CN117914601B - Multistage safety authentication and access control system of file robot - Google Patents

Abstract

The invention belongs to the technical field of archive data processing, and specifically relates to a multi-level security authentication and access control system of an archive robot, comprising a security authentication system and an access control system; the security authentication system comprises identity authentication and certificate authentication; the identity authentication comprises a password and a digital signature, and the identity authentication is completed by combining the password and the digital signature; the certificate authentication comprises a USB KEY, and the USB KEY stores a user private key and a digital certificate; the identity authentication and access control system adopts a password plus USB KEY hardware and software combined with a one-time one-pass double-factor authentication mode; in order for the USB KEY to work normally, the user needs to input a correct USB KEY password; therefore, if the password is lost, the authentication cannot be passed without the USB KEY; if the USB KEY is lost, the authentication cannot be passed without the password; a multi-level authentication method is realized, and the password plus the USB KEY is combined with the double-factor authentication, so as to effectively improve the security level of the identity authentication system.

Description

Multi-level security authentication and access control system for archive robots

Technical Field

The invention belongs to the technical field of archive data processing, in particular to a multi-level security authentication and access control system for an archive robot.

Background Art

Many documents in the company can be managed by file management robots, such as sales contracts, purchase orders, supplier agreements, financial statements and other important files; and the file robots manage the files in the form of a network; company personnel need to perform network authentication in advance before querying, extracting and other operations on the files through the file robots; with the popularization of network applications, network security incidents also occur from time to time, and strengthening network security is urgent.

Network authentication technology is an important part of network security technology. Authentication refers to the process of verifying whether the authenticated object is authentic and valid. The basic idea is to verify the attributes of the authenticated object to confirm whether the authenticated object is authentic and valid. The attributes of the authenticated object can be passwords, digital signatures, or physiological characteristics such as fingerprints, voices, and retina. Authentication is often used for both parties in communication to confirm each other's identities to ensure the security of communication.

Access control is also an important part of network security technology. Access control ensures encryption and integrity of the data being transmitted, thus preventing the data from being stolen and tampered with.

However, traditional network applications have security risks in authentication and transmission. The reasons are as follows:

There is no effective identity authentication mechanism. Traditional identity authentication uses username and password. This method has the following weaknesses: simple passwords are easy to guess, complex passwords are difficult to remember and easy to lose; and the more applications or access clients there are, the more passwords there are, and the more difficult it is to manage;

No effective access transmission security mechanism: Most current network applications use the TCP protocol, which has no data protection mechanism during network transmission, making it easy for data to be tampered with or stolen during the access process.

Summary of the invention

In order to make up for the deficiencies of the prior art and solve the above-mentioned technical problems, the present invention proposes a multi-level security authentication and access control system for an archive robot.

The technical solution adopted by the present invention to solve its technical problem is: the present invention proposes a multi-level security authentication and access control system for an archive robot, including a security authentication system and an access control system;

The security authentication system includes identity authentication and certificate authentication; the identity authentication includes password and digital signature, and the identity authentication is completed by combining password and digital signature; the certificate authentication includes USB KEY, and the USB KEY stores the user's private key and digital certificate;

The security authentication system also includes a security authentication gateway, which is used to issue a token for accessing the application system to the user who has passed the verification, and for each access request of the user, the proxy service will verify the user's access token based on the Kerberos protocol to determine the user's legal identity;

The access control system includes a mandatory access control module based on multi-level security authentication means.

Preferably, the security authentication system also includes a two-factor authentication mode, and the two-factor authentication mode is a one-time one-password mode.

Preferably, the access control system incorporates a management platform and a middleware module;

The management platform includes: Classification of users and files in distributed information systems: Use of public key cryptography to ensure secure information exchange of access requests/responses: Recording of historical user access information for future security audits;

Middleware module: It is the information interaction interface between the distributed information system and the management platform, which completes the secure interaction of information between the two through information encryption and decryption, identity authentication and password verification.

