Adaptive privacy protection and cross-domain authentication system and method based on multi-party authorization

The adaptive privacy protection system with multi-party authorization solves the problems of cross-regional compliance and autonomous governance and multi-entity joint authorization in existing technologies. It achieves adaptive privacy protection and cross-domain authentication, supports full coverage identification of five types of organizational information, ensures that high-reputation entities retain data utility, low-reputation entities obtain strong protection, and reliably transmit data in environments without terrestrial cellular networks.

CN122394955APending Publication Date: 2026-07-14玺信科技有限公司 +4

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
玺信科技有限公司
Filing Date
2026-05-29
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing privacy protection and identity authentication technologies suffer from problems such as low efficiency in separating identity filling and privacy desensitization, limited document type adaptability, static and unchanging privacy protection strength, and inability to achieve multi-entity joint authorization and cross-regional compliance autonomy, especially failing in cross-border business and environments without terrestrial cellular networks.

Method used

An adaptive privacy protection system based on multi-party authorization is adopted, which realizes cross-domain authentication and adaptive privacy protection through hardware security carrier, location awareness unit, dynamic trust engine, five-data package full-coverage recognition engine, multi-party authorization collaboration unit, electronic signature two-way operation unit and privacy enhancement processing unit.

Benefits of technology

It achieves cross-regional compliant self-governance, multi-entity joint authorization, and trust-driven adaptive privacy protection, supports full-coverage identification of five types of organizational information, ensures that high-reputation entities retain data utility while low-reputation entities receive strong protection, and can still transmit reliably in environments without terrestrial cellular networks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394955A_ABST
    Figure CN122394955A_ABST
Patent Text Reader

Abstract

The application discloses a kind of based on multi-party authorization and five number package full coverage adaptive privacy protection and cross-domain authentication system, comprising: a hardware security carrier, be divided into multiple security domains, each security domain corresponds to a country or region, and store unique private key and compliance policy set;A position sensing unit, real-time geographic position is obtained;A strategy activation unit, according to the real-time geographic position, the corresponding security domain is activated automatically, and loads its compliance policy set;A dynamic trust engine is used to calculate and update dynamic trust level Trust;A five number package full coverage identification engine is used to classify sensitive information;A multi-party authorization collaborative unit is used to generate joint authorization credentials;An electronic signature bidirectional operation unit replaces sensitive field with structured placeholder, and establishes encryption mapping table;A privacy enhancement processing unit is used to perform intensity variable privacy enhancement processing on other modal data;A signature unit digitally signs the operation result.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of network security technology, specifically relating to a digital identity authentication technology. Background Technology

[0002] With the deepening of digital transformation, the amount of data generated by individuals, families, enterprises, communities, and governments—including electronic documents, biometric videos, medical reports, and financial transactions—is exploding. Existing privacy protection and identity authentication technologies are mainly divided into three categories: rule-based data anonymization systems, role-based access control models, and hardware security solutions based on trusted execution environments.

[0003] However, existing technologies generally suffer from the following drawbacks: First, identity verification and privacy desensitization are separated, making it inefficient and prone to errors for users to manually fill out forms. Furthermore, uploading documents containing sensitive information to AI analysis platforms requires manual correction, lacking a unified hardware-level authorization closed-loop mechanism. Second, the coverage of electronic document types is incomplete; existing systems have limited adaptability to different document formats such as forms, bills, and reports, failing to achieve unified identification and classification of all organizational information types. Third, the strength of privacy protection remains static; regardless of a user's historical behavior and reputation, the system uses the same desensitization parameters, leading to unnecessary loss of data utility for high-reputation users and insufficient protection of sensitive information for low-reputation users. Fourth, existing technologies only support privacy protection for a single entity; for documents that naturally contain sensitive information from multiple entities, such as medical reports, corporate contracts, and family bills, a one-click hiding operation after multi-party joint authorization is not possible.

[0004] The root cause of the aforementioned technical deficiencies lies in the fact that existing systems lack a comprehensive technical solution capable of simultaneously addressing cross-regional compliance and autonomy, multi-entity joint authorization, trust-driven adaptive anonymization, and end-to-end anonymous decision-making. Details are as follows.

[0005] First, terminal devices cannot automatically switch data processing rules according to the jurisdiction of the country or region they are located in, making cross-border business extremely prone to violating local laws and regulations (such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection Law of the People's Republic of China). Existing location awareness solutions mostly rely on software interfaces provided by the operating system, which are easily tampered with or deceived.

[0006] Second, existing identity authentication and privacy protection systems are completely ineffective in environments lacking terrestrial cellular networks (such as oceans, polar regions, and deserts), making it impossible to achieve hardware-level two-way authentication and secure transmission of large amounts of data.

[0007] Third, existing privacy protection schemes lack a quantifiable dynamic trust assessment mechanism, and cannot integrate dimensions such as the consistency of users' historical behavior, the authority of data sources, and negative event records into a continuous trust level, thereby driving the real-time adjustment of the strength of privacy protection.

[0008] Fourth, existing anonymization techniques cannot provide a provable mathematical guarantee that mutual information is zero. Anonymous data may still be re-associated through link metadata or placeholder semantics.

[0009] Therefore, there is an urgent need for a system and method that can achieve full coverage identification of five data packages, multi-party joint authorization, automatic activation of compliance strategies driven by geolocation, trust-adaptive privacy protection, and integrated terrestrial and satellite authentication.

[0010] It should be noted that the above description of the technical background is only for the purpose of providing a clear and complete explanation of the technical solutions of the present invention and facilitating understanding by those skilled in the art. It should not be assumed that the above technical solutions are known to those skilled in the art simply because they have been described in the background section of this invention. Summary of the Invention

[0011] The purpose of this invention is to overcome the shortcomings of the prior art and provide an adaptive privacy protection and cross-domain authentication system and method based on multi-party authorization and full coverage of five data packages.

[0012] This invention discloses an adaptive privacy protection and cross-domain authentication system based on multi-party authorization and full coverage of five data packets, comprising: a hardware security carrier, which is internally divided into multiple security domains, each security domain corresponding to a country or region, and storing the private key and compliance policy set unique to that country or region; a location awareness unit, independent of the terminal device's operating system, which obtains real-time geographical location through a hardware interface; and a policy activation unit, which automatically activates the corresponding security domain based on the real-time geographical location and loads its compliance policy set.

[0013] A dynamic trust engine is used to calculate and update the dynamic trust level (Trust) of each entity. The dynamic trust level (Trust) is calculated using a weighted time-series model and satisfies the following relationship:

[0014] (Equation 1)

[0015] Where Δt is the time interval since the last credible action, λ is the decay coefficient, Authority(t) is the authority level of the data source, Consistency(t) is the cosine similarity between the current action feature vector and the historical action feature vector, RiskEvents(t) is the cumulative deduction of negative events, and α+β+γ+δ=1.

[0016] The system comprises: a comprehensive data package recognition engine for scanning electronic documents and classifying sensitive information into individual, family, enterprise, social, or government data packages based on predefined templates, deep learning models, or physical coordinate maps; a multi-party authorization collaboration unit for initiating authorization requests to relevant parties when electronic documents contain sensitive information from multiple different entities, collecting and aggregating multi-party electronic signatures (including electronic official seals, electronic private seals, electronic signature stamps, handwritten electronic signatures, etc.) to generate a joint authorization certificate; a two-way electronic signature operation unit operating within the activated security domain, using electronic signatures to perform forward filling or reverse hiding operations, and supporting multi-party joint authorization during reverse hiding operations, where sensitive fields are replaced with structured placeholders and an encrypted mapping table is established; a privacy enhancement processing unit for performing variable-strength privacy enhancement processing on other modal data, including dynamic video Gaussian blurring and differential privacy noise injection; and a signature unit for digitally signing the operation results using the private key of the aforementioned security domain.

[0017] Furthermore, the privacy protection strength μ of the aforementioned reverse hiding operation and the dynamic trust level Trust satisfy the following relationship:

[0018] (Equation 2)

[0019] In the formula, μ base The baseline privacy protection strength is defined by θ, which is a sensitivity adjustment coefficient, θ≥0; and when the data to be processed is marked as a legally sensitive data type, μ is forced to be μ. max Among them, μ max The maximum permissible privacy protection strength μ is defined by the current security domain compliance policy set. This privacy protection strength μ is used to control at least one of the following operations: the granularity level of structured placeholder replacement; the kernel size of dynamic video Gaussian blur, where the blur kernel size is positively correlated with μ; the noise amplitude of differential privacy injection, where the noise amplitude is positively correlated with μ, and the differential privacy budget ε is negatively correlated with μ, satisfying ε = ε. max / μ.

[0020] Furthermore, before uploading the cleaned documents generated by the above reverse hiding operation to the cloud, a secondary desensitization operation is performed: the structured placeholders are replaced with meaningless random codes, and each document uses an independently generated random mapping table. The above random mapping table is only stored locally on the terminal, and the cloud AI decision unit can only receive the above random codes and cannot restore the field type semantic information of the structured placeholders.

[0021] Furthermore, the aforementioned multi-party authorization collaboration unit supports at least one of the following authorization modes: sequential authorization mode, where the system sends authorization requests to each subject in a preset priority order, and sends an authorization request to the next subject only after the previous subject has completed the electronic signature authorization; parallel authorization mode, where the system simultaneously sends authorization requests to all subjects involved in the document and sets an authorization waiting timeout threshold, collecting all returned electronic signatures within the threshold time; threshold authorization mode, where the system sets an authorization threshold ratio T∈(0,1], and when the ratio of the number of subjects that have completed electronic signature authorization to the total number of subjects that should be authorized reaches or exceeds T, it is considered that the authorization conditions are met, and a joint authorization certificate is generated; and proxy authorization mode, where for subjects that do not have independent electronic signature capabilities, a legitimate proxy uses its electronic signature to authorize on their behalf based on the proxy relationship binding information pre-stored in the data package or government data package. The aforementioned multi-party authorization collaboration unit uses a multi-signature algorithm to generate aggregated multi-party authorization signature certificates, and the aforementioned multi-signature algorithm is selected from at least one of the BLS aggregate signature algorithm (Boneh-Lynn-Shacham Aggregate Signature) or threshold signature algorithm.

[0022] Furthermore, the parameters of the dynamic trust level Trust(t) in the aforementioned dynamic trust engine are specifically quantified as follows: Timeliness item, Where λ is the attenuation coefficient, with a default value of 0.1 / day, and Δt is calculated in hours. When Δt≤0, Recency(t)=1; the authority item, Authority(t), is determined according to the level of the Certificate Authority (CA) of the data source. Digital certificates issued by government CAs have Authority=1.0, digital certificates issued by financial institution CAs have Authority=0.9, digital certificates issued by ordinary commercial CAs have Authority=0.5, and digital certificates without CA certification have Authority=0.1.

[0023] Consistency Items

[0024] (Equation 3)

[0025] In the formula, V t V is the current behavior feature vector. hist The historical behavior feature vector is the center of the terminal federated learning model.

