system
The system addresses human error in privilege management by automatically evaluating and adjusting permissions based on user access history and emotional states, ensuring accurate and adaptive privilege management.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SOFTBANK GROUP CORP
- Filing Date
- 2024-12-11
- Publication Date
- 2026-06-23
AI Technical Summary
Conventional privilege management systems are prone to human errors due to manual processes, leading to excessive or insufficient privileges, especially when different systems are involved, and there is a need for automated and efficient means to manage permissions accurately and adapt to role changes.
A system that evaluates user permissions by analyzing access history using a generation system, automatically generates proposed changes, and includes an interface for administrators to approve or modify these changes, with continuous learning to improve accuracy.
Ensures accurate and efficient privilege management by automatically applying optimal permission changes, preventing unauthorized access and reducing human error, and continuously adapting to user role changes and emotional states.
Smart Images

Figure 2026101943000001_ABST
Abstract
Description
Technical Field
[0001] The technology of the present disclosure relates to a system.
Background Art
[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, including steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a character of the chatbot, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance as a response to the user utterance.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In conventional system privilege management, manual privilege granting and modification are often performed, and there is a problem that human errors are likely to occur in this process. In particular, when various business groups use different systems and the privilege patterns of each system are different, the risk of excessive or insufficient privileges due to setting mistakes increases. Therefore, from the perspectives of information security and compliance, the need for accurate and efficient privilege management is increasing. In addition, there are cases where unnecessary privileges remain when the role changes due to transfer or the like, and means for automatically correcting this are required.
Means for Solving the Problems
[0005] This invention provides a means for evaluating user permissions by collecting user access history and analyzing that history using a generation system. Based on the evaluation results, it automatically generates proposed permission changes and includes an interface for administrators to approve or modify them through specific means. Furthermore, this system can automatically apply the proposed permission changes. It also includes means for conducting periodic permission audits and reporting the results as a report, thereby ensuring proper permission management. This entire process is continuously improved as the generation system learns, increasing the accuracy and reliability of user permission settings.
[0006] A "user" refers to an entity that utilizes a system or network and possesses specific access privileges.
[0007] "Access history" refers to log data of when a user accesses the system, and includes information such as date and time, operation details, and user permissions.
[0008] A "generation system" refers to a system that includes algorithms and AI models for data analysis, and has functions for evaluating and proposing authority.
[0009] "Permissions" refer to the range of operations and access that a user is allowed to perform within the system.
[0010] "Evaluation" refers to the process of determining whether the current permission settings are appropriate based on the analysis results.
[0011] A "proposal" is a proposed change to permissions generated based on the evaluation results, and includes additions, deletions, and modifications.
[0012] An "administrator" is someone who is responsible for managing a system or network and overseeing user permission settings.
[0013] An "interface" refers to the means or screens that users or administrators use to interact with a system, and is used to input operations and instructions.
[0014] "Automatically apply" means that the proposed permission changes will be implemented by the system without human intervention.
[0015] "Auditing" refers to the process of regularly checking the appropriateness of permission settings and usage, and recording and reporting the results.
[0016] A "report" is a document that summarizes audit and analysis results, and is created with the aim of ensuring transparency and identifying problems. [Brief explanation of the drawing]
[0017] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10]Shows an emotion map to which multiple emotions are mapped. [Figure 11] It is a sequence diagram showing the processing flow of the data processing system in Embodiment 1. [Figure 12] It is a sequence diagram showing the processing flow of the data processing system in Application Example 1. [Figure 13] It is a sequence diagram showing the processing flow of the data processing system in Embodiment 2 when an emotion engine is combined. [Figure 14] It is a sequence diagram showing the processing flow of the data processing system in Application Example 2 when an emotion engine is combined.
Mode for Carrying Out the Invention
[0018] Hereinafter, an example of an embodiment of a system according to the technology of the present disclosure will be described with reference to the accompanying drawings.
[0019] First, the terms used in the following description will be described.
[0020] In the following embodiments, a processor with a reference number (hereinafter simply referred to as "processor") may be one arithmetic unit or a combination of multiple arithmetic units. Also, the processor may be one type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), a GPGPU (General-Purpose computing on Graphics Processing Units), an APU (Accelerated Processing Unit), and the like.
[0021] In the following embodiments, a RAM (Random Access Memory) with a reference number is a memory in which information is temporarily stored and is used as a work memory by the processor.
[0022] In the following embodiments, the signed storage is one or more non-volatile storage devices that store various programs and various parameters. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes.
[0023] In the following embodiments, the signed communication interface (I / F) is an interface that includes a communication processor and an antenna, etc. The communication interface manages communication between multiple computers. Examples of communication standards applicable to the communication interface include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).
[0024] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B." That is, "A and / or B" means that it may be A alone, or B alone, or a combination of A and B. Furthermore, in this specification, the same concept as "A and / or B" applies when expressing three or more things linked by "and / or."
[0025] [First Embodiment]
[0026] Figure 1 shows an example of the configuration of the data processing system 10 according to the first embodiment.
[0027] As shown in Figure 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.
[0028] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0029] The smart device 14 comprises a computer 36, a reception device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The reception device 38, output device 40, and camera 42 are also connected to the bus 52.
[0030] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, etc., and receives user input. The touch panel 38A receives user input by detecting contact with an object (e.g., a pen or finger). The microphone 38B receives user input by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the data indicating the user input.
[0031] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user 20 by outputting the data in a form perceptible to the user 20 (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.
[0032] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.
[0033] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.
[0034] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0035] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0036] In the smart device 14, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The reception output program 60 is used in conjunction with a specific processing program 56 by the data processing system 10. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0037] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".
[0038] This invention provides an AI-powered access control system that enables the efficient and accurate setting and management of user access rights.
[0039] In this invention, the server primarily plays the following roles. First, the server periodically collects each user's access history and stores it in a database. This data includes the user ID, access date and time, and details of the systems and functions used. Subsequently, the server inputs the stored data into an AI model to analyze the user's usage patterns. The AI model identifies the possibility of abnormal privilege usage or unauthorized access and evaluates whether the current privilege settings are optimal.
[0040] Based on this evaluation, the server generates optimal permission change proposals for each user. These proposals include removing excessive permissions and adding necessary permissions. The proposals are notified to the administrator, who reviews them via their terminal and approves or modifies them as needed. If the administrator approves, the server automatically applies the proposed permissions.
[0041] During the ongoing auditing process, the server collects user access history again and uses the new data to further improve the accuracy of permission settings. This process ensures transparency and security in permission settings, preventing unauthorized access and excessive privilege granting.
[0042] Examples of embodiments
[0043] For example, consider a case where user B is transferred from the sales department to the human resources department. The server detects that user B has started accessing the human resources system. On the other hand, the access history reveals that access to the sales department's related systems is no longer necessary. Based on this information, the AI model evaluates user B's permissions, proposes new permissions required for the human resources system, and recommends removing permissions for the sales system. Once the administrator approves this proposal on their terminal, the server automatically executes these permission changes, ensuring appropriate permission allocation.
[0044] As a result, a system is realized that allows for flexible management of permissions according to changes in user roles and other circumstances, thereby preventing human error and unauthorized access.
[0045] The following describes the processing flow.
[0046] Step 1:
[0047] The server periodically retrieves each user's access history and stores it in a centrally managed database. The access history includes user ID, system name, access date and time, and details of the functions and data used.
[0048] Step 2:
[0049] The server inputs accumulated access history data into a dedicated AI model for access control, which analyzes each user's usage patterns and trends. Based on past usage history, the AI model evaluates the possibility of abnormal access usage and signs of unauthorized access.
[0050] Step 3:
[0051] The server generates optimization proposals for each user's permissions based on the analysis results of the AI model. These proposals include suggestions for removing invalid or excessive permissions and granting newly required permissions. This allows for appropriate permission settings according to the user's job responsibilities.
[0052] Step 4:
[0053] The server notifies the administrator of the generated permission change proposals and provides an interface through the terminal to review these proposals. The administrator reviews the proposals and approves or modifies the permissions as appropriate.
[0054] Step 5:
[0055] Once a proposal is approved by the administrator, the server automatically updates the user's permission settings. This includes granting any necessary additional permissions and removing any unnecessary ones, with permission enforcement in real time.
[0056] Step 6:
[0057] The server maintains consistent permission management by continuously auditing access history to ensure that users' permission states are always optimal, and by re-executing the re-evaluation and suggestion process as soon as new patterns are detected.
[0058] (Example 1)
[0059] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0060] In today's information environment, a wide variety of systems and applications are used, making the proper management of user access rights extremely important. However, manual permission management methods are prone to human error and the granting of inappropriate permissions. Furthermore, quickly updating permissions in response to role changes is difficult. An efficient and accurate permission management system is needed to address these issues.
[0061] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0062] In this invention, the server includes means for collecting user usage records and storing them in a dedicated storage device, means for evaluating user privileges using a generative model that analyzes the stored usage records, and means for generating optimal privilege change proposals based on the evaluation results. This enables efficient and accurate management of user access privileges and allows for rapid privilege changes in response to changes in roles and circumstances.
[0063] A "user" refers to an individual or group that accesses and operates information systems and applications.
[0064] "Usage records" refer to data regarding the date and time a user accessed an account, the functions used, and the actions performed.
[0065] A "dedicated storage device" refers to a database or storage device used to efficiently store collected usage records for later analysis.
[0066] A "generative model" refers to an AI model that uses machine learning algorithms to analyze data and evaluate user permissions.
[0067] A "proposal for permission changes" refers to a suggestion regarding the addition or removal of access permissions that is deemed most appropriate based on the user's usage patterns.
[0068] "Administrator" refers to the person responsible for changing system settings, selecting terms of service, and approving or modifying proposed changes to permissions.
[0069] An "information processing system" refers to an entire system for inputting, analyzing, and outputting data, and includes servers, databases, AI models, and other components.
[0070] This invention provides an information processing system that efficiently manages and appropriately adjusts user access rights. The system primarily involves three entities: a server, a terminal, and a user.
[0071] The server collects user activity records at regular intervals. These records include the date and time of access, the functions used, and the details of the operations performed. This data is stored in a dedicated storage database. The server inputs the accumulated data into an AI model to analyze user activity patterns. This analysis includes functions to identify abnormal privilege usage and unauthorized access.
[0072] Based on the analysis results, the server generates the optimal permission change proposal. For example, for a user who has moved from the sales department to the human resources department, it will propose the addition of new necessary permissions and the removal of unnecessary ones. The proposed permission change proposal is notified to the administrator, who then reviews it via their terminal.
[0073] Administrators can use an interface on their terminal to approve or modify proposed permission changes. Approved changes are automatically applied, and the server updates permission information to reflect the changes in the relevant systems.
[0074] Furthermore, the server continuously collects usage records and performs periodic analysis using AI models. This continuously improves the accuracy of permission settings.
[0075] The following are example prompts used as input to the generated AI model.
[0076] Analyze the user's access history and propose appropriate permission changes based on their new role. Example: A user has moved from the Sales Department to the Human Resources Department.
[0077] This system allows for quick responses to changes in user roles and new business requirements, and prevents unauthorized access and incorrect permission assignments.
[0078] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0079] Step 1:
[0080] The server collects usage records for each user. It uses system log files as input, obtaining data such as user ID, access date and time, and the name of the function used. As output, this data is stored in a dedicated storage device in a specific format. Specifically, the server periodically accesses the log files and inserts new data into the corresponding tables in the database.
[0081] Step 2:
[0082] The server inputs the accumulated usage records into a generating AI model for analysis. The input is user usage records stored in a database. The output is an analysis result showing the user's usage patterns. Specifically, the server starts the AI model and supplies the usage record data to the model in bulk, allowing for the detection of potential abnormal privilege usage or unauthorized access.
[0083] Step 3:
[0084] The server generates proposed permission changes based on the analysis results and proposes them to the administrator. The input is the analysis results obtained from the AI model. The output includes specific permission change proposals, such as the removal of excessive permissions or the addition of necessary permissions. Specifically, the server notifies the administrator of the proposed changes via email or other means.
[0085] Step 4:
[0086] The administrator reviews the proposed permission changes on the terminal and approves or modifies them. The input is the proposed permission changes sent from the server. The output is the approved or modified permission changes. Specifically, the administrator reviews the proposed changes presented on the terminal's management screen, makes any necessary changes, and then presses the approve button.
[0087] Step 5:
[0088] The server automatically applies administrator-approved permission changes to the system. The input is the details of the administrator-approved permission changes. The output is the updated user permission information. Specifically, the server updates the permission information for the relevant system and application, and the new permission configuration is applied immediately.
[0089] Step 6:
[0090] The server continuously collects usage records and re-evaluates permission settings with the new data. The input is the updated usage records. The output is new analysis results aimed at further improving the accuracy of permission settings. Specifically, the server retrieves log data again, periodically performs analysis using an AI model, and optimizes permission settings.
