CN114417433A

CN114417433A - Policy decision training method based on block chain security authentication and cloud authentication server

Info

Publication number: CN114417433A
Application number: CN202210070099.7A
Authority: CN
Inventors: 周应凤
Original assignee: Individual
Current assignee: Individual
Priority date: 2021-01-26
Filing date: 2021-01-26
Publication date: 2022-04-29
Also published as: CN112861115A; CN112861115B; CN114417319A

Abstract

The disclosed embodiments provide a policy decision training method based on block chain security authentication and a cloud authentication server, acquiring a second business dynamic environment for performing information encryption policy invocation on a target authentication event, searching a first business dynamic environment matched with the second business dynamic environment from a business dynamic environment list, acquiring an example authentication event list having business dynamic association with the second business dynamic environment and the first business dynamic environment, and determining an example feature distribution corresponding to the example authentication event manifest, the example feature distribution including a first example feature distribution of the example authentication event manifest in the first business dynamic environment and a target example feature distribution in the second business dynamic environment, and training the target strategy decision network through example characteristic distribution corresponding to the example authentication event list to obtain a strategy decision network so as to carry out strategy decision based on the strategy decision network.

Description

Policy decision training method based on block chain security authentication and cloud authentication server

The application is a divisional application of Chinese application with the name of 'encryption strategy calling method based on block chain security authentication and cloud authentication server' invented and created by the invention with the application number of 202110114650.9 and the application date of 26.01/26/2021.

Technical Field

The disclosure relates to the technical field of cloud services, in particular to a policy decision training method based on block chain security authentication and a cloud authentication server.

Background

In the related art, with the development of internet technology, an authentication event can obtain various information through different service dynamic environments, and due to the wide variety of information, the service encryption process of the authentication event in the corresponding service dynamic environment can be analyzed to obtain the information called by the authentication event encryption, and the information called by the authentication event encryption is called to an encryption policy for the authentication event in the service dynamic environment. However, for a new authentication event in a dynamic service environment, if there is no dynamic service related data between the authentication event and the dynamic service environment, the encryption process of the authentication event in the dynamic service environment cannot be obtained, so that the encryption policy call for linking the authentication event based on the record of the authentication event in the dynamic service environment cannot be performed.

Disclosure of Invention

In order to overcome at least the above disadvantages in the prior art, an object of the present disclosure is to provide a policy decision training method based on blockchain security authentication and a cloud authentication server.

In a first aspect, the present disclosure provides an encryption policy invoking method based on blockchain security authentication, which is applied to a cloud authentication server, where the cloud authentication server is in communication connection with a plurality of blockchain authentication terminals, and the method includes:

acquiring first authentication event characteristic distribution of a target authentication event in a first service dynamic environment;

calling a policy decision network to make a decision on the first authentication event characteristic distribution to obtain a second authentication event characteristic distribution of the target authentication event in a second service dynamic environment;

acquiring encryption strategy calling information for the target authentication event according to the second authentication event characteristic distribution, and calling the encryption strategy calling information to the encryption strategy of the target authentication event in the second service dynamic environment;

the strategy decision network is obtained by training a strategy decision network of an example feature distribution pair target, wherein the example feature distribution comprises a first example feature distribution of an example authentication event list in the first business dynamic environment and a target example feature distribution in the second business dynamic environment;

the target policy decision network is obtained by training an initial policy decision network through M target feature distributions, wherein the M target feature distributions comprise target feature distributions of a collection authentication event list in each service dynamic environment of M service dynamic environments, and M is a positive integer.

In a possible design concept of the first aspect, before the obtaining the first authentication event feature distribution of the target authentication event in the first dynamic business environment, the method further includes:

acquiring a second service dynamic environment for carrying out information encryption strategy calling on a target authentication event;

searching a first service dynamic environment matched with the second service dynamic environment from a service dynamic environment list;

obtaining an example authentication event list dynamically associated with the second business dynamic environment and the first business dynamic environment, and determining example feature distribution corresponding to the example authentication event list, wherein the example feature distribution comprises a first example feature distribution of the example authentication event list in the first business dynamic environment and a target example feature distribution in the second business dynamic environment;

and training the target strategy decision network through example characteristic distribution corresponding to the example authentication event list to obtain the strategy decision network.

In a possible design concept of the first aspect, the finding out the first business dynamic environment matching the second business dynamic environment from the business dynamic environment list includes:

acquiring a second service dynamic environment characteristic of a second service dynamic environment and a target service dynamic environment characteristic of each target service dynamic environment in a service dynamic environment list, wherein service dynamic associated data of the target authentication event are stored in each target service dynamic environment;

determining correlation parameters between the second service dynamic environment characteristics and the target service dynamic environment characteristics of each target service dynamic environment, and finding out target service dynamic environment characteristics of which the correlation parameters with the second service dynamic environment characteristics meet preset conditions;

and determining the service dynamic environment corresponding to the target service dynamic environment characteristic as a first service dynamic environment matched with the second service dynamic environment.

For example, in a possible design concept of the first aspect, the training of the policy decision network for targeting by the example feature distribution corresponding to the example authentication event list to obtain the policy decision network includes:

finding N groups of sub-example authentication event lists from the example authentication event list, and determining feature distribution corresponding to each group of sub-example authentication event lists from the example feature distribution, wherein the feature distribution corresponding to each group of sub-example authentication event lists comprises first sub-example feature distribution of each group of sub-example authentication event lists in the first business dynamic environment and target sub-example feature distribution of each group of sub-example authentication event lists in the second business dynamic environment, and N is a positive integer;

performing network configuration on a target policy decision network based on the feature distribution corresponding to each group of sub-example authentication event lists to obtain N updating reference parameters;

updating network weight information in the target policy decision network based on the N updated reference parameters;

if the target policy decision network after updating the network weight information meets a preset condition, determining the target policy decision network after updating the network weight information as the policy decision network, wherein the preset condition comprises that the policy decision precision of each feature distribution in the feature distributions corresponding to each group of sub-example authentication event lists of the target policy decision network is higher than the preset precision;

wherein, the method for performing network configuration on the target policy decision network based on the feature distribution corresponding to any one group of target sub-example authentication event lists in the N groups of sub-example authentication event lists to obtain a target update reference parameter includes:

splitting the target sub-example authentication event list to obtain a first target sub-example authentication event list and a second target sub-example authentication event list;

acquiring a first feature distribution corresponding to the first target sub-example authentication event list and a second feature distribution corresponding to the second target sub-example authentication event list from the feature distribution corresponding to the target sub-example authentication event list;

performing network configuration on the target policy decision network based on the first characteristic distribution to obtain a first adjustment reference parameter, and updating the network weight information of the target policy decision network from initial weight information to target weight information based on the first adjustment reference parameter;

performing network configuration on the target policy decision network after the network weight information is updated to the target weight information based on the second characteristic distribution to obtain a second adjustment reference parameter;

performing second-order partial derivation processing on the initial weight information based on the second adjustment reference parameter to obtain a target update reference parameter corresponding to the target sub-example authentication event list;

wherein the first feature distribution includes a first target authentication event feature distribution sequence of the first target sub-example authentication event list in the first dynamic service environment and a third authentication event feature distribution sequence of the first target sub-example authentication event list in the second dynamic service environment, and the performing network configuration on the target policy decision network based on the first feature distribution to obtain a first adjustment reference parameter includes:

calling the target strategy decision network to make a decision on the first target authentication event characteristic distribution sequence to obtain a first decision example characteristic distribution;

calculating a mean square error between the first decision example feature distribution and the third authentication event feature distribution sequence;

taking the mean square error as a first adjustment reference parameter;

updating the network weight information in the target policy decision network based on the N updated reference parameters comprises:

fusing the N updated reference parameters to obtain fused reference parameters;

acquiring a weight corresponding to the fusion reference parameter, and performing weighting processing on the fusion reference parameter by adopting the weight to obtain a weighted reference parameter;

updating the network weight information in the target policy decision network from initial weight information to a difference between the initial weight information and the weighted reference parameter.

In a possible design concept of the first aspect, the method further comprises:

acquiring a block chain security authentication library generated after the encryption strategy of the target authentication event is called under the second service dynamic environment and authentication encryption is carried out, wherein authentication digital certificates of various dynamic access behaviors of an authentication service object are stored in the block chain security authentication library;

performing dynamic bidirectional authentication on each received dynamic access behavior based on the block chain security authentication library, and generating an authentication service transmission channel aiming at each dynamic access behavior after the dynamic bidirectional authentication is passed;

acquiring acquisition control information for acquiring service data aiming at an authentication service transmission channel, wherein the acquisition control information refers to control model information for acquiring the service data of each authentication service transmission channel in an authentication service transmission channel sequence to be processed;

acquiring target distributed control information corresponding to the acquisition control information, wherein the target distributed control information corresponding to the acquisition control information comprises service acquisition node distribution corresponding to the acquisition control information;

performing service acquisition decision analysis on target distributed control information corresponding to the acquisition control information according to a target service acquisition decision network to obtain service acquisition node distribution corresponding to the acquisition control information;

and determining a target service data acquisition project corresponding to the acquisition control information according to the service acquisition node distribution corresponding to the acquisition control information, so as to distribute a corresponding target service acquisition process for the authentication service transmission channel to acquire big data of the authentication service transmission channel.

For example, in a possible design concept of the first aspect, before performing service acquisition decision analysis on target distributed control information corresponding to the acquisition control information according to a target service acquisition decision network, the method further includes:

acquiring a first acquisition control information example, service acquisition decision reference information corresponding to the first acquisition control information example and a second acquisition control information example;

acquiring target distributed control information corresponding to the first acquisition control information example and target distributed control information corresponding to the second acquisition control information example;

training a preset service acquisition decision network according to target distributed control information corresponding to the first acquisition control information example and service acquisition decision reference information corresponding to the first acquisition control information example to obtain a first service acquisition decision network;

performing service acquisition decision analysis on target distributed control information corresponding to the second acquisition control information example according to the first service acquisition decision network to obtain first to-be-determined service acquisition node distribution corresponding to the second acquisition control information example;

performing service acquisition decision analysis on target distributed control information corresponding to the first acquisition control information example according to a preset service acquisition decision network to obtain undetermined service acquisition node distribution corresponding to the first acquisition control information example, calculating a difference parameter according to the undetermined service acquisition node distribution corresponding to the first acquisition control information example and service acquisition decision reference information corresponding to the first acquisition control information example, and reversely updating the parameter of the preset service acquisition decision network by using the difference parameter; and iteratively executing the process until a termination condition of supervised training is met, and obtaining a first service acquisition decision network, wherein the termination condition of the supervised training comprises at least one of the following conditions: the iterative training times reach the set times, the difference parameter is smaller than the set threshold value, and the difference parameter is converged;

and adjusting parameters of the first service acquisition decision network after parameter adjustment again according to target distributed control information corresponding to the second acquisition control information example, target distributed control information corresponding to the first acquisition control information example and service acquisition decision reference information corresponding to the first acquisition control information example until a training end condition is reached, and taking the first service acquisition decision network obtained when the training end condition is reached as the target service acquisition decision network.

