the accuracy of the classification number value; 3. Reverse offset operation: For the encrypted encoded fields, perform reverse subtraction operation on the encoded values according to the rule of "core fields are offset in reverse with enhanced step size, and non-core fields are offset in reverse with basic step size". In the case of a cyclic offset scenario, restore it according to the reverse cyclic logic. 4. Encoding Conversion: The restored encoding is converted into the original data format, and the complete intellectual property content before type offset encryption is obtained by splicing. Subsequently, the device check code is combined to complete the overall data decryption and read / write permission verification, ensuring the closed-loop consistency of the encryption-decryption process.
[0066] 3.4 Optional Implementation: A Fusion Encryption Subprocess Based on Hash Verification + Symmetric Encryption + Key Obfuscation This optional embodiment is a high-strength encryption refinement scheme in S300 that "encrypts the intellectual property content and the device verification code to obtain encrypted data." Through a triple mechanism of hash integrity verification, symmetric encryption protection, and key obfuscation binding, it achieves the dual goals of data encryption and traceability restoration. It is suitable for intellectual property transfer scenarios with extremely high data security requirements, such as core technology patent transactions and high-value trademark licensing. The specific implementation steps are as follows: S341 hash operation generates hash code (encryption stage) The encryption operation module first performs data fusion processing on the complete intellectual property content (including core circulation data, supplementary description data, and metadata) extracted by S200 and the device verification code (string format): the device verification code is concatenated to the end of the intellectual property content data stream to form a fused data stream of "intellectual property content + device verification code", ensuring that the hash calculation covers the core data and device identifier.
[0067] The SHA-256 hash algorithm is used to perform a one-way hash operation on the merged data stream, generating a fixed-length 32-byte hash code. This hash code serves as the core basis for data integrity verification. Its generation process is irreversible, and even the slightest data change will result in a completely different hash code, ensuring that subsequent data tampering can be identified through hash comparison. After generation, the hash code is temporarily stored in an encrypted cache, pending subsequent integration and encapsulation.
[0068] S342 symmetric encryption generates ciphertext of intellectual property content (encryption stage) 1. Key preprocessing: Convert the device checksum (original format can be a combination of letters, numbers, and symbols) into the standard key format required by the symmetric encryption algorithm; use UTF-8 encoding to convert the device checksum into a byte array. If the length of the byte array is less than 256 bits (required by the AES-256 algorithm), pad it to 256 bits using the PKCS7 padding rule; if it exceeds 256 bits, truncate the first 256 bits as the valid key to ensure that the key format meets the algorithm requirements.
[0069] 2. Encryption Algorithm Selection: The AES-256-CBC symmetric encryption algorithm is adopted. This algorithm features high encryption strength and balanced computational efficiency, making it suitable for the real-time encryption requirements of intellectual property transfer data. Before encryption, a 16-byte random initialization vector (IV) is automatically generated to initialize the block cipher mode of the encryption algorithm. The IV is not associated with the device checksum and is only used to enhance the randomness of encryption.
[0070] 3. Block Encryption Processing: The intellectual property content is divided into standard blocks of 16 bytes each (required by CBC mode). Blocks shorter than 16 bytes are padded according to PKCS7 rules. Using the pre-processed device checksum as the dynamic security key, combined with the Initialization Vector (IV), AES-256 encryption is performed on each data block sequentially to generate the corresponding encrypted block. All encrypted blocks are then concatenated in their original order to obtain the complete ciphertext of the intellectual property content. Simultaneously, the IV is appended to the header of the ciphertext (occupying a fixed 16-byte position) to provide necessary parameters for decryption.
[0071] S343 device checksum digest processing and obfuscation processing (encryption stage) To prevent the dynamic security key (device verification code) from being leaked and leading to ciphertext cracking, the device verification code is protected by a dual approach of "digest + obfuscation": 1. Digest processing: The SHA-512 hash algorithm is used to calculate the digest of the original device checksum, generating a 64-byte key digest. This digest is only used for subsequent verification and does not have the ability to reverse-engineer the original key. 2. Obfuscation: The key digest information is obfuscated using a combination of XOR obfuscation and position permutation algorithms. XOR Obfuscation: Using the first 16 bytes of the hash code generated by S341 as the XOR factor, the key digest information is divided into 16-byte segments, and each segment is XORed with the XOR factor in turn to obtain the intermediate data after XOR obfuscation. Position permutation: Using the length of the device checksum (modulo 32) as the permutation seed, random position permutation is performed on the intermediate data (64 bytes) after XOR obfuscation. The permutation rules are pre-stored in the configuration file of the encryption module to ensure that the obfuscation process can be reversed and restored. 3. Finally, a key obfuscation digest is generated (still 64 bytes). This information retains the digest characteristics of the original key while obfuscating and hiding the core information, thus improving key security.
