Method and system for ai entity to query knowledge graph database
By separating the requesting and receiving ends into an architecture, and using authentication tokens to replace database credentials and preset communication protocols, the security and scalability issues of AI models accessing knowledge graph databases are resolved, achieving secure decoupled access and efficient querying.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GLODON CO LTD
- Filing Date
- 2026-04-01
- Publication Date
- 2026-06-05
AI Technical Summary
Direct access to knowledge graph databases by AI models poses security risks and poor scalability issues, especially when dealing with various types of knowledge graph databases, requiring modifications to a large amount of connection and query code.
It adopts an architecture that separates the requesting end and the receiving end. The requesting end holds an authentication token without exposing database credentials, while the receiving end acts as a middleware server that adapts to various knowledge graph databases. Secure decoupled access is achieved through preset communication protocols and driver adapters.
It significantly improves the security and scalability of AI models for knowledge graph databases, reduces the risk of data leakage, simplifies the implementation complexity of AI entities, and enhances the scalability and maintainability of the system.
Smart Images

Figure CN122152860A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data processing technology, and in particular to a method and system for AI entity querying knowledge graph databases. Background Technology
[0002] Against the backdrop of rapid development in artificial intelligence technology, the integration of AI models and knowledge graphs is becoming increasingly close. AI models need to frequently access knowledge graphs to obtain structured data to support reasoning and decision-making. In existing technologies, AI models typically access knowledge graph databases using a direct-connection model: AI applications need to install the corresponding official driver for a specific knowledge graph database and hardcode sensitive credentials such as the database username, password, and host address into configuration files or environment variables to directly establish a connection with the knowledge graph database and execute queries. However, this approach has significant technical drawbacks. On the one hand, the AI application directly holds the highest-level access credentials to the database. Once the AI application is compromised or subjected to a hint injection attack, the underlying knowledge graph data is highly susceptible to leakage or malicious tampering, posing a very high security risk. On the other hand, the strong coupling between the AI application and the specific knowledge graph driver means that if the underlying graph needs to be switched or adapted to multiple different types of knowledge graphs, a large amount of connection, query, and parsing code needs to be modified, resulting in poor system scalability and high maintenance costs.
[0003] Therefore, how to achieve secure and decoupled access to different knowledge graph databases by AI models has become a technical problem that urgently needs to be solved by those skilled in the art. Summary of the Invention
[0004] The purpose of this application is to provide a method and system for AI entities to query knowledge graph databases. This application was completed with the support of the project titled "Key Technologies for Construction and Application of Large Models in Architectural Engineering" and project number "2024YFC3811200". This application solves the security risks of direct connection mode by separating the request end and the receiving end through an architecture that allows AI entities to hold only authentication tokens without exposing database credentials. At the same time, by utilizing a unified preset protocol and the adaptability of the receiving end, it realizes decoupled access to multiple knowledge graph databases, which significantly improves the security and scalability of access.
[0005] To achieve the above objectives, this application provides a method for AI entity querying of a knowledge graph database, the method comprising:
[0006] The requesting end obtains the query statement generated by the caller through the AI entity and obtains the authentication token corresponding to the caller; wherein, the requesting end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and sends it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases; The receiving end parses the request message according to the preset communication protocol, obtains the access credentials corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database; The receiving end performs a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement to obtain the query results.
[0007] Optionally, the requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information, and the query statement into a request message using a preset data structure according to a preset communication protocol before sending it to the receiving end, including: The requesting end determines the type identifier of the target knowledge graph database, the instance identifier of the target knowledge graph database, and the resource domain identifier in the target knowledge graph database based on the query statement, so as to form the query positioning information; The requesting end determines the tenant identifier to which the caller belongs; The requesting end writes the authentication token into the protocol header field of the request message according to the preset communication protocol, writes the tenant identifier, the instance identifier and the resource domain identifier into the resource location field of the request message, and writes the type identifier and the query statement into the target operation field of the request message to form the request message.
[0008] Optionally, the receiving end parses the request message according to the preset communication protocol, obtains the access credential corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database, including: The receiving end extracts the authentication token from the protocol header field of the request message according to the preset communication protocol, extracts the tenant identifier, the instance identifier and the resource domain identifier from the resource location field, and extracts the type identifier and the query statement from the target operation field; The receiving end parses the caller's identity information from the authentication token and obtains the access credential that corresponds to both the caller's identity information and the instance identifier from the security credential repository; The receiving end obtains or creates a database connection instance corresponding to the target knowledge graph database from the connection pool based on the tenant identifier and the instance identifier; The receiving end determines the target resource domain corresponding to the resource domain identifier from the target knowledge graph database through the database connection instance; The receiving end loads the driver adapter corresponding to the type identifier.
[0009] Optionally, the receiving end, through the driver adapter, and using the access credentials, the query location information, and the query statement, performs a query operation in the target knowledge graph database to obtain query results, including: The receiving end connects to the database instance via the driver adapter and uses the access credentials to perform a query operation in the target resource domain according to the query statement; The receiving end obtains the query results through the driver adapter and the database connection instance; wherein, the query results have the native data structure corresponding to the target knowledge graph database; The receiving end converts the query result into a response message using the preset data structure according to the preset communication protocol; wherein, the response message includes: a status field, a data field and a metadata field, the status field is used to indicate whether the query execution was successful or failed, the data field is used to carry information on the unified structured knowledge graph nodes and edges, and the metadata field is used to carry query execution time, resource consumption and tenant quota usage.