Preferably, the access control system is based on the mandatory access control module, and adds a management platform and a middleware module to form a multi-level security policy model; the basic elements of the model include:

Subject: refers to the user, represented by S, as shown in formula (1);

S＝{s ₁ , s ₂ , ..., s _n } (1);

Object: refers to files, data, and archives, represented by O, as shown in formula (2);

O＝{o ₁ , o ₂ , ..., _on } (2);

Security level: It is the gradient security mark of the subject and object, including the subject and object confidentiality level and category set; the subject and object confidentiality level indicates the sensitivity of the subject and object confidentiality, represented by C, as shown in formula (3);

C={c ₁ , c ₂ , ..., c _n } (3);

The category set represents the set of departments or categories in the organization, denoted by K, as shown in formula (4);

K={k ₁ , k ₂ , ..., k _n } (4);

All subjects and objects in the system are assigned confidentiality levels and category sets, represented by F, as shown in formula (5);

F＝{C ^S ×C ^O ×K ^S ×K ^O } (5);

Access control matrix: The autonomous authorization state in the system at any time is described in the form of a matrix, represented by M, as shown in formula (6):

Access attribute set: describes the way the subject accesses the object, expressed as AS, as shown in formula (7); where execution is E (execute), read-only is R (read), add is A (append), and read/write is W (write);

AS={E, R, A, W} (7);

System state: represents all possible system states of the multi-level safety system, represented by V, as shown in formula (8);

V={v ₁ , v ₂ ,..., v _n } (8);

In the system state, the access attribute permission of subject S to object O is represented by b, as shown in formula (9);

b∈S×O×AS (9);

Multi-level security features: Multi-level security features define the security of the system state and reflect multi-level security strategies, including autonomous security, simple security, and multi-level security;

State V = (b, M, F) satisfies autonomous safety, It is expressed as shown in formula (10);

The state V = (b, M, F) satisfies simple security and is represented by x, as shown in formula (11);

State V = (b, M, F) satisfies multi-level security, It is expressed as shown in formula (12);

Preferably, the access control system performs identity authentication in a single sign-on manner, and a protection mechanism is established in the single sign-on manner.

Preferably, the access control system also includes a KDC, and the KDC has the function of generating encrypted tickets with timestamps.

The beneficial effects of the present invention are as follows:

1. The multi-level security authentication and access control system of the archive robot of the present invention adopts a password plus USB KEY software and hardware combined with a one-time one-password two-factor authentication mode; in order for the USB KEY to work normally, the user needs to enter the correct USB KEY password; therefore, if the password is lost, the authentication cannot be passed without the USB KEY; if the USB KEY is lost, the authentication cannot be passed without the password; a multi-level authentication method is realized, and the password plus USB KEY is combined with two-factor authentication, which effectively improves the security level of the identity authentication system.

2. The multi-level security authentication and access control system of the archive robot of the present invention forces the access control system to determine the access mode according to the sensitive tags of the subject and the object; the security feature of "no reading up and no writing down" controls the data to flow only from low to high levels, ensuring that sensitive data is not leaked, and can safely and effectively solve the information interoperability between cross-domain distributed systems, ensure the controlled and correct use of network information resources by legitimate users, limit the intrusion and deliberate destruction of illegal users, and further improve the security level of the identity authentication system.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be further described below in conjunction with the accompanying drawings.

FIG1 is a detailed step diagram of the security strategy of the access control system in the present invention;

FIG2 is a level mapping diagram of the present invention;

DETAILED DESCRIPTION

The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

Embodiment 1:

Many documents in the company can be managed by the file management robot, such as sales contracts, purchase orders, supplier agreements, financial statements and other important files; and the file robot manages the files in the form of a network; company personnel need to perform network authentication in advance before querying and extracting files through the file robot; with the popularization of network applications, network security incidents also occur from time to time, and it is urgent to strengthen network security;

Network authentication technology is an important part of network security technology. Authentication refers to the process of verifying whether the object being authenticated is real and valid. Its basic idea is to verify the attributes of the object being authenticated to confirm whether the object being authenticated is real and valid. The attributes of the object being authenticated can be passwords, digital signatures, or physiological characteristics such as fingerprints, voices, and retina. Authentication is often used by both parties in communication to confirm their identities to ensure the security of communication.

Access control is also an important part of network security technology. Access control ensures the encryption and integrity of the data transmitted and prevents the data from being stolen and tampered with.

However, traditional network applications have security risks in authentication and transmission. The reasons are as follows:

There is no effective identity authentication mechanism; traditional identity authentication adopts the method of username plus password; this method has the following weaknesses: simple passwords are easy to guess, complex passwords are difficult to remember and easy to lose; and the more applications or access clients there are, the more passwords there are, and the more difficult it is to manage;

No effective access transmission security mechanism: Most current network applications use the TCP protocol, which has no data protection mechanism during network transmission, making it easy for data to be tampered with or stolen during access.

