system
The system addresses the inadequacy of conventional phishing detection by using AI to analyze electronic messages, calculate risk scores, and provide tailored warnings, enhancing detection accuracy and user protection through continuous learning.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SOFTBANK GROUP CORP
- Filing Date
- 2024-12-05
- Publication Date
- 2026-06-17
Smart Images

Figure 2026098604000001_ABST
Abstract
Description
Technical Field
[0001] The technology of the present disclosure relates to a system.
Background Art
[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, including steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a character of the chatbot, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance as a response to the user utterance.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] Electronic messages exchanged via the Internet often include those that are illegal for the purpose of phishing fraud. Users with insufficient information literacy are at a high risk of misidentifying these phishing messages and illegally providing confidential information including personal information. In addition, since it has been difficult for conventional filtering systems to completely prevent such phishing fraud, there is a need for a more reliable detection and warning system.
Means for Solving the Problems
[0005] This invention provides a means for analyzing the content and sender information of an electronic message received by an electronic communication device and calculating a phishing scam risk score. Specifically, a more accurate evaluation is performed by comparing the links and domains in the message with a pre-registered malicious database. Furthermore, if the risk score exceeds a predetermined value, a means is provided to notify the user of a warning, enabling the user to easily respond to malicious messages. In addition, the system's overall defense capability is improved by recording user actions and using them to improve future analyses.
[0006] "Electronic communication devices" refer to devices that have the function of sending and receiving electronic messages, and include smartphones and computers.
[0007] "Electronic messages" refer to digital forms of communication such as emails and text messages that are sent and received over the internet.
[0008] "Analysis" refers to the process of automatically examining the content and structure of an electronic message to reveal its meaning and characteristics.
[0009] "Sender information" refers to information about the origin of an electronic message, and typically includes an email address and domain.
[0010] "Phishing scams" refer to fraudulent activities aimed at illegally obtaining personal and financial information from users by impersonating trusted companies or individuals.
[0011] A "risk score" is an index that quantifies the likelihood that an electronic message is a phishing scam; the higher the score, the greater the risk.
[0012] A "warning" refers to a notification that informs users of the risk of phishing scams and urges them to be careful of fraudulent activity.
[0013] A "database" refers to an information resource that manages links and domains contained in electronic messages and stores known phishing scam information.
[0014] A "link" refers to a hyperlink inserted within an electronic message that directly connects to other web pages or resources.
[0015] A "domain" is an identifier used to identify a specific individual computer resource on the internet, and is usually a string of characters included in a website's URL.
[0016] An "action" refers to an operation a user performs on an electronic message, such as opening an email or clicking a link. [Brief explanation of the drawing]
[0017] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10] It shows an emotion map to which a plurality of emotions are mapped. [Figure 11] It is a sequence diagram showing the processing flow of the data processing system in Example 1. [Figure 12] It is a sequence diagram showing the processing flow of the data processing system in Application Example 1. [Figure 13] It is a sequence diagram showing the processing flow of the data processing system in Example 2 when the emotion engine is combined. [Figure 14] It is a sequence diagram showing the processing flow of the data processing system in Application Example 2 when the emotion engine is combined.
Mode for Carrying Out the Invention
[0018] Hereinafter, an example of an embodiment of a system according to the technology of the present disclosure will be described according to the accompanying drawings.
[0019] First, the terms used in the following description will be described.
[0020] In the following embodiments, the labeled processor (hereinafter simply referred to as "processor") may be one arithmetic unit or a combination of a plurality of arithmetic units. Also, the processor may be one type of arithmetic unit or a combination of a plurality of types of arithmetic units. Examples of arithmetic units include a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), a GPGPU (General-Purpose computing on Graphics Processing Units), an APU (Accelerated Processing Unit), and the like.
[0021] In the following embodiments, the labeled RAM (Random Access Memory) is a memory in which information is temporarily stored and is used as a work memory by the processor.
[0022] In the following embodiments, the signed storage is one or more non-volatile storage devices that store various programs and various parameters. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes.
[0023] In the following embodiments, the signed communication interface (I / F) is an interface that includes a communication processor and an antenna, etc. The communication interface manages communication between multiple computers. Examples of communication standards applicable to the communication interface include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).
[0024] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B." That is, "A and / or B" means that it may be A alone, or B alone, or a combination of A and B. Furthermore, in this specification, the same concept as "A and / or B" applies when expressing three or more things linked by "and / or."
[0025] [First Embodiment]
[0026] Figure 1 shows an example of the configuration of the data processing system 10 according to the first embodiment.
[0027] As shown in Figure 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.
[0028] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0029] The smart device 14 comprises a computer 36, a reception device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The reception device 38, output device 40, and camera 42 are also connected to the bus 52.
[0030] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, etc., and receives user input. The touch panel 38A receives user input by detecting contact with an object (e.g., a pen or finger). The microphone 38B receives user input by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the data indicating the user input.
[0031] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user 20 by outputting the data in a form perceptible to the user 20 (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.
[0032] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.
[0033] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.
[0034] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0035] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0036] In the smart device 14, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The reception output program 60 is used in conjunction with a specific processing program 56 by the data processing system 10. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0037] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".
[0038] This invention is a system that automatically detects the possibility that an electronic message received by an electronic communication device is a phishing scam and notifies the user of the warning. An embodiment thereof is described below.
[0039] First, a device receives an electronic message. This device can be any device connected to the internet, such as a smartphone or a personal computer. The received message includes the message body, sender information, and links or domain information.
[0040] The terminal sends metadata of the received electronic message to the server. The server has a powerful analysis engine that analyzes the message content and sender information in detail based on the received data. The analysis is performed using an AI model, which evaluates the likelihood of a phishing email based on a training dataset containing numerous phishing scam features.
[0041] As a concrete example, consider a case where a user receives an electronic message disguised as coming from a financial institution. The server analyzes this message to determine its authenticity, checking for specific keywords and unnatural links. It also checks if the link is registered in the database as a known malicious domain. If a match is found through the database check, the message is judged to be highly dangerous.
[0042] The server calculates an overall phishing risk score for the message, and if it exceeds a certain score, it sends a warning notification to the user's device. This notification is designed to grab the user's attention and displays specific warning messages such as, "This email is a phishing scam. Do not click on the link."
[0043] Upon receiving this warning, the user can choose not to open the link in the electronic message or to delete it. This action is recorded on the device and later reported to the server. The recorded data is used to improve the system's phishing detection accuracy.
[0044] In this way, the purpose of this system is to prevent damage from phishing scams and protect users' personal and financial information.
[0045] The following describes the processing flow.
[0046] Step 1:
[0047] The device receives an electronic message. The device temporarily stores the message body, sender information, and any included links or domains.
[0048] Step 2:
[0049] The device sends metadata of the electronic message it receives to the server. This is to provide the information necessary for analyzing the message.
[0050] Step 3:
[0051] The server inputs the received metadata into the AI model and begins analyzing the electronic message. Specifically, it extracts keywords from the message body, the sender's email address, and patterns of unnatural links and domains.
[0052] Step 4:
[0053] Based on the information analyzed by the server, it assesses the likelihood of a phishing scam and calculates a risk score. Here, the score is set according to the characteristics of known phishing emails, with higher scores being assigned accordingly.
[0054] Step 5:
[0055] The server compares links and domains contained in electronic messages against a database. If a known malicious domain is detected, the risk score is increased.
[0056] Step 6:
[0057] The server generates a warning message based on the risk score and sends it to the terminal. When the score exceeds a predetermined value, a warning is sent to the user to alert them.
[0058] Step 7:
[0059] The device displays a warning message to the user. For example, it might say, "This email may be a phishing attempt. Do not click the link."
[0060] Step 8:
[0061] Users acknowledge the warning and take action such as not opening the email or deleting it. This helps them avoid becoming victims of phishing scams.
[0062] Step 9:
[0063] The device records user actions and reports that data to the server. This allows for continuous improvement of the system's analysis accuracy.
[0064] (Example 1)
[0065] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0066] In recent years, fraudulent activities using electronic communications have become frequent, increasing the risk of leakage of personal and financial information. Conventional systems have limitations in the accuracy and speed of phishing scam detection, and many users may end up opening malicious links. To solve this problem, there is a need for technology that can detect phishing scams with higher accuracy and efficiency and provide appropriate warnings to users.
[0067] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0068] In this invention, the server includes processing means for analyzing the text and sender information of communication data, calculation means for calculating a risk score for fraudulent activity, and communication means for notifying the user of a warning. This makes it possible to evaluate with high accuracy whether the received communication data is a phishing scam and to promptly notify the user of a warning.
[0069] "Electronic communication equipment" refers to devices used to send and receive data over the internet, including smartphones, personal computers, and tablets.
[0070] "Communication data" refers to information transmitted and received via electronic communication devices, including text received through email and messaging applications, sender information, and link information.
[0071] "Analysis means" refers to functions installed to understand the content of communication data and execute processes to detect fraudulent elements, particularly functions that utilize AI models.
[0072] "Calculation means" refers to the function used to perform the process of calculating a risk score based on the evaluated data.
[0073] "Communication methods" refer to functions for providing warnings and notifications to users, including conveying risk information via pop-ups, screen displays, audio warnings, etc.
[0074] An "external database" refers to an external source of information used to compare information contained in communication data with known fraud-related data.
[0075] "Memory devices" refer to functions for saving user actions and recording information that can be used for later analysis and system improvement.
[0076] A "generative artificial intelligence model" refers to an AI model that learns from large amounts of data and is used to analyze communication data and identify characteristics of fraudulent activities.
[0077] To implement this invention, a terminal as an electronic communication device is first required. This terminal consists of an internet-connected device such as a smartphone, personal computer, or tablet. The terminal receives communication data using an email client or messaging application.
[0078] Next, the server receives and analyzes this communication data. The server is equipped with analysis tools, including a generative artificial intelligence model, to detect malicious elements, particularly patterns characteristic of fraudulent activity, based on the text and sender information of the communication data. At this stage, natural language processing techniques are used to attempt to understand the content of the message.
[0079] Furthermore, the server calculates a risk score based on the analysis results through a computational mechanism. This includes a process of comparing link and domain information contained in the communication data with an external database. Based on the comparison results, if the risk score exceeds a certain value, the server uses the communication mechanism to notify the terminal of a warning.
[0080] As a concrete example, let's consider a scenario where a user receives an email claiming to be from a bank. The server analyzes whether the links in this email are secure, and if they have any suspicious characteristics, it warns the user with a message saying, "This email may be a phishing attempt. Do not click the link."
[0081] Examples of prompts for a generative AI model:
[0082] "Please evaluate the security of this email. Analyze its contents and check for potential phishing attempts."
[0083] Finally, the device records the user's actions and reports them to the server. This recorded data is used to improve the accuracy of the AI model, enabling more precise detection of phishing scams.
[0084] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0085] Step 1:
[0086] The device receives an electronic message. The input includes communication data received via the internet. The message body, sender information, and link information are retrieved, and processing is performed to determine if the data is potentially a phishing email. At this stage, the data is stored in the device's inbox folder.
[0087] Step 2:
[0088] The terminal extracts metadata (sender address, link URL, header information, etc.) from the received message. This extracted metadata is the input, and this data is sent to the server. The terminal performs data filtering, and only the relevant data is transferred to the server.
[0089] Step 3:
[0090] Based on the metadata received by the server, data analysis is performed using a generative AI model. The AI model receives this input and utilizes natural language processing techniques to detect patterns that have phishing characteristics. This results in an output that understands the intent of the text content and identifies risk factors. Specifically, a machine learning algorithm evaluates the structure and relevance of the messages.
[0091] Step 4:
[0092] The server calculates a risk score for fraudulent activity based on the analyzed data. In this process, link and domain information is cross-referenced with an external database and used to identify potential fraud. The input is the analysis results, and the output is the risk score. The server performs calculations to numerically evaluate the likelihood of fraudulent activity.
[0093] Step 5:
[0094] The server sends a warning notification to the terminal if the risk score exceeds a predetermined value. In this case, the input is the evaluation result based on the score, and the output is a warning message. The server controls the user interface and sends notifications such as, "This email may be a phishing email. Do not click the link."
[0095] Step 6:
[0096] After receiving a warning, the user can choose to take actions such as not opening the link in the message or deleting it. This action is recorded as input on the device. The device then reports this action data to the server.
[0097] Step 7:
[0098] The server updates the AI model's training data based on recorded user behavior data, improving the accuracy of subsequent analyses. The input is the user's behavior record, and the output is the model's updated evaluation criteria. The server continuously improves accuracy through a feedback loop.
[0099] (Application Example 1)
[0100] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0101] With the advancement of information and communication technology, fraudulent activities attempting to illegally obtain personal information are on the rise. However, current security systems are inadequate in providing real-time notification of fraud risks, and there is a lack of adequate warnings to mitigate the risk of users clicking on malicious links. Therefore, there is a need for a system that accurately assesses the risk level of incoming messages and promptly notifies users of the warnings.
[0102] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0103] In this invention, the server includes means for an electronic communication device to acquire an informational message and analyze the content and sender information of the informational message; means for calculating a fraud risk score based on the analyzed information; and means for notifying the user of a warning if the risk score exceeds a threshold value. This makes it possible to evaluate the fraud risk of received informational messages in real time and provide a prompt warning before the user performs any fraudulent actions.
[0104] An "electronic communication device" is a communication device that has the function of acquiring information messages, and includes devices such as smartphones and personal computers.
[0105] An "informational message" refers to communication content, including text and images, acquired by electronic communication devices, and sent and received through email or messaging applications.
[0106] "Sender information" refers to identifying information about the person who sent the informational message, and includes data such as an email address and the domain name of the sender.
[0107] "Means of analysis" refers to the process or function used to analyze received informational messages and sender information to detect their content and specific characteristics.
[0108] The "fraud risk score" is a numerical evaluation of the likelihood of fraudulent activity occurring with respect to an informational message, and is an indicator of the probability that the message is fraudulent.
[0109] The "benchmark value" is the threshold that the fraud risk score must exceed, and it is the numerical value that serves as the standard for issuing a warning to the user if this value is exceeded.