[0026] Negative event items,

[0027] RiskEvents(t) = min(total deductions, 0.5) (Equation 4)

[0028] Each verifiable negative event deducts 0.1 points, and when there are no new negative events for 30 consecutive calendar days, the accumulated RiskEvents(t) decreases by 50%. The default values ​​of the weighting coefficients α, β, γ, and δ are α=0.3, β=0.3, γ=0.2, and δ=0.2, respectively. The weighting coefficients are dynamically optimized and adjusted by the AI ​​model based on the compliance policy set of the currently activated security domain and the user's historical behavior data. The optimization goal is to maximize the comprehensive score of data utility and privacy protection.

[0029] Furthermore, the aforementioned comprehensive five-data package recognition engine includes: a dynamic template library, pre-loaded with five-data package field mapping templates for at least 50 common document types, including hospital examination reports, bank statements, tax returns, insurance claims, real estate registration certificates, etc., supporting user-defined new templates uploaded to the dynamic template library after electronic signature; a deep learning semantic recognition model, based on a semantic segmentation network using a variant of Bidirectional Encoder Representation from Transformers (BERT), used for end-to-end sensitive information recognition and five-data package classification of non-template documents, outputting the probability distribution of each recognition field belonging to the individual data package, family data package, enterprise data package, social data package, or government data package; and a physical coordinate map, for open fixed-layout shared documents. For OFD (Official Document Format) and Portable Document Format (PDF) form documents, a pre-built physical coordinate mapping table of fields is constructed. The coordinate regions of sensitive information can be directly located through the document structure tree without the need for optical character recognition. The user feedback learning module records the classification results of sensitive fields manually marked or corrected by users, and uses the corrected data as training samples to periodically fine-tune the above deep learning semantic recognition model.

[0030] Furthermore, after the multi-party authorization is completed, the above-mentioned reverse hiding operation also performs the following steps: generating a multi-party conversion signature. The process of generating the multi-party conversion signature is as follows: using the private key of the currently active security domain to digitally sign the aggregated joint authorization certificate, document hash value, timestamp, and list of involved subject identifiers; embedding the above-mentioned multi-party conversion signature into the metadata area of ​​the cleaned document, so that any third-party verifier can verify that the cleaned document was indeed generated by the original document after being legally authorized by all the listed subjects by querying the public keys of each subject and the public key of the current security domain stored on the blockchain.

[0031] Furthermore, the aforementioned adaptive privacy protection and cross-domain authentication system based on multi-party authorization and full coverage of five data packets also includes a ground-to-ground integrated communication unit. This unit includes: a ground network status detection module, used to detect the signal strength and connection status of the 5G or 6G ground cellular network in real time; and a BeiDou short message channel switching module, which automatically switches the authentication signaling and encrypted five-data packet fragment data to the BeiDou short message channel for transmission when the continuous interruption time of the ground network reaches a preset threshold. The switching process requires passing through the Physical Unclonable Function of the aforementioned hardware security carrier. The BeiDou Short Message Service (BMS) module derives a key for signature verification; the challenge-response bidirectional authentication module performs challenge-response bidirectional authentication based on the SM9 identifier cryptography algorithm within the BMS channel. After successful authentication, a session key is derived for subsequent data transmission encryption; the dual hash chain fragmentation and reassembly module splits data exceeding the single-frame capacity limit of the BMS into multiple fragments. Each fragment is accompanied by the hash values ​​of the previous and next fragments, forming a bidirectional hash chain. The receiving end verifies the integrity and order of the fragments through the bidirectional hash chain, achieving reliable transmission of large-capacity data.

[0032] Furthermore, the aforementioned adaptive privacy protection and cross-domain authentication system based on multi-party authorization and full coverage of five data packages also includes an AI end-to-end anonymity decision-making unit. This AI end-to-end anonymity decision-making unit includes: a secondary desensitization subunit, which receives the cleaned document generated by the aforementioned reverse hiding operation, replaces the structured placeholders in the cleaned document with meaningless random codes, and uses a different and independent random mapping table for each document. This random mapping table is stored in encrypted form only in the trusted execution environment of the terminal device. The cloud-based AI decision-making unit can only receive the random codes, and the mutual information (MI) MI(structured placeholder; random code) = 0; an irreversible large token generation subunit, which applies a family of one-way hash functions to the random code sequence after secondary desensitization to generate an irreversible anonymous large token, satisfying the conditional entropy H(original sensitive information | anonymous large token) = H(original sensitive information); and a metadata stripping subunit, which strips all link metadata before transmitting the anonymous large token to the cloud. This link metadata includes the source IP address, timestamp, and device fingerprint, and simultaneously generates a one-time anonymous identifier (Anonymous). The Identifier (AID) introduces a temporal perturbation following an exponential distribution, with a mean delay of 2 seconds. A dual-path isolation subunit is used, where the uplink transmission path and downlink return path use physically isolated network channels. The uplink channel only allows anonymous large-term uploads, while the downlink channel only allows AI decision-making results to be pushed. A differential privacy noise injection subunit applies Reni differential privacy noise to the output layer of the AI ​​decision model, ensuring the output is sufficiently small to satisfy differential privacy (ε, δ), where ε ≤ 0.5 and δ ≤ 10. -5 In the result transfer unit, the AI ​​decision results are pushed to the result transfer platform. Users can actively retrieve the results with a one-time password or encrypted email. The platform immediately destroys all records at the physical level after the user retrieves the results.

[0033] The present invention also discloses an adaptive privacy protection and cross-domain authentication method based on multi-party authorization and full coverage of five data packages, including the following steps.

[0034] S1. The terminal obtains its real-time geographic location through a location awareness unit that is independent of the operating system.

[0035] S2. The above-mentioned policy activation unit activates the corresponding security domain in the hardware security carrier according to the above-mentioned real-time geographical location, and loads the compliance policy set stored in the security domain.

[0036] S3. Scan the electronic document to be processed, use the five-data-package full-coverage recognition engine to identify all sensitive information in the document, and classify each sensitive field into at least one of the following: individual data package, household data package, enterprise data package, social data package, or government data package.

[0037] S4. If the above electronic document contains sensitive information belonging to multiple different entities, then initiate a multi-party authorization collaboration process, send an authorization request to each entity identified in the document, collect the authorization signature fragments generated by each entity using its electronic signature, and use a multi-signature algorithm to aggregate all authorization signature fragments to generate a joint authorization certificate.

[0038] S5. The dynamic trust engine above calculates the current dynamic trust level Trust(t) for each subject, satisfying:

[0039] (Equation 1)

[0040] S6. Calculate the privacy protection level μ of the reverse hiding operation based on the above dynamic trust level Trust(t), satisfying:

[0041] (Equation 2)

[0042] S7. Perform reverse hiding operation: Using the privacy protection level μ as the parameter, replace all sensitive fields with structured placeholders, establish an encrypted mapping table, generate a multi-party conversion signature, and embed the multi-party conversion signature into the metadata area of ​​the cleaned document.

[0043] S8. Perform secondary desensitization on the cleaned documents: Replace structured placeholders with meaningless random codes to generate irreversible large tokens. After metadata stripping, temporal perturbation, dual-path isolation, and differential privacy noise injection, push the AI ​​decision results to the result transfer platform.

[0044] S9. Users can actively retrieve AI decision results from the above results transfer platform using a one-time password or encrypted email. The platform will physically destroy all records after the user retrieves the results.

[0045] The core advantage of this invention lies in its pioneering multi-party authorization collaboration unit and the adaptive privacy protection strength μ mathematical formula of reverse hiding operation.

[0046] (Equation 2)

[0047] This deep coupling enables, for the first time, one-click hiding of joint authorization across any number of entities and jurisdictions, fundamentally solving the fundamental flaw of existing technologies that can only protect the privacy of a single entity. Specifically, when an electronic document simultaneously includes sensitive information from individual data packages, family data packages, enterprise data packages, community data packages, and government data packages, the system can automatically identify all relevant entities. It collects electronic signatures from all parties through any of four modes: sequential authorization, parallel authorization, threshold authorization, or proxy authorization, aggregates and generates a joint authorization certificate, and calculates differentiated privacy protection strength μ for each entity based on the Trust(t) of each entity calculated in real time by the dynamic trust engine. This allows high-reputation entities to retain more data utility while low-reputation entities receive stronger privacy protection. Finally, all sensitive fields are replaced with structured placeholders with one click, generating a multi-party conversion signature that can be verified on the blockchain. The entire process, from document parsing, entity identification, multi-party authorization to adaptive hiding, is fully automated, filling the technological gap in multi-party collaborative processing in the existing privacy protection field.

[0048] The beneficial effects of this invention are as follows.

[0049] First, through the three-layer architecture of dynamic template library, deep learning semantic recognition model and physical coordinate map in the five-data package full-coverage recognition engine, it has for the first time achieved full-coverage automatic recognition of five types of organizational information: individual data packages, family data packages, enterprise data packages, community data packages and government data packages. It can process spreadsheets, bills and reports of any format, while existing technologies can only process single types of documents and require manual annotation.

[0050] Second, through the four authorization modes of sequential, parallel, threshold, and proxy supported by the multi-party authorization collaboration unit and BLS aggregate signature technology, it is the first time that electronic documents involving multiple subjects can hide all sensitive information with one click after obtaining joint authorization from all parties, and generate multi-party conversion signatures that can be verified on the blockchain, which completely solves the fundamental defect of existing technologies that can only protect the privacy of a single subject.

[0051] Third, through the quantified trust formula in the dynamic trust engine.

[0052] (Equation 1)

[0053] Formula for reverse privacy protection

[0054] (Equation 2)

[0055] The deep coupling enables the adaptive dynamic adjustment of privacy protection strength according to the subject's behavior and reputation. High-trust subjects retain more data utility while low-trust subjects receive stronger protection. Compared with the static de-identification schemes of existing technologies, it has significant advantages in flexibility and efficiency.

[0056] Fourth, through the collaboration of location awareness units and policy activation units independent of the operating system, the terminal can automatically activate the corresponding national security domain and load compliance policies within 1.5 seconds after entering the country, thereby achieving local compliance autonomy for global cross-domain business.

[0057] Fifth, by replacing structured placeholders with meaningless random codes with mutual information MI=0 through a two-level desensitization subunit, implementing dual-path physical isolation, Rényi Differential Privacy (RDP) noise injection, and a physical-level destruction mechanism after extracting the One-Time Password (OTP) from the result relay platform, a mathematically provable anonymization decision-making link from the terminal to the cloud is constructed, effectively preventing link metadata re-association attacks.

[0058] Sixth, through PUF signature confirmation switching, SM9 challenge response authentication, and dual hash chain fragmentation and reassembly technology in the integrated space-ground communication unit, hardware-level two-way authentication and reliable transmission of large-capacity data can still be achieved through BeiDou short messages even when the ground cellular network is completely interrupted, filling the gap in the existing authentication system in areas without network such as the ocean and polar regions.

[0059] Seventh, this invention features a unique three-layer progressive architecture: "classification tag anonymization → irreversible lexical encapsulation → direct AI reasoning." This breaks the technical bias that "AI processing sensitive data must rely on homomorphic encryption or multi-party secure computation," enabling large models to directly and accurately reason about anonymous data without requiring any privacy-preserving computation capabilities. Compared to existing technologies, this invention saves over 90% of computing power and over 90% of network resource consumption, with a decision accuracy loss of no more than 2%. Each layer in this three-layer architecture is not a simple combination of existing technologies; there is a significant synergistic effect between the layers. Attached Figure Description

[0060] To more clearly illustrate the technical solutions in an embodiment of the present invention or in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. The drawings described below are merely embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0061] Figure 1 This is a schematic diagram of an adaptive privacy protection and cross-domain authentication system based on multi-party authorization and full coverage of five data packages in one embodiment of the present invention.