[0072] S344 is formed by integrating ciphertext (encryption stage). According to the preset ciphertext structure specifications, the following three parts of data are integrated and encapsulated to form a single fused ciphertext: 1. Header identifier (16 bytes): Fixed padding "IPR-ENCRYPT-2024" (ASCII encoding) is used to identify the ciphertext type for easy identification during decryption; 2. Core data segment: sequentially concatenated hash code (32 bytes), key obfuscation digest information (64 bytes), and intellectual property content ciphertext (variable length, including a 16-byte header IV). 3. Tail check bit (4 bytes): Performs CRC32 check on the core data segment, generates a check value and stores it at the tail, used to verify whether data corruption has occurred during encrypted transmission or storage.
[0073] Once integrated, the fused ciphertext is stored or transmitted as a binary stream to ensure that the data is not exposed in plaintext during the transfer process.
[0074] S345 fused ciphertext structure analysis (decryption phase) After receiving the merged ciphertext, the local decryption module first performs structure parsing: 1. Header verification: Read the first 16 bytes of the ciphertext header identifier. If it is inconsistent with the preset "IPR-ENCRYPT-2024", it is determined to be illegal ciphertext, and the decryption process is terminated directly with an error message. 2. Tail check: Read the last 4 bytes of the ciphertext CRC32 check bits, and perform the same CRC32 calculation on the middle core data segment. If the two check values are inconsistent, the ciphertext is determined to be corrupted, decryption is refused, and the exception is recorded. 3. Data Separation: Separate the hash code (first 32 bytes), key obfuscation digest information (next 64 bytes), and intellectual property content ciphertext (remaining variable-length data) sequentially from the core data segment according to a fixed length. At the same time, extract the 16-byte initialization vector IV from the header of the intellectual property content ciphertext for subsequent decryption operations.
[0075] S346 Key Obfuscation Digest Reverse Processing and Verification (Decryption Stage) 1. Reverse position permutation: Using the length of the device check code (local device check code, used for preliminary matching) modulo 32 as the permutation seed, the key obfuscation digest information is subjected to reverse position permutation according to the permutation rules preset in the encryption stage, and the intermediate data after XOR obfuscation is restored. 2. Reverse XOR Obfuscation: Extract the first 16 bytes of the hash code separated by S345 as the XOR factor, perform reverse XOR operation on the intermediate data in 16-byte segments, and restore the original key digest information (64 bytes). 3. Digest Verification: Perform SHA-512 hash operation on the local device checksum (the valid checksum of the current device) to generate a local key digest, and compare it byte by byte with the restored original key digest information; if the comparison matches, the key is determined to be valid, and a valid device checksum is obtained; if the comparison does not match, it is determined to be an illegal key, decryption is terminated, and the backend is reported.
[0076] S347 Symmetrical Decryption and Restoration of Original Intellectual Property Content (Decryption Stage) 1. Key reconstruction: Following the same preprocessing rules as the encryption stage, the restored legitimate device checksum is converted into a 256-bit AES key (UTF-8 encoding + PKCS7 padding / truncation). 2. Block decryption: The encrypted intellectual property content (after removing the header 16-byte IV) is divided into 16-byte blocks. Using the reconstructed 256-bit key and the extracted IV as parameters, the AES-256-CBC algorithm is used to perform reverse decryption on each encrypted block. The last block of data after decryption is de-padded with PKCS7 to restore the original data block. 3. Content Integration: All decrypted original data blocks are assembled according to the original grouping order to obtain the complete decrypted intellectual property content.
[0077] S348 Hash Integrity Verification and Source Tracing (Decryption Phase) 1. Integrity Verification: The decrypted intellectual property content and the restored device verification code are merged (using the same concatenation rules as in encryption stage S341) to generate a new merged data stream. A new hash code is calculated using the SHA-256 algorithm. The new hash code is compared byte by byte with the original hash code separated in S345. If they match, the intellectual property content is confirmed to be unaltered and its integrity is valid. If they do not match, the data is determined to have been tampered with, the output content is rejected, and the tampering anomaly is recorded. 2. Source tracing and restoration: By linking the device verification code with the backend logs, information such as the encryption subject (authorized device), encryption time, and circulation path of the intellectual property content can be traced; combined with the hash code verification results, a complete source tracing chain of "encryption-transmission-decryption-verification" is formed to ensure that the entire data flow is traceable and accountable.