[0010] Optionally, the requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information, and the query statement into a request message using a preset data structure according to a preset communication protocol before sending it to the receiving end. The method also includes: The requesting end determines whether the query statement is written in the native query language supported by the target knowledge graph database; if yes, it adds a native pattern identifier to the request message; if no, it adds an abstract pattern identifier to the request message. The receiving end, through the driver adapter, and using the access credentials, the query location information, and the query statement, performs a query operation in the target knowledge graph database to obtain query results, and also includes: The receiving end parses the native pattern identifier or the abstract pattern identifier from the request message; When the native pattern identifier is parsed, the receiving end performs a query operation in the target knowledge graph database according to the query statement through the driver adapter and the database connection instance. When the abstract pattern identifier is parsed, the receiving end obtains the query translation engine corresponding to the type identifier, converts the query statement into a native query statement written in the native query language supported by the target knowledge graph database through the query translation engine, and executes the query operation in the target knowledge graph database according to the native query statement through the driver adapter and the database connection instance.
[0011] Optionally, the request message using a preset data structure includes: a protocol header field, a resource location field, a target operation field, and parameter and context fields; The protocol header fields include: protocol version number, unique request identifier, authentication token, query timeout, and read-only mode identifier; wherein, the protocol version number is used to identify the version of the preset communication protocol, the unique request identifier is used for link tracing, the query timeout is used to limit the maximum duration of query execution, and the read-only mode identifier is used to force the receiving end to use a read-only connection to execute the query. The resource location fields include: tenant identifier, instance identifier, and resource domain identifier; The target operation fields include: type identifier and query statement; The parameters and context fields include: query parameter key-value pairs and context information; wherein, the query parameter key-value pairs are used to implement parameterized queries and prevent injection attacks, and the context information is used to maintain multi-round interaction states.
[0012] To achieve the above objectives, this application also provides a system for querying an AI entity knowledge graph database, the system comprising: The request end is used to obtain the query statement generated by the caller through the AI entity and obtain the authentication token corresponding to the caller; wherein, the request end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end is also configured to generate query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulate the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and send it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases; The receiving end is configured to parse the request message according to the preset communication protocol, obtain the access credential corresponding to the authentication token and the target knowledge graph database, and determine the driver adapter corresponding to the target knowledge graph database. The receiving end is further configured to perform a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement, to obtain the query result.
[0013] Optionally, the request message using a preset data structure includes: a protocol header field, a resource location field, a target operation field, and parameter and context fields; The protocol header fields include: protocol version number, unique request identifier, authentication token, query timeout, and read-only mode identifier; wherein, the protocol version number is used to identify the version of the preset communication protocol, the unique request identifier is used for link tracing, the query timeout is used to limit the maximum duration of query execution, and the read-only mode identifier is used to force the receiving end to use a read-only connection to execute the query. The resource location fields include: tenant identifier, instance identifier, and resource domain identifier; The target operation fields include: type identifier and query statement; The parameters and context fields include: query parameter key-value pairs and context information; wherein, the query parameter key-value pairs are used to implement parameterized queries and prevent injection attacks, and the context information is used to maintain multi-round interaction states.
[0014] To achieve the above objectives, this application also provides a computer device, which specifically includes: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the AI entity query knowledge graph database method described above.
[0015] To achieve the above objectives, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the AI entity query knowledge graph database method described above.
[0016] The method and system for AI entity querying knowledge graph databases provided in this application have several advantages. First, the requesting end only holds an authentication token bound to the caller's identity, rather than the actual access credentials to the underlying database. Even if the AI entity is attacked, the attacker cannot directly obtain the database password, thus significantly reducing the risk of data leakage and tampering. Second, at the system architecture level, by introducing a receiving end independently deployed on a middleware server as a unified access gateway, the strong coupling between AI entities and heterogeneous knowledge graph databases is completely decoupled. AI entities do not need to be concerned with the type differences of the target database, nor do they need to integrate multiple official drivers. All adaptation logic related to database type is handled uniformly by the receiving end, thereby simplifying the implementation complexity of AI entities and improving the scalability and maintainability of the system. Finally, the requesting end and the receiving end interact using a preset communication protocol and a unified data structure, ensuring the standardization and parsability of message interaction and providing a unified foundation for subsequent security authentication, credential mapping, and query execution. Attached Figure Description
[0017] Various other advantages and benefits will become apparent to those skilled in the art upon reading the following detailed description of preferred embodiments. The accompanying drawings are for illustrative purposes only and are not intended to limit the scope of this application. Furthermore, the same reference numerals denote the same parts throughout the drawings. In the drawings: Figure 1 This is an optional flowchart illustrating the method for querying a knowledge graph database using AI entities, as provided in Embodiment 1. Figure 2 This is a schematic diagram of another optional process for the AI entity query knowledge graph database method provided in Example 1; Figure 3 This is a schematic diagram of an optional component structure of the AI entity query knowledge graph database system provided in Embodiment 2; Figure 4 This is a schematic diagram of an optional hardware structure for the computer device provided in Embodiment 3. Detailed Implementation
[0018] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application. All other embodiments obtained by those skilled in the art based on the embodiments in this application without inventive effort are within the scope of protection of this application.
[0019] Example 1 This application provides a method for AI entity querying of a knowledge graph database, such as... Figure 1As shown, the method specifically includes the following steps: Step S101: The requesting end obtains the query statement generated by the caller through the AI entity and obtains the authentication token corresponding to the caller; wherein, the requesting end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database.