[0110] A "user" is a person who operates an electronic communication device and is the user who responds to the informational message received.
[0111] "Means of notifying warnings" refer to functions or devices that alert users to risks when the risk score exceeds a certain threshold, and provide warnings visually or audibly.
[0112] A "mobile security application" is a software program installed on a portable information device to detect fraud risks.
[0113] "Reference information" refers to identifying information such as web links and file paths included in an informational message, and is data that instructs access to external resources.
[0114] "Domain" refers to a specific location or domain on the internet, and is a term that indicates the scope of what reference information points to.
[0115] A "data bank" is a database system that stores and manages known information, and is a device for storing records that include information on fraudulent activities and malicious websites.
[0116] "Means for recording actions and using them for subsequent analysis" refers to a process that collects user actions as data and makes them available for reference during future analysis.
[0117] "Means of visualizing notifications" refers to means of visually indicating warnings to users, specifically methods of displaying alerts on the screen of a mobile device.
[0118] The system for implementing this invention mainly consists of a server, an electronic communication device (terminal), and a user interface. Specific embodiments of each component are described below.
[0119] server
[0120] The server receives metadata of incoming messages transmitted from electronic communication devices. This metadata includes the message body, sender information, and reference information. Based on this data, the server utilizes a powerful analysis engine and a generative AI model to assess the message's fraud risk. This analysis engine uses machine learning software such as Scikit-learn and TENSORFLOW®, and is based on a large training dataset with phishing scam characteristics. The server calculates a risk score based on the analysis results, and if it exceeds a certain threshold, it sends data to the device to issue a warning.
[0121] Electronic communication devices (terminals)
[0122] The device notifies the user of a warning based on information received from the server. A smartphone with the application installed is a specific example. The device displays a warning message on the user interface, clearly stating, "This email may be a phishing attempt. Do not click the link." Actions taken by the user, such as deleting the message, are later sent to the server, contributing to improving the system's accuracy.
[0123] User Interface
[0124] The user interface is designed using JavaScript®, HTML, and CSS, and visually displays warnings on the smartphone screen. Through this interface, users can quickly assess the danger of incoming messages and choose appropriate action.
[0125] Specific example
[0126] For example, suppose a user receives a phishing email disguised as coming from a financial institution. If the email has a high risk score, the server's analysis engine will detect the danger, and a warning will be displayed on the smartphone screen. A possible prompt might read, "You have received a new email. Please analyze the sender information and links to assess the risk of phishing."
[0127] In this way, this system provides a powerful means of protecting users from malicious informational messages.
[0128] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0129] Step 1:
[0130] The terminal functions as an electronic communication device and receives new informational messages. The received messages include the message body, sender information, and reference information. This data is used as initial input data for processing.
[0131] Step 2:
[0132] The terminal extracts metadata from the received informational message and sends it to the server. This metadata includes a summary from the message body, the sender's email address, and reference information such as links and domain information. The extracted metadata becomes the input data for the next analysis.
[0133] Step 3:
[0134] The server receives this message and uses a generative AI model to analyze it. The generative AI model used is trained on Scikit-learn or TensorFlow and extracts features based on the message content and sender information to calculate a fraud risk score. This process yields the risk score as output.
[0135] Step 4:
[0136] The server uses the obtained risk score to compare it to a baseline value and determine whether the risk of fraud is high. If it exceeds the baseline value, it generates warning data and sends it to the terminal. The warning data becomes the input data for the next stage.
[0137] Step 5:
[0138] The terminal receives warning data from the server and displays a warning message via the user interface based on its content. Specifically, it displays a warning such as, "This email may be a phishing attempt. Do not click the link." This display constitutes the output of information that the user sees.
[0139] Step 6:
[0140] Users manage messages based on the warnings they receive. For example, they can choose actions such as deleting messages deemed dangerous, and these actions are recorded on their device. The recorded user actions serve as feedback data for the next stage.
[0141] Step 7:
[0142] The device collects user actions and sends that information back to the server. This feedback process allows the server to use it as real-world usage data to improve its analysis engine and retrain its machine learning models.
[0143] In this way, the system can assess the risks of informational messages in real time and efficiently provide appropriate warnings to users.
[0144] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0145] This invention optimizes the warning method by combining a system that effectively detects phishing scam threats within an electronic communication device and provides appropriate warnings to users based on those threats with an emotion engine that takes into account the user's emotional state.
[0146] This system activates when a user receives an electronic message on an electronic communication device. The terminal first sends data to the server to analyze the content of the received message and sender information. The server uses AI-based analysis tools to detect patterns that are characteristic of phishing scams. It then quantifies the likelihood of a phishing scam as a risk score, and if it exceeds a certain threshold, it is determined that there is a possibility of phishing.
[0147] Next, the emotion engine works to recognize the user's emotions. The emotion engine can detect emotions from the user's facial expressions and tone of voice through the camera and microphone. Based on this information, it determines the user's emotional state, such as tension, relaxation, or stress level.
[0148] For example, if a user receives a suspicious electronic message from a financial institution, the server might analyze the message and assign a high risk score. Furthermore, if the emotion engine detects tension in the user's facial expression, the device might display a warning message in a calm and easy-to-understand tone to help alleviate stress.
[0149] Users can review the warning message and choose to take action, such as deleting it without opening it. The user's actions and associated sentiment data are recorded and used to further improve the accuracy of phishing detection.
[0150] Thus, the objective of this invention is to provide an environment in which users can use electronic messages with peace of mind by utilizing an emotion engine to further protect users from phishing scams.
[0151] The following describes the processing flow.
[0152] Step 1:
[0153] The terminal receives an electronic message. The terminal temporarily stores the message content and sender information, preparing to send it to the server later.
[0154] Step 2:
[0155] The terminal sends the metadata of the electronic message to the server. The server starts analyzing the message based on the received data.
[0156] Step 3:
[0157] The server uses AI to analyze electronic messages. The server evaluates suspicious keywords, sender addresses, and links and domain information in the message body and calculates a risk score indicating the likelihood of a phishing scam.
[0158] Step 4:
[0159] The server checks the obtained risk score, and if the score exceeds the threshold, it determines that the risk of phishing is high.
[0160] Step 5:
[0161] The device activates an emotion engine to recognize the user's emotions. The emotion engine uses the device's camera and microphone to analyze the user's facial expressions and voice to determine their emotional state.
[0162] Step 6:
[0163] The emotion engine identifies the user's emotions. For example, if it analyzes that the user is in an anxious state, this information is used for the next processing step.
[0164] Step 7:
[0165] The device generates a warning message based on phishing risk information from the server and the results of the sentiment engine. The tone and wording of the warning are adjusted according to the user's emotional state.
[0166] Step 8:
[0167] The device displays a warning message to the user. This message uses calm language to convey a warning about phishing, allowing the user to remain calm and deal with the situation appropriately.
[0168] Step 9:
[0169] The user reviews the warning message and chooses an appropriate action, such as not opening the electronic message or deleting it. This action is recorded on the device.
[0170] Step 10:
[0171] The device reports user actions and sentiment data to the server, which is then used to further improve phishing detection algorithms.
[0172] (Example 2)
[0173] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".
[0174] Conventional electronic communication devices cannot consider the user's emotional state when detecting fraudulent activities such as phishing scams, and the warning display is uniform, which may cause users to feel anxious or excessively lower their guard. In addition, there is a lack of mechanisms to efficiently utilize user behavior data for analysis, which limits the improvement of phishing detection accuracy.
[0175] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0176] In this invention, the server includes means for receiving electronic communications from electronic communication equipment and analyzing the content and sender information of the electronic communications; means for calculating a numerical value to evaluate the possibility of fraudulent activity; and means for detecting the user's emotional state and optimizing warnings based on that state. This makes it possible to provide flexible and appropriate warnings that take into account the user's emotions, allowing the user to use electronic communications with peace of mind. Furthermore, by recording the user's reactions and emotional data and using it for subsequent analysis, further improvements in phishing detection accuracy can be expected.
[0177] "Electronic communication equipment" refers to devices used to send and receive digital data between users, and includes, for example, smartphones and computers.
[0178] "Electronic communication" refers to communication methods that involve the exchange of information in a digital format, such as email and messaging platforms.
[0179] "Sender information" refers to data about the entity that sent the electronic communication, including, for example, its email address and domain name.
[0180] The "numerical value for evaluating the possibility of fraudulent activity" is an indicator that shows the risk of phishing scams and the like, calculated based on data analyzed by the server.
[0181] "User's emotional state" refers to the psychological and emotional state of an individual operating an electronic communication device, as judged from their facial expressions and voice.
[0182] "Optimizing warnings" means adjusting the content and presentation method of warning messages according to the user's emotional state and risk score.
[0183] A "generated model" is a digital model created using computational methods based on AI and machine learning techniques to perform data analysis processes.
[0184] A description of the embodiment for carrying out the invention will be provided.
[0185] This invention is an electronic communication system that detects phishing scams and issues appropriate warnings, taking into account the user's emotional state. Its specific configuration and operation are described below.
[0186] First, when a terminal receives an electronic communication, it automatically sends its content and sender information to the server. In this context, the term "terminal" refers to various electronic communication devices, specifically including common information processing devices such as smartphones and personal computers.
[0187] The server analyzes the received communications using AI analysis tools. This analysis can utilize known AI frameworks (e.g., TensorFlow or PyTorch). To assess the likelihood of fraud, the server searches for fraudulent characteristics in the transmitted information and calculates a numerical risk score based on these characteristics. For example, if the communication includes words like "free" or "urgent," the risk score will be set higher.
[0188] Next, the device activates an emotion engine to estimate the user's emotions via the camera and microphone. This emotion engine can analyze facial expressions using OpenCV and other image processing libraries. It also performs voice analysis on the user's voice tone to assess their level of tension and stress.
[0189] For example, consider a scenario where a user receives a suspicious email from a bank. The server analyzes the email and calculates a high risk score. Furthermore, the device's camera detects tension in the user's face. In this case, the device generates a warning message in a calm tone, such as, "This appears to be an important email, but caution is advised before reviewing its contents," and displays it to the user.
[0190] An example of a prompt message might be: "Calculate the risk score of the received email and create a warning message to reduce the user's anxiety."
[0191] In this way, the system provides warnings that take into account the user's feelings, thereby creating a safer electronic communication environment.
[0192] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0193] Step 1:
[0194] The user receives electronic communication on their device. The device then sends the content of this communication and the sender's information to the server. The input consists of the communication content and sender's information, which are encrypted and then sent to the server. Specifically, the device detects a new email, retrieves its detailed information, and prepares it for sending.
[0195] Step 2:
[0196] The server uses an AI analysis tool to analyze the received communication content and calculate a numerical value indicating the likelihood of fraudulent activity. The input is electronic communication content, and the AI analysis tool uses natural language processing and pattern matching to output a risk score. Here, the server identifies the characteristics of phishing scams hidden within the communication and classifies the risk level of the incident.
[0197] Step 3:
[0198] The device uses an emotion engine to detect the user's emotional state. Input includes the user's current image and audio information, which is then analyzed using an emotion analysis algorithm to output the appropriate emotion category. Specifically, the device activates its camera and microphone, captures the user's facial expressions and voice tone, and pre-processes this data for analysis.
[0199] Step 4:
[0200] The terminal combines the risk score from the server with the user's emotional state, which it detects itself, to generate and display a warning message. The input consists of the risk score and emotional state data. It uses prompts to generate the most appropriate warning message based on this combination and presents it to the user as output. Specifically, the terminal considers appropriate tone and word choice when displaying the warning.
[0201] Step 5:
[0202] The user reviews the warning message and selects the appropriate action. The input is the displayed warning message, and based on its content, the system outputs actions such as deleting the message or moving it to the spam folder. Specifically, the user follows the on-screen instructions and takes appropriate action.
[0203] Step 6:
[0204] The terminal records user behavior and emotional data and sends it to the server. The input consists of the user's selected actions and the emotional data associated with them. This process involves structuring and outputting this data for storage in a database. Here, the terminal organizes the behavior log and sends it to the server via communication.
[0205] (Application Example 2)
[0206] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as a "server" and the smart device 14 as a "terminal".
[0207] In modern electronic communications, phishing scams pose a significant threat to users. Existing security measures focus on detecting fraudulent messages, but they often fail to consider the user's emotional state, potentially increasing user stress. Therefore, it is necessary to not only accurately assess the risk of phishing scams but also to provide warnings optimized for the user's emotional state to effectively ensure user safety and peace of mind.
[0208] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0209] In this invention, the server includes means for analyzing electronic messages, means for calculating a phishing scam risk score, and emotion detection means for recognizing the user's emotional state. This makes it possible to evaluate the risk of phishing scams with high accuracy and provide an optimal warning message tailored to the user's emotional state.
[0210] "Electronic communication equipment" refers to all devices used to receive electronic messages and process related information.
[0211] "Phishing scams" refer to acts involving malicious electronic messages intended to illegally obtain confidential information from users.
[0212] A "risk score" is an index used to quantify and quantitatively evaluate the likelihood of a phishing scam.
[0213] "Emotion detection means" refers to a mechanism that analyzes the user's facial expressions and tone of voice to recognize their emotional state in real time.
[0214] A "warning message" refers to a notification that informs users of the possibility of a phishing scam and urges them to take precautions.
[0215] "Analysis accuracy" refers to the degree of accuracy and reliability in detecting phishing scams and recognizing the emotional state of users.
[0216] This invention constructs an advanced electronic communication system to protect users from phishing scams. This system operates on the user's personal communication device, i.e., terminal, and functions in conjunction with a cloud-based server.
[0217] The server uses AI analysis tools to analyze received electronic messages and calculate a phishing scam risk score. During this process, machine learning libraries (e.g., TensorFlow) are used to analyze message patterns and assess risk. Furthermore, the reliability of links and domains within messages is verified by cross-referencing them with known databases.
[0218] The emotion detection system built into the device uses a camera and microphone to analyze the user's facial expressions and voice tone in real time. This utilizes software libraries such as OpenCV and PyAudio to recognize the user's emotional state.