[0078] After decryption, the local device will associate the restored original intellectual property content with the device verification code and proceed to the subsequent S400 read / write software verification stage to ensure that the encryption / decryption process is seamlessly integrated with the overall security control logic.
[0079] In this embodiment, to address the risk of illegal transfer of intellectual property data that may arise after equipment and software verification failures, a dynamic security barrier is constructed along the data transfer path through cumulative statistics of failure prompts, monitoring of transfer operations, verification of the legality of the target platform, and anomaly alarm mechanisms. This further improves the full-process control of intellectual property transfer data. The specific implementation steps are as follows: Cumulative statistics of S501 verification failure messages The system deploys a dedicated failure notification accumulation module to monitor and capture the notification signals corresponding to the two types of verification failure events in real time, ensuring that no statistics are missed: 1. Failure types that trigger accumulation: Device verification failure message: This is a failure message signal generated by the backend after the device signature code in S200 fails to match the preset device verification database. It includes the failed device signature code, the query user login information, and the failure timestamp. Software verification failure message: This is a failure message signal generated by the backend when the current device in S400 does not detect a matching data read / write software tag. It includes information about the failed device, the user account of the operation, and the type of failed operation, such as attempted read / write or export. 2. Cumulative Rule: Each time a verification failure message of any of the above types is captured, the cumulative module automatically increments the value of the "Number of Messages" field bound to the corresponding login information and device identifier by 1; 3. Storage method: The number of prompts is associated with the login account, device feature code, and statistics start timestamp and stored in the backend temporary cache database in key-value pair format, with key: "user account-device feature code" and value: "number of prompts-statistic start time", to ensure that the number of failures for the same user on the same device is counted independently and without interference.
[0080] S502 Setting Duration and Threshold Judgment The cumulative module has built-in preset parameters for the set duration and quantity, which administrators can flexibly adjust through the backend configuration interface to adapt to different security management needs. 1. Set duration: The default configuration is 1 hour (3600 seconds), which can be adjusted to 30 minutes, 2 hours, etc. according to business scenarios. The statistical period starts from the first verification failure and automatically resets after the timeout. 2. Set the number: The default setting is 3 times, which can be adjusted to 2-5 times, serving as a threshold for determining whether there is a risk of abnormal circulation; 3. Threshold judgment logic: The cumulative module compares the current number of prompts with the set number in real time, and checks whether the statistical duration has not exceeded the set duration. If "the number of prompts > the set number" and "the current time - the statistical start time ≤ the set duration", the subsequent flow operation monitoring process is triggered. If either condition is not met, the current cumulative status is maintained until the statistical duration expires or the number of prompts reaches the target.
[0081] S503 Flow Operation Capture and Target Address Acquisition When the threshold judgment condition is met, the system automatically starts the operation monitoring module to comprehensively capture the intellectual property content transfer operations associated with the login information on the current device: 1. Operation monitoring scope: By calling the device's underlying system API and deploying application-layer hook functions, it intercepts operations such as clipboard copying, file drag-and-drop copying, data export and forwarding, and network transmission forwarding in real time, covering local and cross-device / cross-platform workflow scenarios; 2. Target Address Extraction: Extract the corresponding target address information for different flow operation types, specifically including: Network forwarding operations (such as email sending, instant messaging transmission, cloud drive upload): Extracting target IP address, target domain name, recipient account ID, etc.; Local copy / external device transfer (e.g., copying to USB flash drive, external hard drive): Extract the storage device's unique identifier, local file path, and external device mount address; Cross-platform forwarding (such as uploading to a third-party intellectual property trading platform): Extract the target platform's interface address and platform identification code; 3. Address formatting: Convert the extracted target addresses into a standardized format (e.g., convert IP addresses to IPv4 / IPv6 standard format, remove redundant characters from prefixes and suffixes of domain names, and unify file paths to absolute paths) to ensure the accuracy of subsequent matching.
