Enterprise data security flow control method and system based on data credibility evolution

By introducing data credibility parameters and flow behavior records into the enterprise data collaboration system, and dynamically adjusting the permission status, the problem of insufficient risk assessment in the data propagation process is solved, a balance between data security and sharing efficiency is achieved, and the security and rationality of access control are improved.

CN122394926APending Publication Date: 2026-07-14

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Filing Date
2026-05-06
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In existing enterprise data collaboration systems, data access permissions are fixed and lack the ability to dynamically assess the risks in the data transmission process. It is difficult to strike a balance between data sharing efficiency and security, and there is a lack of comprehensive control capabilities when multiple users collaborate on editing.

Method used

By constructing a data encapsulation structure, introducing data credibility parameters, recursively updating based on flow behavior records, dynamically adjusting permission status, and combining propagation topology features and collaborative task status for access control, adaptive permission management and risk assessment are achieved.

Benefits of technology

It enables dynamic evolution control of data security status, improves security during data transmission and refines access control in collaborative office scenarios, and ensures a balance between data sharing efficiency and security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394926A_ABST
    Figure CN122394926A_ABST
Patent Text Reader

Abstract

The application relates to the technical field of data security, in particular to an enterprise data security flow control method and system based on data credibility evolution, which receives a business data object generated by an enterprise terminal node, carries out security encapsulation processing, constructs a data encapsulation structure containing a permission state vector, a data credibility parameter and a flow record information field, collects flow behavior information when data is accessed or transmitted and writes the flow behavior information into a flow record, constructs a data propagation topology structure according to historical flow records, extracts a propagation branch number, a propagation level depth and a cross-domain propagation number as topology characteristic parameters, combines a current behavior with a last state credibility to perform recursive updating, and obtains a current credibility parameter. The application realizes dynamic quantification of data security risks and adaptive tightening of permissions, effectively prevents data abuse by combining semantic verification, and improves the security and compliance of data flow in an enterprise collaborative office environment.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data security technology, specifically to a method and system for controlling the secure flow of enterprise data based on the evolution of data credibility. Background Technology

[0002] With the continuous development of enterprise information systems, a large amount of business data needs to be transmitted and shared between different terminal devices, servers, and network nodes to support collaborative work and business processing within the enterprise. Existing enterprise data collaboration systems typically achieve data storage, sharing, and multi-user access through network platforms, and introduce edge computing nodes in some application scenarios to reduce network latency and server load caused by centralized data processing. In such systems, data needs to flow frequently between multiple nodes. Therefore, how to achieve effective data access control while ensuring data sharing efficiency has become a crucial technical issue in enterprise data collaboration systems.

[0003] In existing technologies, enterprise data access control is typically managed based on user identity or role permissions. This means that after a user gains access to a specific data object, the system allows them to perform operations such as reading, editing, or forwarding according to preset permission levels. However, this type of access control usually employs a static authorization mechanism, where data access permissions remain fixed after authorization, lacking the ability to dynamically adjust for data flow. When data propagates across multiple nodes, access risks may increase as the propagation scope expands, but existing systems typically maintain the original permission levels, making it difficult to effectively control the security risks arising during data propagation.

[0004] Furthermore, in enterprise collaborative work environments, the same data object often needs to be edited or processed by multiple end users. Existing collaborative systems typically handle multi-user collaborative editing issues through version management or edit lock mechanisms, but these mechanisms mostly only address issues after editing conflicts occur, lacking the ability to comprehensively control the data access phase by combining the data propagation status and the collaborative task status.

[0005] Therefore, existing technologies still have shortcomings in dynamic data security control and collaborative access management, making it difficult to achieve an effective balance between data sharing efficiency and data security. Summary of the Invention

[0006] This application provides a method and system for enterprise data security flow control based on the evolution of data credibility. It can effectively solve the technical problems in the prior art, such as fixed data access permissions, lack of dynamic risk assessment capability in the data transmission process, and difficulty in comprehensive control in collaborative office scenarios by combining task status. It improves the security of data flow process and the level of access control refinement in collaborative office scenarios, and achieves an effective balance between data sharing efficiency and data security. It can effectively solve the problems in the background technology.

[0007] To achieve the above objectives, this application provides the following technical solution: a method for controlling the secure flow of enterprise data based on the evolution of data credibility, comprising the following steps:

[0008] S10: Receive the business data object generated by the enterprise terminal node, perform secure encapsulation processing on the business data object, construct a data encapsulation structure containing data subject information, permission status vector, data credibility parameter, flow record information field and data source identification information, and initialize the data credibility parameter and permission status vector, wherein the permission status vector includes at least the access level parameter, the remaining flow count parameter and the access validity time parameter;

[0009] S20: When the data encapsulation structure accesses or transmits data between enterprise network nodes, it collects the corresponding data flow behavior information and generates a flow behavior record. The data flow behavior information includes at least access operation type information, access time information, and target node identification information. The flow behavior record is then written into the flow record information field.

[0010] S30: Based on the historical flow behavior records in the flow record information field, extract the historical access node sequence of the business data object, construct the data propagation topology, and identify the number of propagation branches, the depth of propagation level, and the number of cross-domain propagation as topology feature parameters;

[0011] Based on the topological feature parameters, current data flow behavior information, and data credibility parameters of the previous state, a recursive update process is performed on the data credibility parameters. Different access operation types correspond to different credibility adjustment directions. The length of the historical access node sequence and the propagation level depth are used to enhance the cumulative impact. The number of propagation branches and the number of cross-domain propagation times are used to apply additional attenuation constraints. The cumulative impact and the attenuation constraints work together on the data credibility parameters according to a preset combination rule to obtain the data credibility parameters of the current state. The cumulative impact is applied to the data credibility parameters in a multiplicative form, and the attenuation constraints are applied to the data credibility parameters in a subtractive form.

[0012] S40: Based on the updated data credibility parameters, map them to a preset credibility range, and perform adaptive adjustment on the permission status vector according to the credibility range, including adjusting the access level parameter for permission level, performing a decreasing update on the remaining number of transfers parameter, and dynamically shortening the access validity time parameter.

[0013] S50: When the target node requests access to the business data object, the current data credibility parameter and permission status vector in the data encapsulation structure are obtained, and the collaborative task status information corresponding to the business data object is obtained. An access judgment parameter set is constructed based on the data credibility parameter, permission status vector and collaborative task status information. Access control judgment processing is performed according to the access judgment parameter set to generate a data access control result of allowing access, downgrading access or denying access. The permission status vector is updated according to the access control result, and the access control result is written to the flow record information field.

