Search

CN-122027294-A - Method, product, device, medium and system for authenticating agent based on A2A protocol

CN122027294ACN 122027294 ACN122027294 ACN 122027294ACN-122027294-A

Abstract

The embodiment of the disclosure provides a method, a product, a device, a medium and a system for authenticating an agent based on an A2A protocol, which relate to the technical field of large language models, wherein a first agent is used for initiating a call request to a second agent, the first agent corresponds to first terminal equipment, the second agent corresponds to second terminal equipment, the method comprises the steps of initiating the call request to the second agent so as to receive a second identity identification file fed back by the second agent, the second identity identification file comprises second registration information of the second agent in a corresponding agent identity management center and signature information of a second agent issuer, and the second identity identification file is used for being submitted to an agent identity verifier for verification. And establishing communication connection with the second intelligent agent in response to the second identity identification file passing the verification of the intelligent agent identity verifier, thereby improving the reliability of authentication and data security protection in the interaction process of the intelligent agents.

Inventors

  • Lei zhengda
  • CHEN LONG
  • RAO MENGLIANG
  • REN FUJIA
  • ZHOU HAIXIN

Assignees

  • 成都老板创新科技有限公司

Dates

Publication Date
20260512
Application Date
20260213

Claims (20)

  1. 1. A method for authenticating an agent based on an A2A protocol, the method being applied to a first agent for initiating a call request to a second agent, the first agent corresponding to a first terminal device, the second agent corresponding to a second terminal device, the method comprising: initiating a call request to the second intelligent agent to receive a second identity identification file fed back by the second intelligent agent, wherein the second identity identification file comprises second registration information of the second intelligent agent in a corresponding intelligent agent identity management center and signature information of a second intelligent agent issuer, and the second identity identification file is used for being submitted to an intelligent agent identity verifier for verification; And establishing communication connection with the second intelligent agent in response to the second identity document passing the verification of the intelligent agent identity verifier.
  2. 2. The method for authenticating an agent based on the A2A protocol of claim 1, further comprising: Responding to a decision evaluation request sent by the second intelligent agent, and feeding back a first identity identification file of the first intelligent agent to the second intelligent agent, wherein the first identity identification file comprises first registration information of the first intelligent agent in a corresponding intelligent agent identity management center and task detail information corresponding to a current call request, and the first identity identification file is used for determining an authorization decision result aiming at the call request; and calling the second agent based on the authorization decision result.
  3. 3. The method for authenticating an agent based on the A2A protocol of claim 1, wherein the second identification file further comprises functional information and interface information of the second agent.
  4. 4. The method for authenticating an agent based on the A2A protocol of claim 1, wherein the agent identity management center is constructed using a federation chain technique, and wherein the first agent issuer and the second agent issuer are both federation members of the respective federation chain.
  5. 5. The method of authenticating an agent based on the A2A protocol of claim 1, wherein the agent identity verifier is provided by a trusted third party, the agent identity verifier being communicatively coupled to the agent identity management center to determine a registration status of the second agent at the agent identity management center based on the second registration information, the method further comprising: and if the registration state represents that the second agent is unregistered or is revoked, discarding the communication connection with the second agent.
  6. 6. The method for authenticating an agent based on the A2A protocol of claim 5, further comprising: and if the registration state represents that the second agent is registered, carrying out authenticity verification on the signature information by the agent identity verifier based on public key information of a publisher of the second agent, and discarding to establish communication connection with the second agent in response to the authenticity verification not passing.
  7. 7. The method for authenticating an agent based on the A2A protocol of claim 3, wherein the functional information and the interface information of the second agent are used for content security verification of the second identity document by the agent identity verifier, the content security verification including format error verification, malicious script verification and/or abnormal rights statement verification, the method further comprising: and discarding the communication connection with the second agent in response to the content security verification failing.
  8. 8. The method for authenticating an agent based on the A2A protocol according to any one of claims 5-7, wherein the method further comprises: Responding to the success of the communication connection between the first agent and the second agent, submitting a success event to a corresponding agent reputation library so as to improve the reputation of the first agent and/or the second agent; and responding to failure of communication connection establishment between the first agent and the second agent, submitting a failure event to a corresponding agent reputation library so as to lower the credibility of the first agent and/or the second agent.
  9. 9. The method of authenticating an agent based on the A2A protocol of claim 2, wherein the authorization decision result is forwarded by the second agent to the corresponding authorization decision center and is made by the authorization decision center, and wherein the first registration information is used by the authorization decision center to query the reputation of the first agent in the corresponding agent reputation base so that the authorization decision center makes the corresponding authorization decision result based on the reputation.
  10. 10. The method for authenticating an agent based on the A2A protocol according to claim 9, wherein the task detail information is used for characterizing a corresponding task content, a manipulation object, and a control parameter, and the task detail information is used for the authorization decision center to determine a sensitivity of the corresponding task, so that the authorization decision center makes a corresponding authorization decision result based on the sensitivity.
  11. 11. The method of claim 10, wherein the authorization decision result is made by the authorization decision center in combination with call context information of the call request, the authorization decision center being constructed by micro-services.
  12. 12. The method of authenticating an agent based on the A2A protocol of claim 10, wherein the authorization decision result characterizes the second agent as allowing the request to be invoked at the time if the reputation of the first agent meets a corresponding reputation scoring condition and the sensitivity of the task meets a corresponding sensitivity scoring condition.
  13. 13. The method for authenticating an agent based on the A2A protocol of claim 11, wherein the authorization decision result characterizes the second agent to prohibit the call request if the reputation of the first agent does not meet the corresponding reputation scoring condition and the sensitivity of the task does not meet the corresponding sensitivity scoring condition.
  14. 14. The method for authenticating an agent based on the A2A protocol of claim 13, wherein the authorization decision result characterizes the second agent conditionally allowing the call request if the reputation of the first agent does not meet the corresponding scoring condition but the sensitivity of the task meets the corresponding sensitivity scoring condition, or If the credibility of the first agent meets the corresponding scoring condition, but the sensitivity of the task does not meet the corresponding sensitivity scoring condition, the authorization decision result characterizes the second agent and conditionally allows the call request.
  15. 15. The method of authenticating an agent based on the A2A protocol of any one of claims 12-14, wherein the authorization decision result is used to generate a corresponding authorization log to update the reputation of the first agent in the agent reputation library.
  16. 16. The method of authenticating an agent based on the A2A protocol of claim 8, wherein the reputation of the first agent and/or the second agent periodically reverts to a baseline reputation according to a time decay mechanism.
  17. 17. A method for authenticating an agent based on an A2A protocol, the method being applied to a second agent for responding to a call request initiated by a first agent, the first agent corresponding to a first terminal device, the second agent corresponding to a second terminal device, the method comprising: Responding to a call request initiated by the first intelligent agent, sending a second identity identification file to the first intelligent agent, wherein the second identity identification file comprises second registration information of the second intelligent agent in a corresponding intelligent agent identity management center and signature information of a second intelligent agent issuer, and the second identity identification file is used for being submitted to an intelligent agent identity verifier for verification; and establishing communication connection with the first intelligent agent in response to the second identity document passing the verification of the intelligent agent identity verifier.
  18. 18. The method for authenticating an agent based on the A2A protocol of claim 17, further comprising: sending a decision evaluation request to the first agent; And responding to a first identity identification file fed back by the first intelligent agent, acquiring a corresponding authorization decision result, and determining a response mode aiming at the calling request based on the authorization decision result, wherein the first identity identification file comprises first registration information of the first intelligent agent in a corresponding intelligent agent identity management center and task detail information corresponding to the calling request.
  19. 19. The method of authenticating an agent based on the A2A protocol of claim 17, wherein the second identification file further comprises functional information and interface information of the second agent.
  20. 20. The method for authenticating an agent based on the A2A protocol of claim 17, wherein the agent identity management center is configured using a federation chain technique, and wherein the first agent issuer and the second agent issuer are both federation members of the respective federation chain.