[0082] S504 Target Platform Legality Matching and Anomaly Alarm 1. Address Database Matching: The standardized target addresses are matched against a pre-defined address database using multiple dimensions. This database is a whitelist of legally registered target platforms, storing information such as IP address ranges, official domain names, interface address prefixes, external device authorization identifiers, and platform registration numbers. The matching process employs a combination of precise matching and fuzzy matching strategies. Precise matching: Performs a complete match comparison based on unique identifiers such as IP address and ICP filing number; Fuzzy matching: For domain names and API addresses, matching is performed using both prefix and suffix. For example, domain names ending in ".ipr-legal.com" are considered valid. The similarity threshold is set to 95%. 2. Matching result processing: If a match is successful, the target platform is determined to be a legitimate and authorized platform, and normal operation is allowed. At the same time, the operation record (including target address, matching result, and operation time) is uploaded to the backend log database. If a match fails (no corresponding record or similarity is below the threshold), it is determined to be an abnormal flow path and a multi-level alarm mechanism is immediately triggered: Backend Alarms: Push real-time alert information to the administrator console, including the user account of the user, device identifier, target address, abnormal time, and failed matching items; Front-end notification: Display an abnormal flow warning box to the current device, informing the user that the operation has been blocked, and the notification content includes the reason for the violation and instructions for compliant operation; Log archiving: All information on abnormal events (including cumulative failure records, operation capture details, matching logs, and alarm times) is encrypted and stored in the backend audit database and retained for more than 90 days for traceability and verification; 3. Alarm suppression mechanism: Abnormal flow operations by the same user on the same device targeting the same target address will only trigger one alarm within 10 minutes to avoid repeated alarm interference.
[0083] S505 prompts quantity initialization After completing the target platform matching and alarm process, or when the statistical duration exceeds the set duration, the accumulation module automatically performs the prompt quantity initialization operation: the prompt quantity field value corresponding to "user account-device feature code" is reset to 0, and the statistical start timestamp is updated to the time when the next verification failure occurs, ensuring that the next round of statistical cycle starts accurately and realizing the cyclical control of the number of failures.
[0084] This process uses a closed-loop logic of "failure accumulation - risk triggering - operation capture - legality verification - anomaly alarm" to accurately identify illegal transfer behavior, provide proactive protection for the transfer path of intellectual property data, complement the aforementioned verification and encryption mechanisms, and further enhance the comprehensiveness of data security management.
[0085] In this embodiment, for risk scenarios such as high-frequency batch access and malicious crawling that illegally steal intellectual property data, a security barrier is constructed at the access behavior level by real-time monitoring of the access behavior characteristics (access frequency, amount of data processed) of logged-in users, combined with dual preset thresholds for anomaly detection and alarm. The specific implementation steps are as follows: S601 access behavior data is collected in real time. The system deploys an access behavior monitoring module, which is bound to the user login session. Within a preset time period, it collects access behavior data that uniquely corresponds to the login information in real time, ensuring the accuracy and relevance of the data collection. 1. Data collection target: Only valid login information that has passed login verification (S100) is collected, and all access operation data of the user under the current login session are collected. Invalid accesses in the state of not logging in or failing to log in are not counted. 2. Data collection dimensions: Access frequency related data: number of valid access requests initiated per unit time (excluding duplicate requests, timeout requests, and malformed requests), and time interval between two adjacent access requests; Data related to the amount of data to be processed: the number of bytes of intellectual property data involved in each access operation (including text, metadata, attachment indexes and other valid data, excluding redundant data from the transmission protocol), and the number of intellectual property records corresponding to a single access request; 3. Data collection method: Data is collected synchronously through three methods: interface request interception, database query log parsing, and application layer operation tracking, ensuring no data is missed. The collected data is uploaded to the backend time-series database in real time and stored in association according to the dimensions of "login account-timestamp-access request ID", supporting data traceability and verification.
[0086] S602 Preset Parameter Configuration and Definition The backend configuration module has two types of core parameters preset, which administrators can flexibly adjust according to business scenarios (such as daily queries, batch export authorization, and access to high-value data). After parameter configuration, the parameters are synchronized to the access behavior monitoring module in real time. 1. Set duration: The default configuration is 30 minutes (1800 seconds), which can be adjusted from 10 minutes to 2 hours. It is used to define the time window for access behavior statistics. The statistical period starts from the first valid access request of the current login session. 2. Frequency setting: The default setting is 60 times / 30 minutes (i.e., 2 times / minute), which is defined as the maximum number of valid access requests allowed within the set duration. If the number of requests exceeds this threshold, it is considered an abnormal access frequency. 3. Set data volume: The default configuration is 100MB / 30 minutes, which is defined as the maximum allowed data volume threshold within the set duration. Exceeding this threshold will be considered as abnormal data volume. 4. Parameter association rules: The set frequency and set data volume are logically associated with "AND". An alarm is triggered only when both exceed the threshold at the same time, avoiding misjudgment caused by single-dimensional anomalies.