[0219] If a user receives a message that poses a high risk of phishing, the server generates a warning message based on the risk score and the user's emotional state. The warning message is tailored in tone and content to match the user's current emotional state and is designed to reduce stress.
[0220] For example, if a user receives a suspicious message disguised as coming from a bank, and the server determines the message is high-risk, it will detect that the user is in a stressed emotional state and display a warning in a gentle tone such as, "This message requires caution. Please respond calmly and carefully."
[0221] As a concrete example, a prompt message to the generating AI model could be something like, "Analyze the user's facial expression and tone of voice when they receive a phishing message, and then formulate the most appropriate warning message." In this way, the entire system can reduce the risk of phishing scams through user interaction and provide a safer communication environment.
[0222] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0223] Step 1:
[0224] The terminal receives an electronic message. It extracts the content of the received message and sender information and sends it to the server. The input is the electronic message and sender information, and the output is passed to the server as data for analysis. Upon receiving the data, the server prepares for message analysis.
[0225] Step 2:
[0226] The server uses an AI analysis tool (e.g., TensorFlow) based on the received data to calculate a phishing scam risk score. The input is the message data sent by the device, and the output is the risk score. The server analyzes the message content to see if it matches any known phishing patterns.
[0227] Step 3:
[0228] The server uses a database to compare links and domains contained in a message against known, trusted data. The input is the link and domain information within the message, and the output is the evaluation of their reliability. Based on this, an additional determination is made as to whether the message is secure.
[0229] Step 4:
[0230] The device uses a camera and microphone to collect the user's facial expressions and voice tone, and analyzes their emotional state. The input is the user's video and audio data, and the output is the result of the emotional state assessment. The device performs this process using analysis software (e.g., OpenCV, PyAudio).
[0231] Step 5:
[0232] The server generates a warning message for the user based on the risk score and the user's emotional state. The input is the risk score and emotional state data, and the output is an optimized warning message. The server adjusts the tone and content according to the user's emotions.
[0233] Step 6:
[0234] The user reviews the warning message displayed on the device. A final action is taken based on the user's actions (such as deleting the message or viewing details). The input is the warning message and the user's decision, and the output is recorded as the user's action. This data is used to improve the accuracy of subsequent analyses.
[0235] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.
[0236] Data generation model 58 is a so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> ), Gemini (registered trademark) (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0237] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart device 14.
[0238] [Second Embodiment]
[0239] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.
[0240] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.
[0241] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0242] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.
[0243] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0244] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0245] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0246] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0247] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0248] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0249] In the smart glasses 214, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0250] Next, the identification processing performed by the identification processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0251] This invention is a system that automatically detects the possibility that an electronic message received by an electronic communication device is a phishing scam and notifies the user of the warning. An embodiment thereof is described below.
[0252] First, a device receives an electronic message. This device can be any device connected to the internet, such as a smartphone or a personal computer. The received message includes the message body, sender information, and links or domain information.
[0253] The terminal sends metadata of the received electronic message to the server. The server has a powerful analysis engine that analyzes the message content and sender information in detail based on the received data. The analysis is performed using an AI model, which evaluates the likelihood of a phishing email based on a training dataset containing numerous phishing scam features.
[0254] As a concrete example, consider a case where a user receives an electronic message disguised as coming from a financial institution. The server analyzes this message to determine its authenticity, checking for specific keywords and unnatural links. It also checks if the link is registered in the database as a known malicious domain. If a match is found through the database check, the message is judged to be highly dangerous.
[0255] The server calculates an overall phishing risk score for the message, and if it exceeds a certain score, it sends a warning notification to the user's device. This notification is designed to grab the user's attention and displays specific warning messages such as, "This email is a phishing scam. Do not click on the link."
[0256] Upon receiving this warning, the user can choose not to open the link in the electronic message or to delete it. This action is recorded on the device and later reported to the server. The recorded data is used to improve the system's phishing detection accuracy.
[0257] In this way, the purpose of this system is to prevent damage from phishing scams and protect users' personal and financial information.
[0258] The following describes the processing flow.
[0259] Step 1:
[0260] The device receives an electronic message. The device temporarily stores the message body, sender information, and any included links or domains.
[0261] Step 2:
[0262] The device sends metadata of the electronic message it receives to the server. This is to provide the information necessary for analyzing the message.
[0263] Step 3:
[0264] The server inputs the received metadata into the AI model and begins analyzing the electronic message. Specifically, it extracts keywords from the message body, the sender's email address, and patterns of unnatural links and domains.
[0265] Step 4:
[0266] Based on the information analyzed by the server, it assesses the likelihood of a phishing scam and calculates a risk score. Here, the score is set according to the characteristics of known phishing emails, with higher scores being assigned accordingly.
[0267] Step 5:
[0268] The server compares links and domains contained in electronic messages against a database. If a known malicious domain is detected, the risk score is increased.
[0269] Step 6:
[0270] The server generates a warning message based on the risk score and sends it to the terminal. When the score exceeds a predetermined value, a warning is sent to the user to alert them.
[0271] Step 7:
[0272] The device displays a warning message to the user. For example, it might say, "This email may be a phishing attempt. Do not click the link."
[0273] Step 8:
[0274] Users acknowledge the warning and take action such as not opening the email or deleting it. This helps them avoid becoming victims of phishing scams.
[0275] Step 9:
[0276] The device records user actions and reports that data to the server. This allows for continuous improvement of the system's analysis accuracy.
[0277] (Example 1)
[0278] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0279] In recent years, fraudulent activities using electronic communications have become frequent, increasing the risk of leakage of personal and financial information. Conventional systems have limitations in the accuracy and speed of phishing scam detection, and many users may end up opening malicious links. To solve this problem, there is a need for technology that can detect phishing scams with higher accuracy and efficiency and provide appropriate warnings to users.
[0280] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0281] In this invention, the server includes processing means for analyzing the text and sender information of communication data, calculation means for calculating a risk score for fraudulent activity, and communication means for notifying the user of a warning. This makes it possible to evaluate with high accuracy whether the received communication data is a phishing scam and to promptly notify the user of a warning.
[0282] "Electronic communication equipment" refers to devices used to send and receive data over the internet, including smartphones, personal computers, and tablets.
[0283] "Communication data" refers to information transmitted and received via electronic communication devices, and refers to text received through email or message applications, sender information, link information, etc.
[0284] "Analysis means" refers to a function installed to execute a process for understanding the content of communication data and detecting illegal elements, particularly a function that utilizes an AI model.
[0285] "Calculation means" refers to a function for performing a process of calculating a risk score based on the evaluated data.
[0286] "Communication means" is a function for warning and notifying users, and refers to transmitting risk information via pop-ups, screen displays, voice warnings, etc.
[0287] "External database" refers to an external information source used to compare the information contained in communication data with known fraud-related data.
[0288] "Memory means" is a function for storing the actions taken by users, and refers to the recording of information used for subsequent analysis and system improvement.
[0289] "Generative artificial intelligence model" refers to an AI model that learns based on a large amount of data and is used to analyze communication data and identify the characteristics of fraud.
[0290] To implement this invention, first, a terminal as an electronic communication device is required. This terminal is composed of devices capable of connecting to the Internet, such as smartphones, personal computers, tablets, etc. The terminal receives communication data using an email client or a message application.
[0291] Next, the server receives and analyzes this communication data. The server is equipped with analysis tools, including a generative artificial intelligence model, to detect malicious elements, particularly patterns characteristic of fraudulent activity, based on the text and sender information of the communication data. At this stage, natural language processing techniques are used to attempt to understand the content of the message.
[0292] Furthermore, the server calculates a risk score based on the analysis results through a computational mechanism. This includes a process of comparing link and domain information contained in the communication data with an external database. Based on the comparison results, if the risk score exceeds a certain value, the server uses the communication mechanism to notify the terminal of a warning.
[0293] As a concrete example, let's consider a scenario where a user receives an email claiming to be from a bank. The server analyzes whether the links in this email are secure, and if they have any suspicious characteristics, it warns the user with a message saying, "This email may be a phishing attempt. Do not click the link."
[0294] Examples of prompts for a generative AI model:
[0295] "Please evaluate the security of this email. Analyze its contents and check for potential phishing attempts."
[0296] Finally, the device records the user's actions and reports them to the server. This recorded data is used to improve the accuracy of the AI model, enabling more precise detection of phishing scams.
[0297] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0298] Step 1:
[0299] The device receives an electronic message. The input includes communication data received via the internet. The message body, sender information, and link information are retrieved, and processing is performed to determine if the data is potentially a phishing email. At this stage, the data is stored in the device's inbox folder.
[0300] Step 2:
[0301] The terminal extracts metadata (sender address, link URL, header information, etc.) from the received message. This extracted metadata is the input, and this data is sent to the server. The terminal performs data filtering, and only the relevant data is transferred to the server.
[0302] Step 3:
[0303] Based on the metadata received by the server, data analysis is performed using a generative AI model. The AI model receives this input and utilizes natural language processing techniques to detect patterns that have phishing characteristics. This results in an output that understands the intent of the text content and identifies risk factors. Specifically, a machine learning algorithm evaluates the structure and relevance of the messages.
[0304] Step 4:
[0305] The server calculates a risk score for fraudulent activity based on the analyzed data. In this process, link and domain information is cross-referenced with an external database and used to identify potential fraud. The input is the analysis results, and the output is the risk score. The server performs calculations to numerically evaluate the likelihood of fraudulent activity.
[0306] Step 5:
[0307] When the risk score exceeds a predetermined value, the server sends a warning notification to the terminal. In this case, the input is the evaluation result based on the score, and the output is a warning message. The server controls the user interface and sends notifications such as "This email has a phishing risk. Do not click on the link."
[0308] Step 6:
[0309] After receiving the warning, the user selects actions such as not opening or deleting the link in the message. As a result, the user's actions are recorded as input on the terminal. The terminal reports the action data to the server.
[0310] Step 7:
[0311] Based on the recorded user action data, the server updates the learning data of the AI model to improve the analysis accuracy for subsequent times. The input is the user's action record, and the output is the updated evaluation criteria of the model. In the server, continuous accuracy improvement is carried out through the feedback loop.
[0312] (Application Example 1)
[0313] Next, Application Example 1 will be described. In the following description, the data processing device 12 is referred to as the "server", and the smart glasses 214 are referred to as the "terminal".
[0314] With the progress of information and communication technology, fraud attempts to illegally obtain personal information are increasing. However, in current security systems, real-time fraud risk notifications are incomplete, and there is a lack of appropriate warnings to reduce the risk that users click on malicious links. Therefore, there is a need for a system that can accurately evaluate the risk level of received messages and quickly notify users with warnings.
[0315] The specific processing by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0316] In this invention, the server includes means for an electronic communication device to acquire an informational message and analyze the content and sender information of the informational message; means for calculating a fraud risk score based on the analyzed information; and means for notifying the user of a warning if the risk score exceeds a threshold value. This makes it possible to evaluate the fraud risk of received informational messages in real time and provide a prompt warning before the user performs any fraudulent actions.
[0317] An "electronic communication device" is a communication device that has the function of acquiring information messages, and includes devices such as smartphones and personal computers.
[0318] An "informational message" refers to communication content, including text and images, acquired by electronic communication devices, and sent and received through email or messaging applications.
[0319] "Sender information" refers to identifying information about the person who sent the informational message, and includes data such as an email address and the domain name of the sender.
[0320] "Means of analysis" refers to the process or function used to analyze received informational messages and sender information to detect their content and specific characteristics.
[0321] The "fraud risk score" is a numerical evaluation of the likelihood of fraudulent activity occurring with respect to an informational message, and is an indicator of the probability that the message is fraudulent.
[0322] The "benchmark value" is the threshold that the fraud risk score must exceed, and it is the numerical value that serves as the standard for issuing a warning to the user if this value is exceeded.
[0323] A "user" is a person who operates an electronic communication device and is the user who responds to the informational message received.
[0324] "Means of notifying warnings" refer to functions or devices that alert users to risks when the risk score exceeds a certain threshold, and provide warnings visually or audibly.
[0325] A "mobile security application" is a software program installed on a portable information device to detect fraud risks.
[0326] "Reference information" refers to identifying information such as web links and file paths included in an informational message, and is data that instructs access to external resources.
[0327] "Domain" refers to a specific location or domain on the internet, and is a term that indicates the scope of what reference information points to.
[0328] A "data bank" is a database system that stores and manages known information, and is a device for storing records that include information on fraudulent activities and malicious websites.
[0329] "Means for recording actions and using them for subsequent analysis" refers to a process that collects user actions as data and makes them available for reference during future analysis.
[0330] "Means of visualizing notifications" refers to means of visually indicating warnings to users, specifically methods of displaying alerts on the screen of a mobile device.
[0331] The system for implementing this invention mainly consists of a server, an electronic communication device (terminal), and a user interface. Specific embodiments of each component are described below.
[0332] server
[0333] The server receives metadata of incoming messages sent from electronic communication devices. This metadata includes the message body, sender information, and reference information. Based on this data, the server leverages a powerful analysis engine and a generative AI model to assess the message's fraud risk. This analysis engine uses machine learning software such as Scikit-learn and TensorFlow, and is based on a large training dataset with phishing scam characteristics. The server calculates a risk score based on the analysis results, and if it exceeds a certain threshold, it sends data to the device to issue a warning.
[0334] Electronic communication devices (terminals)
[0335] The device notifies the user of a warning based on information received from the server. A smartphone with the application installed is a specific example. The device displays a warning message on the user interface, clearly stating, "This email may be a phishing attempt. Do not click the link." Actions taken by the user, such as deleting the message, are later sent to the server, contributing to improving the system's accuracy.
[0336] User Interface
[0337] The user interface is designed using JavaScript, HTML, and CSS, and visually displays warnings on the smartphone screen. Through this interface, users can quickly assess the danger of incoming messages and choose appropriate actions.
[0338] Specific example
[0339] For example, suppose a user receives a phishing email disguised as coming from a financial institution. If the email has a high risk score, the server's analysis engine will detect the danger, and a warning will be displayed on the smartphone screen. A possible prompt might read, "You have received a new email. Please analyze the sender information and links to assess the risk of phishing."