[0062] Figure 2This is a flowchart of an adaptive privacy protection and cross-domain authentication method based on multi-party authorization and full coverage of five data packages in one embodiment of the present invention.

[0063] The reference numerals in the above figures are as follows:

[0064] 10 System

[0065] 100 Hardware Security Carrier

[0066] 101 data packets storage areas

[0067] 102 data package storage areas

[0068] 103 Enterprise Data Package Storage Area

[0069] 104 Community Data Package Storage Area

[0070] 105 Government Data Package Storage Area

[0071] 110 Security Domain

[0072] 200 position sensing units

[0073] 210 GNSS module

[0074] 220 Cellular Baseband Chip

[0075] 230 WLAN scanning module

[0076] 240 Trusted Time Sources

[0077] 300 strategy activation units

[0078] 400 Dynamic Trust Engine

[0079] 500-digit full-coverage recognition engine

[0080] 510 Dynamic Template Library

[0081] 520 Deep Learning Semantic Recognition Model

[0082] 530 Physical Coordinate Map

[0083] 540 User Feedback Learning Module

[0084] More than 600 authorized collaboration units

[0085] 700 Electronic Signature Two-Way Operation Unit

[0086] 710 Encrypted Mapping Table

[0087] 720 Structured placeholders

[0088] 730 Multi-party signature conversion

[0089] 800 Privacy Enhancement Processing Units

[0090] 900 signature units

[0091] 1000 Global Blockchain Distributed Ledgers Detailed Implementation

[0092] To better understand this invention, the following embodiments are provided in conjunction with the accompanying drawings. It should be understood that the embodiments of this invention are for illustrative purposes only and not for limiting the invention; the scope of protection of this invention is defined solely by the claims. The embodiments provided are merely preferred embodiments and are not intended to limit the invention in any way. Those skilled in the art can make changes, equivalent substitutions, or modifications based on the content of this invention, resulting in different implementation methods. However, any changes and modifications, or equivalent substitutions, made to the method of this invention without departing from the inventive concept are within the scope of protection of this invention.

[0093] It should be noted that the following detailed descriptions are exemplary and intended to provide further illustration of the invention. Unless otherwise specified, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.

[0094] It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of exemplary embodiments according to the invention. As used herein, the singular form is intended to include the plural form as well, unless the context clearly indicates otherwise. Furthermore, it should be understood that when the terms “comprising” and / or “including” are used in this specification, they indicate the presence of features, steps, operations, and / or combinations thereof.

[0095] First, please refer to Figure 1 . Figure 1 This is a schematic diagram of an adaptive privacy protection and cross-domain authentication system 10 based on multi-party authorization and full coverage of five data packets, according to an embodiment of the present invention. Figure 1As shown, an adaptive privacy protection and cross-domain authentication system 10 based on multi-party authorization and full coverage of five data packages includes: a hardware security carrier 100, which is internally divided into multiple security domains 110, each security domain 110 corresponding to a country or region. Each security domain 110 further includes a public-private key pair storage area for storing the private key unique to that country or region, and a compliance policy set storage area for storing a compliance policy set that converts the laws and regulations of that country or region into executable technical parameters; and a location awareness unit 200 independent of the terminal device operating system, which reads the raw signal from the Global Navigation Satellite System (GNSS) module 210, the Mobile Country Code (MCC) and Cell ID from the cellular baseband chip 220, or passively scans the Basic Service Set (BSS) identifier of a wireless LAN hotspot through a wireless LAN scanning module 230. The location awareness unit 200 obtains the real-time geographic location by comparing the Identifier (BSSID) with a local hotspot location database using at least one of these three methods. Meanwhile, the location awareness unit 200 includes a trusted time source 240 to obtain an immutable timestamp to prevent replay attacks. A policy activation unit 300 receives the real-time geographic location output by the location awareness unit 200, automatically activates the security domain 110 corresponding to the geographic location in the hardware security carrier 100, and loads the compliance policy set from the compliance policy set storage area of ​​the security domain 110.

[0096] A dynamic trust engine 400 reads historical behavioral data from the data storage layer corresponding to each subject in the data storage area 101, household data storage area 102, enterprise data storage area 103, social data storage area 104, and government data storage area 105, and then processes the data according to the formula...

[0097] (Equation 1)

[0098] Calculate and update the dynamic trust level Trust for each subject, where α+β+γ+δ=1 and the weighting coefficients are dynamically optimized by the AI ​​model;

[0099] A five-data-package full-coverage recognition engine 500 integrates a dynamic template library 510 with pre-built field mapping templates for at least 50 common document types, a deep learning semantic recognition model 520 based on a BERT variant semantic segmentation network, a physical coordinate map 530 with pre-built field physical coordinate mapping tables for OFD and PDF form documents, and a user feedback learning module 540 that records user-manually labeled results and periodically fine-tunes the deep learning model. This five-data-package full-coverage recognition engine 500 is used to scan electronic documents and classify each sensitive field into a data package storage area 101 and a family data package storage area 1. 02. The five data package types corresponding to Enterprise Data Package Storage Area 103, Social Data Package Storage Area 104, or Government Data Package Storage Area 105; A multi-party authorization collaboration unit 600, which, when the five data package full-coverage recognition engine 500 identifies that the electronic document includes sensitive information belonging to multiple different subjects, sends an authorization request to each relevant subject, collects the authorization signature fragments generated by each subject using its electronic signature, and uses at least one of the BLS aggregation signature algorithm or threshold signature algorithm to aggregate all authorization signature fragments into a joint authorization credential, and supports at least one of the four modes of sequential authorization, parallel authorization, threshold authorization, and proxy authorization;

[0100] An electronic signature bidirectional operation unit 700 operates within the security domain 110 currently activated by the policy activation unit 300. It uses the public and private keys of security domain 110 to perform a forward fill operation on the electronic signature private key in the storage area, retrieving information from each of the five data packet storage areas to automatically fill in the form. Alternatively, it performs a reverse hiding operation, replacing sensitive fields with structured placeholders 720 and establishing an encrypted mapping table 710. During the reverse hiding operation, it calls the joint authorization credential generated by the multi-party authorization collaboration unit 600 to support multi-party joint authorization. The privacy protection level μ of the reverse hiding operation is determined according to...

[0101] (Equation 2)

[0102] Calculate, where, With the baseline intensity as θ and the sensitivity adjustment coefficient as θ≥0, when the data to be processed is marked as a legally defined high-sensitivity data type, μ is forced to be μ. max ;

[0103] A privacy enhancement processing unit 800 performs Gaussian blurring on the face region in a dynamic video, with the blur kernel size positively correlated with the privacy protection strength μ. Simultaneously, the noise amplitude injected via differential privacy is positively correlated with μ, while the differential privacy budget ε is negatively correlated with μ, satisfying ε = ε max / μ; A signature unit 900 uses the public and private keys of the currently active security domain 110 to digitally sign the output of the electronic signature bidirectional operation unit 700 with the private key in the storage area, and uploads the signature result and operation log together to the global blockchain distributed ledger 1000 for post-event verification.

[0104] It is worth noting that, in one embodiment of the present invention, before performing the reverse hiding operation, the above-mentioned electronic signature two-way operation unit 700 first reads the dynamic trust level Trust of the current subject from the dynamic trust engine 400. This Trust value is a floating-point number between 0 and 1. Then, the privacy strength calculation module in the electronic signature two-way operation unit 700 calculates the value according to the formula...

[0105] (Equation 2)

[0106] Calculate the final level of privacy protection μ, where μ base The baseline privacy protection strength pre-configured in the compliance policy set storage area of ​​the currently activated security domain 110 is defined by θ, which is a sensitivity adjustment coefficient dynamically set by the policy activation unit 300 according to the stringency of the laws and regulations of the current security domain 110, and θ ≥ 0. For example, θ is 2.0 in the EU security domain, while it is 0.5 in some Southeast Asian security domains.

[0107] After calculating μ, the electronic signature two-way operation unit 700 transmits the μ value to the structured placeholder generation module to control the granularity of placeholder replacement, and to the privacy enhancement processing unit 800 to control the video blur intensity. Simultaneously, the electronic signature two-way operation unit 700 calls the blacklist of legally sensitive data types marked in the compliance policy set storage area, comparing each sensitive field to be processed against the blacklist one by one. If the data type of any sensitive field matches a legally sensitive data type in the blacklist, including but not limited to biometric identification information, medical and health data, personal information of minors under the age of fourteen, and racial or ethnic origin data, the electronic signature two-way operation unit 700 forcibly sets the privacy protection level μ to μ. max , where μ max The maximum permissible privacy protection strength specified for the current security domain 110 compliance policy set storage area and μ max ≥μ base •(1+(1-0)×θ)=μ base •(1+θ), that is, when Trust=0, the calculated value of μ is less than or equal to μ. max .

[0108] For dynamic video processing, when the privacy enhancement processing unit 800 receives the μ value and performs Gaussian blur, the blur kernel size is calculated according to the formula: blur kernel diameter = blur kernel base number × μ. The default blur kernel base number is 5 pixels. When μ = 1.0, the blur kernel diameter is 5 pixels, resulting in slight blurring; when μ = 3.0, the blur kernel diameter is 15 pixels, resulting in severe blurring. For differential privacy injection, after receiving the μ value, the privacy enhancement processing unit 800 calculates the blur kernel size according to the formula: noise amplitude σ = σ base •μ calculates the standard deviation of Laplace noise or Gaussian noise, where σ base The reference noise amplitude is calculated according to the differential privacy budget ε=ε max / μ calculates the currently available privacy budget. As μ increases, the noise amplitude increases, while the privacy budget decreases, meaning privacy protection is enhanced; when μ=1.0, ε=ε max When μ=3.0, ε=ε max / 3. If the data to be processed involves multiple modalities, such as an electronic medical record that includes both structured text and patient facial video, then the μ used by the electronic signature bidirectional operation unit 700 for text desensitization, the μ used by the privacy enhancement processing unit 800 for video blurring, and the μ used for differential privacy injection all use the same μ value calculated by the formula. Furthermore, when any modality hits a legally defined highly sensitive data type, all modalities are forcibly switched to μ=μ max To ensure the highest level of protection across all modalities. Throughout the calculation and execution process, the dynamic trust engine 400 asynchronously updates the Trust value every time it receives a new behavioral event, and the electronic signature bidirectional operation unit 700 reads the latest Trust value in real time and recalculates μ each time it performs a reverse hiding operation, thereby ensuring that the level of privacy protection is adaptively adjusted in real time according to the dynamic changes in the user's behavioral reputation.

[0109] After the aforementioned electronic signature two-way operation unit 700 completes the reverse hiding operation, it outputs a cleaned document. In this cleaned document, all sensitive fields have been replaced with structured placeholders 720. The format of the structured placeholder 720 is a five-number package type label and field name enclosed in double curly braces. For example, "Number Package: Name" or "Enterprise Package: Unified Social Credit Code". In this case, the structured placeholder 720 still carries clear field type semantic information.

