system
The email security system addresses real-time threat detection and user security assessments with natural language processing and threat sharing, enhancing enterprise defenses against phishing and malware.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SOFTBANK GROUP CORP
- Filing Date
- 2024-12-05
- Publication Date
- 2026-06-17
AI Technical Summary
Conventional email security systems struggle to effectively detect and defend against cyber threats such as phishing and malware in real time, lack means for quick user security assessments, and have insufficient infrastructure for sharing threat information among organizations.
An email security system utilizing natural language processing for real-time threat detection, immediate blocking or quarantining of threats, user terminal support for quick security assessments, and a threat information sharing platform to enhance defensive capabilities.
Provides real-time threat detection and blocking, user-friendly security assessments, and global threat information sharing, significantly improving enterprise security awareness and defense capabilities.
Smart Images

Figure 2026098667000001_ABST
Abstract
Description
Technical Field
[0001] The technology of the present disclosure relates to a system.
Background Art
[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, including steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a chatbot character, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance as a response to the user utterance.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In recent years, cyberattacks via communication networks have been increasing, and particularly the threats of phishing and malware via emails have been intensifying. In conventional email security systems, it is difficult to effectively detect and defend against these threats in real time. Also, there is a lack of means for quickly judging the security of emails received by users. Furthermore, the infrastructure for sharing threat information among organizations is insufficient. Therefore, new solutions for strengthening email security and improving the overall defensive power of enterprises are required.
Means for Solving the Problems
[0005] This invention provides an email security system that analyzes emails received via a communication network using natural language processing technology to perform real-time threat detection and blocking. The email server analyzes the email body, subject, sender address, and attachments in detail to assess the threat level. Emails determined to be threats are immediately blocked or quarantined. Furthermore, a user terminal support function utilizing a generative model allows users to quickly assess the security of received emails. In addition, by sharing detected threat information among organizations through an information sharing platform, defense measures against threats are strengthened. This leads to improved security awareness and defense capabilities throughout the entire enterprise.
[0006] A "communication network" is an infrastructure built to connect multiple devices and systems for sending and receiving data.
[0007] A "mail server" is a computer system or software application used to send, receive, and store emails.
[0008] "Natural language processing technology" is a field of technology that enables computers to understand, analyze, and generate human language, and is a part of AI technology.
[0009] "Threat level" is an index that quantitatively assesses the potential dangers lurking in emails and data.
[0010] "Analysis" is the process of thoroughly examining the content of an email, extracting its characteristics, and understanding them.
[0011] A "generative model" is an AI model that has the ability to generate new data and information based on a large amount of data.
[0012] A "user terminal" is a device that a user directly operates and is used for tasks such as accessing email and performing other calculations.
[0013] An "information sharing platform" is a system or service that allows multiple organizations or users to exchange and share information with each other. [Brief explanation of the drawing]
[0014] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10] This shows an emotion map where multiple emotions are mapped. [Figure 11] This is a sequence diagram showing the processing flow of the data processing system in Example 1. [Figure 12] This is a sequence diagram showing the processing flow of the data processing system in Application Example 1. [Figure 13] This is a sequence diagram showing the processing flow of the data processing system in Example 2, which incorporates an emotion engine. [Figure 14]It is a sequence diagram showing the processing flow of a data processing system in Application Example 2 when a sentiment engine is combined.
Embodiments for Carrying Out the Invention
[0015] Hereinafter, an example of an embodiment of a system according to the technology of the present disclosure will be described with reference to the accompanying drawings.
[0016] First, the terms used in the following description will be explained.
[0017] In the following embodiments, a numbered processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of multiple arithmetic units. Also, the processor may be a single type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), a GPGPU (General-Purpose computing on Graphics Processing Units), an APU (Accelerated Processing Unit), and the like.
[0018] In the following embodiments, a numbered RAM (Random Access Memory) is a memory in which information is temporarily stored and is used as a work memory by the processor.
[0019] In the following embodiments, a numbered storage is one or more non-volatile storage devices that store various programs and various parameters, etc. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes, and the like.
[0020] In the following embodiments, the signed communication interface (I / F) is an interface that includes a communication processor and an antenna, etc. The communication interface manages communication between multiple computers. Examples of communication standards applicable to the communication interface include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).
[0021] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B." That is, "A and / or B" means that it may be A alone, or B alone, or a combination of A and B. Furthermore, in this specification, the same concept as "A and / or B" applies when expressing three or more things linked by "and / or."
[0022] [First Embodiment]
[0023] Figure 1 shows an example of the configuration of the data processing system 10 according to the first embodiment.
[0024] As shown in Figure 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.
[0025] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0026] The smart device 14 comprises a computer 36, a reception device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The reception device 38, output device 40, and camera 42 are also connected to the bus 52.
[0027] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, etc., and receives user input. The touch panel 38A receives user input by detecting contact with an object (e.g., a pen or finger). The microphone 38B receives user input by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the data indicating the user input.
[0028] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user 20 by outputting the data in a form perceptible to the user 20 (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.
[0029] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.
[0030] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.
[0031] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0032] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0033] In the smart device 14, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The reception output program 60 is used in conjunction with a specific processing program 56 by the data processing system 10. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0034] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".
[0035] This invention provides an advanced email monitoring system aimed at strengthening corporate email security. A specific example of this system is shown below.
[0036] The server constantly monitors emails and automatically processes each incoming email for analysis. Upon arrival, the server first analyzes the email using natural language processing techniques. This analysis includes the email body, subject, sender information, and attachment contents. This analysis assesses whether the email contains any hidden threats such as phishing, spam, or malware.
[0037] If an email is determined to be a threat after analysis, the server immediately blocks and quarantines it. Quarantined emails are sent to a secure sandbox environment for further detailed analysis. This process minimizes the potential impact on the corporate network.
[0038] On the other hand, emails that do not detect any threats during analysis are delivered to the user's device without issue. If a user has any doubts about the security of an email they have received, they can use the device's support function to ask, "Is this email safe?" In this case, the device's generative model is activated, re-analyzing the email content and presenting a security assessment to the user.
[0039] Furthermore, the system has the ability to share newly detected threat information with other companies and organizations through a threat intelligence sharing platform. This ensures that the latest knowledge for responding to email-based threats is updated and shared globally.
[0040] The server provides administrators with a system dashboard that visualizes the overall system status and threat detection history in real time. Based on this information, administrators can take immediate action as needed.
[0041] As a concrete example, when a phishing email is sent to a company's mail server, natural language processing technology is used to analyze the email. If it matches a known phishing pattern, the server immediately blocks it. The email does not reach the user, and the company network remains protected.
[0042] This system will allow companies to strengthen their defenses against cyberattacks via email and enable users to utilize a secure email environment.
[0043] The following describes the processing flow.
[0044] Step 1:
[0045] The server detects the arrival of a new email and temporarily stores the email data in a buffer. This stored data is then ready to be handed over to the analysis process.
[0046] Step 2:
[0047] The server applies natural language processing techniques to the stored email data. The entire content, including the email body, subject, sender address, and attachments, is analyzed, and its match against threat patterns is evaluated.
[0048] Step 3:
[0049] The server determines the threat level of an email based on the analysis results. If the email is determined to match a known threat or contain a potential risk, it will be immediately quarantined or blocked.
[0050] Step 4:
[0051] The server sends isolated emails to a sandbox environment for further investigation. Here, a deeper analysis is performed to ensure that the system is not harmed.
[0052] Step 5:
[0053] Users will receive secure emails in their regular inbox that no threats were detected. If a user has concerns about the security of an email, they can ask the support bot, "Is this email safe?"
[0054] Step 6:
[0055] The device's generative model is activated and responds immediately to the user's inquiry. The email is re-analyzed, the generative model quickly performs a security assessment, and notifies the user of the results.
[0056] Step 7:
[0057] The server sends newly detected threat information to a threat intelligence sharing platform, sharing it with other organizations. This sharing activity further enhances the overall security of the system.
[0058] Step 8:
[0059] The server, using the system dashboard as a bridge, provides administrators with real-time updates on the system's status and a history of detected threats. Based on this information, administrators can quickly make necessary decisions.
[0060] (Example 1)
[0061] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0062] As the security of electronic communications within businesses increases, it is necessary to create an environment where users can quickly and securely receive data while preventing the influx of malicious data. However, conventional methods have been slow to respond to diversifying threats, making it difficult to immediately detect new risk factors and respond appropriately.
[0063] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0064] In this invention, the server includes means for evaluating the data content using information analysis techniques when receiving and transmitting data, using an information processing device that receives data via a communication network; means for determining whether the data matches known hazardous elements based on the evaluation results, and immediately blocking or isolating data determined to be hazardous; and means for widely distributing detected hazardous information through an information sharing platform for sharing with other organizations. This enables companies to enhance the security of electronic communications and users to receive secure data quickly.
[0065] An "information processing device" is a device that receives data via a communication network and analyzes and evaluates its contents.
[0066] "Information analysis technology" refers to techniques for analyzing the content of data and detecting risk elements, and includes natural language processing and pattern recognition.
[0067] "Risk elements" refer to elements in the data that are harmful to the recipient, such as phishing, spam, and malware.
[0068] "Generative technology" refers to techniques that utilize machine learning models to evaluate and generate data.
[0069] An "information sharing platform" is a platform for sharing detected risk information with other organizations.
[0070] A "monitoring display device" is a device that allows system administrators to visualize the security status of data and details of threats.
[0071] A "user terminal" is a device used by a user to receive and verify data.
[0072] This invention provides an advanced monitoring system that enhances the security of corporate communication data. The server acts as an information processing device that receives data over a communication network and monitors emails and other data. The server evaluates the data content using information analysis techniques upon reception. This evaluation includes natural language processing and pattern recognition techniques to analyze the main parts of the data, title, source identification, and attachments in detail.
[0073] Specifically, natural language processing libraries such as "SpaCy" and "NLTK" are used for information analysis. Through this analysis, the server determines whether dangerous elements such as phishing, spam, and malware are present. If the data is determined to be dangerous, the server immediately blocks and isolates it. Isolated data is then subjected to detailed analysis in a secure environment, preventing any adverse impact on the corporate network.
[0074] To ensure users receive secure data, the server securely transmits data that does not contain any detected hazards to the user's device. Users can ask their device, "Is this data safe?" about suspicious data. The device uses a generative AI model to re-evaluate the data in response to this inquiry and provide the user with a safety response. The generative AI model applies machine learning techniques to perform evaluations in real time.
[0075] The system shares detected threat information with other organizations through a threat intelligence sharing platform, distributing the latest defense information across a wide area. The server provides administrators with monitoring and display devices, reporting the data protection status and details of detected threats in real time.
[0076] As a concrete example, consider a case where data containing a suspicious link is sent. The server quickly analyzes this data and identifies that the linked site is dangerous. Therefore, the data is immediately quarantined. In this way, the company's communication environment is kept secure. As an example of a prompt message on the user terminal, we use "Analyze the subject and sender information of this email, compare it with our existing threat database, and indicate whether it may be phishing or spam."
[0077] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0078] Step 1:
[0079] The server receives emails and other data via the communication network. Input data includes email body, subject, sender information, and attachments. This data is temporarily stored in secure storage.
[0080] Step 2:
[0081] The server begins analyzing the stored data using natural language processing techniques. The input includes each data component stored in Step 1. The server utilizes analysis libraries (e.g., SpaCy, NLTK) to search for potential threats such as phishing, spam, and malware. Generative AI models also analyze any anomalous patterns in the data. The output is a threat score for each data item.
[0082] Step 3:
[0083] The server evaluates the data based on its threat score. If the threat score exceeds a threshold, the server determines the data is dangerous and immediately blocks or moves it to a quarantine folder. The output is a detailed list of the quarantined data.
[0084] Step 4:
[0085] The server properly delivers data that does not contain any detected threats to the user's terminal. The output is the data that has been confirmed safe and arrived in the user's inbox.
[0086] Step 5:
[0087] If a user has doubts about the security of their data, the device will ask, "Is this data secure?" The input is data that the user is requesting confirmation for. The device sends the prompt to a generating AI model, which then performs data analysis again. The output is the final security evaluation result.
[0088] Step 6:
[0089] The server transmits newly detected threat information to the information sharing platform. This strengthens the global defense system in cooperation with other organizations. The output is updated threat information.
[0090] Step 7:
[0091] The server reports to the system administrator in real time via a monitoring device. Inputs include the system's current operational status and threat detection history. Outputs are detailed reports and action instructions available to the administrator.
[0092] (Application Example 1)
[0093] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0094] Traditional email security systems had the problem of delays between the receipt of electronic documents and the detection of threats, making rapid response difficult. Furthermore, the process of individually verifying the security of each received email was time-consuming for users, preventing a complete elimination of security concerns. In addition, current systems lacked sufficient real-time analysis and information management capabilities adapted to mobile devices, posing challenges in sharing and distributing the latest threat information.
[0095] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0096] In this invention, the server includes means for analyzing document content using language analysis technology when acquiring and transmitting electronic documents, using an information processing device that acquires information via a communication channel; means for determining whether the document matches a known threat based on the analysis results, and immediately blocking or isolating documents determined to be harmful; and means for rapidly responding to inquiries from users regarding the security of documents and providing protective information to users, utilizing a generative model. This enables immediate analysis and threat detection at the time of document reception, reducing users' security concerns and real-time protection and information management even on mobile terminals.
[0097] An "information processing device" is a device used to receive, analyze, and process data.
[0098] A "communication channel" refers to a network path that enables the transmission and reception of data.
[0099] An "electronic document" is a document in digital format that is transmitted or received via a computer network.
[0100] "Language analysis technology" refers to the technology used to analyze natural language and understand the content of documents.
[0101] "Known harm" refers to security threats defined based on known patterns.
[0102] A "generative model" is an algorithmic model that dynamically generates responses in response to user questions or requests.
[0103] A "mobile device" refers to a portable communication device such as a mobile phone or smartphone.
[0104] "Immediate blocking or isolation" refers to the process of immediately blocking or storing documents in another secure location if a threat is detected.
[0105] "User" refers to an individual or legal entity that uses this system.
[0106] "Protected information" refers to data that provides information about the security of a document.