[0087] S603 Access Behavior Data Calculation and Threshold Comparison The access behavior analysis module periodically (every 5 seconds) extracts the collected data corresponding to the current login information from the time-series database, performs data calculations, and compares the data with thresholds. 1. Access frequency calculation: The actual access frequency is calculated according to the formula "Access frequency = Total number of valid access requests within the set duration ÷ Set duration (unit: times / second)" and the peak access frequency (maximum number of accesses per unit time within the set duration) is also calculated. 2. Calculation of operation data volume: Accumulate the number of bytes of intellectual property data corresponding to all valid access operations within the set time period to obtain the total amount of actual operation data, and record the maximum amount of operation data in a single operation. 3. Dual threshold comparison: The calculated actual access frequency is compared with the preset frequency, and the actual total amount of operation data is compared with the preset data amount. If the actual access frequency is greater than the preset frequency and the actual total amount of operation data is greater than the preset data amount, the access data is determined to be abnormal and the subsequent alarm process is triggered. If neither condition is met, the normal access status is maintained and real-time monitoring continues.
[0088] S604 Data Access Anomaly Alarm and Operation Control When abnormal data access is detected, the system immediately activates a multi-level alarm and operation control mechanism, taking into account both risk warning and compliance: 1. Real-time alarm triggering: Backend Alarms: Push pop-up alerts and email notifications to the administrator console. Alarm information includes abnormal login account, login IP address, device signature, set duration, actual access frequency, actual operation data volume, and abnormal start time. Administrators can view and intervene in real time. Log archiving: All data on abnormal access behavior (including raw data collection, calculation process, threshold comparison results, and alarm time) are encrypted and stored in the backend security audit database for 180 days as the basis for accountability for violations and security auditing. 2. Optional operation control (supports configuration to enable / disable): Access rate limiting: Rate limiting is applied to access requests corresponding to the current login information, restricting the number of subsequent access requests per unit time (e.g., reducing them to 50% of the set frequency). Temporary freeze: If this abnormal alarm is triggered 3 times in a row, the access permissions of the currently logged-in account will be automatically temporarily frozen (the freeze duration is 24 hours by default, but can be configured), and will be unlocked after administrator approval; 3. Front-end notification: Display an abnormal access notification box on the front-end interface of the current device, informing the user that their access behavior has triggered a security warning. The notification content includes the basis for the abnormal judgment, compliant access guidelines, and appeal channels.
[0089] This process quantifies access behavior characteristics and sets dual protection thresholds to achieve accurate identification and rapid response to violations such as high-frequency batch access and malicious crawling. It works in conjunction with the aforementioned verification and encryption mechanisms to improve the intellectual property data security management system from multiple dimensions, including "legitimacy of the accessing entity," "security of data content," and "compliance of access behavior."