[0091] (Application Example 1)
[0092] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0093] In user access management, a challenge is the increased risk of unauthorized access if appropriate permission settings are not maintained. Furthermore, if permission changes are not implemented properly, operational efficiency may decline. Additionally, if administrators cannot quickly detect unauthorized access, security may be compromised.
[0094] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0095] In this invention, the server includes means for collecting user activity history, means for evaluating user privileges using an analysis system that analyzes the collected activity history, and means for sending a warning to a management device when abnormal access occurs. This enables appropriate setting and management of access privileges and rapid detection and response to unauthorized access.
[0096] "Activity history" refers to records of the date and time a user accessed a website, as well as the systems and functions they used.
[0097] An "analysis system" is a system that analyzes collected behavioral history data to detect user usage patterns and evaluate access permissions.
[0098] "Permission assessment" refers to the evaluation process used to determine whether the access permissions a user currently possesses are appropriate.
[0099] A "proposal for permission changes" refers to a suggestion to modify the current permission settings, generated based on the user's permission evaluation results.
[0100] A "management device" refers to a terminal used by administrators to review, approve, or modify proposed permission changes.
[0101] A "warning" is a notification issued to an administrator when unusual access or suspicious use of privileges is detected.
[0102] The system used to implement this application is primarily operated by a server. The server collects user activity history into a database and inputs this data into an AI-powered analysis system. The analysis system analyzes the collected activity history and evaluates user usage patterns. Specifically, it determines whether user access is potentially abnormal and evaluates whether the permission settings are appropriate. Based on the evaluation results, the server generates a proposed permission change and sends it to the management device. Key components of this process include data analysis software equipped with an AI model and a database management system that manages access history. This allows administrators to grasp the possibility of unauthorized access in real time and take appropriate action immediately. In addition, if abnormal access is detected, the server sends a warning notification to the administrator's terminal. This ensures that a system is in place to respond immediately in the event of a user error or fraudulent activity.
[0103] As a concrete example, one company implemented this system, and when a user transferred from the sales department to the human resources department, the system allowed for a rapid change in access permissions, significantly improving operational efficiency. Furthermore, the unauthorized access warning function enabled the company to proactively avoid potential security incidents.
[0104] By utilizing generative AI models, it is possible to automatically manage access and permissions, and continuously optimize the system.
[0105] An example of a prompt message is: "Please propose an AI-powered access control system. Include an alert system to enhance security."
[0106] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0107] Step 1:
[0108] The server collects user activity history data. Input includes log data containing user ID, access date and time, and details of the systems and functions used. This data is stored in a database to prepare the basic data necessary for later analysis. The output is the activity history data stored in the database.
[0109] Step 2:
[0110] The server inputs the collected behavioral history data into an AI-based analysis system. The input is the user behavioral history data accumulated earlier. By running this data through an AI model, the system analyzes user usage patterns and identifies abnormal permission usage. The output is the permission evaluation result for each user.
[0111] Step 3:
[0112] The server generates permission change proposals based on evaluation results from an AI model. The input is the permission evaluation results obtained from the AI model, and based on this evaluation, it generates suggestions such as removing excessive permissions or adding necessary permissions. The output is a specific permission change proposal for each user.
[0113] Step 4:
[0114] The server sends the generated permission change proposal to the management device. The input is the generated permission change proposal. This proposal is notified to the management device and made available for administrator review. The output is the proposal information displayed on the administrator's terminal.
[0115] Step 5:
[0116] After reviewing the proposed permission changes presented on the administrator's terminal, they approve or modify them. The input is the proposed permission changes sent by the server. Based on the administrator's judgment, if the proposed changes are approved, they are applied as is; if modifications are made, the modified content is sent to the server. The output is the approved or modified version of the proposed changes.
[0117] Step 6:
[0118] The server implements permission changes based on administrator instructions. The input is the permission change instruction approved or modified by the administrator. This is used to apply user permissions to the system, enabling real-time permission management. The output is the updated permission settings.
[0119] Step 7:
[0120] If abnormal access is detected, the server immediately sends a warning to the management device. The input is access information identified as abnormal by the AI model. Based on this information, a warning is issued to prompt the administrator to take swift action. The output is the warning notification information displayed on the administrator's terminal.
[0121] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0122] This invention provides a system that makes permission settings more adaptive and personal by incorporating an emotion engine that recognizes user emotions, in addition to AI-powered permission management.
[0123] The central component of this invention is the collection of each user's access history by the server, which is stored in a database. The server further collects emotional data related to the user's behavior and utilizes an emotion engine to analyze this data. The emotion engine analyzes the emotional state of the user when using the system and provides the results to the server's generation system.
[0124] The generation system not only evaluates permissions according to typical usage patterns, but also takes into account emotional information obtained from the emotion engine to propose permission settings appropriate for the user. These suggestions may include permission adjustments to reduce the user's burden if emotional stress or dissatisfaction is indicated. Furthermore, it allows for prioritizing the granting of permissions involving important decision-making to users in appropriate emotional states.
[0125] The administrator reviews the proposed permission changes via their terminal and approves or modifies them as needed. The server promptly reflects the administrator's approved proposals and automatically updates the user's permission settings.
[0126] As a concrete example, consider a scenario where User C is assigned a sudden project. The server, using its emotion engine, detects that User C's emotional state is changing under stress different from normal work. In this case, the AI adjusts the permissions and tasks that might cause User C stress and suggests a more appropriate role. This method enables flexible permission management that also considers emotional states, simultaneously achieving increased work efficiency and improved user satisfaction.
[0127] This system can continuously improve the permission setting optimization process by incorporating emotion-based feedback into its generation system. This allows permission settings to evolve to suit the system's usage environment and the user's psychological state.
[0128] The following describes the processing flow.
[0129] Step 1:
[0130] The server collects each user's access history and associated sentiment data. Sentiment data is obtained through devices and software that analyze the user's facial expressions, voice tone, input patterns, etc., during their interactions. This data is securely stored in a database.
[0131] Step 2:
[0132] The server inputs collected access history and sentiment data into a generation system. The generation system uses AI to analyze user usage patterns and emotional tendencies. This analysis evaluates the emotional state of users in different situations and identifies the emotional impact of system usage.
[0133] Step 3:
[0134] The server proposes optimal permission settings for the user based on sentiment analysis results and the user's past permission usage history. If stress or dissatisfaction is indicated by the sentiment data, permission adjustments to reduce the user's workload will also be considered. These suggestions may include adding, removing, or adjusting permissions.
[0135] Step 4:
[0136] The administrator is presented with a list of proposed permissions via the device. The administrator reviews these proposals, taking into account the user's work situation and emotional state. If necessary, the administrator can approve, modify, or reject the proposals.
[0137] Step 5:
[0138] When an administrator approves a permission proposal on their device, the server automatically updates the user's permission settings. This update is performed in real time, and changes are reflected immediately. This ensures that users have the most appropriate permissions.
[0139] Step 6:
[0140] The server continuously audits users' emotional states and access history to improve the accuracy of permission settings. This process is crucial for maintaining the overall system's adaptability in response to changes in users' work environments and psychological states.
[0141] (Example 2)
[0142] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".
[0143] Current access control systems typically evaluate permissions based on user access history, making it difficult to consider biometric data or emotional states. This can lead to permission settings that disregard user psychology, causing stress and frustration, and reducing work efficiency. Furthermore, flexible and adaptive access control utilizing generative AI models is needed, but achieving this requires further ingenuity.
[0144] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0145] In this invention, the server includes means for collecting user usage history and biometric data, means for using an emotion engine to analyze the collected biometric data and identify the user's emotional state, and means for inputting prompt messages into a generated AI model based on the analysis results and usage history, and evaluating the user's permissions. This makes it possible to propose appropriate permission changes considering the user's emotional state, thereby reducing stress and improving work efficiency.
[0146] "User usage history" refers to access information when a user operates the system, and includes data such as which functions were accessed, the date and time, and the duration of use.
[0147] "Biometric data" refers to information about a user's physical and physiological state, including data that can lead to the identification of their emotional state, such as heart rate, facial expressions, and voice tone.
[0148] An "emotion engine" is a technology that analyzes collected biometric data to identify a user's emotional state, and refers to a system that utilizes voice analysis and facial recognition algorithms.
[0149] A "generative AI model" refers to artificial intelligence technology that analyzes data and generates suggestions based on given prompts, and provides decision support using machine learning algorithms.
[0150] A "prompt statement" refers to a text in the form of input used to give instructions to a generative AI model, and is used to guide the model's response based on specific requirements or conditions.
[0151] This invention is a flexible access control system that uses user usage history and biometric data, and has a configuration that allows for the optimization of access rights while taking into account the user's emotional state.
[0152] The server is responsible for collecting user access history and biometric data. Access history includes records of operations within the system, the date and time of access, and the functions used. Biometric data includes heart rate and facial expression data, acquired through wearable devices and connected cameras. This data is stored in a database.
[0153] Next, the server activates an emotion engine to evaluate the user's emotional state using biometric data. The emotion engine utilizes voice analysis software and facial recognition algorithms to identify the user's real-time psychological state. If high stress levels or dissatisfaction are detected, this information is stored in a database on the server.
[0154] Subsequently, the server's generation system uses a generation AI model to input the collected data into the model in the form of prompt statements, optimizing user permission settings. For example, a prompt statement for the generation AI model could be: "Based on user C's emotional data when taking on a new project, suggest appropriate permissions and work assignments to reduce stress."
[0155] This process ultimately displays the proposed permission changes on the administrator's terminal. The administrator reviews these proposals, makes adjustments as needed, and then approves the final settings. The moment this approval is received by the server, the user's permissions are automatically updated, enabling them to handle new tasks.
[0156] This embodiment makes it possible to reduce the psychological burden on users and optimize the work environment. This invention aims to simultaneously achieve improved user satisfaction and increased work efficiency.
[0157] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0158] Step 1:
[0159] The server collects user access history and biometric data. Specifically, it uses hardware such as wearable devices and cameras to acquire user heart rate and facial expression data. It receives user system operation logs and real-time biometric data as input and stores them in a database. The output is the usage history and biometric data stored in the database.
[0160] Step 2:
[0161] The server uses an emotion engine to analyze the collected biometric data. The emotion engine uses voice analysis and facial recognition technology to evaluate the user's stress level and emotional state. The input is the accumulated biometric data, and by analyzing this data, the user's emotional state is identified. The output is the analyzed emotional evaluation result, which is stored in a database.
[0162] Step 3:
[0163] The server generation system inputs prompt messages into a generation AI model, which then evaluates and proposes user permission settings. Specifically, it combines sentiment evaluation results and access history to create prompt messages, which are then input into the AI model. The inputs are sentiment evaluation results and usage history. The generation AI model processes the data and outputs optimized permission suggestions. The output is the proposed content of the permission changes.
[0164] Step 4:
[0165] Administrators using terminals can review permission change proposals provided by the generation system. Administrators can review the proposals on the terminal and make adjustments as needed. The input is the permission proposal sent from the server, and the output is the permission settings approved or modified by the administrator.
[0166] Step 5:
[0167] The server immediately applies the permission changes approved by the administrator and updates the user's access rights. This ensures the user has the latest permissions corresponding to their new role. The input is the permission settings finally approved by the administrator, and the output is the updated user access rights.
[0168] (Application Example 2)
[0169] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."
[0170] Traditional access control systems often assign fixed permissions without considering the user's emotional state, making it difficult to respond flexibly to different user situations. In particular, when users are stressed or anxious, it may be impossible to grant appropriate permissions, potentially leading to decreased productivity and hindering work efficiency. To address these problems, there is a need for systems that evaluate user emotions in real time and automatically adjust permission settings based on those evaluations.
[0171] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0172] In this invention, the server includes means for collecting user access history and emotional state, means for analyzing the collected data and using an emotional engine to evaluate the emotional state, and means for evaluating user permissions based on the emotional state using a generation system. This enables the proposal and application of flexible permission changes that take emotional state into consideration.
[0173] "User access history" refers to information that records an individual's behavior and access patterns when using a system.
[0174] "Emotional state" refers to information about the psychological and emotional condition a user exhibits when using the system.
[0175] An "emotion engine" is a software mechanism used to analyze and evaluate a user's emotional state.
[0176] A "generation system" is a system used to dynamically evaluate user permissions based on collected data and propose appropriate permission changes.
[0177] "Permission changes" refer to altering the range of functions a user can use and the information they can access.
[0178] An "automatic application mechanism" is a process that has the functionality to immediately reflect proposed permission changes without manual intervention from the administrator.
[0179] "Periodic permission audits" is a process of reviewing user permission settings at predetermined time intervals to ensure that no inappropriate permissions are set.
[0180] The system for implementing this invention mainly consists of a server, a user's mobile device, and a management terminal. The server collects and analyzes the user's access history and emotional state. The user's mobile device has a sensor function to grasp the emotional state and sends facial expressions and voice to the emotion engine. The emotion engine analyzes the collected data and quantitatively evaluates the user's emotional state. This evaluation result is transmitted to the server.