[0107] The system of this invention operates in a network environment including a server as an information processing device and user terminals. The server acquires electronic documents through a communication channel and analyzes them in real time using language analysis technology. Specifically, it uses natural language processing software such as Spacy to analyze the document content, subject, sender information, attachments, etc., and determines whether they match known threats.
[0108] If the server detects any known harm through analysis, it will immediately block or isolate the document. This process ensures that users can communicate securely without accessing any potentially harmful documents.
[0109] Furthermore, by utilizing generative models, when a user inquires about the security of a document from their device, the system immediately performs a security assessment and provides protection information. This generative model is designed to derive more accurate judgments by applying large-scale language models such as GTP-3.
[0110] As a concrete example, before a user opens an email on their smartphone regarding "winning a prize," a generative model on the device evaluates its security and identifies the possibility of phishing. An example of a prompt used in this process would be, "Please evaluate the security of emails with the subject line 'Winning a Prize' and check if they may be phishing."
[0111] The server and terminals work together to constantly process the latest threat information, quickly share threat intelligence with other organizations, and strengthen information protection on an international scale. In this way, the invented system can provide a rapid and effective security solution.
[0112] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0113] Step 1:
[0114] The server retrieves electronic documents via a communication channel. The input is a new email stored on the mail server, and the output is the data of that email to be analyzed. First, this data is converted into a format that can be input into natural language processing software.
[0115] Step 2:
[0116] The server uses natural language processing tools such as Spacy to analyze the content of electronic documents, including subject lines, sender information, and attachments. The input is the email data obtained in step 1, and the output is a data structure showing the analysis results. Based on these results, the likelihood that the email matches a known threat is quantified.
[0117] Step 3:
[0118] The server determines, based on the analysis results, whether they match any known threats. The input is the data structure of the analysis results generated in step 2, and the output is a flag indicating the determination result. If a threat is detected, the server immediately blocks or quarantines the email according to the configured criteria.
[0119] Step 4:
[0120] The terminal receives inquiries from the user regarding the security of a document. The input is a specific prompt sentence provided by the user, and the output is a query to be passed to a generative model. This query involves a process of transforming the user's question so that it can be appropriately interpreted by the generative AI model.
[0121] Step 5:
[0122] A generative model on the terminal evaluates the query and draws conclusions about the document's security. The input is the query obtained in step 4, and the output is the evaluation result of the document's security. The model uses an internal algorithm to check for the possibility of phishing or the presence of other threats.
[0123] Step 6:
[0124] The terminal presents the evaluation results of the generative model to the user. The input is the evaluation results generated in step 5, and the output is visualized security information for the user. The terminal displays the evaluation results to the user in an easy-to-understand format and also suggests actions as needed.
[0125] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0126] This invention relates to an advanced email monitoring system that combines an emotion engine with an email security engine. This system utilizes natural language processing and emotion recognition technologies to provide a more secure email environment for emails sent and received over a communication network.
[0127] The server analyzes incoming email data using natural language processing techniques to assess the threat level. Elements such as the email body, subject, sender information, and attachments are analyzed in detail. Furthermore, a sentiment engine is used to evaluate the email content and analyze the sentiment contained within. This analysis allows for the identification of emails that may contain malicious intent and the generation of additional warnings as needed.
[0128] If an email is identified as a threat, the server immediately blocks or quarantines it. Quarantined emails are reviewed in a sandbox environment for more detailed analysis. This helps prevent threats to the corporate network.
[0129] If a user wants to check the security of an email they have received, they can ask, "Is this email safe?" In this case, the device's generative model is activated, and the email's security is re-evaluated. Furthermore, when a user makes this inquiry, the system uses an emotion engine to assess the user's emotional state and provide appropriate security information.
[0130] For example, when a malicious email is received, the server performs sentiment analysis on the email and warns the user of the potential danger. At the same time, based on the information obtained from the sentiment engine, if the user is in a stressful state, a special warning message can be displayed to draw their attention.
[0131] Furthermore, when composing an email reply, the device recognizes the user's emotions in real time and provides advice to ensure the reply is appropriate. This will lead to safer and smoother communication both within and outside the company.
[0132] This system also connects to an information sharing platform for sharing detected threat information with other organizations, facilitating the sharing of threat intelligence. The server provides an administrator dashboard that reports the status of email security and details of detected threats in real time. Administrators can use this information to take appropriate countermeasures.
[0133] As described above, the present invention, by utilizing emotion recognition functionality, achieves comprehensive protection against threats transmitted via email, significantly improving the security awareness and response capabilities of the entire enterprise.
[0134] The following describes the processing flow.
[0135] Step 1:
[0136] When the server detects an email received via the communication network, it stores the email data in a buffer. This buffer includes the email body, subject, sender information, and attachments.
[0137] Step 2:
[0138] The server uses natural language processing techniques to analyze email data stored in a buffer. Here, it detects specific patterns and keywords to identify potentially phishing or malware content.
[0139] Step 3:
[0140] Based on the analysis results, the server assesses whether the email is a threat. This assessment involves comparing it against a database of known threats to identify emails with suspicious characteristics.
[0141] Step 4:
[0142] The server uses an emotion engine to analyze the emotions contained in the email content. For example, it can read aggressive intent from the wording of an email and issue an additional warning for that email.
[0143] Step 5:
[0144] The server ensures security by blocking emails that are detected as containing threats or offensive sentiment in real time and isolating them in a sandbox environment. This step is intended to prevent potential impacts on the corporate network.
[0145] Step 6:
[0146] If a user has doubts about the security of an email they have received, they can inquire through the device's interface, asking, "Is this email secure?"
[0147] Step 7:
[0148] The device's generative model, upon receiving a user inquiry, re-analyzes the email content and performs a security assessment. Additionally, the emotion engine evaluates the user's emotional state, and if it detects stress or anxiety, it provides security information to reassure the user.
[0149] Step 8:
[0150] The device monitors the user's emotional state in real time as they compose a reply to an email, and if the reply is deemed inappropriate, it displays advice prompting the user to reconsider their response.
[0151] Step 9:
[0152] The server sends detected threat information to an information sharing platform that facilitates cross-organizational sharing. This enables comprehensive threat defense in cooperation with other organizations.
[0153] Step 10:
[0154] The server provides system administrators with real-time information on the email security status and details of detected threats through a management dashboard. Administrators can use this information to implement more effective security management.
[0155] (Example 2)
[0156] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".
[0157] In modern electronic communications, where vast amounts of information are exchanged rapidly, there is a need to quickly and effectively detect and defend against potential dangers and malicious intent lurking within. Furthermore, a system is needed to immediately address user safety concerns and to determine whether that response is appropriate. Additionally, a platform is required to share detected risk information with other organizations and improve overall risk awareness.
[0158] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0159] In this invention, the server includes means for analyzing the content of information using natural language processing technology when receiving and transmitting information via a communication device, means for evaluating the emotions contained in the information content using sentiment analysis technology and identifying information that may have malicious intent, and means for distributing the detected dangerous information over a wide area through an information sharing platform for sharing with other organizations. This makes it possible to immediately assess the potential danger of the information content and respond quickly as needed.
[0160] A "communication device" refers to equipment that operates on a network to send and receive information, and includes devices such as mail servers and routers.
[0161] "Natural language processing technology" is a technology that enables computers to understand, analyze, and process human language, and is used for analyzing emails and extracting information.
[0162] "Analyzing information content" refers to the process of thoroughly examining the content of received data and understanding its meaning and intent.
[0163] "Based on the analysis results" means that subsequent processing and decisions are made based on the information obtained through the analysis.
[0164] "Known hazards" refer to risk factors registered in databases or threats based on past incidents.
[0165] "In real time" refers to responding to or processing events immediately upon their occurrence, indicating a state with extremely little time delay.
[0166] "Emotion analysis technology" is a technology that reads human emotions from text and audio, and is used to determine the malicious intent behind information.
[0167] A "generative model" refers to artificial intelligence technology that generates language and data based on large amounts of data, and is particularly used for automated responses to inquiries.
[0168] "User" refers to any person or organization that uses this system to send and receive information or to verify its security.
[0169] An "information sharing platform" refers to a platform for effectively sharing information between different organizations, and is used for sharing information about potential risks.
[0170] An "observation screen" refers to a visual interface used to display the system's status and condition, and is used by administrators to monitor the situation.
[0171] This invention is a system for improving data security and effectively detects potential risks associated with the transmission and reception of information via communication devices.
[0172] The server receives information via communication devices and analyzes its content using natural language processing technology. Specifically, it utilizes libraries such as Python's NLTK and spaCy to extract the meaning and intent of the information. Based on the analysis results, it also compares known risk factors with a database and identifies them as dangerous if they match. Since the analyzed information is processed in real time, it can respond immediately to any dangers that arise.
[0173] The server uses sentiment analysis technology to evaluate the emotions contained in the information. This involves using TextBlob or similar text analysis tools to determine if the information may have malicious intent. Information detected as potentially dangerous through sentiment analysis is immediately blocked or stored and further analyzed in a sandbox environment.
[0174] If a user feels uneasy about the information they receive, they can ask, "Is this information safe?" In this case, the device utilizes a generative AI model to assess the safety of the information. For example, generative models such as OpenAI® GPT-4® are used, and a response is generated based on past data and learned information.
[0175] Furthermore, the server can distribute risk information through an information sharing platform for sharing risk information with other organizations, enabling global dissemination of information. This improves risk awareness across the entire industry.
[0176] The server also provides administrators with an observation screen that reports the security status of information and details of detected risks in real time, enabling efficient management and implementation of safety measures. For example, a prompt message such as "Analyze the content of this information, evaluate its emotional state, and confirm its safety" is input into an AI model, which then guides the user to appropriate countermeasures.
[0177] This system provides users with an environment where they can handle information with peace of mind, and ensures the security of that information.
[0178] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0179] Step 1:
[0180] The server receives information via a communication device and performs initial processing on its contents. Input includes email body, subject, sender information, and attachments. This data is analyzed using natural language processing techniques (e.g., Python's NLTK or spaCy) to break down the content into text data. This analysis process extracts important keywords, phrases, and sentence structure, which are then output.
[0181] Step 2:
[0182] The server uses the analyzed text data to assess the threat level. The input is the analysis result from step 1. At this stage, the data is compared against an already registered threat database. Specifically, existing filtering techniques are used to determine if the text content matches a known threat. The output is the threat level assessment result. Based on this result, it is determined whether the information is safe or questionable.
[0183] Step 3:
[0184] The server activates sentiment analysis technology to analyze the emotions contained in the information. The input is the text data obtained in step 1. Using text blobs or similar sentiment analysis tools, the emotional tone and aggression of the information are evaluated. The output is an emotional danger indicator, which is used to detect potential aggressive intent.
[0185] Step 4:
[0186] The server immediately blocks or isolates information if it determines it to be unsafe. The input is the risk assessment results from steps 2 and 3. Based on these results, the information is moved to a sandbox environment and stored for further analysis. The output is information protection until its safety is confirmed.
[0187] Step 5:
[0188] If a user is concerned about the security of information, they can ask, "Is this information secure?" The input is the user's request message. In this case, the terminal activates a generating AI model (e.g., OpenAI GPT-4) and performs a security assessment of the information again. The output is the AI's security assessment result and advice provided to the user.
[0189] Step 6:
[0190] The server shares detected risk information with other organizations through an information sharing platform. The input is the risk information detected in steps 2 and 3. The information is sent to the security platform and distributed widely. The output is the risk information transmitted to each organization.
[0191] Step 7:
[0192] The server provides an observation screen for administrators, displaying the current information security status and details of detected threats. The input consists of the output data from each of the steps described above. This observation screen allows administrators to understand the situation in real time and take appropriate action. As output, administrators can obtain a detailed security report.
[0193] (Application Example 2)
[0194] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0195] With the advancement of information and communication technology, information leaks via email and online messages, as well as phishing scams, are becoming increasingly serious problems. Current systems struggle to adequately detect threats, and users are unable to respond appropriately to malicious content. Furthermore, providing appropriate warnings that take into account the user's emotional state is also difficult. Therefore, there is a need for security solutions with more advanced analytical capabilities and that are sensitive to user emotions.
[0196] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0197] In this invention, the server includes means for analyzing content using natural language processing technology when receiving and transmitting information via a communication network, means for determining whether the content matches a known danger based on the analysis results, and means for controlling or protecting content determined to be dangerous in real time, and means for analyzing the user's emotions and providing special notifications in dangerous situations. This makes it possible to analyze the danger of content received by the user in real time and provide warnings that take into account the user's stress level.
[0198] An "information processing device" is an electronic device that receives and transmits information and processes it in a specified manner.
[0199] "Natural language processing technology" is a technology that uses computers to process and understand natural language used by humans.
[0200] "Content" refers to all information contained in information media such as emails and online messages.
[0201] "Analysis" is the act of breaking down content and understanding its constituent elements.
[0202] "Dangerous" refers to a situation or content that could potentially lead to information leaks or fraud from an information security perspective.
[0203] A "user" is an individual or company that operates an information processing device and receives information services.
[0204] "Emotional analysis" is a technology that evaluates a user's emotional state and predicts specific behaviors and reactions.
[0205] A "notification" is a means or message used to convey information to a user.
[0206] To implement this invention, the server must first function as an information processing device. The server receives content such as emails and online messages via a communication network and analyzes this content using natural language processing technology. For the analysis, Python libraries such as spaCy and Transformers are used to evaluate the email body, subject, sender information, attachments, etc., in detail. This makes it possible to determine whether the content falls under known hazards.
[0207] Next, the server controls or protects content deemed dangerous in real time based on the analysis results. Dangerous content is filtered or isolated to prevent direct impact on users. Furthermore, the server analyzes the user's emotional state and uses emotion analysis technology to provide special notifications in dangerous situations. This involves using emotion recognition models based on frameworks such as TENSORFLOW® and PyTorch.
[0208] The user's device has an application built with Flutter® installed as the frontend. This device communicates with the server and notifies the user in real time of the potential dangers of the content and the warnings provided. The content of the warnings received by the user is appropriately customized using specific prompt phrases based on a pre-configured generative AI model.
[0209] As a concrete example, if a user receives an email that may be a phishing attempt, the server analyzes the email and immediately sends an alert to the user. This alert includes a prompt message such as, "This email may be a phishing attempt. The sender is unknown, do not click on any links. You may be feeling stressed, so please remain calm and review the information carefully." In this way, the invention provides an effective means of ensuring information security while reducing the psychological burden on the user.