[0020] The caller can be a client with an AI entity installed, or a user using that client. The AI entity refers to a software module capable of performing artificial intelligence tasks, including but not limited to Large Language Models (LLMs), AI agents, or applications encapsulating AI models. It is responsible for generating structured query statements for querying the knowledge graph database based on the user's natural language input or business instructions. This query statement can be a native query language (such as Cypher or Gremlin) supported by a specific knowledge graph database, used to accurately describe the data content to be retrieved from the knowledge graph. To ensure access security, the authentication token is not generated by the requesting party itself, but is pre-issued and securely configured on the requesting party by an independent authentication and authorization center based on the caller's identity information, permissions, and validity period. The authentication token replaces the underlying access credentials such as database usernames and passwords used directly in traditional solutions, thereby avoiding the exposure of high-risk core credentials on the AI entity side and achieving secure isolation.
[0021] Furthermore, a knowledge graph (KG) refers to a large-scale structured knowledge base that organizes and stores entities, concepts, and their semantic relationships in a graph structure. Its basic data unit is a triple (Subject, Predicate, Object), used to represent factual knowledge in the objective world. Knowledge graphs are typically built on graph databases (e.g., Neo4j, FalkorDB, Kuzu) or RDF triple libraries.
[0022] Step S102: The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and sends it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases.
[0023] The requesting end needs to determine the specific database resource targeted by the query, i.e., generate the query location information. This query location information facilitates accurate routing to the correct data source in subsequent processes. Subsequently, the requesting end encapsulates the authentication token, the query location information, and the query statement as core elements into a request message with a unified data structure according to a pre-agreed communication protocol (such as KGCP). This request message uses a structured format (such as JSON) to ensure accurate parsing and identification of the meaning of each field between different modules. After encapsulation, the requesting end sends the request message to the receiving end. The receiving end is not deployed locally on the AI entity but is deployed as an independent middleware service on a middleware server. Its core function is to act as a unified access gateway between the AI entity and various heterogeneous knowledge graph databases. It can shield the differences in driving protocols, interface languages, and data formats between different underlying databases (such as Neo4j, JanusGraph, Nebula, etc.), achieving unified adaptation and access management for all types of knowledge graph databases.
[0024] In addition, the default communication protocol is the Knowledge Graph Context Protocol (KGCP), a standardized, scalable, and low-intrusion communication protocol proposed in this embodiment, specifically designed for knowledge graph invocation scenarios. It injects a set of predefined context fields into the metadata carrier of client requests, enabling the server to dynamically parse the invocation intent and perform advanced operations such as tenant management, security authentication, snapshot queries, and test traffic isolation accordingly. KGCP is an infrastructure layer standard independent of upper-layer model protocols. While its design is inspired by the general concept of context passing, it has made deep innovations in field semantics, processing logic, and engineering goals to address the unique pain points of knowledge graphs (such as data isolation and result reproducibility).
[0025] In practical applications, the requesting end sends the request message to the receiving end via HTTP / TCP / STDIO. The receiving end listens on a port to receive the data stream.
[0026] Step S103: The receiving end parses the request message according to the preset communication protocol, obtains the access credentials corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database.
[0027] Upon receiving the request message, the receiving end first parses the message according to the preset communication protocol, extracting the authentication token and related information for locating the target knowledge graph database. Then, based on the caller identity information carried in the authentication token and the specific database instance indicated in the query location information, the receiving end retrieves the access credentials corresponding to this call from a pre-built security credential repository (Vault). These access credentials are the username and password required to log in to the target knowledge graph database instance, used for authentication when establishing a database connection. Simultaneously, based on the target knowledge graph database type indicated in the query location information, the receiving end dynamically determines and loads a driver adapter matching that type. This driver adapter encapsulates the native driver interface for that type of database, converting the receiving end's unified call into operation instructions recognizable by the specific database.
[0028] Step S104: The receiving end performs a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement to obtain the query result.
[0029] Wherein, after obtaining the access credential and loading the driver adapter, the receiving end establishes a connection with the target knowledge graph database through the driver adapter using the access credential, locates the specific data range in the target knowledge graph database according to the query positioning information, and then executes the query statement to complete the data query operation and obtain the query result.
[0030] In this embodiment, firstly, the requesting end only holds an authentication token bound to the caller's identity, rather than the actual access credentials to the underlying database. Even if the AI entity is attacked, the attacker cannot directly obtain the database password, thus significantly reducing the risk of data leakage and tampering. Secondly, at the system architecture level, by introducing a receiver independently deployed on the middleware server as a unified access gateway, the strong coupling between the AI entity and the heterogeneous knowledge graph database is completely decoupled. The AI entity does not need to care about the differences in the target database type, nor does it need to integrate multiple official drivers. All adaptation logic related to the database type is handled uniformly by the receiver, thereby simplifying the implementation complexity of the AI entity and improving the scalability and maintainability of the system. Finally, the requesting end and the receiver interact using a preset communication protocol and a unified data structure, ensuring the standardization and parsability of message interaction, providing a unified foundation for subsequent security authentication, credential mapping, and query execution.
[0031] Specifically, in step S102, the requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information, and the query statement into a request message using a preset data structure according to a preset communication protocol before sending it to the receiving end, including the following steps: Step A1: The requesting end determines the type identifier of the target knowledge graph database, the instance identifier of the target knowledge graph database, and the resource domain identifier in the target knowledge graph database based on the query statement, so as to form the query positioning information.