[0181] Based on the evaluation results, the server proposes optimal permission settings to the user through a generation system. Because the generation system is linked to a cloud database, it continuously learns by referencing collected access history and sentiment data. This enables more accurate permission suggestions. The management terminal provides an interface for approving or modifying proposed permission changes. Through this interface, administrators can adjust permissions as needed. Approved permission changes are automatically executed by the server, immediately updating the user's permission settings.
[0182] As a concrete example, consider a scenario where a user attempts to access a specific meeting room in an office building. The server can use an emotion engine to detect if the user is feeling anxious, and based on that data, it can temporarily restrict access to the meeting room while also suggesting alternative facilities.
[0183] An example of a prompt to input into the generating AI model is, "Data indicates the user is feeling anxious. Please suggest appropriate access permissions for the meeting room in this situation." Based on this prompt, the server can make appropriate permission suggestions.
[0184] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0185] Step 1:
[0186] When a user enters the office with their device, the device's sensors capture the user's facial expressions and voice. This data is pre-processed within the device and sent to the emotion engine. The input is the raw data acquired by the sensors, and the output is the data converted into the data format required for emotion analysis.
[0187] Step 2:
[0188] The emotion engine analyzes data sent from the device and evaluates the user's emotional state. Specifically, it uses machine learning algorithms to extract emotional features from the input data. The input to this process is processed data from sensors, and the output is a quantified evaluation of the emotional state.
[0189] Step 3:
[0190] The server receives evaluation results from the emotion engine and stores them in a cloud database along with the user's access history. The server analyzes this data and sends it to the generation system. The inputs are emotional states and access history, and the output are evaluation metrics necessary for permission settings.
[0191] Step 4:
[0192] The generation system uses a generation AI model to generate optimal permission suggestions based on data from the server. The input is evaluation metrics received from the server, and the output is the permission suggestion prompt. Specifically, it performs inference using a machine learning model.
[0193] Step 5:
[0194] The server sends the generated permission proposal to the management terminal. The management terminal displays an interface for approving or modifying the permission proposal. The input is a prompt from the generation system, and the output is the final permission setting based on the administrator's judgment.
[0195] Step 6:
[0196] After the administrator approves or modifies the permission proposal, the result is sent back to the server, and the user's permission settings are automatically updated. The server applies the new permission settings immediately. The input is the administrator's decision, and the output is the updated user permission status.
[0197] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.
[0198] Data generation model 58 is a so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> ), Gemini (registered trademark) (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0199] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart device 14.
[0200] [Second Embodiment]
[0201] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.
[0202] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.
[0203] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0204] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.
[0205] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0206] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0207] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0208] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0209] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0210] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0211] In the smart glasses 214, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0212] Next, the identification processing performed by the identification processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0213] This invention provides an AI-powered access control system that enables the efficient and accurate setting and management of user access rights.
[0214] In this invention, the server primarily plays the following roles. First, the server periodically collects each user's access history and stores it in a database. This data includes the user ID, access date and time, and details of the systems and functions used. Subsequently, the server inputs the stored data into an AI model to analyze the user's usage patterns. The AI model identifies the possibility of abnormal privilege usage or unauthorized access and evaluates whether the current privilege settings are optimal.
[0215] Based on this evaluation, the server generates optimal permission change proposals for each user. These proposals include removing excessive permissions and adding necessary permissions. The proposals are notified to the administrator, who reviews them via their terminal and approves or modifies them as needed. If the administrator approves, the server automatically applies the proposed permissions.
[0216] During the ongoing auditing process, the server collects user access history again and uses the new data to further improve the accuracy of permission settings. This process ensures transparency and security in permission settings, preventing unauthorized access and excessive privilege granting.
[0217] Examples of embodiments
[0218] For example, consider a case where user B is transferred from the sales department to the human resources department. The server detects that user B has started accessing the human resources system. On the other hand, the access history reveals that access to the sales department's related systems is no longer necessary. Based on this information, the AI model evaluates user B's permissions, proposes new permissions required for the human resources system, and recommends removing permissions for the sales system. Once the administrator approves this proposal on their terminal, the server automatically executes these permission changes, ensuring appropriate permission allocation.
[0219] As a result, a system is realized that allows for flexible management of permissions according to changes in user roles and other circumstances, thereby preventing human error and unauthorized access.
[0220] The following describes the processing flow.
[0221] Step 1:
[0222] The server periodically retrieves each user's access history and stores it in a centrally managed database. The access history includes user ID, system name, access date and time, and details of the functions and data used.
[0223] Step 2:
[0224] The server inputs accumulated access history data into a dedicated AI model for access control, which analyzes each user's usage patterns and trends. Based on past usage history, the AI model evaluates the possibility of abnormal access usage and signs of unauthorized access.
[0225] Step 3:
[0226] The server generates optimization proposals for each user's permissions based on the analysis results of the AI model. These proposals include suggestions for removing invalid or excessive permissions and granting newly required permissions. This allows for appropriate permission settings according to the user's job responsibilities.
[0227] Step 4:
[0228] The server notifies the administrator of the generated permission change proposals and provides an interface through the terminal to review these proposals. The administrator reviews the proposals and approves or modifies the permissions as appropriate.
[0229] Step 5:
[0230] Once a proposal is approved by the administrator, the server automatically updates the user's permission settings. This includes granting any necessary additional permissions and removing any unnecessary ones, with permission enforcement in real time.
[0231] Step 6:
[0232] The server maintains consistent permission management by continuously auditing access history to ensure that users' permission states are always optimal, and by re-executing the re-evaluation and suggestion process as soon as new patterns are detected.
[0233] (Example 1)
[0234] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0235] In today's information environment, a wide variety of systems and applications are used, making the proper management of user access rights extremely important. However, manual permission management methods are prone to human error and the granting of inappropriate permissions. Furthermore, quickly updating permissions in response to role changes is difficult. An efficient and accurate permission management system is needed to address these issues.
[0236] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0237] In this invention, the server includes means for collecting user usage records and storing them in a dedicated storage device, means for evaluating user privileges using a generative model that analyzes the stored usage records, and means for generating optimal privilege change proposals based on the evaluation results. This enables efficient and accurate management of user access privileges and allows for rapid privilege changes in response to changes in roles and circumstances.
[0238] A "user" refers to an individual or group that accesses and operates information systems and applications.
[0239] "Usage records" refer to data regarding the date and time a user accessed an account, the functions used, and the actions performed.
[0240] A "dedicated storage device" refers to a database or storage device used to efficiently store collected usage records for later analysis.
[0241] A "generative model" refers to an AI model that uses machine learning algorithms to analyze data and evaluate user permissions.
[0242] A "proposal for permission changes" refers to a suggestion regarding the addition or removal of access permissions that is deemed most appropriate based on the user's usage patterns.
[0243] "Administrator" refers to the person responsible for changing system settings, selecting terms of service, and approving or modifying proposed changes to permissions.
[0244] An "information processing system" refers to an entire system for inputting, analyzing, and outputting data, and includes servers, databases, AI models, and other components.
[0245] This invention provides an information processing system that efficiently manages and appropriately adjusts user access rights. The system primarily involves three entities: a server, a terminal, and a user.
[0246] The server collects user activity records at regular intervals. These records include the date and time of access, the functions used, and the details of the operations performed. This data is stored in a dedicated storage database. The server inputs the accumulated data into an AI model to analyze user activity patterns. This analysis includes functions to identify abnormal privilege usage and unauthorized access.
[0247] Based on the analysis results, the server generates the optimal permission change proposal. For example, for a user who has moved from the sales department to the human resources department, it will propose the addition of new necessary permissions and the removal of unnecessary ones. The proposed permission change proposal is notified to the administrator, who then reviews it via their terminal.
[0248] Administrators can use an interface on their terminal to approve or modify proposed permission changes. Approved changes are automatically applied, and the server updates permission information to reflect the changes in the relevant systems.
[0249] Furthermore, the server continuously collects usage records and performs periodic analysis using AI models. This continuously improves the accuracy of permission settings.
[0250] The following are example prompts used as input to the generated AI model.
[0251] Analyze the user's access history and propose appropriate permission changes based on their new role. Example: A user has moved from the Sales Department to the Human Resources Department.
[0252] This system allows for quick responses to changes in user roles and new business requirements, and prevents unauthorized access and incorrect permission assignments.
[0253] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0254] Step 1:
[0255] The server collects usage records for each user. It uses system log files as input, obtaining data such as user ID, access date and time, and the name of the function used. As output, this data is stored in a dedicated storage device in a specific format. Specifically, the server periodically accesses the log files and inserts new data into the corresponding tables in the database.
[0256] Step 2:
[0257] The server inputs the accumulated usage records into a generating AI model for analysis. The input is user usage records stored in a database. The output is an analysis result showing the user's usage patterns. Specifically, the server starts the AI model and supplies the usage record data to the model in bulk, allowing for the detection of potential abnormal privilege usage or unauthorized access.
[0258] Step 3:
[0259] The server generates proposed permission changes based on the analysis results and proposes them to the administrator. The input is the analysis results obtained from the AI model. The output includes specific permission change proposals, such as the removal of excessive permissions or the addition of necessary permissions. Specifically, the server notifies the administrator of the proposed changes via email or other means.
[0260] Step 4:
[0261] The administrator reviews the proposed permission changes on the terminal and approves or modifies them. The input is the proposed permission changes sent from the server. The output is the approved or modified permission changes. Specifically, the administrator reviews the proposed changes presented on the terminal's management screen, makes any necessary changes, and then presses the approve button.
[0262] Step 5:
[0263] The server automatically applies administrator-approved permission changes to the system. The input is the details of the administrator-approved permission changes. The output is the updated user permission information. Specifically, the server updates the permission information for the relevant system and application, and the new permission configuration is applied immediately.
[0264] Step 6:
[0265] The server continuously collects usage records and re-evaluates permission settings with the new data. The input is the updated usage records. The output is new analysis results aimed at further improving the accuracy of permission settings. Specifically, the server retrieves log data again, periodically performs analysis using an AI model, and optimizes permission settings.
[0266] (Application Example 1)
[0267] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0268] In user access management, a challenge is the increased risk of unauthorized access if appropriate permission settings are not maintained. Furthermore, if permission changes are not implemented properly, operational efficiency may decline. Additionally, if administrators cannot quickly detect unauthorized access, security may be compromised.
[0269] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0270] In this invention, the server includes means for collecting user activity history, means for evaluating user privileges using an analysis system that analyzes the collected activity history, and means for sending a warning to a management device when abnormal access occurs. This enables appropriate setting and management of access privileges and rapid detection and response to unauthorized access.
[0271] "Activity history" refers to records of the date and time a user accessed a website, as well as the systems and functions they used.
[0272] An "analysis system" is a system that analyzes collected behavioral history data to detect user usage patterns and evaluate access permissions.
[0273] "Permission assessment" refers to the evaluation process used to determine whether the access permissions a user currently possesses are appropriate.
[0274] A "proposal for permission changes" refers to a suggestion to modify the current permission settings, generated based on the user's permission evaluation results.
[0275] A "management device" refers to a terminal used by administrators to review, approve, or modify proposed permission changes.
[0276] A "warning" is a notification issued to an administrator when unusual access or suspicious use of privileges is detected.
[0277] The system used to implement this application is primarily operated by a server. The server collects user activity history into a database and inputs this data into an AI-powered analysis system. The analysis system analyzes the collected activity history and evaluates user usage patterns. Specifically, it determines whether user access is potentially abnormal and evaluates whether the permission settings are appropriate. Based on the evaluation results, the server generates a proposed permission change and sends it to the management device. Key components of this process include data analysis software equipped with an AI model and a database management system that manages access history. This allows administrators to grasp the possibility of unauthorized access in real time and take appropriate action immediately. In addition, if abnormal access is detected, the server sends a warning notification to the administrator's terminal. This ensures that a system is in place to respond immediately in the event of a user error or fraudulent activity.
[0278] As a concrete example, one company implemented this system, and when a user transferred from the sales department to the human resources department, the system allowed for a rapid change in access permissions, significantly improving operational efficiency. Furthermore, the unauthorized access warning function enabled the company to proactively avoid potential security incidents.
[0279] By utilizing generative AI models, it is possible to automatically manage access and permissions, and continuously optimize the system.
[0280] An example of a prompt message is: "Please propose an AI-powered access control system. Include an alert system to enhance security."
[0281] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0282] Step 1:
[0283] The server collects the user's behavior history data. As input, there is log data containing the user ID, access date and time, and details of the systems and functions used. By accumulating this data in a database, the basic data required for subsequent analysis is prepared. The output is the behavior history data stored in the database.
[0284] Step 2:
[0285] The server inputs the collected behavior history data into an analysis system using AI. The input is the user behavior history data accumulated earlier. By applying this data to the AI model, the user's usage pattern is analyzed and abnormal permission usage is identified. The output is the permission evaluation result for each user.