[0090] In this embodiment, to address the rigidity of fixed threshold control, the access behavior characteristics (access frequency, amount of data processed) of logged-in users are analyzed in real time, and the judgment threshold for verification failure prompts (i.e., the "set quantity" in S501 above) is dynamically adjusted. This achieves a precise match between security control standards and the degree of access risk, improving the flexibility and targeting of abnormal behavior identification. The specific implementation steps are as follows: S701 Access Behavior Data Collection and Basic Threshold Determination 1. Data Acquisition: The access behavior monitoring module of S601 is used. Within the preset set time period (consistent with the set time period in S502 and S602, the default is 30 minutes, and unified configuration is supported), access behavior data uniquely bound to login information is collected in real time, including the total number of valid access requests (used to calculate access frequency) and the total number of bytes of operation data (used to calculate operation data volume). The collection method and data storage specifications are the same as S601 to ensure data consistency. 2. Basic Parameter Configuration: The backend configuration module presets two sets of basic threshold parameters, which are configured in association with "Set Frequency" and "Set Data Volume," and satisfy the constraints of "Basic Frequency < Set Frequency" and "Basic Data Volume < Set Data Volume." Base frequency: The default configuration is 50% of the set frequency. For example, if the set frequency is 60 times / 30 minutes, the base frequency is 30 times / 30 minutes. The adjustable range is 30%-70% of the set frequency, which serves as the minimum access frequency standard for triggering threshold adjustment. Basic data volume: The default configuration is 50% of the set data volume. For example, if the set data volume is 100MB / 30 minutes, the basic data volume is 50MB / 30 minutes. The adjustable range is 30%-70% of the set data volume, which serves as the minimum operating data volume standard for triggering threshold adjustment. 3. Threshold Determination Logic: The access behavior analysis module calculates the actual access frequency (actual access frequency = total number of valid access requests ÷ set duration) and the actual operation data volume (i.e., the total number of bytes of operation data collected), and compares them with the base frequency and base data volume respectively. If both "actual access frequency > base frequency" and "actual operation data volume > base data volume" are satisfied, it is determined that the current access behavior has potential risks, and the threshold adjustment process is triggered. If neither condition is satisfied, the original set quantity remains unchanged, and no adjustment operation is performed.
[0091] S702 Frequency Ratio to Data Volume Ratio Calculation Once the threshold adjustment process is triggered, the access behavior analysis module calculates the two ratio parameters according to the following rules to quantify the degree of abnormality in access behavior: 1. Frequency ratio calculation: Calculate using the formula "Frequency ratio = Actual access frequency ÷ Base frequency", round the result to two decimal places, and when the frequency ratio is greater than 5.0, use 5.0 (to avoid extreme outliers that may lead to over-adjustment); for example, if the actual access frequency is 45 times / 30 minutes and the base frequency is 30 times / 30 minutes, then the frequency ratio = 45 ÷ 30 = 1.50; 2. Data volume ratio calculation: Calculate using the formula "Data volume ratio = Actual operation data volume ÷ Basic data volume", round the result to two decimal places, and set an upper limit threshold of 5.0. Any amount exceeding this threshold will be counted as 5.0. For example, if the actual operation data volume is 75MB / 30 minutes and the basic data volume is 50MB / 30 minutes, then the data volume ratio = 75 ÷ 50 = 1.50. 3. Ratio verification: After the calculation is completed, the validity of the two ratios is verified (excluding abnormal results such as 0 or infinity). If an invalid ratio is found, it is determined that the data acquisition is abnormal, and no adjustment is performed. The original set quantity is maintained, and the abnormality log is recorded.
[0092] S703 Adjustment Value Calculation A weighted summation algorithm is used to calculate a comprehensive adjustment value by combining the frequency ratio and the data volume ratio, thereby quantifying the overall access risk level. The specific rules are as follows: 1. Weight Configuration: The preset frequency ratio weight W1 and data volume ratio weight W2 are configured with W1=0.5 and W2=0.5 by default. Administrators can adjust them according to business priorities. For example, if more attention is paid to the risk of batch downloads, W2=0.6 and W1=0.4 can be set, and W1+W2=1 must be satisfied. 2. Calculation formula: Adjustment value = (frequency ratio × W1) + (data volume ratio × W2), the result is rounded to two decimal places; for example, if the frequency ratio = 1.50, the data volume ratio = 1.50, and the weights are both 0.5, then the adjustment value = (1.50 × 0.5) + (1.50 × 0.5) = 1.50; 3. Adjustment value constraint: Set the effective range of adjustment value to 1.0≤adjustment value≤5.0. If the calculation result is <1.0, it is counted as 1.0 (i.e. no adjustment), and >5.0, it is counted as 5.0 (to avoid over-adjustment).
