system

The system effectively detects and responds to suspicious electronic communications by identifying sources and generating automated responses, addressing the inadequacies of current systems in protecting users from threats like spam and phishing.

JP2026105305APending Publication Date: 2026-06-26SOFTBANK GROUP CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
SOFTBANK GROUP CORP
Filing Date
2024-12-16
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Current systems are inadequate in quickly and effectively detecting suspicious electronic communications, identifying their sources, and generating automated responses to protect users from threats such as spam and phishing emails, especially impacting vulnerable groups like the elderly.

Method used

A system that includes a server for detecting and analyzing suspicious communications, identifying the source, generating automated responses, collecting evidence, and sharing information with legal authorities, utilizing AI models and secure storage to ensure user safety.

Benefits of technology

Enables rapid detection and response to suspicious communications, identifying sources, and collecting evidence for legal action, thereby enhancing user security and protecting against financial losses.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026105305000001_ABST
    Figure 2026105305000001_ABST
Patent Text Reader

Abstract

We provide the system. [Solution] A means of detecting suspicious electronic communications, A means for analyzing information in order to identify the source of the suspicious electronic communication, Means for generating and sending a response to the aforementioned sender, A means for collecting information from the sender in the aforementioned response, A means for storing the collected information as evidence, Means for sharing the aforementioned evidence with the appropriate authorities for legal action, A system that includes this.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The technology of the present disclosure relates to a system.

Background Art

[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, including steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a chatbot character, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance in response to the user utterance.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] Suspicious electronic communications, especially spam emails and phishing emails, continue unabated, and their methods are becoming increasingly sophisticated with technological progress. As a result, certain groups such as the elderly continue to suffer financial losses. To address such threats, a system is needed that can quickly and effectively detect suspicious communications and collect evidence necessary for legal measures against the senders, but the current technology has not fully achieved this.

Means for Solving the Problems

[0006] "Suspicious electronic communications" refers to questionable emails or messages sent with the intent of illegally obtaining the recipient's information or causing harm to the recipient.

[0007] "Detection means" refers to methods and technologies that use programs or devices to identify and pinpoint suspicious electronic communications.

[0008] "Means of identifying the source" refers to technologies and methods for analyzing information about the sender of suspicious electronic communications and revealing their identity and the location of the source.

[0009] "Means for generating and sending responses" refers to technologies that use artificial intelligence or other technologies to automatically create and send reply messages in response to suspicious electronic communications received.

[0010] "Means of collecting information" refers to methods and technologies for extracting useful data from electronic communications, and for analyzing and recording it.

[0011] "Means of preserving as evidence" refers to the techniques and methods for safely and reliably storing collected information so that it can be referenced or used later.

[0012] "Means of sharing with agencies for legal action" refers to the methods and processes for sharing collected and stored information with appropriate government and judicial agencies for legal proceedings against criminal activity. [Brief explanation of the drawing]

[0013] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10] This shows an emotion map where multiple emotions are mapped. [Figure 11] This is a sequence diagram showing the processing flow of the data processing system in Example 1. [Figure 12] This is a sequence diagram showing the processing flow of the data processing system in Application Example 1. [Figure 13] This is a sequence diagram showing the processing flow of the data processing system in Example 2, which incorporates an emotion engine. [Figure 14] This is a sequence diagram showing the processing flow of the data processing system in Application Example 2, which combines an emotion engine. [Modes for carrying out the invention]

[0014] An example of an embodiment of the system according to the technology of the present disclosure will be described below with reference to the accompanying drawings.

[0015] First, the terms used in the following description will be explained.

[0016] In the following embodiments, the numbered processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of multiple arithmetic units. Also, the processor may be a single type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), a GPGPU (General-Purpose computing on Graphics Processing Units), an APU (Accelerated Processing Unit), and the like.

[0017] In the following embodiments, the numbered RAM (Random Access Memory) is a memory in which information is temporarily stored and is used as a work memory by the processor.

[0018] In the following embodiments, the numbered storage is one or more non-volatile storage devices that store various programs and various parameters, etc. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes, etc.

[0019] In the following embodiments, the signed communication interface (I / F) is an interface that includes a communication processor and an antenna, etc. The communication interface manages communication between multiple computers. Examples of communication standards applicable to the communication interface include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).

[0020] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B." That is, "A and / or B" means that it may be A alone, or B alone, or a combination of A and B. Furthermore, in this specification, the same concept as "A and / or B" applies when expressing three or more things linked by "and / or."

[0021] [First Embodiment]

[0022] Figure 1 shows an example of the configuration of the data processing system 10 according to the first embodiment.

[0023] As shown in Figure 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.

[0024] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0025] The smart device 14 comprises a computer 36, a reception device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The reception device 38, output device 40, and camera 42 are also connected to the bus 52.

[0026] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, etc., and receives user input. The touch panel 38A receives user input by detecting contact with an object (e.g., a pen or finger). The microphone 38B receives user input by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the data indicating the user input.

[0027] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user 20 by outputting the data in a form perceptible to the user 20 (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.

[0028] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.

[0029] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.

[0030] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.

[0031] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0032] In the smart device 14, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The reception output program 60 is used in conjunction with a specific processing program 56 by the data processing system 10. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0033] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".

[0034] To implement this invention, the server, terminal, and user must each play their respective roles. In this system, the server is primarily responsible for detecting suspicious electronic communications, identifying the source, preserving evidence, and sharing data with legal authorities. The terminal performs the tasks of generating and transmitting responses to suspicious communications. The specific operations are described below.

[0035] The server operates in addition to the standard email filtering system, automatically scanning incoming emails. At this stage, an AI model is used to analyze whether an email is potentially spam or phishing, detecting suspicious patterns. Suspicious emails detected are then identified for further processing.

[0036] The server attempts to identify the sender by analyzing the details of the identified suspicious email. It analyzes the IP address and domain information contained in the email header and compares it against a database of known malicious senders to try and identify the sender. This information analysis aims to reveal the true identity of the sender as much as possible.

[0037] The device automatically generates a response email in response to suspicious electronic communications. This AI-generated response includes content suggesting the recipient is interested and requesting further information. The purpose of the response email is to extract additional information from the sender and generate a more detailed exchange.

[0038] The server then performs evaluation analysis on the information obtained, aggregating and storing information about the senders of suspicious communications. The stored data is treated as evidence in preparation for legal proceedings and is kept in highly secure storage.

[0039] As a concrete example, suppose a user receives a suspicious phishing email. The server immediately scans the email and determines it is suspicious. Next, the device generates and sends an automated response to the email. If the sender responds, the server analyzes its contents and stores it as evidence. Then, it verifies detailed information about the sender and, if necessary, shares this information with law enforcement agencies to support further investigation and appropriate legal action.

[0040] This system is expected to enhance the security of electronic communications and protect users from threats caused by suspicious emails.

[0041] The following describes the processing flow.

[0042] Step 1:

[0043] The server monitors new emails in the inbox and scans all emails with an AI model. The AI ​​analyzes the content of the emails and sender information to identify suspicious patterns and signs of phishing. Suspicious emails are flagged as suspicious.

[0044] Step 2:

[0045] Further analysis is performed on emails flagged as suspicious by the server. The IP address and domain are extracted from the email header and compared against a database of known malicious senders. If this comparison indicates the sender is unreliable, further investigation is required.

[0046] Step 3:

[0047] The device receives instructions from the server and uses AI to automatically generate a response to the sender of the suspicious email. The response email is designed to elicit additional information from the sender. The generated response is then sent from the device to the sender.

[0048] Step 4:

[0049] The server receives the reply from the sender and analyzes its contents. This analysis may reveal the sender's intentions and methods, and facilitates the collection of more specific information. The server records all information obtained through this exchange.