[0032] The types of knowledge graph databases include, but are not limited to, graph databases such as Neo4j, JanusGraph, and NebulaGraph. Different types of databases differ in their driving protocols, query languages, and data models. Furthermore, a knowledge graph database instance refers to a specific deployment unit of a particular type of knowledge graph database. For example, a database of the same type can be deployed as multiple physically or logically isolated server instances. Each instance has an independent address, port, and data storage. The instance identifier is used to uniquely determine which specific database server the query should point to. A resource scope refers to a data isolation unit within a knowledge graph database, corresponding to a "table," "space," "label set," or "graph name" in different databases. That is, a knowledge graph database includes multiple resource scopes. By determining the type identifier, the instance identifier, and the resource scope identifier, the requesting end can form basic query positioning information for accurately locating database resources.
[0033] Step A2: The requesting end determines the tenant identifier to which the caller belongs.
[0034] In this context, a tenant refers to a logically isolated group of users, data, and configuration resources within a multi-tenant framework.
[0035] Step A3: The requesting end writes the authentication token into the protocol header field of the request message according to the preset communication protocol, writes the tenant identifier, the instance identifier and the resource domain identifier into the resource location field of the request message, and writes the type identifier and the query statement into the target operation field of the request message to form the request message.
[0036] In this embodiment, the requesting end writes the authentication token into the protocol header field of the request message according to a preset communication protocol for the receiving end to perform security authentication; writes the tenant identifier, the instance identifier, and the resource domain identifier into the resource location field to instruct the receiving end to locate the target database and its specific data range; and writes the type identifier and the query statement into the target operation field to instruct the receiving end to select the corresponding driver adapter and execute the query, thereby forming a request message with a complete structure and clear field responsibilities.
[0037] Preferably, the request message using a preset data structure specifically includes: a protocol header field, a resource locator field, a target operation field, and parameters and context fields; The protocol header fields are used to transmit control and security information, including: protocol version number (String), unique request identifier (RequestId) (String), authentication token (Authorization) (String), query timeout (Integer), and read-only mode identifier (ReadOnly) (Boolean). The protocol version number identifies the version of the preset communication protocol, the unique request identifier is used for link tracing, the query timeout limits the maximum execution time of the query to prevent request blocking, and the read-only mode identifier forces the receiving end to use a read-only connection to execute the query. Additionally, the authentication token can be in JWT format, which the receiving end parses to obtain the connection credentials (username / password / Role) for the underlying database. The resource location field is used for multi-tenancy and resource isolation, and includes: tenantId (String), instanceId (String), and resourceScope (String). The tenantId is used to logically isolate data from different clients; the instanceId specifies a specific knowledge graph database instance ID and is independent of the graph type; and the resourceScope corresponds to a "table," "space," "label set," or "graph name" in different knowledge graph databases. For example, Neo4j's Database Name and NebulaGraph's SpaceName.
[0038] The target operation field is used to execute a specific query, including: type identifier (String) and query statement (String); The parameters and context fields include: query parameter key-value pairs (parameters (Object)) and context information (context (Object); wherein, the query parameter key-value pairs are used to implement parameterized queries and prevent injection attacks, and the context information is used to maintain multi-round interaction states.
[0039] Furthermore, in step S103, the receiving end parses the request message according to the preset communication protocol, obtains the access credential corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database, specifically including the following steps: Step C1: The receiving end extracts the authentication token from the protocol header field of the request message according to the preset communication protocol, extracts the tenant identifier, the instance identifier and the resource domain identifier from the resource location field, and extracts the type identifier and the query statement from the target operation field; Step C2: The receiving end parses the caller's identity information from the authentication token and obtains the access credential that corresponds to both the caller's identity information and the instance identifier from the security credential repository; Step C3: The receiving end obtains or creates a database connection instance corresponding to the target knowledge graph database from the connection pool based on the tenant identifier and the instance identifier; Step C4: The receiving end determines the target resource domain corresponding to the resource domain identifier from the target knowledge graph database through the database connection instance; Step C5: The receiving end loads the driver adapter corresponding to the type identifier. For example, if the type identifier is neo4j, then the Neo4j Driver adapter is invoked.
[0040] The access credentials refer to the username and password required to log in to the target knowledge graph database instance, used for authentication when establishing a database connection. The database connection instance refers to the network communication channel established between the receiving end and a specific database instance, managed uniformly through a connection pool, allowing for the reuse of established connections and avoiding the resource overhead of frequently creating connections. The driver adapter refers to a software module dynamically loaded by the receiving end according to the target database type. It encapsulates the native driver interface for that type of database, converting the receiving end's unified calls into operation instructions recognizable by the specific database, thereby shielding the differences in the underlying databases.
[0041] In this embodiment, access credentials are bound to the caller's identity and instance identifier, achieving fine-grained permission isolation; database connection instances are precisely matched with tenant identifiers and instance identifiers, and combined with a connection pool reuse mechanism, system resource utilization efficiency is improved; the driver adapter is dynamically loaded based on the type identifier, enabling the receiving end to uniformly access heterogeneous databases without hard-coding driver logic. These steps work together to achieve accurate routing and efficient connection management in multi-tenant scenarios while ensuring secure isolation.
[0042] In addition, before step C1, the receiving end can first verify the validity of the authentication token, check whether the authentication token has expired and whether the signature is valid, and continue to execute step C1 after the verification is successful.
