Search

CN-121690863-B - User service demand processing method, device, equipment and medium

CN121690863BCN 121690863 BCN121690863 BCN 121690863BCN-121690863-B

Abstract

The application discloses a user service demand processing method, a device, equipment and a medium, which relate to the technical field of information security and comprise the steps of determining the user service demand of a client through a first agent, analyzing the user service demand through a second agent, determining an initial execution intention corresponding to the user service demand through an analysis result obtained by the first agent, and transmitting the initial execution intention to a trusted execution environment; in a trusted execution environment, performing compliance verification on the initial execution intention, determining the verified initial execution intention as a target execution intention, generating a corresponding execution path based on the target execution intention, generating an execution authorization credential based on the execution path, triggering a corresponding trusted execution operation based on the execution path and the execution authorization credential to obtain a corresponding execution result, and transmitting the execution result to the client. The application can improve the safety and the credibility level of the operation process of the multi-intelligent system.

Inventors

  • HUANG QIANG
  • FANG HUAIKANG
  • WANG WUBING

Assignees

  • 杭州安恒信息技术股份有限公司

Dates

Publication Date
20260508
Application Date
20260210

Claims (8)

  1. 1. The user service demand processing method based on the trusted execution environment and the intelligent agent is characterized by being applied to a multi-intelligent agent system constructed based on the trusted execution environment and comprising the following steps: Determining user service requirements of a client through a first agent, analyzing the user service requirements through a second agent, determining initial execution intention corresponding to the user service requirements through the first agent by utilizing an obtained analysis result, and transmitting the initial execution intention to the trusted execution environment; in the trusted execution environment, carrying out compliance verification on the initial execution intention by using preset execution conditions, and determining the initial execution intention passing verification as a target execution intention; In the trusted execution environment, generating a corresponding execution path based on the target execution intention, generating an execution authorization credential related to the target execution intention based on the execution path, triggering a corresponding trusted execution operation by using a local business resource system based on the execution path and the execution authorization credential to obtain a corresponding execution result, and transmitting the execution result to the first agent so that the first agent can transmit the execution result to the client; The compliance verification of the initial execution intention by using a preset execution condition comprises the following steps: performing semantic consistency verification on the initial execution intention to obtain a first verification result; determining the initial execution intention, which is verified by the first verification result, as a first execution intention; Determining corresponding operation rules, authorization ranges and execution constraints from the preset execution conditions based on the intention type, the resource domain and the interface domain of the first execution intention; Verifying the first execution intention by using the operation rule, the authorization range and the execution constraint to obtain a second verification result, so that the first execution intention which is verified by the second verification result is determined to be a second execution intention, and an executable constraint set is generated based on the second execution intention; wherein the generating a corresponding execution path based on the target execution intention includes: Mapping the target execution intention into an execution step node, and determining a resource call requirement and an interface call requirement corresponding to the execution step node; Deriving data dependency relationships among the execution step nodes based on input and output variables among the execution step nodes, and determining an execution sequence among the execution step nodes by utilizing the data dependency relationships; Generating a corresponding execution plan based on the resource call requirement, the interface call requirement, the execution step node and the execution sequence; And taking the executable constraint set as a constraint item, and injecting the constraint item into the execution plan to obtain an execution path.
  2. 2. The method for processing user service requirements based on trusted execution environment and agents according to claim 1, wherein the determining, by a first agent, user service requirements of a client, analyzing, by a second agent, the user service requirements, and determining, by the first agent, an initial execution intention corresponding to the user service requirements using the obtained analysis result, includes: Acquiring a natural language instruction sent by a client through a first agent, determining a user service requirement of the client based on the natural language instruction, and performing preliminary analysis on the user service requirement to obtain a corresponding analysis result; acquiring the user service requirement sent by the first agent through a second agent, analyzing the user service requirement, and transmitting an obtained analysis result to the first agent; And generating an initial execution intention corresponding to the user service requirement by the first agent based on the analysis result and the analysis result.
  3. 3. The method for processing user business requirements based on trusted execution environment and intelligent agent according to claim 1, wherein before the compliance verification of the initial execution intention by using a preset execution condition, further comprising: acquiring the initial execution intention sent by the first agent; And verifying the data structure, the field integrity and the version information of the initial execution intention to complete the initial verification operation of the initial execution intention.
  4. 4. The method for processing user traffic demand based on trusted execution environment and agent according to claim 1, wherein said transmitting the execution result to the first agent so that the first agent transmits the execution result to the client comprises: Generating verification information for verifying the trusted execution operation, and binding the verification information, the measurement information of the trusted execution environment and the execution result to obtain a target result; And transmitting the target result to the first intelligent agent so that the first intelligent agent can perform trusted verification on the target result, and transmitting the execution result in the verified target result to the client.
  5. 5. The method for processing user traffic demand based on trusted execution environment and agent according to any one of claims 1 to 4, wherein said triggering the corresponding trusted execution operation based on the execution path and the execution authorization credential and using the local traffic resource system comprises: Generating a corresponding access request based on the execution path and the execution authorization credential, and transmitting the access request to a local service resource system, so that the service resource system performs trusted verification on the access request, and after the access request passes the verification, allowing the access request to call corresponding service resources and service execution interfaces from the service resource system; And triggering corresponding trusted execution operation by utilizing the execution path and based on the service resource and the service execution interface.
  6. 6. A user business demand processing device based on a trusted execution environment and an agent, which is applied to a multi-agent system constructed based on the trusted execution environment, comprising: The intention transmission module is used for determining the user service requirement of a client through a first intelligent agent, analyzing the user service requirement through a second intelligent agent, determining the initial execution intention corresponding to the user service requirement through the first intelligent agent by utilizing the obtained analysis result, and transmitting the initial execution intention to the trusted execution environment; The intention determining module is used for carrying out compliance verification on the initial execution intention by utilizing preset execution conditions in the trusted execution environment, and determining the initial execution intention passing verification as a target execution intention; The result transmission module is used for generating a corresponding execution path based on the target execution intention and generating an execution authorization credential related to the target execution intention based on the execution path in the trusted execution environment, triggering a corresponding trusted execution operation by utilizing a local business resource system based on the execution path and the execution authorization credential to obtain a corresponding execution result, and transmitting the execution result to the first intelligent agent so that the first intelligent agent can transmit the execution result to the client; The intention determining module specifically further comprises: The second intention verification unit is used for carrying out semantic consistency verification on the initial execution intention to obtain a first verification result; an intention determining unit configured to determine the initial execution intention, which is indicated by the first verification result and passes verification, as a first execution intention; an information determining unit, configured to determine, based on an intention type, a resource domain, and an interface domain of the first execution intention, a corresponding operation rule, an authorization range, and an execution constraint from the preset execution conditions; A third intention checking unit for checking the first execution intention by using the operation rule, the authorization range and the execution constraint to obtain a second checking result, so as to determine the first execution intention which is checked to pass the second checking result as a second execution intention and generate an executable constraint set based on the second execution intention; The result transmission module comprises: the demand determining unit is used for mapping the target execution intention into an execution step node and determining a resource calling demand and an interface calling demand corresponding to the execution step node; The sequence determining unit is used for deducing the data dependency relationship among the execution step nodes based on the input and output variables among the execution step nodes and determining the execution sequence among the execution step nodes by utilizing the data dependency relationship; the plan generating unit is used for generating a corresponding execution plan based on the resource calling requirement, the interface calling requirement, the execution step node and the execution sequence; And the path determining unit is used for taking the executable constraint set as a constraint item, and injecting the constraint item into the execution plan to obtain an execution path.
  7. 7. An electronic device, comprising: A memory for storing a computer program; A processor for executing the computer program to implement the user traffic demand processing method based on a trusted execution environment and an agent as claimed in any one of claims 1 to 5.
  8. 8. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the trusted execution environment and agent based user traffic demand processing method according to any one of claims 1 to 5.