Description

Method, product, device, medium and system for authenticating agent based on A2A protocol Technical Field The disclosure relates to the technical field of large language models, in particular to a method, a product, a device, a medium and a system for authenticating an agent based on an A2A protocol. Background In recent years, with the rapid development of artificial intelligence technology such as large language models (Large Language Model, LLM), intelligent devices are penetrating into aspects of life and work. However, how to ensure the cooperation of the smart devices, in which cooperation between the agents mounted in the smart devices is required to complete a specific task during the interaction of the smart devices, is a problem to be studied. The Agent-to-Agent (A2A) protocol proposed by Google aims to provide an open, standardized communication framework that enables more efficient discovery, negotiation and collaboration between different agents. It provides a breakthrough in the concept that the agents can "talk" and "cooperate" with each other like a human. However, in practical applications, the A2A protocol still faces the challenge of lacking an authentication trust hierarchy, which, although A2A defines the communication mechanism, does not directly provide a complete set of authentication mechanisms for a "zero trust" environment. For example, if the instructions of the American oven agents are able to "trust" the Siemens tobacco machine agents are legal? to avoid masquerading or attacking by malicious agents, information security and privacy leakage problems caused by communication between intelligent agents: even though A2A enables the agents to communicate with each other, consumers may raise serious concerns about their privacy (e.g., cooking habits, family activity laws) and device security (e.g., controlled remotely by maliciousness) if they lack a robust authentication mechanism and data security protection mechanism. Disclosure of Invention One of the objects of the present disclosure includes, for example, providing a method, article, apparatus, medium, and system for authenticating an agent based on an A2A protocol to at least partially improve the reliability of the intelligent device's co-operation through an authentication mechanism. Embodiments of the present disclosure may be implemented as follows: In a first aspect, an embodiment of the present disclosure provides a method for authenticating an agent based on an A2A protocol, where the method is applied to a first agent, where the first agent is used to initiate a call request to a second agent, where the first agent corresponds to a first terminal device, and the second agent corresponds to a second terminal device, and the method includes: initiating a call request to the second intelligent agent to receive a second identity identification file fed back by the second intelligent agent, wherein the second identity identification file comprises second registration information of the second intelligent agent in a corresponding intelligent agent identity management center and signature information of a second intelligent agent issuer, and the second identity identification file is used for being submitted to an intelligent agent identity verifier for verification; And establishing communication connection with the second intelligent agent in response to the second identity document passing the verification of the intelligent agent identity verifier. In an alternative embodiment, the method further comprises: Responding to a decision evaluation request sent by the second intelligent agent, and feeding back a first identity identification file of the first intelligent agent to the second intelligent agent, wherein the first identity identification file comprises first registration information of the first intelligent agent in a corresponding intelligent agent identity management center and task detail information corresponding to a current call request, and the first identity identification file is used for determining an authorization decision result aiming at the call request; and calling the second agent based on the authorization decision result. In an alternative embodiment, the second identification file further includes functional information and interface information of the second agent. In an alternative embodiment, the agent identity management center is constructed by adopting a coalition chain technology, wherein the first agent issuer and the second agent issuer are coalition members of the corresponding coalition chain. In an alternative embodiment, the agent identity verifier is provided by a trusted third party, the agent identity verifier being communicatively connected to the agent identity management center to determine a registration status of the second agent at the agent identity management center based on the second registration information, the method further comprising: and if the registration state