[0340] In this way, this system provides a powerful means of protecting users from malicious informational messages.
[0341] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0342] Step 1:
[0343] The terminal functions as an electronic communication device and receives new informational messages. The received messages include the message body, sender information, and reference information. This data is used as initial input data for processing.
[0344] Step 2:
[0345] The terminal extracts metadata from the received informational message and sends it to the server. This metadata includes a summary from the message body, the sender's email address, and reference information such as links and domain information. The extracted metadata becomes the input data for the next analysis.
[0346] Step 3:
[0347] The server receives this message and uses a generative AI model to analyze it. The generative AI model used is trained on Scikit-learn or TensorFlow and extracts features based on the message content and sender information to calculate a fraud risk score. This process yields the risk score as output.
[0348] Step 4:
[0349] The server uses the obtained risk score to compare it to a baseline value and determine whether the risk of fraud is high. If it exceeds the baseline value, it generates warning data and sends it to the terminal. The warning data becomes the input data for the next stage.
[0350] Step 5:
[0351] The terminal receives warning data from the server and displays a warning message via the user interface based on its content. Specifically, it displays a warning such as, "This email may be a phishing attempt. Do not click the link." This display constitutes the output of information that the user sees.
[0352] Step 6:
[0353] Users manage messages based on the warnings they receive. For example, they can choose actions such as deleting messages deemed dangerous, and these actions are recorded on their device. The recorded user actions serve as feedback data for the next stage.
[0354] Step 7:
[0355] The device collects user actions and sends that information back to the server. This feedback process allows the server to use it as real-world usage data to improve its analysis engine and retrain its machine learning models.
[0356] In this way, the system can assess the risks of informational messages in real time and efficiently provide appropriate warnings to users.
[0357] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0358] This invention optimizes the warning method by combining a system that effectively detects phishing scam threats within an electronic communication device and provides appropriate warnings to users based on those threats with an emotion engine that takes into account the user's emotional state.
[0359] This system activates when a user receives an electronic message on an electronic communication device. The terminal first sends data to the server to analyze the content of the received message and sender information. The server uses AI-based analysis tools to detect patterns that are characteristic of phishing scams. It then quantifies the likelihood of a phishing scam as a risk score, and if it exceeds a certain threshold, it is determined that there is a possibility of phishing.
[0360] Next, the emotion engine works to recognize the user's emotions. The emotion engine can detect emotions from the user's facial expressions and tone of voice through the camera and microphone. Based on this information, it determines the user's emotional state, such as tension, relaxation, or stress level.
[0361] For example, if a user receives a suspicious electronic message from a financial institution, the server might analyze the message and assign a high risk score. Furthermore, if the emotion engine detects tension in the user's facial expression, the device might display a warning message in a calm and easy-to-understand tone to help alleviate stress.
[0362] Users can review the warning message and choose to take action, such as deleting it without opening it. The user's actions and associated sentiment data are recorded and used to further improve the accuracy of phishing detection.
[0363] Thus, the objective of this invention is to provide an environment in which users can use electronic messages with peace of mind by utilizing an emotion engine to further protect users from phishing scams.
[0364] The following describes the processing flow.
[0365] Step 1:
[0366] The terminal receives an electronic message. The terminal temporarily stores the message content and sender information, preparing to send it to the server later.
[0367] Step 2:
[0368] The terminal sends the metadata of the electronic message to the server. The server starts analyzing the message based on the received data.
[0369] Step 3:
[0370] The server uses AI to analyze electronic messages. The server evaluates suspicious keywords, sender addresses, and links and domain information in the message body and calculates a risk score indicating the likelihood of a phishing scam.
[0371] Step 4:
[0372] The server checks the obtained risk score, and if the score exceeds the threshold, it determines that the risk of phishing is high.
[0373] Step 5:
[0374] The device activates an emotion engine to recognize the user's emotions. The emotion engine uses the device's camera and microphone to analyze the user's facial expressions and voice to determine their emotional state.
[0375] Step 6:
[0376] The emotion engine identifies the user's emotions. For example, if it analyzes that the user is in an anxious state, this information is used for the next processing step.
[0377] Step 7:
[0378] The device generates a warning message based on phishing risk information from the server and the results of the sentiment engine. The tone and wording of the warning are adjusted according to the user's emotional state.
[0379] Step 8:
[0380] The device displays a warning message to the user. This message uses calm language to convey a warning about phishing, allowing the user to remain calm and deal with the situation appropriately.
[0381] Step 9:
[0382] The user reviews the warning message and chooses an appropriate action, such as not opening the electronic message or deleting it. This action is recorded on the device.
[0383] Step 10:
[0384] The device reports user actions and sentiment data to the server, which is then used to further improve phishing detection algorithms.
[0385] (Example 2)
[0386] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0387] Conventional electronic communication devices cannot consider the user's emotional state when detecting fraudulent activities such as phishing scams, and the warning display is uniform, which may cause users to feel anxious or excessively lower their guard. In addition, there is a lack of mechanisms to efficiently utilize user behavior data for analysis, which limits the improvement of phishing detection accuracy.
[0388] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0389] In this invention, the server includes means for receiving electronic communications from electronic communication equipment and analyzing the content and sender information of the electronic communications; means for calculating a numerical value to evaluate the possibility of fraudulent activity; and means for detecting the user's emotional state and optimizing warnings based on that state. This makes it possible to provide flexible and appropriate warnings that take into account the user's emotions, allowing the user to use electronic communications with peace of mind. Furthermore, by recording the user's reactions and emotional data and using it for subsequent analysis, further improvements in phishing detection accuracy can be expected.
[0390] "Electronic communication equipment" refers to devices used to send and receive digital data between users, and includes, for example, smartphones and computers.
[0391] "Electronic communication" refers to communication methods that involve the exchange of information in a digital format, such as email and messaging platforms.
[0392] "Sender information" refers to data about the entity that sent the electronic communication, including, for example, its email address and domain name.
[0393] The "numerical value for evaluating the possibility of fraudulent activity" is an indicator that shows the risk of phishing scams and the like, calculated based on data analyzed by the server.
[0394] "User's emotional state" refers to the psychological and emotional state of an individual operating an electronic communication device, as judged from their facial expressions and voice.
[0395] "Optimizing warnings" means adjusting the content and presentation method of warning messages according to the user's emotional state and risk score.
[0396] A "generated model" is a digital model created using computational methods based on AI and machine learning techniques to perform data analysis processes.
[0397] A description of the embodiment for carrying out the invention will be provided.
[0398] This invention is an electronic communication system that detects phishing scams and issues appropriate warnings, taking into account the user's emotional state. Its specific configuration and operation are described below.
[0399] First, when a terminal receives an electronic communication, it automatically sends its content and sender information to the server. In this context, the term "terminal" refers to various electronic communication devices, specifically including common information processing devices such as smartphones and personal computers.
[0400] The server analyzes the received communications using AI analysis tools. This analysis can utilize known AI frameworks (e.g., TensorFlow or PyTorch). To assess the likelihood of fraud, the server searches for fraudulent characteristics in the transmitted information and calculates a numerical risk score based on these characteristics. For example, if the communication includes words like "free" or "urgent," the risk score will be set higher.
[0401] Next, the device activates an emotion engine to estimate the user's emotions via the camera and microphone. This emotion engine can analyze facial expressions using OpenCV and other image processing libraries. It also performs voice analysis on the user's voice tone to assess their level of tension and stress.
[0402] For example, consider a scenario where a user receives a suspicious email from a bank. The server analyzes the email and calculates a high risk score. Furthermore, the device's camera detects tension in the user's face. In this case, the device generates a warning message in a calm tone, such as, "This appears to be an important email, but caution is advised before reviewing its contents," and displays it to the user.
[0403] An example of a prompt message might be: "Calculate the risk score of the received email and create a warning message to reduce the user's anxiety."
[0404] In this way, the system provides warnings that take into account the user's feelings, thereby creating a safer electronic communication environment.
[0405] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0406] Step 1:
[0407] The user receives electronic communication on their device. The device then sends the content of this communication and the sender's information to the server. The input consists of the communication content and sender's information, which are encrypted and then sent to the server. Specifically, the device detects a new email, retrieves its detailed information, and prepares it for sending.
[0408] Step 2:
[0409] The server uses an AI analysis tool to analyze the received communication content and calculate a numerical value indicating the likelihood of fraudulent activity. The input is electronic communication content, and the AI analysis tool uses natural language processing and pattern matching to output a risk score. Here, the server identifies the characteristics of phishing scams hidden within the communication and classifies the risk level of the incident.
[0410] Step 3:
[0411] The device uses an emotion engine to detect the user's emotional state. Input includes the user's current image and audio information, which is then analyzed using an emotion analysis algorithm to output the appropriate emotion category. Specifically, the device activates its camera and microphone, captures the user's facial expressions and voice tone, and pre-processes this data for analysis.
[0412] Step 4:
[0413] The terminal combines the risk score from the server with the user's emotional state, which it detects itself, to generate and display a warning message. The input consists of the risk score and emotional state data. It uses prompts to generate the most appropriate warning message based on this combination and presents it to the user as output. Specifically, the terminal considers appropriate tone and word choice when displaying the warning.
[0414] Step 5:
[0415] The user reviews the warning message and selects the appropriate action. The input is the displayed warning message, and based on its content, the system outputs actions such as deleting the message or moving it to the spam folder. Specifically, the user follows the on-screen instructions and takes appropriate action.
[0416] Step 6:
[0417] The terminal records user behavior and emotional data and sends it to the server. The input consists of the user's selected actions and the emotional data associated with them. This process involves structuring and outputting this data for storage in a database. Here, the terminal organizes the behavior log and sends it to the server via communication.
[0418] (Application Example 2)
[0419] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0420] In modern electronic communications, phishing scams pose a significant threat to users. Existing security measures focus on detecting fraudulent messages, but they often fail to consider the user's emotional state, potentially increasing user stress. Therefore, it is necessary to not only accurately assess the risk of phishing scams but also to provide warnings optimized for the user's emotional state to effectively ensure user safety and peace of mind.
[0421] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0422] In this invention, the server includes means for analyzing electronic messages, means for calculating a phishing scam risk score, and emotion detection means for recognizing the user's emotional state. This makes it possible to evaluate the risk of phishing scams with high accuracy and provide an optimal warning message tailored to the user's emotional state.
[0423] "Electronic communication equipment" refers to all devices used to receive electronic messages and process related information.
[0424] "Phishing scams" refer to acts involving malicious electronic messages intended to illegally obtain confidential information from users.
[0425] A "risk score" is an index used to quantify and quantitatively evaluate the likelihood of a phishing scam.
[0426] "Emotion detection means" refers to a mechanism that analyzes the user's facial expressions and tone of voice to recognize their emotional state in real time.
[0427] A "warning message" refers to a notification that informs users of the possibility of a phishing scam and urges them to take precautions.
[0428] "Analysis accuracy" refers to the degree of accuracy and reliability in detecting phishing scams and recognizing the emotional state of users.
[0429] This invention constructs an advanced electronic communication system to protect users from phishing scams. This system operates on the user's personal communication device, i.e., terminal, and functions in conjunction with a cloud-based server.
[0430] The server uses AI analysis tools to analyze received electronic messages and calculate a phishing scam risk score. During this process, machine learning libraries (e.g., TensorFlow) are used to analyze message patterns and assess risk. Furthermore, the reliability of links and domains within messages is verified by cross-referencing them with known databases.
[0431] The emotion detection system built into the device uses a camera and microphone to analyze the user's facial expressions and voice tone in real time. This utilizes software libraries such as OpenCV and PyAudio to recognize the user's emotional state.
[0432] If a user receives a message that poses a high risk of phishing, the server generates a warning message based on the risk score and the user's emotional state. The warning message is tailored in tone and content to match the user's current emotional state and is designed to reduce stress.
[0433] For example, if a user receives a suspicious message disguised as coming from a bank, and the server determines the message is high-risk, it will detect that the user is in a stressed emotional state and display a warning in a gentle tone such as, "This message requires caution. Please respond calmly and carefully."
[0434] As a concrete example, a prompt message to the generating AI model could be something like, "Analyze the user's facial expression and tone of voice when they receive a phishing message, and then formulate the most appropriate warning message." In this way, the entire system can reduce the risk of phishing scams through user interaction and provide a safer communication environment.
[0435] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0436] Step 1:
[0437] The terminal receives an electronic message. It extracts the content of the received message and sender information and sends it to the server. The input is the electronic message and sender information, and the output is passed to the server as data for analysis. Upon receiving the data, the server prepares for message analysis.
[0438] Step 2:
[0439] The server uses an AI analysis tool (e.g., TensorFlow) based on the received data to calculate a phishing scam risk score. The input is the message data sent by the device, and the output is the risk score. The server analyzes the message content to see if it matches any known phishing patterns.
[0440] Step 3:
[0441] The server uses a database to compare links and domains contained in a message against known, trusted data. The input is the link and domain information within the message, and the output is the evaluation of their reliability. Based on this, an additional determination is made as to whether the message is secure.
[0442] Step 4:
[0443] The device uses a camera and microphone to collect the user's facial expressions and voice tone, and analyzes their emotional state. The input is the user's video and audio data, and the output is the result of the emotional state assessment. The device performs this process using analysis software (e.g., OpenCV, PyAudio).
[0444] Step 5:
[0445] The server generates a warning message for the user based on the risk score and the user's emotional state. The input is the risk score and emotional state data, and the output is an optimized warning message. The server adjusts the tone and content according to the user's emotions.
[0446] Step 6:
[0447] The user reviews the warning message displayed on the device. A final action is taken based on the user's actions (such as deleting the message or viewing details). The input is the warning message and the user's decision, and the output is recorded as the user's action. This data is used to improve the accuracy of subsequent analyses.
[0448] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0449] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0450] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart glasses 214.
[0451] [Third Embodiment]
[0452] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.
[0453] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.
[0454] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0455] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.
[0456] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0457] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0458] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0459] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0460] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0461] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0462] In the headset terminal 314, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0463] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the headset terminal 314 will be referred to as the "terminal".