For example, in a possible design concept of the first aspect, the service acquisition node distribution corresponding to the acquisition control information includes a service acquisition confidence corresponding to a reference service acquisition decision manner and service acquisition confidence corresponding to a plurality of pending service acquisition decision manners, and the determining, according to the service acquisition node distribution corresponding to the acquisition control information, a target service data acquisition item corresponding to the acquisition control information includes:

acquiring a service acquisition confidence corresponding to each pending service acquisition decision mode and a service acquisition confidence corresponding to the reference service acquisition decision mode according to pre-recorded historical service acquisition control data;

comparing the service acquisition confidence corresponding to each pending service acquisition decision mode with the service acquisition confidence corresponding to the reference service acquisition decision mode;

when the service acquisition confidence corresponding to each pending service acquisition decision mode is less than or equal to the service acquisition confidence corresponding to the reference service acquisition decision mode, taking a reference service acquisition decision list corresponding to the reference service acquisition decision mode as a target service data acquisition item corresponding to the acquisition control information;

and when the service acquisition confidence corresponding to each of the plurality of pending service acquisition decision modes is greater than the service acquisition confidence corresponding to the reference service acquisition decision mode, taking a pending service acquisition decision list corresponding to the plurality of pending service acquisition decision modes as a target service data acquisition item corresponding to the acquisition control information, wherein the pending service acquisition decision list corresponding to the plurality of pending service acquisition decision modes is a service acquisition decision list corresponding to the service acquisition confidence which is the largest in the plurality of pending service acquisition decision modes.

In a possible design idea of the first aspect, the target distributed control information includes control table item matching information and a control table item floating range, the authentication service transmission channel sequence includes a plurality of authentication service transmission channels, the number of the acquisition control information is multiple, and any one of the plurality of acquisition control information includes sub-control information corresponding to the authentication service transmission channel sequence to be processed;

the acquiring of the target distributed control information corresponding to the acquisition control information includes:

determining a plurality of available control table entries corresponding to each acquisition control information in the authentication service transmission channel sequence to be processed;

determining a plurality of shared target service acquisition process items in the authentication service transmission channel sequence to be processed;

using each common control table item between a plurality of available control table items and a plurality of shared target service acquisition process items as a plurality of first unit control table items;

using the other control table items except the first unit control table items in the plurality of available control table items as a plurality of second unit control table items;

determining control table item matching information corresponding to each acquisition control information according to sub-control information corresponding to each acquisition control information of a plurality of first unit control table items, the number of overall control table items of the plurality of first unit control table items, sub-control information corresponding to each acquisition control information of a plurality of second unit control table items and the number of overall control table items of the plurality of second unit control table items;

determining a floating range of the control table items corresponding to each acquisition control information according to sub-control information corresponding to each acquisition control information by a plurality of available control table items, frequent acquisition control information corresponding to each available control table item, the number of available control table items corresponding to each available control table item and the number of overall control table items of the available control table items; the method comprises the steps that frequent acquisition control information corresponding to a plurality of available control table items respectively and the number of the available control table items corresponding to the available control table items respectively are obtained according to the acquisition control information;

wherein, in the authentication service transmission channel sequence to be processed, determining a plurality of shared target service acquisition process items includes:

calculating task correlation coefficients corresponding to the authentication service transmission channel sequences to be processed respectively, and taking reference target service acquisition process items corresponding to all the authentication service transmission channels of which the corresponding task correlation coefficients in the authentication service transmission channel sequences to be processed meet correlation conditions as a plurality of shared target service acquisition process items; or

Determining undetermined control table entry sequences corresponding to a plurality of pieces of acquisition control information respectively, and taking a reference target service acquisition process item corresponding to each authentication service transmission channel which meets matching conditions in reference target service acquisition process items corresponding to the authentication service transmission channel sequences to be processed as a plurality of shared target service acquisition process items, wherein the meeting of the matching conditions comprises that the occurrence number of the reference target service acquisition process items in the undetermined control table entry sequences corresponding to the plurality of pieces of acquisition control information respectively reaches a set value; or

Calculating task correlation coefficients corresponding to the authentication service transmission channel sequences to be processed respectively, and taking each authentication service transmission channel, of which the corresponding task correlation coefficient in the authentication service transmission channel sequences to be processed meets a correlation condition, as a plurality of first target service acquisition process items;

determining undetermined control table entry sequences corresponding to a plurality of pieces of acquisition control information respectively, and taking reference target service acquisition process items corresponding to each authentication service transmission channel which meet matching conditions in reference target service acquisition process items corresponding to the authentication service transmission channel sequences to be processed as a plurality of second target service acquisition process items, wherein the meeting of the matching conditions comprises that the occurrence number of the reference target service acquisition process items in the undetermined control table entry sequences corresponding to the plurality of pieces of acquisition control information respectively reaches a set value;

and combining the plurality of first target service acquisition process items and the plurality of second target service acquisition process items to serve as a plurality of shared target service acquisition process items.

In a second aspect, an embodiment of the present disclosure further provides an encryption policy invoking device based on blockchain security authentication, which is applied to a cloud authentication server, where the cloud authentication server is in communication connection with a plurality of blockchain authentication terminals, and the cloud authentication server is implemented based on a cloud computing platform, and the device includes:

the acquisition module is used for acquiring first authentication event characteristic distribution of a target authentication event in a first service dynamic environment;

the first calling module is used for calling a policy decision network to make a decision on the first authentication event characteristic distribution to obtain a second authentication event characteristic distribution of the target authentication event in a second service dynamic environment;

the second calling module is used for acquiring encryption strategy calling information for the target authentication event according to the second authentication event characteristic distribution and calling the encryption strategy calling information for the target authentication event in the second service dynamic environment;

In a third aspect, an embodiment of the present disclosure further provides an encryption policy invoking system based on blockchain security authentication, where the encryption policy invoking system based on blockchain security authentication includes a cloud authentication server and a plurality of blockchain authentication terminals communicatively connected to the cloud authentication server;

the cloud authentication server is configured to:

In a fourth aspect, an embodiment of the present disclosure further provides a cloud authentication server, where the cloud authentication server includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is configured to be in communication connection with at least one blockchain authentication terminal, the machine-readable storage medium is configured to store a program, an instruction, or a code, and the processor is configured to execute the program, the instruction, or the code in the machine-readable storage medium to execute the encryption policy invoking method based on blockchain security authentication in any one of the first aspect or any one of the possible design examples of the first aspect.

In a fifth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, where instructions are preset in the computer-readable storage medium, and when the instructions are executed, the computer executes the encryption policy invoking method based on blockchain security authentication in the first aspect or any one of the possible design examples of the first aspect.

Based on any one of the above aspects, the present disclosure obtains a first authentication event feature distribution of a target authentication event in a first service dynamic environment, and invokes a policy decision network to make a decision on the first authentication event feature distribution, to obtain a second authentication event feature distribution of the target authentication event in a second service dynamic environment, obtains encryption policy invocation information for the target authentication event according to the second authentication event feature distribution, and invokes an encryption policy from the encryption policy invocation information in the second service dynamic environment. The training of different stages of the strategy decision network is completed based on different types of data, and the information for carrying out encryption strategy calling on the authentication event is determined based on the strategy decision network, so that the accuracy of information encryption strategy calling is improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that need to be called in the embodiments are briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure, and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.

Fig. 1 is a schematic view of an application scenario of an encryption policy invoking system based on block chain security authentication according to an embodiment of the present disclosure;

fig. 2 is a schematic flowchart of an encryption policy invoking method based on block chain security authentication according to an embodiment of the present disclosure;

fig. 3 is a functional block diagram of an encryption policy invoking device based on block chain security authentication according to an embodiment of the present disclosure;

fig. 4 is a schematic block diagram of structural components of a cloud authentication server for implementing the encryption policy invocation method based on blockchain security authentication according to the embodiment of the present disclosure.

Detailed Description

The present disclosure is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the device embodiments or the system embodiments.

With the development of internet technology, after bidirectional authentication event authentication, various information can be obtained through different service dynamic environments (such as an online new media service dynamic environment, a payment service dynamic environment, a live service dynamic environment, and the like).

However, for an authentication event newly added in a service dynamic environment, if there is no service dynamic associated data between the authentication event and the service dynamic environment in history, the service encryption process of the authentication event in the service dynamic environment cannot be obtained, so that the encryption policy call cannot be performed on the authentication event based on the record of the authentication event retained in the service dynamic environment. In general, the authentication event will retain the service dynamic associated data in other service dynamic environments, so that the encryption calling characteristics of the authentication event can be analyzed by using the service dynamic associated input of the authentication event in other programs, and then the information encryption policy calling is performed on the authentication event, in the specific implementation process, each service dynamic environment has an independent encryption policy calling system, each authentication event and object in the encryption policy calling system can be represented in a characteristic distribution form, the characteristic distribution representation of the same authentication event in different encryption policy calling systems and the representation form of the service dynamic associated data are different, currently, the decision of learning the characteristic distribution of the authentication event in different encryption policy calling systems by using one policy decision network is realized, so that the characteristic distribution representation of the authentication event in one encryption policy calling system is transferred to another encryption policy calling system, if when an authentication event just uses a second business dynamic environment, the characteristic distribution representation of the authentication event in the first business dynamic environment is obtained, and the characteristic distribution representation of the authentication event in the second business dynamic environment is obtained by processing the characteristic distribution in the first business dynamic environment through a policy decision network, in the above manner, network configuration needs to use a large amount of data of example authentication events which are dynamically associated with the first business dynamic environment and the second business dynamic environment, and network configuration is performed on a model based on the characteristic distribution representation of the example authentication events in different business dynamic environments, in actual situations, the situation that the example authentication events are few often exists, namely only a small amount of authentication events are dynamically associated with the first business dynamic environment and the second business dynamic environment, so that the policy decision precision in the practical application process of the trained policy decision network is low, thereby resulting in a mismatch between the information distributed encryption policy invocation based on authentication event characteristics and the authentication event encryption invocation characteristics.

Based on this, the embodiment of the present disclosure provides an improved scheme, where a policy decision network is used to learn decision association characteristics of authentication event feature distribution in two encryption policy invocation systems, when an authentication event is in a new service dynamic environment, service dynamic association data of the authentication event in an existing service dynamic environment is obtained, a feature distribution representation of the authentication event on the new service dynamic environment is obtained through the policy decision network, and a final encryption policy invocation object is determined based on the feature distribution. In the training process of the strategy decision network, the scheme is divided into two stages, the first stage is to adopt the characteristic distribution of the collection authentication event list under different service dynamic environments to pre-train the initial strategy decision network to obtain the target strategy decision network, the target strategy decision network has the capability of learning the characteristic distribution decision relationship among models, and the second stage is to adopt the characteristic distribution of the example authentication event list in the second service dynamic environment needing information encryption strategy calling and the characteristic distribution in the first service dynamic environment similar to the second service dynamic environment to carry out network configuration on the target strategy decision network, so that the target strategy decision network learns the characteristic distribution decision relationship between the first service dynamic environment and the second service dynamic environment to obtain the strategy decision network. According to the scheme, the network configuration process is retraining based on a pre-trained model, so that the training of the strategy decision network can be completed only by a small amount of data of example authentication events which are dynamically associated with the first service dynamic environment and the second service dynamic environment. In the process of pre-training the model, the model needs to have the capability of learning the feature distribution decision, so that a large amount of data of the authentication event with service dynamic association with different service dynamic environments are only needed, the example amount is sufficient, and the data of the example authentication event with service dynamic association with the specified first service dynamic environment and the specified second service dynamic environment are not needed to be obtained.