[0014] S60: Extract the data propagation topology structure based on the historical access node sequence of the business data object from the flow record information field, and generate a data propagation risk level; when the access control result is allowed access, extract the task semantic information of the target node's current task, and perform semantic matching verification between the task semantic information and the business attribute information of the business data object; when the semantic matching result does not meet the preset semantic association conditions, perform permission restriction or access blocking processing on the business data object.

[0015] Furthermore, the step of constructing the data encapsulation structure in step S10 includes:

[0016] S101: Generate a unique data source identifier for the business data object and record the original terminal node identifier information that generated the business data object;

[0017] S102: Call the preset node identity authentication module to authenticate the original terminal node and generate a node trustworthiness identifier;

[0018] S103: Write the data source identifier, the original terminal node identifier information, and the node trustworthiness identifier into the data source identifier information field of the data encapsulation structure.

[0019] Furthermore, step S20, which involves collecting data flow behavior information and generating structured flow behavior records, includes:

[0020] S201: Collect information on the access operation type, access time, and target node identification during the data access or data transmission process;

[0021] S202: Call the preset node security level rule base to obtain the node security level information of the target node;

[0022] S203: Combine the access operation type information, access time information, target node identification information, and node security level information to generate a structured flow behavior record unit, and write it into the flow record information field of the data encapsulation structure.

[0023] Furthermore, step S30, which involves performing a recursive update process on the data confidence parameter, includes:

[0024] S301: Read the credibility parameter of the previous state data in the data encapsulation structure;

[0025] S302: Call the preset access risk rule base and generate a corresponding access risk level based on the access operation type information;

[0026] S303: Combining the access risk level, the node security level information of the target node, the topology feature parameters, and the current data flow behavior information, the data credibility parameter of the previous state is recursively updated.

[0027] Furthermore, the step of adaptively adjusting the permission state vector in step S40 includes:

[0028] S401: Determine the corresponding preset confidence interval based on the updated data confidence parameter;

[0029] S402: When the data credibility parameter is lower than a preset threshold, perform permission downgrade processing on the access level parameter in the permission status vector;

[0030] S403: Perform a decrement update process on the remaining number of transfers parameter in the permission status vector, and dynamically shorten the access validity time parameter according to the data credibility parameter.

[0031] Furthermore, step S60, which generates a data propagation risk level, includes:

[0032] S611: Extract the historical access node sequence of the business data object based on the flow record information field;

[0033] S612: Construct a data propagation topology based on the historical access node sequence;

[0034] S613: Identify the number of propagation branches, the depth of propagation levels, and the number of cross-domain propagations in the data propagation topology, and generate a data propagation risk level based on the identification results.

[0035] Furthermore, the step of performing semantic matching verification in step S60 is as follows:

[0036] S621: Extract the task semantic information of the currently executing task of the target node, as well as the business attribute information of the business data object;

[0037] S622: Call the preset semantic matching rule library to perform semantic association analysis on the task semantic information and the business attribute information;

[0038] S623: When the semantic matching result is lower than the preset semantic association threshold, the business data object is subjected to access blocking or permission downgrade processing.

[0039] An enterprise data security flow control system based on the evolution of data credibility includes:

[0040] The data encapsulation module is used to receive business data objects generated by enterprise terminal nodes, perform secure encapsulation processing on the business data objects, construct a data encapsulation structure containing fields such as data subject information, data source identification information, permission status vector, data credibility parameter and flow record information, and initialize the data credibility parameter and permission status vector. The permission status vector includes at least access level parameter, remaining flow count parameter and access validity time parameter.

[0041] The data credibility update module is used to extract the historical access node sequence of the business data object based on the historical flow behavior records in the flow record information field, construct the data propagation topology, and identify the number of propagation branches, the depth of propagation level, and the number of cross-domain propagation as topology feature parameters; based on the topology feature parameters, the current data flow behavior information, and the data credibility parameters of the previous state, the module performs a recursive update process on the data credibility parameters, wherein different access operation types correspond to different credibility adjustment directions, the length of the historical access node sequence and the depth of propagation level are used to enhance the cumulative impact, and the number of propagation branches and the number of cross-domain propagation are used to apply additional attenuation constraints to obtain the data credibility parameters of the current state;

[0042] The permission status adjustment module is used to map the updated data credibility parameters to a preset credibility range, and to perform adaptive adjustment of the permission status vector according to the credibility range, including adjusting the access level parameter for permission level, performing a decreasing update on the remaining number of transfers parameter, and dynamically shortening the access validity time parameter.

[0043] The access control determination module is used to, when a target node requests access to the business data object, obtain the current data credibility parameter and permission status vector in the data encapsulation structure, and simultaneously obtain the collaborative task status information corresponding to the business data object; construct an access determination parameter set based on the data credibility parameter, permission status vector, and collaborative task status information; perform access control determination processing according to the access determination parameter set, generate a data access control result of allowing access, downgrading access, or denying access, update the permission status vector according to the access control result, and write the access control result into the flow record information field;

[0044] The propagation path analysis module is used to extract the historical access node sequence of the business data object based on the flow record information field to construct the data propagation topology and generate the data propagation risk level.

[0045] The task semantic verification module is used to extract the task semantic information of the currently executing task of the target node when the access control result is allowed, and to perform semantic matching verification between the task semantic information and the business attribute information of the business data object. When the semantic matching result does not meet the preset semantic association conditions, the module performs permission restriction or access blocking processing on the business data object.

[0046] Each module works collaboratively by calling program instructions in the memory through the processor to implement the enterprise data security flow control method based on data credibility evolution as described in any one of claims 1-7.

[0047] Furthermore, the propagation path analysis module includes:

[0048] The node path construction unit is used to extract the historical access node sequence of business data objects based on the flow record information field and construct the data propagation topology.

[0049] A propagation hierarchy statistics unit is used to identify the number of propagation branches and the depth of propagation hierarchy in the data propagation topology.

[0050] The risk level generation unit is used to generate a data propagation risk level based on the identification results and output risk control parameters to the access control determination module.

[0051] Compared with the prior art, the beneficial effects of this application are:

[0052] 1. Achieving dynamic evolution control of data security status. This application introduces a data credibility parameter into the data encapsulation structure and recursively updates this parameter based on historical behavior records and current access behavior during data flow, enabling the data security status to dynamically change as the data propagates. Compared to existing static authorization mechanisms, this approach can automatically reduce data credibility when the data propagation scope expands or the propagation path becomes more complex, thereby achieving dynamic security control throughout the entire data lifecycle and improving the real-time performance and adaptability of data security management.