[0210] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0211] Step 1:
[0212] The server receives content such as emails and online messages via a communication network. The input is raw email or message information, and the output is that data passed to a natural language processing engine. Immediately after receiving the data, it is cleaned up and converted into a format suitable for analysis.
[0213] Step 2:
[0214] The server uses Python's spaCy and Transformers natural language processing libraries to parse the body, title, source information, and attachments of the received content. The input is the data formatted in step 1, and the output is the parsed structured data. Specifically, each element is tokenized, and semantic relationships are extracted.
[0215] Step 3:
[0216] The server evaluates the content based on the analysis results to determine if it matches any known hazards, and if it is determined to be hazardous, it takes control or protection in real time. The input is the analysis results from step 2, and the output is a flag or status indicating the hazard. If applicable, the content is isolated and filtered.
[0217] Step 4:
[0218] The terminal communicates with the server to notify the user of the analysis results in real time. The input is risk information sent from the server, and the output is a warning message displayed on the user's screen. The display in the user interface is dynamically handled using Flutter.
[0219] Step 5:
[0220] The server utilizes emotion recognition models based on TensorFlow and PyTorch to analyze the user's emotional state. Input consists of the user's past response data and real-time data, while output is a prediction of the user's current emotional state. Based on the prediction, special notifications are generated as needed.
[0221] Step 6:
[0222] The device displays a special notification to the user that takes their emotional state into consideration, using an AI model that generates such notifications. The input is the result of the sentiment analysis and instructions from the server, and the output is a customized notification message provided to the user. An example prompt is: "This email may be a phishing attempt. The sender is unknown, do not click on the link. You may be feeling stressed, so please calmly review the message."
[0223] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.
[0224] Data generation model 58 is a so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> ), Gemini (registered trademark) (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0225] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart device 14.
[0226] [Second Embodiment]
[0227] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.
[0228] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.
[0229] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0230] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.
[0231] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0232] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0233] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0234] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0235] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0236] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0237] In the smart glasses 214, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0238] Next, the identification processing performed by the identification processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0239] This invention provides an advanced email monitoring system aimed at strengthening corporate email security. A specific example of this system is shown below.
[0240] The server constantly monitors emails and automatically processes each incoming email for analysis. Upon arrival, the server first analyzes the email using natural language processing techniques. This analysis includes the email body, subject, sender information, and attachment contents. This analysis assesses whether the email contains any hidden threats such as phishing, spam, or malware.
[0241] If an email is determined to be a threat after analysis, the server immediately blocks and quarantines it. Quarantined emails are sent to a secure sandbox environment for further detailed analysis. This process minimizes the potential impact on the corporate network.
[0242] On the other hand, emails that do not detect any threats during analysis are delivered to the user's device without issue. If a user has any doubts about the security of an email they have received, they can use the device's support function to ask, "Is this email safe?" In this case, the device's generative model is activated, re-analyzing the email content and presenting a security assessment to the user.
[0243] Furthermore, the system has the ability to share newly detected threat information with other companies and organizations through a threat intelligence sharing platform. This ensures that the latest knowledge for responding to email-based threats is updated and shared globally.
[0244] The server provides administrators with a system dashboard that visualizes the overall system status and threat detection history in real time. Based on this information, administrators can take immediate action as needed.
[0245] As a concrete example, when a phishing email is sent to a company's mail server, natural language processing technology is used to analyze the email. If it matches a known phishing pattern, the server immediately blocks it. The email does not reach the user, and the company network remains protected.
[0246] This system will allow companies to strengthen their defenses against cyberattacks via email and enable users to utilize a secure email environment.
[0247] The following describes the processing flow.
[0248] Step 1:
[0249] The server detects the arrival of a new email and temporarily stores the email data in a buffer. This stored data is then ready to be handed over to the analysis process.
[0250] Step 2:
[0251] The server applies natural language processing techniques to the stored email data. The entire content, including the email body, subject, sender address, and attachments, is analyzed, and its match against threat patterns is evaluated.
[0252] Step 3:
[0253] The server determines the threat level of an email based on the analysis results. If the email is determined to match a known threat or contain a potential risk, it will be immediately quarantined or blocked.
[0254] Step 4:
[0255] The server sends isolated emails to a sandbox environment for further investigation. Here, a deeper analysis is performed to ensure that the system is not harmed.
[0256] Step 5:
[0257] Users will receive secure emails in their regular inbox that no threats were detected. If a user has concerns about the security of an email, they can ask the support bot, "Is this email safe?"
[0258] Step 6:
[0259] The device's generative model is activated and responds immediately to the user's inquiry. The email is re-analyzed, the generative model quickly performs a security assessment, and notifies the user of the results.
[0260] Step 7:
[0261] The server sends newly detected threat information to a threat intelligence sharing platform, sharing it with other organizations. This sharing activity further enhances the overall security of the system.
[0262] Step 8:
[0263] The server, using the system dashboard as a bridge, provides administrators with real-time updates on the system's status and a history of detected threats. Based on this information, administrators can quickly make necessary decisions.
[0264] (Example 1)
[0265] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0266] As the security of electronic communications within businesses increases, it is necessary to create an environment where users can quickly and securely receive data while preventing the influx of malicious data. However, conventional methods have been slow to respond to diversifying threats, making it difficult to immediately detect new risk factors and respond appropriately.
[0267] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0268] In this invention, the server includes means for evaluating the data content using information analysis techniques when receiving and transmitting data, using an information processing device that receives data via a communication network; means for determining whether the data matches known hazardous elements based on the evaluation results, and immediately blocking or isolating data determined to be hazardous; and means for widely distributing detected hazardous information through an information sharing platform for sharing with other organizations. This enables companies to enhance the security of electronic communications and users to receive secure data quickly.
[0269] An "information processing device" is a device that receives data via a communication network and analyzes and evaluates its contents.
[0270] "Information analysis technology" refers to techniques for analyzing the content of data and detecting risk elements, and includes natural language processing and pattern recognition.
[0271] "Risk elements" refer to elements in the data that are harmful to the recipient, such as phishing, spam, and malware.
[0272] "Generative technology" refers to techniques that utilize machine learning models to evaluate and generate data.
[0273] An "information sharing platform" is a platform for sharing detected risk information with other organizations.
[0274] A "monitoring display device" is a device that allows system administrators to visualize the security status of data and details of threats.
[0275] A "user terminal" is a device used by a user to receive and verify data.
[0276] This invention provides an advanced monitoring system that enhances the security of corporate communication data. The server acts as an information processing device that receives data over a communication network and monitors emails and other data. The server evaluates the data content using information analysis techniques upon reception. This evaluation includes natural language processing and pattern recognition techniques to analyze the main parts of the data, title, source identification, and attachments in detail.
[0277] Specifically, natural language processing libraries such as "SpaCy" and "NLTK" are used for information analysis. Through this analysis, the server determines whether dangerous elements such as phishing, spam, and malware are present. If the data is determined to be dangerous, the server immediately blocks and isolates it. Isolated data is then subjected to detailed analysis in a secure environment, preventing any adverse impact on the corporate network.
[0278] To ensure users receive secure data, the server securely transmits data that does not contain any detected hazards to the user's device. Users can ask their device, "Is this data safe?" about suspicious data. The device uses a generative AI model to re-evaluate the data in response to this inquiry and provide the user with a safety response. The generative AI model applies machine learning techniques to perform evaluations in real time.
[0279] The system shares detected threat information with other organizations through a threat intelligence sharing platform, distributing the latest defense information across a wide area. The server provides administrators with monitoring and display devices, reporting the data protection status and details of detected threats in real time.
[0280] As a concrete example, consider a case where data containing a suspicious link is sent. The server quickly analyzes this data and identifies that the linked site is dangerous. Therefore, the data is immediately quarantined. In this way, the company's communication environment is kept secure. As an example of a prompt message on the user terminal, we use "Analyze the subject and sender information of this email, compare it with our existing threat database, and indicate whether it may be phishing or spam."
[0281] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0282] Step 1:
[0283] The server receives emails and other data via a communication network. The input data includes the body of the email, subject, sender information, attached files, etc. These data are temporarily stored in a secure storage.
[0284] Step 2:
[0285] The server starts analyzing the stored data using natural language processing techniques. The input includes each data component saved in Step 1. The server utilizes analysis libraries (e.g., SpaCy, NLTK) to search for possibilities such as phishing, spam, malware, etc. Also, the generative AI model analyzes abnormal patterns in the data. The output is a threat score for each data.
[0286] Step 3:
[0287] The server evaluates the data based on the threat score. As a result of the evaluation, if the threat score exceeds the threshold, the server determines that data as dangerous and immediately blocks it or moves it to an isolation folder. The output is the isolated data and its detailed list.
[0288] Step 4:
[0289] The server appropriately delivers the data for which no threat is detected to the user terminal. The output is the data with confirmed safety that has arrived in the user's inbox.
[0290] Step 5:
[0291] If the user has doubts about the safety of the data, the user queries from the terminal "Is this data safe?". The input is the data requesting the user's confirmation. The terminal sends the prompt text to the generative AI model to perform data analysis again. The output is the final evaluation result of safety.
[0292] Step 6:
[0293] The server transmits newly detected threat information to the information sharing platform. This strengthens the global defense system in cooperation with other organizations. The output is updated threat information.
[0294] Step 7:
[0295] The server reports to the system administrator in real time via a monitoring device. Inputs include the system's current operational status and threat detection history. Outputs are detailed reports and action instructions available to the administrator.
[0296] (Application Example 1)
[0297] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0298] Traditional email security systems had the problem of delays between the receipt of electronic documents and the detection of threats, making rapid response difficult. Furthermore, the process of individually verifying the security of each received email was time-consuming for users, preventing a complete elimination of security concerns. In addition, current systems lacked sufficient real-time analysis and information management capabilities adapted to mobile devices, posing challenges in sharing and distributing the latest threat information.
[0299] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0300] In this invention, the server includes means for analyzing the document content using language analysis technology when acquiring and transmitting an electronic document by an information processing device that acquires information via a communication communication path, means for determining whether the document matches a pre-known hazard based on the analysis result and immediately blocking or isolating the document determined to be a hazard, and means for utilizing a generative model to quickly respond to inquiries from users regarding the security of documents and provide protection information to users. This enables immediate analysis and threat detection at the time of document reception, reduces users' anxiety about security, and enables real-time protection and information management even on mobile terminals.
[0301] An "information processing device" is a device for receiving data and performing analysis and processing.
[0302] A "communication communication path" is a network path that enables the transmission and reception of data.
[0303] An "electronic document" is a document in digital format transmitted or received via a computer network.
[0304] "Language analysis technology" is technology for analyzing natural language and understanding the content of a document.
[0305] "Pre-known hazard" refers to a security threat defined based on known patterns.
[0306] A "generative model" is an algorithm model that dynamically generates responses according to users' questions and requests.
[0307] A "mobile terminal" is a portable communication device such as a mobile phone or smartphone.
[0308] "Immediately block or isolate" refers to the process of immediately blocking a document in which a threat is detected or storing it in another safe location.
[0309] "User" refers to an individual or legal entity that uses this system.
[0310] "Protected information" refers to data that provides information about the security of a document.
[0311] The system of this invention operates in a network environment including a server as an information processing device and user terminals. The server acquires electronic documents through a communication channel and analyzes them in real time using language analysis technology. Specifically, it uses natural language processing software such as Spacy to analyze the document content, subject, sender information, attachments, etc., and determines whether they match known threats.
[0312] If the server detects any known harm through analysis, it will immediately block or isolate the document. This process ensures that users can communicate securely without accessing any potentially harmful documents.
[0313] Furthermore, by utilizing generative models, when a user inquires about the security of a document from their device, the system immediately performs a security assessment and provides protection information. This generative model is designed to derive more accurate judgments by applying large-scale language models such as GTP-3.
[0314] As a concrete example, before a user opens an email on their smartphone regarding "winning a prize," a generative model on the device evaluates its security and identifies the possibility of phishing. An example of a prompt used in this process would be, "Please evaluate the security of emails with the subject line 'Winning a Prize' and check if they may be phishing."
[0315] The server and terminals work together to constantly process the latest threat information, quickly share threat intelligence with other organizations, and strengthen information protection on an international scale. In this way, the invented system can provide a rapid and effective security solution.
[0316] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0317] Step 1:
[0318] The server retrieves electronic documents via a communication channel. The input is a new email stored on the mail server, and the output is the data of that email to be analyzed. First, this data is converted into a format that can be input into natural language processing software.
[0319] Step 2:
[0320] The server uses natural language processing tools such as Spacy to analyze the content of electronic documents, including subject lines, sender information, and attachments. The input is the email data obtained in step 1, and the output is a data structure showing the analysis results. Based on these results, the likelihood that the email matches a known threat is quantified.
[0321] Step 3:
[0322] The server determines, based on the analysis results, whether they match any known threats. The input is the data structure of the analysis results generated in step 2, and the output is a flag indicating the determination result. If a threat is detected, the server immediately blocks or quarantines the email according to the configured criteria.
[0323] Step 4:
[0324] The terminal receives inquiries from the user regarding the security of a document. The input is a specific prompt sentence provided by the user, and the output is a query to be passed to a generative model. This query involves a process of transforming the user's question so that it can be appropriately interpreted by the generative AI model.
[0325] Step 5:
[0326] A generative model on the terminal evaluates the query and draws conclusions about the document's security. The input is the query obtained in step 4, and the output is the evaluation result of the document's security. The model uses an internal algorithm to check for the possibility of phishing or the presence of other threats.
[0327] Step 6:
[0328] The terminal presents the evaluation results of the generative model to the user. The input is the evaluation results generated in step 5, and the output is visualized security information for the user. The terminal displays the evaluation results to the user in an easy-to-understand format and also suggests actions as needed.
[0329] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0330] This invention relates to an advanced email monitoring system that combines an emotion engine with an email security engine. This system utilizes natural language processing and emotion recognition technologies to provide a more secure email environment for emails sent and received over a communication network.