[0110] Before uploading the cleaned document to the cloud AI decision unit, the system calls a secondary desensitization module deployed inside the terminal hardware security carrier 100. This secondary desensitization module first randomly generates a 128-bit document unique identifier DOC_ID for the current document. Then, using DOC_ID as a seed, it calls the cryptographically secure pseudo-random number generator CSPRNG to generate a random mapping table. The data structure of the random mapping table is a set of key-value pairs, where each key is a string of the original structured placeholder 720, such as "number package: name". Each value is a fixed-length meaningless random code, such as field_a1b2c3d4e5f6g7. The random code consists of a mixture of uppercase and lowercase letters and numbers and has a fixed length of 16 characters. The number of all key-value pairs in the random mapping table is equal to the total number of structured placeholders 720 in the cleaned document.

[0111] The secondary desensitization module traverses and cleans the entire document, replacing each structured placeholder 720 with a meaningless random code according to the corresponding mapping relationship in the random mapping table. After the replacement, all semantic information of the original structured placeholder 720 disappears. When the cloud AI decision unit receives the replaced document, it can only see a meaningless string like field_a1b2c3d4e5f6g7 and cannot infer from it whether the field originally belonged to the quantity package, the enterprise package, or any other five-number package type.

[0112] The random mapping table itself is encrypted using the user's public key stored internally in the terminal hardware security carrier 100. This ciphertext mapping table is stored together with the replaced document, but they are physically separate. The ciphertext mapping table is stored in the secure file system inside the hardware security carrier 100, while the replaced document is stored in the terminal's ordinary storage area. Each document uses a completely different and independently generated random mapping table. That is, in the random mapping table of document DOC_ID_001, "count packet: name" is mapped to field_a1b2c3; in the random mapping table of document DOC_ID_002, "count packet: name" is mapped to field_x9y8z7. Structured placeholders with the same semantics between the two documents are mapped to completely different random codes, and the mapping relationships are independent and cannot be derived from each other.

[0113] After the cloud-based AI decision-making unit completes the reasoning and returns the result to the terminal, if the terminal needs to restore the cleaned document from the secondary desensitized document or further restore the original sensitive information, it must first use the user's private key inside the hardware security carrier 100 to decrypt the ciphertext mapping table to obtain the plaintext of the random mapping table. Then, according to the random mapping table, the meaningless random code is replaced with the structured placeholder 720. Finally, the encrypted mapping table 710 is called to replace the structured placeholder 720 with the original sensitive information.

[0114] Throughout the entire secondary desensitization process, the mutual information (MI) between the original structured placeholder 720 and the meaningless random code is strictly zero. This is because the random mapping table is generated entirely by CSPRNG and is independent for each document. Given any meaningless random code, without a corresponding random mapping table, it is impossible to determine the semantic content of its original structured placeholder 720 with a probability higher than random guessing.

[0115] The four authorization modes and specific implementation methods of multi-signature aggregation supported by the above-mentioned multi-party authorization collaboration unit 600 are as follows.

[0116] After the Five-Data Package Full Coverage Recognition Engine 500 scans an electronic document, it identifies sensitive information belonging to three different subjects. For example, an electronic medical record may contain information belonging to the patient Li (in the Individual Data Package Storage Area 101), the attending physician Wang (in the Individual Data Package Storage Area 101), and a tertiary hospital (in the Enterprise Data Package Storage Area 103). The Multi-Party Authorization Collaboration Unit 600 first parses the subject identifier list output by the Five-Data Package Full Coverage Recognition Engine 500 and determines that the number of subjects included in the document is greater than 1. Then, based on the pre-configured authorization mode parameters in the currently activated security domain 110 compliance policy set storage area, it selects to execute at least one of the four authorization modes.

[0117] In sequential authorization mode, the multi-party authorization collaboration unit 600 follows a preset priority order of subjects in the compliance policy set, such as patients having the highest priority, doctors the next, and hospitals the lowest. First, it sends an authorization request to patient Li's terminal device with a timeout of 60 seconds. After patient Li verifies their identity via facial recognition, they use their electronic signature private key to sign the document's hash value, generating a first authorization signature fragment, which is then returned to the multi-party authorization collaboration unit 600. After verifying the validity of the first authorization signature fragment, the multi-party authorization collaboration unit 600 sends an authorization request to the attending physician Wang. After Wang verifies their identity via fingerprint, a second authorization signature fragment is generated and returned. Finally, an authorization request is sent to the hospital management terminal, which automatically signs the request, generating a third authorization signature fragment, which is then returned.

[0118] In parallel authorization mode, the multi-party authorization collaboration unit 600 simultaneously sends authorization requests to three entities: patient Li, attending physician Wang, and the hospital management terminal. Simultaneously, three concurrent timeout timers are started, each with a timeout period of 30 seconds. Regardless of which entity returns a signature fragment first, it is received in real time and temporarily stored in a temporary signature buffer. Collection ends once all signature fragments from the three entities have been collected or the timeout period has elapsed.

[0119] In threshold authorization mode, the multi-party authorization collaboration unit 600 first reads the preset authorization threshold ratio T=2 / 3 from the compliance policy set storage area, and then sends authorization requests to the three entities respectively. During the collection process, as long as the number of entities that have completed electronic signature authorization reaches or exceeds ceil(3×2 / 3)=2, that is, after any two entities return valid signature fragments, the multi-party authorization collaboration unit 600 determines that the authorization conditions are met, without waiting for the signature of the third entity. This mode is suitable for scenarios involving jointly owned family property such as household utility bills. When there are four adult family members, the preset threshold T=0.75, that is, hiding can be performed as long as any three of the four agree.

[0120] In the proxy authorization mode, the multi-party authorization collaboration unit 600 first calls the pre-stored proxy relationship binding information in the household data package storage area 102 or the government data package storage area 105, such as the proxy binding relationship between minor Zhang and his legal guardian Li. When the five-data-package full-coverage recognition engine 500 identifies that the document contains sensitive information about minor Zhang, but Zhang does not have independent electronic signature capabilities, the multi-party authorization collaboration unit 600 automatically sends the authorization request to the terminal device of his legal guardian Li based on the proxy binding information. Li uses his own electronic signature to complete the authorization signature on behalf of Zhang, with an additional proxy identifier field attached to the signature fragment to prove that the authorization is by proxy and not by the person himself.

[0121] After the multi-party authorization collaboration unit 600 collects all the necessary authorized signature fragments, it calls the multi-signature module. If this module uses the BLS aggregation signature algorithm, it takes the collected signature fragments as input, performs BLS aggregation operations, and generates a fixed-length aggregation signature, i.e., a joint authorization certificate. The length of this joint authorization certificate is the same as that of a single signature fragment, thus achieving signature compression. If the threshold signature algorithm is used, it first constructs a threshold tn, where n is the total number of signers and t is the minimum threshold number of signatures. Each signer uses its own private key to generate a signature share. After the multi-party authorization collaboration unit 600 collects at least t signature shares, it can recover the complete threshold signature as the joint authorization certificate.

[0122] After the joint authorization credential is generated, the multi-party authorization collaboration unit 600 transmits it, along with the document hash value, timestamp, and a list of all participating entity identifiers, to the electronic signature bidirectional operation unit 700 and the signature unit 900. The electronic signature bidirectional operation unit 700 performs subsequent reverse hiding operations based on the joint authorization credential, and the signature unit 900 uses the private key of the currently active security domain 110 to finally sign the entire authorization process. The joint authorization credential is ultimately stored along with the cleaned document or uploaded to the blockchain for verification of the authorization's legality afterward.

[0123] It is worth noting that the aforementioned dynamic trust engine 400 is deployed within the trusted execution environment inside the hardware security carrier 100. Each time it receives an event involving subject behavior, such as successful electronic signature verification, execution of reverse hiding operations, document upload, or audit record, the dynamic trust engine 400 reads the subject's historical behavior data and executes it according to the formula...

[0124] (Equation 1)

[0125] Recalculate the trust level.

[0126] In the formula, the timeliness term The specific quantification method is as follows: Δt records the time interval from the last trusted action in hours, and λ is the decay coefficient, with a default value of 0.1 / 24, meaning the decay exponent is 0.1 every 24 hours. When Δt = 0, i.e., the current action and the last trusted action occur within the same hour, Recency(t) = 1; when Δt = 24 hours, i.e., a one-day interval, Recency(t) = e -0.1 ≈0.9048; When Δt = 168 hours, i.e., a week's interval, Recency(t) = e -0.7 ≈0.4966; when Δt≤0, Recency(t) is forced to take the value of 1.

[0127] The specific quantification method of the authority item Authority(t) is as follows: The dynamic trust engine 400 extracts the root CA identifier from the digital certificate chain associated with the current event. When the root CA is a national CA, such as the Electronic Authentication Service CA of the Ministry of Industry and Information Technology of the People's Republic of China, Authority(t) = 1.0; when the root CA is a financial institution CA, such as China UnionPay or Visa, Authority(t) = 0.9; when the root CA is a general commercial CA, such as DigiCert or GlobalSign, Authority(t) = 0.5; when the event has no CA authentication source or only uses a self-signed certificate, Authority(t) = 0.1.

[0128] The specific quantification method for the consistency term Consistency(t) is as follows: The dynamic trust engine 400 maintains a behavioral feature vector space for each subject. This space includes N=128 dimensions covering operation types, including document viewing frequency, authorization request response time, geographical location migration pattern, and operation time period distribution. Current behavioral feature vector v t By collecting N-dimensional features of this event in real time, a historical behavior feature vector v is generated. hist The average value of the sliding window is stored through the terminal federated learning model.

[0129] (Equation 3)

[0130] The cosine similarity between the two is calculated. The cosine similarity is 1 when the current behavior and the historical behavior pattern are completely identical; it is 0 when they are completely orthogonal; and it is -1 when they are inversely related. The Dynamic Trust Engine 400 truncates negative values ​​to 0.

[0131] The specific quantification method for the negative event item RiskEvents(t) is as follows: The dynamic trust engine 400 maintains a negative event queue. Each time a verifiable negative event occurs, such as an electronic signature being reported for misuse, an authorized operation being audited and deemed a violation, or a device's security status being detected as abnormal, a record is added to the queue and 0.1 points are deducted. There is no lower limit to the total cumulative deduction, but the final RiskEvents(t) = minus the total cumulative deduction of 0.5, meaning a maximum deduction of 0.5 points. When there are no new negative events for 30 consecutive calendar days, the dynamic trust engine 400 multiplies the current RiskEvents(t) value by 0.5, i.e., it decays by 50%. For example, if the original cumulative deduction was 0.4 points, after 30 days without new events, it decays to 0.2 points, and after another 30 days without new events, it decays to 0.1 points, and so on, until it approaches 0.

[0132] The default values ​​for the weighting coefficients α, β, γ, and δ are α=0.3, β=0.3, γ=0.2, and δ=0.2, respectively. The Dynamic Trust Engine 400 embeds a coefficient optimization AI model. This AI model optimizes the coefficients based on the incidence rate of privacy breaches and the rate of data utility loss in historical data. Under the constraints of the currently active security domain 110 compliance policy set storage area, it performs coefficient re-optimization every 7 days. For example, under the GDPR compliance policy set, the AI ​​model might increase the weight of the β authority item from 0.3 to 0.5 to emphasize the legitimacy of the data source; while under the internal enterprise compliance policy set, it might increase the weight of the δ negative event item from 0.2 to 0.35 to emphasize risk control.