[0286] Step 3:
[0287] The server generates a permission change plan based on the evaluation result by the AI model. As input, there is the permission evaluation result obtained from the AI model, and based on this evaluation, proposals such as deleting excessive permissions and adding necessary permissions are generated. The output is the specific permission change plan for each user.
[0288] Step 4:
[0289] The server sends the generated permission change plan to the management device. The input is the generated permission change plan. The management device is notified of this plan and made in a state where the administrator can confirm it. The output is the proposal information displayed on the administrator's terminal.
[0290] Step 5:
[0291] After confirming the permission change plan presented on the administrator's terminal, approval or modification is performed. The input is the permission change plan sent by the server. Based on the administrator's judgment, if the change plan is approved, it is applied as it is, and if modifications are made, the modified content is sent to the server. The output is the approval or modification content of the change plan.
[0292] Step 6:
[0293] The server implements permission changes based on administrator instructions. The input is the permission change instruction approved or modified by the administrator. This is used to apply user permissions to the system, enabling real-time permission management. The output is the updated permission settings.
[0294] Step 7:
[0295] If abnormal access is detected, the server immediately sends a warning to the management device. The input is access information identified as abnormal by the AI model. Based on this information, a warning is issued to prompt the administrator to take swift action. The output is the warning notification information displayed on the administrator's terminal.
[0296] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0297] This invention provides a system that makes permission settings more adaptive and personal by incorporating an emotion engine that recognizes user emotions, in addition to AI-powered permission management.
[0298] The central component of this invention is the collection of each user's access history by the server, which is stored in a database. The server further collects emotional data related to the user's behavior and utilizes an emotion engine to analyze this data. The emotion engine analyzes the emotional state of the user when using the system and provides the results to the server's generation system.
[0299] The generation system not only evaluates permissions according to typical usage patterns, but also takes into account emotional information obtained from the emotion engine to propose permission settings appropriate for the user. These suggestions may include permission adjustments to reduce the user's burden if emotional stress or dissatisfaction is indicated. Furthermore, it allows for prioritizing the granting of permissions involving important decision-making to users in appropriate emotional states.
[0300] The administrator reviews the proposed permission changes via their terminal and approves or modifies them as needed. The server promptly reflects the administrator's approved proposals and automatically updates the user's permission settings.
[0301] As a concrete example, consider a scenario where User C is assigned a sudden project. The server, using its emotion engine, detects that User C's emotional state is changing under stress different from normal work. In this case, the AI adjusts the permissions and tasks that might cause User C stress and suggests a more appropriate role. This method enables flexible permission management that also considers emotional states, simultaneously achieving increased work efficiency and improved user satisfaction.
[0302] This system can continuously improve the permission setting optimization process by incorporating emotion-based feedback into its generation system. This allows permission settings to evolve to suit the system's usage environment and the user's psychological state.
[0303] The following describes the processing flow.
[0304] Step 1:
[0305] The server collects each user's access history and associated sentiment data. Sentiment data is obtained through devices and software that analyze the user's facial expressions, voice tone, input patterns, etc., during their interactions. This data is securely stored in a database.
[0306] Step 2:
[0307] The server inputs the collected access history and sentiment data into the generation system. In the generation system, AI is used to analyze the user's usage patterns and sentiment trends. Through this analysis, it evaluates in what situations the user is and what emotional state they are in, and identifies the emotional impact during system usage.
[0308] Step 3:
[0309] Based on the sentiment analysis results and the user's past authority usage history, the server proposes an optimal authority setting for the user. At this time, if stress or dissatisfaction is suggested from the sentiment data, authority adjustments for reducing the user's workload are also considered. The proposal includes adding, deleting, or adjusting authorities.
[0310] Step 4:
[0311] Through the terminal, a list of the proposed authorities is presented to the administrator. The administrator reviews this proposal while considering the user's business situation and emotional state. If necessary, the administrator can approve, modify, or reject the proposal.
[0312] Step 5:
[0313] When the administrator approves the authority proposal on the terminal, the server automatically updates the user's authority settings. This update is performed in real-time, and the changes are immediately reflected. Thereby, optimal authorities for the user are ensured.
[0314] Step 6:
[0315] The server continuously audits the user's emotional state and access history to improve the accuracy of the authority settings. This process is important for maintaining the adaptability of the entire system in response to changes in the user's business environment and psychological state.
[0316] (Example 2)
[0317] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".
[0318] Current access control systems typically evaluate permissions based on user access history, making it difficult to consider biometric data or emotional states. This can lead to permission settings that disregard user psychology, causing stress and frustration, and reducing work efficiency. Furthermore, flexible and adaptive access control utilizing generative AI models is needed, but achieving this requires further ingenuity.
[0319] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0320] In this invention, the server includes means for collecting user usage history and biometric data, means for using an emotion engine to analyze the collected biometric data and identify the user's emotional state, and means for inputting prompt messages into a generated AI model based on the analysis results and usage history, and evaluating the user's permissions. This makes it possible to propose appropriate permission changes considering the user's emotional state, thereby reducing stress and improving work efficiency.
[0321] "User usage history" refers to access information when a user operates the system, and includes data such as which functions were accessed, the date and time, and the duration of use.
[0322] "Biometric data" refers to information about a user's physical and physiological state, including data that can lead to the identification of their emotional state, such as heart rate, facial expressions, and voice tone.
[0323] An "emotion engine" is a technology that analyzes collected biometric data to identify a user's emotional state, and refers to a system that utilizes voice analysis and facial recognition algorithms.
[0324] A "generative AI model" refers to artificial intelligence technology that analyzes data and generates suggestions based on given prompts, and provides decision support using machine learning algorithms.
[0325] A "prompt statement" refers to a text in the form of input used to give instructions to a generative AI model, and is used to guide the model's response based on specific requirements or conditions.
[0326] This invention is a flexible access control system that uses user usage history and biometric data, and has a configuration that allows for the optimization of access rights while taking into account the user's emotional state.
[0327] The server is responsible for collecting user access history and biometric data. Access history includes records of operations within the system, the date and time of access, and the functions used. Biometric data includes heart rate and facial expression data, acquired through wearable devices and connected cameras. This data is stored in a database.
[0328] Next, the server activates an emotion engine to evaluate the user's emotional state using biometric data. The emotion engine utilizes voice analysis software and facial recognition algorithms to identify the user's real-time psychological state. If high stress levels or dissatisfaction are detected, this information is stored in a database on the server.
[0329] Subsequently, the server's generation system uses a generation AI model to input the collected data into the model in the form of prompt statements, optimizing user permission settings. For example, a prompt statement for the generation AI model could be: "Based on user C's emotional data when taking on a new project, suggest appropriate permissions and work assignments to reduce stress."
[0330] This process ultimately displays the proposed permission changes on the administrator's terminal. The administrator reviews these proposals, makes adjustments as needed, and then approves the final settings. The moment this approval is received by the server, the user's permissions are automatically updated, enabling them to handle new tasks.
[0331] This embodiment makes it possible to reduce the psychological burden on users and optimize the work environment. This invention aims to simultaneously achieve improved user satisfaction and increased work efficiency.
[0332] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0333] Step 1:
[0334] The server collects user access history and biometric data. Specifically, it uses hardware such as wearable devices and cameras to acquire user heart rate and facial expression data. It receives user system operation logs and real-time biometric data as input and stores them in a database. The output is the usage history and biometric data stored in the database.
[0335] Step 2:
[0336] The server uses an emotion engine to analyze the collected biometric data. The emotion engine uses voice analysis and facial recognition technology to evaluate the user's stress level and emotional state. The input is the accumulated biometric data, and by analyzing this data, the user's emotional state is identified. The output is the analyzed emotional evaluation result, which is stored in a database.
[0337] Step 3:
[0338] The server generation system inputs prompt messages into a generation AI model, which then evaluates and proposes user permission settings. Specifically, it combines sentiment evaluation results and access history to create prompt messages, which are then input into the AI model. The inputs are sentiment evaluation results and usage history. The generation AI model processes the data and outputs optimized permission suggestions. The output is the proposed content of the permission changes.
[0339] Step 4:
[0340] Administrators using terminals can review permission change proposals provided by the generation system. Administrators can review the proposals on the terminal and make adjustments as needed. The input is the permission proposal sent from the server, and the output is the permission settings approved or modified by the administrator.
[0341] Step 5:
[0342] The server immediately applies the permission changes approved by the administrator and updates the user's access rights. This ensures the user has the latest permissions corresponding to their new role. The input is the permission settings finally approved by the administrator, and the output is the updated user access rights.
[0343] (Application Example 2)
[0344] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."
[0345] Traditional access control systems often assign fixed permissions without considering the user's emotional state, making it difficult to respond flexibly to different user situations. In particular, when users are stressed or anxious, it may be impossible to grant appropriate permissions, potentially leading to decreased productivity and hindering work efficiency. To address these problems, there is a need for systems that evaluate user emotions in real time and automatically adjust permission settings based on those evaluations.
[0346] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0347] In this invention, the server includes means for collecting user access history and emotional state, means for analyzing the collected data and using an emotional engine to evaluate the emotional state, and means for evaluating user permissions based on the emotional state using a generation system. This enables the proposal and application of flexible permission changes that take emotional state into consideration.
[0348] "User access history" refers to information that records an individual's behavior and access patterns when using a system.
[0349] "Emotional state" refers to information about the psychological and emotional condition a user exhibits when using the system.
[0350] An "emotion engine" is a software mechanism used to analyze and evaluate a user's emotional state.
[0351] A "generation system" is a system used to dynamically evaluate user permissions based on collected data and propose appropriate permission changes.
[0352] "Permission changes" refer to altering the range of functions a user can use and the information they can access.
[0353] An "automatic application mechanism" is a process that has the functionality to immediately reflect proposed permission changes without manual intervention from the administrator.
[0354] "Periodic permission audits" is a process of reviewing user permission settings at predetermined time intervals to ensure that no inappropriate permissions are set.
[0355] The system for implementing this invention mainly consists of a server, a user's mobile device, and a management terminal. The server collects and analyzes the user's access history and emotional state. The user's mobile device has a sensor function to grasp the emotional state and sends facial expressions and voice to the emotion engine. The emotion engine analyzes the collected data and quantitatively evaluates the user's emotional state. This evaluation result is transmitted to the server.
[0356] Based on the evaluation results, the server proposes optimal permission settings to the user through a generation system. Because the generation system is linked to a cloud database, it continuously learns by referencing collected access history and sentiment data. This enables more accurate permission suggestions. The management terminal provides an interface for approving or modifying proposed permission changes. Through this interface, administrators can adjust permissions as needed. Approved permission changes are automatically executed by the server, immediately updating the user's permission settings.
[0357] As a concrete example, consider a scenario where a user attempts to access a specific meeting room in an office building. The server can use an emotion engine to detect if the user is feeling anxious, and based on that data, it can temporarily restrict access to the meeting room while also suggesting alternative facilities.
[0358] An example of a prompt to input into the generating AI model is, "Data indicates the user is feeling anxious. Please suggest appropriate access permissions for the meeting room in this situation." Based on this prompt, the server can make appropriate permission suggestions.
[0359] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0360] Step 1:
[0361] When a user enters the office with their device, the device's sensors capture the user's facial expressions and voice. This data is pre-processed within the device and sent to the emotion engine. The input is the raw data acquired by the sensors, and the output is the data converted into the data format required for emotion analysis.
[0362] Step 2:
[0363] The emotion engine analyzes data sent from the device and evaluates the user's emotional state. Specifically, it uses machine learning algorithms to extract emotional features from the input data. The input to this process is processed data from sensors, and the output is a quantified evaluation of the emotional state.
[0364] Step 3:
[0365] The server receives evaluation results from the emotion engine and stores them in a cloud database along with the user's access history. The server analyzes this data and sends it to the generation system. The inputs are emotional states and access history, and the output are evaluation metrics necessary for permission settings.
[0366] Step 4:
[0367] The generation system uses a generation AI model to generate optimal permission suggestions based on data from the server. The input is evaluation metrics received from the server, and the output is the permission suggestion prompt. Specifically, it performs inference using a machine learning model.
[0368] Step 5:
[0369] The server sends the generated permission proposal to the management terminal. The management terminal displays an interface for approving or modifying the permission proposal. The input is a prompt from the generation system, and the output is the final permission setting based on the administrator's judgment.
[0370] Step 6:
[0371] After the administrator approves or modifies the permission proposal, the result is sent back to the server, and the user's permission settings are automatically updated. The server applies the new permission settings immediately. The input is the administrator's decision, and the output is the updated user permission status.
[0372] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0373] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (Internet Search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0374] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart glasses 214.
[0375] [Third Embodiment]
[0376] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.
[0377] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.
[0378] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0379] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.
[0380] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0381] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0382] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0383] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0384] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0385] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0386] In the headset terminal 314, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0387] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the headset terminal 314 will be referred to as the "terminal".