[0093] S704 Setting Quantity Inverse Proportional Adjustment Based on the adjustment value, the original set quantity (i.e., the preset threshold for verification failure prompts in S502, defaulting to 3 times) is adjusted inversely. The core logic is "the higher the access risk (the larger the adjustment value), the smaller the set quantity (the lower the tolerance for verification failure)". The specific steps are as follows: 1. Adjustment Formula: New setting quantity = Original setting quantity ÷ Adjustment value, round up (ensure the setting quantity is a positive integer); for example, if the original setting quantity = 3 times and the adjustment value = 1.50, then the new setting quantity = 3 ÷ 1.50 = 2 times; if the adjustment value = 2.0, then the new setting quantity = 3 ÷ 2.0 = 2 times (rounded up); if the adjustment value = 1.0, then the new setting quantity = 3 ÷ 1.0 = 3 times (no adjustment). 2. Adjustment lower limit constraint: To avoid false alarms caused by setting the quantity too low, the preset adjustment lower limit is 1 time, that is, no matter how large the adjustment value is, the new setting quantity will not be less than 1 time; for example, if the original setting quantity = 3 times and the adjustment value = 5.0, then the new setting quantity = 3 ÷ 5.0 = 1 time (after rounding up, the lower limit is met). 3. Threshold synchronization: The adjusted new setting quantity is synchronized to the failure prompt accumulation module of S501 in real time, replacing the original setting quantity, and used as the judgment standard for the cumulative verification failure prompt within the current setting time. 4. Timeliness rule: The newly set quantity is only valid within the current set duration. When the set duration ends and the quantity is initialized (S505), it will automatically revert to the original set quantity to ensure that the control standard returns to the benchmark in the next statistical cycle.
[0094] S705 Adjustment Log Recording and Retrospection After the adjustment process is completed, the system automatically generates a threshold adjustment log and stores it in the backend audit database. The log content includes: login account, device feature code, set duration, original access behavior data (actual access frequency, actual operation data volume), basic threshold parameters, frequency ratio, data volume ratio, adjustment value, original set quantity, new set quantity, and adjustment timestamp. The log is retained for 90 days, allowing administrators to trace the adjustment process, verify the rationality of the adjustment logic, and provide data support for subsequent parameter optimization.
[0095] This sub-process dynamically links access behavior risks with verification failure tolerance, achieving "flexible adaptation" in security control. It avoids excessive restrictions on normal high-frequency access (such as authorized batch queries) with fixed thresholds, while tightening control standards for potentially risky access (such as high-frequency / large-volume operations approaching abnormal thresholds). It works in synergy with the aforementioned verification failure cumulative alarm and abnormal access monitoring processes to further improve the refinement and intelligence of intellectual property transfer data security control.
[0096] This application also discloses a feature processing system for intellectual property transfer data, including a processor, wherein the processor performs the steps of the feature processing method for intellectual property transfer data as described in any of the above embodiments.
[0097] This application also discloses a storage medium storing a program, which, when executed by a processor, implements the steps of the feature processing method for intellectual property transfer data described in any of the above embodiments.
[0098] Although embodiments of this application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting this application. Those skilled in the art can make changes, modifications, substitutions and variations to the above embodiments within the scope of this application.
Claims
1. A method for feature processing of intellectual property transfer data, characterized in that, Includes the following steps: Login verification is performed based on the input login information. If the verification is successful, the operation permissions corresponding to the login information are retrieved from the preset permission database; otherwise, a login failure message is displayed. Based on operation permissions, the system retrieves the query content and the device feature code of the current device. According to the query content, the system extracts the corresponding intellectual property content from the preset information database. The system matches the device feature code with the preset device verification database, which stores device verification codes, each of which corresponds to a data read / write software marker. If the match is successful, the system outputs the device verification code corresponding to the device feature code. Otherwise, the system displays a device verification failure message and sends it to the backend for storage. The intellectual property content and the device verification code are encrypted to obtain encrypted data. The encrypted data and the device verification code are packaged into return data and sent to the current device. After the current device receives the return data, it extracts the device verification code and encrypted data from it. It decrypts the encrypted data according to the device verification code to obtain the intellectual property content, and also extracts the data read / write software mark from the device verification code. If the device currently has read / write software installed that corresponds to the data read / write software tag, then the data read / write software tag is invoked to read / write intellectual property content, generate read / write logs, and send the read / write logs to the backend for storage; otherwise, a software verification failure message is displayed and sent to the backend for storage.
2. The feature processing method for intellectual property transfer data according to claim 1, characterized in that, The step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: Extract the application number from the query content. If an application number is extracted, the number of application numbers is obtained as the number of numbers. If the number of numbers is greater than one, the longest or largest application number is taken as the verification number. Otherwise, the application number is used as the verification number. The existence of the verification number is verified based on the information database. If the existence verification passes, the intellectual property content is updated and encrypted according to the verification number, and the new intellectual property content is obtained by encrypting the verification number and the intellectual property content. The reverse process of updating the number and encrypting it is stored in the intellectual property content; The current equipment extracts the reverse process from the new intellectual property content, and restores the original intellectual property content before encryption by numbering and updating it based on the reverse process.