[0464] This invention is a system that automatically detects the possibility that an electronic message received by an electronic communication device is a phishing scam and notifies the user of the warning. An embodiment thereof is described below.
[0465] First, a device receives an electronic message. This device can be any device connected to the internet, such as a smartphone or a personal computer. The received message includes the message body, sender information, and links or domain information.
[0466] The terminal sends metadata of the received electronic message to the server. The server has a powerful analysis engine that analyzes the message content and sender information in detail based on the received data. The analysis is performed using an AI model, which evaluates the likelihood of a phishing email based on a training dataset containing numerous phishing scam features.
[0467] As a concrete example, consider a case where a user receives an electronic message disguised as coming from a financial institution. The server analyzes this message to determine its authenticity, checking for specific keywords and unnatural links. It also checks if the link is registered in the database as a known malicious domain. If a match is found through the database check, the message is judged to be highly dangerous.
[0468] The server calculates an overall phishing risk score for the message, and if it exceeds a certain score, it sends a warning notification to the user's device. This notification is designed to grab the user's attention and displays specific warning messages such as, "This email is a phishing scam. Do not click on the link."
[0469] Upon receiving this warning, the user can choose not to open the link in the electronic message or to delete it. This action is recorded on the device and later reported to the server. The recorded data is used to improve the system's phishing detection accuracy.
[0470] In this way, the purpose of this system is to prevent damage from phishing scams and protect users' personal and financial information.
[0471] The following describes the processing flow.
[0472] Step 1:
[0473] The device receives an electronic message. The device temporarily stores the message body, sender information, and any included links or domains.
[0474] Step 2:
[0475] The device sends metadata of the electronic message it receives to the server. This is to provide the information necessary for analyzing the message.
[0476] Step 3:
[0477] The server inputs the received metadata into the AI model and begins analyzing the electronic message. Specifically, it extracts keywords from the message body, the sender's email address, and patterns of unnatural links and domains.
[0478] Step 4:
[0479] Based on the information analyzed by the server, it assesses the likelihood of a phishing scam and calculates a risk score. Here, the score is set according to the characteristics of known phishing emails, with higher scores being assigned accordingly.
[0480] Step 5:
[0481] The server compares links and domains contained in electronic messages against a database. If a known malicious domain is detected, the risk score is increased.
[0482] Step 6:
[0483] The server generates a warning message based on the risk score and sends it to the terminal. When the score exceeds a predetermined value, a warning is sent to the user to alert them.
[0484] Step 7:
[0485] The device displays a warning message to the user. For example, it might say, "This email may be a phishing attempt. Do not click the link."
[0486] Step 8:
[0487] Users acknowledge the warning and take action such as not opening the email or deleting it. This helps them avoid becoming victims of phishing scams.
[0488] Step 9:
[0489] The device records user actions and reports that data to the server. This allows for continuous improvement of the system's analysis accuracy.
[0490] (Example 1)
[0491] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0492] In recent years, fraudulent activities using electronic communications have become frequent, increasing the risk of leakage of personal and financial information. Conventional systems have limitations in the accuracy and speed of phishing scam detection, and many users may end up opening malicious links. To solve this problem, there is a need for technology that can detect phishing scams with higher accuracy and efficiency and provide appropriate warnings to users.
[0493] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0494] In this invention, the server includes processing means for analyzing the text and sender information of communication data, calculation means for calculating a risk score for fraudulent activity, and communication means for notifying the user of a warning. This makes it possible to evaluate with high accuracy whether the received communication data is a phishing scam and to promptly notify the user of a warning.
[0495] "Electronic communication equipment" refers to devices used to send and receive data over the internet, including smartphones, personal computers, and tablets.
[0496] "Communication data" refers to information transmitted and received via electronic communication devices, including text received through email and messaging applications, sender information, and link information.
[0497] "Analysis means" refers to functions installed to understand the content of communication data and execute processes to detect fraudulent elements, particularly functions that utilize AI models.
[0498] "Calculation means" refers to the function used to perform the process of calculating a risk score based on the evaluated data.
[0499] "Communication methods" refer to functions for providing warnings and notifications to users, including conveying risk information via pop-ups, screen displays, audio warnings, etc.
[0500] An "external database" refers to an external source of information used to compare information contained in communication data with known fraud-related data.
[0501] "Memory devices" refer to functions for saving user actions and recording information that can be used for later analysis and system improvement.
[0502] A "generative artificial intelligence model" refers to an AI model that learns from large amounts of data and is used to analyze communication data and identify characteristics of fraudulent activities.
[0503] To implement this invention, a terminal as an electronic communication device is first required. This terminal consists of an internet-connected device such as a smartphone, personal computer, or tablet. The terminal receives communication data using an email client or messaging application.
[0504] Next, the server receives and analyzes this communication data. The server is equipped with analysis tools, including a generative artificial intelligence model, to detect malicious elements, particularly patterns characteristic of fraudulent activity, based on the text and sender information of the communication data. At this stage, natural language processing techniques are used to attempt to understand the content of the message.
[0505] Furthermore, the server calculates a risk score based on the analysis results through a computational mechanism. This includes a process of comparing link and domain information contained in the communication data with an external database. Based on the comparison results, if the risk score exceeds a certain value, the server uses the communication mechanism to notify the terminal of a warning.
[0506] As a concrete example, let's consider a scenario where a user receives an email claiming to be from a bank. The server analyzes whether the links in this email are secure, and if they have any suspicious characteristics, it warns the user with a message saying, "This email may be a phishing attempt. Do not click the link."
[0507] Examples of prompts for a generative AI model:
[0508] "Please evaluate the security of this email. Analyze its contents and check for potential phishing attempts."
[0509] Finally, the device records the user's actions and reports them to the server. This recorded data is used to improve the accuracy of the AI model, enabling more precise detection of phishing scams.
[0510] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0511] Step 1:
[0512] The device receives an electronic message. The input includes communication data received via the internet. The message body, sender information, and link information are retrieved, and processing is performed to determine if the data is potentially a phishing email. At this stage, the data is stored in the device's inbox folder.
[0513] Step 2:
[0514] The terminal extracts metadata (sender address, link URL, header information, etc.) from the received message. This extracted metadata is the input, and this data is sent to the server. The terminal performs data filtering, and only the relevant data is transferred to the server.
[0515] Step 3:
[0516] Based on the metadata received by the server, data analysis is performed using a generative AI model. The AI model receives this input and utilizes natural language processing techniques to detect patterns that have phishing characteristics. This results in an output that understands the intent of the text content and identifies risk factors. Specifically, a machine learning algorithm evaluates the structure and relevance of the messages.
[0517] Step 4:
[0518] The server calculates a risk score for fraudulent activity based on the analyzed data. In this process, link and domain information is cross-referenced with an external database and used to identify potential fraud. The input is the analysis results, and the output is the risk score. The server performs calculations to numerically evaluate the likelihood of fraudulent activity.
[0519] Step 5:
[0520] The server sends a warning notification to the terminal if the risk score exceeds a predetermined value. In this case, the input is the evaluation result based on the score, and the output is a warning message. The server controls the user interface and sends notifications such as, "This email may be a phishing email. Do not click the link."
[0521] Step 6:
[0522] After receiving a warning, the user can choose to take actions such as not opening the link in the message or deleting it. This action is recorded as input on the device. The device then reports this action data to the server.
[0523] Step 7:
[0524] The server updates the AI model's training data based on recorded user behavior data, improving the accuracy of subsequent analyses. The input is the user's behavior record, and the output is the model's updated evaluation criteria. The server continuously improves accuracy through a feedback loop.
[0525] (Application Example 1)
[0526] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0527] With the advancement of information and communication technology, fraudulent activities attempting to illegally obtain personal information are on the rise. However, current security systems are inadequate in providing real-time notification of fraud risks, and there is a lack of adequate warnings to mitigate the risk of users clicking on malicious links. Therefore, there is a need for a system that accurately assesses the risk level of incoming messages and promptly notifies users of the warnings.
[0528] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0529] In this invention, the server includes means for an electronic communication device to acquire an informational message and analyze the content and sender information of the informational message; means for calculating a fraud risk score based on the analyzed information; and means for notifying the user of a warning if the risk score exceeds a threshold value. This makes it possible to evaluate the fraud risk of received informational messages in real time and provide a prompt warning before the user performs any fraudulent actions.
[0530] An "electronic communication device" is a communication device that has the function of acquiring information messages, and includes devices such as smartphones and personal computers.
[0531] An "informational message" refers to communication content, including text and images, acquired by electronic communication devices, and sent and received through email or messaging applications.
[0532] "Sender information" refers to identifying information about the person who sent the informational message, and includes data such as an email address and the domain name of the sender.
[0533] "Means of analysis" refers to the process or function used to analyze received informational messages and sender information to detect their content and specific characteristics.
[0534] The "fraud risk score" is a numerical evaluation of the likelihood of fraudulent activity occurring with respect to an informational message, and is an indicator of the probability that the message is fraudulent.
[0535] The "benchmark value" is the threshold that the fraud risk score must exceed, and it is the numerical value that serves as the standard for issuing a warning to the user if this value is exceeded.
[0536] A "user" is a person who operates an electronic communication device and is the user who responds to the informational message received.
[0537] "Means of notifying warnings" refer to functions or devices that alert users to risks when the risk score exceeds a certain threshold, and provide warnings visually or audibly.
[0538] A "mobile security application" is a software program installed on a portable information device to detect fraud risks.
[0539] "Reference information" refers to identifying information such as web links and file paths included in an informational message, and is data that instructs access to external resources.
[0540] "Domain" refers to a specific location or domain on the internet, and is a term that indicates the scope of what reference information points to.
[0541] A "data bank" is a database system that stores and manages known information, and is a device for storing records that include information on fraudulent activities and malicious websites.
[0542] "Means for recording actions and using them for subsequent analysis" refers to a process that collects user actions as data and makes them available for reference during future analysis.
[0543] "Means of visualizing notifications" refers to means of visually indicating warnings to users, specifically methods of displaying alerts on the screen of a mobile device.
[0544] The system for implementing this invention mainly consists of a server, an electronic communication device (terminal), and a user interface. Specific embodiments of each component are described below.
[0545] server
[0546] The server receives metadata of incoming messages sent from electronic communication devices. This metadata includes the message body, sender information, and reference information. Based on this data, the server leverages a powerful analysis engine and a generative AI model to assess the message's fraud risk. This analysis engine uses machine learning software such as Scikit-learn and TensorFlow, and is based on a large training dataset with phishing scam characteristics. The server calculates a risk score based on the analysis results, and if it exceeds a certain threshold, it sends data to the device to issue a warning.
[0547] Electronic communication devices (terminals)
[0548] The device notifies the user of a warning based on information received from the server. A smartphone with the application installed is a specific example. The device displays a warning message on the user interface, clearly stating, "This email may be a phishing attempt. Do not click the link." Actions taken by the user, such as deleting the message, are later sent to the server, contributing to improving the system's accuracy.
[0549] User Interface
[0550] The user interface is designed using JavaScript, HTML, and CSS, and visually displays warnings on the smartphone screen. Through this interface, users can quickly assess the danger of incoming messages and choose appropriate actions.
[0551] Specific example
[0552] For example, suppose a user receives a phishing email disguised as coming from a financial institution. If the email has a high risk score, the server's analysis engine will detect the danger, and a warning will be displayed on the smartphone screen. A possible prompt might read, "You have received a new email. Please analyze the sender information and links to assess the risk of phishing."
[0553] In this way, this system provides a powerful means of protecting users from malicious informational messages.
[0554] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0555] Step 1:
[0556] The terminal functions as an electronic communication device and receives new informational messages. The received messages include the message body, sender information, and reference information. This data is used as initial input data for processing.
[0557] Step 2:
[0558] The terminal extracts metadata from the received informational message and sends it to the server. This metadata includes a summary from the message body, the sender's email address, and reference information such as links and domain information. The extracted metadata becomes the input data for the next analysis.
[0559] Step 3:
[0560] The server receives this message and uses a generative AI model to analyze it. The generative AI model used is trained on Scikit-learn or TensorFlow and extracts features based on the message content and sender information to calculate a fraud risk score. This process yields the risk score as output.
[0561] Step 4:
[0562] The server uses the obtained risk score to compare it to a baseline value and determine whether the risk of fraud is high. If it exceeds the baseline value, it generates warning data and sends it to the terminal. The warning data becomes the input data for the next stage.
[0563] Step 5:
[0564] The terminal receives warning data from the server and displays a warning message via the user interface based on its content. Specifically, it displays a warning such as, "This email may be a phishing attempt. Do not click the link." This display constitutes the output of information that the user sees.
[0565] Step 6:
[0566] Users manage messages based on the warnings they receive. For example, they can choose actions such as deleting messages deemed dangerous, and these actions are recorded on their device. The recorded user actions serve as feedback data for the next stage.
[0567] Step 7:
[0568] The device collects user actions and sends that information back to the server. This feedback process allows the server to use it as real-world usage data to improve its analysis engine and retrain its machine learning models.
[0569] In this way, the system can assess the risks of informational messages in real time and efficiently provide appropriate warnings to users.
[0570] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0571] This invention optimizes the warning method by combining a system that effectively detects phishing scam threats within an electronic communication device and provides appropriate warnings to users based on those threats with an emotion engine that takes into account the user's emotional state.
[0572] This system activates when a user receives an electronic message on an electronic communication device. The terminal first sends data to the server to analyze the content of the received message and sender information. The server uses AI-based analysis tools to detect patterns that are characteristic of phishing scams. It then quantifies the likelihood of a phishing scam as a risk score, and if it exceeds a certain threshold, it is determined that there is a possibility of phishing.
[0573] Next, the emotion engine works to recognize the user's emotions. The emotion engine can detect emotions from the user's facial expressions and tone of voice through the camera and microphone. Based on this information, it determines the user's emotional state, such as tension, relaxation, or stress level.
[0574] For example, if a user receives a suspicious electronic message from a financial institution, the server might analyze the message and assign a high risk score. Furthermore, if the emotion engine detects tension in the user's facial expression, the device might display a warning message in a calm and easy-to-understand tone to help alleviate stress.