[0043] Furthermore, in step S104, the receiving end, through the driver adapter, uses the access credentials, the query location information, and the query statement to perform a query operation in the target knowledge graph database to obtain the query results. This specifically includes the following steps: Step D1: The receiving end connects to the database instance through the driver adapter and uses the access credentials to perform a query operation in the target resource domain according to the query statement; Step D2: The receiving end obtains the query results through the driver adapter and the database connection instance; wherein, the query results have the native data structure corresponding to the target knowledge graph database; Step D3: The receiving end converts the query result into a response message using the preset data structure according to the preset communication protocol; wherein, the response message includes: a status field, a data field, and a metadata field, the status field is used to indicate whether the query execution was successful or failed, the data field is used to carry information on the unified structured knowledge graph nodes and edges, and the metadata field is used to carry query execution time, resource consumption, and tenant quota usage.
[0044] In this embodiment, steps D1 to D3 constitute a complete standardized query execution and response process. In step D1, the receiving end, through the loaded driver adapter and the acquired database connection instance, establishes an authenticated connection with the target database instance using the access credentials, and executes the query statement within the located target resource domain to complete the actual data retrieval operation. In step D2, the receiving end obtains the query results returned by the underlying database through the same driver adapter and database connection instance. This result retains the native data structure corresponding to the target knowledge graph database, such as a Neo4j Record object or a JanusGraph Vertex / Edge object. In step D3, the receiving end, according to a preset communication protocol, uniformly converts the heterogeneous native query results into a response message with a preset data structure. The status field clearly indicates the success or failure of the execution, the data field presents node and edge information in a structured manner, and the metadata field records key operational information such as execution time, resource consumption, and tenant quotas, facilitating subsequent monitoring and billing.
[0045] Through steps D1 to D3, AI entities are freed from the native return format of the underlying database, achieving a unified output of heterogeneous knowledge graph query results. On one hand, this eliminates the burden on AI entities to write independent parsing code for different databases, reducing integration complexity. On the other hand, through a standardized response message structure, a unified data processing interface is provided for upper-layer applications, along with execution metadata, enhancing the system's observability and operational management capabilities.
[0046] Furthermore, in step S102, the requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information, and the query statement into a request message using a preset data structure according to a preset communication protocol before sending it to the receiving end. This also includes the following steps: Step A1': The requesting end determines whether the query statement is written in the native query language supported by the target knowledge graph database; if yes, a native pattern identifier is added to the request message; if no, an abstract pattern identifier is added to the request message.
[0047] In this embodiment, the requesting end first determines whether the query statement generated by the AI entity is directly written using a native query language supported by the target knowledge graph database. A native query language refers to the query syntax officially supported by a specific knowledge graph database, such as Neo4j's Cypher or JanusGraph's Gremlin. Such statements can be directly parsed and executed by the corresponding database. If the query statement is written in a native query language, the requesting end adds a native mode identifier to the request message (e.g., adding a mode field to the request message and setting it to mode="native"), instructing the receiving end to directly execute the statement using a pass-through method. If the query statement is not written in a native query language, but uses more abstract, database-independent standard operation instructions (such as business-level instructions like "FIND_NODES" predefined in the KGCP protocol), the requesting end adds an abstract mode identifier to the request message (e.g., adding a mode field to the request message and setting it to mode="abstract"), instructing the receiving end to dynamically convert the instruction into a native query statement of the target database using a query translation engine before execution. By introducing pattern identifiers, a dynamic negotiation mechanism at the protocol level is implemented, allowing the requesting end to flexibly choose between two modes: passing through native statements or abstract instructions, based on its own capabilities or business scenarios. The receiving end then automatically adapts its processing logic based on the identifiers, thereby providing a higher level of abstraction capabilities to shield the differences in the underlying database while retaining the performance advantages of native queries.
[0048] At this time, the receiving end in step S104 performs a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement to obtain the query result, and also includes the following steps: Step D1': The receiving end parses the native pattern identifier or the abstract pattern identifier from the request message; Step D2': When the native pattern identifier is parsed, the receiving end performs a query operation in the target knowledge graph database according to the query statement through the driver adapter and the database connection instance; Step D3': When the abstract pattern identifier is parsed, the receiving end obtains the query translation engine corresponding to the type identifier, converts the query statement into a native query statement written in the native query language supported by the target knowledge graph database through the query translation engine, and performs a query operation in the target knowledge graph database according to the native query statement through the driver adapter and the database connection instance.
[0049] In this embodiment, the receiving end first parses the native pattern identifier or the abstract pattern identifier from the request message to determine the subsequent execution path. When the native pattern identifier is parsed, it indicates that the query statement has been written using the target database's native query language (such as Cypher or Gremlin). The receiving end directly transmits the query statement to the target database for execution through the driver adapter and the database connection instance. This method preserves the latest features of the native syntax and has no translation loss. When the abstract pattern identifier is parsed, it indicates that the query statement uses standard operation instructions (such as the KGCP predefined "FIND_NODES") that are independent of the specific database. The receiving end first obtains the query translation engine corresponding to the type identifier. This engine internally maintains mapping rules (such as configuration templates or abstract syntax trees AST) between standard operations and various native query languages. Subsequently, the receiving end uses this engine to dynamically convert the standard operation instructions into native query statements that conform to the target database's native query language, and then executes the converted statements through the driver adapter and the database connection instance. The aforementioned dynamic negotiation mechanism allows the requesting end to flexibly select the instruction abstraction level according to its own capabilities, and the receiving end to automatically adapt and process it, thus achieving decoupling of the query language layer.