In a possible design example, the general flow of the information encryption policy invoking method provided by the present solution is as follows, specifically including: 1. the method comprises the steps of initializing network pre-training, specifically, carrying out network configuration on an initial strategy decision network by collecting M target feature distributions of an authentication event list in M service dynamic environments to obtain a target initialization network, so that the target initialization network has the capability of learning decision relations among the feature distributions. 2. And network optimization, specifically, performing network configuration on a target policy decision network through a first example feature distribution of an example authentication event list in a first service dynamic environment and a target example feature distribution in a second service dynamic environment to obtain a policy decision network, wherein the policy decision network has the capability of making a decision on the feature distribution in the first service dynamic environment to the second service dynamic environment. In a possible design example, in the training process of the target initialization network, the network weight information of the target policy decision network is updated once for N update reference parameters obtained by feature distribution training corresponding to N sub-example authentication event lists. 3. And acquiring first authentication event characteristic distribution of the target authentication event in the first service dynamic environment, and calling a policy decision network to make a decision on the first authentication event characteristic distribution to obtain second authentication event characteristic distribution of the target authentication event in the second service dynamic environment. 4. And acquiring encryption strategy calling information for the target authentication event according to the second authentication event characteristic distribution, and calling the encryption strategy calling information in the second service dynamic environment.

In the scheme, the model is pre-trained through a large amount of weak-correlation data (characteristic distribution of collected authentication events), and network configuration optimization is performed on the model through a small amount of strong-correlation data (characteristic distribution of example authentication events), so that the problem that the example data with strong correlation is less in the network configuration process is solved, the strategy decision precision of the strategy decision network in the actual application process is improved, and the matching degree of the information called by the authentication event characteristic distribution encryption strategy based on decision and the encryption calling characteristic of the authentication event is high. The method and the device complete one-time updating of the network weight information through a plurality of updating reference parameters, complete updating of the parameters by combining the characteristics of a plurality of groups of examples, enable an iteration process to be more regular, and under the condition that the number of example authentication events is limited, the scheme adopts different combination modes to combine the example authentication events to obtain a plurality of sub-example authentication event lists, and complete updating of the network weight information by taking the sub-example authentication event lists as training units.

Fig. 1 is a schematic application scenario diagram of an encryption policy invoking system 10 based on blockchain security authentication according to an embodiment of the present disclosure. The encryption policy invoking system 10 based on the blockchain security authentication may include a cloud authentication server 100 and a blockchain authentication terminal 200 communicatively connected to the cloud authentication server 100. The block chain security authentication-based encryption policy invoking system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the block chain security authentication-based encryption policy invoking system 10 may also include only at least some of the components shown in fig. 1 or may also include other components.

In a possible design concept, the cloud authentication server 100 and the blockchain authentication terminal 200 in the system 10 for invoking an encryption policy based on blockchain security authentication may cooperatively perform an encryption policy invoking method based on blockchain security authentication described in the following method embodiments, and the following detailed description of the method embodiments may be referred to in the specific steps of the cloud authentication server 100 and the blockchain authentication terminal 200.

To solve the technical problem in the foregoing background, fig. 2 is a schematic flowchart of an encryption policy invoking method based on blockchain security authentication according to an embodiment of the present disclosure, where the encryption policy invoking method based on blockchain security authentication according to the present embodiment may be executed by the cloud authentication server 100 shown in fig. 1, and the encryption policy invoking method based on blockchain security authentication is described in detail below.

Step S110, obtain a first authentication event feature distribution of the target authentication event in the first service dynamic environment.

In one possible design example, the target authentication event may correspond to different authentication event feature distributions in different business dynamic environments, where the business dynamic environments may specifically be the business application services, and the target authentication event may specifically be represented by a business authentication resource of the target authentication event in the business application services at this time, that is, when the target authentication event uses different business application services, the feature distributions of the features used for representing the target authentication event in the business application services are different, where the authentication event feature distribution may specifically be a feature distribution representation of an encryption invocation feature of the authentication event in the business dynamic environments, and when the business dynamic environments are the business application services, the encryption invocation feature may specifically be an access encryption invocation feature of the authentication event to each encryption policy node in the business application services, and specifically may be based on access encryption times, access times, and access encryption times of the authentication event to different types of objects, Access encryption protocol, etc. The first authentication event feature distribution is feature distribution used for representing encryption calling features of the target authentication event in the first service dynamic environment, and the first authentication event feature distribution can be specifically used for subsequently determining the encryption calling feature degrees of the authentication event for each encryption policy node to be called by the encryption policy in the first service dynamic environment, and calling the encryption policy for the object with high encryption calling feature degree in the first service dynamic environment.

The first service dynamic environment may specifically refer to any one of the service dynamic environments, and is used to form a distinction with the second service dynamic environment, in the first service dynamic environment, the first authentication event feature distribution is specifically used to represent a target authentication event, and the cloud authentication server 100 may obtain the first authentication event feature distribution of the target authentication event in the first service dynamic environment, for example, the first service dynamic environment is a first service application service, and the cloud authentication server 100 may obtain the first authentication event feature distribution corresponding to the target authentication event from a background server of the first service application service, where the service application service may be an online new media application service, a payment application service, a live application service, and the like.

Step S120, a strategy decision network is called to make a decision on the first authentication event characteristic distribution, and second authentication event characteristic distribution of the target authentication event in a second service dynamic environment is obtained.

In a possible design example, after obtaining the first authentication event feature distribution of the target authentication event in the first dynamic service environment, the cloud authentication server 100 may invoke a policy decision network to make a decision on the first authentication event feature distribution, so as to obtain the second authentication event feature distribution of the target authentication event in the second dynamic service environment.

In a possible design example, the target authentication event may have no or only a small amount of service dynamic associated data in the second service dynamic environment, that is, data analysis cannot be performed based on access information of the target authentication event in the second service dynamic environment, so that the authentication event feature distribution of the target authentication event in the second service dynamic environment is accurately determined. At this time, the cloud authentication server 100 may invoke a policy decision network to make a decision on the first authentication event feature distribution of the target authentication event in the first service dynamic environment, so as to obtain the second authentication event feature distribution of the target authentication event in the second service dynamic environment. The second authentication event feature distribution is specifically used for representing the encryption calling feature of the target authentication event in the second service dynamic environment, and for subsequently determining the encryption calling feature degree of the authentication event for each encryption policy node to be called by the encryption policy in the second service dynamic environment, and performing encryption policy calling on the object with high encryption calling feature degree in the second service dynamic environment.

In one possible design example, if the target authentication event has no service dynamic associated data in the second service dynamic environment, the cloud authentication server 100 may invoke the policy decision network to make a decision on the first authentication event feature distribution, and use the feature distribution obtained by the decision as the second authentication event feature distribution of the target authentication event in the second service dynamic environment. In a possible design example, if the target authentication event has dynamic service association data in the second dynamic service environment, the cloud authentication server 100 may invoke a policy decision network to make a decision on the feature distribution of the first authentication event to obtain a third authentication event feature distribution, and obtain a fourth authentication event feature distribution obtained based on the decision on the dynamic service association data, and the cloud authentication server 100 fuses the third authentication event feature distribution and the fourth authentication event feature distribution to obtain a second authentication event feature distribution of the target authentication event in the second dynamic service environment. The Fusion (Fusion) refers to combining together, and the Fusion mode may be referred to a common Fusion algorithm in the prior art, which is not limited herein. For example, at least one of a concatenation or a weighted addition. For example, the splicing may be performed, and the result obtained by the splicing is input into a fusion model for processing, where the fusion model may be, for example, a multilayer perceptron model, a recurrent neural network model, or a convolutional neural network model. For example, the fusion model may include P aggregators, each aggregator mixes two different heterogeneous features (i.e., target text encoding vectors and target knowledge representation vectors corresponding to target entities) through MLP (multi-layer perceptron), and the number of P may be set as required.

It should be noted that the policy decision network is obtained by training a target policy decision network through example feature distribution, where the example feature distribution includes a first example feature distribution of an example authentication event list in a first business dynamic environment and a target example feature distribution in a second business dynamic environment; the target policy decision network is obtained by training an initial policy decision network through M target feature distributions, wherein the M target feature distributions comprise target feature distributions of a collection authentication event list in each service dynamic environment of M service dynamic environments, and M is a positive integer. The training process of the target policy decision network comprises multiple times of iterative updating of network weight information of the target policy decision network, each time of iterative updating process of the network weight information is a decision process of the network weight information of the target policy decision network and N groups of updated reference parameters, the updated reference parameters are obtained by training based on a group of sub-example authentication event feature distribution sequences, each group of sub-example authentication event feature distribution sequences are feature distributions corresponding to any group of sub-example authentication event lists in the N groups of sub-example authentication event lists, and the N groups of sub-example authentication event lists are obtained by searching based on the example authentication event lists.

It should be noted that, in the training process of the policy decision network, specifically, the cloud authentication server 100 obtains an example authentication event list, finds N groups of sub-example authentication event lists from the example authentication event list, and determines, from the example feature distribution, a feature distribution corresponding to each group of sub-example authentication event lists, where the feature distribution corresponding to each group of sub-example authentication event lists includes a first sub-example feature distribution of each group of sub-example authentication event lists in a first business dynamic environment and a target sub-example feature distribution of each group of sub-example authentication event lists in a second business dynamic environment; the cloud authentication server 100 performs network configuration on the target policy decision network based on the feature distribution corresponding to each group of sub-example authentication event lists to obtain N update reference parameters; updating network weight information in the target policy decision network based on the N updating reference parameters; and if the target policy decision network after the updating of the network weight information meets the preset condition, determining the target policy decision network after the updating of the network weight information as the policy decision network, wherein the preset condition comprises that the policy decision precision of each characteristic distribution in the characteristic distributions corresponding to each group of the sub-example authentication event lists of the target policy decision network is higher than the preset precision.

In one possible design example, the way for the cloud authentication server 100 to perform network configuration on the target policy decision network based on the feature distribution corresponding to any one target sub-example authentication event list in the N groups of sub-example authentication event lists includes: the cloud authentication server 100 splits the target sub-example authentication event list to obtain a first target sub-example authentication event list and a second target sub-example authentication event list, the target sub-example authentication event list is any one group of sub-example authentication event lists in the N groups of sub-example authentication event lists, the cloud authentication server 100 obtains a first feature distribution corresponding to the first target sub-example authentication event list and a second feature distribution corresponding to the second target sub-example authentication event list, the cloud authentication server 100 performs network configuration on a target policy decision network based on the first feature distribution to obtain a first adjustment reference parameter, and updates the network weight information of the target policy decision network from initial weight information to target weight information based on the first adjustment reference parameter; performing network configuration on the target policy decision network after the network weight information is updated to the target weight information based on the second characteristic distribution to obtain a second adjustment reference parameter; the cloud authentication server 100 determines a target update reference parameter corresponding to the target sub-example authentication event list based on the second adjustment reference parameter and the initial weight information.