In order to effectively solve the above problems, the multi-level security authentication and access control system of the archive robot includes a security authentication system and an access control system;

The security authentication system includes identity authentication and certificate authentication; identity authentication includes password and digital signature, and the password and digital signature are combined to complete the identity authentication; certificate authentication includes USB KEY, and the USB KEY stores the user's private key and digital certificate;

The security authentication system also includes a security authentication gateway, which is used to issue tokens to users who have passed the authentication to access the application system. For each access request from the user, the proxy service will verify the user's access token based on the Kerberos protocol to determine the user's legal identity.

The access control system includes a mandatory access control module based on multi-level security authentication means;

The security authentication system also includes a two-factor authentication mode, and the two-factor authentication mode is a one-time one-password;

Specific:

The security authentication system equips each user with a USB KEY. After being issued by the CA system, the USB KEY will store the unique certificate identification that provides identity proof for the user. The use of certificate authentication technology can avoid the vulnerability of single password authentication and can safely and effectively realize mutual identity authentication between the client and the server. At the same time, the one-time dynamic negotiation technology is adopted to ensure the confidentiality and integrity of the authentication transmission information.

When using, users need to use the identity authentication client software with USB KEY, and use the PKI-based handshake protocol to perform two-way identity authentication with the security authentication gateway. After the authentication is passed, the security authentication gateway will issue a token for the user to access the application system; the identity authentication client software will intercept the user's application access request and access the application service through the security authentication gateway; for each access request of the user, the proxy service will verify the user's access token based on the Kerberos protocol to determine the user's legal identity;

The proxy service obtains the service resources that the user accesses from the user request, obtains the user identity information from the access token, and uses these two elements to make RBAC access decisions; if the request passes the decision, the system will proxy the user to access the network resources; otherwise, the system will reject the user's access request; at the same time, the system can protect the confidentiality and integrity of the data information transmitted in the network according to the user's requirements;

The security authentication gateway extracts necessary information from user access requests and forms an audit log;

In addition, traditional identity authentication uses a username plus password method; each user's password is set by the user himself and only the user knows it; as long as the password is entered correctly, the computer will consider the operator to be a legitimate user; in fact, many users often use easily guessed strings such as birthdays and phone numbers as passwords to prevent forgetting their passwords, or write their passwords on paper and put them in a place they think is safe, which can easily cause password leaks. Even if the user's password can be guaranteed not to be leaked, since the password is static data, it needs to be transmitted in the computer memory and on the network during the verification process, and the verification information used for each verification is the same, it is easy to be intercepted by Trojan programs residing in the computer memory or monitoring devices on the network; therefore, the username plus password method is an extremely unsafe identity authentication method;

The identity authentication and access control system adopts a two-factor authentication mode that combines passwords and USB KEY software and hardware with a one-time password. Because USB KEY is a hardware device with a USB interface, it has a built-in single-chip microcomputer or smart card chip that can store the user's key and digital certificate, and use the built-in cryptographic algorithm of USB KEY to authenticate the user's identity. In order for USBKEY to work properly, the user needs to enter the correct USB KEY password. Therefore, if the password is lost, the authentication cannot be passed without the USB KEY. If the USB KEY is lost, the authentication cannot be passed without the password. Multi-level authentication is implemented, and the password plus USB KEY is combined with two-factor authentication to effectively improve the security level of the identity authentication system.

And the mandatory access policy assigns each subject and object an access level, such as top secret level, secret level, confidential level and unclassified level, and defines the levels as T>S>C>U; an example is used to illustrate the application of mandatory access control rules, such as a WEB service running at the security level of "secret level"; if the WEB server is attacked, the attacker operates at the security level of "secret level" in the target system, and he will not be able to access the data in the system with the security level of "top secret level";

In addition, the mandatory access control system determines the access mode according to the sensitive tags of the subject and the object, and the access modes include: read down (rd, read down); read operations allowed when the subject security level is higher than the security level of the object information resource; read up (ru, read up); read operations allowed when the subject security level is lower than the security level of the object information resource; write down (wd, write down); write operations allowed when the subject security level is higher than the security level of the object information resource; write up (wu, write up); write operations allowed when the subject security level is lower than the security level of the object information resource; the security feature of "no read up and no write down" is used to control data to flow only from low to high according to the level, ensuring that sensitive data is not leaked, and can safely and effectively solve the information interoperability between cross-domain distributed systems, ensure that legitimate users use network information resources in a controlled and correct manner, limit the intrusion and deliberate destruction of illegal users, and further improve the security level of the identity authentication system.