[0575] Users can review the warning message and choose to take action, such as deleting it without opening it. The user's actions and associated sentiment data are recorded and used to further improve the accuracy of phishing detection.
[0576] Thus, the objective of this invention is to provide an environment in which users can use electronic messages with peace of mind by utilizing an emotion engine to further protect users from phishing scams.
[0577] The following describes the processing flow.
[0578] Step 1:
[0579] The terminal receives an electronic message. The terminal temporarily stores the message content and sender information, preparing to send it to the server later.
[0580] Step 2:
[0581] The terminal sends the metadata of the electronic message to the server. The server starts analyzing the message based on the received data.
[0582] Step 3:
[0583] The server uses AI to analyze electronic messages. The server evaluates suspicious keywords, sender addresses, and links and domain information in the message body and calculates a risk score indicating the likelihood of a phishing scam.
[0584] Step 4:
[0585] The server checks the obtained risk score, and if the score exceeds the threshold, it determines that the risk of phishing is high.
[0586] Step 5:
[0587] The device activates an emotion engine to recognize the user's emotions. The emotion engine uses the device's camera and microphone to analyze the user's facial expressions and voice to determine their emotional state.
[0588] Step 6:
[0589] The emotion engine identifies the user's emotions. For example, if it analyzes that the user is in an anxious state, this information is used for the next processing step.
[0590] Step 7:
[0591] The device generates a warning message based on phishing risk information from the server and the results of the sentiment engine. The tone and wording of the warning are adjusted according to the user's emotional state.
[0592] Step 8:
[0593] The device displays a warning message to the user. This message uses calm language to convey a warning about phishing, allowing the user to remain calm and deal with the situation appropriately.
[0594] Step 9:
[0595] The user reviews the warning message and chooses an appropriate action, such as not opening the electronic message or deleting it. This action is recorded on the device.
[0596] Step 10:
[0597] The device reports user actions and sentiment data to the server, which is then used to further improve phishing detection algorithms.
[0598] (Example 2)
[0599] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0600] Conventional electronic communication devices cannot consider the user's emotional state when detecting fraudulent activities such as phishing scams, and the warning display is uniform, which may cause users to feel anxious or excessively lower their guard. In addition, there is a lack of mechanisms to efficiently utilize user behavior data for analysis, which limits the improvement of phishing detection accuracy.
[0601] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0602] In this invention, the server includes means for receiving electronic communications from electronic communication equipment and analyzing the content and sender information of the electronic communications; means for calculating a numerical value to evaluate the possibility of fraudulent activity; and means for detecting the user's emotional state and optimizing warnings based on that state. This makes it possible to provide flexible and appropriate warnings that take into account the user's emotions, allowing the user to use electronic communications with peace of mind. Furthermore, by recording the user's reactions and emotional data and using it for subsequent analysis, further improvements in phishing detection accuracy can be expected.
[0603] "Electronic communication equipment" refers to devices used to send and receive digital data between users, and includes, for example, smartphones and computers.
[0604] "Electronic communication" refers to communication methods that involve the exchange of information in a digital format, such as email and messaging platforms.
[0605] "Sender information" refers to data about the entity that sent the electronic communication, including, for example, its email address and domain name.
[0606] The "numerical value for evaluating the possibility of fraudulent activity" is an indicator that shows the risk of phishing scams and the like, calculated based on data analyzed by the server.
[0607] "User's emotional state" refers to the psychological and emotional state of an individual operating an electronic communication device, as judged from their facial expressions and voice.
[0608] "Optimizing warnings" means adjusting the content and presentation method of warning messages according to the user's emotional state and risk score.
[0609] A "generated model" is a digital model created using computational methods based on AI and machine learning techniques to perform data analysis processes.
[0610] A description of the embodiment for carrying out the invention will be provided.
[0611] This invention is an electronic communication system that detects phishing scams and issues appropriate warnings, taking into account the user's emotional state. Its specific configuration and operation are described below.
[0612] First, when a terminal receives an electronic communication, it automatically sends its content and sender information to the server. In this context, the term "terminal" refers to various electronic communication devices, specifically including common information processing devices such as smartphones and personal computers.
[0613] The server analyzes the received communications using AI analysis tools. This analysis can utilize known AI frameworks (e.g., TensorFlow or PyTorch). To assess the likelihood of fraud, the server searches for fraudulent characteristics in the transmitted information and calculates a numerical risk score based on these characteristics. For example, if the communication includes words like "free" or "urgent," the risk score will be set higher.
[0614] Next, the device activates an emotion engine to estimate the user's emotions via the camera and microphone. This emotion engine can analyze facial expressions using OpenCV and other image processing libraries. It also performs voice analysis on the user's voice tone to assess their level of tension and stress.
[0615] For example, consider a scenario where a user receives a suspicious email from a bank. The server analyzes the email and calculates a high risk score. Furthermore, the device's camera detects tension in the user's face. In this case, the device generates a warning message in a calm tone, such as, "This appears to be an important email, but caution is advised before reviewing its contents," and displays it to the user.
[0616] An example of a prompt message might be: "Calculate the risk score of the received email and create a warning message to reduce the user's anxiety."
[0617] In this way, the system provides warnings that take into account the user's feelings, thereby creating a safer electronic communication environment.
[0618] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0619] Step 1:
[0620] The user receives electronic communication on their device. The device then sends the content of this communication and the sender's information to the server. The input consists of the communication content and sender's information, which are encrypted and then sent to the server. Specifically, the device detects a new email, retrieves its detailed information, and prepares it for sending.
[0621] Step 2:
[0622] The server uses an AI analysis tool to analyze the received communication content and calculate a numerical value indicating the likelihood of fraudulent activity. The input is electronic communication content, and the AI analysis tool uses natural language processing and pattern matching to output a risk score. Here, the server identifies the characteristics of phishing scams hidden within the communication and classifies the risk level of the incident.
[0623] Step 3:
[0624] The device uses an emotion engine to detect the user's emotional state. Input includes the user's current image and audio information, which is then analyzed using an emotion analysis algorithm to output the appropriate emotion category. Specifically, the device activates its camera and microphone, captures the user's facial expressions and voice tone, and pre-processes this data for analysis.
[0625] Step 4:
[0626] The terminal combines the risk score from the server with the user's emotional state, which it detects itself, to generate and display a warning message. The input consists of the risk score and emotional state data. It uses prompts to generate the most appropriate warning message based on this combination and presents it to the user as output. Specifically, the terminal considers appropriate tone and word choice when displaying the warning.
[0627] Step 5:
[0628] The user reviews the warning message and selects the appropriate action. The input is the displayed warning message, and based on its content, the system outputs actions such as deleting the message or moving it to the spam folder. Specifically, the user follows the on-screen instructions and takes appropriate action.
[0629] Step 6:
[0630] The terminal records user behavior and emotional data and sends it to the server. The input consists of the user's selected actions and the emotional data associated with them. This process involves structuring and outputting this data for storage in a database. Here, the terminal organizes the behavior log and sends it to the server via communication.
[0631] (Application Example 2)
[0632] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0633] In modern electronic communications, phishing scams pose a significant threat to users. Existing security measures focus on detecting fraudulent messages, but they often fail to consider the user's emotional state, potentially increasing user stress. Therefore, it is necessary to not only accurately assess the risk of phishing scams but also to provide warnings optimized for the user's emotional state to effectively ensure user safety and peace of mind.
[0634] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0635] In this invention, the server includes means for analyzing electronic messages, means for calculating a phishing scam risk score, and emotion detection means for recognizing the user's emotional state. This makes it possible to evaluate the risk of phishing scams with high accuracy and provide an optimal warning message tailored to the user's emotional state.
[0636] "Electronic communication equipment" refers to all devices used to receive electronic messages and process related information.
[0637] "Phishing scams" refer to acts involving malicious electronic messages intended to illegally obtain confidential information from users.
[0638] A "risk score" is an index used to quantify and quantitatively evaluate the likelihood of a phishing scam.
[0639] "Emotion detection means" refers to a mechanism that analyzes the user's facial expressions and tone of voice to recognize their emotional state in real time.
[0640] A "warning message" refers to a notification that informs users of the possibility of a phishing scam and urges them to take precautions.
[0641] "Analysis accuracy" refers to the degree of accuracy and reliability in detecting phishing scams and recognizing the emotional state of users.
[0642] This invention constructs an advanced electronic communication system to protect users from phishing scams. This system operates on the user's personal communication device, i.e., terminal, and functions in conjunction with a cloud-based server.
[0643] The server uses AI analysis tools to analyze received electronic messages and calculate a phishing scam risk score. During this process, machine learning libraries (e.g., TensorFlow) are used to analyze message patterns and assess risk. Furthermore, the reliability of links and domains within messages is verified by cross-referencing them with known databases.
[0644] The emotion detection system built into the device uses a camera and microphone to analyze the user's facial expressions and voice tone in real time. This utilizes software libraries such as OpenCV and PyAudio to recognize the user's emotional state.
[0645] If a user receives a message that poses a high risk of phishing, the server generates a warning message based on the risk score and the user's emotional state. The warning message is tailored in tone and content to match the user's current emotional state and is designed to reduce stress.
[0646] For example, if a user receives a suspicious message disguised as coming from a bank, and the server determines the message is high-risk, it will detect that the user is in a stressed emotional state and display a warning in a gentle tone such as, "This message requires caution. Please respond calmly and carefully."
[0647] As a concrete example, a prompt message to the generating AI model could be something like, "Analyze the user's facial expression and tone of voice when they receive a phishing message, and then formulate the most appropriate warning message." In this way, the entire system can reduce the risk of phishing scams through user interaction and provide a safer communication environment.
[0648] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0649] Step 1:
[0650] The terminal receives an electronic message. It extracts the content of the received message and sender information and sends it to the server. The input is the electronic message and sender information, and the output is passed to the server as data for analysis. Upon receiving the data, the server prepares for message analysis.
[0651] Step 2:
[0652] The server uses an AI analysis tool (e.g., TensorFlow) based on the received data to calculate a phishing scam risk score. The input is the message data sent by the device, and the output is the risk score. The server analyzes the message content to see if it matches any known phishing patterns.
[0653] Step 3:
[0654] The server uses a database to compare links and domains contained in a message against known, trusted data. The input is the link and domain information within the message, and the output is the evaluation of their reliability. Based on this, an additional determination is made as to whether the message is secure.
[0655] Step 4:
[0656] The device uses a camera and microphone to collect the user's facial expressions and voice tone, and analyzes their emotional state. The input is the user's video and audio data, and the output is the result of the emotional state assessment. The device performs this process using analysis software (e.g., OpenCV, PyAudio).
[0657] Step 5:
[0658] The server generates a warning message for the user based on the risk score and the user's emotional state. The input is the risk score and emotional state data, and the output is an optimized warning message. The server adjusts the tone and content according to the user's emotions.
[0659] Step 6:
[0660] The user reviews the warning message displayed on the device. A final action is taken based on the user's actions (such as deleting the message or viewing details). The input is the warning message and the user's decision, and the output is recorded as the user's action. This data is used to improve the accuracy of subsequent analyses.
[0661] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0662] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0663] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and specific processing may also be performed by the headset terminal 314.
[0664] [Fourth Embodiment]
[0665] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.
[0666] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.
[0667] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0668] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.
[0669] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0670] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0671] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0672] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. Furthermore, the robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.
[0673] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0674] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0675] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0676] In robot 414, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0677] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0678] This invention is a system that automatically detects the possibility that an electronic message received by an electronic communication device is a phishing scam and notifies the user of the warning. An embodiment thereof is described below.
[0679] First, a device receives an electronic message. This device can be any device connected to the internet, such as a smartphone or a personal computer. The received message includes the message body, sender information, and links or domain information.
[0680] The terminal sends metadata of the received electronic message to the server. The server has a powerful analysis engine that analyzes the message content and sender information in detail based on the received data. The analysis is performed using an AI model, which evaluates the likelihood of a phishing email based on a training dataset containing numerous phishing scam features.
[0681] As a concrete example, consider a case where a user receives an electronic message disguised as coming from a financial institution. The server analyzes this message to determine its authenticity, checking for specific keywords and unnatural links. It also checks if the link is registered in the database as a known malicious domain. If a match is found through the database check, the message is judged to be highly dangerous.
[0682] The server calculates an overall phishing risk score for the message, and if it exceeds a certain score, it sends a warning notification to the user's device. This notification is designed to grab the user's attention and displays specific warning messages such as, "This email is a phishing scam. Do not click on the link."
[0683] Upon receiving this warning, the user can choose not to open the link in the electronic message or to delete it. This action is recorded on the device and later reported to the server. The recorded data is used to improve the system's phishing detection accuracy.
[0684] In this way, the purpose of this system is to prevent damage from phishing scams and protect users' personal and financial information.
[0685] The following describes the processing flow.
[0686] Step 1:
[0687] The device receives an electronic message. The device temporarily stores the message body, sender information, and any included links or domains.
[0688] Step 2:
[0689] The device sends metadata of the electronic message it receives to the server. This is to provide the information necessary for analyzing the message.
[0690] Step 3:
[0691] The server inputs the received metadata into the AI model and begins analyzing the electronic message. Specifically, it extracts keywords from the message body, the sender's email address, and patterns of unnatural links and domains.
[0692] Step 4:
[0693] Based on the information analyzed by the server, it assesses the likelihood of a phishing scam and calculates a risk score. Here, the score is set according to the characteristics of known phishing emails, with higher scores being assigned accordingly.
[0694] Step 5:
[0695] The server compares links and domains contained in electronic messages against a database. If a known malicious domain is detected, the risk score is increased.
[0696] Step 6:
[0697] The server generates a warning message based on the risk score and sends it to the terminal. When the score exceeds a predetermined value, a warning is sent to the user to alert them.
[0698] Step 7:
[0699] The device displays a warning message to the user. For example, it might say, "This email may be a phishing attempt. Do not click the link."