[0133] After each trust level calculation is completed, the dynamic trust engine 400 writes the new Trust(t) value into the trust level storage area of ​​the subject in the hardware security carrier 100. At the same time, it takes a snapshot of all the parameters used in this calculation, signs it, and uploads it to the global blockchain distributed ledger 1000 for subsequent auditing to verify the integrity of the calculation process and whether it has been tampered with.

[0134] The aforementioned five-data-package full-coverage recognition engine 500 is deployed at the junction of the hardware security carrier 100 and the terminal trusted execution environment. It receives electronic document input externally and connects internally to the data package storage area 101, the household data package storage area 102, the enterprise data package storage area 103, the social data package storage area 104, and the government data package storage area 105.

[0135] When an electronic document is specified by the user to require reverse hiding, the Five-Data Package Full-Coverage Recognition Engine 500 first calls its internal dynamic template library 510. The dynamic template library 510 pre-sets at least 50 Five-Data Package field mapping templates for common document types, including hospital examination report templates (where "patient name" is mapped to the data package, "attending physician" is mapped to the data package, and "hospital name" is mapped to the enterprise data package), bank statement templates (where "account holder" is mapped to the data package, "bank" is mapped to the enterprise data package, and "home address" is mapped to the household data package), tax return templates (where "taxpayer identification number" is mapped to the data package, "family member information" is mapped to the household data package, and "unified corporate credit code" is mapped to the enterprise data package), insurance claim form templates, and real estate registration certificate templates.

[0136] The dynamic template library 510 also supports user-defined new templates. Users can manually annotate each sensitive field in a sample document through the interface of the electronic signature two-way operation unit 700 and specify the five-digit package type to which each field belongs. The system compiles the annotation result into a new template, signs it with the electronic signature private key, and uploads it to the dynamic template library 510 for reuse in subsequent similar documents.

[0137] If no matching template is found for the current document type in the dynamic template library 510, the five-data-package full-coverage recognition engine 500 calls the deep learning semantic recognition model 520. This model is based on a semantic segmentation network architecture of a BERT variant. The input is a text sequence of the entire document, and the output is the probability distribution of each token belonging to the quantity package, family package, enterprise package, social package, government package, or non-sensitive field. For example, for the text paragraph "Patient Zhang San, attending physician Li Si, visited Peking Union Medical College Hospital", the model outputs that the probability of "Zhang San" belonging to the quantity package is 0.94, the probability of "Li Si" belonging to the quantity package is 0.91, and the probability of "Peking Union Medical College Hospital" belonging to the enterprise package is 0.96.

[0138] If the current document is a fixed-format OFD document or a PDF form document, the Five-Data Package Full-Coverage Recognition Engine 500 calls the Physical Coordinate Map 530. The Physical Coordinate Map 530 pre-builds a JavaScript Object Notation (JSON) format coordinate mapping file for each standard form. For example, in a certain version of a PDF tax return, the top-left corner coordinates of the "Name" text box (120, 350), width 60, height 15, are directly mapped to the "Quantity" data package; the coordinate range of the "Family Member Name" text box (120, 450) to (300, 465) is directly mapped to the "Family" data package; and the coordinates of the "Company Name" text box (120, 550) are mapped to the "Company" data package. The Five-Data Package Full-Coverage Recognition Engine 500 reads the physical coordinates of each form field by parsing the document structure tree and looks up the corresponding Five-Data Package type in the Physical Coordinate Map 530. The entire process does not require optical character recognition, and the processing speed is more than 10 times faster than optical character recognition (OCR).

[0139] The Five Data Package Full Coverage Recognition Engine 500 also includes a user feedback learning module 540. When users discover incorrect automatic recognition results, such as the deep learning semantic recognition model 520 misclassifying "community residents' committee" as an enterprise data package when it should actually be a social data package, the user can manually correct the classification through the interface. The user feedback learning module 540 records the original document fragment, model output, and user-corrected result triplet. After accumulating 1000 correction records, a fine-tuning training is triggered. The corrected data is used to incrementally fine-tune the BERT variant network of the deep learning semantic recognition model 520. The fine-tuned model parameters are distributed to various terminals through federated learning, allowing the recognition accuracy of the Five Data Package Full Coverage Recognition Engine 500 to gradually improve with user usage.

[0140] After the Five-Data Package Full Coverage Recognition Engine 500 completes the recognition, it outputs each sensitive field and its corresponding Five-Data Package type as a structured list, which is then passed to the Multi-Party Authorization Collaboration Unit 600 for subsequent subject recognition and authorization processes.

[0141] It is worth noting that the specific implementation of the above-mentioned reverse hiding operation to generate the multi-party conversion signature 730 after the multi-party authorization is completed is as follows: After the electronic signature bidirectional operation unit 700 performs the reverse hiding operation to replace all sensitive fields with structured placeholders 720 and establishes an encrypted mapping table 710, it calls the signature unit 900 to generate the multi-party conversion signature 730.

[0142] The generation process of the multi-party signature 730 first involves the signature unit 900 receiving the joint authorization credential 610 from the multi-party authorization coordination unit 600, receiving the hash value Hash_original of the original document from the five-digit package full-coverage recognition engine 500, and obtaining the current Coordinated Universal Time (UTC) from the trusted time source 240. The signature unit 900 assembles the four elements—the joint authorization credential 610, the original document hash value Hash_original, the timestamp, and the subject identifier list SubjectList—into a data block to be signed according to the tag-length-value (TLV) format. The construction rule of this data block is as follows: the first field is the tag 0x01 of the joint authorization credential 610 followed by its length and then its value; the second field is the tag 0x02 of the original document hash value Hash_original followed by its length and then its value; the third field is the tag 0x03 of the timestamp followed by its length and then its value; and the fourth field is the tag 0x04 of the subject identifier list SubjectList followed by its length and then its value. The four fields are concatenated in sequence to form a complete data block to be signed.

[0143] The signing unit 900 then reads the private key SK_domain corresponding to the currently active security domain 110 from the public-private key pair storage area, and uses the SM2 elliptic curve public-key cryptography algorithm or the Elliptic Curve Digital Signature Algorithm (ECDSA) to digitally sign the data block to be signed, generating the raw signature value RawSignature. The signing unit 900 encapsulates the raw signature value RawSignature together with the four elements in the data block to be signed into a multi-party conversion signature 730 data structure. This data structure adopts the DER encoding format in the ASN.1 standard and includes a SEQUENCE type, which includes five elements: the joint authorization credential, the original document hash value Hash_original, the timestamp, the subject identifier list SubjectList, and the raw signature value RawSignature.

[0144] After the multi-party conversion signature 730 is generated, the electronic signature bidirectional operation unit 700 embeds it into the metadata area of ​​the cleaned document. For PDF format documents, it is embedded in the / Catalog / Names / Sig dictionary; for OFD format documents, it is embedded in a custom extended metadata node; and for ordinary JSON format documents, it is embedded in the top-level field "multi_party_convert_signature".

[0145] When a third-party verifier needs to verify whether a cleaned document was indeed generated from the original document after being legally authorized by all listed entities, the verifier first extracts the multi-party transformed signature 730 from the cleaned document's metadata area and parses out the joint authorization credential, the original document hash value Hash_original, the subject identifier list SubjectList, and the original signature value RawSignature. The verifier then queries the global blockchain distributed ledger 1000 to obtain the public key PK_domain corresponding to the current security domain 110 and uses it to verify whether the original signature value RawSignature matches the data to be signed. Simultaneously, the verifier queries the global blockchain distributed ledger 1000 for the public key PK_subject_i of each entity in the subject identifier list SubjectList and uses these public keys to verify whether the joint authorization credential was indeed aggregated from the signatures of all listed entities. After both verifications pass, the verifier recalculates the hash value of the cleaned document and compares it with the original document hash value Hash_original. If the hash value of the cleaned document is different from Hash_original, it means that the document content has been hidden, but the hash value of the original document remains unchanged. This proves that the cleaned document is indeed a legitimate transformation product of the original document after authorization from multiple parties, rather than an unauthorized alteration.

[0146] The entire process of generating and verifying the multi-party conversion signature 730 ensures the complete traceability of the authorization chain. No single party can forge the multi-party conversion signature 730 alone, because it is necessary to obtain the authorization signature fragments of all subjects and the private key of the current security domain 110 at the same time.

[0147] The aforementioned adaptive privacy protection and cross-domain authentication system 10, which is based on multi-party authorization and full coverage of five data packages, integrates a space-ground integrated communication unit within the hardware security carrier 100. This unit includes four sub-modules: a ground network status detection module, a BeiDou short message channel switching module, a challenge-response two-way authentication module, and a dual hash chain fragmentation and reassembly module.

[0148] The ground network status detection module monitors the signal strength (Reference Signal Receive Power, RSRP) and connection status of the 5G or 6G terrestrial cellular network once per second. When the RSRP value continuously falls below -120dBm and the Transmission Control Protocol (TCP) connection timeout occurs three times, the continuous interruption time of the ground network is determined to have reached a preset threshold of 30 seconds. Upon reaching the threshold, the BeiDou short message channel switching module is automatically activated. The switching process begins with the Physically Unclonable Function (PUF) module within the hardware security carrier 100 deriving an unclonable device private key SK_puf based on the inherent random physical characteristics of the chip manufacturing process. SK_puf is used to generate a signature (Sign_handover) for the switching command. Then, Sign_handover and the switching command are encapsulated together as a switching request and sent to the ground authentication center via the BeiDou short message channel. The ground authentication center verifies the signature validity using the pre-registered device PUF public key and returns a confirmation message, completing the hardware-level signature confirmation for channel switching. After the channel switch is completed, the challenge-response two-way authentication module performs two-way authentication based on the SM9 identifier cryptography algorithm within the BeiDou short message channel. The authentication initiating terminal sends a terminal identifier (ID_terminal) and a random number (Nonce) to the authentication responding ground center. c Upon receiving a challenge message, the ground center uses its SM9 master private key to generate a signature on the challenge message and returns a response message, including the signature value Sign_sm9 and the ground center identifier ID_center. After receiving the response message, the terminal verifies the signature's validity using its SM9 master public key, and simultaneously, the ground center returns a new random number, Nonce, to the terminal. s This poses a challenge to the terminal.

[0149] The terminal uses SK_puf for Nonce s After signing and returning, a session key is generated between the two parties once the ground center verifies the signature.

[0150] (Equation 5)

[0151] This session key is used for symmetric encryption of all subsequent data transmissions within the BeiDou short message channel using the SM4 block cipher algorithm.

[0152] After two-way authentication is completed, if the data to be transmitted is a five-packet fragment or authentication signaling and the total data length exceeds the single-frame capacity limit of 560 bytes for BeiDou short messages, the dual-hash chain fragmentation and reassembly module is invoked to perform fragmented transmission. The sending end splits the original data Data into N fragments Data1, Data2, ... NEach shard is no longer than 500 bytes to reserve 60 bytes for hash chain overhead, and a forward hash value is calculated for each shard.