[0331] The server analyzes incoming email data using natural language processing techniques to assess the threat level. Elements such as the email body, subject, sender information, and attachments are analyzed in detail. Furthermore, a sentiment engine is used to evaluate the email content and analyze the sentiment contained within. This analysis allows for the identification of emails that may contain malicious intent and the generation of additional warnings as needed.
[0332] If an email is identified as a threat, the server immediately blocks or quarantines it. Quarantined emails are reviewed in a sandbox environment for more detailed analysis. This helps prevent threats to the corporate network.
[0333] If a user wants to check the security of an email they have received, they can ask, "Is this email safe?" In this case, the device's generative model is activated, and the email's security is re-evaluated. Furthermore, when a user makes this inquiry, the system uses an emotion engine to assess the user's emotional state and provide appropriate security information.
[0334] For example, when a malicious email is received, the server performs sentiment analysis on the email and warns the user of the potential danger. At the same time, based on the information obtained from the sentiment engine, if the user is in a stressful state, a special warning message can be displayed to draw their attention.
[0335] Furthermore, when composing an email reply, the device recognizes the user's emotions in real time and provides advice to ensure the reply is appropriate. This will lead to safer and smoother communication both within and outside the company.
[0336] This system also connects to an information sharing platform for sharing detected threat information with other organizations, facilitating the sharing of threat intelligence. The server provides an administrator dashboard that reports the status of email security and details of detected threats in real time. Administrators can use this information to take appropriate countermeasures.
[0337] As described above, the present invention, by utilizing emotion recognition functionality, achieves comprehensive protection against threats transmitted via email, significantly improving the security awareness and response capabilities of the entire enterprise.
[0338] The following describes the processing flow.
[0339] Step 1:
[0340] When the server detects an email received via the communication network, it stores the email data in a buffer. This buffer includes the email body, subject, sender information, and attachments.
[0341] Step 2:
[0342] The server uses natural language processing techniques to analyze email data stored in a buffer. Here, it detects specific patterns and keywords to identify potentially phishing or malware content.
[0343] Step 3:
[0344] Based on the analysis results, the server assesses whether the email is a threat. This assessment involves comparing it against a database of known threats to identify emails with suspicious characteristics.
[0345] Step 4:
[0346] The server uses an emotion engine to analyze the emotions contained in the email content. For example, it can read aggressive intent from the wording of an email and issue an additional warning for that email.
[0347] Step 5:
[0348] The server ensures security by blocking emails that are detected as containing threats or offensive sentiment in real time and isolating them in a sandbox environment. This step is intended to prevent potential impacts on the corporate network.
[0349] Step 6:
[0350] If a user has doubts about the security of an email they have received, they can inquire through the device's interface, asking, "Is this email secure?"
[0351] Step 7:
[0352] The device's generative model, upon receiving a user inquiry, re-analyzes the email content and performs a security assessment. Additionally, the emotion engine evaluates the user's emotional state, and if it detects stress or anxiety, it provides security information to reassure the user.
[0353] Step 8:
[0354] The device monitors the user's emotional state in real time as they compose a reply to an email, and if the reply is deemed inappropriate, it displays advice prompting the user to reconsider their response.
[0355] Step 9:
[0356] The server sends detected threat information to an information sharing platform that facilitates cross-organizational sharing. This enables comprehensive threat defense in cooperation with other organizations.
[0357] Step 10:
[0358] The server provides system administrators with real-time information on the email security status and details of detected threats through a management dashboard. Administrators can use this information to implement more effective security management.
[0359] (Example 2)
[0360] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0361] In modern electronic communications, where vast amounts of information are exchanged rapidly, there is a need to quickly and effectively detect and defend against potential dangers and malicious intent lurking within. Furthermore, a system is needed to immediately address user safety concerns and to determine whether that response is appropriate. Additionally, a platform is required to share detected risk information with other organizations and improve overall risk awareness.
[0362] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0363] In this invention, the server includes means for analyzing the content of information using natural language processing technology when receiving and transmitting information via a communication device, means for evaluating the emotions contained in the information content using sentiment analysis technology and identifying information that may have malicious intent, and means for distributing the detected dangerous information over a wide area through an information sharing platform for sharing with other organizations. This makes it possible to immediately assess the potential danger of the information content and respond quickly as needed.
[0364] A "communication device" refers to equipment that operates on a network to send and receive information, and includes devices such as mail servers and routers.
[0365] "Natural language processing technology" is a technology that enables computers to understand, analyze, and process human language, and is used for analyzing emails and extracting information.
[0366] "Analyzing information content" refers to the process of thoroughly examining the content of received data and understanding its meaning and intent.
[0367] "Based on the analysis results" means that subsequent processing and decisions are made based on the information obtained through the analysis.
[0368] "Known hazards" refer to risk factors registered in databases or threats based on past incidents.
[0369] "In real time" refers to responding to or processing events immediately upon their occurrence, indicating a state with extremely little time delay.
[0370] "Emotion analysis technology" is a technology that reads human emotions from text and audio, and is used to determine the malicious intent behind information.
[0371] A "generative model" refers to artificial intelligence technology that generates language and data based on large amounts of data, and is particularly used for automated responses to inquiries.
[0372] "User" refers to any person or organization that uses this system to send and receive information or to verify its security.
[0373] An "information sharing platform" refers to a platform for effectively sharing information between different organizations, and is used for sharing information about potential risks.
[0374] An "observation screen" refers to a visual interface used to display the system's status and condition, and is used by administrators to monitor the situation.
[0375] This invention is a system for improving data security and effectively detects potential risks associated with the transmission and reception of information via communication devices.
[0376] The server receives information via communication devices and analyzes its content using natural language processing technology. Specifically, it utilizes libraries such as Python's NLTK and spaCy to extract the meaning and intent of the information. Based on the analysis results, it also compares known risk factors with a database and identifies them as dangerous if they match. Since the analyzed information is processed in real time, it can respond immediately to any dangers that arise.
[0377] The server uses sentiment analysis technology to evaluate the emotions contained in the information. This involves using TextBlob or similar text analysis tools to determine if the information may have malicious intent. Information detected as potentially dangerous through sentiment analysis is immediately blocked or stored and further analyzed in a sandbox environment.
[0378] If a user feels uneasy about the information they receive, they can ask, "Is this information safe?" In this case, the device utilizes a generative AI model to assess the safety of the information. For example, a generative model such as OpenAI GPT-4 is used, and a response is generated based on past data and learned information.
[0379] Furthermore, the server can distribute risk information through an information sharing platform for sharing risk information with other organizations, enabling global dissemination of information. This improves risk awareness across the entire industry.
[0380] The server also provides administrators with an observation screen that reports the security status of information and details of detected risks in real time, enabling efficient management and implementation of safety measures. For example, a prompt message such as "Analyze the content of this information, evaluate its emotional state, and confirm its safety" is input into an AI model, which then guides the user to appropriate countermeasures.
[0381] This system provides users with an environment where they can handle information with peace of mind, and ensures the security of that information.
[0382] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0383] Step 1:
[0384] The server receives information via a communication device and performs initial processing on its contents. Input includes email body, subject, sender information, and attachments. This data is analyzed using natural language processing techniques (e.g., Python's NLTK or spaCy) to break down the content into text data. This analysis process extracts important keywords, phrases, and sentence structure, which are then output.
[0385] Step 2:
[0386] The server uses the analyzed text data to assess the threat level. The input is the analysis result from step 1. At this stage, the data is compared against an already registered threat database. Specifically, existing filtering techniques are used to determine if the text content matches a known threat. The output is the threat level assessment result. Based on this result, it is determined whether the information is safe or questionable.
[0387] Step 3:
[0388] The server activates sentiment analysis technology to analyze the emotions contained in the information. The input is the text data obtained in step 1. Using text blobs or similar sentiment analysis tools, the emotional tone and aggression of the information are evaluated. The output is an emotional danger indicator, which is used to detect potential aggressive intent.
[0389] Step 4:
[0390] The server immediately blocks or isolates information if it determines it to be unsafe. The input is the risk assessment results from steps 2 and 3. Based on these results, the information is moved to a sandbox environment and stored for further analysis. The output is information protection until its safety is confirmed.
[0391] Step 5:
[0392] If a user is concerned about the security of information, they can ask, "Is this information secure?" The input is the user's request message. In this case, the terminal activates a generating AI model (e.g., OpenAI GPT-4) and performs a security assessment of the information again. The output is the AI's security assessment result and advice provided to the user.
[0393] Step 6:
[0394] The server shares detected risk information with other organizations through an information sharing platform. The input is the risk information detected in steps 2 and 3. The information is sent to the security platform and distributed widely. The output is the risk information transmitted to each organization.
[0395] Step 7:
[0396] The server provides an observation screen for administrators, displaying the current information security status and details of detected threats. The input consists of the output data from each of the steps described above. This observation screen allows administrators to understand the situation in real time and take appropriate action. As output, administrators can obtain a detailed security report.
[0397] (Application Example 2)
[0398] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0399] With the advancement of information and communication technology, information leaks via email and online messages, as well as phishing scams, are becoming increasingly serious problems. Current systems struggle to adequately detect threats, and users are unable to respond appropriately to malicious content. Furthermore, providing appropriate warnings that take into account the user's emotional state is also difficult. Therefore, there is a need for security solutions with more advanced analytical capabilities and that are sensitive to user emotions.
[0400] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0401] In this invention, the server includes means for analyzing content using natural language processing technology when receiving and transmitting information via a communication network, means for determining whether the content matches a known danger based on the analysis results, and means for controlling or protecting content determined to be dangerous in real time, and means for analyzing the user's emotions and providing special notifications in dangerous situations. This makes it possible to analyze the danger of content received by the user in real time and provide warnings that take into account the user's stress level.
[0402] An "information processing device" is an electronic device that receives and transmits information and processes it in a specified manner.
[0403] "Natural language processing technology" is a technology that uses computers to process and understand natural language used by humans.
[0404] "Content" refers to all information contained in information media such as emails and online messages.
[0405] "Analysis" is the act of breaking down content and understanding its constituent elements.
[0406] "Dangerous" refers to a situation or content that could potentially lead to information leaks or fraud from an information security perspective.
[0407] A "user" is an individual or company that operates an information processing device and receives information services.
[0408] "Emotional analysis" is a technology that evaluates a user's emotional state and predicts specific behaviors and reactions.
[0409] A "notification" is a means or message used to convey information to a user.
[0410] To implement this invention, the server must first function as an information processing device. The server receives content such as emails and online messages via a communication network and analyzes this content using natural language processing technology. For the analysis, Python libraries such as spaCy and Transformers are used to evaluate the email body, subject, sender information, attachments, etc., in detail. This makes it possible to determine whether the content falls under known hazards.
[0411] Next, the server controls or protects content deemed dangerous in real time based on the analysis results. Dangerous content is filtered or isolated to prevent direct impact on users. Furthermore, the server analyzes the user's emotional state and uses emotion analysis technology to provide special notifications in dangerous situations. This involves using emotion recognition models based on frameworks such as TensorFlow and PyTorch.
[0412] The user's device has an application built with Flutter installed as the frontend. This device communicates with the server and notifies the user in real time of the potential dangers of the content and the warnings provided. The content of the warnings received by the user is appropriately customized using specific prompt phrases based on a pre-configured generative AI model.
[0413] As a concrete example, if a user receives an email that may be a phishing attempt, the server analyzes the email and immediately sends an alert to the user. This alert includes a prompt message such as, "This email may be a phishing attempt. The sender is unknown, do not click on any links. You may be feeling stressed, so please remain calm and review the information carefully." In this way, the invention provides an effective means of ensuring information security while reducing the psychological burden on the user.
[0414] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0415] Step 1:
[0416] The server receives content such as emails and online messages via a communication network. The input is raw email or message information, and the output is that data passed to a natural language processing engine. Immediately after receiving the data, it is cleaned up and converted into a format suitable for analysis.
[0417] Step 2:
[0418] The server uses Python's spaCy and Transformers natural language processing libraries to parse the body, title, source information, and attachments of the received content. The input is the data formatted in step 1, and the output is the parsed structured data. Specifically, each element is tokenized, and semantic relationships are extracted.
[0419] Step 3:
[0420] The server evaluates the content based on the analysis results to determine if it matches any known hazards, and if it is determined to be hazardous, it takes control or protection in real time. The input is the analysis results from step 2, and the output is a flag or status indicating the hazard. If applicable, the content is isolated and filtered.
[0421] Step 4:
[0422] The terminal communicates with the server to notify the user of the analysis results in real time. The input is risk information sent from the server, and the output is a warning message displayed on the user's screen. The display in the user interface is dynamically handled using Flutter.
[0423] Step 5:
[0424] The server utilizes emotion recognition models based on TensorFlow and PyTorch to analyze the user's emotional state. Input consists of the user's past response data and real-time data, while output is a prediction of the user's current emotional state. Based on the prediction, special notifications are generated as needed.
[0425] Step 6:
[0426] The device displays a special notification to the user that takes their emotional state into consideration, using an AI model that generates such notifications. The input is the result of the sentiment analysis and instructions from the server, and the output is a customized notification message provided to the user. An example prompt is: "This email may be a phishing attempt. The sender is unknown, do not click on the link. You may be feeling stressed, so please calmly review the message."
[0427] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0428] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0429] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart glasses 214.
[0430] [Third Embodiment]
[0431] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.
[0432] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.
[0433] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0434] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.
[0435] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0436] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0437] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0438] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0439] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0440] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0441] In the headset terminal 314, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0442] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the headset terminal 314 will be referred to as the "terminal".
[0443] This invention provides an advanced email monitoring system aimed at strengthening corporate email security. A specific example of this system is shown below.
[0444] The server constantly monitors emails and automatically processes each incoming email for analysis. Upon arrival, the server first analyzes the email using natural language processing techniques. This analysis includes the email body, subject, sender information, and attachment contents. This analysis assesses whether the email contains any hidden threats such as phishing, spam, or malware.
[0445] If an email is determined to be a threat after analysis, the server immediately blocks and quarantines it. Quarantined emails are sent to a secure sandbox environment for further detailed analysis. This process minimizes the potential impact on the corporate network.
[0446] On the other hand, emails that do not detect any threats during analysis are delivered to the user's device without issue. If a user has any doubts about the security of an email they have received, they can use the device's support function to ask, "Is this email safe?" In this case, the device's generative model is activated, re-analyzing the email content and presenting a security assessment to the user.