[0388] This invention provides an AI-powered access control system that enables the efficient and accurate setting and management of user access rights.
[0389] In this invention, the server primarily plays the following roles. First, the server periodically collects each user's access history and stores it in a database. This data includes the user ID, access date and time, and details of the systems and functions used. Subsequently, the server inputs the stored data into an AI model to analyze the user's usage patterns. The AI model identifies the possibility of abnormal privilege usage or unauthorized access and evaluates whether the current privilege settings are optimal.
[0390] Based on this evaluation, the server generates optimal permission change proposals for each user. These proposals include removing excessive permissions and adding necessary permissions. The proposals are notified to the administrator, who reviews them via their terminal and approves or modifies them as needed. If the administrator approves, the server automatically applies the proposed permissions.
[0391] During the ongoing auditing process, the server collects user access history again and uses the new data to further improve the accuracy of permission settings. This process ensures transparency and security in permission settings, preventing unauthorized access and excessive privilege granting.
[0392] Examples of embodiments
[0393] For example, consider a case where user B is transferred from the sales department to the human resources department. The server detects that user B has started accessing the human resources system. On the other hand, the access history reveals that access to the sales department's related systems is no longer necessary. Based on this information, the AI model evaluates user B's permissions, proposes new permissions required for the human resources system, and recommends removing permissions for the sales system. Once the administrator approves this proposal on their terminal, the server automatically executes these permission changes, ensuring appropriate permission allocation.
[0394] As a result, a system is realized that allows for flexible management of permissions according to changes in user roles and other circumstances, thereby preventing human error and unauthorized access.
[0395] The following describes the processing flow.
[0396] Step 1:
[0397] The server periodically retrieves each user's access history and stores it in a centrally managed database. The access history includes user ID, system name, access date and time, and details of the functions and data used.
[0398] Step 2:
[0399] The server inputs accumulated access history data into a dedicated AI model for access control, which analyzes each user's usage patterns and trends. Based on past usage history, the AI model evaluates the possibility of abnormal access usage and signs of unauthorized access.
[0400] Step 3:
[0401] The server generates optimization proposals for each user's permissions based on the analysis results of the AI model. These proposals include suggestions for removing invalid or excessive permissions and granting newly required permissions. This allows for appropriate permission settings according to the user's job responsibilities.
[0402] Step 4:
[0403] The server notifies the administrator of the generated permission change proposals and provides an interface through the terminal to review these proposals. The administrator reviews the proposals and approves or modifies the permissions as appropriate.
[0404] Step 5:
[0405] Once a proposal is approved by the administrator, the server automatically updates the user's permission settings. This includes granting any necessary additional permissions and removing any unnecessary ones, with permission enforcement in real time.
[0406] Step 6:
[0407] The server maintains consistent permission management by continuously auditing access history to ensure that users' permission states are always optimal, and by re-executing the re-evaluation and suggestion process as soon as new patterns are detected.
[0408] (Example 1)
[0409] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0410] In today's information environment, a wide variety of systems and applications are used, making the proper management of user access rights extremely important. However, manual permission management methods are prone to human error and the granting of inappropriate permissions. Furthermore, quickly updating permissions in response to role changes is difficult. An efficient and accurate permission management system is needed to address these issues.
[0411] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0412] In this invention, the server includes means for collecting user usage records and storing them in a dedicated storage device, means for evaluating user privileges using a generative model that analyzes the stored usage records, and means for generating optimal privilege change proposals based on the evaluation results. This enables efficient and accurate management of user access privileges and allows for rapid privilege changes in response to changes in roles and circumstances.
[0413] A "user" refers to an individual or group that accesses and operates information systems and applications.
[0414] "Usage records" refer to data regarding the date and time a user accessed an account, the functions used, and the actions performed.
[0415] A "dedicated storage device" refers to a database or storage device used to efficiently store collected usage records for later analysis.
[0416] A "generative model" refers to an AI model that uses machine learning algorithms to analyze data and evaluate user permissions.
[0417] A "proposal for permission changes" refers to a suggestion regarding the addition or removal of access permissions that is deemed most appropriate based on the user's usage patterns.
[0418] "Administrator" refers to the person responsible for changing system settings, selecting terms of service, and approving or modifying proposed changes to permissions.
[0419] An "information processing system" refers to an entire system for inputting, analyzing, and outputting data, and includes servers, databases, AI models, and other components.
[0420] This invention provides an information processing system that efficiently manages and appropriately adjusts user access rights. The system primarily involves three entities: a server, a terminal, and a user.
[0421] The server collects user activity records at regular intervals. These records include the date and time of access, the functions used, and the details of the operations performed. This data is stored in a dedicated storage database. The server inputs the accumulated data into an AI model to analyze user activity patterns. This analysis includes functions to identify abnormal privilege usage and unauthorized access.
[0422] Based on the analysis results, the server generates the optimal permission change proposal. For example, for a user who has moved from the sales department to the human resources department, it will propose the addition of new necessary permissions and the removal of unnecessary ones. The proposed permission change proposal is notified to the administrator, who then reviews it via their terminal.
[0423] Administrators can use an interface on their terminal to approve or modify proposed permission changes. Approved changes are automatically applied, and the server updates permission information to reflect the changes in the relevant systems.
[0424] Furthermore, the server continuously collects usage records and performs periodic analysis using AI models. This continuously improves the accuracy of permission settings.
[0425] The following are example prompts used as input to the generated AI model.
[0426] Analyze the user's access history and propose appropriate permission changes based on their new role. Example: A user has moved from the Sales Department to the Human Resources Department.
[0427] This system allows for quick responses to changes in user roles and new business requirements, and prevents unauthorized access and incorrect permission assignments.
[0428] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0429] Step 1:
[0430] The server collects usage records for each user. It uses system log files as input, obtaining data such as user ID, access date and time, and the name of the function used. As output, this data is stored in a dedicated storage device in a specific format. Specifically, the server periodically accesses the log files and inserts new data into the corresponding tables in the database.
[0431] Step 2:
[0432] The server inputs the accumulated usage records into a generating AI model for analysis. The input is user usage records stored in a database. The output is an analysis result showing the user's usage patterns. Specifically, the server starts the AI model and supplies the usage record data to the model in bulk, allowing for the detection of potential abnormal privilege usage or unauthorized access.
[0433] Step 3:
[0434] The server generates proposed permission changes based on the analysis results and proposes them to the administrator. The input is the analysis results obtained from the AI model. The output includes specific permission change proposals, such as the removal of excessive permissions or the addition of necessary permissions. Specifically, the server notifies the administrator of the proposed changes via email or other means.
[0435] Step 4:
[0436] The administrator reviews the proposed permission changes on the terminal and approves or modifies them. The input is the proposed permission changes sent from the server. The output is the approved or modified permission changes. Specifically, the administrator reviews the proposed changes presented on the terminal's management screen, makes any necessary changes, and then presses the approve button.
[0437] Step 5:
[0438] The server automatically applies administrator-approved permission changes to the system. The input is the details of the administrator-approved permission changes. The output is the updated user permission information. Specifically, the server updates the permission information for the relevant system and application, and the new permission configuration is applied immediately.
[0439] Step 6:
[0440] The server continuously collects usage records and re-evaluates permission settings with the new data. The input is the updated usage records. The output is new analysis results aimed at further improving the accuracy of permission settings. Specifically, the server retrieves log data again, periodically performs analysis using an AI model, and optimizes permission settings.
[0441] (Application Example 1)
[0442] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0443] In user access management, a challenge is the increased risk of unauthorized access if appropriate permission settings are not maintained. Furthermore, if permission changes are not implemented properly, operational efficiency may decline. Additionally, if administrators cannot quickly detect unauthorized access, security may be compromised.
[0444] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0445] In this invention, the server includes means for collecting user activity history, means for evaluating user privileges using an analysis system that analyzes the collected activity history, and means for sending a warning to a management device when abnormal access occurs. This enables appropriate setting and management of access privileges and rapid detection and response to unauthorized access.
[0446] "Activity history" refers to records of the date and time a user accessed a website, as well as the systems and functions they used.
[0447] An "analysis system" is a system that analyzes collected behavioral history data to detect user usage patterns and evaluate access permissions.
[0448] "Permission assessment" refers to the evaluation process used to determine whether the access permissions a user currently possesses are appropriate.
[0449] A "proposal for permission changes" refers to a suggestion to modify the current permission settings, generated based on the user's permission evaluation results.
[0450] A "management device" refers to a terminal used by administrators to review, approve, or modify proposed permission changes.
[0451] A "warning" is a notification issued to an administrator when unusual access or suspicious use of privileges is detected.
[0452] The system used to implement this application is primarily operated by a server. The server collects user activity history into a database and inputs this data into an AI-powered analysis system. The analysis system analyzes the collected activity history and evaluates user usage patterns. Specifically, it determines whether user access is potentially abnormal and evaluates whether the permission settings are appropriate. Based on the evaluation results, the server generates a proposed permission change and sends it to the management device. Key components of this process include data analysis software equipped with an AI model and a database management system that manages access history. This allows administrators to grasp the possibility of unauthorized access in real time and take appropriate action immediately. In addition, if abnormal access is detected, the server sends a warning notification to the administrator's terminal. This ensures that a system is in place to respond immediately in the event of a user error or fraudulent activity.
[0453] As a concrete example, one company implemented this system, and when a user transferred from the sales department to the human resources department, the system allowed for a rapid change in access permissions, significantly improving operational efficiency. Furthermore, the unauthorized access warning function enabled the company to proactively avoid potential security incidents.
[0454] By utilizing generative AI models, it is possible to automatically manage access and permissions, and continuously optimize the system.
[0455] An example of a prompt message is: "Please propose an AI-powered access control system. Include an alert system to enhance security."
[0456] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0457] Step 1:
[0458] The server collects user activity history data. Input includes log data containing user ID, access date and time, and details of the systems and functions used. This data is stored in a database to prepare the basic data necessary for later analysis. The output is the activity history data stored in the database.
[0459] Step 2:
[0460] The server inputs the collected behavioral history data into an AI-based analysis system. The input is the user behavioral history data accumulated earlier. By running this data through an AI model, the system analyzes user usage patterns and identifies abnormal permission usage. The output is the permission evaluation result for each user.
[0461] Step 3:
[0462] The server generates permission change proposals based on evaluation results from an AI model. The input is the permission evaluation results obtained from the AI model, and based on this evaluation, it generates suggestions such as removing excessive permissions or adding necessary permissions. The output is a specific permission change proposal for each user.
[0463] Step 4:
[0464] The server sends the generated permission change proposal to the management device. The input is the generated permission change proposal. This proposal is notified to the management device and made available for administrator review. The output is the proposal information displayed on the administrator's terminal.
[0465] Step 5:
[0466] After reviewing the proposed permission changes presented on the administrator's terminal, they approve or modify them. The input is the proposed permission changes sent by the server. Based on the administrator's judgment, if the proposed changes are approved, they are applied as is; if modifications are made, the modified content is sent to the server. The output is the approved or modified version of the proposed changes.
[0467] Step 6:
[0468] The server implements permission changes based on administrator instructions. The input is the permission change instruction approved or modified by the administrator. This is used to apply user permissions to the system, enabling real-time permission management. The output is the updated permission settings.
[0469] Step 7:
[0470] If abnormal access is detected, the server immediately sends a warning to the management device. The input is access information identified as abnormal by the AI model. Based on this information, a warning is issued to prompt the administrator to take swift action. The output is the warning notification information displayed on the administrator's terminal.
[0471] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0472] This invention provides a system that makes permission settings more adaptive and personal by incorporating an emotion engine that recognizes user emotions, in addition to AI-powered permission management.
[0473] The central component of this invention is the collection of each user's access history by the server, which is stored in a database. The server further collects emotional data related to the user's behavior and utilizes an emotion engine to analyze this data. The emotion engine analyzes the emotional state of the user when using the system and provides the results to the server's generation system.
[0474] The generation system not only evaluates permissions according to typical usage patterns, but also takes into account emotional information obtained from the emotion engine to propose permission settings appropriate for the user. These suggestions may include permission adjustments to reduce the user's burden if emotional stress or dissatisfaction is indicated. Furthermore, it allows for prioritizing the granting of permissions involving important decision-making to users in appropriate emotional states.
[0475] The administrator reviews the proposed permission changes via their terminal and approves or modifies them as needed. The server promptly reflects the administrator's approved proposals and automatically updates the user's permission settings.
[0476] As a concrete example, consider a scenario where User C is assigned a sudden project. The server, using its emotion engine, detects that User C's emotional state is changing under stress different from normal work. In this case, the AI adjusts the permissions and tasks that might cause User C stress and suggests a more appropriate role. This method enables flexible permission management that also considers emotional states, simultaneously achieving increased work efficiency and improved user satisfaction.
[0477] This system can continuously improve the permission setting optimization process by incorporating emotion-based feedback into its generation system. This allows permission settings to evolve to suit the system's usage environment and the user's psychological state.