[0050] Step 5:

[0051] The server stores the collected information as evidence. This evidence, crucial for legal proceedings, is stored in an encrypted database to ensure security. The database is subject to strict access control.

[0052] Step 6:

[0053] The server provides collected evidence data to law enforcement agencies as needed. Collaboration with law enforcement agencies assists in the investigation of criminal activity and facilitates the implementation of legal action against the perpetrator. This process enables victim protection and prevention of recurrence.

[0054] (Example 1)

[0055] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."

[0056] In modern digital communications, suspicious data can lead to the leakage of personal information and unauthorized access. While there is a need for protection systems that can respond immediately to such threats, current systems face challenges in identifying the source and analyzing suspicious data, making rapid response difficult.

[0057] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0058] In this invention, the server includes means for detecting suspicious data, means for analyzing information to identify the source of the data, and means for generating an automated response and collecting additional information from the source. This makes it possible to deal with suspicious data quickly and effectively, and to streamline the identification of the source and information collection.

[0059] "Suspicious data" refers to data that is determined to be potentially related to spam, phishing, malware, or other malicious purposes while using a communication network.

[0060] The "source" refers to the original location, IP address, or domain from which suspicious data was transmitted, and is the element that marks the beginning of the communication.

[0061] An "artificial intelligence model" refers to a computer program or algorithm that utilizes machine learning and data analysis techniques to perform pattern recognition and prediction.

[0062] An "automated response" refers to a message that is generated by a specific algorithm or program and sent back to the source based on pre-set conditions.

[0063] "Storage area" refers to physical or virtual storage space designed for the long-term storage and management of digital data.

[0064] "Analysis" refers to data processing techniques used to investigate and understand detailed information about each element of data, and in particular includes the act of identifying the characteristics and source of suspicious data.

[0065] "Evidence" refers to information that is stored as data to meet legal requirements, including past communications, the truthfulness of their content, and information about the sender.

[0066] In implementing this invention, the server, terminal, and user each play specific roles. These details are described below.

[0067] First, the server receives electronic communications via a network interface. The received communications are scanned by a generative AI model implemented in the email filtering system. Specifically, analysis software running on the server performs pattern recognition based on the content and header information within the emails to detect suspicious data. This analysis process may utilize open-source machine learning libraries or commercial AI tools.

[0068] Next, when the server detects suspicious data, it attempts to identify its source. The server analyzes the IP address and domain information contained in the email header and attempts to identify the source by comparing it with a database of known malicious sources. Database management software is used for this identification process and is utilized to efficiently manage information on remote malicious hosts.

[0069] Subsequently, the device generates an automated response email. The content of the response email is optimized using a generation AI model to be of interest to the recipient. Specifically, a template-based email generation system dynamically modifies the content through the generation AI, allowing for the extraction of additional information from the sender. Email client software is also used in this process to send the response.

[0070] Next, the server analyzes the response from the source and securely stores the information in a database. This data is used as evidence in preparation for legal proceedings. The stored information is backed up and stored long-term through a highly secure storage provider.

[0071] As a concrete example, consider a scenario where a user receives a suspicious email. The server immediately scans the email, and if it determines it to be suspicious, the terminal automatically generates and sends a response. If the sender responds, the server analyzes its contents and stores the results in reliable storage. As a result, information can be quickly provided to legal authorities as needed.

[0072] An example of a prompt message might be: "Scan new emails and assess their spam potential. Based on the results, create and send an automated response that will attract the sender's attention. Analyze the responses from the senders, store them in a database, and prepare to share them with law enforcement agencies."

[0073] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0074] Step 1:

[0075] The server receives new electronic communications through the network. These communications contain message data, such as emails. The server first receives this data as input and scans it through a generative AI model. Specifically, it analyzes the text and attachments within the received messages to detect signs of spam and phishing. The detection results are output as a flag indicating whether the message is suspicious or not.

[0076] Step 2:

[0077] For data flagged as suspicious, the server performs analysis to identify the source. This analysis uses email header information, IP addresses, and domain names as input. It consults a database of known malicious sources to process the data and determine the precise location and reliability of the source. Finally, information related to the identification of the source is output.

[0078] Step 3:

[0079] For identified suspicious sources, the terminal generates and sends an automated response. In this process, a generative AI model is used to generate messages that the recipient is likely to be interested in. The AI ​​automatically constructs a document and generates an output message optimized to attract the recipient's attention. This output message is then sent to the source.

[0080] Step 4:

[0081] Once the source sends a response, the server analyzes its contents again. At this stage, the previous response and the new reply are used as input to perform data calculations aimed at identifying the source in more detail and collecting new information. Specifically, this involves understanding the source's intent and accumulating further evidence. The output of this process is the data of the newly collected information and evidence.

[0082] Step 5:

[0083] Finally, the server stores all the collected information in a secure database. The stored data is used for legal proceedings and subsequent analysis. This step involves entering all the information into the database and organizing the data for accurate recording. As output, a completed storage status is generated, maintaining a secure storage state.

[0084] (Application Example 1)

[0085] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."

[0086] In today's information society, individuals and organizations are exposed to a massive volume of electronic communications every day. These include suspicious communications, such as phishing emails, which can pose serious risks such as data breaches and property losses. However, because it is difficult to quickly and effectively detect these suspicious communications and identify their origins, individuals and organizations are currently unable to adequately address them. In particular, there is a need for methods to instantly detect suspicious communications and implement sophisticated responses on information processing devices used daily.

[0087] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0088] In this invention, the server includes means for detecting suspicious electronic communications, means for analyzing information to identify the source, and means for automatically generating and transmitting a response. This enables real-time detection of suspicious electronic communications on a smartphone, allowing for rapid identification of the source and subsequent investigation.

[0089] "Suspicious electronic communications" are electronic messages that deviate from normal communication patterns and may have adverse effects on the recipient.

[0090] "Means of analyzing information to identify the source" refers to methods of analyzing communication content and related metadata in order to identify the source of electronic communications.

[0091] "Means for automatically generating and sending responses" refers to a mechanism for automatically creating and sending responses to target communications based on specific criteria.

[0092] "Means of collecting information" refers to the process of gathering and storing necessary information from the target communications.

[0093] "Means of preserving as legal evidence" refers to methods of securely storing collected information in a format that can be used for legal proceedings.

[0094] "Means for accessing a communication medium to realize the above means on a smartphone" refers to technology for connecting to the network and communication environment necessary for the suspicious communication detection system to function on a smart device.

[0095] A "generative artificial intelligence model" is a type of machine learning-based artificial intelligence used to generate responses or solutions to specific tasks.

[0096] A "prompt statement" is an instruction given to an AI model to guide it to a desired response.

[0097] To implement this invention, the server, terminal, and user each play a specific role. The server is responsible for the central function of detecting suspicious electronic communications, while the terminal generates and sends automated responses. The server operates in addition to a standard email filtering system and performs data analysis using a generative AI model to detect suspicious electronic communications. Specifically, it employs a mechanism to scan incoming emails, analyze whether they may be spam or phishing, and quickly detect suspicious patterns.

[0098] Furthermore, the server attempts to identify the sender from the email header information. This involves using software that performs cross-referencing with known databases and analyzes IP addresses and domain information. By utilizing programming languages ​​including Python and machine learning libraries such as TENSORFLOW®, AI models can be built, enabling highly accurate analysis.

[0099] On the terminal side, an automated response to suspicious communications is sent via the SMTP library installed in the smartphone. This response is generated using a generative AI model, and its content is optimized using a prompt. A specific example of a prompt is, "Analyze the newly received email and detect any suspicious patterns. Also, if possible, generate an automated response to identify the sender."