[0153] (Equation 6)

[0154] and backward hash value

[0155] (Equation 7)

[0156] In the formula, the backward hash value of the first fragment is set to all 0, and the forward hash value of the last fragment is set to all 0. Each fragment is accompanied by its fragment number i, forward hash value, and backward hash value to form a bidirectional hash chain fragment. The sending end encrypts each bidirectional hash chain fragment using SK_session and sends them one by one through the Beidou short message channel.

[0157] After receiving the fragments, the receiving end first decrypts them using SK_session, and then verifies the integrity of the doubly hashed chain of each fragment, i.e., verifies... Is it equal to the received H? forward_i as well as Is it equal to the received H? backward_i Simultaneously verify the continuity of the hash chain between adjacent shards, i.e., Data i With Data i+1 The combined hash value must be consistent with H forward_i and H backward_i+1 Consistent.

[0158] After all verifications are successful, the receiving end reassembles the data according to the fragment sequence number to restore the complete original data. If a fragment is found to be lost or verification fails, the receiving end requests the sending end to retransmit the fragment with the specific sequence number through the BeiDou short message channel.

[0159] The entire space-ground integrated communication unit ensures that even in extreme environments such as oceans, polar regions, deserts, and underground spaces where terrestrial cellular networks are completely unavailable, the terminal can still complete hardware-level two-way authentication through the BeiDou short message channel and achieve reliable transmission of large amounts of data. The authentication delay is controlled within 3 seconds, and the dual hash chain fragmentation and reassembly technology achieves a data reassembly success rate of over 99.2% with a 10% packet loss rate.

[0160] It is worth noting that, in one embodiment of the present invention, after the above-mentioned adaptive privacy protection and cross-domain authentication system 10 based on multi-party authorization and full coverage of five data packages completes the reverse hiding operation and generates multi-party conversion signature 730 in the electronic signature bidirectional operation unit 700, it calls the AI ​​full-link anonymity decision unit. This unit is deployed between the terminal hardware security carrier 100 and the cloud AI inference service and is composed of six sub-units connected in series: a secondary desensitization sub-unit, an irreversible large word generation sub-unit, a metadata stripping sub-unit, a dual-path isolation sub-unit, a differential privacy noise injection sub-unit, and a result rotor unit.

[0161] The secondary desensitization subunit first receives the cleaned document, traverses the entire document, and replaces each structured placeholder 720 with a meaningless random code. For example, "number package: name" is replaced with "field_a1b2c3d4e5f6g7", and "enterprise data package: unified social credit code" is replaced with "field_h8i9j0k1l2m3n4o5". Each document uses an independently generated random mapping table, and the encrypted mapping table is stored inside the hardware security carrier 100. This ensures that the cloud AI decision unit can only see the meaningless random code and cannot infer the original field type. The mutual information MI (structured placeholder; random code) is strictly 0.

[0162] The irreversible large term generation subunit applies a family of SHA-3 one-way hash functions to the secondary desensitized random encoding sequence, compressing the entire document's random encoding sequence into a fixed-length 512-bit irreversible large term that satisfies conditional entropy.

[0163] H(Original Sensitive Information | Irreversible Large Term) = H(Original Sensitive Information) (Equation 8)

[0164] That is, no original sensitive information can be deduced from the tokens; before transmitting irreversible large tokens to the cloud, the metadata stripping subunit strips all link metadata, including source IP address, MAC address, device serial number, operating system version, and original timestamp, and generates a one-time anonymous identifier AID. This AID is generated by the random number generator inside the hardware security carrier 100 and is only valid for one use.

[0165] The metadata stripping subunit also introduces a time-series perturbation to the request time that follows an exponential distribution. The rate parameter λ_noise of the exponential distribution is 0.5, meaning that the perturbation delay has an average of 2 seconds. This makes it impossible for the cloud to associate multiple requests from the same user through the statistical characteristics of the request arrival time.

[0166] The dual-path isolation subunit establishes two physically isolated network channels. The uplink channel is a covert channel allowing only unidirectional transmission using User Datagram Protocol (UDP) with a randomized source port. This channel is used only for transmitting irreversible large words and one-time anonymous identifiers (AIDs). The downlink channel is an independent Hypertext Transfer Security Protocol (HTTPS) channel, used only for receiving AI decision results. The two channels use different network interface cards supported by the device, achieving physical isolation between uplink and downlink to prevent side-channel attacks during data return. The differential privacy noise injection subunit is deployed at the output layer of the cloud-based AI decision model. After the AI ​​model completes inference on irreversible large words and obtains the original output result, this subunit adds random noise Lap(0, Δf / ε) following a Laplace distribution to the output result, where Δf is the sensitivity of the decision function with a value of 1.0, and ε is the differential privacy budget with a value of 0.3. The output result after adding noise satisfies ε,δ, i.e., differential privacy, where δ is 10. -5 .

[0167] After receiving the noisy AI decision results, the rotor unit does not return them directly to the terminal. Instead, it pushes them to a separately deployed result relay platform. This platform generates a one-time password (OTP) for each query. This OTP is sent to the user terminal out-of-band, such as via encrypted SMS or end-to-end encrypted messaging. The user terminal then actively retrieves the AI ​​decision results from the result relay platform using the OTP. Within 30 seconds of successful result retrieval, the platform performs physical-level destruction operations, including memory zeroing, disk sector overwriting, and file index deletion, ensuring that no historical records are stored on the result relay platform.

[0168] The entire AI-powered end-to-end anonymous decision-making unit ensures that, throughout the entire process from uploading the cleaned document to extracting the AI ​​decision results, the cloud cannot obtain any data that can be linked to the original sensitive information, and users cannot be tracked or profiled, thus achieving mathematically provable end-to-end anonymity.

[0169] It is worth noting that the five data packages proposed in this invention (individual data package, household data package, enterprise data package, social data package, and government data package) are not simply a stack of data classification labels, nor are they isolated information islands that are independent or overlapping. On the contrary, there are natural marginal cross-related relationships between the five data packages: the individual subject dimension and the family subject dimension form cross anchors through blood relations and residential addresses; the individual subject dimension and the enterprise subject dimension form occupational relationship anchors through labor contracts and social security contributions; the enterprise subject dimension and the government subject dimension form compliance supervision anchors through administrative licenses and tax declarations; and the social organization subject dimension and the government subject dimension form property rights relationship anchors through land contracting rights and homestead qualification rights. Only when the five data packages are brought together can a complete, multi-dimensional, marginally cross-structured global data mirror be constructed—just as the components in a traditional Chinese mortise and tenon structure interlock and support each other, the absence of any component will cause the overall structure to become loose or even collapse. Similarly, the absence of any dimension in the five data packages will lead to semantic breaks and loss of associations in the global data mirror.

[0170] Based on the aforementioned five-number package structured global mirroring, the reverse hiding operation and secondary desensitization processing of this invention achieve an optimal balance between privacy protection and semantic preservation: Reverse hiding replaces the original sensitive fields with structured placeholders carrying five-number package type labels (such as "{{number package: name}}"), preserving the semantic information of the dimension to which the field belongs. Secondary desensitization further randomly maps the structured placeholders to meaningless codes (such as "field_a1b2c3"), completely severing the associativity between the original sensitive information and the code. After these two layers of processing, although the generated irreversible large-term encapsulation cannot recover any original sensitive information through reverse calculation, the marginal cross-relationship between the five-number package dimension labels and the encoding sequence within it still completely preserves the semantic topology and contextual features of the original electronic document.

[0171] This technical effect gives the present invention the following breakthrough advantages: When a general-purpose AI large-scale model receives this large lexical encapsulation for inference operations, it does not need to rely on any privacy-preserving computation techniques (including but not limited to homomorphic encryption, multi-party secure computation, trusted execution environment, federated learning), nor does it need to possess dedicated privacy-preserving computation capabilities. In traditional solutions, homomorphic encryption leads to ciphertext expansion by hundreds of times and computational overhead increases by several orders of magnitude; multi-party secure computation requires multi-party collaborative communication, resulting in huge network overhead and significant latency. In contrast, the present invention uses five-packet structured classification as a prerequisite to transform the original sensitive information into a large lexical encapsulation and directly "feed" it to the AI ​​large-scale model. The large-scale model only needs to perform routine vectorization and attention calculations on the lexical units, without performing any additional encryption / decryption or security protocol interactions.

[0172] Real-world testing data shows that, compared to the "homomorphic encryption + AI inference" scheme, this invention can save more than 90% of computing power (because it eliminates the need for highly complex operations such as polynomial modular multiplication and ciphertext relinearization); compared to the "multi-party secure computation + AI inference" scheme, it can save more than 90% of network resource consumption (because it eliminates the need for the distribution and synchronization of secret shared fragments among multiple participants); at the same time, since the large lexical encapsulation maintains the semantic topology of the original document, the accuracy of the AI ​​large model's decision results is reduced by no more than 2% compared to plaintext inference, achieving a technical effect that balances privacy-free computation, high computing power efficiency, low network overhead, and high decision quality.

[0173] Therefore, the five-number package structured classification of this invention is not an isolated data processing step, but a core prerequisite for the entire privacy-free computing AI large-scale model direct inference architecture. Without the multi-dimensional marginal cross-structured global mirroring of the five-number package, it is impossible to retain sufficient semantic association information in large lexical units for accurate inference by the AI ​​large-scale model; without the semantic topology preservation brought by the aggregation of the five-number package, it is only possible to rely on high-cost solutions such as homomorphic encryption or multi-party secure computation, thereby losing the order-of-magnitude advantage in computing power and network resources. The "aggregate rather than isolated, cross rather than repetitive, and framing structured rather than flat classification" of the five-number package constitutes the fundamental technical feature that distinguishes this invention from existing privacy protection schemes.

[0174] Please refer to Figure 2 . Figure 2 This is a flowchart of an adaptive privacy protection and cross-domain authentication method based on multi-party authorization and full coverage of five data packets, according to an embodiment of the present invention. Figure 2 As shown, the authentication method of the above system includes the following steps.

[0175] S1. The terminal obtains its real-time geographic location through a location awareness unit that is independent of the operating system.

[0176] S2. The above-mentioned policy activation unit activates the corresponding security domain in the hardware security carrier according to the above-mentioned real-time geographical location, and loads the compliance policy set stored in the security domain.

[0177] S3. Scan the electronic document to be processed, use the 500 full-coverage recognition engine to identify all sensitive information in the document, and classify each sensitive field into at least one of the following: number package, household package, enterprise package, social package, or government package.

[0178] S4. If the above electronic document contains sensitive information belonging to multiple different entities, then initiate a multi-party authorization collaboration process, send an authorization request to each entity identified in the document, collect the authorization signature fragments generated by each entity using its electronic signature, and use a multi-signature algorithm to aggregate all authorization signature fragments to generate a joint authorization certificate.

[0179] S5. The dynamic trust engine above calculates the current dynamic trust level Trust(t) for each subject, satisfying:

[0180] (Equation 1)

[0181] S6. Calculate the privacy protection level μ of the reverse hiding operation based on the above dynamic trust level Trust(t), satisfying:

[0182] (Equation 2)

[0183] S7. Perform reverse hiding operation: Using the privacy protection level μ as the parameter, replace all sensitive fields with structured placeholders, establish an encrypted mapping table, generate a multi-party conversion signature, and embed the multi-party conversion signature into the metadata area of ​​the cleaned document.