[0053] 2. Improved Assessment Accuracy Through Multidimensional Risk Quantification Based on Propagation Topology. This application constructs a data propagation topology structure and extracts topological characteristic parameters such as the number of propagation branches, the depth of propagation levels, and the number of cross-domain propagations. Combined with historical flow behavior, it quantitatively models data propagation risks, achieving a comprehensive assessment of the breadth and depth of data propagation. Compared to risk assessment methods based solely on single access behaviors, this application can more accurately reflect the security risks of data in complex propagation environments, thereby improving the reliability of risk assessment.

[0054] 3. Implement a trustworthiness-driven adaptive permission adjustment mechanism. This application adjusts permission elements such as access level, number of transfers, and access validity time in a linked manner based on changes in data trustworthiness parameters, so that access permissions are dynamically tightened according to the data security status. By constructing an adaptive mapping relationship between "trustworthiness" and "permissions," the problem of permissions not converging synchronously when data risks increase is effectively avoided, thereby improving the security and rationality of access control.

[0055] 4. Enhance data security by integrating business semantics into access control. This application introduces collaborative task status information and semantic matching verification mechanisms into the access control process. Beyond allowing access, it further constrains data usage scenarios, implementing permission restrictions or blocking access when semantic matching fails to meet preset conditions. This mechanism adds semantic-level verification capabilities to traditional access control, effectively preventing data misuse in scenarios inconsistent with the business context and improving the security and compliance of data usage. Attached Figure Description

[0056] Figure 1 This is a schematic diagram of the method flow of this application.

[0057] Figure 2 This is a block diagram of the system operation in this application. Detailed Implementation

[0058] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0059] Please see Figure 1-2 This application provides the following technical solutions:

[0060] Example 1:

[0061] This embodiment provides an enterprise data security flow control method based on data credibility evolution, specifically including the following steps S10 to S60.

[0062] S10: Data security encapsulation and initialization.

[0063] Receive business data objects generated by enterprise terminal nodes (such as edge computing gateways and smart mobile terminals), such as a financial budget or customer information list. Securely encapsulate this business data object, constructing a data encapsulation structure that includes at least the following fields: data subject information, data source identifier information, permission status vector, data trustworthiness parameters, and flow record information fields.

[0064] S101: Generate a data source identifier. Generate a unique data source identifier (e.g., a 128-bit identifier in UUID v4 format) for the business data object, and record the original terminal node identifier information (such as node IP address, device fingerprint, or enterprise-assigned node ID) that generated the business data object.

[0065] S102: Node identity authentication and trustworthiness identification. The preset node identity authentication module is invoked to authenticate the original terminal node. This authentication module can use authentication methods based on digital certificates or pre-shared keys. After successful authentication, a node trustworthiness identification is generated (for example, the node is divided into three levels: "trusted node", "ordinary node" and "untrusted node", or quantified into a trustworthiness score of 0-100).

[0066] S103: Write the data source identifier field. Write the aforementioned data source identifier, original terminal node identifier, and node trustworthiness identifier together into the data source identifier field of the data encapsulation structure.

[0067] At the same time, initialize the other fields in the data encapsulation structure:

[0068] Permission status vector ,in, This represents the access level parameter (integer, ranging from 0 to 10, with higher values ​​indicating greater privileges). The parameter represents the remaining number of cycles (a non-negative integer). This indicates the access validity period parameter (indicated by a Unix timestamp as the expiration time).

[0069] For example, for highly sensitive business data, an initial value can be set. , , Add 86,400 seconds to the current timestamp (i.e., the validity period is 24 hours).

[0070] Data credibility parameters Initialized to (Indicates complete trustworthiness), with the value range limited to [0,1].

[0071] Flow record information fields It is initialized as an empty list and is used to store the structured flow behavior records generated subsequently.

[0072] The reason for this operation is that by encapsulating business data objects into structured data containing source identifiers, permission vectors, trust parameters, and flow records, a unified information carrier can be provided for the secure flow of data throughout its entire lifecycle, facilitating subsequent dynamic tracking and access control. The effect is that each business data object possesses a "self-describing" security attribute, enabling independent access determination without relying on an external database, thus enhancing the system's robustness and portability. Node authentication and UUID generation both employ conventional techniques in the field; this application has not improved their underlying technologies and will not elaborate further here.

[0073] S20: Collect flow behavior and generate structured flow behavior records.

[0074] When the data encapsulation structure is accessed (e.g., read, edited) or transmitted (e.g., forwarded, copied) between enterprise network nodes, the system collects the corresponding data flow behavior information and generates a structured flow behavior record.

[0075] S201: Collect raw information on the flow of data. Collect the following three types of information:

[0076] Access operation type information The values ​​include ;

[0077] Access time information It uses the system's standard timestamp;

[0078] Target node identification information , is the unique identifier of the target node (consistent with the node identifier format in S101).

[0079] S202: Obtain the security level of the target node. Call the preset node security level rule base and query the node security level based on the target node's identification information. .

[0080] This rule base can be pre-configured to divide nodes into 3 security levels:

[0081] This indicates a low-security node (such as an external collaborative terminal).

[0082] Represents a regular internal node;

[0083] This indicates a high-security node (such as a core server or audit terminal).

[0084] S203: Combine and generate a structured flow behavior record unit. Combine the above information into a structured flow behavior record unit. The record unit is then appended to the flow record information field of the data encapsulation structure. middle. It is an ordered list that stores all historical records in chronological order of their occurrence.

[0085] The reason for this operation is that only by fully recording the "operation type, time, target node, and target node security level" of each data transfer can the propagation path, propagation depth, and cross-domain propagation risks be analyzed in subsequent steps. The effect is: the data transfer record information fields... It serves as the carrier of the "digital footprint" of data objects, providing basic data for the construction of propagation topology and the updating of credibility in S30. The invocation of the node security level rule base and the storage of structured records both adopt conventional data structures and rule matching techniques, which are not improved in this application and will not be elaborated upon.

[0086] S30: Recursive update of data credibility parameters.

[0087] This step is the core of this application, distinguishing it from existing static authorization mechanisms. The system uses the flow record information fields... The system records historical data flow behavior, extracts the historical access node sequence of business data objects, constructs a data propagation topology, and performs recursive updates on the data credibility parameters based on topology feature parameters, current data flow behavior information, and data credibility parameters of the previous state.

[0088] S301: Read the credibility parameter of the previous state data. Read the currently stored data credibility parameter from the data encapsulation structure. (i.e., the value after the last update, the initial stage is) ).

[0089] S302: Determine the direction coefficient Based on the current access operation type The direction coefficients are determined according to the following mapping. ,all In other words, no operation increases credibility; they only decrease it to varying degrees.

[0090] Access operation type ,(coefficient Read operations do not change the data content, so the risk is low.