The first characteristic distribution comprises a first target authentication event characteristic distribution sequence of the first target sub-example authentication event list in the first business dynamic environment and a third authentication event characteristic distribution sequence of the first target sub-example authentication event list in the second business dynamic environment; the cloud authentication server 100 performs network configuration on the target policy decision network based on the first feature distribution, and a specific manner of obtaining the first adjustment reference parameter may be that the cloud authentication server 100 invokes the target policy decision network to perform decision on the first target authentication event feature distribution sequence, obtain the first decision example feature distribution, calculate a mean square error between the first decision example feature distribution and the third authentication event feature distribution sequence, and use the mean square error as the first adjustment reference parameter.

The second feature distribution includes a second target authentication event feature distribution sequence of the second target sub-example authentication event list in the first service dynamic environment and a fourth authentication event feature distribution sequence in the second service dynamic environment, the cloud authentication server 100 performs network configuration on the target policy decision network after updating the network weight information to the target weight information based on the second feature distribution, and a specific manner of obtaining the second adjustment reference parameter may be that the cloud authentication server 100 calls the target policy decision network after updating the parameter to perform decision on the second target authentication event feature distribution sequence to obtain the second decision example feature distribution, and calculates a mean square error between the second decision example feature distribution and the fourth authentication event feature distribution sequence, and uses the mean square error as the second adjustment reference parameter.

The specific way for the cloud authentication server 100 to determine the target update reference parameter corresponding to the target sub-example authentication event list based on the second adjustment reference parameter and the initial weight information may be that the cloud authentication server 100 performs second-order partial derivation processing on the initial weight information based on the second adjustment reference parameter to obtain the target update reference parameter corresponding to the target sub-example authentication event list, where the target update reference parameter is one of the N update reference parameters for updating the network weight information in the target policy decision network.

The specific way in which the cloud authentication server 100 updates the network weight information in the target policy decision network based on the N update reference parameters may be that the cloud authentication server 100 fuses the N update reference parameters to obtain a fusion reference parameter; and acquiring a weight corresponding to the fusion reference parameter, and performing weighting processing on the fusion reference parameter by using the weight to obtain a weighted reference parameter, and updating the network weight information in the target policy decision network from the initial weight information to a difference value between the initial weight information and the weighted reference parameter by the cloud authentication server 100. In the above manner, different combination manners are adopted to combine the example authentication events to obtain a plurality of sub-example authentication event lists, and the sub-example authentication event lists are used as training units to complete the update of the network weight information, so that the number of example data can be increased, the example expansion is realized, and the problem that the example data with strong correlation in the network configuration process is less is solved.

It should be further noted that, the specific way for the cloud authentication server 100 to obtain the target initialization network by performing network configuration on the initial policy decision network through collecting M target feature distributions of the authentication event list in M service dynamic environments may be that the cloud authentication server 100 obtains the collected authentication event list; determining target feature distribution of a collected authentication event list in each service dynamic environment in M service dynamic environments to obtain M target feature distributions; the cloud authentication server 100 combines the M target feature distributions to obtain M feature distribution combinations, each feature distribution combination includes any two groups of target feature distributions in the M target feature distributions, and performs network configuration on the initial policy decision network through each feature distribution combination in the M feature distribution combinations to obtain a target policy decision network, where M is a positive integer.

In a possible design example, the specific manner of obtaining the target policy decision network by the cloud authentication server 100 performing network configuration on the initial policy decision network through each feature distribution combination in M feature distribution combinations may be that the cloud authentication server 100 performs network configuration on the initial policy decision network through a first feature distribution combination in the M feature distribution combinations to update parameters in the initial policy decision network, where the first feature distribution combination includes a first target feature distribution and a first pair feature distribution, the first target feature distribution is a feature distribution in which an authentication event list is collected in a first training service dynamic environment, and the first pair feature distribution is a feature distribution in which an authentication event list is collected in a first test service dynamic environment; if the first strategy decision precision of the initial strategy decision network after the parameter updating for the first target feature distribution is higher than the preset precision, performing network configuration on the initial strategy decision network after the parameter updating through a second feature distribution combination in the M feature distribution combinations to obtain a first initial strategy decision network, wherein the first strategy decision precision is determined by a correlation parameter between the first decision feature distribution obtained by the initial strategy decision network making a decision for the first target feature distribution and the first pair feature distribution, the second feature distribution combination comprises the second target feature distribution and a second pair bit feature distribution, the second target feature distribution is the feature distribution of a collection authentication event list in a second training service dynamic environment, and the second pair bit distribution is the feature distribution of the collection authentication event list in a second testing service dynamic environment; and if the second strategy decision precision of the first initial strategy decision network on the second target characteristic distribution is higher than the preset precision, determining the first initial strategy decision network as the target strategy decision network, wherein the second strategy decision precision is determined by a correlation parameter between the second decision characteristic distribution and the second alignment characteristic distribution, which are obtained by the decision of the first initial strategy decision network on the second target characteristic distribution. The correlation parameter between the feature distributions may be specifically determined by a mean square error between the feature distributions, and the correlation parameter specifically decreases as the mean square error increases. It should be noted that the number of feature distributions in the second feature distribution combination may be much lower than the number of examples in the first feature distribution combination, and whether the model has better migration capability may be verified by the above-described secondary training method, that is, whether the initial policy decision network after parameter update is configured by using a small number of examples, so that the model may also achieve higher policy decision accuracy.

In practical application, the training of the M feature distribution combinations may be completed in the above manner, for example, after it is determined that the second policy decision precision of the first initial policy decision network on the second target feature distribution is higher than the preset precision, the first initial policy decision network may be configured through the third feature distribution combination of the M feature distribution combinations, so as to obtain the first initial policy decision network with updated parameters. The above manner can make part of parameters in the initial policy decision network to be more optimal.

The method comprises the steps of configuring an initial network through any one of M characteristic distribution combinations, wherein the initial network is configured through a plurality of times of iterative updating of network weight information of an initial policy decision network, each iterative updating process of the network weight information is a decision process of updating the network weight information of the initial policy decision network and N groups of reference parameters, the updating reference parameters are obtained by training based on a group of sub-collection authentication event characteristic distribution sequences, each group of sub-collection authentication event characteristic distribution sequences is the characteristic distribution corresponding to any group of sub-collection authentication event lists in the N groups of sub-collection authentication event lists, and the N groups of sub-collection authentication event lists are obtained by searching based on the collection authentication event lists.

In step S130, the cloud authentication server 100 obtains encryption policy invocation information for the target authentication event according to the second authentication event feature distribution, and invokes the encryption policy for the target authentication event in the second service dynamic environment.

In one possible design example, after the cloud authentication server 100 calls the policy decision network to make a decision on the first authentication event feature distribution to obtain a second authentication event feature distribution of the target authentication event in the second service dynamic environment, the cloud authentication server may obtain encryption policy call information for the target authentication event according to the second authentication event feature distribution, and call the encryption policy call information in the second service dynamic environment.

In a possible design example, the specific way for the cloud authentication server 100 to obtain the second authentication event feature distribution of the target authentication event in the second service dynamic environment may be that the cloud authentication server 100 obtains encryption policy parameters of each encryption policy node in the encryption policy node set to be invoked by the encryption policy in the second service dynamic environment, and determines an encryption policy invocation index for each encryption policy node in the encryption policy node set to be invoked by the encryption policy based on the second authentication event feature distribution and each encryption policy parameter; searching out at least one target encryption strategy node from an encryption strategy node set to be encrypted strategy called based on the encryption strategy calling index of each encryption strategy node as encryption strategy calling information aiming at a target authentication event; and determining a target encryption policy calling mode for the target encryption policy node in the encryption policy calling information based on the corresponding relationship between the encryption policy calling index and the encryption policy calling mode, and the cloud authentication server 100 calls the encryption policy for the target encryption policy node in the second service dynamic environment based on the target encryption policy calling mode. The encryption policy calling mode comprises at least one of an encryption policy calling sequence, an encryption policy calling time and an encryption policy calling frequency, and the corresponding relation between the encryption policy calling index and the encryption policy calling mode can be that the higher the encryption policy calling index is, the earlier the encryption policy calling sequence is, the longer the encryption policy calling time is and the higher the encryption policy calling frequency is.

It should be noted that, a specific determination manner of the encryption policy invocation index of each encryption policy node in the encryption policy node set to be invoked by the encryption policy may be that the cloud authentication server 100 performs a dot product decision on the second authentication event feature distribution and each encryption policy parameter, so as to obtain a dot product value corresponding to each encryption policy node; and determining the dot product value corresponding to each encryption strategy node as an encryption strategy calling index of each encryption strategy node in the encryption strategy node set called by the strategy to be encrypted. By the method, the corresponding information can be more intelligently called for the authentication event encryption strategy, so that the information called by the encryption strategy is more matched with the authentication event encryption calling characteristics.

In one possible design example, the cloud authentication server 100 obtains encryption policy invocation information for a target authentication event according to second authentication event feature distribution, and before the encryption policy invocation information is subjected to encryption policy invocation in a second business dynamic environment, reference authentication event feature distribution of the target authentication event in the reference business dynamic environment is obtained, the cloud authentication server 100 invokes a reference policy decision network to make a decision on the reference authentication event feature distribution to obtain third authentication event feature distribution of the target authentication event in the second business dynamic environment, and the reference policy decision network is obtained by training a reference example feature distribution of an example authentication event list in the reference business dynamic environment and a target example feature distribution in the second business dynamic environment on a target policy decision network; and if the correlation parameter between the third authentication event characteristic distribution and the second authentication event characteristic distribution is greater than the preset correlation parameter, acquiring encryption strategy calling information for the target authentication event according to the second authentication event characteristic distribution. In one possible design example, if a correlation parameter between the third authentication event feature distribution and the second authentication event feature distribution is smaller than a preset correlation parameter, the third authentication event feature distribution and the second authentication event feature distribution are fused to obtain a target feature distribution, and encryption policy invocation information is obtained for the target authentication event based on the target feature distribution.

Wherein, the reference service dynamic environment can be an existing service dynamic environment having relevance with the second service dynamic environment, a consistency check mode for the second authentication event feature distribution is provided by checking a third authentication event feature distribution obtained based on the reference service dynamic environment decision and a second authentication event feature distribution obtained based on the first service dynamic environment decision, when the correlation parameter between different feature distribution representations of the target authentication event obtained based on different service dynamic environment decisions in the second service dynamic environment is low, the confidence coefficient of the second authentication event feature distribution obtained based on the first service dynamic environment decision is determined to be lower, the second authentication event feature distribution needs to be obtained again by adopting other modes, when the correlation parameter between different feature distribution representations of the target authentication event obtained based on different service dynamic environment decisions in the second service dynamic environment is high, and determining that the confidence coefficient of the second authentication event feature distribution is higher, namely acquiring encryption strategy calling information for the target authentication event according to the second authentication event feature distribution, thereby realizing the confidence coefficient check of the second authentication event feature distribution.