[0184] S8. Perform secondary desensitization on the cleaned documents: Replace structured placeholders with meaningless random codes to generate irreversible large tokens. After metadata stripping, temporal perturbation, dual-path isolation, and differential privacy noise injection, push the AI ​​decision results to the result transfer platform.

[0185] S9. Users can actively retrieve AI decision results from the above results transfer platform using a one-time password or encrypted email. The platform will physically destroy all records after the user retrieves the results.

[0186] For example, a company's legal staff uses a terminal provided by the company that integrates a hardware security carrier 100 to process a supply chain contract containing sensitive information from three parties: the purchasing company A, the supplier company B, and the logistics company C. After meeting the threshold authorization conditions, the staff conducts a compliance review process.

[0187] S1. Terminal obtains real-time geographic location.

[0188] Legal personnel operate a terminal in the company office. The location sensing unit 200 scans the company's BSSID through the WLAN scanning module 230, compares it with the local database, and confirms that the company is located in "Shanghai, China", the registered address of Company A.

[0189] S2. Activate the corresponding security domain and load the policy.

[0190] Policy activation unit 300 activates the dedicated security domain 110 of "China-Enterprise Intranet" and loads the "China Enterprise Supply Chain Compliance Policy" from the compliance policy set storage area. This policy set requires mandatory desensitization of the unified social credit code and bank account information in the enterprise data package storage area 103, and sets μ base =2.0, θ=1.5, and configure the threshold authorization mode T=2 / 3.

[0191] S3, Five-digit package full-coverage recognition

[0192] The physical coordinate map 530 of the five-data-package full-coverage recognition engine 500 identifies a PDF electronic contract. Based on the preset coordinates, it directly classifies "Enterprise A's credit code" and "bank account number" into Enterprise Data Package storage area 103, and classifies the same information of "Enterprise B" and "Enterprise C" into Enterprise Data Package storage area 103 as well.

[0193] S4, Multi-party Authorization and Collaboration Process

[0194] The multi-party authorization collaboration unit 600 initiates the threshold authorization mode. It sends authorization requests to the legal systems of Company A (its own entity, already authorized), Company B, and Company C. Company A's system automatically signs the request. Company B's legal department confirms online within 5 minutes, generating a signature fragment. Company C's legal department is delayed in responding due to a business trip. At this point, 2 / 3 of the authorization has been obtained (reaching the threshold). The multi-party authorization collaboration unit 600 determines that the authorization conditions are met, generates a joint authorization certificate, and no longer waits for Company C.

[0195] S5. Calculate the dynamic trust level Trust(t)

[0196] The Dynamic Trust Engine 400 calculates the dynamic trust level of each enterprise's data package. Enterprise A has a Trust score of 0.95 (high reputation), Enterprise B has a Trust score of 0.70 (medium reputation), and Enterprise C has a Trust score of 0.55 because it had a data breach warning in the past contract performance, with RiskEvents=0.2.

[0197] S6, Calculate the privacy protection level μ

[0198] The electronic signature two-way operation unit 700 calculates μ separately. For a high-trust enterprise A, μ A =2.0×(1+(1-0.95)×1.5)=2.15; For enterprise B with medium trust, μ B =2.0×(1+(1-0.7)×1.5)=2.9; For low-trust firm C, μ C =2.0×(1+(1-0.55)×1.5)=3.35. All enterprise data processing is mandated to meet the baseline requirement of μ≥2.0.

[0199] S7. Perform reverse hiding and generate multi-party conversion signature.

[0200] The electronic signature bidirectional operation unit 700 replaces the sensitive information of the three parties in the contract with structured placeholders 720 according to their respective μ values, such as replacing Company A's bank account with "{{Enterprise Data Package: Bank Account_Strength 2.15}}". The encrypted mapping table 710 stores the authorization relationship. The signature unit 900 generates a multi-party converted signature 730, proving that the cleaned contract was authorized by Company A and Company B and was generated after meeting the threshold (2 / 3) condition.

[0201] S8, Secondary Desensitization and Full-Link Anonymization Decision

[0202] Before uploading, the secondary de-identification subunit converts the structured placeholder 720 into random codes such as field_a1b2c3. Metadata is stripped and temporal perturbations are added. Anonymous terms are sent to the cloud-based AI compliance review model via the uplink channel. The model reviews the risk clauses, and the output is pushed to the result relay platform after differential privacy noise injection.

[0203] S9. Result Extraction and Destruction

[0204] Legal personnel retrieved the "Supply Chain Contract Compliance Review Report" from the results transfer platform using the company's internal one-time password OTP system. The platform then physically destroyed all cached data of the report.

[0205] It is worth noting that the fundamental technical feature that distinguishes this invention from existing privacy protection schemes lies in its three-tiered, structured progression: the first tier uses classification tags for anonymization; the second tier uses lexical units to replace the original data; and the third tier allows AI to directly infer anonymized data. These three tiers are not conventional choices or simple combinations in existing technologies, but rather a unique and non-obvious systematic solution created in this invention.

[0206] Regarding the first level of "using category tags for data masking," existing masking solutions generally employ two methods: one is to directly delete sensitive fields (e.g., deleting the entire line "Name: Zhang San"), resulting in irreversible loss of data integrity; the other is to use fixed rule replacements (e.g., replacing "Zhang San" with "*"), which preserves the field's position but loses its semantic type information. This invention uniquely uses structured category tags to replace the original sensitive value **, replacing "Zhang San" with "{{number package: Name}}", where the "number package" tag clearly identifies the subject dimension (individual) to which the field belongs, and the "name" tag clearly identifies the field type. This "retaining tags, hiding values" masking method is not publicly available in existing technologies. Its technical challenge lies in the need to pre-establish a five-number package classification system and identify the dimensional affiliation of all fields in the document. This requires the system to possess a structured understanding of multi-dimensional boundary intersections, rather than simple regular expression matching or rule-based masking.

[0207] Regarding the second level, "replacing the original data with tokens", existing tokenization schemes are usually used in payment or identity authentication scenarios. Their core goal is to achieve "reversible mapping" (such as mapping a credit card number to tokens, which the payment gateway can then reverse to restore).

[0208] This invention is the first to apply lexical technology to the field of privacy protection and proposes the concept of irreversible large lexical units: after two-stage desensitization, structured placeholders are randomly mapped to meaningless codes, which are then compressed into irreversible large lexical units by a family of one-way hash functions, satisfying conditional entropy.

[0209] H(Original Sensitive Information | Irreversible Large Term) = H(Original Sensitive Information) (Equation 8)

[0210] In other words, it is impossible to deduce any original sensitive information from the lexical units.

[0211] The technical challenge of this design lies in the fact that lexical units must simultaneously satisfy the contradictory requirements of "irreversibility" (protecting privacy) and "semantic preservation" (for AI reasoning). This invention uses a five-number package structured classification as a prerequisite, which preserves the marginal cross-relationships and semantic topology between fields within lexical units, thereby maintaining the amount of information required for AI reasoning even under the premise of irreversibility.

[0212] There is no inspiration in the existing technology to use irreversible tokens in AI reasoning scenarios. The solution of this invention is not a simple combination of technologies, but a disruptive redefinition of the essential function of tokenization.

[0213] Regarding the third level, "AI directly inferring anonymized data," existing technologies for handling sensitive data using large AI models typically involve: performing inference on homomorphically encrypted ciphertext (ciphertext computation increases computational overhead by 2-3 orders of magnitude), performing distributed inference within a multi-party secure computation framework (incurring huge network overhead), or using a Trusted Execution Environment (TEE) for confidential computation (dependent on specific hardware). The core idea behind these solutions is to "adapt AI to privacy protection"—that is, to perform computations in encrypted or protected environments. This invention takes the opposite approach, proposing a new model of "adapting data to AI": by using a five-byte structured classification as a prerequisite, the original sensitive data is transformed into a large-term encapsulation and directly "fed" to the large AI model. The AI ​​model requires no modification and does not need privacy-preserving computation capabilities; it can complete the computation in a standard inference environment.

[0214] This technical approach is not publicly disclosed or implied in existing technologies. Its non-obviousness lies in the fact that when faced with the technical problem of "AI large models accessing sensitive data," those skilled in the art typically seek solutions along the conventional lines of "strengthening encryption, enhancing secure computation, and building a trusted environment," while very few would consider the reverse: "whether AI can directly process anonymous data through data preprocessing." This invention breaks this technical bias, proving that through five-packet structured classification and irreversible large-term encapsulation, it is possible to achieve compliant access to sensitive data by AI without relying on traditional privacy computing technologies such as homomorphic encryption, multi-party secure computation, and TEE.

[0215] In summary, the three-layer progressive architecture of this invention—"using classification tags for anonymization → replacing original data with lexical units → AI directly inferring anonymized data"—is not a simple combination of existing technologies or a conventional design by those skilled in the art. Each layer contains the original technical breakthroughs of this invention, and there are non-obvious synergistic effects between layers: the structured classification tags of the first layer provide semantic anchors for the irreversible lexical units of the second layer, and the preservation of the semantic topology of the second layer provides a feasible basis for direct AI inference in the third layer. These three elements are indispensable and interdependent, collectively constituting the core technical features that distinguish this invention from all existing privacy protection schemes. Any attempt to directly replace the original data with lexical units and allow AI inference without the ability to perform five-packet structured classification, or to allow AI inference with classification tags but reversible lexical units, or to allow AI inference with irreversible lexical units but without semantic topology, cannot achieve the "decisive results with an accuracy loss of no more than 2% while saving more than 90% of computing power and network resources" claimed by this invention. Therefore, the technical solution of this invention cannot be derived by those skilled in the art through simple logical reasoning or conventional experiments when facing the problem of "AI large-scale model processing of sensitive data".

[0216] The above-described embodiment of the present invention can be implemented in various hardware, software codes, or combinations thereof. For example, an embodiment of the present invention can also be program code executing the above-described method in a Digital Signal Processor (DSP). The present invention can also relate to various functions executed by a computer processor, digital signal processor, microprocessor, or Field Programmable Gate Array (FPGA). The processor described above can be configured to perform specific tasks according to the present invention, which are accomplished by executing machine-readable software code or firmware code defining the specific methods disclosed in the present invention. The software code or firmware code can be developed into different programming languages ​​and different formats or forms. The software code can also be compiled for different target platforms. However, the different code styles, types, and languages ​​of the software code performing tasks according to the present invention and other types of configuration code do not depart from the spirit and scope of the present invention.