[0091] Access operation type ,(coefficient Editing operations may introduce errors, with a moderate risk.

[0092] Access operation type ,(coefficient Forwarding information expands the reach of the message, which carries a high risk.

[0093] Access operation type ,(coefficient The copying operation creates a new copy of the data, which carries the highest risk.

[0094] S303: Construct the propagation topology and extract topology feature parameters. (From the flow record information field) Extract all historical visit node sequences (a list of node IDs arranged chronologically), and construct a data propagation topology with each node as a vertex and visit relationships as directed edges. One implementation is to store this directed graph in the form of an adjacency list. Extract the following topological feature parameters from this topology:

[0095] Length of historical access node sequence :Right now The total number of records indicates the number of times the data has been processed.

[0096] Number of propagation branches : The cumulative number of newly added propagation edges. Specifically, in the data propagation topology, for each node with an out-degree greater than 1, the (out-degree - 1) of that node is accumulated to... That is, each time a node forwards data to multiple different nodes simultaneously, the number of newly added propagation edges is counted in the branch count.

[0097] For example, if the original node sends data to two different nodes simultaneously, then the node's out-degree is 2, and the number of newly propagated edges is 1. Increase by 1; if one of the nodes subsequently forwards the message to two new nodes, then the out-degree of that node becomes 2, and the number of newly propagated edges becomes 1. Add 1 more, totaling .

[0098] Depth of propagation levels The longest directed path length (in hops) from the original node to the currently visited node. For example, if the path is: Original node → Node A → Node B → Current node, then... ;

[0099] Cross-domain transmission times In the data propagation topology, if the security level of the target node is lower than that of the source node during each propagation process from the source node to the target node, it is counted as one cross-domain propagation. This is the sum of all such propagation counts. For example, propagation from node A (level 3) to node B (level 2) counts as 1; propagation from node B (level 2) to node C (level 1) counts as another 1; propagation from node B to node D (level 2) does not count. The sum is 2.

[0100] S304: Perform recursive update calculation. This represents the credibility parameter of the previous state data read from the data encapsulation structure. The updated current state data reliability parameter is used in this embodiment, which adopts a combination rule of "first direction adjustment, then cumulative attenuation, and finally additional penalty". The specific order is as follows:

[0101] The first step has yielded the directional coefficients from S302. .

[0102] The second step is to calculate the cumulative impact factor. This factor is used to quantify the length of historical propagation. With depth The cumulative risk resulting from these factors is calculated using the following formula:

[0103]

[0104] Where 0.1 is the preset sensitivity coefficient. The value range is [0,1). The larger, The closer it is to 1, the stronger the credibility compression. The smaller the value, the stronger the compression of credibility.

[0105] The third step is to calculate the additional attenuation penalty. This factor is used to penalize propagation branching and cross-domain propagation behaviors, and the specific calculation formula is as follows:

[0106]

[0107] in, To propagate the number of branches, For cross-domain propagation times, to prevent Too large Severely negative values ​​can affect the stability of subsequent normalization processing. Therefore, an upper limit constraint is set on the additional attenuation penalty factor to ensure its maximum value does not exceed a preset threshold. For example, an upper limit can be set as follows:

[0108]

[0109] The value of 0.5 is an example threshold used to limit the additional attenuation amplitude, and its specific value can be adjusted according to the system security policy.

[0110] The fourth step involves combining the parameters in the following order: first, adjust the direction; then, accumulate attenuation; and finally, apply a penalty. This yields the updated confidence parameters.

[0111]

[0112] Step 5: Normalization. Limited to the interval [0,1]:

[0113]

[0114] Numerical Example 1 (Low-Risk Transmission Scenario): Assumption The current operation is According to the mapping , (Already transferred once) (Depth 1 layer) , (Only 0 branches) (No cross-domain propagation). Then:

[0115] ,but ;

[0116] ;

[0117] Substitute into the formula: After normalization, it becomes 0.82.

[0118] Numerical Example 2 (Medium-Risk Transmission Scenario): Assumption The current operation is According to the mapping , , , , (Two branches were generated during the propagation process). .but:

[0119] ,but ;

[0120] ;

[0121] Substitute into the formula: After normalization, it becomes 0.29.

[0122] Numerical Example 3 (High-Risk Transmission Scenario): Assumption The current operation is According to the mapping , , , , (For example, the original node forwards to 4 nodes, adding 3; one of the nodes then forwards to 3 more nodes, adding 2, for a total of 5). (For example, three cross-domain moves: from level 3 to level 2, from level 2 to level 1, and from level 3 to level 1). Then:

[0123] ;but ;

[0124] Take the upper limit of 0.5 (because) );

[0125] Substitute into the formula: After normalization, it becomes 0.

[0126] The above examples show that the credibility of low-risk scenarios only decreases slightly (from 0.90 to 0.82), medium-risk scenarios drop to 0.29, and high-risk scenarios drop to zero, fully demonstrating that "the wider the scope of dissemination and the higher the risk, the faster the credibility decreases."

[0127] The reason for and effect of this combination rule: First, apply the direction coefficient. This is because the current operation type directly reflects the immediate risk of this action; multiplied by... This is because the length and depth of historical transmission determine the current "risk exposure level" of the data. The larger the value, the stronger the compression; finally subtract... This is because branching and cross-domain propagation are structural risks and should be deducted separately as a penalty item.

[0128] The three elements operate in this order without any priority conflict, which allows the credibility parameter to decrease significantly as the breadth and depth of dissemination increase.

[0129] It should be noted that the adjacency list construction and node sequence extraction of the directed graph all adopt conventional graph theory techniques, and this application does not improve the underlying graph algorithm; the above parameters (0.1, 0.05, 0.10, and upper limit of 0.5) are all configurable parameters, and those skilled in the art can adjust them according to the actual security strategy of the enterprise. The multiplication, subtraction, and normalization required for recursive updates are all conventional arithmetic operations, which will not be elaborated here.

[0130] S40: Adaptive adjustment of the permission state vector.

[0131] Based on the updated data credibility parameters This is mapped to a preset confidence interval, and the permission status vector is adjusted according to the interval. Perform adaptive adjustments.

[0132] S401: Determine the confidence interval. The following interval divisions are preset:

[0133] High confidence interval: ;

[0134] Medium confidence interval: ;

[0135] Low confidence interval: .

[0136] S402: Access level parameters Adjustments will be made.

[0137] like Maintain or slightly improve (The increase shall not exceed 20% of the initial value, and shall not exceed 10).

[0138] like ;, Degrading execution privileges: .For example, , ,but .

[0139] like Forced downgrade: (Read-only access is required).

[0140] S403: Parameter for remaining cycle times and access validity period parameter Adjustments will be made.