[0447] Furthermore, the system has the ability to share newly detected threat information with other companies and organizations through a threat intelligence sharing platform. This ensures that the latest knowledge for responding to email-based threats is updated and shared globally.
[0448] The server provides administrators with a system dashboard that visualizes the overall system status and threat detection history in real time. Based on this information, administrators can take immediate action as needed.
[0449] As a concrete example, when a phishing email is sent to a company's mail server, natural language processing technology is used to analyze the email. If it matches a known phishing pattern, the server immediately blocks it. The email does not reach the user, and the company network remains protected.
[0450] This system will allow companies to strengthen their defenses against cyberattacks via email and enable users to utilize a secure email environment.
[0451] The following describes the processing flow.
[0452] Step 1:
[0453] The server detects the arrival of a new email and temporarily stores the email data in a buffer. This stored data is then ready to be handed over to the analysis process.
[0454] Step 2:
[0455] The server applies natural language processing techniques to the stored email data. The entire content, including the email body, subject, sender address, and attachments, is analyzed, and its match against threat patterns is evaluated.
[0456] Step 3:
[0457] The server determines the threat level of an email based on the analysis results. If the email is determined to match a known threat or contain a potential risk, it will be immediately quarantined or blocked.
[0458] Step 4:
[0459] The server sends isolated emails to a sandbox environment for further investigation. Here, a deeper analysis is performed to ensure that the system is not harmed.
[0460] Step 5:
[0461] Users will receive secure emails in their regular inbox that no threats were detected. If a user has concerns about the security of an email, they can ask the support bot, "Is this email safe?"
[0462] Step 6:
[0463] The device's generative model is activated and responds immediately to the user's inquiry. The email is re-analyzed, the generative model quickly performs a security assessment, and notifies the user of the results.
[0464] Step 7:
[0465] The server sends newly detected threat information to a threat intelligence sharing platform, sharing it with other organizations. This sharing activity further enhances the overall security of the system.
[0466] Step 8:
[0467] The server, using the system dashboard as a bridge, provides administrators with real-time updates on the system's status and a history of detected threats. Based on this information, administrators can quickly make necessary decisions.
[0468] (Example 1)
[0469] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0470] As the security of electronic communications within businesses increases, it is necessary to create an environment where users can quickly and securely receive data while preventing the influx of malicious data. However, conventional methods have been slow to respond to diversifying threats, making it difficult to immediately detect new risk factors and respond appropriately.
[0471] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0472] In this invention, the server includes means for evaluating the data content using information analysis techniques when receiving and transmitting data, using an information processing device that receives data via a communication network; means for determining whether the data matches known hazardous elements based on the evaluation results, and immediately blocking or isolating data determined to be hazardous; and means for widely distributing detected hazardous information through an information sharing platform for sharing with other organizations. This enables companies to enhance the security of electronic communications and users to receive secure data quickly.
[0473] An "information processing device" is a device that receives data via a communication network and analyzes and evaluates its contents.
[0474] "Information analysis technology" refers to techniques for analyzing the content of data and detecting risk elements, and includes natural language processing and pattern recognition.
[0475] "Risk elements" refer to elements in the data that are harmful to the recipient, such as phishing, spam, and malware.
[0476] "Generative technology" refers to techniques that utilize machine learning models to evaluate and generate data.
[0477] An "information sharing platform" is a platform for sharing detected risk information with other organizations.
[0478] A "monitoring display device" is a device that allows system administrators to visualize the security status of data and details of threats.
[0479] A "user terminal" is a device used by a user to receive and verify data.
[0480] This invention provides an advanced monitoring system that enhances the security of corporate communication data. The server acts as an information processing device that receives data over a communication network and monitors emails and other data. The server evaluates the data content using information analysis techniques upon reception. This evaluation includes natural language processing and pattern recognition techniques to analyze the main parts of the data, title, source identification, and attachments in detail.
[0481] Specifically, natural language processing libraries such as "SpaCy" and "NLTK" are used for information analysis. Through this analysis, the server determines whether dangerous elements such as phishing, spam, and malware are present. If the data is determined to be dangerous, the server immediately blocks and isolates it. Isolated data is then subjected to detailed analysis in a secure environment, preventing any adverse impact on the corporate network.
[0482] To ensure users receive secure data, the server securely transmits data that does not contain any detected hazards to the user's device. Users can ask their device, "Is this data safe?" about suspicious data. The device uses a generative AI model to re-evaluate the data in response to this inquiry and provide the user with a safety response. The generative AI model applies machine learning techniques to perform evaluations in real time.
[0483] The system shares detected threat information with other organizations through a threat intelligence sharing platform, distributing the latest defense information across a wide area. The server provides administrators with monitoring and display devices, reporting the data protection status and details of detected threats in real time.
[0484] As a concrete example, consider a case where data containing a suspicious link is sent. The server quickly analyzes this data and identifies that the linked site is dangerous. Therefore, the data is immediately quarantined. In this way, the company's communication environment is kept secure. As an example of a prompt message on the user terminal, we use "Analyze the subject and sender information of this email, compare it with our existing threat database, and indicate whether it may be phishing or spam."
[0485] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0486] Step 1:
[0487] The server receives emails and other data via the communication network. Input data includes email body, subject, sender information, and attachments. This data is temporarily stored in secure storage.
[0488] Step 2:
[0489] The server begins analyzing the stored data using natural language processing techniques. The input includes each data component stored in Step 1. The server utilizes analysis libraries (e.g., SpaCy, NLTK) to search for potential threats such as phishing, spam, and malware. Generative AI models also analyze any anomalous patterns in the data. The output is a threat score for each data item.
[0490] Step 3:
[0491] The server evaluates the data based on its threat score. If the threat score exceeds a threshold, the server determines the data is dangerous and immediately blocks or moves it to a quarantine folder. The output is a detailed list of the quarantined data.
[0492] Step 4:
[0493] The server properly delivers data that does not contain any detected threats to the user's terminal. The output is the data that has been confirmed safe and arrived in the user's inbox.
[0494] Step 5:
[0495] If a user has doubts about the security of their data, the device will ask, "Is this data secure?" The input is data that the user is requesting confirmation for. The device sends the prompt to a generating AI model, which then performs data analysis again. The output is the final security evaluation result.
[0496] Step 6:
[0497] The server transmits newly detected threat information to the information sharing platform. This strengthens the global defense system in cooperation with other organizations. The output is updated threat information.
[0498] Step 7:
[0499] The server reports to the system administrator in real time via a monitoring device. Inputs include the system's current operational status and threat detection history. Outputs are detailed reports and action instructions available to the administrator.
[0500] (Application Example 1)
[0501] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0502] Traditional email security systems had the problem of delays between the receipt of electronic documents and the detection of threats, making rapid response difficult. Furthermore, the process of individually verifying the security of each received email was time-consuming for users, preventing a complete elimination of security concerns. In addition, current systems lacked sufficient real-time analysis and information management capabilities adapted to mobile devices, posing challenges in sharing and distributing the latest threat information.
[0503] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0504] In this invention, the server includes means for analyzing document content using language analysis technology when acquiring and transmitting electronic documents, using an information processing device that acquires information via a communication channel; means for determining whether the document matches a known threat based on the analysis results, and immediately blocking or isolating documents determined to be harmful; and means for rapidly responding to inquiries from users regarding the security of documents and providing protective information to users, utilizing a generative model. This enables immediate analysis and threat detection at the time of document reception, reducing users' security concerns and real-time protection and information management even on mobile terminals.
[0505] An "information processing device" is a device used to receive, analyze, and process data.
[0506] A "communication channel" refers to a network path that enables the transmission and reception of data.
[0507] An "electronic document" is a document in digital format that is transmitted or received via a computer network.
[0508] "Language analysis technology" refers to the technology used to analyze natural language and understand the content of documents.
[0509] "Known harm" refers to security threats defined based on known patterns.
[0510] A "generative model" is an algorithmic model that dynamically generates responses in response to user questions or requests.
[0511] A "mobile device" refers to a portable communication device such as a mobile phone or smartphone.
[0512] "Immediate blocking or isolation" refers to the process of immediately blocking or storing documents in another secure location if a threat is detected.
[0513] "User" refers to an individual or legal entity that uses this system.
[0514] "Protected information" refers to data that provides information about the security of a document.
[0515] The system of this invention operates in a network environment including a server as an information processing device and user terminals. The server acquires electronic documents through a communication channel and analyzes them in real time using language analysis technology. Specifically, it uses natural language processing software such as Spacy to analyze the document content, subject, sender information, attachments, etc., and determines whether they match known threats.
[0516] If the server detects any known harm through analysis, it will immediately block or isolate the document. This process ensures that users can communicate securely without accessing any potentially harmful documents.
[0517] Furthermore, by utilizing generative models, when a user inquires about the security of a document from their device, the system immediately performs a security assessment and provides protection information. This generative model is designed to derive more accurate judgments by applying large-scale language models such as GTP-3.
[0518] As a concrete example, before a user opens an email on their smartphone regarding "winning a prize," a generative model on the device evaluates its security and identifies the possibility of phishing. An example of a prompt used in this process would be, "Please evaluate the security of emails with the subject line 'Winning a Prize' and check if they may be phishing."
[0519] The server and terminals work together to constantly process the latest threat information, quickly share threat intelligence with other organizations, and strengthen information protection on an international scale. In this way, the invented system can provide a rapid and effective security solution.
[0520] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0521] Step 1:
[0522] The server retrieves electronic documents via a communication channel. The input is a new email stored on the mail server, and the output is the data of that email to be analyzed. First, this data is converted into a format that can be input into natural language processing software.
[0523] Step 2:
[0524] The server uses natural language processing tools such as Spacy to analyze the content of electronic documents, including subject lines, sender information, and attachments. The input is the email data obtained in step 1, and the output is a data structure showing the analysis results. Based on these results, the likelihood that the email matches a known threat is quantified.
[0525] Step 3:
[0526] The server determines, based on the analysis results, whether they match any known threats. The input is the data structure of the analysis results generated in step 2, and the output is a flag indicating the determination result. If a threat is detected, the server immediately blocks or quarantines the email according to the configured criteria.
[0527] Step 4:
[0528] The terminal receives inquiries from the user regarding the security of a document. The input is a specific prompt sentence provided by the user, and the output is a query to be passed to a generative model. This query involves a process of transforming the user's question so that it can be appropriately interpreted by the generative AI model.
[0529] Step 5:
[0530] A generative model on the terminal evaluates the query and draws conclusions about the document's security. The input is the query obtained in step 4, and the output is the evaluation result of the document's security. The model uses an internal algorithm to check for the possibility of phishing or the presence of other threats.
[0531] Step 6:
[0532] The terminal presents the evaluation results of the generative model to the user. The input is the evaluation results generated in step 5, and the output is visualized security information for the user. The terminal displays the evaluation results to the user in an easy-to-understand format and also suggests actions as needed.
[0533] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0534] This invention relates to an advanced email monitoring system that combines an emotion engine with an email security engine. This system utilizes natural language processing and emotion recognition technologies to provide a more secure email environment for emails sent and received over a communication network.
[0535] The server analyzes incoming email data using natural language processing techniques to assess the threat level. Elements such as the email body, subject, sender information, and attachments are analyzed in detail. Furthermore, a sentiment engine is used to evaluate the email content and analyze the sentiment contained within. This analysis allows for the identification of emails that may contain malicious intent and the generation of additional warnings as needed.
[0536] If an email is identified as a threat, the server immediately blocks or quarantines it. Quarantined emails are reviewed in a sandbox environment for more detailed analysis. This helps prevent threats to the corporate network.
[0537] If a user wants to check the security of an email they have received, they can ask, "Is this email safe?" In this case, the device's generative model is activated, and the email's security is re-evaluated. Furthermore, when a user makes this inquiry, the system uses an emotion engine to assess the user's emotional state and provide appropriate security information.
[0538] For example, when a malicious email is received, the server performs sentiment analysis on the email and warns the user of the potential danger. At the same time, based on the information obtained from the sentiment engine, if the user is in a stressful state, a special warning message can be displayed to draw their attention.
[0539] Furthermore, when composing an email reply, the device recognizes the user's emotions in real time and provides advice to ensure the reply is appropriate. This will lead to safer and smoother communication both within and outside the company.
[0540] This system also connects to an information sharing platform for sharing detected threat information with other organizations, facilitating the sharing of threat intelligence. The server provides an administrator dashboard that reports the status of email security and details of detected threats in real time. Administrators can use this information to take appropriate countermeasures.
[0541] As described above, the present invention, by utilizing emotion recognition functionality, achieves comprehensive protection against threats transmitted via email, significantly improving the security awareness and response capabilities of the entire enterprise.
[0542] The following describes the processing flow.
[0543] Step 1:
[0544] When the server detects an email received via the communication network, it stores the email data in a buffer. This buffer includes the email body, subject, sender information, and attachments.
[0545] Step 2:
[0546] The server uses natural language processing techniques to analyze email data stored in a buffer. Here, it detects specific patterns and keywords to identify potentially phishing or malware content.
[0547] Step 3:
[0548] Based on the analysis results, the server assesses whether the email is a threat. This assessment involves comparing it against a database of known threats to identify emails with suspicious characteristics.
[0549] Step 4:
[0550] The server uses an emotion engine to analyze the emotions contained in the email content. For example, it can read aggressive intent from the wording of an email and issue an additional warning for that email.
[0551] Step 5:
[0552] The server ensures security by blocking emails that are detected as containing threats or offensive sentiment in real time and isolating them in a sandbox environment. This step is intended to prevent potential impacts on the corporate network.
[0553] Step 6:
[0554] If a user has doubts about the security of an email they have received, they can inquire through the device's interface, asking, "Is this email secure?"
[0555] Step 7:
[0556] The device's generative model, upon receiving a user inquiry, re-analyzes the email content and performs a security assessment. Additionally, the emotion engine evaluates the user's emotional state, and if it detects stress or anxiety, it provides security information to reassure the user.
[0557] Step 8:
[0558] The device monitors the user's emotional state in real time as they compose a reply to an email, and if the reply is deemed inappropriate, it displays advice prompting the user to reconsider their response.
[0559] Step 9:
[0560] The server sends detected threat information to an information sharing platform that facilitates cross-organizational sharing. This enables comprehensive threat defense in cooperation with other organizations.