[0100] These mechanisms allow users to quickly detect suspicious emails and take further action based on advanced information. By utilizing this system, the risks associated with electronic communications can be significantly reduced, and concrete measures can be taken to address them appropriately.

[0101] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0102] Step 1:

[0103] The server scans incoming electronic communications in real time. The input data consists of the message body and header information of emails received by the user. A generative AI model is used to analyze patterns that may indicate spam or phishing. If the scan results in a suspicious electronic communication, the email is identified for further processing.

[0104] Step 2:

[0105] The server analyzes the IP address and domain information contained in the email header to identify the source of suspicious electronic communications. The input data is the email header information. The information analysis is performed by comparing it with known malicious source data. This process clarifies the sender information of the source. The analysis result will be either that the source has been identified or that it cannot be identified.

[0106] Step 3:

[0107] The device generates an automated response email in response to identified suspicious communications. The input consists of the email content obtained in Step 1 and the sender information identified in Step 2. A generation AI model is used to optimize the response based on the prompt. Specifically, the prompt "Analyze newly received emails to detect suspicious patterns. Also, generate an automated response to identify the sender, if possible." is used. The output is a response email containing content designed to extract further information from the sender.

[0108] Step 4:

[0109] The server monitors and analyzes replies from the sender after an automated response email is sent. The input is the reply email from the sender. The received reply is then analyzed again using an AI model to collect useful information. This aggregates detailed information about the sender of suspicious communications. The output is a set of information for legal action.

[0110] Step 5:

[0111] The server stores the aggregated caller information as evidence in secure storage. The input is the set of information collected in step 4. This information is managed with high security in preparation for future legal action. The output is a record of the stored data.

[0112] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0113] This invention combines a system that detects suspicious electronic communications, identifies the source, generates a response, and transmits it with an emotion engine that recognizes the user's emotions and optimizes the response. The specific configuration and operation of this system will be described below.

[0114] First, the server scans incoming emails in real time to identify suspicious patterns. The server uses an AI model to identify the characteristics of spam and phishing emails and flags them as suspicious.

[0115] Next, the server analyzes the email header information to identify the sender of the flagged email. During this process, it compares the IP address and domain against a known list of malicious emails to assess their reliability.

[0116] The device then uses AI and an emotion engine to generate a response email. This response reflects the user's emotional state and is customized to be the most effective response in their interaction with the sender. For example, if the user is feeling anxious, it will generate a more reassuring response.

[0117] The server sends a response email to the sender and then receives a reply. By analyzing the content of this reply, the sender's intentions and methods can be further identified.

[0118] Furthermore, user sentiment data is continuously learned by the sentiment engine. By utilizing past sentiment data, it becomes possible to formulate optimal response strategies for future suspicious emails.

[0119] As a concrete example, consider a scenario where a user receives a suspicious email and is frightened by its contents. The server identifies the email as suspicious, and the device uses an emotion engine to generate and send a polite and calm response that takes the user's emotions into consideration. This response aims to elicit additional information from the sender.

[0120] Ultimately, the collected information is stored as evidence on the server and shared with the appropriate authorities when considering legal action. This system allows for a more empathetic response to users' feelings and provides more effective protection against suspicious emails.

[0121] The following describes the processing flow.

[0122] Step 1:

[0123] The server scans incoming emails in real time and analyzes suspicious patterns using an AI model. If an email is deemed suspicious based on specific keywords or sender domains, it is flagged.

[0124] Step 2:

[0125] The server analyzes the header information of flagged emails to extract IP addresses and domain names. This information is then compared against a list of known malicious senders to assess the sender's trustworthiness. This information is used to attempt to identify the sender.

[0126] Step 3:

[0127] The device analyzes the user's emotions using an emotion engine. This process involves understanding the user's current emotional state and adjusting the style of response accordingly.

[0128] Step 4:

[0129] The device uses AI and an emotion engine to generate a response email to the sender. The generated email is customized to a more friendly or calm tone based on the user's emotions. This response aims to elicit additional information from the sender.

[0130] Step 5:

[0131] The server sends a generated response email and receives a reply from the sender. The reply is then analyzed to further identify the sender's intentions and the methods they are using.

[0132] Step 6:

[0133] The server aggregates the analysis results and stores them as evidence. This data is encrypted and securely stored to support future legal action against fraudulent activity.

[0134] Step 7:

[0135] The system uses an emotion engine to learn from past emotional data expressed by users, optimizing future responses to suspicious emails. This data is then used to develop the most appropriate response for each user.

[0136] (Example 2)

[0137] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".

[0138] Amidst the increase in suspicious data communications, there is a growing need to automatically generate effective responses that take into account the user's emotions and protect them from potential dangers. However, conventional systems are limited to simply detecting suspicious communications and identifying their sources, and have been unable to generate responses that are appropriate to the user's emotions. As a result, there has been a challenge in adequately mitigating situations that cause fear and anxiety in users and providing them with a sense of security.

[0139] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0140] In this invention, the server includes means for analyzing data communications in real time and detecting suspicious communications, means for analyzing information to identify the source of transmission and evaluate its reliability, and means for using artificial intelligence and natural language processing technology to generate responses while utilizing user sentiment data. This makes it possible to generate responses that are sensitive to the user's emotions, and effectively reduces the risks associated with suspicious communications.

[0141] "Suspicious data communication" refers to data exchanges that deviate from normal communication patterns and may be spam or phishing.

[0142] The "source" refers to the point of origin of a data communication, containing information such as the Internet Protocol (IP) address and domain from which the data communication originated.

[0143] "Response" refers to data that is given in response to suspicious data communication, and may include content that reflects the user's emotional state.

[0144] "Artificial intelligence" refers to the technology in which computer systems imitate human intellectual behavior and process information through emotion recognition and natural language processing.

[0145] "Natural language processing technology" refers to the technology used to enable computers to understand and respond appropriately to the language that humans use on a daily basis.

[0146] "Evidence" refers to a collection of information or data that is recorded or stored for use in later verification or legal proceedings.

[0147] "Emotional data" refers to information that quantifies or records a user's emotional state as attributes, and is used to optimize responses.

[0148] This system effectively protects users from suspicious communications by detecting suspicious data traffic, generating responses, and providing content optimized based on the user's sentiment. The server scans emails in real time and uses AI models to identify suspicious communication patterns. Emails deemed suspicious have their email headers analyzed to check if the sender's IP address and domain are included in known malicious lists. Machine learning frameworks such as TensorFlow and PyTorch are used for this process.

[0149] The device generates responses based on analysis results from the server, taking into account the user's emotional data. This utilizes natural language processing technology to customize the content to make the user feel at ease. The device also operates an emotion engine that learns from the user's past emotional data to improve the quality of the responses.

[0150] If a user receives a phishing email, for example, disguised as coming from a bank, the server will flag the email as suspicious, and the device will provide a response such as, "Please rest assured. Our security team is investigating this matter." This response aims to alleviate the user's anxiety while also gathering further information from the sender.

[0151] An example of a prompt from a generated AI model is, "Consider the most effective and reassuring response a user would give if they received a phishing email." This format allows the system to be more user-centric and provide a safer digital environment.

[0152] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0153] Step 1:

[0154] The server scans incoming data communications in real time. All received email data is taken in as input. Using an AI model, it analyzes the email body and header information, detecting suspicious patterns and flagging suspicious emails. Specifically, the server uses AI to detect emails where the sender requests an "urgent password change," and based on this, determines it is a phishing attempt.

[0155] Step 2:

[0156] The server identifies the source of the flagged email. The input here is the data of the email that was flagged as suspicious in step 1. The server extracts IP addresses and domain information from the email header and processes the data by comparing it against a known list of malicious sources. The output is the result of the source reliability assessment. Specifically, if the server detects that an email contains a "malicious IP," it will further analyze that email.