[0050] In addition, in an optional implementation, the receiving end reads the session identifier from the context field of the request message; the receiving end maintains the state information corresponding to the current session in memory or cache according to the session identifier; for knowledge graphs that support transactions, the receiving end binds multiple query requests with the same session identifier to the same database transaction for execution according to the session identifier, so as to achieve data consistency across requests.
[0051] like Figure 2 As shown, this embodiment applies to both the KGCP requester and the KGCP receiver. The KGCP requester is used to interface with one or more AI clients (AI entities) and is responsible for constructing JSON request messages that conform to the KGCP specification. This request message only holds an authentication token and does not hold the access credentials (username and password) required by the knowledge graph database. The KGCP receiver is deployed as an independent middleware service, with built-in authentication modules, tenant routing modules, and official driver adapters for various knowledge graph databases. The KGCP receiver can interface with multiple instances of different types of databases.
[0052] The following beneficial effects can be achieved through this embodiment: (1) Credential isolation and enhanced security: AI entities do not need to store the real account password (access credentials) of the underlying knowledge graph database, but only hold authentication tokens. Even if the AI entity is compromised, attackers cannot directly obtain database access credentials, and tokens can be set with short-term validity and fine-grained permissions, which significantly reduces the risk of data leakage.
[0053] (2) Preservation of native performance and functionality: Since the query field directly transmits native statements, it avoids the performance loss of the intermediate translation layer and can immediately use the latest syntax features released by the graph vendor without waiting for the protocol layer to be updated.
[0054] (3) Protocol-level multi-tenancy support: Through the resourceLocator field, tenants and resource domains are explicitly declared at the protocol layer, and the receiving end automatically completes route isolation. AI entities do not need to care about whether the underlying layer is database sharding or logical isolation, thus realizing the convenience of SaaS deployment.
[0055] (4) Decoupling of connection layer and response layer: AI entities do not need to integrate multiple heavy official driver libraries. They only need to implement a lightweight KGCP receiver to connect to all types of knowledge graphs, which significantly reduces the application size.
[0056] (5) Unified response processing: Regardless of the complexity of the underlying graph, the AI entity always receives JSON data in a unified format, eliminating the workload of writing parsing code for different graphs.
[0057] (6) Fine-grained resource control: The resourceScope field can be used to restrict queries to be executed only within a specific graph space or tag set to prevent cross-domain data pollution.
[0058] Example 2 This application provides a system for AI entity querying a knowledge graph database, such as... Figure 3 As shown, the system specifically includes the following components: The request end 301 is used to obtain the query statement generated by the caller through the AI entity and obtain the authentication token corresponding to the caller; wherein, the request end 301 is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end 301 is further configured to generate query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulate the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and send it to the receiving end 302; wherein, the receiving end 302 is deployed in a middleware server and is used to adapt to various types of knowledge graph databases. The receiving end 302 is used to parse the request message according to the preset communication protocol, obtain the access credential corresponding to the authentication token and the target knowledge graph database, and determine the driver adapter corresponding to the target knowledge graph database. The receiving end 302 is further configured to perform a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement, to obtain the query result.
[0059] Specifically, when the requesting end 301 implements the function of generating query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulating the authentication token, the query location information, and the query statement into a request message using a preset data structure according to a preset communication protocol and sending it to the receiving end 302, it is used to: The query statement determines the type identifier of the target knowledge graph database, the instance identifier of the target knowledge graph database, and the resource domain identifier in the target knowledge graph database to form the query location information. Determine the tenant identifier to which the caller belongs; The authentication token is written into the protocol header field of the request message according to the preset communication protocol, the tenant identifier, the instance identifier and the resource domain identifier are written into the resource location field of the request message, and the type identifier and the query statement are written into the target operation field of the request message to form the request message.
[0060] Furthermore, when the receiving end 302 performs the function of parsing the request message according to the preset communication protocol, obtaining the access credential corresponding to the authentication token and the target knowledge graph database, and determining the driver adapter corresponding to the target knowledge graph database, it is specifically used for: According to the preset communication protocol, the authentication token is extracted from the protocol header field of the request message, the tenant identifier, the instance identifier, and the resource domain identifier are extracted from the resource location field, and the type identifier and the query statement are extracted from the target operation field; The identity information of the caller is parsed from the authentication token, and the access credential corresponding to both the identity information of the caller and the instance identifier is obtained from the security credential repository; Based on the tenant identifier and the instance identifier, obtain or create a database connection instance corresponding to the target knowledge graph database from the connection pool; The target resource domain corresponding to the resource domain identifier is determined from the target knowledge graph database through the database connection instance; Load the driver adapter corresponding to the type identifier.
[0061] Furthermore, when the receiving end implements the function of performing a query operation in the target knowledge graph database through the driver adapter and using the access credentials, the query location information, and the query statement to obtain query results, it is specifically used for: Using the driver adapter and the database connection instance, and with the access credentials, a query operation is performed in the target resource domain according to the query statement; The query results are obtained through the driver adapter and the database connection instance; wherein the query results have a native data structure corresponding to the target knowledge graph database; The query result is converted into a response message using the preset data structure according to the preset communication protocol; wherein, the response message includes: a status field, a data field and a metadata field, the status field is used to indicate whether the query execution was successful or failed, the data field is used to carry information on the nodes and edges of the unified structured knowledge graph, and the metadata field is used to carry the query execution time, resource consumption and tenant quota usage.
[0062] Furthermore, the request terminal 301 is also used for: Determine whether the query statement is written in a native query language supported by the target knowledge graph database; if yes, add a native pattern identifier to the request message; if no, add an abstract pattern identifier to the request message.