[0700] Step 8:
[0701] Users acknowledge the warning and take action such as not opening the email or deleting it. This helps them avoid becoming victims of phishing scams.
[0702] Step 9:
[0703] The device records user actions and reports that data to the server. This allows for continuous improvement of the system's analysis accuracy.
[0704] (Example 1)
[0705] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0706] In recent years, fraudulent activities using electronic communications have become frequent, increasing the risk of leakage of personal and financial information. Conventional systems have limitations in the accuracy and speed of phishing scam detection, and many users may end up opening malicious links. To solve this problem, there is a need for technology that can detect phishing scams with higher accuracy and efficiency and provide appropriate warnings to users.
[0707] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0708] In this invention, the server includes processing means for analyzing the text and sender information of communication data, calculation means for calculating a risk score for fraudulent activity, and communication means for notifying the user of a warning. This makes it possible to evaluate with high accuracy whether the received communication data is a phishing scam and to promptly notify the user of a warning.
[0709] "Electronic communication equipment" refers to devices used to send and receive data over the internet, including smartphones, personal computers, and tablets.
[0710] "Communication data" refers to information transmitted and received via electronic communication devices, including text received through email and messaging applications, sender information, and link information.
[0711] "Analysis means" refers to functions installed to understand the content of communication data and execute processes to detect fraudulent elements, particularly functions that utilize AI models.
[0712] "Calculation means" refers to the function used to perform the process of calculating a risk score based on the evaluated data.
[0713] "Communication methods" refer to functions for providing warnings and notifications to users, including conveying risk information via pop-ups, screen displays, audio warnings, etc.
[0714] An "external database" refers to an external source of information used to compare information contained in communication data with known fraud-related data.
[0715] "Memory devices" refer to functions for saving user actions and recording information that can be used for later analysis and system improvement.
[0716] A "generative artificial intelligence model" refers to an AI model that learns from large amounts of data and is used to analyze communication data and identify characteristics of fraudulent activities.
[0717] To implement this invention, a terminal as an electronic communication device is first required. This terminal consists of an internet-connected device such as a smartphone, personal computer, or tablet. The terminal receives communication data using an email client or messaging application.
[0718] Next, the server receives and analyzes this communication data. The server is equipped with analysis tools, including a generative artificial intelligence model, to detect malicious elements, particularly patterns characteristic of fraudulent activity, based on the text and sender information of the communication data. At this stage, natural language processing techniques are used to attempt to understand the content of the message.
[0719] Furthermore, the server calculates a risk score based on the analysis results through a computational mechanism. This includes a process of comparing link and domain information contained in the communication data with an external database. Based on the comparison results, if the risk score exceeds a certain value, the server uses the communication mechanism to notify the terminal of a warning.
[0720] As a concrete example, let's consider a scenario where a user receives an email claiming to be from a bank. The server analyzes whether the links in this email are secure, and if they have any suspicious characteristics, it warns the user with a message saying, "This email may be a phishing attempt. Do not click the link."
[0721] Examples of prompts for a generative AI model:
[0722] "Please evaluate the security of this email. Analyze its contents and check for potential phishing attempts."
[0723] Finally, the device records the user's actions and reports them to the server. This recorded data is used to improve the accuracy of the AI model, enabling more precise detection of phishing scams.
[0724] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0725] Step 1:
[0726] The device receives an electronic message. The input includes communication data received via the internet. The message body, sender information, and link information are retrieved, and processing is performed to determine if the data is potentially a phishing email. At this stage, the data is stored in the device's inbox folder.
[0727] Step 2:
[0728] The terminal extracts metadata (sender address, link URL, header information, etc.) from the received message. This extracted metadata is the input, and this data is sent to the server. The terminal performs data filtering, and only the relevant data is transferred to the server.
[0729] Step 3:
[0730] Based on the metadata received by the server, data analysis is performed using a generative AI model. The AI model receives this input and utilizes natural language processing techniques to detect patterns that have phishing characteristics. This results in an output that understands the intent of the text content and identifies risk factors. Specifically, a machine learning algorithm evaluates the structure and relevance of the messages.
[0731] Step 4:
[0732] The server calculates a risk score for fraudulent activity based on the analyzed data. In this process, link and domain information is cross-referenced with an external database and used to identify potential fraud. The input is the analysis results, and the output is the risk score. The server performs calculations to numerically evaluate the likelihood of fraudulent activity.
[0733] Step 5:
[0734] The server sends a warning notification to the terminal if the risk score exceeds a predetermined value. In this case, the input is the evaluation result based on the score, and the output is a warning message. The server controls the user interface and sends notifications such as, "This email may be a phishing email. Do not click the link."
[0735] Step 6:
[0736] After receiving a warning, the user can choose to take actions such as not opening the link in the message or deleting it. This action is recorded as input on the device. The device then reports this action data to the server.
[0737] Step 7:
[0738] The server updates the AI model's training data based on recorded user behavior data, improving the accuracy of subsequent analyses. The input is the user's behavior record, and the output is the model's updated evaluation criteria. The server continuously improves accuracy through a feedback loop.
[0739] (Application Example 1)
[0740] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0741] With the advancement of information and communication technology, fraudulent activities attempting to illegally obtain personal information are on the rise. However, current security systems are inadequate in providing real-time notification of fraud risks, and there is a lack of adequate warnings to mitigate the risk of users clicking on malicious links. Therefore, there is a need for a system that accurately assesses the risk level of incoming messages and promptly notifies users of the warnings.
[0742] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0743] In this invention, the server includes means for an electronic communication device to acquire an informational message and analyze the content and sender information of the informational message; means for calculating a fraud risk score based on the analyzed information; and means for notifying the user of a warning if the risk score exceeds a threshold value. This makes it possible to evaluate the fraud risk of received informational messages in real time and provide a prompt warning before the user performs any fraudulent actions.
[0744] An "electronic communication device" is a communication device that has the function of acquiring information messages, and includes devices such as smartphones and personal computers.
[0745] An "informational message" refers to communication content, including text and images, acquired by electronic communication devices, and sent and received through email or messaging applications.
[0746] "Sender information" refers to identifying information about the person who sent the informational message, and includes data such as an email address and the domain name of the sender.
[0747] "Means of analysis" refers to the process or function used to analyze received informational messages and sender information to detect their content and specific characteristics.
[0748] The "fraud risk score" is a numerical evaluation of the likelihood of fraudulent activity occurring with respect to an informational message, and is an indicator of the probability that the message is fraudulent.
[0749] The "benchmark value" is the threshold that the fraud risk score must exceed, and it is the numerical value that serves as the standard for issuing a warning to the user if this value is exceeded.
[0750] A "user" is a person who operates an electronic communication device and is the user who responds to the informational message received.
[0751] "Means of notifying warnings" refer to functions or devices that alert users to risks when the risk score exceeds a certain threshold, and provide warnings visually or audibly.
[0752] A "mobile security application" is a software program installed on a portable information device to detect fraud risks.
[0753] "Reference information" refers to identifying information such as web links and file paths included in an informational message, and is data that instructs access to external resources.
[0754] "Domain" refers to a specific location or domain on the internet, and is a term that indicates the scope of what reference information points to.
[0755] A "data bank" is a database system that stores and manages known information, and is a device for storing records that include information on fraudulent activities and malicious websites.
[0756] "Means for recording actions and using them for subsequent analysis" refers to a process that collects user actions as data and makes them available for reference during future analysis.
[0757] "Means of visualizing notifications" refers to means of visually indicating warnings to users, specifically methods of displaying alerts on the screen of a mobile device.
[0758] The system for implementing this invention mainly consists of a server, an electronic communication device (terminal), and a user interface. Specific embodiments of each component are described below.
[0759] server
[0760] The server receives metadata of incoming messages sent from electronic communication devices. This metadata includes the message body, sender information, and reference information. Based on this data, the server leverages a powerful analysis engine and a generative AI model to assess the message's fraud risk. This analysis engine uses machine learning software such as Scikit-learn and TensorFlow, and is based on a large training dataset with phishing scam characteristics. The server calculates a risk score based on the analysis results, and if it exceeds a certain threshold, it sends data to the device to issue a warning.
[0761] Electronic communication devices (terminals)
[0762] The device notifies the user of a warning based on information received from the server. A smartphone with the application installed is a specific example. The device displays a warning message on the user interface, clearly stating, "This email may be a phishing attempt. Do not click the link." Actions taken by the user, such as deleting the message, are later sent to the server, contributing to improving the system's accuracy.
[0763] User Interface
[0764] The user interface is designed using JavaScript, HTML, and CSS, and visually displays warnings on the smartphone screen. Through this interface, users can quickly assess the danger of incoming messages and choose appropriate actions.
[0765] Specific example
[0766] For example, suppose a user receives a phishing email disguised as coming from a financial institution. If the email has a high risk score, the server's analysis engine will detect the danger, and a warning will be displayed on the smartphone screen. A possible prompt might read, "You have received a new email. Please analyze the sender information and links to assess the risk of phishing."
[0767] In this way, this system provides a powerful means of protecting users from malicious informational messages.
[0768] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0769] Step 1:
[0770] The terminal functions as an electronic communication device and receives new informational messages. The received messages include the message body, sender information, and reference information. This data is used as initial input data for processing.
[0771] Step 2:
[0772] The terminal extracts metadata from the received informational message and sends it to the server. This metadata includes a summary from the message body, the sender's email address, and reference information such as links and domain information. The extracted metadata becomes the input data for the next analysis.
[0773] Step 3:
[0774] The server receives this message and uses a generative AI model to analyze it. The generative AI model used is trained on Scikit-learn or TensorFlow and extracts features based on the message content and sender information to calculate a fraud risk score. This process yields the risk score as output.
[0775] Step 4:
[0776] The server uses the obtained risk score to compare it to a baseline value and determine whether the risk of fraud is high. If it exceeds the baseline value, it generates warning data and sends it to the terminal. The warning data becomes the input data for the next stage.
[0777] Step 5:
[0778] The terminal receives warning data from the server and displays a warning message via the user interface based on its content. Specifically, it displays a warning such as, "This email may be a phishing attempt. Do not click the link." This display constitutes the output of information that the user sees.
[0779] Step 6:
[0780] Users manage messages based on the warnings they receive. For example, they can choose actions such as deleting messages deemed dangerous, and these actions are recorded on their device. The recorded user actions serve as feedback data for the next stage.
[0781] Step 7:
[0782] The device collects user actions and sends that information back to the server. This feedback process allows the server to use it as real-world usage data to improve its analysis engine and retrain its machine learning models.
[0783] In this way, the system can assess the risks of informational messages in real time and efficiently provide appropriate warnings to users.
[0784] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0785] This invention optimizes the warning method by combining a system that effectively detects phishing scam threats within an electronic communication device and provides appropriate warnings to users based on those threats with an emotion engine that takes into account the user's emotional state.
[0786] This system activates when a user receives an electronic message on an electronic communication device. The terminal first sends data to the server to analyze the content of the received message and sender information. The server uses AI-based analysis tools to detect patterns that are characteristic of phishing scams. It then quantifies the likelihood of a phishing scam as a risk score, and if it exceeds a certain threshold, it is determined that there is a possibility of phishing.
[0787] Next, the emotion engine works to recognize the user's emotions. The emotion engine can detect emotions from the user's facial expressions and tone of voice through the camera and microphone. Based on this information, it determines the user's emotional state, such as tension, relaxation, or stress level.
[0788] For example, if a user receives a suspicious electronic message from a financial institution, the server might analyze the message and assign a high risk score. Furthermore, if the emotion engine detects tension in the user's facial expression, the device might display a warning message in a calm and easy-to-understand tone to help alleviate stress.
[0789] Users can review the warning message and choose to take action, such as deleting it without opening it. The user's actions and associated sentiment data are recorded and used to further improve the accuracy of phishing detection.
[0790] Thus, the objective of this invention is to provide an environment in which users can use electronic messages with peace of mind by utilizing an emotion engine to further protect users from phishing scams.
[0791] The following describes the processing flow.
[0792] Step 1:
[0793] The terminal receives an electronic message. The terminal temporarily stores the message content and sender information, preparing to send it to the server later.
[0794] Step 2:
[0795] The terminal sends the metadata of the electronic message to the server. The server starts analyzing the message based on the received data.
[0796] Step 3:
[0797] The server uses AI to analyze electronic messages. The server evaluates suspicious keywords, sender addresses, and links and domain information in the message body and calculates a risk score indicating the likelihood of a phishing scam.
[0798] Step 4:
[0799] The server checks the obtained risk score, and if the score exceeds the threshold, it determines that the risk of phishing is high.
[0800] Step 5:
[0801] The device activates an emotion engine to recognize the user's emotions. The emotion engine uses the device's camera and microphone to analyze the user's facial expressions and voice to determine their emotional state.
[0802] Step 6:
[0803] The emotion engine identifies the user's emotions. For example, if it analyzes that the user is in an anxious state, this information is used for the next processing step.
[0804] Step 7:
[0805] The device generates a warning message based on phishing risk information from the server and the results of the sentiment engine. The tone and wording of the warning are adjusted according to the user's emotional state.
[0806] Step 8:
[0807] The device displays a warning message to the user. This message uses calm language to convey a warning about phishing, allowing the user to remain calm and deal with the situation appropriately.
[0808] Step 9:
[0809] The user reviews the warning message and chooses an appropriate action, such as not opening the electronic message or deleting it. This action is recorded on the device.
[0810] Step 10:
[0811] The device reports user actions and sentiment data to the server, which is then used to further improve phishing detection algorithms.
[0812] (Example 2)
[0813] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0814] Conventional electronic communication devices cannot consider the user's emotional state when detecting fraudulent activities such as phishing scams, and the warning display is uniform, which may cause users to feel anxious or excessively lower their guard. In addition, there is a lack of mechanisms to efficiently utilize user behavior data for analysis, which limits the improvement of phishing detection accuracy.
[0815] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0816] In this invention, the server includes means for receiving electronic communications from electronic communication equipment and analyzing the content and sender information of the electronic communications; means for calculating a numerical value to evaluate the possibility of fraudulent activity; and means for detecting the user's emotional state and optimizing warnings based on that state. This makes it possible to provide flexible and appropriate warnings that take into account the user's emotions, allowing the user to use electronic communications with peace of mind. Furthermore, by recording the user's reactions and emotional data and using it for subsequent analysis, further improvements in phishing detection accuracy can be expected.