[0157] Step 3:

[0158] The terminal generates a response based on analysis results obtained from the server, taking into account the user's emotional state. The input for this step is the results of the reliability evaluation and the user's past emotional data. Using an emotion engine and natural language processing technology, data calculations are performed to generate a reassuring response email, and the output is a response email template. Specifically, if the user indicates "fear," the terminal generates a response such as, "Please rest assured. We are taking measures to address this."

[0159] Step 4:

[0160] The server sends the response email generated by the terminal to the source. The input is the response email generated in step 3. The server executes the email sending process and outputs the completion status of the sending. Specifically, the server confirms the success of the sending and saves that information as a record.

[0161] Step 5:

[0162] User behavior and emotional data are continuously learned by a connected emotion engine. The input for this step is raw data of the emotional responses the user has shown to emails. This data is then processed to update it and improve future response generation, resulting in an enhanced emotion dataset as output. Specifically, the system learns how to respond to responses that indicate the user's "reassurance," improving the quality of subsequent responses.

[0163] (Application Example 2)

[0164] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as a "server" and the smart device 14 as a "terminal".

[0165] In today's information society, security risks from suspicious communications, particularly phishing and spam emails, are increasing. Furthermore, simple filtering and blocking are insufficient countermeasures; it's necessary to consider the recipient's emotions and take the best possible action. However, conventional systems lack the functionality to automatically recognize such emotions and generate optimal responses. As a result, users face the challenge of having to deal with suspicious communications while experiencing anxiety and stress.

[0166] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0167] In this invention, the server includes means for detecting suspicious information communications, means for analyzing records to identify the source, and means for recognizing the user's emotional state and optimizing it to reflect in the response. This enables the user to deal with suspicious communications quickly and appropriately in a manner that takes their own emotional state into consideration.

[0168] "Suspicious information transmission" refers to the transmission of information without a legitimate purpose or intention, which may cause harm to the recipient.

[0169] "Originator" refers to the entity that sent the suspicious information or communication, or the location where the communication began.

[0170] "Records" refer to a broad collection of information, including data and log information related to suspicious communications.

[0171] A "response" is the reply information sent to the sender, and its content reflects the user's intentions and feelings.

[0172] "Emotional state" refers to the psychological reactions and feelings that users experience when they receive suspicious information or communications.

[0173] "Optimization means" refers to methods or devices that adjust the generated responses based on the user's emotional state to provide the most effective content.

[0174] "Legal action" refers to official procedures and actions taken in accordance with the law to deal with suspicious information and communications.

[0175] An "organization" is a group or institution that handles legal and technical issues related to suspicious information and communications.

[0176] In embodiments of this invention, the server first detects suspicious communications. The server scans emails in real time and uses an AI model to identify phishing and spam characteristics. Suspicious emails are flagged. Next, the email header information is analyzed to identify the source. This involves matching IP addresses and domains against a known list of malicious entities.

[0177] The device uses an emotion engine to recognize the user's emotional state. For example, the device recognizes the user's facial expressions through the camera and analyzes their emotional state based on that. The response is then customized based on the emotional state. This system operates on smartphones and other devices.

[0178] For example, if a user receives an email that says, "Please send funds to an unknown account," and feels uneasy, the device's emotion engine detects this emotional state. Based on this, it generates an automated reply to reassure the user. Using a generation AI model and prompt text, it might suggest something like, "This email is suspected to be a phishing attempt, please ignore it. Contact support if necessary."

[0179] In this invention, the server automates email processing using AWS® Lambda and builds an email analysis server using Python or Flask. Furthermore, TensorFlow or PyTorch is used for emotion recognition in the AI ​​model. This makes it possible to quickly and appropriately address suspicious communications while taking into consideration the user's emotions.

[0180] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0181] Step 1:

[0182] The server scans incoming emails in real time. In this process, the server inputs the email content as text data and uses an AI model to detect suspicious patterns. Suspicious emails are flagged as output. The suspicious features are based on common patterns found in spam and phishing emails.

[0183] Step 2:

[0184] The server analyzes the header information of flagged emails. Specifically, it takes the email's IP address and domain information as input and compares it against a known list of malicious accounts. The output generates an evaluation of whether the email sender is trustworthy. This process provides the data necessary for determining trustworthiness.

[0185] Step 3:

[0186] The device recognizes the emotional state of the user who receives the email. It acquires the user's facial expressions and voice data as input via sensors and analyzes their emotions using an emotion engine. The output generates an analysis result representing the emotional state, such as anxiety or surprise. This allows for an accurate understanding of the user's psychological state.

[0187] Step 4:

[0188] The device generates an appropriate response to suspicious emails based on analysis results from its emotion engine. It utilizes the email content and the user's emotional state as input, and uses a generative AI model to create a prompt. The output is an optimized response email to be sent. This process constructs a message designed to reassure the user.

[0189] Step 5:

[0190] The server sends an email to the sender based on the generated response. It then monitors the subsequent exchange and analyzes the response content. It uses sent responses and reply information as input and outputs a detailed understanding of the sender's intent. This gathers information to enable further countermeasures.

[0191] Step 6:

[0192] The server stores all relevant information as evidence. Email metadata and response history are recorded in the database as input. As output, records for legal action are accumulated. This storage process forms the foundation for future legal action.

[0193] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.

[0194] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> ), Gemini (registered trademark) (Internet search)<url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0195] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart device 14.

[0196] [Second Embodiment]

[0197] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.

[0198] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.

[0199] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0200] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.

[0201] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0202] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).

[0203] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0204] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0205] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.

[0206] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0207] In the smart glasses 214, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0208] Next, the identification processing performed by the identification processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".

[0209] To implement this invention, the server, terminal, and user must each play their respective roles. In this system, the server is primarily responsible for detecting suspicious electronic communications, identifying the source, preserving evidence, and sharing data with legal authorities. The terminal performs the tasks of generating and transmitting responses to suspicious communications. The specific operations are described below.

[0210] The server operates in addition to the standard email filtering system, automatically scanning incoming emails. At this stage, an AI model is used to analyze whether an email is potentially spam or phishing, detecting suspicious patterns. Suspicious emails detected are then identified for further processing.

[0211] The server attempts to identify the sender by analyzing the details of the identified suspicious email. It analyzes the IP address and domain information contained in the email header and compares it against a database of known malicious senders to try and identify the sender. This information analysis aims to reveal the true identity of the sender as much as possible.

[0212] The device automatically generates a response email in response to suspicious electronic communications. This AI-generated response includes content suggesting the recipient is interested and requesting further information. The purpose of the response email is to extract additional information from the sender and generate a more detailed exchange.

[0213] The server then performs evaluation analysis on the information obtained, aggregating and storing information about the senders of suspicious communications. The stored data is treated as evidence in preparation for legal proceedings and is kept in highly secure storage.

[0214] As a concrete example, suppose a user receives a suspicious phishing email. The server immediately scans the email and determines it is suspicious. Next, the device generates and sends an automated response to the email. If the sender responds, the server analyzes its contents and stores it as evidence. Then, it verifies detailed information about the sender and, if necessary, shares this information with law enforcement agencies to support further investigation and appropriate legal action.

[0215] This system is expected to enhance the security of electronic communications and protect users from threats caused by suspicious emails.

[0216] The following describes the processing flow.

[0217] Step 1:

[0218] The server monitors new emails in the inbox and scans all emails with an AI model. The AI ​​analyzes the content of the emails and sender information to identify suspicious patterns and signs of phishing. Suspicious emails are flagged as suspicious.

[0219] Step 2:

[0220] Further analysis is performed on emails flagged as suspicious by the server. The IP address and domain are extracted from the email header and compared against a database of known malicious senders. If this comparison indicates the sender is unreliable, further investigation is required.