[0063] At this time, the receiver 302 is also used for: Parse the native pattern identifier or the abstract pattern identifier from the request message; When the native pattern identifier is parsed, a query operation is performed in the target knowledge graph database according to the query statement through the driver adapter and the database connection instance. When the abstract pattern identifier is parsed, a query translation engine corresponding to the type identifier is obtained. The query statement is converted into a native query statement written in the native query language supported by the target knowledge graph database through the query translation engine. Then, through the driver adapter and the database connection instance, a query operation is performed in the target knowledge graph database according to the native query statement.
[0064] Furthermore, the request message using the preset data structure specifically includes: protocol header field, resource location field, target operation field, parameter and context field; The protocol header fields include: protocol version number, unique request identifier, authentication token, query timeout, and read-only mode identifier; wherein, the protocol version number is used to identify the version of the preset communication protocol, the unique request identifier is used for link tracing, the query timeout is used to limit the maximum duration of query execution, and the read-only mode identifier is used to force the receiving end to use a read-only connection to execute the query. The resource location fields include: tenant identifier, instance identifier, and resource domain identifier; The target operation fields include: type identifier and query statement; The parameters and context fields include: query parameter key-value pairs and context information; wherein, the query parameter key-value pairs are used to implement parameterized queries and prevent injection attacks, and the context information is used to maintain multi-round interaction states.
[0065] Example 3 This embodiment also provides a computer device, such as a smartphone, tablet computer, laptop computer, desktop computer, rack server, blade server, tower server, or cabinet server (including a standalone server or a server cluster composed of multiple servers), etc., capable of executing programs. Figure 4 As shown, the computer device 40 in this embodiment includes, but is not limited to, a memory 401 and a processor 402 that are communicatively connected to each other via a system bus. It should be noted that... Figure 4 Only a computer device 40 with components 401-402 is shown; however, it should be understood that it is not required to implement all of the components shown, and more or fewer components may be implemented instead.
[0066] In this embodiment, the memory 401 (i.e., the readable storage medium) includes flash memory, hard disk, multimedia card, card-type memory (e.g., SD or DX memory), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the memory 401 may be an internal storage unit of the computer device 40, such as the hard disk or memory of the computer device 40. In other embodiments, the memory 401 may also be an external storage device of the computer device 40, such as a plug-in hard disk, smart media card (SMC), secure digital (SD) card, flash card, etc., equipped on the computer device 40. Of course, the memory 401 may include both the internal storage unit and its external storage device of the computer device 40. In this embodiment, the memory 401 is typically used to store the operating system and various application software installed on the computer device 40. In addition, the memory 401 may also be used to temporarily store various types of data that have been output or will be output.
[0067] In some embodiments, processor 402 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip. This processor 402 is typically used to control the overall operation of computer device 40.
[0068] Specifically, in this embodiment, the processor 402 is used to execute a program for querying a knowledge graph database of AI entities stored in the memory 401. When the program for querying a knowledge graph database of AI entities is executed, it implements the following steps: The requesting end obtains the query statement generated by the caller through the AI entity and obtains the authentication token corresponding to the caller; wherein, the requesting end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and sends it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases; The receiving end parses the request message according to the preset communication protocol, obtains the access credentials corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database; The receiving end performs a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement to obtain the query results.
[0069] For a detailed description of the above method steps, please refer to Example 1. This example will not be repeated here.
[0070] Example 4 This embodiment also provides a computer-readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (e.g., SD or DX memory), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, disk, optical disk, server, app store, etc., which stores a computer program. When the computer program is executed by a processor, it implements the following method steps: The requesting end obtains the query statement generated by the caller through the AI entity and obtains the authentication token corresponding to the caller; wherein, the requesting end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and sends it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases; The receiving end parses the request message according to the preset communication protocol, obtains the access credentials corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database; The receiving end performs a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement to obtain the query results.
[0071] For a detailed description of the above method steps, please refer to the first embodiment. This embodiment will not repeat the details here.
[0072] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.
[0073] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.
[0074] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method.
[0075] The above are merely preferred embodiments of this application and do not limit the patent scope of this application. Any equivalent structural or procedural transformations made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of this application.
Claims
1. A method for AI entity querying of a knowledge graph database, characterized in that, The method includes: The requesting end obtains the query statement generated by the caller through the AI entity and obtains the authentication token corresponding to the caller; wherein, the requesting end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and sends it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases; The receiving end parses the request message according to the preset communication protocol, obtains the access credentials corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database; The receiving end performs a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement to obtain the query results.
2. The method for AI entity querying a knowledge graph database according to claim 1, characterized in that, The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information, and the query statement into a request message with a preset data structure according to a preset communication protocol before sending it to the receiving end, including: The requesting end determines the type identifier of the target knowledge graph database, the instance identifier of the target knowledge graph database, and the resource domain identifier in the target knowledge graph database based on the query statement, so as to form the query positioning information; The requesting end determines the tenant identifier to which the caller belongs; The requesting end writes the authentication token into the protocol header field of the request message according to the preset communication protocol, writes the tenant identifier, the instance identifier and the resource domain identifier into the resource location field of the request message, and writes the type identifier and the query statement into the target operation field of the request message to form the request message.