[0561] Step 10:
[0562] The server provides system administrators with real-time information on the email security status and details of detected threats through a management dashboard. Administrators can use this information to implement more effective security management.
[0563] (Example 2)
[0564] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0565] In modern electronic communications, where vast amounts of information are exchanged rapidly, there is a need to quickly and effectively detect and defend against potential dangers and malicious intent lurking within. Furthermore, a system is needed to immediately address user safety concerns and to determine whether that response is appropriate. Additionally, a platform is required to share detected risk information with other organizations and improve overall risk awareness.
[0566] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0567] In this invention, the server includes means for analyzing the content of information using natural language processing technology when receiving and transmitting information via a communication device, means for evaluating the emotions contained in the information content using sentiment analysis technology and identifying information that may have malicious intent, and means for distributing the detected dangerous information over a wide area through an information sharing platform for sharing with other organizations. This makes it possible to immediately assess the potential danger of the information content and respond quickly as needed.
[0568] A "communication device" refers to equipment that operates on a network to send and receive information, and includes devices such as mail servers and routers.
[0569] "Natural language processing technology" is a technology that enables computers to understand, analyze, and process human language, and is used for analyzing emails and extracting information.
[0570] "Analyzing information content" refers to the process of thoroughly examining the content of received data and understanding its meaning and intent.
[0571] "Based on the analysis results" means that subsequent processing and decisions are made based on the information obtained through the analysis.
[0572] "Known hazards" refer to risk factors registered in databases or threats based on past incidents.
[0573] "In real time" refers to responding to or processing events immediately upon their occurrence, indicating a state with extremely little time delay.
[0574] "Emotion analysis technology" is a technology that reads human emotions from text and audio, and is used to determine the malicious intent behind information.
[0575] A "generative model" refers to artificial intelligence technology that generates language and data based on large amounts of data, and is particularly used for automated responses to inquiries.
[0576] "User" refers to any person or organization that uses this system to send and receive information or to verify its security.
[0577] An "information sharing platform" refers to a platform for effectively sharing information between different organizations, and is used for sharing information about potential risks.
[0578] An "observation screen" refers to a visual interface used to display the system's status and condition, and is used by administrators to monitor the situation.
[0579] This invention is a system for improving data security and effectively detects potential risks associated with the transmission and reception of information via communication devices.
[0580] The server receives information via communication devices and analyzes its content using natural language processing technology. Specifically, it utilizes libraries such as Python's NLTK and spaCy to extract the meaning and intent of the information. Based on the analysis results, it also compares known risk factors with a database and identifies them as dangerous if they match. Since the analyzed information is processed in real time, it can respond immediately to any dangers that arise.
[0581] The server uses sentiment analysis technology to evaluate the emotions contained in the information. This involves using TextBlob or similar text analysis tools to determine if the information may have malicious intent. Information detected as potentially dangerous through sentiment analysis is immediately blocked or stored and further analyzed in a sandbox environment.
[0582] If a user feels uneasy about the information they receive, they can ask, "Is this information safe?" In this case, the device utilizes a generative AI model to assess the safety of the information. For example, a generative model such as OpenAI GPT-4 is used, and a response is generated based on past data and learned information.
[0583] Furthermore, the server can distribute risk information through an information sharing platform for sharing risk information with other organizations, enabling global dissemination of information. This improves risk awareness across the entire industry.
[0584] The server also provides administrators with an observation screen that reports the security status of information and details of detected risks in real time, enabling efficient management and implementation of safety measures. For example, a prompt message such as "Analyze the content of this information, evaluate its emotional state, and confirm its safety" is input into an AI model, which then guides the user to appropriate countermeasures.
[0585] This system provides users with an environment where they can handle information with peace of mind, and ensures the security of that information.
[0586] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0587] Step 1:
[0588] The server receives information via a communication device and performs initial processing on its contents. Input includes email body, subject, sender information, and attachments. This data is analyzed using natural language processing techniques (e.g., Python's NLTK or spaCy) to break down the content into text data. This analysis process extracts important keywords, phrases, and sentence structure, which are then output.
[0589] Step 2:
[0590] The server uses the analyzed text data to assess the threat level. The input is the analysis result from step 1. At this stage, the data is compared against an already registered threat database. Specifically, existing filtering techniques are used to determine if the text content matches a known threat. The output is the threat level assessment result. Based on this result, it is determined whether the information is safe or questionable.
[0591] Step 3:
[0592] The server activates sentiment analysis technology to analyze the emotions contained in the information. The input is the text data obtained in step 1. Using text blobs or similar sentiment analysis tools, the emotional tone and aggression of the information are evaluated. The output is an emotional danger indicator, which is used to detect potential aggressive intent.
[0593] Step 4:
[0594] The server immediately blocks or isolates information if it determines it to be unsafe. The input is the risk assessment results from steps 2 and 3. Based on these results, the information is moved to a sandbox environment and stored for further analysis. The output is information protection until its safety is confirmed.
[0595] Step 5:
[0596] If a user is concerned about the security of information, they can ask, "Is this information secure?" The input is the user's request message. In this case, the terminal activates a generating AI model (e.g., OpenAI GPT-4) and performs a security assessment of the information again. The output is the AI's security assessment result and advice provided to the user.
[0597] Step 6:
[0598] The server shares detected risk information with other organizations through an information sharing platform. The input is the risk information detected in steps 2 and 3. The information is sent to the security platform and distributed widely. The output is the risk information transmitted to each organization.
[0599] Step 7:
[0600] The server provides an observation screen for administrators, displaying the current information security status and details of detected threats. The input consists of the output data from each of the steps described above. This observation screen allows administrators to understand the situation in real time and take appropriate action. As output, administrators can obtain a detailed security report.
[0601] (Application Example 2)
[0602] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0603] With the advancement of information and communication technology, information leaks via email and online messages, as well as phishing scams, are becoming increasingly serious problems. Current systems struggle to adequately detect threats, and users are unable to respond appropriately to malicious content. Furthermore, providing appropriate warnings that take into account the user's emotional state is also difficult. Therefore, there is a need for security solutions with more advanced analytical capabilities and that are sensitive to user emotions.
[0604] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0605] In this invention, the server includes means for analyzing content using natural language processing technology when receiving and transmitting information via a communication network, means for determining whether the content matches a known danger based on the analysis results, and means for controlling or protecting content determined to be dangerous in real time, and means for analyzing the user's emotions and providing special notifications in dangerous situations. This makes it possible to analyze the danger of content received by the user in real time and provide warnings that take into account the user's stress level.
[0606] An "information processing device" is an electronic device that receives and transmits information and processes it in a specified manner.
[0607] "Natural language processing technology" is a technology that uses computers to process and understand natural language used by humans.
[0608] "Content" refers to all information contained in information media such as emails and online messages.
[0609] "Analysis" is the act of breaking down content and understanding its constituent elements.
[0610] "Dangerous" refers to a situation or content that could potentially lead to information leaks or fraud from an information security perspective.
[0611] A "user" is an individual or company that operates an information processing device and receives information services.
[0612] "Emotional analysis" is a technology that evaluates a user's emotional state and predicts specific behaviors and reactions.
[0613] A "notification" is a means or message used to convey information to a user.
[0614] To implement this invention, the server must first function as an information processing device. The server receives content such as emails and online messages via a communication network and analyzes this content using natural language processing technology. For the analysis, Python libraries such as spaCy and Transformers are used to evaluate the email body, subject, sender information, attachments, etc., in detail. This makes it possible to determine whether the content falls under known hazards.
[0615] Next, the server controls or protects content deemed dangerous in real time based on the analysis results. Dangerous content is filtered or isolated to prevent direct impact on users. Furthermore, the server analyzes the user's emotional state and uses emotion analysis technology to provide special notifications in dangerous situations. This involves using emotion recognition models based on frameworks such as TensorFlow and PyTorch.
[0616] The user's device has an application built with Flutter installed as the frontend. This device communicates with the server and notifies the user in real time of the potential dangers of the content and the warnings provided. The content of the warnings received by the user is appropriately customized using specific prompt phrases based on a pre-configured generative AI model.
[0617] As a concrete example, if a user receives an email that may be a phishing attempt, the server analyzes the email and immediately sends an alert to the user. This alert includes a prompt message such as, "This email may be a phishing attempt. The sender is unknown, do not click on any links. You may be feeling stressed, so please remain calm and review the information carefully." In this way, the invention provides an effective means of ensuring information security while reducing the psychological burden on the user.
[0618] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0619] Step 1:
[0620] The server receives content such as emails and online messages via a communication network. The input is raw email or message information, and the output is that data passed to a natural language processing engine. Immediately after receiving the data, it is cleaned up and converted into a format suitable for analysis.
[0621] Step 2:
[0622] The server uses Python's spaCy and Transformers natural language processing libraries to parse the body, title, source information, and attachments of the received content. The input is the data formatted in step 1, and the output is the parsed structured data. Specifically, each element is tokenized, and semantic relationships are extracted.
[0623] Step 3:
[0624] The server evaluates the content based on the analysis results to determine if it matches any known hazards, and if it is determined to be hazardous, it takes control or protection in real time. The input is the analysis results from step 2, and the output is a flag or status indicating the hazard. If applicable, the content is isolated and filtered.
[0625] Step 4:
[0626] The terminal communicates with the server to notify the user of the analysis results in real time. The input is risk information sent from the server, and the output is a warning message displayed on the user's screen. The display in the user interface is dynamically handled using Flutter.
[0627] Step 5:
[0628] The server utilizes emotion recognition models based on TensorFlow and PyTorch to analyze the user's emotional state. Input consists of the user's past response data and real-time data, while output is a prediction of the user's current emotional state. Based on the prediction, special notifications are generated as needed.
[0629] Step 6:
[0630] The device displays a special notification to the user that takes their emotional state into consideration, using an AI model that generates such notifications. The input is the result of the sentiment analysis and instructions from the server, and the output is a customized notification message provided to the user. An example prompt is: "This email may be a phishing attempt. The sender is unknown, do not click on the link. You may be feeling stressed, so please calmly review the message."
[0631] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0632] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0633] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and specific processing may also be performed by the headset terminal 314.
[0634] [Fourth Embodiment]
[0635] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.
[0636] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.
[0637] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0638] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.
[0639] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0640] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0641] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0642] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. Furthermore, the robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.
[0643] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0644] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0645] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0646] In robot 414, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0647] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0648] This invention provides an advanced email monitoring system aimed at strengthening corporate email security. A specific example of this system is shown below.
[0649] The server constantly monitors emails and automatically processes each incoming email for analysis. Upon arrival, the server first analyzes the email using natural language processing techniques. This analysis includes the email body, subject, sender information, and attachment contents. This analysis assesses whether the email contains any hidden threats such as phishing, spam, or malware.
[0650] If an email is determined to be a threat after analysis, the server immediately blocks and quarantines it. Quarantined emails are sent to a secure sandbox environment for further detailed analysis. This process minimizes the potential impact on the corporate network.
[0651] On the other hand, emails that do not detect any threats during analysis are delivered to the user's device without issue. If a user has any doubts about the security of an email they have received, they can use the device's support function to ask, "Is this email safe?" In this case, the device's generative model is activated, re-analyzing the email content and presenting a security assessment to the user.
[0652] Furthermore, the system has the ability to share newly detected threat information with other companies and organizations through a threat intelligence sharing platform. This ensures that the latest knowledge for responding to email-based threats is updated and shared globally.
[0653] The server provides administrators with a system dashboard that visualizes the overall system status and threat detection history in real time. Based on this information, administrators can take immediate action as needed.
[0654] As a concrete example, when a phishing email is sent to a company's mail server, natural language processing technology is used to analyze the email. If it matches a known phishing pattern, the server immediately blocks it. The email does not reach the user, and the company network remains protected.
[0655] This system will allow companies to strengthen their defenses against cyberattacks via email and enable users to utilize a secure email environment.
[0656] The following describes the processing flow.
[0657] Step 1:
[0658] The server detects the arrival of a new email and temporarily stores the email data in a buffer. This stored data is then ready to be handed over to the analysis process.
[0659] Step 2:
[0660] The server applies natural language processing techniques to the stored email data. The entire content, including the email body, subject, sender address, and attachments, is analyzed, and its match against threat patterns is evaluated.
[0661] Step 3:
[0662] The server determines the threat level of an email based on the analysis results. If the email is determined to match a known threat or contain a potential risk, it will be immediately quarantined or blocked.
[0663] Step 4:
[0664] The server sends isolated emails to a sandbox environment for further investigation. Here, a deeper analysis is performed to ensure that the system is not harmed.
[0665] Step 5:
[0666] Users will receive secure emails in their regular inbox that no threats were detected. If a user has concerns about the security of an email, they can ask the support bot, "Is this email safe?"
[0667] Step 6:
[0668] The device's generative model is activated and responds immediately to the user's inquiry. The email is re-analyzed, the generative model quickly performs a security assessment, and notifies the user of the results.
[0669] Step 7:
[0670] The server sends newly detected threat information to a threat intelligence sharing platform, sharing it with other organizations. This sharing activity further enhances the overall security of the system.
[0671] Step 8:
[0672] The server, using the system dashboard as a bridge, provides administrators with real-time updates on the system's status and a history of detected threats. Based on this information, administrators can quickly make necessary decisions.
[0673] (Example 1)
[0674] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0675] As the security of electronic communications within businesses increases, it is necessary to create an environment where users can quickly and securely receive data while preventing the influx of malicious data. However, conventional methods have been slow to respond to diversifying threats, making it difficult to immediately detect new risk factors and respond appropriately.
[0676] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0677] In this invention, the server includes means for evaluating the data content using information analysis techniques when receiving and transmitting data, using an information processing device that receives data via a communication network; means for determining whether the data matches known hazardous elements based on the evaluation results, and immediately blocking or isolating data determined to be hazardous; and means for widely distributing detected hazardous information through an information sharing platform for sharing with other organizations. This enables companies to enhance the security of electronic communications and users to receive secure data quickly.
[0678] An "information processing device" is a device that receives data via a communication network and analyzes and evaluates its contents.
[0679] "Information analysis technology" refers to techniques for analyzing the content of data and detecting risk elements, and includes natural language processing and pattern recognition.