[0141] After each execution of step S20 (i.e., after one flow action occurs), Perform a decremental update:

[0142] .when If this happens, subsequent access control decisions will directly deny access.

[0143] right Dynamic shortening of execution: Assume the current system time is... The original deadline was The original remaining valid time is (like (Then it has expired). The remaining validity period after the update is... The new deadline is The lower the reliability, the shorter the remaining valid time is.

[0144] For example, if the original remaining valid time was 10,000 seconds, ,but Second, Updated to the current time plus 4000 seconds. Stored using Unix timestamps, the actual determination is made by comparing the current time with... Size.

[0145] The reason for this operation is that a decline in data credibility signifies a deterioration in data security. It is necessary to simultaneously reduce access levels, decrease the number of transfers, and shorten the effective time, creating a multi-dimensional permission decay to prevent malicious nodes from causing damage through multiple transfers or long-term data holding even after privilege reduction. The effect is that the permission state vector is dynamically bound to the data credibility parameter, achieving an adaptive security strategy of "the higher the risk, the tighter the permissions."

[0146] S50: Access control decision.

[0147] When a target node requests access to the business data object (e.g., initiates a read or edit request), the system executes the following access control decision process.

[0148] S501: Obtain the set of judgment parameters. Read the current data credibility parameter from the data encapsulation structure. Permission status vector Simultaneously, obtain the collaborative task status information corresponding to the business data object (e.g., obtain the current task ID, task participant node list, task stage, etc. from the collaborative office system).

[0149] S502: Perform access control decision. Generate access control results based on the following rules:

[0150] If the current system time or or If so, it will be directly judged as "access denied".

[0151] like Request the required permission level (e.g., read permission required) The editor needs Forwarding requires If the collaborative task status information indicates that the current target node belongs to the participating nodes of the task, then it is determined as "access is allowed".

[0152] like Between "read-only" and "request permissions" (e.g., requesting editing permissions) ,actual ),and If so, it is determined as "downgraded access" (for example, downgrading an edit request to read-only access).

[0153] Other situations are judged as "access denied".

[0154] S503: Update the permission status vector and record the access result. Based on the access control result, update the permission status vector accordingly (e.g., do not change it after allowing access). However, if access is denied, it may increase the audit count. Simultaneously, the access control result (allow / downgrade / deny) will be written to the workflow record information field. In this process, a new recording unit is formed.

[0155] The reason for this operation is that access control not only relies on the trustworthiness and permissions of the data itself, but also needs to be combined with the context of collaborative tasks to prevent data leakage to nodes that have permissions but are not currently related to the task. The effect is to achieve fine-grained access control driven by both "data state" and "task state".

[0156] S60: Data propagation risk level generation and task semantic matching verification.

[0157] S611: Extract the historical access node sequence. From the flow record information field. Extract all historical access node IDs and form a sequence in chronological order.

[0158] S612: Construct the data propagation topology. Construct a directed graph in the same way as S303.

[0159] S613: Generate a data propagation risk level. Identify the number of propagation branches. Depth of dissemination levels Cross-domain transmission frequency (Same as S303 definition), and generate the data propagation risk level according to the following formula. :

[0160]

[0161] in, The risk level is limited to between 0 and 3. The coefficients (0.5, 0.3, 0.2) in the formula are all configurable parameters that can be adjusted by those skilled in the art according to the actual security strategy. Indicates low risk; Indicates medium risk; Indicates high risk; This indicates a severe risk. This risk level can be used to issue warnings to system administrators or trigger additional audit processes.

[0162] S621: Extract task semantic information. When the access control result of step S50 is "Access Allowed", further extract the task semantic information of the currently executing task on the target node. Specifically, obtain the text information such as the title, description, and keywords of the current task from the collaborative office system or task management system to form a task semantic string. Simultaneously, business attribute information (such as data category tags and metadata descriptions) of business data objects is extracted to form data semantic strings. .

[0163] S622: Perform semantic matching verification. This embodiment provides a matching method based on a pre-trained semantic model: calling a preset semantic matching rule library, and... and Inputting each into a pre-trained Chinese BERT model (12-layer Transformer, 768-dimensional output) yields two vectors. and Calculate the cosine similarity:

[0164]

[0165] The preset semantic association threshold is .like If so, the semantic matching is deemed successful;

[0166] like If the condition is not met, it is determined that the preset semantic association condition is not satisfied.

[0167] S623: Execute permission restrictions or access blocking. When semantic matching fails, the system executes permission restrictions on the business data object (e.g., forcibly downgrading the originally allowed editing permission to read-only) or directly executes access blocking (rejecting this access request), and records the event as "semantic violation" in the audit log.

[0168] The reason for this operation is: even if the target node is at the permission level Even if the access requirements are met, the task currently being performed may be completely unrelated to the business purpose of the data object, and allowing access may still lead to data misuse or leakage. Semantic matching verification can identify access requests for "legitimate nodes but unrelated tasks." The effect is to elevate access control from "identity / role-based" to "task semantic-based" granularity, further reducing the risk of data leakage. The loading and vector computation of the BERT model employ conventional deep learning inference techniques; this application does not improve the BERT model itself, and will not elaborate further here.

[0169] This embodiment, through steps S10 to S60, fully discloses the entire process from data encapsulation, flow recording, credibility recursive update, adaptive permission adjustment, access control determination to propagation risk analysis and semantic verification. Those skilled in the art can write a computer program to implement this method without creative effort based on the above description.

[0170] Example 2: Recursive Update Variant Based on Node Security Level Differentiation

[0171] Based on Example 1, this embodiment further refines the recursive update mechanism in step S30 by introducing the difference between the security level of the target node and the security level of the original node as an additional penalty to enhance the risk control of data flowing to low-security areas.

[0172] Variant implementation of S30:

[0173] In this embodiment, the recursive update calculation in step S30 is based on S304 in embodiment 1, with the addition of a penalty factor based on the difference in security level.

[0174] S304: Perform recursive update calculations (including security level penalties).

[0175] In this step, This represents the credibility parameter of the previous state data read from the data encapsulation structure. This parameter represents the reliability of the updated current state data. This application employs a combined rule of "first direction adjustment, then cumulative attenuation, and finally additional penalty," calculated in the following order. :

[0176] The first step is to determine the direction coefficient. Based on the current access operation type Determined according to the following mapping (all (meaning no operation increases credibility).

[0177] Access operation type ,(coefficient Read operations do not change the data content, so the risk is low.

[0178] Access operation type ,(coefficient Editing operations may introduce errors, with a moderate risk.

[0179] Access operation type ,(coefficient Forwarding information expands the reach of the message, which carries a high risk.