In one possible design example, the cloud authentication server 100 obtains a first authentication event feature distribution of a target authentication event in a first service dynamic environment, calls a policy decision network to make a decision on the first authentication event feature distribution, obtains a second authentication event feature distribution of the target authentication event in a second service dynamic environment, obtains encryption policy invocation information for the target authentication event according to the second authentication event feature distribution, and invokes an encryption policy for the encryption policy invocation information in the second service dynamic environment. The training process of the strategy decision network comprises iterative updating of network weight information for multiple times, each iterative updating process of the network weight information is a decision process for the network weight information and N updating reference parameters of the strategy decision network, and one updating reference parameter is obtained by training based on a group of sub-example authentication event feature distribution sequences. The strategy decision network is obtained through a grouping iterative training mode, and an object for carrying out encryption strategy calling on the authentication event is determined based on the strategy decision network, so that the accuracy of information encryption strategy calling is improved.

Based on the above description, the embodiments of the present disclosure provide a method for training a policy decision network, and the policy decision network training process may be implemented by the following exemplary steps.

In step S210, the cloud authentication server 100 acquires an example authentication event list.

In one possible design example, each example authentication event in the example authentication event list has service dynamic association data in both the first service dynamic environment and the second service dynamic environment, and the service dynamic environment may be a service application service, a service microservice service, or the like, and if the service dynamic environment is a service application service, each example authentication event in the example authentication event list uses both the first service application service and the second service application service, that is, the service dynamic association data is stored in both the first service application service and the second service application service. The cloud authentication server 100 may acquire an authentication event list Us in the first business dynamic environment and an authentication event list Ut in the second business dynamic environment, and use an intersection between Us and Ut as an example authentication event list Uo.

In a possible design example, to further ensure that example authentication events are representative, after the cloud authentication server 100 obtains an intersection between Us and Ut, the cloud authentication server may search for the authentication events in the intersection based on a preset search condition, determine the authentication events in the intersection that satisfy the search condition as example authentication events, and construct an example authentication event list Uo based on each searched example authentication event. The search condition may specifically be that data volumes of the dynamic service associated data in the first dynamic service environment and the second dynamic service environment are both greater than a preset threshold, and the dynamic service associated data may specifically be a dynamic service access parameter, an access frequency, and the like to the dynamic service environment, and if the dynamic service environment is a service application service, the cloud authentication server 100 determines an authentication event that the access frequency to the first service application service and the second service application service is both greater than a preset frequency as an example authentication event.

In step S220, the cloud authentication server 100 finds N groups of sub-example authentication event lists from the example authentication event list, and determines a feature distribution corresponding to each group of sub-example authentication event lists from the example feature distribution.

In one possible design example, after the cloud authentication server 100 obtains the example authentication event list, N groups of sub-example authentication event lists may be found from the example authentication event list, and the feature distribution corresponding to each group of sub-example authentication event lists may be determined from the example feature distribution. The feature distribution corresponding to each group of the sub-example authentication event lists comprises a first sub-example feature distribution of each group of the sub-example authentication event lists in a first business dynamic environment and a target sub-example feature distribution in a second business dynamic environment. In one possible design example, for the example authentication event manifest Uo, the cloud authentication server 100 looks up N child example authentication event manifests { U1, … … Un } from the example authentication event manifest Uo.

In step S230, the cloud authentication server 100 performs network configuration on the target policy decision network based on the feature distribution corresponding to each group of sub-example authentication event lists, so as to obtain N update reference parameters.

In a possible design example, after the cloud authentication server 100 determines the feature distribution corresponding to each group of sub-example authentication event lists from the example feature distribution, the target policy decision network is configured on the basis of the feature distribution corresponding to each group of sub-example authentication event lists, so as to obtain N update reference parameters.

In a possible design example, the cloud authentication server 100 determines the same update reference parameter corresponding to each group of sub-example authentication event lists in the N sub-example authentication event lists, and specifically, a determination method of the update reference parameter ω i corresponding to any target sub-example authentication event list Ui in the N sub-example authentication event lists is described in detail below. The cloud authentication server 100 splits the target sub-example authentication event list Ui to obtain a first target sub-example authentication event list Ua and a second target sub-example authentication event list Ub, and obtains a first feature distribution Da corresponding to the first target sub-example authentication event list and a second feature distribution Db corresponding to the second target sub-example authentication event list, the cloud authentication server 100 performs network configuration on the target policy decision network based on the first feature distribution Da to obtain a first adjustment reference parameter L θ, and updates the network weight information of the target policy decision network from the initial weight information θ to target weight information θ 1 based on the first adjustment reference parameter, the cloud authentication server 100 performs network configuration on the target policy decision network after the network weight information is updated to the target weight information θ 1 based on the second feature distribution Db to obtain a second adjustment reference parameter L θ 1, the cloud authentication server 100 determines an updated reference parameter ω i corresponding to the target sub-example authentication event list Ui based on the second adjustment reference parameter L θ 1 and the initial weight information θ. Wherein the first profile comprises a first target authentication event profile Da1 of the first target sub-example authentication event manifest in the first business dynamic environment, and a third authentication event signature distribution sequence Da2 in the second business dynamic environment, the second signature distribution comprising a second target authentication event signature distribution sequence Db1 of the second target sub-instance authentication event manifest in the first business dynamic environment, in the fourth authentication event feature distribution sequence Db2 in the second service dynamic environment, the specific manner of obtaining the first adjustment reference parameter L θ by the cloud authentication server 100 performing network configuration on the target policy decision network based on the first feature distribution Da may be that the cloud authentication server 100 calls the target policy decision network to make a decision on the first target authentication event feature distribution sequence Da1 to obtain a first decision example feature distribution Qa 1; a mean square error between the first decision example signature distribution Qa1 and the third authentication event signature distribution sequence Da2 is calculated, and the mean square error is taken as the first adjustment reference parameter L θ. Similarly, the cloud authentication server 100 calls the target policy decision network with updated parameters to decide the target policy decision network on the second target authentication event feature distribution sequence Db1, so as to obtain a second decision example feature distribution Qb 1; a mean square error between the second decision example signature distribution Qb1 and the fourth authentication event signature distribution sequence Db2 is calculated, and the mean square error is taken as the first adjustment reference parameter L θ 1.

The specific way that the cloud authentication server 100 updates the network weight information of the target policy decision network from the initial weight information θ to the target weight information θ 1 based on the first adjustment reference parameter L θ may be to calculate a partial derivative value of L θ with respect to θ, perform weighting processing on the partial derivative value based on a preset parameter λ to obtain a weighted partial derivative value, and determine, as the target weight information θ 1, the difference between the initial weight information θ and the weighted partial derivative value by the cloud authentication server 100.

The specific way for the cloud authentication server 100 to determine the updated reference parameter ω i corresponding to the target sub-example authentication event list Ui based on the second adjustment reference parameter L θ 1 and the initial weight information θ may be to calculate a second-order partial derivative value of L θ 1 with respect to θ, and use the second-order partial derivative value as the updated reference parameter ω i corresponding to the target sub-example authentication event list Ui.

Through the scheme, the cloud authentication server 100 can calculate the feature distribution corresponding to each group of sub-example authentication event lists to perform network configuration on the target policy decision network, so as to obtain an updated reference parameter set { ω 1, … …, ω N }, where ω i in the set corresponds to the updated reference parameter of Ui corresponding to any one group of sub-example authentication event lists in the N groups of sub-example authentication event lists.

By the method for obtaining the updated reference parameter based on the second-order partial derivative, the relation between different parameters obtained by decision can be constructed, so that the parameters obtained by different training before and after the parameter form influence on the final network weight information, and the accuracy of the strategy decision network on the characteristic distribution decision is improved.

In step S240, the cloud authentication server 100 updates the network weight information in the target policy decision network based on the N update reference parameters.

In one possible design example, after the cloud authentication server 100 calculates N updated reference parameters, the network weight information θ in the target policy decision network may be updated based on the N updated reference parameters.

For example, the N updated reference parameters ω i may be fused to obtain a fused reference parameter, and a weight corresponding to the fused reference parameter is obtained, and the weighted reference parameter is obtained by performing weighting processing on the fused reference parameter by using the weight, so that the cloud authentication server 100 updates the network weight information in the target policy decision network from the initial weight information to a difference between the initial weight information and the weighted reference parameter.

In step S250, if the target policy decision network after updating the network weight information satisfies the preset condition, the target policy decision network after updating the network weight information is determined as the trained policy decision network.

In a possible design example, the preset condition includes that the policy decision precision of each feature distribution in the feature distribution corresponding to each group of the sub-example authentication event lists by the target policy decision network is higher than the preset precision, wherein the cloud authentication server 100 obtains any first feature distribution in the feature distributions corresponding to the sub-example authentication event lists to make a decision to obtain a first decision feature distribution, calculates a mean square error between the first decision feature distribution and a second feature distribution, determines that the decision on the first feature distribution is accurate when the mean square error is smaller than the preset error, and the cloud authentication server 100 determines the policy decision precision of each feature distribution in the feature distributions in this way. The first characteristic distribution is the characteristic distribution of any one authentication event in the sub-example authentication event list in the first service dynamic environment, the second characteristic distribution is the characteristic distribution of the authentication event in the second service dynamic environment, and the first decision characteristic distribution is the characteristic distribution obtained by calling a policy decision network to make a decision on the first characteristic distribution.

In one possible design example, the training process of the policy decision network includes a plurality of iterative updates of network weight information of the target policy decision network, each iterative update process of the network weight information is a decision process of network weight information of the target policy decision network and N groups of updated reference parameters, the updated reference parameters are obtained by training based on a group of sub-example authentication event feature distribution sequences, each group of sub-example authentication event feature distribution sequences is a feature distribution corresponding to any one group of sub-example authentication event lists in the N groups of sub-example authentication event lists, the N groups of sub-example authentication event lists are obtained by searching based on the example authentication event lists, one update of the network weight information is completed through a plurality of updated reference parameters, the parameters are updated by combining a plurality of groups of example features, so that the iterative process is more regular, and the parameters updated by combining multiple groups of characteristics can be close to the optimal network weight information, and the training efficiency of the strategy decision network is improved. Moreover, different combination modes are adopted to combine the example authentication events to obtain a plurality of sub-example authentication event lists, and the updating of the network weight information is completed by taking the sub-example authentication event lists as training units, because the number of example combinations is far more than that of examples, for example, 3 examples can obtain combinations in different modes in 6, the expansion of the examples is realized, the number of example data is increased, the expansion of the examples is realized, and the problem of less example data with strong correlation in the network configuration process is solved.

Based on the above description, the information encryption policy calling procedure may include the following steps S310 to S370:

in step S310, the cloud authentication server 100 obtains a second service dynamic environment for performing information encryption policy invocation on the target authentication event.