[0680] "Risk elements" refer to elements in the data that are harmful to the recipient, such as phishing, spam, and malware.
[0681] "Generative technology" refers to techniques that utilize machine learning models to evaluate and generate data.
[0682] An "information sharing platform" is a platform for sharing detected risk information with other organizations.
[0683] A "monitoring display device" is a device that allows system administrators to visualize the security status of data and details of threats.
[0684] A "user terminal" is a device used by a user to receive and verify data.
[0685] This invention provides an advanced monitoring system that enhances the security of corporate communication data. The server acts as an information processing device that receives data over a communication network and monitors emails and other data. The server evaluates the data content using information analysis techniques upon reception. This evaluation includes natural language processing and pattern recognition techniques to analyze the main parts of the data, title, source identification, and attachments in detail.
[0686] Specifically, natural language processing libraries such as "SpaCy" and "NLTK" are used for information analysis. Through this analysis, the server determines whether dangerous elements such as phishing, spam, and malware are present. If the data is determined to be dangerous, the server immediately blocks and isolates it. Isolated data is then subjected to detailed analysis in a secure environment, preventing any adverse impact on the corporate network.
[0687] To ensure users receive secure data, the server securely transmits data that does not contain any detected hazards to the user's device. Users can ask their device, "Is this data safe?" about suspicious data. The device uses a generative AI model to re-evaluate the data in response to this inquiry and provide the user with a safety response. The generative AI model applies machine learning techniques to perform evaluations in real time.
[0688] The system shares detected threat information with other organizations through a threat intelligence sharing platform, distributing the latest defense information across a wide area. The server provides administrators with monitoring and display devices, reporting the data protection status and details of detected threats in real time.
[0689] As a concrete example, consider a case where data containing a suspicious link is sent. The server quickly analyzes this data and identifies that the linked site is dangerous. Therefore, the data is immediately quarantined. In this way, the company's communication environment is kept secure. As an example of a prompt message on the user terminal, we use "Analyze the subject and sender information of this email, compare it with our existing threat database, and indicate whether it may be phishing or spam."
[0690] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0691] Step 1:
[0692] The server receives emails and other data via the communication network. Input data includes email body, subject, sender information, and attachments. This data is temporarily stored in secure storage.
[0693] Step 2:
[0694] The server begins analyzing the stored data using natural language processing techniques. The input includes each data component stored in Step 1. The server utilizes analysis libraries (e.g., SpaCy, NLTK) to search for potential threats such as phishing, spam, and malware. Generative AI models also analyze any anomalous patterns in the data. The output is a threat score for each data item.
[0695] Step 3:
[0696] The server evaluates the data based on its threat score. If the threat score exceeds a threshold, the server determines the data is dangerous and immediately blocks or moves it to a quarantine folder. The output is a detailed list of the quarantined data.
[0697] Step 4:
[0698] The server properly delivers data that does not contain any detected threats to the user's terminal. The output is the data that has been confirmed safe and arrived in the user's inbox.
[0699] Step 5:
[0700] If a user has doubts about the security of their data, the device will ask, "Is this data secure?" The input is data that the user is requesting confirmation for. The device sends the prompt to a generating AI model, which then performs data analysis again. The output is the final security evaluation result.
[0701] Step 6:
[0702] The server transmits newly detected threat information to the information sharing platform. This strengthens the global defense system in cooperation with other organizations. The output is updated threat information.
[0703] Step 7:
[0704] The server reports to the system administrator in real time via a monitoring device. Inputs include the system's current operational status and threat detection history. Outputs are detailed reports and action instructions available to the administrator.
[0705] (Application Example 1)
[0706] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0707] Traditional email security systems had the problem of delays between the receipt of electronic documents and the detection of threats, making rapid response difficult. Furthermore, the process of individually verifying the security of each received email was time-consuming for users, preventing a complete elimination of security concerns. In addition, current systems lacked sufficient real-time analysis and information management capabilities adapted to mobile devices, posing challenges in sharing and distributing the latest threat information.
[0708] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0709] In this invention, the server includes means for analyzing document content using language analysis technology when acquiring and transmitting electronic documents, using an information processing device that acquires information via a communication channel; means for determining whether the document matches a known threat based on the analysis results, and immediately blocking or isolating documents determined to be harmful; and means for rapidly responding to inquiries from users regarding the security of documents and providing protective information to users, utilizing a generative model. This enables immediate analysis and threat detection at the time of document reception, reducing users' security concerns and real-time protection and information management even on mobile terminals.
[0710] An "information processing device" is a device used to receive, analyze, and process data.
[0711] A "communication channel" refers to a network path that enables the transmission and reception of data.
[0712] An "electronic document" is a document in digital format that is transmitted or received via a computer network.
[0713] "Language analysis technology" refers to the technology used to analyze natural language and understand the content of documents.
[0714] "Known harm" refers to security threats defined based on known patterns.
[0715] A "generative model" is an algorithmic model that dynamically generates responses in response to user questions or requests.
[0716] A "mobile device" refers to a portable communication device such as a mobile phone or smartphone.
[0717] "Immediate blocking or isolation" refers to the process of immediately blocking or storing documents in another secure location if a threat is detected.
[0718] "User" refers to an individual or legal entity that uses this system.
[0719] "Protected information" refers to data that provides information about the security of a document.
[0720] The system of this invention operates in a network environment including a server as an information processing device and user terminals. The server acquires electronic documents through a communication channel and analyzes them in real time using language analysis technology. Specifically, it uses natural language processing software such as Spacy to analyze the document content, subject, sender information, attachments, etc., and determines whether they match known threats.
[0721] If the server detects any known harm through analysis, it will immediately block or isolate the document. This process ensures that users can communicate securely without accessing any potentially harmful documents.
[0722] Furthermore, by utilizing generative models, when a user inquires about the security of a document from their device, the system immediately performs a security assessment and provides protection information. This generative model is designed to derive more accurate judgments by applying large-scale language models such as GTP-3.
[0723] As a concrete example, before a user opens an email on their smartphone regarding "winning a prize," a generative model on the device evaluates its security and identifies the possibility of phishing. An example of a prompt used in this process would be, "Please evaluate the security of emails with the subject line 'Winning a Prize' and check if they may be phishing."
[0724] The server and terminals work together to constantly process the latest threat information, quickly share threat intelligence with other organizations, and strengthen information protection on an international scale. In this way, the invented system can provide a rapid and effective security solution.
[0725] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0726] Step 1:
[0727] The server retrieves electronic documents via a communication channel. The input is a new email stored on the mail server, and the output is the data of that email to be analyzed. First, this data is converted into a format that can be input into natural language processing software.
[0728] Step 2:
[0729] The server uses natural language processing tools such as Spacy to analyze the content of electronic documents, including subject lines, sender information, and attachments. The input is the email data obtained in step 1, and the output is a data structure showing the analysis results. Based on these results, the likelihood that the email matches a known threat is quantified.
[0730] Step 3:
[0731] The server determines, based on the analysis results, whether they match any known threats. The input is the data structure of the analysis results generated in step 2, and the output is a flag indicating the determination result. If a threat is detected, the server immediately blocks or quarantines the email according to the configured criteria.
[0732] Step 4:
[0733] The terminal receives inquiries from the user regarding the security of a document. The input is a specific prompt sentence provided by the user, and the output is a query to be passed to a generative model. This query involves a process of transforming the user's question so that it can be appropriately interpreted by the generative AI model.
[0734] Step 5:
[0735] A generative model on the terminal evaluates the query and draws conclusions about the document's security. The input is the query obtained in step 4, and the output is the evaluation result of the document's security. The model uses an internal algorithm to check for the possibility of phishing or the presence of other threats.
[0736] Step 6:
[0737] The terminal presents the evaluation results of the generative model to the user. The input is the evaluation results generated in step 5, and the output is visualized security information for the user. The terminal displays the evaluation results to the user in an easy-to-understand format and also suggests actions as needed.
[0738] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0739] This invention relates to an advanced email monitoring system that combines an emotion engine with an email security engine. This system utilizes natural language processing and emotion recognition technologies to provide a more secure email environment for emails sent and received over a communication network.
[0740] The server analyzes incoming email data using natural language processing techniques to assess the threat level. Elements such as the email body, subject, sender information, and attachments are analyzed in detail. Furthermore, a sentiment engine is used to evaluate the email content and analyze the sentiment contained within. This analysis allows for the identification of emails that may contain malicious intent and the generation of additional warnings as needed.
[0741] If an email is identified as a threat, the server immediately blocks or quarantines it. Quarantined emails are reviewed in a sandbox environment for more detailed analysis. This helps prevent threats to the corporate network.
[0742] If a user wants to check the security of an email they have received, they can ask, "Is this email safe?" In this case, the device's generative model is activated, and the email's security is re-evaluated. Furthermore, when a user makes this inquiry, the system uses an emotion engine to assess the user's emotional state and provide appropriate security information.
[0743] For example, when a malicious email is received, the server performs sentiment analysis on the email and warns the user of the potential danger. At the same time, based on the information obtained from the sentiment engine, if the user is in a stressful state, a special warning message can be displayed to draw their attention.
[0744] Furthermore, when composing an email reply, the device recognizes the user's emotions in real time and provides advice to ensure the reply is appropriate. This will lead to safer and smoother communication both within and outside the company.
[0745] This system also connects to an information sharing platform for sharing detected threat information with other organizations, facilitating the sharing of threat intelligence. The server provides an administrator dashboard that reports the status of email security and details of detected threats in real time. Administrators can use this information to take appropriate countermeasures.
[0746] As described above, the present invention, by utilizing emotion recognition functionality, achieves comprehensive protection against threats transmitted via email, significantly improving the security awareness and response capabilities of the entire enterprise.
[0747] The following describes the processing flow.
[0748] Step 1:
[0749] When the server detects an email received via the communication network, it stores the email data in a buffer. This buffer includes the email body, subject, sender information, and attachments.
[0750] Step 2:
[0751] The server uses natural language processing techniques to analyze email data stored in a buffer. Here, it detects specific patterns and keywords to identify potentially phishing or malware content.
[0752] Step 3:
[0753] Based on the analysis results, the server assesses whether the email is a threat. This assessment involves comparing it against a database of known threats to identify emails with suspicious characteristics.
[0754] Step 4:
[0755] The server uses an emotion engine to analyze the emotions contained in the email content. For example, it can read aggressive intent from the wording of an email and issue an additional warning for that email.
[0756] Step 5:
[0757] The server ensures security by blocking emails that are detected as containing threats or offensive sentiment in real time and isolating them in a sandbox environment. This step is intended to prevent potential impacts on the corporate network.
[0758] Step 6:
[0759] If a user has doubts about the security of an email they have received, they can inquire through the device's interface, asking, "Is this email secure?"
[0760] Step 7:
[0761] The device's generative model, upon receiving a user inquiry, re-analyzes the email content and performs a security assessment. Additionally, the emotion engine evaluates the user's emotional state, and if it detects stress or anxiety, it provides security information to reassure the user.
[0762] Step 8:
[0763] The device monitors the user's emotional state in real time as they compose a reply to an email, and if the reply is deemed inappropriate, it displays advice prompting the user to reconsider their response.
[0764] Step 9:
[0765] The server sends detected threat information to an information sharing platform that facilitates cross-organizational sharing. This enables comprehensive threat defense in cooperation with other organizations.
[0766] Step 10:
[0767] The server provides system administrators with real-time information on the email security status and details of detected threats through a management dashboard. Administrators can use this information to implement more effective security management.
[0768] (Example 2)
[0769] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0770] In modern electronic communications, where vast amounts of information are exchanged rapidly, there is a need to quickly and effectively detect and defend against potential dangers and malicious intent lurking within. Furthermore, a system is needed to immediately address user safety concerns and to determine whether that response is appropriate. Additionally, a platform is required to share detected risk information with other organizations and improve overall risk awareness.
[0771] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0772] In this invention, the server includes means for analyzing the content of information using natural language processing technology when receiving and transmitting information via a communication device, means for evaluating the emotions contained in the information content using sentiment analysis technology and identifying information that may have malicious intent, and means for distributing the detected dangerous information over a wide area through an information sharing platform for sharing with other organizations. This makes it possible to immediately assess the potential danger of the information content and respond quickly as needed.
[0773] A "communication device" refers to equipment that operates on a network to send and receive information, and includes devices such as mail servers and routers.
[0774] "Natural language processing technology" is a technology that enables computers to understand, analyze, and process human language, and is used for analyzing emails and extracting information.
[0775] "Analyzing information content" refers to the process of thoroughly examining the content of received data and understanding its meaning and intent.
[0776] "Based on the analysis results" means that subsequent processing and decisions are made based on the information obtained through the analysis.
[0777] "Known hazards" refer to risk factors registered in databases or threats based on past incidents.
[0778] "In real time" refers to responding to or processing events immediately upon their occurrence, indicating a state with extremely little time delay.
[0779] "Emotion analysis technology" is a technology that reads human emotions from text and audio, and is used to determine the malicious intent behind information.
[0780] A "generative model" refers to artificial intelligence technology that generates language and data based on large amounts of data, and is particularly used for automated responses to inquiries.
[0781] "User" refers to any person or organization that uses this system to send and receive information or to verify its security.
[0782] An "information sharing platform" refers to a platform for effectively sharing information between different organizations, and is used for sharing information about potential risks.
[0783] An "observation screen" refers to a visual interface used to display the system's status and condition, and is used by administrators to monitor the situation.
[0784] This invention is a system for improving data security and effectively detects potential risks associated with the transmission and reception of information via communication devices.
[0785] The server receives information via communication devices and analyzes its content using natural language processing technology. Specifically, it utilizes libraries such as Python's NLTK and spaCy to extract the meaning and intent of the information. Based on the analysis results, it also compares known risk factors with a database and identifies them as dangerous if they match. Since the analyzed information is processed in real time, it can respond immediately to any dangers that arise.
[0786] The server uses sentiment analysis technology to evaluate the emotions contained in the information. This involves using TextBlob or similar text analysis tools to determine if the information may have malicious intent. Information detected as potentially dangerous through sentiment analysis is immediately blocked or stored and further analyzed in a sandbox environment.