3. The method for AI entity querying a knowledge graph database according to claim 2, characterized in that, The receiving end parses the request message according to the preset communication protocol, obtains the access credential corresponding to the authentication token and the target knowledge graph database, and determines the driver adapter corresponding to the target knowledge graph database, including: The receiving end extracts the authentication token from the protocol header field of the request message according to the preset communication protocol, extracts the tenant identifier, the instance identifier and the resource domain identifier from the resource location field, and extracts the type identifier and the query statement from the target operation field; The receiving end parses the caller's identity information from the authentication token and obtains the access credential that corresponds to both the caller's identity information and the instance identifier from the security credential repository; The receiving end obtains or creates a database connection instance corresponding to the target knowledge graph database from the connection pool based on the tenant identifier and the instance identifier; The receiving end determines the target resource domain corresponding to the resource domain identifier from the target knowledge graph database through the database connection instance; The receiving end loads the driver adapter corresponding to the type identifier.
4. The method for AI entity querying a knowledge graph database according to claim 3, characterized in that, The receiving end, through the driver adapter, and using the access credentials, the query location information, and the query statement, performs a query operation in the target knowledge graph database to obtain query results, including: The receiving end connects to the database instance via the driver adapter and uses the access credentials to perform a query operation in the target resource domain according to the query statement; The receiving end obtains the query results through the driver adapter and the database connection instance; wherein, the query results have the native data structure corresponding to the target knowledge graph database; The receiving end converts the query result into a response message using the preset data structure according to the preset communication protocol; wherein, the response message includes: a status field, a data field and a metadata field, the status field is used to indicate whether the query execution was successful or failed, the data field is used to carry information on the unified structured knowledge graph nodes and edges, and the metadata field is used to carry query execution time, resource consumption and tenant quota usage.
5. The method for AI entity querying a knowledge graph database according to claim 4, characterized in that, The requesting end generates query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulates the authentication token, the query location information, and the query statement into a request message with a preset data structure according to a preset communication protocol before sending it to the receiving end. The request also includes: The requesting end determines whether the query statement is written in the native query language supported by the target knowledge graph database; if yes, it adds a native pattern identifier to the request message; if no, it adds an abstract pattern identifier to the request message. The receiving end, through the driver adapter, and using the access credentials, the query location information, and the query statement, performs a query operation in the target knowledge graph database to obtain query results, and also includes: The receiving end parses the native pattern identifier or the abstract pattern identifier from the request message; When the native pattern identifier is parsed, the receiving end performs a query operation in the target knowledge graph database according to the query statement through the driver adapter and the database connection instance. When the abstract pattern identifier is parsed, the receiving end obtains the query translation engine corresponding to the type identifier, converts the query statement into a native query statement written in the native query language supported by the target knowledge graph database through the query translation engine, and executes the query operation in the target knowledge graph database according to the native query statement through the driver adapter and the database connection instance.
6. The method for AI entity querying a knowledge graph database according to any one of claims 1 to 5, characterized in that, The request message using a preset data structure includes: protocol header field, resource location field, target operation field, parameter and context field; The protocol header fields include: protocol version number, unique request identifier, authentication token, query timeout, and read-only mode identifier; wherein, the protocol version number is used to identify the version of the preset communication protocol, the unique request identifier is used for link tracing, the query timeout is used to limit the maximum duration of query execution, and the read-only mode identifier is used to force the receiving end to use a read-only connection to execute the query. The resource location fields include: tenant identifier, instance identifier, and resource domain identifier; The target operation fields include: type identifier and query statement; The parameters and context fields include: query parameter key-value pairs and context information; wherein, the query parameter key-value pairs are used to implement parameterized queries and prevent injection attacks, and the context information is used to maintain multi-round interaction states.
7. A system for querying an AI entity knowledge graph database, characterized in that, The system includes: The request end is used to obtain the query statement generated by the caller through the AI entity and obtain the authentication token corresponding to the caller; wherein, the request end is integrated into the AI entity, and the authentication token is used to replace the access credentials required to access the knowledge graph database; The requesting end is also configured to generate query location information for the target knowledge graph database to be accessed based on the query statement, and encapsulate the authentication token, the query location information and the query statement into a request message with a preset data structure according to a preset communication protocol and send it to the receiving end; wherein, the receiving end is deployed in a middleware server and is used to adapt to various types of knowledge graph databases; The receiving end is configured to parse the request message according to the preset communication protocol, obtain the access credential corresponding to the authentication token and the target knowledge graph database, and determine the driver adapter corresponding to the target knowledge graph database. The receiving end is further configured to perform a query operation in the target knowledge graph database through the driver adapter, using the access credentials, the query location information, and the query statement, to obtain the query result.
8. The system for querying knowledge graph databases for AI entities according to claim 7, characterized in that, The request message using a preset data structure includes: protocol header field, resource location field, target operation field, parameter and context field; The protocol header fields include: protocol version number, unique request identifier, authentication token, query timeout, and read-only mode identifier; wherein, the protocol version number is used to identify the version of the preset communication protocol, the unique request identifier is used for link tracing, the query timeout is used to limit the maximum duration of query execution, and the read-only mode identifier is used to force the receiving end to use a read-only connection to execute the query. The resource location fields include: tenant identifier, instance identifier, and resource domain identifier; The target operation fields include: type identifier and query statement; The parameters and context fields include: query parameter key-value pairs and context information; wherein, the query parameter key-value pairs are used to implement parameterized queries and prevent injection attacks, and the context information is used to maintain multi-round interaction states.
9. A computer device, the computer device comprising: A memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that the processor, when executing the computer program, implements the steps of the method according to any one of claims 1 to 6.
10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 6.