[0221] Step 3:

[0222] The device receives instructions from the server and uses AI to automatically generate a response to the sender of the suspicious email. The response email is designed to elicit additional information from the sender. The generated response is then sent from the device to the sender.

[0223] Step 4:

[0224] The server receives the reply from the sender and analyzes its contents. This analysis may reveal the sender's intentions and methods, and facilitates the collection of more specific information. The server records all information obtained through this exchange.

[0225] Step 5:

[0226] The server stores the collected information as evidence. This evidence, crucial for legal proceedings, is stored in an encrypted database to ensure security. The database is subject to strict access control.

[0227] Step 6:

[0228] The server provides collected evidence data to law enforcement agencies as needed. Collaboration with law enforcement agencies assists in the investigation of criminal activity and facilitates the implementation of legal action against the perpetrator. This process enables victim protection and prevention of recurrence.

[0229] (Example 1)

[0230] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."

[0231] In modern digital communications, suspicious data can lead to the leakage of personal information and unauthorized access. While there is a need for protection systems that can respond immediately to such threats, current systems face challenges in identifying the source and analyzing suspicious data, making rapid response difficult.

[0232] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0233] In this invention, the server includes means for detecting suspicious data, means for analyzing information to identify the source of the data, and means for generating an automated response and collecting additional information from the source. This makes it possible to deal with suspicious data quickly and effectively, and to streamline the identification of the source and information collection.

[0234] "Suspicious data" refers to data that is determined to be potentially related to spam, phishing, malware, or other malicious purposes while using a communication network.

[0235] The "source" refers to the original location, IP address, or domain from which suspicious data was transmitted, and is the element that marks the beginning of the communication.

[0236] An "artificial intelligence model" refers to a computer program or algorithm that utilizes machine learning and data analysis techniques to perform pattern recognition and prediction.

[0237] An "automated response" refers to a message that is generated by a specific algorithm or program and sent back to the source based on pre-set conditions.

[0238] "Storage area" refers to physical or virtual storage space designed for the long-term storage and management of digital data.

[0239] "Analysis" refers to data processing techniques used to investigate and understand detailed information about each element of data, and in particular includes the act of identifying the characteristics and source of suspicious data.

[0240] "Evidence" refers to information that is stored as data to meet legal requirements, including past communications, the truthfulness of their content, and information about the sender.

[0241] In implementing this invention, the server, terminal, and user each play specific roles. These details are described below.

[0242] First, the server receives electronic communications via a network interface. The received communications are scanned by a generative AI model implemented in the email filtering system. Specifically, analysis software running on the server performs pattern recognition based on the content and header information within the emails to detect suspicious data. This analysis process may utilize open-source machine learning libraries or commercial AI tools.

[0243] Next, when the server detects suspicious data, it attempts to identify its source. The server analyzes the IP address and domain information contained in the email header and attempts to identify the source by comparing it with a database of known malicious sources. Database management software is used for this identification process and is utilized to efficiently manage information on remote malicious hosts.

[0244] Subsequently, the device generates an automated response email. The content of the response email is optimized using a generation AI model to be of interest to the recipient. Specifically, a template-based email generation system dynamically modifies the content through the generation AI, allowing for the extraction of additional information from the sender. Email client software is also used in this process to send the response.

[0245] Next, the server analyzes the response from the source and securely stores the information in a database. This data is used as evidence in preparation for legal proceedings. The stored information is backed up and stored long-term through a highly secure storage provider.

[0246] As a concrete example, consider a scenario where a user receives a suspicious email. The server immediately scans the email, and if it determines it to be suspicious, the terminal automatically generates and sends a response. If the sender responds, the server analyzes its contents and stores the results in reliable storage. As a result, information can be quickly provided to legal authorities as needed.

[0247] An example of a prompt message might be: "Scan new emails and assess their spam potential. Based on the results, create and send an automated response that will attract the sender's attention. Analyze the responses from the senders, store them in a database, and prepare to share them with law enforcement agencies."

[0248] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0249] Step 1:

[0250] The server receives new electronic communications through the network. These communications contain message data, such as emails. The server first receives this data as input and scans it through a generative AI model. Specifically, it analyzes the text and attachments within the received messages to detect signs of spam and phishing. The detection results are output as a flag indicating whether the message is suspicious or not.

[0251] Step 2:

[0252] For data flagged as suspicious, the server performs analysis to identify the source. This analysis uses email header information, IP addresses, and domain names as input. It consults a database of known malicious sources to process the data and determine the precise location and reliability of the source. Finally, information related to the identification of the source is output.

[0253] Step 3:

[0254] For identified suspicious sources, the terminal generates and sends an automated response. In this process, a generative AI model is used to generate messages that the recipient is likely to be interested in. The AI ​​automatically constructs a document and generates an output message optimized to attract the recipient's attention. This output message is then sent to the source.

[0255] Step 4:

[0256] Once the source sends a response, the server analyzes its contents again. At this stage, the previous response and the new reply are used as input to perform data calculations aimed at identifying the source in more detail and collecting new information. Specifically, this involves understanding the source's intent and accumulating further evidence. The output of this process is the data of the newly collected information and evidence.

[0257] Step 5:

[0258] Finally, the server stores all the collected information in a secure database. The stored data is used for legal proceedings and subsequent analysis. This step involves entering all the information into the database and organizing the data for accurate recording. As output, a completed storage status is generated, maintaining a secure storage state.

[0259] (Application Example 1)

[0260] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."

[0261] In today's information society, individuals and organizations are exposed to a massive volume of electronic communications every day. These include suspicious communications, such as phishing emails, which can pose serious risks such as data breaches and property losses. However, because it is difficult to quickly and effectively detect these suspicious communications and identify their origins, individuals and organizations are currently unable to adequately address them. In particular, there is a need for methods to instantly detect suspicious communications and implement sophisticated responses on information processing devices used daily.

[0262] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0263] In this invention, the server includes means for detecting suspicious electronic communications, means for analyzing information to identify the source, and means for automatically generating and transmitting a response. This enables real-time detection of suspicious electronic communications on a smartphone, allowing for rapid identification of the source and subsequent investigation.

[0264] "Suspicious electronic communications" are electronic messages that deviate from normal communication patterns and may have adverse effects on the recipient.

[0265] "Means of analyzing information to identify the source" refers to methods of analyzing communication content and related metadata in order to identify the source of electronic communications.

[0266] "Means for automatically generating and sending responses" refers to a mechanism for automatically creating and sending responses to target communications based on specific criteria.

[0267] "Means of collecting information" refers to the process of gathering and storing necessary information from the target communications.

[0268] "Means of preserving as legal evidence" refers to methods of securely storing collected information in a format that can be used for legal proceedings.

[0269] "Means for accessing a communication medium to realize the above means on a smartphone" refers to technology for connecting to the network and communication environment necessary for the suspicious communication detection system to function on a smart device.

[0270] A "generative artificial intelligence model" is a type of machine learning-based artificial intelligence used to generate responses or solutions to specific tasks.

[0271] A "prompt statement" is an instruction given to an AI model to guide it to a desired response.

[0272] To implement this invention, the server, terminal, and user each play a specific role. The server is responsible for the central function of detecting suspicious electronic communications, while the terminal generates and sends automated responses. The server operates in addition to a standard email filtering system and performs data analysis using a generative AI model to detect suspicious electronic communications. Specifically, it employs a mechanism to scan incoming emails, analyze whether they may be spam or phishing, and quickly detect suspicious patterns.

[0273] Furthermore, the server attempts to identify the sender from the email header information. This involves using software that performs cross-referencing with known databases and analyzes IP addresses and domain information. By utilizing programming languages ​​including Python and machine learning libraries such as TensorFlow, AI models can be built, enabling highly accurate analysis.