Embodiment 2:

Based on the first embodiment, the access control system adds a management platform and a middleware module;

The management platform includes: Classification of users and files in distributed information systems: Use of public key cryptography to ensure secure information exchange of access requests/responses: Recording of historical user access information for future security audits;

Middleware module: It is the information interaction interface between the distributed information system and the management platform, and completes the secure interaction of information between the two through information encryption and decryption, identity authentication and password verification;

The access control system is based on the mandatory access control module, and adds the management platform and middleware modules to form a multi-level security policy model; the basic elements of the model include:

Subject: refers to the user, represented by S, as shown in formula (1);

S＝{s ₁ , s ₂ , ..., s _n } (1);

Object: refers to files, data, and archives, represented by O, as shown in formula (2);

O＝{o ₁ , o ₂ , ..., _on } (2);

Security level: It is the gradient security mark of the subject and object, including the subject and object confidentiality level and category set; the subject and object confidentiality level indicates the sensitivity of the subject and object confidentiality, represented by C, as shown in formula (3);

C={c ₁ , c ₂ , ..., c _n } (3);

The category set represents the set of departments or categories in the organization, denoted by K, as shown in formula (4);

K={k ₁ , k ₂ , ..., k _n } (4);

All subjects and objects in the system are assigned confidentiality levels and category sets, represented by F, as shown in formula (5);

F＝{C ^S ×C ^O ×K ^S ×K ^O } (5);

Access control matrix: The autonomous authorization state in the system at any time is described in the form of a matrix, represented by M, as shown in formula (6):

Access attribute set: describes the way the subject accesses the object, expressed as AS, as shown in formula (7); where execution is E (execute), read-only is R (read), add is A (append), and read/write is W (write);

AS={E, R, A, W} (7);

System state: represents all possible system states of the multi-level safety system, represented by V, as shown in formula (8);

V={v ₁ , v ₂ ,..., v _n } (8);

In the system state, the access attribute permission of subject S to object O is represented by b, as shown in formula (9);

b∈S×O×AS (9);

Multi-level security features: Multi-level security features define the security of the system state and reflect multi-level security strategies, including autonomous security, simple security, and multi-level security;

State V = (b, M, F) satisfies autonomous safety, It is expressed as shown in formula (10);

The state V = (b, M, F) satisfies simple security and is represented by x, as shown in formula (11);

State V = (b, M, F) satisfies multi-level security, It is expressed as shown in formula (12);

Specific:

In order to get rid of the constraints of traditional multi-level security centralized management, the management platform module and the middleware module are added; the management platform: is an independent, trusted, and supervised third party responsible for coordinating the security management of various cross-domain distributed systems; the main functions include: grading users and files in distributed information systems; using public key cryptography technology to ensure the secure information interaction of access requests/responses; recording users' historical access information for future security audits; the middleware module: is the information interaction interface between the distributed information system and the management platform, and completes the secure information interaction between the two through information encryption and decryption, identity authentication, and password verification; through the mutual cooperation between the two, the scalability and security of multi-level security are improved, and the information security interaction between systems and the security management of information systems are realized;

The participating elements involved in the multi-level security strategy are represented by mathematical symbols. The Chinese meaning, English meaning and symbolic representation of the specific elements are shown in the following table:

Security policy element representation

Taking the implementation of user S ₃ of Sys ₁ system under Dist _x domain wanting to access file O ₈ of Sys ₁ system under Dist _y domain as an example, the detailed steps of the security policy are shown in FIG1 of the accompanying drawings of the specification;

Step 1: Level mapping: The management platform re-classifies the distributed system users through comprehensive evaluation, using S ₃ to represent users, O ₈ to represent files, and S ₃ to file O ₈ , but does not change the original levels of users and files. Instead, the evaluation results are mapped to the level mapping table of the management platform, as shown in Figure 2 of the accompanying drawings of the specification;

Step 2 Subject access request: User S ₃ accesses file O ₈ and initiates access request s_req (s_dist _x , s_sys ₁ , s ₃ , s_selv, o_dist _y , o_sys ₁ , o ₈ , o_selv, op), and fills in the subject area, system, user name, user security level, file name and access method in req in turn. o_selv is not filled in temporarily because S ₃ does not know the security level of O ₈ at this time. Then the request information is encrypted and sent by the middleware using the public keys of the management platform and the system respectively;

Step 3 Object local query: After receiving the access request from user S ₃ of Sys _i system in Dist _x area, the middleware of Sys ₁ system in Dist _y area decrypts and authenticates the request information, and then searches the local file system database for relevant information of O ₈ according to the file name of O ₈ to obtain the security level of O ₈ ;