[0787] If a user feels uneasy about the information they receive, they can ask, "Is this information safe?" In this case, the device utilizes a generative AI model to assess the safety of the information. For example, a generative model such as OpenAI GPT-4 is used, and a response is generated based on past data and learned information.
[0788] Furthermore, the server can distribute risk information through an information sharing platform for sharing risk information with other organizations, enabling global dissemination of information. This improves risk awareness across the entire industry.
[0789] The server also provides administrators with an observation screen that reports the security status of information and details of detected risks in real time, enabling efficient management and implementation of safety measures. For example, a prompt message such as "Analyze the content of this information, evaluate its emotional state, and confirm its safety" is input into an AI model, which then guides the user to appropriate countermeasures.
[0790] This system provides users with an environment where they can handle information with peace of mind, and ensures the security of that information.
[0791] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0792] Step 1:
[0793] The server receives information via a communication device and performs initial processing on its contents. Input includes email body, subject, sender information, and attachments. This data is analyzed using natural language processing techniques (e.g., Python's NLTK or spaCy) to break down the content into text data. This analysis process extracts important keywords, phrases, and sentence structure, which are then output.
[0794] Step 2:
[0795] The server uses the analyzed text data to assess the threat level. The input is the analysis result from step 1. At this stage, the data is compared against an already registered threat database. Specifically, existing filtering techniques are used to determine if the text content matches a known threat. The output is the threat level assessment result. Based on this result, it is determined whether the information is safe or questionable.
[0796] Step 3:
[0797] The server activates sentiment analysis technology to analyze the emotions contained in the information. The input is the text data obtained in step 1. Using text blobs or similar sentiment analysis tools, the emotional tone and aggression of the information are evaluated. The output is an emotional danger indicator, which is used to detect potential aggressive intent.
[0798] Step 4:
[0799] The server immediately blocks or isolates information if it determines it to be unsafe. The input is the risk assessment results from steps 2 and 3. Based on these results, the information is moved to a sandbox environment and stored for further analysis. The output is information protection until its safety is confirmed.
[0800] Step 5:
[0801] If a user is concerned about the security of information, they can ask, "Is this information secure?" The input is the user's request message. In this case, the terminal activates a generating AI model (e.g., OpenAI GPT-4) and performs a security assessment of the information again. The output is the AI's security assessment result and advice provided to the user.
[0802] Step 6:
[0803] The server shares detected risk information with other organizations through an information sharing platform. The input is the risk information detected in steps 2 and 3. The information is sent to the security platform and distributed widely. The output is the risk information transmitted to each organization.
[0804] Step 7:
[0805] The server provides an observation screen for administrators, displaying the current information security status and details of detected threats. The input consists of the output data from each of the steps described above. This observation screen allows administrators to understand the situation in real time and take appropriate action. As output, administrators can obtain a detailed security report.
[0806] (Application Example 2)
[0807] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0808] With the advancement of information and communication technology, information leaks via email and online messages, as well as phishing scams, are becoming increasingly serious problems. Current systems struggle to adequately detect threats, and users are unable to respond appropriately to malicious content. Furthermore, providing appropriate warnings that take into account the user's emotional state is also difficult. Therefore, there is a need for security solutions with more advanced analytical capabilities and that are sensitive to user emotions.
[0809] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0810] In this invention, the server includes means for analyzing content using natural language processing technology when receiving and transmitting information via a communication network, means for determining whether the content matches a known danger based on the analysis results, and means for controlling or protecting content determined to be dangerous in real time, and means for analyzing the user's emotions and providing special notifications in dangerous situations. This makes it possible to analyze the danger of content received by the user in real time and provide warnings that take into account the user's stress level.
[0811] An "information processing device" is an electronic device that receives and transmits information and processes it in a specified manner.
[0812] "Natural language processing technology" is a technology that uses computers to process and understand natural language used by humans.
[0813] "Content" refers to all information contained in information media such as emails and online messages.
[0814] "Analysis" is the act of breaking down content and understanding its constituent elements.
[0815] "Dangerous" refers to a situation or content that could potentially lead to information leaks or fraud from an information security perspective.
[0816] A "user" is an individual or company that operates an information processing device and receives information services.
[0817] "Emotional analysis" is a technology that evaluates a user's emotional state and predicts specific behaviors and reactions.
[0818] A "notification" is a means or message used to convey information to a user.
[0819] To implement this invention, the server must first function as an information processing device. The server receives content such as emails and online messages via a communication network and analyzes this content using natural language processing technology. For the analysis, Python libraries such as spaCy and Transformers are used to evaluate the email body, subject, sender information, attachments, etc., in detail. This makes it possible to determine whether the content falls under known hazards.
[0820] Next, the server controls or protects content deemed dangerous in real time based on the analysis results. Dangerous content is filtered or isolated to prevent direct impact on users. Furthermore, the server analyzes the user's emotional state and uses emotion analysis technology to provide special notifications in dangerous situations. This involves using emotion recognition models based on frameworks such as TensorFlow and PyTorch.
[0821] The user's device has an application built with Flutter installed as the frontend. This device communicates with the server and notifies the user in real time of the potential dangers of the content and the warnings provided. The content of the warnings received by the user is appropriately customized using specific prompt phrases based on a pre-configured generative AI model.
[0822] As a concrete example, if a user receives an email that may be a phishing attempt, the server analyzes the email and immediately sends an alert to the user. This alert includes a prompt message such as, "This email may be a phishing attempt. The sender is unknown, do not click on any links. You may be feeling stressed, so please remain calm and review the information carefully." In this way, the invention provides an effective means of ensuring information security while reducing the psychological burden on the user.
[0823] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0824] Step 1:
[0825] The server receives content such as emails and online messages via a communication network. The input is raw email or message information, and the output is that data passed to a natural language processing engine. Immediately after receiving the data, it is cleaned up and converted into a format suitable for analysis.
[0826] Step 2:
[0827] The server uses Python's spaCy and Transformers natural language processing libraries to parse the body, title, source information, and attachments of the received content. The input is the data formatted in step 1, and the output is the parsed structured data. Specifically, each element is tokenized, and semantic relationships are extracted.
[0828] Step 3:
[0829] The server evaluates the content based on the analysis results to determine if it matches any known hazards, and if it is determined to be hazardous, it takes control or protection in real time. The input is the analysis results from step 2, and the output is a flag or status indicating the hazard. If applicable, the content is isolated and filtered.
[0830] Step 4:
[0831] The terminal communicates with the server to notify the user of the analysis results in real time. The input is risk information sent from the server, and the output is a warning message displayed on the user's screen. The display in the user interface is dynamically handled using Flutter.
[0832] Step 5:
[0833] The server utilizes emotion recognition models based on TensorFlow and PyTorch to analyze the user's emotional state. Input consists of the user's past response data and real-time data, while output is a prediction of the user's current emotional state. Based on the prediction, special notifications are generated as needed.
[0834] Step 6:
[0835] The device displays a special notification to the user that takes their emotional state into consideration, using an AI model that generates such notifications. The input is the result of the sentiment analysis and instructions from the server, and the output is a customized notification message provided to the user. An example prompt is: "This email may be a phishing attempt. The sender is unknown, do not click on the link. You may be feeling stressed, so please calmly review the message."
[0836] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0837] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0838] In the above embodiment, an example was given in which the specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the robot 414.
[0839] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.
[0840] Figure 9 shows an emotion map 400 in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.
[0841] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.
[0842] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.
[0843] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, motorcycles, etc., emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated, for example, based on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.
[0844] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."
[0845] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.
[0846] The above description primarily focuses on the functions of the data processing device 12 in relation to this disclosure. However, the system related to this disclosure is not necessarily implemented on a server. The system related to this disclosure may be implemented as a general information processing system. This disclosure may be implemented, for example, as a software program that runs on a personal computer or as an application that runs on a smartphone. The method related to this disclosure may be provided to users in SaaS (Software as a Service) format.
[0847] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing of the specific process may be performed by multiple computers, including computer 22. For example, a data generation model 58 may be provided in an external device of the data processing device 12, and the external device may generate data according to the input data.
[0848] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.
[0849] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.
[0850] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.
[0851] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.
[0852] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.
[0853] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.
[0854] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.
[0855] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and the like that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.
[0856] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.
[0857] The following is further disclosed regarding the embodiments described above.
[0858] (Claim 1)
[0859] A mail server that receives data via a communication network has means for analyzing the content of emails using natural language processing technology when receiving and sending emails.
[0860] Based on the analysis results, a means is provided to determine whether an email matches a known threat and to block or quarantine emails determined to be threatening in real time.
[0861] By utilizing generative models, we can quickly respond to user inquiries regarding email security and provide users with security information.
[0862] A means of globally distributing detected threat information through an information sharing platform for sharing with other organizations,
[0863] A means of providing system administrators with a monitoring dashboard to report the status of email security and details of detected threats in real time,
[0864] A system that includes this.
[0865] (Claim 2)
[0866] The system according to claim 1, which determines the threat level of an email by performing natural language processing analysis on a mail server, and by evaluating in detail the email body, subject, sender address, and attachments.
[0867] (Claim 3)
[0868] The system according to claim 1, which uses a generative model on the user terminal to provide real-time security evaluations in response to user inquiries about the security of emails.
[0869] "Example 1"
[0870] (Claim 1)
[0871] An information processing device that receives data via a communication network includes means for evaluating the data content using information analysis techniques when receiving and transmitting data.
[0872] Based on the evaluation results, a means is provided to determine whether the data matches known hazards, and to immediately block or isolate data that is determined to be a hazard.
[0873] By utilizing generation technology, we can quickly respond to user inquiries regarding data security and provide users with protective information.
[0874] A means of distributing detected risk information over a wide area through an information sharing platform for sharing with other organizations,
[0875] A means for providing a monitoring display device to system administrators to immediately report the status of data protection and details of detected risks,
[0876] A system that includes this.
[0877] (Claim 2)
[0878] The system according to claim 1, which determines the degree of data risk by evaluating in detail the main part of the data, title, source identification, and attached information in information analysis using an information processing device.
[0879] (Claim 3)
[0880] The system according to claim 1, which uses generation technology on the user's terminal to provide an immediate security evaluation in response to a user's inquiry about the security of data.
[0881] "Application Example 1"
[0882] (Claim 1)
[0883] An information processing device that acquires information via a communication channel includes means for analyzing the content of an electronic document using language analysis technology when acquiring and transmitting the document.
[0884] Based on the analysis results, a means is provided to determine whether the document matches a previously known harm, and to immediately block or isolate the document determined to be harmful.
[0885] By utilizing generative models, we can quickly respond to user inquiries regarding document security and provide users with protective information.
[0886] A means of internationally distributing detected harm information through an information sharing platform for sharing with other organizations,
[0887] A means for providing a monitoring display device to the system administrator to immediately report the status of information protection and details of detected harm,
[0888] A means to automatically analyze documents that reach mobile devices and detect phishing and malicious program threats,
[0889] A system that includes this.
[0890] (Claim 2)
[0891] The system according to claim 1, which determines the level of harm of a document by evaluating in detail the content, headings, sender information, and attachments of a document in language analysis using an information processing device.
[0892] (Claim 3)
[0893] The system according to claim 1, which uses a generative model on the user's terminal to provide an immediate security evaluation in response to a user's inquiry about the security of a document.
[0894] "Example 2 of combining an emotion engine"
[0895] (Claim 1)
[0896] A device that receives information via a communication device, and means for analyzing the content of the information using natural language processing technology when receiving and transmitting the information,
[0897] Based on the analysis results, a means is provided to determine whether the information matches a known hazard, and to block or store information determined to be hazardous in real time.
[0898] A means of using sentiment analysis technology to evaluate the emotions contained in information and identify information that may have aggressive intent,
[0899] By utilizing generative models, we can quickly respond to user inquiries regarding the security of information and provide users with security information.
[0900] A means of distributing detected risk information over a wide area through an information sharing platform for sharing with other organizations,
[0901] A means of providing administrators with an observation screen to report the status of information security and details of detected risks in real time,
[0902] A system that includes this.
[0903] (Claim 2)
[0904] The system according to claim 1, which determines the degree of risk of information by using an information processing device to evaluate in detail the body of the information, subject, sender address, and attached data.
[0905] (Claim 3)
[0906] The system according to claim 1, which uses a generative model on the user's terminal to provide an immediate security evaluation in response to a user's inquiry about the security of information.
[0907] "Application example 2 when combining with an emotional engine"
[0908] (Claim 1)
[0909] An information processing device that receives information via a communication network, means for analyzing content using natural language processing technology when receiving and transmitting information,
[0910] Based on the analysis results, a means is provided to determine whether the content matches a known risk, and to control or protect the content determined to be risky in real time.
[0911] By utilizing generative models, we can quickly respond to user inquiries regarding the safety of content and provide users with protective information.
[0912] A means of transmitting detected risk information over a wide area through an information exchange platform for sharing with other organizations,
[0913] A means for providing a monitoring display device to a system administrator to report the status of information protection and details of detected risks in real time,
[0914] A means of analyzing the user's emotions and providing special notifications in dangerous situations,
[0915] A system that includes this.
[0916] (Claim 2)
[0917] The system according to claim 1, which determines the risk level of content by evaluating in detail the content's text, title, source information, and attached information in natural language processing analysis using an information processing device.
[0918] (Claim 3)
[0919] The system according to claim 1, which uses a generative model on the user's terminal to provide real-time safety evaluations in response to user inquiries about the safety of content. [Explanation of Symbols]
[0920] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots< / url:> < / url:> < / url:> < / url:>
Claims
1. A mail server that receives data via a communication network has means for analyzing the content of emails using natural language processing technology when receiving and sending emails. Based on the analysis results, a means is provided to determine whether an email matches a known threat and to block or quarantine emails determined to be threatening in real time. By utilizing generative models, we can quickly respond to user inquiries regarding email security and provide users with security information. A means of globally distributing detected threat information through an information sharing platform for sharing with other organizations, A means of providing system administrators with a monitoring dashboard to report the status of email security and details of detected threats in real time, A system that includes this.
2. The system according to claim 1, which determines the threat level of an email by performing natural language processing analysis on a mail server, and by evaluating in detail the email body, subject, sender address, and attachments.
3. The system according to claim 1, which uses a generative model on the user terminal to provide a real-time security evaluation in response to a user's inquiry about the security of an email.