In a possible design example, the second service dynamic environment may specifically be a target service application service, and the like, and the cloud authentication server 100 may obtain the second service dynamic environment that needs to perform information encryption policy invocation on the authentication event in advance, in a possible design example, the cloud authentication server 100 may obtain the second service dynamic environment when a trigger condition is detected, and the trigger condition may be that the second service dynamic environment is installed on a terminal used by the target authentication event or that the terminal is registered in the second service dynamic environment. If the second service dynamic environment is a target service application service and the target service application service has a function of calling an information encryption policy for the authentication event, the cloud authentication server 100 acquires the target service application service when detecting that the target service application service is installed in a terminal used by the target authentication event, so as to further call the information encryption policy for the target authentication event in the target service application service.

In step S320, the cloud authentication server 100 finds the first dynamic service environment matching the second dynamic service environment from the dynamic service environment list.

In one possible design example, after obtaining the second business dynamic environment, the cloud authentication server 100 may find out the first business dynamic environment matching the second business dynamic environment from a business dynamic environment list, where the business dynamic environment list includes at least one target business dynamic environment.

In a possible design example, the specific way of the cloud authentication server 100 finding the first service dynamic environment matched with the second service dynamic environment from the service dynamic environment list may be that the cloud authentication server 100 obtains the second service dynamic environment characteristics of the second service dynamic environment and the target service dynamic environment characteristics of each target service dynamic environment in the service dynamic environment list, and service dynamic associated data of a target authentication event is stored in each target service dynamic environment; the cloud authentication server 100 determines correlation parameters between the second service dynamic environment characteristics and the target service dynamic environment characteristics of each target service dynamic environment, and finds out target service dynamic environment characteristics of which the correlation parameters with the second service dynamic environment characteristics meet preset conditions; the cloud authentication server 100 determines a service dynamic environment corresponding to the target service dynamic environment feature as a first service dynamic environment matched with a second service dynamic environment. The service dynamic environment characteristics comprise at least one of service dynamic environment types, service dynamic environment resources and service dynamic environment applicable users, the service dynamic environment types comprise payment, multimedia and the like, the service dynamic environment resources are the size of resources of a terminal for installing the service dynamic environment occupied by the service dynamic environment, the service dynamic environment applicable users are divided into individual users, enterprise users, private users, public users and the like, correlation parameters corresponding to different service dynamic environment characteristics can be preset, for example, the correlation parameters of the multimedia and new media are 50%, the correlation parameters are 80% when the difference of the occupied memory size is within 100 megabytes, and the correlation parameters of the individual users and the private users are 80%. If the service dynamic environment characteristic is a service dynamic environment type, the type of the second service dynamic environment is a new media, the type of the target service dynamic environment 1 is a multimedia, the type of the target service dynamic environment 2 is a live broadcast, the cloud authentication server 100 determines that the correlation parameter between the multimedia and the new media is 50% from the preset correlation parameter corresponding relation, the correlation parameter between the live broadcast and the new media is 30%, and the preset condition is that the correlation parameter is the highest, the characteristic of the target service dynamic environment 1 meets the preset condition, and the cloud authentication server 100 determines the target service dynamic environment 1 as a first service dynamic environment matched with the second service dynamic environment. In a possible design example, the first business dynamic environment may also be a set of multiple target business dynamic environments, if the preset condition is that the correlation parameter is greater than 20%, then both the characteristics of the target business dynamic environment 1 and the characteristics of the target business dynamic environment 2 satisfy the preset condition, and the cloud authentication server 100 determines the target business dynamic environment 1 and the target business dynamic environment 2 as the first business dynamic environment matching the second business dynamic environment.

In step S330, the cloud authentication server 100 obtains an example authentication event list dynamically associated with the second service dynamic environment and the first service dynamic environment, and determines an example feature distribution corresponding to the example authentication event list.

In one possible design example, after the cloud authentication server 100 determines the second dynamic service environment and the first dynamic service environment, an example authentication event dynamically associated with the second dynamic service environment and the first dynamic service environment is searched, and an example authentication event list is constructed based on the searched example authentication events.

Further, the cloud authentication server 100 determines an example feature distribution corresponding to the example authentication event list, where the example feature distribution includes a first example feature distribution of the example authentication event list in the first business dynamic environment and a target example feature distribution in the second business dynamic environment, the first example feature distribution includes a first example feature distribution of each example authentication event in the first business dynamic environment, and the target example feature distribution includes a target example feature distribution of each example authentication event in the second business dynamic environment.

In step S340, the cloud authentication server 100 performs targeted policy decision network training through the example feature distribution corresponding to the example authentication event list to obtain a policy decision network.

In one possible design example, the example feature distribution includes a first example feature distribution of the example authentication event list in the first business dynamic environment and a target example feature distribution in the second business dynamic environment, and the cloud authentication server 100 performs network configuration on the target policy decision network specifically through the first example feature distribution and the target example feature distribution, so that a correlation parameter between the target policy decision network and the target example feature distribution obtained by processing the first example feature distribution by the target initialization network is higher than a preset threshold, that is, the policy decision network has the capability of deciding the feature distribution in the first business dynamic environment to the feature distribution in the second business dynamic environment. The correlation parameter between the feature distributions may be specifically determined by a mean square error value between the feature distributions.

In one possible design example, the first business dynamic environment is a collection of multiple business dynamic environments, such as including a first target business dynamic environment and a second target business dynamic environment, the policy decision network also includes a first policy decision network and a second policy decision network, the cloud authentication server 100 may perform network configuration on the target policy decision network through the first target example feature distribution of the example authentication event list in the first target business dynamic environment and the target example feature distribution in the second business dynamic environment, to obtain the first policy decision network, and performing network configuration on the target policy decision network through second target example feature distribution of the example authentication event list in a second target service dynamic environment and target example feature distribution in the second service dynamic environment to obtain a second policy decision network.

In step S350, the cloud authentication server 100 obtains a first authentication event feature distribution of the target authentication event in the first service dynamic environment.

In one possible design example, the target authentication event has a business dynamic association with the first business dynamic environment in a history, so the cloud authentication server 100 may obtain the first authentication event feature distribution generated based on the business dynamic association data of the target authentication event and the first business dynamic environment. The first authentication event feature distribution may be specifically used to represent an encryption calling feature of the target authentication event to the first service dynamic environment, and if the first service dynamic environment is the first service application service, the first authentication event feature distribution is a feature distribution generated based on an access encryption calling feature when the target authentication event accesses the first service application service. The cloud authentication server 100 may obtain a first authentication event feature distribution of the target authentication event in the first business dynamic environment.

In one possible design example, the first business dynamic environment is a set of multiple business dynamic environments, such as a first target business dynamic environment and a second target business dynamic environment, and the first authentication event feature distribution of the target authentication event in the first business dynamic environment includes a first authentication event feature distribution of the target authentication event in the first target business dynamic environment and a second authentication event feature distribution of the target authentication event in the second target business dynamic environment.

In step S350, the cloud authentication server 100 invokes the policy decision network to make a decision on the first authentication event feature distribution, so as to obtain a second authentication event feature distribution of the target authentication event in the second service dynamic environment.

In a possible design example, the target authentication event may have no or only a small amount of service dynamic associated data in the second service dynamic environment, that is, data analysis cannot be performed based on access information of the target authentication event in the second service dynamic environment, so that the authentication event feature distribution of the target authentication event in the second service dynamic environment is accurately determined. The cloud authentication server 100 may invoke a policy decision network to make a decision on the feature distribution of the first authentication event when detecting that the target authentication event has no or only a small amount of service dynamic associated data in the second service dynamic environment, so as to obtain the second authentication event feature distribution of the target authentication event in the second service dynamic environment.

In one possible design example, if there is one first service dynamic environment, the cloud authentication server 100 may directly invoke the policy decision network to make a decision on the first authentication event feature distribution of the target authentication event in the first service dynamic environment, so as to obtain the second authentication event feature distribution of the target authentication event in the second service dynamic environment.

In one possible design example, the first business dynamic environment is plural, such as comprising a first target business dynamic environment and a second target business dynamic environment, the policy decision network comprises a first policy decision network for making a decision on feature distribution in the first target business dynamic environment and a second policy decision network for making a decision on feature distribution in the second target business dynamic environment, the cloud authentication server 100 may invoke a first policy decision network to make a decision on the first target authentication event feature distribution, resulting in a third authentication event feature distribution, and invoking a second policy decision network to make a decision on the second target authentication event feature distribution to obtain a fourth authentication event feature distribution, and fusing the third authentication event characteristic distribution and the fourth authentication event characteristic distribution to obtain a second authentication event characteristic distribution of the target authentication event in the second service dynamic environment. The strategy decision network decides the first authentication event feature distribution of the target authentication event in the first service dynamic environment into the second authentication event feature distribution in the second service dynamic environment, so that the encryption calling feature of the target authentication event can be conveniently analyzed in the second service dynamic environment, and a corresponding object is called to the target authentication event encryption strategy in the second service dynamic environment.

In step S370, the cloud authentication server 100 obtains encryption policy invocation information for the target authentication event according to the second authentication event feature distribution, and invokes the encryption policy for the target authentication event in the second service dynamic environment.

In one possible design example, after the cloud authentication server 100 obtains the second authentication event feature distribution of the target authentication event in the second business dynamic environment, encryption policy invocation information may be obtained for the target authentication event based on the second authentication event profile, in one possible design example, the encryption policy invocation information is one or more encryption policy nodes in the encryption policy node set to be encrypted policy invoked, the cloud authentication server 100 may obtain encryption policy parameters of each encryption policy node in the encryption policy node set to be encrypted policy invoked in the second business dynamic environment, and determining an encryption policy invocation index for each encryption policy node in the set of encryption policy nodes to be invoked for the encryption policy based on the second authentication event feature distribution and each encryption policy parameter, and finding out encryption strategy calling information based on the encryption strategy calling indexes of the encryption strategy nodes. The cloud authentication server 100 obtains the encryption policy parameters and determines the encryption policy invocation indexes for the encryption policy nodes in the encryption policy node set called by the encryption policy to be encrypted based on the second authentication event characteristic distribution and the encryption policy parameters.

In a possible design example, the encryption policy invocation index of each encryption policy node in the encryption policy node set called by the policy to be encrypted may be determined in such a manner that the cloud authentication server 100 performs a dot-product decision on the second authentication event feature distribution and each encryption policy parameter, respectively, to obtain a dot-product value corresponding to each encryption policy node, and determines the dot-product value corresponding to each encryption policy node as the encryption policy invocation index for each encryption policy node in the encryption policy node set called by the policy to be encrypted, where the higher the encryption policy invocation index is, the more matched the object is with the encryption invocation feature of the target authentication event.

Further, after the cloud authentication server 100 determines the encryption policy invocation index of each encryption policy node, an object in the encryption policy node set to be invoked by the encryption policy to be invoked may be searched based on the encryption policy invocation index, so as to obtain the encryption policy invocation information for the target authentication event.