[0478] The following describes the processing flow.
[0479] Step 1:
[0480] The server collects each user's access history and associated sentiment data. Sentiment data is obtained through devices and software that analyze the user's facial expressions, voice tone, input patterns, etc., during their interactions. This data is securely stored in a database.
[0481] Step 2:
[0482] The server inputs collected access history and sentiment data into a generation system. The generation system uses AI to analyze user usage patterns and emotional tendencies. This analysis evaluates the emotional state of users in different situations and identifies the emotional impact of system usage.
[0483] Step 3:
[0484] The server proposes optimal permission settings for the user based on sentiment analysis results and the user's past permission usage history. If stress or dissatisfaction is indicated by the sentiment data, permission adjustments to reduce the user's workload will also be considered. These suggestions may include adding, removing, or adjusting permissions.
[0485] Step 4:
[0486] The administrator is presented with a list of proposed permissions via the device. The administrator reviews these proposals, taking into account the user's work situation and emotional state. If necessary, the administrator can approve, modify, or reject the proposals.
[0487] Step 5:
[0488] When an administrator approves a permission proposal on their device, the server automatically updates the user's permission settings. This update is performed in real time, and changes are reflected immediately. This ensures that users have the most appropriate permissions.
[0489] Step 6:
[0490] The server continuously audits users' emotional states and access history to improve the accuracy of permission settings. This process is crucial for maintaining the overall system's adaptability in response to changes in users' work environments and psychological states.
[0491] (Example 2)
[0492] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0493] Current access control systems typically evaluate permissions based on user access history, making it difficult to consider biometric data or emotional states. This can lead to permission settings that disregard user psychology, causing stress and frustration, and reducing work efficiency. Furthermore, flexible and adaptive access control utilizing generative AI models is needed, but achieving this requires further ingenuity.
[0494] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0495] In this invention, the server includes means for collecting user usage history and biometric data, means for using an emotion engine to analyze the collected biometric data and identify the user's emotional state, and means for inputting prompt messages into a generated AI model based on the analysis results and usage history, and evaluating the user's permissions. This makes it possible to propose appropriate permission changes considering the user's emotional state, thereby reducing stress and improving work efficiency.
[0496] "User usage history" refers to access information when a user operates the system, and includes data such as which functions were accessed, the date and time, and the duration of use.
[0497] "Biometric data" refers to information about a user's physical and physiological state, including data that can lead to the identification of their emotional state, such as heart rate, facial expressions, and voice tone.
[0498] An "emotion engine" is a technology that analyzes collected biometric data to identify a user's emotional state, and refers to a system that utilizes voice analysis and facial recognition algorithms.
[0499] A "generative AI model" refers to artificial intelligence technology that analyzes data and generates suggestions based on given prompts, and provides decision support using machine learning algorithms.
[0500] A "prompt statement" refers to a text in the form of input used to give instructions to a generative AI model, and is used to guide the model's response based on specific requirements or conditions.
[0501] This invention is a flexible access control system that uses user usage history and biometric data, and has a configuration that allows for the optimization of access rights while taking into account the user's emotional state.
[0502] The server is responsible for collecting user access history and biometric data. Access history includes records of operations within the system, the date and time of access, and the functions used. Biometric data includes heart rate and facial expression data, acquired through wearable devices and connected cameras. This data is stored in a database.
[0503] Next, the server activates an emotion engine to evaluate the user's emotional state using biometric data. The emotion engine utilizes voice analysis software and facial recognition algorithms to identify the user's real-time psychological state. If high stress levels or dissatisfaction are detected, this information is stored in a database on the server.
[0504] Subsequently, the server's generation system uses a generation AI model to input the collected data into the model in the form of prompt statements, optimizing user permission settings. For example, a prompt statement for the generation AI model could be: "Based on user C's emotional data when taking on a new project, suggest appropriate permissions and work assignments to reduce stress."
[0505] This process ultimately displays the proposed permission changes on the administrator's terminal. The administrator reviews these proposals, makes adjustments as needed, and then approves the final settings. The moment this approval is received by the server, the user's permissions are automatically updated, enabling them to handle new tasks.
[0506] This embodiment makes it possible to reduce the psychological burden on users and optimize the work environment. This invention aims to simultaneously achieve improved user satisfaction and increased work efficiency.
[0507] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0508] Step 1:
[0509] The server collects user access history and biometric data. Specifically, it uses hardware such as wearable devices and cameras to acquire user heart rate and facial expression data. It receives user system operation logs and real-time biometric data as input and stores them in a database. The output is the usage history and biometric data stored in the database.
[0510] Step 2:
[0511] The server uses an emotion engine to analyze the collected biometric data. The emotion engine uses voice analysis and facial recognition technology to evaluate the user's stress level and emotional state. The input is the accumulated biometric data, and by analyzing this data, the user's emotional state is identified. The output is the analyzed emotional evaluation result, which is stored in a database.
[0512] Step 3:
[0513] The server generation system inputs prompt messages into a generation AI model, which then evaluates and proposes user permission settings. Specifically, it combines sentiment evaluation results and access history to create prompt messages, which are then input into the AI model. The inputs are sentiment evaluation results and usage history. The generation AI model processes the data and outputs optimized permission suggestions. The output is the proposed content of the permission changes.
[0514] Step 4:
[0515] Administrators using terminals can review permission change proposals provided by the generation system. Administrators can review the proposals on the terminal and make adjustments as needed. The input is the permission proposal sent from the server, and the output is the permission settings approved or modified by the administrator.
[0516] Step 5:
[0517] The server immediately applies the permission changes approved by the administrator and updates the user's access rights. This ensures the user has the latest permissions corresponding to their new role. The input is the permission settings finally approved by the administrator, and the output is the updated user access rights.
[0518] (Application Example 2)
[0519] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."
[0520] Traditional access control systems often assign fixed permissions without considering the user's emotional state, making it difficult to respond flexibly to different user situations. In particular, when users are stressed or anxious, it may be impossible to grant appropriate permissions, potentially leading to decreased productivity and hindering work efficiency. To address these problems, there is a need for systems that evaluate user emotions in real time and automatically adjust permission settings based on those evaluations.
[0521] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0522] In this invention, the server includes means for collecting user access history and emotional state, means for analyzing the collected data and using an emotional engine to evaluate the emotional state, and means for evaluating user permissions based on the emotional state using a generation system. This enables the proposal and application of flexible permission changes that take emotional state into consideration.
[0523] "User access history" refers to information that records an individual's behavior and access patterns when using a system.
[0524] "Emotional state" refers to information about the psychological and emotional condition a user exhibits when using the system.
[0525] An "emotion engine" is a software mechanism used to analyze and evaluate a user's emotional state.
[0526] A "generation system" is a system used to dynamically evaluate user permissions based on collected data and propose appropriate permission changes.
[0527] "Permission changes" refer to altering the range of functions a user can use and the information they can access.
[0528] An "automatic application mechanism" is a process that has the functionality to immediately reflect proposed permission changes without manual intervention from the administrator.
[0529] "Periodic permission audits" is a process of reviewing user permission settings at predetermined time intervals to ensure that no inappropriate permissions are set.
[0530] The system for implementing this invention mainly consists of a server, a user's mobile device, and a management terminal. The server collects and analyzes the user's access history and emotional state. The user's mobile device has a sensor function to grasp the emotional state and sends facial expressions and voice to the emotion engine. The emotion engine analyzes the collected data and quantitatively evaluates the user's emotional state. This evaluation result is transmitted to the server.
[0531] Based on the evaluation results, the server proposes optimal permission settings to the user through a generation system. Because the generation system is linked to a cloud database, it continuously learns by referencing collected access history and sentiment data. This enables more accurate permission suggestions. The management terminal provides an interface for approving or modifying proposed permission changes. Through this interface, administrators can adjust permissions as needed. Approved permission changes are automatically executed by the server, immediately updating the user's permission settings.
[0532] As a concrete example, consider a scenario where a user attempts to access a specific meeting room in an office building. The server can use an emotion engine to detect if the user is feeling anxious, and based on that data, it can temporarily restrict access to the meeting room while also suggesting alternative facilities.
[0533] An example of a prompt to input into the generating AI model is, "Data indicates the user is feeling anxious. Please suggest appropriate access permissions for the meeting room in this situation." Based on this prompt, the server can make appropriate permission suggestions.
[0534] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0535] Step 1:
[0536] When a user enters the office with their device, the device's sensors capture the user's facial expressions and voice. This data is pre-processed within the device and sent to the emotion engine. The input is the raw data acquired by the sensors, and the output is the data converted into the data format required for emotion analysis.
[0537] Step 2:
[0538] The emotion engine analyzes data sent from the device and evaluates the user's emotional state. Specifically, it uses machine learning algorithms to extract emotional features from the input data. The input to this process is processed data from sensors, and the output is a quantified evaluation of the emotional state.
[0539] Step 3:
[0540] The server receives evaluation results from the emotion engine and stores them in a cloud database along with the user's access history. The server analyzes this data and sends it to the generation system. The inputs are emotional states and access history, and the output are evaluation metrics necessary for permission settings.
[0541] Step 4:
[0542] The generation system uses a generation AI model to generate optimal permission suggestions based on data from the server. The input is evaluation metrics received from the server, and the output is the permission suggestion prompt. Specifically, it performs inference using a machine learning model.
[0543] Step 5:
[0544] The server sends the generated permission proposal to the management terminal. The management terminal displays an interface for approving or modifying the permission proposal. The input is a prompt from the generation system, and the output is the final permission setting based on the administrator's judgment.
[0545] Step 6:
[0546] After the administrator approves or modifies the permission proposal, the result is sent back to the server, and the user's permission settings are automatically updated. The server applies the new permission settings immediately. The input is the administrator's decision, and the output is the updated user permission status.
[0547] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0548] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (Internet Search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0549] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and specific processing may also be performed by the headset terminal 314.
[0550] [Fourth Embodiment]
[0551] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.
[0552] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.
[0553] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0554] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.
[0555] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0556] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).
[0557] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0558] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. Furthermore, the robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.
[0559] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0560] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.
[0561] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.
[0562] In robot 414, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.
[0563] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0564] This invention provides an AI-powered access control system that enables the efficient and accurate setting and management of user access rights.
[0565] In this invention, the server primarily plays the following roles. First, the server periodically collects each user's access history and stores it in a database. This data includes the user ID, access date and time, and details of the systems and functions used. Subsequently, the server inputs the stored data into an AI model to analyze the user's usage patterns. The AI model identifies the possibility of abnormal privilege usage or unauthorized access and evaluates whether the current privilege settings are optimal.
[0566] Based on this evaluation, the server generates optimal permission change proposals for each user. These proposals include removing excessive permissions and adding necessary permissions. The proposals are notified to the administrator, who reviews them via their terminal and approves or modifies them as needed. If the administrator approves, the server automatically applies the proposed permissions.
[0567] During the ongoing auditing process, the server collects user access history again and uses the new data to further improve the accuracy of permission settings. This process ensures transparency and security in permission settings, preventing unauthorized access and excessive privilege granting.
[0568] Examples of embodiments
[0569] For example, consider a case where user B is transferred from the sales department to the human resources department. The server detects that user B has started accessing the human resources system. On the other hand, the access history reveals that access to the sales department's related systems is no longer necessary. Based on this information, the AI model evaluates user B's permissions, proposes new permissions required for the human resources system, and recommends removing permissions for the sales system. Once the administrator approves this proposal on their terminal, the server automatically executes these permission changes, ensuring appropriate permission allocation.
[0570] As a result, a system is realized that allows for flexible management of permissions according to changes in user roles and other circumstances, thereby preventing human error and unauthorized access.
[0571] The following describes the processing flow.
[0572] Step 1:
[0573] The server periodically retrieves each user's access history and stores it in a centrally managed database. The access history includes user ID, system name, access date and time, and details of the functions and data used.
[0574] Step 2:
[0575] The server inputs accumulated access history data into a dedicated AI model for access control, which analyzes each user's usage patterns and trends. Based on past usage history, the AI model evaluates the possibility of abnormal access usage and signs of unauthorized access.
[0576] Step 3:
[0577] The server generates optimization proposals for each user's permissions based on the analysis results of the AI model. These proposals include suggestions for removing invalid or excessive permissions and granting newly required permissions. This allows for appropriate permission settings according to the user's job responsibilities.
[0578] Step 4:
[0579] The server notifies the administrator of the generated permission change proposals and provides an interface through the terminal to review these proposals. The administrator reviews the proposals and approves or modifies the permissions as appropriate.
[0580] Step 5:
[0581] Once a proposal is approved by the administrator, the server automatically updates the user's permission settings. This includes granting any necessary additional permissions and removing any unnecessary ones, with permission enforcement in real time.
[0582] Step 6:
[0583] The server maintains consistent permission management by continuously auditing access history to ensure that users' permission states are always optimal, and by re-executing the re-evaluation and suggestion process as soon as new patterns are detected.