[0180] Access operation type ,(coefficient The copying operation creates a new copy of the data, which carries the highest risk.

[0181] The second step is to calculate the cumulative impact factor. This factor is used to quantify the length of historical propagation. With depth The cumulative risk resulting from both factors is calculated using the following formula:

[0182]

[0183] Where 0.1 is the preset sensitivity coefficient. The value range is [0,1). The larger, The closer it is to 1, the stronger the credibility compression. The smaller the value, the stronger the compression of credibility.

[0184] The third step is to calculate the additional attenuation penalty. This embodiment, based on embodiment 1, adds a security level difference penalty item, calculated using the following formula:

[0185]

[0186] in, To propagate the number of branches, This refers to the number of cross-domain transmissions.

[0187] This is the difference between the security level of the original node and the security level of the target node being accessed. When the security level of the target node is not lower than that of the original node, (No additional penalty is imposed); when the target node's security level is lower than the original node, Take the positive difference (apply additional penalty).

[0188] To preset the security level penalty coefficient, this embodiment takes... .

[0189] To prevent Too large For severely negative values, set an upper limit:

[0190]

[0191] The fourth step involves combining the parameters in the following order: first, adjust the direction; then, accumulate attenuation; and finally, apply a penalty, to obtain the updated confidence parameters. :

[0192]

[0193] Step 5: Normalization. Limited to the interval [0,1]:

[0194]

[0195] The following numerical examples illustrate the effect of security level penalties.

[0196] Numerical examples (comparing flow to the same level vs. flow to a lower security node):

[0197] Assume the following common parameters:

[0198] The current operation type is According to the mapping , , , .but:

[0199] ,but ;

[0200] , Basic penalty: .

[0201] Scenario A (flow to nodes of the same level):

[0202] Assuming the original node has a security level Target node security level ,but .

[0203] ;

[0204] ;

[0205] Normalization: .

[0206] Scenario B (transfer to a lower security node):

[0207] Assuming the original node has a security level , the security level of the target node , then .

[0208] (not exceeding the upper limit of 0.6);

[0209] ;

[0210] Normalization: .

[0211] Case comparison: The credibility after flowing to nodes of the same level is 0.29, while the credibility directly becomes zero after flowing to nodes with lower security. This comparison shows that this embodiment can effectively identify the high-risk behavior of "data flowing from a high-security area to a low-security area" and impose an additional credibility penalty.

[0212] Embodiment 3: Lightweight task semantic matching verification

[0213] This embodiment provides an alternative implementation of the task semantic matching verification in step S60, which is applicable to edge nodes with limited computing resources or scenarios with higher real-time requirements, and replaces the cosine similarity calculation method based on the BERT model in Embodiment 1.

[0214] Variant implementation of S60:

[0215] In this embodiment, the semantic matching verification in step S60 adopts the Jaccard similarity method based on keywords.

[0216] S621: Extract the set of task semantic keywords.

[0217] When the access control result of step S50 is "allow access", the system extracts the keyword set from the task semantic information of the current task executed by the target node. Specifically, text information such as the title and description of the current task is obtained from the collaborative office system or the task management system to form a task semantic string . Preprocess this string:

[0218] Use a conventional word segmentation tool (such as Jieba word segmentation) for word segmentation;

[0219] Remove stop words (such as words without actual semantics like "de", "le", "zai", "shi", etc.); retain content words such as nouns, verbs, and adjectives as keywords. <(https: / / www.xxx.com / 202 / /

[0220] After de-duplicating the extracted keywords, form the task keyword set .

[0221] For example, if the task description is "Prepare the financial budget report for the third quarter", after word segmentation and removing stop words, the keyword set is obtained .

[0222] S622: Extract the set of keywords for data business attributes.

[0223] Extract keyword sets from the business attribute information of business data objects. Specifically, obtain information such as category tags and metadata descriptions of business data objects to form data semantic strings. Using the same word segmentation and stop word removal methods as S621, a set of data keywords is extracted. .

[0224] For example, if the data attribute is "financial / budget reports", extract the keyword set:

[0225] .

[0226] S623: Calculate and determine Jaccard similarity.

[0227] Calculation task keyword set With data keyword set Jaccard similarity:

[0228]

[0229] in, Indicates the number of elements in the set. Indicates intersection, It represents the union of sets.

[0230] The preset semantic association threshold is (This threshold can be configured according to the actual business scenario.) If If the semantic matching is successful, then the semantic matching is considered successful; if If the condition is not met, it is determined that the preset semantic association condition is not satisfied.

[0231] Numerical Example 1 (Semantic Mismatch):

[0232] ,

[0233] .

[0234] The size of the intersection is 2.

[0235] The union size is 6.

[0236] Since 0.33 < 0.5, a semantic mismatch is determined, and execution permissions are restricted or access is blocked.

[0237] Numerical Example 2 (Semantic Matching):

[0238] ,

[0239] .

[0240] The size of the intersection is 2.

[0241] The union size is 4.

[0242] ,because If the threshold is met, the semantic match is deemed successful, and normal access is allowed.

[0243] S624: Execution permission restriction or access blocking.

[0244] When semantic matching fails, the system imposes access restrictions on the business data object (e.g., forcibly downgrading previously allowed editing permissions to read-only) or directly blocks access (denies the current access request), and records the event as a "semantic violation" in the audit log. When semantic matching succeeds, the original access control result is maintained.

[0245] The reason for and effect of this variant: In edge computing nodes or resource-constrained environments, the inference time of the BERT model (approximately 110M parameters) is relatively long (typically 100-300 milliseconds) and requires dedicated hardware acceleration or deep learning framework support. Using the keyword Jaccard similarity method, only conventional word segmentation and set operations are required, and the time for a single verification is typically less than 5 milliseconds, which can meet the real-time requirements of collaborative office scenarios. Although the semantic matching accuracy is slightly lower than the BERT model (approximately 84% vs 92% in actual tests), it is still within an acceptable range, and it does not rely on a deep learning framework, making deployment more accessible. The effect is: while ensuring basic semantic verification capabilities, it significantly reduces computational resource consumption and response latency, making it suitable for nodes with limited computing resources such as edge gateways and mobile terminals. Word segmentation and stop word removal use conventional techniques in the field of natural language processing; this application has not improved the underlying algorithms and will not elaborate further here.