Step 4 Object access request: The file system Middleware generates a one-time password and responds to req to form o_res (s_Dist _x , s_sys ₁ , S ₃ , s_selv, o_dist _y , o_sys ₁ , 0 ₈ , o_selv, op, pass), fills in o_selv of file O ₈ and the newly generated pass, and finally encrypts o_res with the management platform public key and sends it;

Step 5 Management platform authorization and authentication: The management platform first decrypts the information received in step 2 and step 4, and then matches them (to ensure that they are the same request information). After the match is successful, the level mapping table LML searches for the corresponding security level according to the subject and object information in the main s_req and o_res, and makes an authorization decision based on the multi-level security model to obtain permission;

Step 6 Platform authorization object: The management platform encrypts the authorization decision result with the distributed file system public key and returns it. The file system decrypts p_res (s_dist _x , s_sys ₁ , s ₃ , s_selv, o_dist _y , o_sys ₁ , o ₈ , o_selv, op, pass, per). If per agrees to access, the file system opens the password authentication interface of file 0 ₈ and sets a 5-minute countdown for the user access time limit (the timeout window is closed). Otherwise, the Middleware closes this access request. Regardless of success or failure, the access behavior will be recorded for future security audits.

Step 7 Platform authorization subject: The management platform returns the identification result through user public key encryption, p_res(s_dist _x , s_sys ₁ , s ₃ , s_selv, o_dist _y , o_sys ₁ , o ₈ , o_selv, op, pass, per). If per agrees to access, user S can access file O ₈ with password: Otherwise, Middleware closes this access request and also records the access behavior for future security audits.

Step 8 Record access behavior: Similarly, the management platform will also record each access behavior, and use an independent trusted third party to ensure the authenticity and non-repudiation of each subject's access to the object for future security audits;

Step 9 Security Audit: As an independent third party, the audit supervises the management platform, file system and user history records, and is responsible for security audits for relevant units to conduct security checks;

In this way, the security and flexibility of cross-domain interoperability of system information are guaranteed, and user access behavior is constrained. The access control system is based on the mandatory access control module, and joins the management platform and middleware modules to form a multi-level security strategy to ensure that when the subject tries to control access to the object, it must follow the rules within the security access control system, thereby further ensuring the security of the system.

Embodiment three:

On the basis of the second embodiment, the access control system performs identity authentication in a single sign-on manner, and a protection mechanism is established in the single sign-on manner;

The access control system also includes a KDC, and the KDC has the function of generating encrypted tickets with timestamps;

Specifically: Single sign-on is a technology in the prior art that facilitates users to access the network; no matter how complex the network structure is, users only need to authenticate once when logging in to obtain authorization to access the system and application software, and can freely shuttle in the network in the future; the identity authentication and access control system in this application realizes "0 development" web page single sign-on through password proxy. Users only need to enter the password of the USB KEY when starting the client software to pass the identity authentication system authentication, and then they can access the application system without entering the application system password: At the same time, through the "login jump" setting, the user can automatically jump to the user login page after opening the application homepage, simplifying user operations;

In addition, there is an internal write protection mechanism, which includes:

Key Distribution Center (KDC): is a trusted third party that provides identity authentication services;

Kerberos Authentication Server: The authentication server hosts the functionality of the KDC;

Ticket Granting Ticket: A Ticket Granting Ticket (TGT) provides evidence that the subject has been authenticated by the KDC;

Ticket: is an encrypted message that provides evidence that a subject has the right to access an object;

Kerberos requires an account database, which is usually contained in a directory service; it uses ticket exchanges between clients, network servers, and the KDC to prove identity and provide authentication;

The login process works like this:

1. The user enters the username and password on the client;

2. The client encrypts the username using AES for transmission to the KDC;

3. The KDC verifies the username against a database of known credentials.

4. The KDC generates a symmetric key used by the client and the Kerberos server and encrypts it using a hash of the username and password; the KDC also generates an encrypted, timestamped TGT;

5. The KDC then sends the encrypted symmetric key and the encrypted timestamped TGT to the client;

6. The client installs the TGT for use until it expires;

The client also uses the hash of the username and password to decrypt the symmetric key:

Preventive access controls: Preventive controls attempt to prevent unnecessary or unauthorized activity from occurring; for example: fences, locks, lighting, alarm systems, security policies, security awareness training, CCTV, firewalls, anti-virus software, intrusion prevention systems, etc. Detective access controls:

Detective controls attempt to discover or detect unwanted or unauthorized activities; for example: shipping probes, job rotations, mandatory vacation policies, audit trails, user monitoring and review, and incident investigations;

Corrective access controls: Corrective controls modify the environment to restore systems to normal after unexpected or unauthorized activity; for example, backup and recovery plans.