[0584] (Example 1)
[0585] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0586] In today's information environment, a wide variety of systems and applications are used, making the proper management of user access rights extremely important. However, manual permission management methods are prone to human error and the granting of inappropriate permissions. Furthermore, quickly updating permissions in response to role changes is difficult. An efficient and accurate permission management system is needed to address these issues.
[0587] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.
[0588] In this invention, the server includes means for collecting user usage records and storing them in a dedicated storage device, means for evaluating user privileges using a generative model that analyzes the stored usage records, and means for generating optimal privilege change proposals based on the evaluation results. This enables efficient and accurate management of user access privileges and allows for rapid privilege changes in response to changes in roles and circumstances.
[0589] A "user" refers to an individual or group that accesses and operates information systems and applications.
[0590] "Usage records" refer to data regarding the date and time a user accessed an account, the functions used, and the actions performed.
[0591] A "dedicated storage device" refers to a database or storage device used to efficiently store collected usage records for later analysis.
[0592] A "generative model" refers to an AI model that uses machine learning algorithms to analyze data and evaluate user permissions.
[0593] A "proposal for permission changes" refers to a suggestion regarding the addition or removal of access permissions that is deemed most appropriate based on the user's usage patterns.
[0594] "Administrator" refers to the person responsible for changing system settings, selecting terms of service, and approving or modifying proposed changes to permissions.
[0595] An "information processing system" refers to an entire system for inputting, analyzing, and outputting data, and includes servers, databases, AI models, and other components.
[0596] This invention provides an information processing system that efficiently manages and appropriately adjusts user access rights. The system primarily involves three entities: a server, a terminal, and a user.
[0597] The server collects user activity records at regular intervals. These records include the date and time of access, the functions used, and the details of the operations performed. This data is stored in a dedicated storage database. The server inputs the accumulated data into an AI model to analyze user activity patterns. This analysis includes functions to identify abnormal privilege usage and unauthorized access.
[0598] Based on the analysis results, the server generates the optimal permission change proposal. For example, for a user who has moved from the sales department to the human resources department, it will propose the addition of new necessary permissions and the removal of unnecessary ones. The proposed permission change proposal is notified to the administrator, who then reviews it via their terminal.
[0599] Administrators can use an interface on their terminal to approve or modify proposed permission changes. Approved changes are automatically applied, and the server updates permission information to reflect the changes in the relevant systems.
[0600] Furthermore, the server continuously collects usage records and performs periodic analysis using AI models. This continuously improves the accuracy of permission settings.
[0601] The following are example prompts used as input to the generated AI model.
[0602] Analyze the user's access history and propose appropriate permission changes based on their new role. Example: A user has moved from the Sales Department to the Human Resources Department.
[0603] This system allows for quick responses to changes in user roles and new business requirements, and prevents unauthorized access and incorrect permission assignments.
[0604] The flow of the specific processing in Example 1 will be explained using Figure 11.
[0605] Step 1:
[0606] The server collects usage records for each user. It uses system log files as input, obtaining data such as user ID, access date and time, and the name of the function used. As output, this data is stored in a dedicated storage device in a specific format. Specifically, the server periodically accesses the log files and inserts new data into the corresponding tables in the database.
[0607] Step 2:
[0608] The server inputs the accumulated usage records into a generating AI model for analysis. The input is user usage records stored in a database. The output is an analysis result showing the user's usage patterns. Specifically, the server starts the AI model and supplies the usage record data to the model in bulk, allowing for the detection of potential abnormal privilege usage or unauthorized access.
[0609] Step 3:
[0610] The server generates proposed permission changes based on the analysis results and proposes them to the administrator. The input is the analysis results obtained from the AI model. The output includes specific permission change proposals, such as the removal of excessive permissions or the addition of necessary permissions. Specifically, the server notifies the administrator of the proposed changes via email or other means.
[0611] Step 4:
[0612] The administrator reviews the proposed permission changes on the terminal and approves or modifies them. The input is the proposed permission changes sent from the server. The output is the approved or modified permission changes. Specifically, the administrator reviews the proposed changes presented on the terminal's management screen, makes any necessary changes, and then presses the approve button.
[0613] Step 5:
[0614] The server automatically applies administrator-approved permission changes to the system. The input is the details of the administrator-approved permission changes. The output is the updated user permission information. Specifically, the server updates the permission information for the relevant system and application, and the new permission configuration is applied immediately.
[0615] Step 6:
[0616] The server continuously collects usage records and re-evaluates permission settings with the new data. The input is the updated usage records. The output is new analysis results aimed at further improving the accuracy of permission settings. Specifically, the server retrieves log data again, periodically performs analysis using an AI model, and optimizes permission settings.
[0617] (Application Example 1)
[0618] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0619] In user access management, a challenge is the increased risk of unauthorized access if appropriate permission settings are not maintained. Furthermore, if permission changes are not implemented properly, operational efficiency may decline. Additionally, if administrators cannot quickly detect unauthorized access, security may be compromised.
[0620] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.
[0621] In this invention, the server includes means for collecting user activity history, means for evaluating user privileges using an analysis system that analyzes the collected activity history, and means for sending a warning to a management device when abnormal access occurs. This enables appropriate setting and management of access privileges and rapid detection and response to unauthorized access.
[0622] "Activity history" refers to records of the date and time a user accessed a website, as well as the systems and functions they used.
[0623] An "analysis system" is a system that analyzes collected behavioral history data to detect user usage patterns and evaluate access permissions.
[0624] "Permission assessment" refers to the evaluation process used to determine whether the access permissions a user currently possesses are appropriate.
[0625] A "proposal for permission changes" refers to a suggestion to modify the current permission settings, generated based on the user's permission evaluation results.
[0626] A "management device" refers to a terminal used by administrators to review, approve, or modify proposed permission changes.
[0627] A "warning" is a notification issued to an administrator when unusual access or suspicious use of privileges is detected.
[0628] The system used to implement this application is primarily operated by a server. The server collects user activity history into a database and inputs this data into an AI-powered analysis system. The analysis system analyzes the collected activity history and evaluates user usage patterns. Specifically, it determines whether user access is potentially abnormal and evaluates whether the permission settings are appropriate. Based on the evaluation results, the server generates a proposed permission change and sends it to the management device. Key components of this process include data analysis software equipped with an AI model and a database management system that manages access history. This allows administrators to grasp the possibility of unauthorized access in real time and take appropriate action immediately. In addition, if abnormal access is detected, the server sends a warning notification to the administrator's terminal. This ensures that a system is in place to respond immediately in the event of a user error or fraudulent activity.
[0629] As a concrete example, one company implemented this system, and when a user transferred from the sales department to the human resources department, the system allowed for a rapid change in access permissions, significantly improving operational efficiency. Furthermore, the unauthorized access warning function enabled the company to proactively avoid potential security incidents.
[0630] By utilizing generative AI models, it is possible to automatically manage access and permissions, and continuously optimize the system.
[0631] An example of a prompt message is: "Please propose an AI-powered access control system. Include an alert system to enhance security."
[0632] The flow of a specific process in Application Example 1 will be explained using Figure 12.
[0633] Step 1:
[0634] The server collects user activity history data. Input includes log data containing user ID, access date and time, and details of the systems and functions used. This data is stored in a database to prepare the basic data necessary for later analysis. The output is the activity history data stored in the database.
[0635] Step 2:
[0636] The server inputs the collected behavioral history data into an AI-based analysis system. The input is the user behavioral history data accumulated earlier. By running this data through an AI model, the system analyzes user usage patterns and identifies abnormal permission usage. The output is the permission evaluation result for each user.
[0637] Step 3:
[0638] The server generates permission change proposals based on evaluation results from an AI model. The input is the permission evaluation results obtained from the AI model, and based on this evaluation, it generates suggestions such as removing excessive permissions or adding necessary permissions. The output is a specific permission change proposal for each user.
[0639] Step 4:
[0640] The server sends the generated permission change proposal to the management device. The input is the generated permission change proposal. This proposal is notified to the management device and made available for administrator review. The output is the proposal information displayed on the administrator's terminal.
[0641] Step 5:
[0642] After reviewing the proposed permission changes presented on the administrator's terminal, they approve or modify them. The input is the proposed permission changes sent by the server. Based on the administrator's judgment, if the proposed changes are approved, they are applied as is; if modifications are made, the modified content is sent to the server. The output is the approved or modified version of the proposed changes.
[0643] Step 6:
[0644] The server implements permission changes based on administrator instructions. The input is the permission change instruction approved or modified by the administrator. This is used to apply user permissions to the system, enabling real-time permission management. The output is the updated permission settings.
[0645] Step 7:
[0646] If abnormal access is detected, the server immediately sends a warning to the management device. The input is access information identified as abnormal by the AI model. Based on this information, a warning is issued to prompt the administrator to take swift action. The output is the warning notification information displayed on the administrator's terminal.
[0647] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.
[0648] This invention provides a system that makes permission settings more adaptive and personal by incorporating an emotion engine that recognizes user emotions, in addition to AI-powered permission management.
[0649] The central component of this invention is the collection of each user's access history by the server, which is stored in a database. The server further collects emotional data related to the user's behavior and utilizes an emotion engine to analyze this data. The emotion engine analyzes the emotional state of the user when using the system and provides the results to the server's generation system.
[0650] The generation system not only evaluates permissions according to typical usage patterns, but also takes into account emotional information obtained from the emotion engine to propose permission settings appropriate for the user. These suggestions may include permission adjustments to reduce the user's burden if emotional stress or dissatisfaction is indicated. Furthermore, it allows for prioritizing the granting of permissions involving important decision-making to users in appropriate emotional states.
[0651] The administrator reviews the proposed permission changes via their terminal and approves or modifies them as needed. The server promptly reflects the administrator's approved proposals and automatically updates the user's permission settings.
[0652] As a concrete example, consider a scenario where User C is assigned a sudden project. The server, using its emotion engine, detects that User C's emotional state is changing under stress different from normal work. In this case, the AI adjusts the permissions and tasks that might cause User C stress and suggests a more appropriate role. This method enables flexible permission management that also considers emotional states, simultaneously achieving increased work efficiency and improved user satisfaction.
[0653] This system can continuously improve the permission setting optimization process by incorporating emotion-based feedback into its generation system. This allows permission settings to evolve to suit the system's usage environment and the user's psychological state.
[0654] The following describes the processing flow.
[0655] Step 1:
[0656] The server collects each user's access history and associated sentiment data. Sentiment data is obtained through devices and software that analyze the user's facial expressions, voice tone, input patterns, etc., during their interactions. This data is securely stored in a database.
[0657] Step 2:
[0658] The server inputs collected access history and sentiment data into a generation system. The generation system uses AI to analyze user usage patterns and emotional tendencies. This analysis evaluates the emotional state of users in different situations and identifies the emotional impact of system usage.
[0659] Step 3:
[0660] The server proposes optimal permission settings for the user based on sentiment analysis results and the user's past permission usage history. If stress or dissatisfaction is indicated by the sentiment data, permission adjustments to reduce the user's workload will also be considered. These suggestions may include adding, removing, or adjusting permissions.
[0661] Step 4:
[0662] The administrator is presented with a list of proposed permissions via the device. The administrator reviews these proposals, taking into account the user's work situation and emotional state. If necessary, the administrator can approve, modify, or reject the proposals.
[0663] Step 5:
[0664] When an administrator approves a permission proposal on their device, the server automatically updates the user's permission settings. This update is performed in real time, and changes are reflected immediately. This ensures that users have the most appropriate permissions.
[0665] Step 6:
[0666] The server continuously audits users' emotional states and access history to improve the accuracy of permission settings. This process is crucial for maintaining the overall system's adaptability in response to changes in users' work environments and psychological states.
[0667] (Example 2)
[0668] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0669] Current access control systems typically evaluate permissions based on user access history, making it difficult to consider biometric data or emotional states. This can lead to permission settings that disregard user psychology, causing stress and frustration, and reducing work efficiency. Furthermore, flexible and adaptive access control utilizing generative AI models is needed, but achieving this requires further ingenuity.
[0670] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.
[0671] In this invention, the server includes means for collecting user usage history and biometric data, means for using an emotion engine to analyze the collected biometric data and identify the user's emotional state, and means for inputting prompt messages into a generated AI model based on the analysis results and usage history, and evaluating the user's permissions. This makes it possible to propose appropriate permission changes considering the user's emotional state, thereby reducing stress and improving work efficiency.
[0672] "User usage history" refers to access information when a user operates the system, and includes data such as which functions were accessed, the date and time, and the duration of use.
[0673] "Biometric data" refers to information about a user's physical and physiological state, including data that can lead to the identification of their emotional state, such as heart rate, facial expressions, and voice tone.
[0674] An "emotion engine" is a technology that analyzes collected biometric data to identify a user's emotional state, and refers to a system that utilizes voice analysis and facial recognition algorithms.