Description

User service demand processing method, device, equipment and medium Technical Field The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a medium for processing a user service requirement. Background Along with the development of artificial intelligence technology, the multi-intelligent system is widely applied in various fields by virtue of distributed cooperation capability, and the integration of a large model further improves the intelligent level of automatic decision making and scheduling of the system. After the existing multi-intelligent system is introduced into a large model, an intelligent agent can directly trigger data access and calculation execution operation, the key execution process of the intelligent agent generally depends on a common calculation environment, and a trusted constraint mechanism of a hardware level is lacked. The common computing environment is vulnerable to security threats such as malicious attack, data tampering and the like, the execution path of the intelligent agent lacks effective tracing and verification means, the compliance and the integrity of the execution process cannot be ensured, meanwhile, the authenticity and the accuracy of the execution result are difficult to provide authoritative trusted proof because the calculation process is not in a trusted protection boundary, once the problems of data leakage, execution deviation and the like occur, the responsibility main body cannot be accurately positioned, and great potential safety hazards are brought to the system operation. Therefore, the existing multi-agent system has core defects of reliability constraint deficiency, unverifiable execution path, insufficient result reliability and the like in an execution control link after the large model is introduced, and high requirements of the key field on system safety and reliability are difficult to meet. Therefore, how to improve the safety and the reliability of the operation process of the multi-agent system is a technical problem to be solved currently. Disclosure of Invention In view of the above, the present invention aims to provide a method, an apparatus, a device, and a medium for processing user service requirements, which can improve the security and the reliability level of the operation process of the multi-intelligent system. The specific scheme is as follows: In a first aspect, the present application provides a method for processing user service requirements based on a trusted execution environment and an agent, applied to a multi-agent system constructed based on the trusted execution environment, including: Determining user service requirements of a client through a first agent, analyzing the user service requirements through a second agent, determining initial execution intention corresponding to the user service requirements through the first agent by utilizing an obtained analysis result, and transmitting the initial execution intention to the trusted execution environment; in the trusted execution environment, carrying out compliance verification on the initial execution intention by using preset execution conditions, and determining the initial execution intention passing verification as a target execution intention; In the trusted execution environment, a corresponding execution path is generated based on the target execution intention, an execution authorization credential related to the target execution intention is generated based on the execution path, a corresponding trusted execution operation is triggered based on the execution path and the execution authorization credential and by using a local service resource system, so as to obtain a corresponding execution result, and the execution result is transmitted to the first agent, so that the first agent transmits the execution result to the client. Optionally, the determining, by the first agent, the user service requirement of the client, analyzing, by the second agent, the user service requirement, and determining, by the first agent, the initial execution intention corresponding to the user service requirement using the obtained analysis result, including: Acquiring a natural language instruction sent by a client through a first agent, determining a user service requirement of the client based on the natural language instruction, and performing preliminary analysis on the user service requirement to obtain a corresponding analysis result; acquiring the user service requirement sent by the first agent through a second agent, analyzing the user service requirement, and transmitting an obtained analysis result to the first agent; And generating an initial execution intention corresponding to the user service requirement by the first agent based on the analysis result and the analysis result. Optionally, before the compliance verification of the initial execution intention by using the preset exec