3. The feature processing method for intellectual property transfer data according to claim 1, characterized in that, The step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: Extract the application number information from the query content or intellectual property content. If the application number information is extracted, obtain the type number from the application number. Existence verification of type numbers is performed based on an information database; If the existence verification passes, the intellectual property content is encrypted by offsetting the type number, and the new intellectual property content is obtained by offsetting the encoding of the intellectual property content using the type number. The reverse process of encrypting the number offset is stored in the intellectual property content; The current equipment extracts the reverse process from the new intellectual property content and restores the intellectual property content before the number offset encryption based on the reverse process.
4. The feature processing method for intellectual property transfer data according to claim 1, characterized in that, The step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: If the application number and application number information are not extracted, the classification number information is extracted based on the query content or intellectual property content. If the classification number information is not mentioned, the corresponding classification number information is matched from the preset classification recognition database. The classification number value is calculated based on the classification number information. The intellectual property content is then encrypted by type offset based on the classification number value. The new intellectual property content is obtained by offsetting the encoding of the intellectual property content using the classification number value. The process of calculating the classification number and the reverse process of encrypting the type offset are stored in the intellectual property content; The current equipment extracts the reverse process from the new intellectual property content and restores the intellectual property content before type offset encryption based on the reverse process.
5. The feature processing method for intellectual property transfer data according to claim 1, characterized in that, The step of encrypting the intellectual property content and the device verification code to obtain encrypted data includes the following sub-steps: Encryption algorithm steps: A hash code is generated by performing a hash operation based on the intellectual property content and the device verification code. A symmetric encryption mechanism is used, with the device verification code as a dynamic security key, to encrypt the intellectual property content, resulting in ciphertext of the intellectual property content. The device verification code, which serves as the dynamic security key, is sequentially digested and obfuscated to obtain key obfuscated digest information. The key obfuscation digest information is bound and stored with the ciphertext of intellectual property content, and then combined with the aforementioned hash code to form a single fused ciphertext; Decryption algorithm steps: The structure of a single fused ciphertext is parsed to separate the hash code, key obfuscation digest information, and intellectual property content ciphertext. The key obfuscation digest information is reverse obfuscated and the digest is verified to restore the valid device verification code; The same symmetric encryption algorithm as the encryption stage is used, and the device verification code obtained from the reconstruction is used as the key to decrypt the ciphertext of the intellectual property content and restore the original intellectual property content. The integrity of the decrypted intellectual property content is verified by combining the hash code with the device verification code, thus completing the data tracing and restoration of the original content.
6. The feature processing method for intellectual property transfer data according to claim 1, characterized in that, The method also includes the following steps: Based on the cumulative number of device verification failure prompts and software verification failure prompts; If the number of prompts exceeds the preset limit within a preset time period, the system will retrieve login information from the current device for forwarding or copying intellectual property content, and obtain the target address corresponding to the forwarding or copying operation. Based on the target address, the system will match the corresponding target platform from the preset address database. If the match fails, an alarm for abnormal data paths will be triggered. Initialize the number of prompts.
7. The feature processing method for intellectual property transfer data according to claim 6, characterized in that, The method also includes the following steps: Within a set time period, the system retrieves the access frequency and operation data volume corresponding to the login information. If the access frequency exceeds the preset set frequency and the operation data volume exceeds the preset set data volume, an access data anomaly alarm is triggered.
8. The feature processing method for intellectual property transfer data according to claim 7, characterized in that, The method also includes the following steps: Within a set time period, obtain the access frequency and operation data volume corresponding to the login information. If the access frequency is greater than the preset base frequency and the operation data volume is greater than the preset base data volume, calculate the ratio of the access frequency to the base frequency as the frequency ratio, and calculate the ratio of the operation data volume to the base quantity as the data volume ratio. The adjustment value is calculated based on the frequency ratio and the data volume ratio, and the set quantity is adjusted inversely proportionally based on the adjustment value. Among them, the base frequency is less than the set frequency, and the base data volume is less than the set data volume.
9. A feature processing system for intellectual property transfer data, characterized in that, The processor includes a step of performing the feature processing method for intellectual property transfer data as described in any one of claims 1-8.
10. A storage medium, characterized in that, The storage medium stores a program, which, when executed by a processor, implements the steps of the feature processing method for intellectual property transfer data as described in any one of claims 1-8.