The above shows and describes the basic principles, main features and advantages of the present invention. It should be understood by those skilled in the art that the present invention is not limited to the above embodiments. The above embodiments and descriptions are only for explaining the principles of the present invention. Without departing from the spirit and scope of the present invention, the present invention may have various changes and improvements, which fall within the scope of the present invention. The scope of protection of the present invention is defined by the attached claims and their equivalents.

Claims (4)

1. A multi-level security authentication and access control system for an archive robot, including a security authentication system and an access control system; the characteristics are: The security authentication system includes identity authentication and certificate authentication; the identity authentication includes password and digital signature, and the identity authentication is completed by combining password and digital signature; the certificate authentication includes USB KEY, and the USB KEY stores the user's private key and digital certificate; The security authentication system also includes a security authentication gateway, which is used to issue a token for accessing the application system to the user who has passed the verification, and for each access request of the user, the proxy service will verify the user's access token based on the Kerberos protocol to determine the user's legal identity; The access control system includes a mandatory access control module based on multi-level security authentication means; The access control system adds a management platform and a middleware module; The management platform includes: grading users and files in the distributed information system: using public key cryptography to ensure secure information exchange of access requests/responses: recording historical access information of users for future security audits; The middleware module is an information interaction interface between the distributed information system and the management platform, which completes the secure interaction of information between the two through information encryption and decryption, identity authentication and password verification; The access control system is based on the mandatory access control module, and adds a management platform and middleware module to form a multi-level security policy model; the basic elements of the model include: Subject: refers to the user, represented by S, as shown in formula (1); S={s ₁ , s ₂ ,..., s _n } (1); Object: refers to files, data, and archives, represented by O, as shown in formula (2); O={o ₁ , o ₂ ,..., o _n } (2); Security level: It is the gradient security mark of the subject and object, including the subject and object confidentiality level and category set; the subject and object confidentiality level indicates the sensitivity of the subject and object confidentiality, represented by C, as shown in formula (3); C={c ₁ , c ₂ ,..., c _n } (3); The category set represents the set of departments or categories in the organization, denoted by K, as shown in formula (4); K={k ₁ , k ₂ ,..., k _n } (4); All subjects and objects in the system are assigned confidentiality levels and category sets, represented by F, as shown in formula (5); F={C ^S ×C ^O ×K ^S ×K ^O } (5); Access control matrix: The autonomous authorization state in the system at any time is described in the form of a matrix, represented by M, as shown in formula (6): (6); Access attribute set: describes the way the subject accesses the object, expressed as AS, as shown in formula (7); where execution is E (execute), read-only is R (read), add is A (append), and read/write is W (write); AS={E, R, A, W} (7); System state: represents all possible system states of the multi-level safety system, represented by V, as shown in formula (8); V={v ₁ , v ₂ ,..., v _n } (8); In the system state, the access attribute permission of subject S to object O is represented by b, as shown in formula (9); b∈S×O×AS (9); Multi-level security features: Multi-level security features define the security of the system state and reflect multi-level security strategies, including autonomous security, simple security, and multi-level security; The state v _i =(b, M, F) satisfies autonomous safety and is represented by ∀, as shown in formula (10); ∀(S, O, AS)∈V, V∈M(10); The state v _i =(b, M, F) satisfies simple security and is represented by x, as shown in formula (11); x=E, x=A or (x=R or x=W)and(F(S)≥F(O), F(S)⊇F(O)) (11); The state v _i =(b, M, F) satisfies multi-level security, represented by ∀ _S , as shown in formula (12); ∀ _S ∈S, O∈b(S:W,A), O∈b(S:R,W) (12). 2. The multi-level security authentication and access control system of the archive robot according to claim 1, characterized in that: the security authentication system also includes a two-factor authentication mode, and the two-factor authentication mode is a one-time one-password. 3. The multi-level security authentication and access control system of the archive robot according to claim 1 is characterized in that: the access control system performs identity authentication in a single sign-on manner, and a protection mechanism is established in the single sign-on manner. 4. The multi-level security authentication and access control system of the archive robot according to claim 1, characterized in that: the access control system also includes a KDC, and the KDC has the ability to generate encrypted tickets with timestamps.