In a possible design example, the specific way for the cloud authentication server 100 to search for the objects in the encryption policy node set to be called by the encryption policy based on the encryption policy calling index may be that the cloud authentication server 100 sorts the objects in the encryption policy node set to be called by the encryption policy according to the order of the encryption policy calling index from high to low, determines the object sorted to the first I bit as the target encryption policy node, and uses the I target encryption policy nodes as the encryption policy calling information for the target authentication event, where I is a positive integer.

In a possible design example, the specific way for the cloud authentication server 100 to search for an object in the set of encryption policy nodes to be called by the encryption policy based on the encryption policy calling index may be that the cloud authentication server 100 detects whether the encryption policy calling index of each encryption policy node is greater than a preset threshold, and determines that the object whose encryption policy calling index is greater than the preset threshold is a target encryption policy node and the target encryption policy node is used as the encryption policy calling information for the target authentication event.

After the cloud authentication server 100 determines the encryption policy invocation information for the target authentication event, the encryption policy invocation information may be invoked in the second service dynamic environment.

In one possible design example, a feature distribution representation in a second business dynamic environment of an authentication event may be determined based on a feature distribution representation of the authentication event in multiple first business dynamic environments, making the feature distribution decision more accurate, and for objects of different encryption policy invocation indexes, the cloud authentication server 100 may have different encryption policy invocation modes, specifically, a target encryption policy invocation mode for each target encryption policy node in the encryption policy invocation information is determined based on a corresponding relationship between the encryption policy invocation index and the encryption policy invocation mode, the encryption policy invocation mode includes at least one of an encryption policy invocation sequence, an encryption policy invocation duration, and an encryption policy invocation frequency, and the cloud authentication server 100 invokes the encryption policy invocation information in the second service dynamic environment based on the target encryption policy invocation mode. The corresponding relation between the encryption policy calling index and the encryption policy calling mode can be that the higher the encryption policy calling index is, the more advanced the encryption policy calling sequence is, the longer the encryption policy calling time is, and the higher the encryption policy calling frequency is. By the method, the corresponding information can be more intelligently called for the authentication event encryption strategy, so that the information called by the encryption strategy is more matched with the authentication event encryption calling characteristics.

In one implementation scenario, the solution may be used between different business dynamic environments, such as a first business dynamic environment and a second business dynamic environment. The method is mainly used for linking encryption strategy calling across service dynamic environments, namely, the encryption calling characteristics of the authentication event in the second service dynamic environment are determined based on the encryption calling characteristics of the authentication event in the first service dynamic environment. And the method does not change the original encryption strategy calling system and influence the encryption strategy calling of the common authentication event. Aiming at a newly added authentication event, firstly inquiring service dynamic associated data of the authentication event in a first service dynamic environment to obtain first authentication event characteristic distribution of the authentication event in the first service dynamic environment, then obtaining second authentication event characteristic distribution of the authentication event in a second service dynamic environment through a policy decision network, and determining information needing to carry out encryption policy calling on the authentication event by using the second authentication event characteristic distribution. For example, assuming that a target authentication event has service dynamic associated data in a first service dynamic environment, the cloud authentication server 100 may obtain a first authentication event feature distribution corresponding to the target authentication event in the first service dynamic environment from a background server in the first service dynamic environment, call a policy decision network to make a decision on the first authentication event feature distribution, obtain a second authentication event feature distribution in a second service dynamic environment, find out encryption policy invocation information based on the second authentication event feature distribution, and send the encryption policy invocation information to a terminal used by the target authentication event, so that the target authentication event refers to the encryption policy invocation information. In the calling process of the policy decision network, in a possible design example, assuming that there is a model in each of the first business dynamic environment and the second business dynamic environment, the first model (R1) in the first business dynamic environment is used for making a decision on a first feature distribution U1 of the target authentication event in the first business dynamic environment to obtain a first encryption policy calling information V1 of the target authentication event in the first business dynamic environment, the target model (R2) in the second business dynamic environment is used for making a decision on a target feature distribution U2 of the target authentication event in the second business dynamic environment to obtain a target encryption policy calling information V2 of the target authentication event in the second business dynamic environment, when the first feature distribution U1 of the target authentication event in the first business dynamic environment and the target feature distribution U2 in the second business dynamic environment are not present, the first signature distribution U1 may be used as an input to the policy decision network, which makes a decision on U1, i.e., a target signature distribution U2 of the target authentication event in the second business dynamic environment may be output. Then, the target feature distribution U2 is obtained by making a decision on the first feature distribution U1, so that a decision on the target feature distribution U2 through a target model (R2) can be achieved, and the target encryption policy invoking information V2 of the target authentication event in the second service dynamic environment is obtained, so as to achieve a decision between the first encryption policy invoking information V1 and the target encryption policy invoking information V2.

Further, in a possible design concept, the above scheme may further include the following steps.

Step S140, acquiring a block chain security authentication library generated after performing authentication encryption after performing encryption policy invocation of a target authentication event in the second service dynamic environment, wherein an authentication digital certificate of an authentication service object for various dynamic access behaviors is stored in the block chain security authentication library.

And step S150, performing dynamic bidirectional authentication on each received dynamic access behavior based on the block chain security authentication library, and generating an authentication service transmission channel aiming at each dynamic access behavior after the dynamic bidirectional authentication is passed.

Step S160, acquiring control information for acquiring service data of the authentication service transmission channel, where the acquisition control information is control model information for acquiring service data of each authentication service transmission channel in the sequence of authentication service transmission channels to be processed.

Step S170, obtaining target distributed control information corresponding to the acquisition control information, where the target distributed control information corresponding to the acquisition control information includes service acquisition node distribution corresponding to the acquisition control information.

And step S180, performing service acquisition decision analysis on target distributed control information corresponding to the acquisition control information according to a target service acquisition decision network to obtain service acquisition node distribution corresponding to the acquisition control information.

And step S190, determining a target service data acquisition project corresponding to the acquisition control information according to the service acquisition node distribution corresponding to the acquisition control information, and allocating a corresponding target service acquisition process to the authentication service transmission channel to acquire big data of the authentication service transmission channel.

Based on the steps, the service data acquisition items required by the authentication service transmission channels are subjected to system analysis through the acquisition control information, so that the large data acquisition is performed on the corresponding authentication service transmission channels according to the target service data acquisition items corresponding to the authentication service transmission channels in the authentication service transmission channel sequence, and the large data acquisition efficiency and the large data acquisition precision can be improved.

For example, in a possible design concept, before step S180, the embodiment may further obtain the first acquisition control information example, the service acquisition decision reference information corresponding to the first acquisition control information example, and the second acquisition control information example. And acquiring target distributed control information corresponding to the first acquisition control information example and target distributed control information corresponding to the second acquisition control information example. And training a preset service acquisition decision network according to the target distributed control information corresponding to the first acquisition control information example and the service acquisition decision reference information corresponding to the first acquisition control information example to obtain a first service acquisition decision network. And performing service acquisition decision analysis on target distributed control information corresponding to the second acquisition control information example according to the first service acquisition decision network to obtain first to-be-determined service acquisition node distribution corresponding to the second acquisition control information example. And performing service acquisition decision analysis on target distributed control information corresponding to the first acquisition control information example according to a preset service acquisition decision network to obtain undetermined service acquisition node distribution corresponding to the first acquisition control information example, calculating a difference parameter according to the undetermined service acquisition node distribution corresponding to the first acquisition control information example and service acquisition decision reference information corresponding to the first acquisition control information example, and reversely updating the parameter of the preset service acquisition decision network by using the difference parameter. And (3) iteratively executing the process until a termination condition of the supervised training is met, obtaining a first service acquisition decision network, wherein the termination condition of the supervised training comprises at least one of the following conditions: the iterative training times reach the set times, the difference parameter is smaller than the set threshold value, and the difference parameter is converged. And adjusting parameters of the first service acquisition decision network after parameter adjustment again according to the target distributed control information corresponding to the second acquisition control information example, the target distributed control information corresponding to the first acquisition control information example and the service acquisition decision reference information corresponding to the first acquisition control information example until a training end condition is reached, and taking the first service acquisition decision network obtained when the training end condition is reached as a target service acquisition decision network.

For example, in a possible design concept, the service acquisition node distribution corresponding to the acquisition control information includes a service acquisition confidence corresponding to a reference service acquisition decision manner and service acquisition confidence corresponding to a plurality of pending service acquisition decision manners, and step S190 may be implemented by the following implementation manners.

And a substep S191 of acquiring a service acquisition confidence corresponding to each pending service acquisition decision mode and a service acquisition confidence corresponding to a reference service acquisition decision mode according to pre-recorded historical service acquisition control data.

And a substep S192 of comparing the service acquisition confidence corresponding to each pending service acquisition decision manner with the service acquisition confidence corresponding to the reference service acquisition decision manner.

And in the substep S193, when the service acquisition confidence corresponding to each pending service acquisition decision mode is less than or equal to the service acquisition confidence corresponding to the reference service acquisition decision mode, taking the reference service acquisition decision list corresponding to the reference service acquisition decision mode as a target service data acquisition item corresponding to the acquisition control information.

And a substep S194, when the service acquisition confidence corresponding to each of the plurality of pending service acquisition decision manners is greater than the service acquisition confidence corresponding to the reference service acquisition decision manner, taking the pending service acquisition decision list corresponding to the plurality of pending service acquisition decision manners as a target service data acquisition item corresponding to the acquisition control information, where the pending service acquisition decision list corresponding to the plurality of pending service acquisition decision manners is a service acquisition decision list corresponding to one of the plurality of pending service acquisition decision manners with the highest service acquisition confidence.

In a possible design idea, the target distributed control information includes control table matching information and a control table floating range, the authentication service transmission channel sequence includes a plurality of authentication service transmission channels, the number of the acquisition control information is multiple, and any acquisition control information in the plurality of acquisition control information includes sub-control information corresponding to the authentication service transmission channel sequence to be processed.

Step S170 may be implemented by the following exemplary embodiments.

And a substep S171 of determining a plurality of available control entries corresponding to each acquisition control information in the authentication service transmission channel sequence to be processed.

And a substep S172, determining a plurality of shared target service acquisition process items in the authentication service transmission channel sequence to be processed.

And a substep S173 of using each common control table entry between the plurality of available control table entries and the plurality of shared target traffic collection process entries as a plurality of first unit control table entries.

And a substep S174, using the other control table entries except the first unit control table entries in the plurality of available control table entries as a plurality of second unit control table entries.

And a substep S175, determining matching information of the control table entry corresponding to each acquisition control information according to the sub-control information corresponding to each acquisition control information of the plurality of first unit control table entries, the number of the overall control table entries of the plurality of first unit control table entries, the sub-control information corresponding to each acquisition control information of the plurality of second unit control table entries, and the number of the overall control table entries of the plurality of second unit control table entries.

And a substep S176, determining a floating range of the control table entry corresponding to each acquisition control information according to the sub-control information corresponding to each acquisition control information of the plurality of available control table entries, the frequent acquisition control information corresponding to each of the plurality of available control table entries, the number of the available control table entries corresponding to each of the plurality of available control table entries, and the number of the overall control table entries of the plurality of available control table entries. The frequent acquisition control information corresponding to the plurality of available control entries and the number of the available control entries corresponding to the plurality of available control entries are obtained according to the plurality of acquisition control information.