[0274] On the terminal side, an automated response to suspicious communications is sent via the SMTP library installed in the smartphone. This response is generated using a generative AI model, and its content is optimized using a prompt. A specific example of a prompt is, "Analyze the newly received email and detect any suspicious patterns. Also, if possible, generate an automated response to identify the sender."

[0275] These mechanisms allow users to quickly detect suspicious emails and take further action based on advanced information. By utilizing this system, the risks associated with electronic communications can be significantly reduced, and concrete measures can be taken to address them appropriately.

[0276] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0277] Step 1:

[0278] The server scans incoming electronic communications in real time. The input data consists of the message body and header information of emails received by the user. A generative AI model is used to analyze patterns that may indicate spam or phishing. If the scan results in a suspicious electronic communication, the email is identified for further processing.

[0279] Step 2:

[0280] The server analyzes the IP address and domain information included in the email header to identify the source of suspicious electronic communications. The input data is the email header information. The information analysis is performed by comparing it with known malicious source data. Through this process, the sender information of the source is clarified. As a result of the analysis, an output indicating whether the source is identified or cannot be identified is obtained.

[0281] Step 3:

[0282] The terminal generates an auto-response email for the identified suspicious communication. The inputs are the content of the email obtained in Step 1 and the source information identified in Step 2. Utilizing the generation AI model, the reply content is optimized based on the prompt text. Specifically, the prompt text "Please analyze the newly received email, detect suspicious patterns, and generate an auto-response for identifying the sender if possible." is used. This output is a reply email containing content to elicit further information from the source.

[0283] Step 4:

[0284] After sending the auto-response email, the server monitors and analyzes the reply from the source. The input is the reply email from the source. For the received reply, the content is analyzed again using the AI model to collect useful information. As a result, detailed information about the sender of the suspicious communication is aggregated. The output is an information set for legal actions.

[0285] Step 5:

[0286] The server stores the aggregated sender information in a secure storage as evidence. The input is the information set collected in Step 4. These information are managed with high security in preparation for future legal measures. The output is a record of the stored data.

[0287] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0288] This invention combines a system that detects suspicious electronic communications, identifies the source, generates a response, and transmits it with an emotion engine that recognizes the user's emotions and optimizes the response. The specific configuration and operation of this system will be described below.

[0289] First, the server scans incoming emails in real time to identify suspicious patterns. The server uses an AI model to identify the characteristics of spam and phishing emails and flags them as suspicious.

[0290] Next, the server analyzes the email header information to identify the sender of the flagged email. During this process, it compares the IP address and domain against a known list of malicious emails to assess their reliability.

[0291] The device then uses AI and an emotion engine to generate a response email. This response reflects the user's emotional state and is customized to be the most effective response in their interaction with the sender. For example, if the user is feeling anxious, it will generate a more reassuring response.

[0292] The server sends a response email to the sender and then receives a reply. By analyzing the content of this reply, the sender's intentions and methods can be further identified.

[0293] Furthermore, user sentiment data is continuously learned by the sentiment engine. By utilizing past sentiment data, it becomes possible to formulate optimal response strategies for future suspicious emails.

[0294] As a concrete example, consider a scenario where a user receives a suspicious email and is frightened by its contents. The server identifies the email as suspicious, and the device uses an emotion engine to generate and send a polite and calm response that takes the user's emotions into consideration. This response aims to elicit additional information from the sender.

[0295] Ultimately, the collected information is stored as evidence on the server and shared with the appropriate authorities when considering legal action. This system allows for a more empathetic response to users' feelings and provides more effective protection against suspicious emails.

[0296] The following describes the processing flow.

[0297] Step 1:

[0298] The server scans incoming emails in real time and analyzes suspicious patterns using an AI model. If an email is deemed suspicious based on specific keywords or sender domains, it is flagged.

[0299] Step 2:

[0300] The server analyzes the header information of flagged emails to extract IP addresses and domain names. This information is then compared against a list of known malicious senders to assess the sender's trustworthiness. This information is used to attempt to identify the sender.

[0301] Step 3:

[0302] The device analyzes the user's emotions using an emotion engine. This process involves understanding the user's current emotional state and adjusting the style of response accordingly.

[0303] Step 4:

[0304] The terminal uses AI and an emotion engine to generate a response email to the sender. The generated email is customized with a more friendly or calming tone based on the user's emotions. This response aims to elicit additional information from the sender.

[0305] Step 5:

[0306] The server sends the generated response email and receives a reply from the sender. Analyze the content of the reply to further identify the sender's intentions and the methods used.

[0307] Step 6:

[0308] The server aggregates the analysis results and stores them as evidence. These data are encrypted and securely stored to support future legal measures against improper acts.

[0309] Step 7:

[0310] The emotion engine learns the data of the emotions expressed by the user in the past to optimize the response to suspicious emails in the future. Use this data to formulate the most suitable response method for the user.

[0311] (Example 2)

[0312] Next, Example 2 will be described. In the following description, the data processing device 12 is referred to as the "server", and the smart glasses 214 are referred to as the "terminal".

[0313] In the midst of the increasing suspicious data communications, there is a demand to automatically generate an effective response considering the emotions of the users and protect the users from potential risks. However, in the conventional system, it only detects simple suspicious communications and identifies the source of transmission, and has not been able to generate a response suitable for the emotions of the users. For this reason, there is a problem that it has not been able to sufficiently reduce the situation where the user feels fear and anxiety and provide a sense of security.

[0314] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0315] In this invention, the server includes means for analyzing data communications in real time and detecting suspicious communications, means for analyzing information to identify the source of transmission and evaluate its reliability, and means for using artificial intelligence and natural language processing technology to generate responses while utilizing user sentiment data. This makes it possible to generate responses that are sensitive to the user's emotions, and effectively reduces the risks associated with suspicious communications.

[0316] "Suspicious data communication" refers to data exchanges that deviate from normal communication patterns and may be spam or phishing.

[0317] The "source" refers to the point of origin of a data communication, containing information such as the Internet Protocol (IP) address and domain from which the data communication originated.

[0318] "Response" refers to data that is given in response to suspicious data communication, and may include content that reflects the user's emotional state.

[0319] "Artificial intelligence" refers to the technology in which computer systems imitate human intellectual behavior and process information through emotion recognition and natural language processing.

[0320] "Natural language processing technology" refers to the technology used to enable computers to understand and respond appropriately to the language that humans use on a daily basis.

[0321] "Evidence" refers to a collection of information or data that is recorded or stored for use in later verification or legal proceedings.

[0322] "Emotional data" refers to information that quantifies or records a user's emotional state as attributes, and is used to optimize responses.

[0323] This system effectively protects users from suspicious communications by detecting suspicious data traffic, generating responses, and providing content optimized based on the user's sentiment. The server scans emails in real time and uses AI models to identify suspicious communication patterns. Emails deemed suspicious have their email headers analyzed to check if the sender's IP address and domain are included in known malicious lists. Machine learning frameworks such as TensorFlow and PyTorch are used for this process.

[0324] The device generates responses based on analysis results from the server, taking into account the user's emotional data. This utilizes natural language processing technology to customize the content to make the user feel at ease. The device also operates an emotion engine that learns from the user's past emotional data to improve the quality of the responses.

[0325] If a user receives a phishing email, for example, disguised as coming from a bank, the server will flag the email as suspicious, and the device will provide a response such as, "Please rest assured. Our security team is investigating this matter." This response aims to alleviate the user's anxiety while also gathering further information from the sender.

[0326] An example of a prompt from a generated AI model is, "Consider the most effective and reassuring response a user would give if they received a phishing email." This format allows the system to be more user-centric and provide a safer digital environment.