[0246] Example 4: Enterprise Data Security Flow Control System Based on Data Trustworthiness Evolution

[0247] This embodiment provides an enterprise data security flow control system based on data credibility evolution, used to implement the method described in any one of Embodiments 1 to 3. Please refer to... Figure 2 The system includes the following modules:

[0248] A data encapsulation module receives business data objects generated by enterprise terminal nodes, performs secure encapsulation processing on the business data objects, constructs a data encapsulation structure containing fields such as data subject information, data source identifier information, permission status vector, data credibility parameters, and flow record information, and initializes the data credibility parameters and permission status vector. The permission status vector includes at least access level parameters, remaining flow count parameters, and access validity time parameters.

[0249] For the specific implementation of this module, please refer to step S10 and sub-steps S101 to S103 in Example 1.

[0250] The data credibility update module is used to extract the historical access node sequence of the business data object based on the historical flow behavior records in the flow record information field, construct a data propagation topology, and identify the number of propagation branches, propagation level depth, and cross-domain propagation frequency as topology feature parameters. Based on the topology feature parameters, the current data flow behavior information, and the data credibility parameters of the previous state, the module performs a recursive update process on the data credibility parameters. Different access operation types correspond to different credibility adjustment directions. The length of the historical access node sequence and the propagation level depth are used to enhance the cumulative impact, and the number of propagation branches and the number of cross-domain propagation frequency are used to apply additional attenuation constraints to obtain the data credibility parameters of the current state.

[0251] For the specific implementation of this module, please refer to step S30 and sub-steps S301 to S304 in Embodiment 1, or a variant implementation of step S304 in Embodiment 2.

[0252] The permission status adjustment module is used to map the updated data credibility parameters to a preset credibility range, and to perform adaptive adjustment of the permission status vector according to the credibility range, including adjusting the access level parameter for permission level, performing a decreasing update on the remaining number of transfers parameter, and dynamically shortening the access validity time parameter.

[0253] For the specific implementation of this module, please refer to step S40 and sub-steps S401 to S403 in Example 1.

[0254] An access control determination module is used to, when a target node requests access to the business data object, obtain the current data credibility parameter and permission status vector in the data encapsulation structure, and simultaneously obtain the collaborative task status information corresponding to the business data object. Based on the data credibility parameter, permission status vector, and collaborative task status information, an access determination parameter set is constructed. Access control determination processing is performed according to the access determination parameter set to generate a data access control result that allows access, downgrades access, or denies access. The permission status vector is updated according to the access control result, and the access control result is written to the flow record information field.

[0255] For the specific implementation of this module, please refer to step S50 and sub-steps S501 to S503 in Example 1.

[0256] A propagation path analysis module is used to extract the historical access node sequence of the business data object based on the flow record information field to construct a data propagation topology and generate a data propagation risk level. Specifically, this module includes:

[0257] Node path construction unit: used to extract the historical access node sequence of business data objects based on the flow record information field and construct the data propagation topology;

[0258] Propagation level statistics unit: used to identify the number of propagation branches (cumulative number of newly added propagation edges), propagation level depth, and cross-domain propagation times in the data propagation topology (cumulative number of times the target node's security level is lower than the source node's security level in each propagation).

[0259] Risk level generation unit: used to generate a data propagation risk level based on the identification results, and output risk control parameters to the access control determination module.

[0260] For the specific implementation of this module, please refer to sub-steps S611 to S613 of step S60 in Example 1.

[0261] The task semantic verification module is used to extract the task semantic information of the currently executing task of the target node when the access control result is allowed, and to perform semantic matching verification between the task semantic information and the business attribute information of the business data object. When the semantic matching result does not meet the preset semantic association conditions, the module performs permission restriction or access blocking processing on the business data object.

[0262] For the specific implementation of this module, please refer to sub-steps S621 to S623 of step S60 in Example 1, or the lightweight semantic matching implementation in Example 3 (sub-steps S621 to S624).

[0263] The aforementioned modules operate collaboratively by calling program instructions from memory via the processor. Specifically, the system can be deployed on an edge computing gateway, central server, or cloud platform within an enterprise intranet, with each module communicating through a pre-defined data interface. When business data objects flow between enterprise network nodes, the data encapsulation module constructs a data encapsulation structure containing complete security attributes; the data credibility update module dynamically updates credibility parameters based on the flow records; the permission status adjustment module adjusts the permission status vector in conjunction with the credibility parameters; the access control determination module performs access determination based on credibility, permission status, and collaborative task status; the propagation path analysis module monitors data propagation risks in real time; and the task semantic verification module performs a secondary verification after access is granted to ensure semantic matching between the task and the data.

[0264] It should be noted that the functionality of each module depends on the specific methods and steps disclosed in Embodiments 1 to 3. Those skilled in the art can write computer programs to implement the functions of each module based on the descriptions in Embodiments 1 to 3 without any creative effort. The communication interfaces between modules, the coordinated operation of the processor and memory, etc., all adopt conventional technologies in the computer field. This application does not improve their underlying implementation and will not elaborate on them here.

[0265] Although embodiments of this application have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and variations can be made to these embodiments without departing from the principles and spirit of this application, the scope of which is defined by the appended claims and their equivalents.

Claims

1. A method for controlling the secure flow of enterprise data based on the evolution of data credibility, characterized in that: Includes the following steps: S10: Receive the business data object generated by the enterprise terminal node, perform secure encapsulation processing on the business data object, construct a data encapsulation structure containing data subject information, permission status vector, data credibility parameter, flow record information field and data source identification information, and initialize the data credibility parameter and permission status vector, wherein the permission status vector includes at least the access level parameter, the remaining flow count parameter and the access validity time parameter; S20: When the data encapsulation structure accesses or transmits data between enterprise network nodes, it collects the corresponding data flow behavior information and generates a flow behavior record. The data flow behavior information includes at least access operation type information, access time information, and target node identification information. The flow behavior record is then written into the flow record information field. S30: Based on the historical flow behavior records in the flow record information field, extract the historical access node sequence of the business data object, construct the data propagation topology, and identify the number of propagation branches, the depth of propagation level, and the number of cross-domain propagation as topology feature parameters; Based on the topological feature parameters, current data flow behavior information, and data credibility parameters of the previous state, a recursive update process is performed on the data credibility parameters. Different access operation types correspond to different credibility adjustment directions. The length of the historical access node sequence and the propagation level depth are used to enhance the cumulative impact. The number of propagation branches and the number of cross-domain propagation times are used to apply additional attenuation constraints. The cumulative impact and the attenuation constraints work together on the data credibility parameters according to a preset combination rule to obtain the data credibility parameters of the current state. The cumulative impact is applied to the data credibility parameters in a multiplicative form, and the attenuation constraints are applied to the data credibility parameters in a subtractive form. S40: Based on the updated data credibility parameters, map them to a preset credibility range, and perform adaptive adjustment on the permission status vector according to the credibility range, including adjusting the access level parameter for permission level, performing a decreasing update on the remaining number of transfers parameter, and dynamically shortening the access validity time parameter. S50: When the target node requests access to the business data object, the current data credibility parameter and permission status vector in the data encapsulation structure are obtained, and the collaborative task status information corresponding to the business data object is obtained. An access judgment parameter set is constructed based on the data credibility parameter, permission status vector and collaborative task status information. Access control judgment processing is performed according to the access judgment parameter set to generate a data access control result of allowing access, downgrading access or denying access. The permission status vector is updated according to the access control result, and the access control result is written to the flow record information field. S60: Extract the historical access node sequence of the business data object based on the flow record information field to construct the data propagation topology structure and generate a data propagation risk level; when the access control result is allowed, extract the task semantic information of the target node's currently executing task, and perform semantic matching verification between the task semantic information and the business attribute information of the business data object; when the semantic matching result does not meet the preset semantic association conditions, perform permission restriction or access blocking processing on the business data object.