[0675] A "generative AI model" refers to artificial intelligence technology that analyzes data and generates suggestions based on given prompts, and provides decision support using machine learning algorithms.
[0676] A "prompt statement" refers to a text in the form of input used to give instructions to a generative AI model, and is used to guide the model's response based on specific requirements or conditions.
[0677] This invention is a flexible access control system that uses user usage history and biometric data, and has a configuration that allows for the optimization of access rights while taking into account the user's emotional state.
[0678] The server is responsible for collecting user access history and biometric data. Access history includes records of operations within the system, the date and time of access, and the functions used. Biometric data includes heart rate and facial expression data, acquired through wearable devices and connected cameras. This data is stored in a database.
[0679] Next, the server activates an emotion engine to evaluate the user's emotional state using biometric data. The emotion engine utilizes voice analysis software and facial recognition algorithms to identify the user's real-time psychological state. If high stress levels or dissatisfaction are detected, this information is stored in a database on the server.
[0680] Subsequently, the server's generation system uses a generation AI model to input the collected data into the model in the form of prompt statements, optimizing user permission settings. For example, a prompt statement for the generation AI model could be: "Based on user C's emotional data when taking on a new project, suggest appropriate permissions and work assignments to reduce stress."
[0681] This process ultimately displays the proposed permission changes on the administrator's terminal. The administrator reviews these proposals, makes adjustments as needed, and then approves the final settings. The moment this approval is received by the server, the user's permissions are automatically updated, enabling them to handle new tasks.
[0682] This embodiment makes it possible to reduce the psychological burden on users and optimize the work environment. This invention aims to simultaneously achieve improved user satisfaction and increased work efficiency.
[0683] The flow of the specific processing in Example 2 will be explained using Figure 13.
[0684] Step 1:
[0685] The server collects user access history and biometric data. Specifically, it uses hardware such as wearable devices and cameras to acquire user heart rate and facial expression data. It receives user system operation logs and real-time biometric data as input and stores them in a database. The output is the usage history and biometric data stored in the database.
[0686] Step 2:
[0687] The server uses an emotion engine to analyze the collected biometric data. The emotion engine uses voice analysis and facial recognition technology to evaluate the user's stress level and emotional state. The input is the accumulated biometric data, and by analyzing this data, the user's emotional state is identified. The output is the analyzed emotional evaluation result, which is stored in a database.
[0688] Step 3:
[0689] The server generation system inputs prompt messages into a generation AI model, which then evaluates and proposes user permission settings. Specifically, it combines sentiment evaluation results and access history to create prompt messages, which are then input into the AI model. The inputs are sentiment evaluation results and usage history. The generation AI model processes the data and outputs optimized permission suggestions. The output is the proposed content of the permission changes.
[0690] Step 4:
[0691] Administrators using terminals can review permission change proposals provided by the generation system. Administrators can review the proposals on the terminal and make adjustments as needed. The input is the permission proposal sent from the server, and the output is the permission settings approved or modified by the administrator.
[0692] Step 5:
[0693] The server immediately applies the permission changes approved by the administrator and updates the user's access rights. This ensures the user has the latest permissions corresponding to their new role. The input is the permission settings finally approved by the administrator, and the output is the updated user access rights.
[0694] (Application Example 2)
[0695] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".
[0696] Traditional access control systems often assign fixed permissions without considering the user's emotional state, making it difficult to respond flexibly to different user situations. In particular, when users are stressed or anxious, it may be impossible to grant appropriate permissions, potentially leading to decreased productivity and hindering work efficiency. To address these problems, there is a need for systems that evaluate user emotions in real time and automatically adjust permission settings based on those evaluations.
[0697] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.
[0698] In this invention, the server includes means for collecting user access history and emotional state, means for analyzing the collected data and using an emotional engine to evaluate the emotional state, and means for evaluating user permissions based on the emotional state using a generation system. This enables the proposal and application of flexible permission changes that take emotional state into consideration.
[0699] "User access history" refers to information that records an individual's behavior and access patterns when using a system.
[0700] "Emotional state" refers to information about the psychological and emotional condition a user exhibits when using the system.
[0701] An "emotion engine" is a software mechanism used to analyze and evaluate a user's emotional state.
[0702] A "generation system" is a system used to dynamically evaluate user permissions based on collected data and propose appropriate permission changes.
[0703] "Permission changes" refer to altering the range of functions a user can use and the information they can access.
[0704] An "automatic application mechanism" is a process that has the functionality to immediately reflect proposed permission changes without manual intervention from the administrator.
[0705] "Periodic permission audits" is a process of reviewing user permission settings at predetermined time intervals to ensure that no inappropriate permissions are set.
[0706] The system for implementing this invention mainly consists of a server, a user's mobile device, and a management terminal. The server collects and analyzes the user's access history and emotional state. The user's mobile device has a sensor function to grasp the emotional state and sends facial expressions and voice to the emotion engine. The emotion engine analyzes the collected data and quantitatively evaluates the user's emotional state. This evaluation result is transmitted to the server.
[0707] Based on the evaluation results, the server proposes optimal permission settings to the user through a generation system. Because the generation system is linked to a cloud database, it continuously learns by referencing collected access history and sentiment data. This enables more accurate permission suggestions. The management terminal provides an interface for approving or modifying proposed permission changes. Through this interface, administrators can adjust permissions as needed. Approved permission changes are automatically executed by the server, immediately updating the user's permission settings.
[0708] As a concrete example, consider a scenario where a user attempts to access a specific meeting room in an office building. The server can use an emotion engine to detect if the user is feeling anxious, and based on that data, it can temporarily restrict access to the meeting room while also suggesting alternative facilities.
[0709] An example of a prompt to input into the generating AI model is, "Data indicates the user is feeling anxious. Please suggest appropriate access permissions for the meeting room in this situation." Based on this prompt, the server can make appropriate permission suggestions.
[0710] The flow of a specific process in Application Example 2 will be explained using Figure 14.
[0711] Step 1:
[0712] When a user enters the office with their device, the device's sensors capture the user's facial expressions and voice. This data is pre-processed within the device and sent to the emotion engine. The input is the raw data acquired by the sensors, and the output is the data converted into the data format required for emotion analysis.
[0713] Step 2:
[0714] The emotion engine analyzes data sent from the device and evaluates the user's emotional state. Specifically, it uses machine learning algorithms to extract emotional features from the input data. The input to this process is processed data from sensors, and the output is a quantified evaluation of the emotional state.
[0715] Step 3:
[0716] The server receives evaluation results from the emotion engine and stores them in a cloud database along with the user's access history. The server analyzes this data and sends it to the generation system. The inputs are emotional states and access history, and the output are evaluation metrics necessary for permission settings.
[0717] Step 4:
[0718] The generation system uses a generation AI model to generate optimal permission suggestions based on data from the server. The input is evaluation metrics received from the server, and the output is the permission suggestion prompt. Specifically, it performs inference using a machine learning model.
[0719] Step 5:
[0720] The server sends the generated permission proposal to the management terminal. The management terminal displays an interface for approving or modifying the permission proposal. The input is a prompt from the generation system, and the output is the final permission setting based on the administrator's judgment.
[0721] Step 6:
[0722] After the administrator approves or modifies the permission proposal, the result is sent back to the server, and the user's permission settings are automatically updated. The server applies the new permission settings immediately. The input is the administrator's decision, and the output is the updated user permission status.
[0723] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0724] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (Internet Search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.
[0725] In the above embodiment, an example was given in which the specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the robot 414.
[0726] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.
[0727] Figure 9 shows an emotion map 400 in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.
[0728] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.
[0729] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.
[0730] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, motorcycles, etc., emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated, for example, based on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.
[0731] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."
[0732] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.
[0733] The above description primarily focuses on the functions of the data processing device 12 in relation to this disclosure. However, the system related to this disclosure is not necessarily implemented on a server. The system related to this disclosure may be implemented as a general information processing system. This disclosure may be implemented, for example, as a software program that runs on a personal computer or as an application that runs on a smartphone. The method related to this disclosure may be provided to users in SaaS (Software as a Service) format.
[0734] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing of the specific process may be performed by multiple computers, including computer 22. For example, a data generation model 58 may be provided in an external device of the data processing device 12, and the external device may generate data according to the input data.
[0735] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.
[0736] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.
[0737] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.
[0738] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.
[0739] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.
[0740] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.
[0741] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.
[0742] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and the like that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.
[0743] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.
[0744] The following is further disclosed regarding the embodiments described above.
[0745] (Claim 1)
[0746] Means for collecting user access history,
[0747] A means of evaluating user privileges using a generation system that analyzes collected access history,
[0748] A means for generating proposed permission changes based on the evaluation results,
[0749] A means to automatically apply proposed permission changes,
[0750] A means of regularly auditing authority and reporting the results,
[0751] A system that includes this.
[0752] (Claim 2)
[0753] The system according to claim 1, comprising means for the generation system to continuously learn and sequentially improve the user's authority evaluation.
[0754] (Claim 3)
[0755] The system according to claim 1, including an interface for an administrator to approve or modify proposed permission changes.
[0756] "Example 1"
[0757] (Claim 1)
[0758] A means for collecting user usage records and storing them in a dedicated storage device,
[0759] A means of evaluating user permissions using a generative model that analyzes accumulated usage records,
[0760] A means for generating the optimal authority change proposal based on the evaluation results,
[0761] A means of notifying the administrator of the generated permission change proposal,
[0762] A means to automatically apply proposed authority changes after approval,
[0763] A means of continuously collecting usage records and improving permission settings with new data,
[0764] Information processing device including
[0765] (Claim 2)
[0766] The information processing apparatus according to claim 1, comprising means for a generative model to continuously learn and for sequentially improving the results of the analysis of usage records.
[0767] (Claim 3)
[0768] The information processing device according to claim 1, including a user screen for an administrator to approve or modify the generated permission change proposal.
[0769] "Application Example 1"
[0770] (Claim 1)
[0771] A configuration means for collecting user behavior history,
[0772] A configuration means for evaluating user permissions using an analysis system that analyzes collected behavioral history,
[0773] A configuration means for generating proposed authority changes based on evaluation results,
[0774] A configuration means for automatically applying proposed changes to authority,
[0775] A configuration means for periodically checking permissions and notifying the results,
[0776] A configuration means for sending a warning to a management device when there is abnormal access,
[0777] A system that includes this.
[0778] (Claim 2)
[0779] The system according to claim 1, comprising a configuration means for the analysis system to continuously learn and sequentially improve the user's authority evaluation.
[0780] (Claim 3)
[0781] The system according to claim 1, comprising a means for an administrator to approve or modify a proposed change in authority.
[0782] "Example 2 of combining an emotion engine"
[0783] (Claim 1)
[0784] Means for collecting user usage history and biometric data,
[0785] A method using an emotion engine that analyzes collected biometric data to identify the user's emotional state,
[0786] A means of inputting prompt messages into a generated AI model based on analysis results and usage history, and evaluating user permissions,
[0787] A means for generating proposed permission changes that take emotional states into account based on the evaluation results,
[0788] A means including a device for the administrator to approve or modify the proposed permission changes,
[0789] A means to automatically apply permission changes approved by the administrator,
[0790] A system that includes this.
[0791] (Claim 2)
[0792] The system according to claim 1, further comprising means for the generation system to continuously learn and sequentially improve the user's authority evaluation by taking into account the emotional state obtained from biometric data analysis.
[0793] (Claim 3)
[0794] The system according to claim 1, further comprising means for suggesting emotion-based feedback and adjusting permissions to reduce the user's burden when it is determined that the user's emotional state is inappropriate based on the analysis results.
[0795] "Application example 2 when combining with an emotional engine"
[0796] (Claim 1)
[0797] Means for collecting user access history and emotional state,
[0798] A method that uses an emotion engine to analyze collected data and evaluate emotional states,
[0799] A means of evaluating user permissions based on emotional state using a generation system,
[0800] A means to generate proposed permission changes and dynamically adjust them according to emotional states,
[0801] A means to automatically apply proposed permission changes,
[0802] A means of regularly auditing authority and reporting the results,
[0803] A system that includes this.
[0804] (Claim 2)
[0805] The system according to claim 1, comprising means for the generation system to continuously learn and sequentially improve the user's emotional state and authority evaluation.
[0806] (Claim 3)
[0807] The system according to claim 1, including an interface for an administrator to approve or modify proposed permission changes. [Explanation of symbols]
[0808] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots< / url:> < / url:> < / url:> < / url:>
Claims
1. Means for collecting user behavior history, An analytical system that analyzes collected behavioral history is used to evaluate user permissions, A means for generating proposed authority changes based on the evaluation results, A means to automatically apply proposed changes to authority, A means to periodically check permissions and notify the results, A means of sending a warning to the management device when there is abnormal access, A system that includes this.
2. The system according to claim 1, comprising means for the analysis system to continuously learn and sequentially improve the user's authority evaluation.
3. The system according to claim 1, comprising a dialogue means for an administrator to approve or modify a proposed change in authority.