The method comprises the steps of determining a plurality of shared target service acquisition process items in an authentication service transmission channel sequence to be processed, wherein the task correlation coefficients corresponding to the authentication service transmission channel sequence to be processed can be calculated by the shared target service acquisition process items, and using reference target service acquisition process items corresponding to the authentication service transmission channels of which the corresponding task correlation coefficients in the authentication service transmission channel sequence to be processed meet correlation conditions as the shared target service acquisition process items.

Or, determining undetermined control table entry sequences corresponding to the plurality of acquisition control information respectively, and taking the reference target service acquisition process item corresponding to each authentication service transmission channel which meets the matching condition in the reference target service acquisition process items corresponding to the authentication service transmission channel sequences to be processed as a plurality of shared target service acquisition process items, wherein the meeting of the matching condition includes that the occurrence number of the reference target service acquisition process items in the undetermined control table entry sequences corresponding to the plurality of acquisition control information respectively reaches a set value.

Or calculating task correlation coefficients corresponding to the authentication service transmission channel sequences to be processed respectively, and taking each authentication service transmission channel in which the corresponding task correlation coefficient in the authentication service transmission channel sequences to be processed meets the correlation condition as a plurality of first target service acquisition process items. Determining undetermined control table entry sequences corresponding to the plurality of acquisition control information respectively, taking reference target service acquisition process items corresponding to the authentication service transmission channels meeting matching conditions in reference target service acquisition process items corresponding to the authentication service transmission channel sequences to be processed as a plurality of second target service acquisition process items, wherein meeting the matching conditions comprises that the occurrence number of the reference target service acquisition process items in the undetermined control table entry sequences corresponding to the plurality of acquisition control information respectively reaches a set value. And combining the plurality of first target service acquisition process items and the plurality of second target service acquisition process items to serve as a plurality of shared target service acquisition process items.

Fig. 3 is a schematic functional module diagram of an encryption policy invoking device 300 based on blockchain security authentication according to an embodiment of the present disclosure, and in this embodiment, functional modules of the encryption policy invoking device 300 based on blockchain security authentication may be divided according to the method embodiment executed by the cloud authentication server 100, that is, the following functional modules corresponding to the encryption policy invoking device 300 based on blockchain security authentication may be used to execute the method embodiments executed by the cloud authentication server 100. The device 300 for invoking encryption policy based on blockchain security authentication may include an obtaining module 310, a first invoking module 320, and a second invoking module 330, where functions of the functional modules of the device 300 for invoking encryption policy based on blockchain security authentication are described in detail below.

The obtaining module 310 is configured to obtain a first authentication event feature distribution of a target authentication event in a first service dynamic environment. The obtaining module 310 may be configured to perform the step S110, and the detailed implementation of the obtaining module 310 may refer to the detailed description of the step S110.

The first invoking module 320 is configured to invoke a policy decision network to make a decision on the first authentication event feature distribution, so as to obtain a second authentication event feature distribution of the target authentication event in the second service dynamic environment. The first invoking module 320 may be configured to execute the step S120, and the detailed implementation of the first invoking module 320 may refer to the detailed description of the step S120.

The second invoking module 330 is configured to obtain encryption policy invoking information for the target authentication event according to the second authentication event characteristic distribution, and invoke the encryption policy of the target authentication event in the second service dynamic environment using the encryption policy invoking information. The second invoking module 330 may be configured to execute the step S130, and the detailed implementation of the second invoking module 330 may refer to the detailed description of the step S130.

The policy decision network is obtained by training a target policy decision network through example feature distribution, wherein the example feature distribution comprises a first example feature distribution of an example authentication event list in a first business dynamic environment and a target example feature distribution in a second business dynamic environment.

It should be noted that the division of each module of the above apparatus is only a division of a logic function, and when the actual implementation is implemented, all or part of the division may be integrated into one physical entity, or may be physically separated. And these modules may all be implemented in software invoked by a processing element. Or may be implemented entirely in hardware. And part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the obtaining module 310 may be a processing element separately set up, or may be implemented by being integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and the processing element of the apparatus calls and executes the functions of the obtaining module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

Fig. 4 is a schematic diagram illustrating a hardware structure of the cloud authentication server 100 for implementing the encryption policy invoking method based on blockchain security authentication according to the embodiment of the present disclosure, and as shown in fig. 4, the cloud authentication server 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120 (for example, the obtaining module 310, the first invoking module 320, and the second invoking module 330 included in the encryption policy invoking device 300 based on blockchain security authentication shown in fig. 3), so that the processor 110 may execute the encryption policy invoking method based on blockchain security authentication according to the above method embodiment, and the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control transceiving actions of the transceiver 140, so as to perform data transceiving with the blockchain authentication terminal 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the cloud authentication server 100, and implementation principles and technical effects thereof are similar, and details of this embodiment are not described herein again.

In addition, the embodiment of the disclosure also provides a readable storage medium, where a computer execution instruction is preset in the readable storage medium, and when a processor executes the computer execution instruction, the encryption policy calling method based on the block chain security authentication is implemented as described above.

Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims

1. A strategy decision training method based on block chain security authentication is applied to a cloud authentication server, wherein the cloud authentication server is in communication connection with a plurality of block chain authentication terminals, and the method comprises the following steps:

and training a target policy decision network through example feature distribution corresponding to the example authentication event list to obtain a policy decision network so as to carry out policy decision based on the policy decision network.

2. The block chain security certification-based policy decision training method according to claim 1, further comprising:

acquiring the characteristic distribution of the reference authentication event of the target authentication event in a reference service dynamic environment;

calling a reference policy decision network to make a decision on the reference authentication event feature distribution to obtain a third authentication event feature distribution of the target authentication event in a second service dynamic environment, wherein the reference policy decision network is obtained by training a reference example feature distribution of the example authentication event list in the reference service dynamic environment and a target example feature distribution in the second service dynamic environment;

if the correlation parameter between the third authentication event characteristic distribution and the second authentication event characteristic distribution is larger than a preset correlation parameter, acquiring encryption policy calling information for the target authentication event according to the second authentication event characteristic distribution, and calling the encryption policy calling information for the target authentication event in the second service dynamic environment;

3. The block chain security certification-based policy decision training method according to claim 1, wherein the training of the target policy decision network through the example feature distribution corresponding to the example certification event list to obtain the policy decision network comprises:

and if the target policy decision network after the updating of the network weight information meets a preset condition, determining the target policy decision network after the updating of the network weight information as the policy decision network, wherein the preset condition comprises that the policy decision precision of each feature distribution in the feature distributions corresponding to each group of the sub-example authentication event lists of the target policy decision network is higher than the preset precision.

4. The block chain security certification-based policy decision training method according to claim 3, wherein the step of performing network configuration on a target policy decision network based on feature distribution corresponding to any one group of target sub-example authentication event lists in the N groups of sub-example authentication event lists to obtain a target update reference parameter comprises:

and performing second-order partial derivation processing on the initial weight information based on the second adjustment reference parameter to obtain a target update reference parameter corresponding to the target sub-example authentication event list.

5. The block chain security certification-based policy decision training method according to claim 4, wherein the first feature distribution includes a first target authentication event feature distribution sequence of the first target sub-example authentication event list in the first business dynamic environment and a third authentication event feature distribution sequence of the first target sub-example authentication event list in the second business dynamic environment, and the step of performing network configuration on the target policy decision network based on the first feature distribution to obtain a first adjustment reference parameter includes:

taking the mean square error as a first adjustment reference parameter;

fusing the N updated reference parameters to obtain fused reference parameters;

6. The block chain security certification-based policy decision training method according to claim 1, wherein the searching for the first business dynamic environment matching the second business dynamic environment from the business dynamic environment list comprises:

7. The block chain security certification-based policy decision training method according to claim 1, further comprising:

acquiring a collection authentication event list;

determining target feature distribution of the collected authentication event list in each service dynamic environment in M service dynamic environments to obtain M target feature distributions;

combining the M target feature distributions to obtain M feature distribution combinations, wherein each feature distribution combination comprises any two groups of target feature distributions in the M target feature distributions, and M is a positive integer;

and carrying out network configuration on the initial policy decision network through each feature distribution combination in the M feature distribution combinations to obtain a target policy decision network.

8. The block chain security certification-based policy decision training method according to claim 7, wherein the network configuration of the initial policy decision network through each of the M feature distribution combinations to obtain a target policy decision network comprises:

performing network configuration on an initial policy decision network through a first feature distribution combination in the M feature distribution combinations to update parameters in the initial policy decision network, where the first feature distribution combination includes a first target feature distribution and a first pair feature distribution, the first target feature distribution is a feature distribution of the collection authentication event list in a first training service dynamic environment, and the first pair feature distribution is a feature distribution of the collection authentication event list in a first testing service dynamic environment;

if the first policy decision accuracy of the initial policy decision network after parameter updating on the feature distribution of the first target is higher than the preset accuracy, then the initial policy decision network after parameter updating is configured through the second feature distribution combination in the M feature distribution combinations to obtain a first initial policy decision network, the first policy decision accuracy is determined by the initial policy decision network on the first target feature distribution, a correlation parameter between the resulting first decision feature distribution and the first pair of feature distributions is determined, the second feature distribution combination comprises a second target feature distribution and a second pair of feature distributions, the second target feature distribution is a feature distribution of the collected certification event list in a second training business dynamic environment, the second pair of bit feature distribution is the feature distribution of the collection authentication event list in a second test service dynamic environment;

and if the second policy decision precision of the first initial policy decision network on the second target feature distribution is higher than the preset precision, determining the first initial policy decision network as a target policy decision network, and determining the second policy decision precision by the first initial policy decision network on the second target feature distribution to obtain a correlation parameter between the second decision feature distribution and the second pair of feature distributions.

9. The block chain security certification-based policy decision training method according to claim 2, wherein the obtaining encryption policy invocation information for the target authentication event according to the second authentication event feature distribution and performing encryption policy invocation of the target authentication event on the encryption policy invocation information in the second service dynamic environment comprises:

acquiring encryption strategy parameters corresponding to each encryption strategy node in an encryption strategy node set called by a strategy to be encrypted under a second service dynamic environment, and determining an encryption strategy calling index aiming at each encryption strategy node in the encryption strategy node set called by the strategy to be encrypted based on the second authentication event characteristic distribution and each encryption strategy parameter;

searching out at least one target encryption strategy node from the encryption strategy node set called by the strategy to be encrypted based on the encryption strategy calling index of each encryption strategy node as encryption strategy calling information aiming at the target authentication event;

and carrying out encryption policy calling of the target authentication event on the encryption policy calling information in the second service dynamic environment.

10. A cloud authentication server, characterized in that the cloud authentication server includes a processor, a machine-readable storage medium, and a network interface, the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is configured to be connected to at least one blockchain authentication terminal in a communication manner, the machine-readable storage medium is configured to store a program, an instruction, or a code, and the processor is configured to execute the program, the instruction, or the code in the machine-readable storage medium to perform the policy training method based on blockchain security authentication according to any one of claims 1 to 9.