Claims

1. An adaptive privacy protection and cross-domain authentication system based on multi-party authorization and full coverage of five data packages, comprising: A hardware security carrier, which is internally divided into multiple security domains, each security domain corresponding to a country or region, and storing the private key and compliance policy set unique to that country or region; A location sensing unit, independent of the terminal device's operating system, obtains real-time geographical location through a hardware interface; A policy activation unit automatically activates the corresponding security domain based on the real-time geographical location and loads its compliance policy set; A dynamic trust engine is used to calculate and update the dynamic trust level (Trust) of each subject. The dynamic trust level (Trust) is calculated using a weighted time-series model and satisfies the following relationship: In the formula, Δt is the time interval since the last credible behavior, λ is the decay coefficient, Authority(t) is the authority level of the data source, Consistency(t) is the cosine similarity between the current behavior feature vector and the historical behavior feature vector, RiskEvents(t) is the cumulative deduction of negative events, and the weighting coefficient α+β+γ+δ=1. The Yiwu Data Package Full Coverage Recognition Engine is used to scan electronic documents and classify sensitive information into individual data packages, family data packages, enterprise data packages, social data packages, or government data packages based on predefined templates, deep learning models, or physical coordinate maps. A multi-party authorization collaboration unit is used to initiate authorization requests to relevant parties when an electronic document contains sensitive information from multiple different entities, collect and aggregate multi-party electronic signatures, and generate a joint authorization certificate. An electronic signature bidirectional operation unit operates within an activated security domain, using electronic signatures to perform forward filling or reverse hiding operations. During the reverse hiding operation, it supports multi-party joint authorization. The reverse hiding operation replaces sensitive fields with structured placeholders and establishes an encrypted mapping table. A privacy enhancement processing unit is used to perform privacy enhancement processing with variable intensity on other modal data, the privacy enhancement processing including dynamic video Gaussian blur and differential privacy noise injection; A signature unit digitally signs the operation result using the private key of the security domain.

2. The adaptive privacy protection and cross-domain authentication system according to claim 1, characterized in that, The parameters of the dynamic trust level Trust(t) in the dynamic trust engine are specifically quantified as follows: Time-sensitive items Where λ is the decay coefficient, with a default value of 0.1 / day, and Δt is calculated in hours. When Δt≤0, Recency(t)=1; The authority attribute, Authority(t), is determined based on the CA level of the data source. Digital certificates issued by government CAs have Authority=1.0, digital certificates issued by financial institution CAs have Authority=0.9, digital certificates issued by ordinary commercial CAs have Authority=0.5, and digital certificates from sources without CA certification have Authority=0.

1. Consistency item, In the formula, V t V is the current behavior feature vector. hist The historical behavior feature vector is the center of the terminal federated learning model. Negative event items, RiskEvents(t) = min(total accumulated deductions, 0.5) Each verifiable negative event deducts 0.1 points, and when there are no new negative events for 30 consecutive calendar days, the accumulated RiskEvents(t) decays by 50%. The default values ​​for the weighting coefficients α, β, γ, and δ are α=0.3, β=0.3, γ=0.2, and δ=0.2, respectively. The weighting coefficients are dynamically optimized and adjusted by the AI ​​model based on the compliance policy set of the currently activated security domain and the user's historical behavior data. The optimization goal is to maximize the comprehensive score of data utility and privacy protection.

3. The adaptive privacy protection and cross-domain authentication system according to claim 1, characterized in that, The five-digit package full-coverage recognition engine includes: The dynamic template library has pre-set five-digit field mapping templates for at least one common document type, including hospital examination reports, bank statements, tax returns, insurance claims, and real estate registration certificates. It also supports users to customize new templates and upload them to the dynamic template library after electronic signature. A deep learning semantic recognition model, based on a semantic segmentation network of a BERT variant, is used for end-to-end sensitive information recognition and five-data package classification of non-template documents, outputting the probability distribution of each recognition field belonging to the data package of individuals, families, enterprises, societies, or governments. Physical coordinate maps are pre-built for OFD format documents and PDF form documents with fixed layouts. The coordinate areas of sensitive information can be directly located through the document structure tree without the need for optical character recognition. The user feedback learning module records the classification results of sensitive fields manually marked or corrected by users, and uses the corrected data as training samples to periodically fine-tune the deep learning semantic recognition model.

4. The adaptive privacy protection and cross-domain authentication system according to claim 1, characterized in that, The multi-party authorization collaboration unit supports at least one of the following authorization modes: In the sequential authorization mode, the system sends authorization requests to each subject in order of preset subject priority. After the first subject completes the electronic signature authorization, the system sends the authorization request to the next subject. In parallel authorization mode, the system simultaneously sends authorization requests to all entities involved in the document and sets an authorization waiting timeout threshold, collecting all returned electronic signatures within the threshold time. In the threshold authorization mode, the system sets the authorization threshold ratio T∈(0,1]. When the ratio of the number of entities that have completed electronic signature authorization to the total number of entities that should be authorized reaches or exceeds T, it is considered that the authorization conditions are met, and a joint authorization certificate is generated. In the proxy authorization model, for entities that do not have independent electronic signature capabilities, the legitimate agent can authorize on their behalf by using their electronic signature based on the proxy relationship binding information pre-stored in the data package or government data package. The multi-party authorization collaboration unit uses a multi-signature algorithm to generate aggregated multi-party authorization signature credentials. The multi-signature algorithm is selected from at least one of the BLS aggregate signature algorithm or threshold signature algorithm.

5. The adaptive privacy protection and cross-domain authentication system according to claim 1, characterized in that, It also includes a space-ground integrated communication unit, which includes: The terrestrial network status detection module is used to detect the signal strength and connection status of 5G or 6G terrestrial cellular networks in real time. When the continuous interruption time of the ground network reaches a preset threshold, the BeiDou short message channel switching module automatically switches the authentication signaling and encrypted five-packet fragmented data to the BeiDou short message channel for transmission. The switching process requires confirmation by the physical non-cloning function derived key signature of the hardware security carrier. The challenge-response two-way authentication module performs challenge-response two-way authentication based on the SM9 identifier cryptography algorithm within the BeiDou short message channel. After successful authentication, a session key is derived for subsequent data transmission encryption. The dual hash chain fragmentation and reassembly module splits data to be transmitted that exceeds the capacity limit of a single frame of BeiDou short message into multiple fragments. Each fragment is accompanied by the hash values ​​of the previous fragment and the next fragment, forming a bidirectional hash chain. The receiving end verifies the integrity and order of the fragments through the bidirectional hash chain, thus achieving reliable transmission of large-capacity data.

6. The adaptive privacy protection and cross-domain authentication system according to claim 1, characterized in that, It also includes an AI end-to-end anonymous decision-making unit, which includes: The secondary desensitization subunit receives the cleaned document generated by the reverse hiding operation, replaces the structured placeholders in the cleaned document with meaningless random codes, and uses a different and independent random mapping table for each document. The random mapping table is stored in encrypted form only in the trusted execution environment of the terminal device. The cloud AI decision unit can only receive the random codes, and the mutual information MI(structured placeholder; random code) = 0. An irreversible large lexical generation subunit applies a family of one-way hash functions to the secondary desensitized random coding sequence to generate irreversible anonymous large lexicals, satisfying conditional entropy. H(Original Sensitive Information | Anonymous Large Term) = H(Original Sensitive Information) The metadata stripping subunit strips all link metadata before transmitting anonymous large terms to the cloud. The link metadata includes source IP address, timestamp, and device fingerprint. At the same time, a one-time anonymous identifier (AID) is generated, and a time-series perturbation that follows an exponential distribution is introduced. The average delay of the time-series perturbation is set to 2 seconds. The dual-path isolation subunit uses physically isolated network channels for the uplink transmission path and the downlink return path. The uplink channel only allows anonymous large-byte uploads, and the downlink channel only allows AI decision-making results to be pushed. A differential privacy noise injection subunit is used to apply Reni differential privacy noise to the output layer of the AI ​​decision model, ensuring that the output satisfies differential privacy (ε, δ), where ε≤0.5 and δ≤10. -5 ; The result transfer unit pushes the AI ​​decision results to the result transfer platform. Users can actively retrieve the results using a one-time password or encrypted email. The platform immediately destroys all records at the physical level after the user retrieves the results.

7. The adaptive privacy protection and cross-domain authentication system according to any one of claims 1 to 6, characterized in that, The privacy protection level μ of the reverse hiding operation and the dynamic trust level Trust satisfy the following relationship. In the formula, μ base The baseline privacy protection strength is given by θ, which is the sensitivity adjustment coefficient, and θ ≥ 0. and When the data to be processed is marked as a legally sensitive data type, μ is forced to be μ. max , where μ max This represents the maximum permissible level of privacy protection specified in the current security domain compliance policy set. The privacy protection level μ is used to control at least one of the following operations: The granularity level of structured placeholder replacement; The kernel size of Gaussian blur in dynamic video is positively correlated with μ. The noise amplitude of differential privacy injection is positively correlated with μ, and the differential privacy budget ε is negatively correlated with μ, satisfying ε=ε max / μ.

8. The adaptive privacy protection and cross-domain authentication system according to claim 7, characterized in that, Before being uploaded to the cloud, the cleaned documents generated by the reverse hiding operation undergo a secondary desensitization operation: the structured placeholders are replaced with meaningless random codes, and each document uses an independently generated random mapping table. The random mapping table is only stored locally on the terminal, and the cloud AI decision unit can only receive the random codes and cannot restore the field type semantic information of the structured placeholders.

9. The adaptive privacy protection and cross-domain authentication system according to claim 8, characterized in that, The reverse hiding operation, after multi-party authorization is completed, also performs the following steps: The process of generating a multi-party conversion signature is as follows: the private key of the currently active security domain is used to digitally sign the aggregated joint authorization credential, document hash value, timestamp, and list of subject identifiers involved. The multi-party conversion signature is embedded in the metadata area of ​​the cleaned document, allowing any third-party verifier to verify that the cleaned document was indeed generated from the original document after being legally authorized by all listed entities by querying the public keys of each entity and the public key of the current security domain stored on the blockchain.

10. An adaptive privacy protection and cross-domain authentication method based on multi-party authorization and full coverage of five data packages, comprising the following steps: S1. The terminal obtains its real-time geographic location through a location sensing unit independent of the operating system. S2. The policy activation unit activates the corresponding security domain in the hardware security carrier according to the real-time geographical location and loads the compliance policy set stored in the security domain. S3. Scan the electronic document to be processed, use the five-data-package full-coverage recognition engine to identify all sensitive information in the document, and classify each sensitive field into at least one of the following: individual data package, household data package, enterprise data package, social data package, or government data package; S4. If the electronic document contains sensitive information belonging to multiple different entities, a multi-party authorization collaboration process is initiated, an authorization request is sent to each entity identified in the document, authorization signature fragments generated by each entity using its electronic signature are collected, and a multi-signature algorithm is used to aggregate all authorization signature fragments to generate a joint authorization certificate. S5. The dynamic trust engine calculates the current dynamic trust level Trust(t) for each entity, satisfying: S6. Calculate the privacy protection level μ of the reverse hiding operation based on the dynamic trust level Trust(t), satisfying: S7. Perform reverse hiding operation, using the privacy protection strength μ as a parameter, replace all sensitive fields with structured placeholders, establish an encrypted mapping table, generate a multi-party conversion signature, and embed the multi-party conversion signature into the metadata area of ​​the cleaned document. S8. Perform secondary desensitization on the cleaned document, replace the structured placeholders with meaningless random codes, generate irreversible large tokens, and after metadata stripping, temporal perturbation, dual-path isolation and differential privacy noise injection, push the AI ​​decision results to the result transfer platform. S9. Users can actively retrieve AI decision results from the result transfer platform using a one-time password or encrypted email. After the user retrieves the results, the platform physically destroys all records.