2. The enterprise data security flow control method based on data credibility evolution according to claim 1, characterized in that, The steps in step S10 for constructing the data encapsulation structure include: S101: Generate a unique data source identifier for the business data object and record the original terminal node identifier information that generated the business data object; S102: Call the preset node identity authentication module to authenticate the original terminal node and generate a node trustworthiness identifier; S103: Write the data source identifier, the original terminal node identifier information, and the node trustworthiness identifier into the data source identifier information field of the data encapsulation structure.

3. The enterprise data security flow control method based on data credibility evolution according to claim 1, characterized in that, Step S20, which involves collecting data flow behavior information and generating structured flow behavior records, includes: S201: Collect information on the access operation type, access time, and target node identification during the data access or data transmission process; S202: Call the preset node security level rule base to obtain the node security level information of the target node; S203: Combine the access operation type information, access time information, target node identification information, and node security level information to generate a structured flow behavior record unit, and write it into the flow record information field of the data encapsulation structure.

4. The enterprise data security flow control method based on data credibility evolution according to claim 1, characterized in that, Step S30, which involves performing a recursive update on the data confidence parameter, includes: S301: Read the credibility parameter of the previous state data in the data encapsulation structure; S302: Call the preset access risk rule base and generate a corresponding access risk level based on the access operation type information; S303: Combining the access risk level, the node security level information of the target node, the topology feature parameters, and the current data flow behavior information, the data credibility parameter of the previous state is recursively updated.

5. The enterprise data security flow control method based on data credibility evolution according to claim 1, characterized in that, The step of adaptively adjusting the permission state vector in step S40 includes: S401: Determine the corresponding preset confidence interval based on the updated data confidence parameter; S402: When the data credibility parameter is lower than a preset threshold, perform permission downgrade processing on the access level parameter in the permission status vector; S403: Perform a decrement update process on the remaining number of transfers parameter in the permission status vector, and dynamically shorten the access validity time parameter according to the data credibility parameter.

6. The enterprise data security flow control method based on data credibility evolution according to claim 1, characterized in that, Step S60, which generates the data propagation risk level, includes the following steps: S611: Extract the historical access node sequence of the business data object based on the flow record information field; S612: Construct a data propagation topology based on the historical access node sequence; S613: Identify the number of propagation branches, the depth of propagation levels, and the number of cross-domain propagations in the data propagation topology, and generate a data propagation risk level based on the identification results.

7. The enterprise data security flow control method based on data credibility evolution according to claim 1, characterized in that, The steps for performing semantic matching verification in step S60 are as follows: S621: Extract the task semantic information of the currently executing task of the target node, as well as the business attribute information of the business data object; S622: Call the preset semantic matching rule library to perform semantic association analysis on the task semantic information and the business attribute information; S623: When the semantic matching result is lower than the preset semantic association threshold, the business data object is subjected to access blocking or permission downgrade processing.

8. An enterprise data security flow control system based on data credibility evolution, characterized in that, include: The data encapsulation module is used to receive business data objects generated by enterprise terminal nodes, perform secure encapsulation processing on the business data objects, construct a data encapsulation structure containing fields such as data subject information, data source identification information, permission status vector, data credibility parameter and flow record information, and initialize the data credibility parameter and permission status vector. The permission status vector includes at least access level parameter, remaining flow count parameter and access validity time parameter. The data credibility update module is used to extract the historical access node sequence of the business data object based on the historical flow behavior records in the flow record information field, construct the data propagation topology, and identify the number of propagation branches, the depth of propagation level, and the number of cross-domain propagation as topology feature parameters; based on the topology feature parameters, the current data flow behavior information, and the data credibility parameters of the previous state, the module performs a recursive update process on the data credibility parameters, wherein different access operation types correspond to different credibility adjustment directions, the length of the historical access node sequence and the depth of propagation level are used to enhance the cumulative impact, and the number of propagation branches and the number of cross-domain propagation are used to apply additional attenuation constraints to obtain the data credibility parameters of the current state; The permission status adjustment module is used to map the updated data credibility parameters to a preset credibility range, and to perform adaptive adjustment of the permission status vector according to the credibility range, including adjusting the access level parameter for permission level, performing a decreasing update on the remaining number of transfers parameter, and dynamically shortening the access validity time parameter. The access control determination module is used to, when a target node requests access to the business data object, obtain the current data credibility parameter and permission status vector in the data encapsulation structure, and simultaneously obtain the collaborative task status information corresponding to the business data object; construct an access determination parameter set based on the data credibility parameter, permission status vector, and collaborative task status information; perform access control determination processing according to the access determination parameter set, generate a data access control result of allowing access, downgrading access, or denying access, update the permission status vector according to the access control result, and write the access control result into the flow record information field; The propagation path analysis module is used to extract the historical access node sequence of the business data object based on the flow record information field to construct the data propagation topology and generate the data propagation risk level. The task semantic verification module is used to extract the task semantic information of the currently executing task of the target node when the access control result is allowed, and to perform semantic matching verification between the task semantic information and the business attribute information of the business data object. When the semantic matching result does not meet the preset semantic association conditions, the module performs permission restriction or access blocking processing on the business data object. Each module works collaboratively by calling program instructions in the memory through the processor to implement the enterprise data security flow control method based on data credibility evolution as described in any one of claims 1-7.

9. The enterprise data security flow control system based on data credibility evolution according to claim 8, characterized in that, The propagation path analysis module includes: The node path construction unit is used to extract the historical access node sequence of business data objects based on the flow record information field and construct the data propagation topology. A propagation hierarchy statistics unit is used to identify the number of propagation branches and the depth of propagation hierarchy in the data propagation topology. The risk level generation unit is used to generate a data propagation risk level based on the identification results and output risk control parameters to the access control determination module.