[0327] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0328] Step 1:

[0329] The server scans incoming data communications in real time. All received email data is taken in as input. Using an AI model, it analyzes the email body and header information, detecting suspicious patterns and flagging suspicious emails. Specifically, the server uses AI to detect emails where the sender requests an "urgent password change," and based on this, determines it is a phishing attempt.

[0330] Step 2:

[0331] The server identifies the source of the flagged email. The input here is the data of the email that was flagged as suspicious in step 1. The server extracts IP addresses and domain information from the email header and processes the data by comparing it against a known list of malicious sources. The output is the result of the source reliability assessment. Specifically, if the server detects that an email contains a "malicious IP," it will further analyze that email.

[0332] Step 3:

[0333] The terminal generates a response based on analysis results obtained from the server, taking into account the user's emotional state. The input for this step is the results of the reliability evaluation and the user's past emotional data. Using an emotion engine and natural language processing technology, data calculations are performed to generate a reassuring response email, and the output is a response email template. Specifically, if the user indicates "fear," the terminal generates a response such as, "Please rest assured. We are taking measures to address this."

[0334] Step 4:

[0335] The server sends the response email generated by the terminal to the source. The input is the response email generated in step 3. The server executes the email sending process and outputs the completion status of the sending. Specifically, the server confirms the success of the sending and saves that information as a record.

[0336] Step 5:

[0337] User behavior and emotional data are continuously learned by a connected emotion engine. The input for this step is raw data of the emotional responses the user has shown to emails. This data is then processed to update it and improve future response generation, resulting in an enhanced emotion dataset as output. Specifically, the system learns how to respond to responses that indicate the user's "reassurance," improving the quality of subsequent responses.

[0338] (Application Example 2)

[0339] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."

[0340] In today's information society, security risks from suspicious communications, particularly phishing and spam emails, are increasing. Furthermore, simple filtering and blocking are insufficient countermeasures; it's necessary to consider the recipient's emotions and take the best possible action. However, conventional systems lack the functionality to automatically recognize such emotions and generate optimal responses. As a result, users face the challenge of having to deal with suspicious communications while experiencing anxiety and stress.

[0341] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0342] In this invention, the server includes means for detecting suspicious information communications, means for analyzing records to identify the source, and means for recognizing the user's emotional state and optimizing it to reflect in the response. This enables the user to deal with suspicious communications quickly and appropriately in a manner that takes their own emotional state into consideration.

[0343] "Suspicious information transmission" refers to the transmission of information without a legitimate purpose or intention, which may cause harm to the recipient.

[0344] "Originator" refers to the entity that sent the suspicious information or communication, or the location where the communication began.

[0345] "Records" refer to a broad collection of information, including data and log information related to suspicious communications.

[0346] A "response" is the reply information sent to the sender, and its content reflects the user's intentions and feelings.

[0347] "Emotional state" refers to the psychological reactions and feelings that users experience when they receive suspicious information or communications.

[0348] "Optimization means" refers to methods or devices that adjust the generated responses based on the user's emotional state to provide the most effective content.

[0349] "Legal action" refers to official procedures and actions taken in accordance with the law to deal with suspicious information and communications.

[0350] An "organization" is a group or institution that handles legal and technical issues related to suspicious information and communications.

[0351] In embodiments of this invention, the server first detects suspicious communications. The server scans emails in real time and uses an AI model to identify phishing and spam characteristics. Suspicious emails are flagged. Next, the email header information is analyzed to identify the source. This involves matching IP addresses and domains against a known list of malicious entities.

[0352] The device uses an emotion engine to recognize the user's emotional state. For example, the device recognizes the user's facial expressions through the camera and analyzes their emotional state based on that. The response is then customized based on the emotional state. This system operates on smartphones and other devices.

[0353] For example, if a user receives an email that says, "Please send funds to an unknown account," and feels uneasy, the device's emotion engine detects this emotional state. Based on this, it generates an automated reply to reassure the user. Using a generation AI model and prompt text, it might suggest something like, "This email is suspected to be a phishing attempt, please ignore it. Contact support if necessary."

[0354] In this invention, the server automates email processing using AWS Lambda and builds an email analysis server using Python or Flask. Furthermore, TensorFlow or PyTorch is used for emotion recognition in the AI ​​model. This makes it possible to quickly and appropriately address suspicious communications while taking into consideration the user's emotions.

[0355] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0356] Step 1:

[0357] The server scans incoming emails in real time. In this process, the server inputs the email content as text data and uses an AI model to detect suspicious patterns. Suspicious emails are flagged as output. The suspicious features are based on common patterns found in spam and phishing emails.

[0358] Step 2:

[0359] The server analyzes the header information of flagged emails. Specifically, it takes the email's IP address and domain information as input and compares it against a known list of malicious accounts. The output generates an evaluation of whether the email sender is trustworthy. This process provides the data necessary for determining trustworthiness.

[0360] Step 3:

[0361] The device recognizes the emotional state of the user who receives the email. It acquires the user's facial expressions and voice data as input via sensors and analyzes their emotions using an emotion engine. The output generates an analysis result representing the emotional state, such as anxiety or surprise. This allows for an accurate understanding of the user's psychological state.

[0362] Step 4:

[0363] The device generates an appropriate response to suspicious emails based on analysis results from its emotion engine. It utilizes the email content and the user's emotional state as input, and uses a generative AI model to create a prompt. The output is an optimized response email to be sent. This process constructs a message designed to reassure the user.

[0364] Step 5:

[0365] The server sends an email to the sender based on the generated response. It then monitors the subsequent exchange and analyzes the response content. It uses sent responses and reply information as input and outputs a detailed understanding of the sender's intent. This gathers information to enable further countermeasures.

[0366] Step 6:

[0367] The server stores all relevant information as evidence. Email metadata and response history are recorded in the database as input. As output, records for legal action are accumulated. This storage process forms the foundation for future legal action.

[0368] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0369] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0370] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart glasses 214.

[0371] [Third Embodiment]

[0372] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.

[0373] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.

[0374] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0375] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.

[0376] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0377] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).

[0378] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0379] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0380] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.

[0381] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0382] In the headset terminal 314, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0383] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the headset terminal 314 will be referred to as the "terminal".

[0384] To implement this invention, the server, terminal, and user must each play their respective roles. In this system, the server is primarily responsible for detecting suspicious electronic communications, identifying the source, preserving evidence, and sharing data with legal authorities. The terminal performs the tasks of generating and transmitting responses to suspicious communications. The specific operations are described below.

[0385] The server operates in addition to the standard email filtering system, automatically scanning incoming emails. At this stage, an AI model is used to analyze whether an email is potentially spam or phishing, detecting suspicious patterns. Suspicious emails detected are then identified for further processing.

[0386] The server attempts to identify the sender by analyzing the details of the identified suspicious email. It analyzes the IP address and domain information contained in the email header and compares it against a database of known malicious senders to try and identify the sender. This information analysis aims to reveal the true identity of the sender as much as possible.

[0387] The device automatically generates a response email in response to suspicious electronic communications. This AI-generated response includes content suggesting the recipient is interested and requesting further information. The purpose of the response email is to extract additional information from the sender and generate a more detailed exchange.

[0388] The server then performs evaluation analysis on the information obtained, aggregating and storing information about the senders of suspicious communications. The stored data is treated as evidence in preparation for legal proceedings and is kept in highly secure storage.

[0389] As a concrete example, suppose a user receives a suspicious phishing email. The server immediately scans the email and determines it is suspicious. Next, the device generates and sends an automated response to the email. If the sender responds, the server analyzes its contents and stores it as evidence. Then, it verifies detailed information about the sender and, if necessary, shares this information with law enforcement agencies to support further investigation and appropriate legal action.