[0817] "Electronic communication equipment" refers to devices used to send and receive digital data between users, and includes, for example, smartphones and computers.
[0818] "Electronic communication" refers to communication methods that involve the exchange of information in a digital format, such as email and messaging platforms.
[0819] "Sender information" refers to data about the entity that sent the electronic communication, including, for example, its email address and domain name.
[0820] The "numerical value for evaluating the possibility of fraudulent activity" is an indicator that shows the risk of phishing scams and the like, calculated based on data analyzed by the server.
[0821] "User's emotional state" refers to the psychological and emotional state of an individual operating an electronic communication device, as judged from their facial expressions and voice.
[0822] "Optimizing warnings" means adjusting the content and presentation method of warning messages according to the user's emotional state and risk score.
[0823] A "generated model" is a digital model created using computational methods based on AI and machine learning techniques to perform data analysis processes.
[0824] A description of the embodiment for carrying out the invention will be provided.
[0825] This invention is an electronic communication system that detects phishing scams and issues appropriate warnings, taking into account the user's emotional state. Its specific configuration and operation are described below.
[0826] First, when a terminal receives an electronic communication, it automatically sends its content and sender information to the server. In this context, the term "terminal" refers to various electronic communication devices, specifically including common information processing devices such as smartphones and personal computers.
[0827] The server analyzes the received communications using AI analysis tools. This analysis can utilize known AI frameworks (e.g., TensorFlow or PyTorch). To assess the likelihood of fraud, the server searches for fraudulent characteristics in the transmitted information and calculates a numerical risk score based on these characteristics. For example, if the communication includes words like "free" or "urgent," the risk score will be set higher.
[0828] Next, the device activates an emotion engine to estimate the user's emotions via the camera and microphone. This emotion engine can analyze facial expressions using OpenCV and other image processing libraries. It also performs voice analysis on the user's voice tone to assess their level of tension and stress.
[0829] For example, consider a scenario where a user receives a suspicious email from a bank. The server analyzes the email and calculates a high risk score. Furthermore, the device's camera detects tension in the user's face. In this case, the device generates a warning message in a calm tone, such as, "This appears to be an important email, but caution is advised before reviewing its contents," and displays it to the user.
[0830] An example of a prompt message might be: "Calculate the risk score of the received email and create a warning message to reduce the user's anxiety."
[0831] In this way, the system provides warnings that take into account the user's feelings, thereby creating a safer electronic communication environment.
[0832] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0833] Step 1:
[0834] The user receives electronic communication on their device. The device then sends the content of this communication and the sender's information to the server. The input consists of the communication content and sender's information, which are encrypted and then sent to the server. Specifically, the device detects a new email, retrieves its detailed information, and prepares it for sending.
[0835] Step 2:
[0836] The server uses an AI analysis tool to analyze the received communication content and calculate a numerical value indicating the likelihood of fraudulent activity. The input is electronic communication content, and the AI analysis tool uses natural language processing and pattern matching to output a risk score. Here, the server identifies the characteristics of phishing scams hidden within the communication and classifies the risk level of the incident.
[0837] Step 3:
[0838] The device uses an emotion engine to detect the user's emotional state. Input includes the user's current image and audio information, which is then analyzed using an emotion analysis algorithm to output the appropriate emotion category. Specifically, the device activates its camera and microphone, captures the user's facial expressions and voice tone, and pre-processes this data for analysis.
[0839] Step 4:
[0840] The terminal combines the risk score from the server with the user's emotional state, which it detects itself, to generate and display a warning message. The input consists of the risk score and emotional state data. It uses prompts to generate the most appropriate warning message based on this combination and presents it to the user as output. Specifically, the terminal considers appropriate tone and word choice when displaying the warning.
[0841] Step 5:
[0842] The user reviews the warning message and selects the appropriate action. The input is the displayed warning message, and based on its content, the system outputs actions such as deleting the message or moving it to the spam folder. Specifically, the user follows the on-screen instructions and takes appropriate action.
[0843] Step 6:
[0844] The terminal records user behavior and emotional data and sends it to the server. The input consists of the user's selected actions and the emotional data associated with them. This process involves structuring and outputting this data for storage in a database. Here, the terminal organizes the behavior log and sends it to the server via communication.
[0845] (Application Example 2)
[0846] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0847] In modern electronic communications, phishing scams pose a significant threat to users. Existing security measures focus on detecting fraudulent messages, but they often fail to consider the user's emotional state, potentially increasing user stress. Therefore, it is necessary to not only accurately assess the risk of phishing scams but also to provide warnings optimized for the user's emotional state to effectively ensure user safety and peace of mind.
[0848] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0849] In this invention, the server includes means for analyzing electronic messages, means for calculating a phishing scam risk score, and emotion detection means for recognizing the user's emotional state. This makes it possible to evaluate the risk of phishing scams with high accuracy and provide an optimal warning message tailored to the user's emotional state.
[0850] "Electronic communication equipment" refers to all devices used to receive electronic messages and process related information.
[0851] "Phishing scams" refer to acts involving malicious electronic messages intended to illegally obtain confidential information from users.
[0852] A "risk score" is an index used to quantify and quantitatively evaluate the likelihood of a phishing scam.
[0853] "Emotion detection means" refers to a mechanism that analyzes the user's facial expressions and tone of voice to recognize their emotional state in real time.
[0854] A "warning message" refers to a notification that informs users of the possibility of a phishing scam and urges them to take precautions.
[0855] "Analysis accuracy" refers to the degree of accuracy and reliability in detecting phishing scams and recognizing the emotional state of users.
[0856] This invention constructs an advanced electronic communication system to protect users from phishing scams. This system operates on the user's personal communication device, i.e., terminal, and functions in conjunction with a cloud-based server.
[0857] The server uses AI analysis tools to analyze received electronic messages and calculate a phishing scam risk score. During this process, machine learning libraries (e.g., TensorFlow) are used to analyze message patterns and assess risk. Furthermore, the reliability of links and domains within messages is verified by cross-referencing them with known databases.
[0858] The emotion detection system built into the device uses a camera and microphone to analyze the user's facial expressions and voice tone in real time. This utilizes software libraries such as OpenCV and PyAudio to recognize the user's emotional state.
[0859] If a user receives a message that poses a high risk of phishing, the server generates a warning message based on the risk score and the user's emotional state. The warning message is tailored in tone and content to match the user's current emotional state and is designed to reduce stress.
[0860] For example, if a user receives a suspicious message disguised as coming from a bank, and the server determines the message is high-risk, it will detect that the user is in a stressed emotional state and display a warning in a gentle tone such as, "This message requires caution. Please respond calmly and carefully."
[0861] As a concrete example, a prompt message to the generating AI model could be something like, "Analyze the user's facial expression and tone of voice when they receive a phishing message, and then formulate the most appropriate warning message." In this way, the entire system can reduce the risk of phishing scams through user interaction and provide a safer communication environment.
[0862] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0863] Step 1:
[0864] The terminal receives an electronic message. It extracts the content of the received message and sender information and sends it to the server. The input is the electronic message and sender information, and the output is passed to the server as data for analysis. Upon receiving the data, the server prepares for message analysis.
[0865] Step 2:
[0866] The server uses an AI analysis tool (e.g., TensorFlow) based on the received data to calculate a phishing scam risk score. The input is the message data sent by the device, and the output is the risk score. The server analyzes the message content to see if it matches any known phishing patterns.
[0867] Step 3:
[0868] The server uses a database to compare links and domains contained in a message against known, trusted data. The input is the link and domain information within the message, and the output is the evaluation of their reliability. Based on this, an additional determination is made as to whether the message is secure.
[0869] Step 4:
[0870] The device uses a camera and microphone to collect the user's facial expressions and voice tone, and analyzes their emotional state. The input is the user's video and audio data, and the output is the result of the emotional state assessment. The device performs this process using analysis software (e.g., OpenCV, PyAudio).
[0871] Step 5:
[0872] The server generates a warning message for the user based on the risk score and the user's emotional state. The input is the risk score and emotional state data, and the output is an optimized warning message. The server adjusts the tone and content according to the user's emotions.
[0873] Step 6:
[0874] The user reviews the warning message displayed on the device. A final action is taken based on the user's actions (such as deleting the message or viewing details). The input is the warning message and the user's decision, and the output is recorded as the user's action. This data is used to improve the accuracy of subsequent analyses.
[0875] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0876] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0877] In the above embodiment, an example was given in which the specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the robot 414.
[0878] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.
[0879] Figure 9 shows an emotion map 400 in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.
[0880] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.
[0881] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.
[0882] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, motorcycles, etc., emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated, for example, based on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.
[0883] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."
[0884] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.
[0885] The above description primarily focuses on the functions of the data processing device 12 in relation to this disclosure. However, the system related to this disclosure is not necessarily implemented on a server. The system related to this disclosure may be implemented as a general information processing system. This disclosure may be implemented, for example, as a software program that runs on a personal computer or as an application that runs on a smartphone. The method related to this disclosure may be provided to users in SaaS (Software as a Service) format.
[0886] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing of the specific process may be performed by multiple computers, including computer 22. For example, a data generation model 58 may be provided in an external device of the data processing device 12, and the external device may generate data according to the input data.
[0887] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.
[0888] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.
[0889] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.
[0890] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.
[0891] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.
[0892] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.
[0893] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.
[0894] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and the like that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.
[0895] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.
[0896] The following is further disclosed regarding the embodiments described above.
[0897] (Claim 1)
[0898] An electronic communication device receives an electronic message and has means for analyzing the content of the electronic message and sender information,
[0899] A means for calculating a phishing scam risk score based on the analyzed information,
[0900] If the risk score exceeds a predetermined value, a means for notifying the user of a warning,
[0901] A system that includes this.
[0902] (Claim 2)
[0903] The system according to claim 1, comprising means for matching links and domains contained in an electronic message with a known database in order to calculate the risk score.
[0904] (Claim 3)
[0905] The system according to claim 1, comprising means for recording user actions and using them for subsequent analysis.
[0906] "Example 1"
[0907] (Claim 1)
[0908] Electronic communication equipment receives communication data and processing means for analyzing the text and sender information of the communication data,
[0909] A calculation means for calculating a risk score for fraudulent activity based on the analyzed information,
[0910] A communication means for notifying the user of a warning if the risk score exceeds a predetermined value,
[0911] Verification means that uses an external database to verify the link and domain information contained in the communication data,
[0912] A storage means for recording user behavior and utilizing that record for subsequent analysis,
[0913] An analysis means for analyzing communication data using a generative artificial intelligence model,
[0914] A system that includes this.
[0915] (Claim 2)
[0916] The system according to claim 1, which includes means for analyzing and evaluating specific keywords or unnatural link structures that indicate fraudulent activity in order to calculate the risk score.
[0917] (Claim 3)
[0918] The system according to claim 1, comprising means for utilizing user behavior record data to improve the accuracy of a generative artificial intelligence model.
[0919] "Application Example 1"
[0920] (Claim 1)
[0921] An electronic communication device acquires an informational message and analyzes the content of the informational message and the sender information,
[0922] A means for calculating a fraud risk score based on the analyzed information,
[0923] If the risk score exceeds a certain threshold, a means of notifying the user of the warning,
[0924] A means including a mobile maintenance application equipped with a front display system for visualizing the warning,
[0925] A system that includes this.
[0926] (Claim 2)
[0927] The system according to claim 1, comprising means for comparing reference information and regions contained in an informational message with a known data bank in calculating the risk score.
[0928] (Claim 3)
[0929] The system according to claim 1, further comprising means for recording user actions and utilizing them for subsequent analysis, and additional means for visualizing the level of risk notification.
[0930] "Example 2 of combining an emotion engine"
[0931] (Claim 1)
[0932] An electronic communication device receives an electronic communication and analyzes the content and sender information of the electronic communication,
[0933] A means for calculating a numerical value to evaluate the likelihood of fraudulent activity based on the analyzed information,
[0934] If the value exceeds the set value, a means of providing a warning to the user,
[0935] A means for detecting the user's emotional state and optimizing warnings based on that state,
[0936] A means for recording user reactions and emotional data and using it for subsequent analysis,
[0937] A system that includes this.
[0938] (Claim 2)
[0939] The system according to claim 1, which includes means for comparing addresses and domains included in electronic communications with a known set of information in order to calculate the numerical value.
[0940] (Claim 3)
[0941] The system according to claim 1, comprising means for using a model generated for analysis and adjusting its prompt statements.
[0942] "Application example 2 when combining with an emotional engine"
[0943] (Claim 1)
[0944] An electronic communication device receives an electronic message and has means for analyzing the content of the electronic message and sender information,
[0945] A means for calculating a phishing scam risk score based on the analyzed information,
[0946] If the risk score exceeds a predetermined value, a means for notifying the user of a warning,
[0947] An emotion detection method for recognizing the user's emotional state,
[0948] Means for adjusting the warning message based on the emotional state,
[0949] A means of recording user behavior and emotional data and using it to improve the accuracy of analysis,
[0950] A system that includes this.
[0951] (Claim 2)
[0952] The system according to claim 1, comprising means for matching links and domains contained in an electronic message with a known database in order to calculate the risk score.
[0953] (Claim 3)
[0954] The system according to claim 1, comprising means for analyzing the user's facial expressions and voice when a message is received on a smartphone to determine their emotions. [Explanation of Symbols]
[0955] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots< / url:> < / url:> < / url:> < / url:>
Claims
1. An electronic communication device receives an electronic message and has means for analyzing the content of the electronic message and sender information, A means for calculating a phishing scam risk score based on the analyzed information, If the risk score exceeds a predetermined value, a means for notifying the user of a warning, A system that includes this.
2. The system according to claim 1, comprising means for comparing links and domains contained in an electronic message with a known database in order to calculate the risk score.
3. The system according to claim 1, comprising means for recording user actions and using them for subsequent analysis.