[0390] This system is expected to enhance the security of electronic communications and protect users from threats caused by suspicious emails.

[0391] The following describes the processing flow.

[0392] Step 1:

[0393] The server monitors new emails in the inbox and scans all emails with an AI model. The AI ​​analyzes the content of the emails and sender information to identify suspicious patterns and signs of phishing. Suspicious emails are flagged as suspicious.

[0394] Step 2:

[0395] Further analysis is performed on emails flagged as suspicious by the server. The IP address and domain are extracted from the email header and compared against a database of known malicious senders. If this comparison indicates the sender is unreliable, further investigation is required.

[0396] Step 3:

[0397] The device receives instructions from the server and uses AI to automatically generate a response to the sender of the suspicious email. The response email is designed to elicit additional information from the sender. The generated response is then sent from the device to the sender.

[0398] Step 4:

[0399] The server receives the reply from the sender and analyzes its contents. This analysis may reveal the sender's intentions and methods, and facilitates the collection of more specific information. The server records all information obtained through this exchange.

[0400] Step 5:

[0401] The server stores the collected information as evidence. This evidence, crucial for legal proceedings, is stored in an encrypted database to ensure security. The database is subject to strict access control.

[0402] Step 6:

[0403] The server provides collected evidence data to law enforcement agencies as needed. Collaboration with law enforcement agencies assists in the investigation of criminal activity and facilitates the implementation of legal action against the perpetrator. This process enables victim protection and prevention of recurrence.

[0404] (Example 1)

[0405] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0406] In modern digital communications, suspicious data can lead to the leakage of personal information and unauthorized access. While there is a need for protection systems that can respond immediately to such threats, current systems face challenges in identifying the source and analyzing suspicious data, making rapid response difficult.

[0407] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0408] In this invention, the server includes means for detecting suspicious data, means for analyzing information to identify the source of the data, and means for generating an automated response and collecting additional information from the source. This makes it possible to deal with suspicious data quickly and effectively, and to streamline the identification of the source and information collection.

[0409] "Suspicious data" refers to data that is determined to be potentially related to spam, phishing, malware, or other malicious purposes while using a communication network.

[0410] The "source" refers to the original location, IP address, or domain from which suspicious data was transmitted, and is the element that marks the beginning of the communication.

[0411] An "artificial intelligence model" refers to a computer program or algorithm that utilizes machine learning and data analysis techniques to perform pattern recognition and prediction.

[0412] An "automated response" refers to a message that is generated by a specific algorithm or program and sent back to the source based on pre-set conditions.

[0413] "Storage area" refers to physical or virtual storage space designed for the long-term storage and management of digital data.

[0414] "Analysis" refers to data processing techniques used to investigate and understand detailed information about each element of data, and in particular includes the act of identifying the characteristics and source of suspicious data.

[0415] "Evidence" refers to information that is stored as data to meet legal requirements, including past communications, the truthfulness of their content, and information about the sender.

[0416] In implementing this invention, the server, terminal, and user each play specific roles. These details are described below.

[0417] First, the server receives electronic communications via a network interface. The received communications are scanned by a generative AI model implemented in the email filtering system. Specifically, analysis software running on the server performs pattern recognition based on the content and header information within the emails to detect suspicious data. This analysis process may utilize open-source machine learning libraries or commercial AI tools.

[0418] Next, when the server detects suspicious data, it attempts to identify its source. The server analyzes the IP address and domain information contained in the email header and attempts to identify the source by comparing it with a database of known malicious sources. Database management software is used for this identification process and is utilized to efficiently manage information on remote malicious hosts.

[0419] Subsequently, the device generates an automated response email. The content of the response email is optimized using a generation AI model to be of interest to the recipient. Specifically, a template-based email generation system dynamically modifies the content through the generation AI, allowing for the extraction of additional information from the sender. Email client software is also used in this process to send the response.

[0420] Next, the server analyzes the response from the source and securely stores the information in a database. This data is used as evidence in preparation for legal proceedings. The stored information is backed up and stored long-term through a highly secure storage provider.

[0421] As a concrete example, consider a scenario where a user receives a suspicious email. The server immediately scans the email, and if it determines it to be suspicious, the terminal automatically generates and sends a response. If the sender responds, the server analyzes its contents and stores the results in reliable storage. As a result, information can be quickly provided to legal authorities as needed.

[0422] An example of a prompt message might be: "Scan new emails and assess their spam potential. Based on the results, create and send an automated response that will attract the sender's attention. Analyze the responses from the senders, store them in a database, and prepare to share them with law enforcement agencies."

[0423] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0424] Step 1:

[0425] The server receives new electronic communications through the network. These communications contain message data, such as emails. The server first receives this data as input and scans it through a generative AI model. Specifically, it analyzes the text and attachments within the received messages to detect signs of spam and phishing. The detection results are output as a flag indicating whether the message is suspicious or not.

[0426] Step 2:

[0427] For data flagged as suspicious, the server performs analysis to identify the source. This analysis uses email header information, IP addresses, and domain names as input. It consults a database of known malicious sources to process the data and determine the precise location and reliability of the source. Finally, information related to the identification of the source is output.

[0428] Step 3:

[0429] For identified suspicious sources, the terminal generates and sends an automated response. In this process, a generative AI model is used to generate messages that the recipient is likely to be interested in. The AI ​​automatically constructs a document and generates an output message optimized to attract the recipient's attention. This output message is then sent to the source.

[0430] Step 4:

[0431] Once the source sends a response, the server analyzes its contents again. At this stage, the previous response and the new reply are used as input to perform data calculations aimed at identifying the source in more detail and collecting new information. Specifically, this involves understanding the source's intent and accumulating further evidence. The output of this process is the data of the newly collected information and evidence.

[0432] Step 5:

[0433] Finally, the server stores all the collected information in a secure database. The stored data is used for legal proceedings and subsequent analysis. This step involves entering all the information into the database and organizing the data for accurate recording. As output, a completed storage status is generated, maintaining a secure storage state.

[0434] (Application Example 1)

[0435] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0436] In today's information society, individuals and organizations are exposed to a massive volume of electronic communications every day. These include suspicious communications, such as phishing emails, which can pose serious risks such as data breaches and property losses. However, because it is difficult to quickly and effectively detect these suspicious communications and identify their origins, individuals and organizations are currently unable to adequately address them. In particular, there is a need for methods to instantly detect suspicious communications and implement sophisticated responses on information processing devices used daily.

[0437] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0438] In this invention, the server includes means for detecting suspicious electronic communications, means for analyzing information to identify the source, and means for automatically generating and transmitting a response. This enables real-time detection of suspicious electronic communications on a smartphone, allowing for rapid identification of the source and subsequent investigation.

[0439] "Suspicious electronic communications" are electronic messages that deviate from normal communication patterns and may have adverse effects on the recipient.

[0440] "Means of analyzing information to identify the source" refers to methods of analyzing communication content and related metadata in order to identify the source of electronic communications.

[0441] "Means for automatically generating and sending responses" refers to a mechanism for automatically creating and sending responses to target communications based on specific criteria.

[0442] "Means of collecting information" refers to the process of gathering and storing necessary information from the target communications.

[0443] "Means of preserving as legal evidence" refers to methods of securely storing collected information in a format that can be used for legal proceedings.

[0444] "Means for accessing a communication medium to realize the above means on a smartphone" refers to technology for connecting to the network and communication environment necessary for the suspicious communication detection system to function on a smart device.

[0445] A "generative artificial intelligence model" is a type of machine learning-based artificial intelligence used to generate responses or solutions to specific tasks.

[0446] A "prompt statement" is an instruction given to an AI model to guide it to a desired response.

[0447] To implement this invention, the server, terminal, and user each play a specific role. The server is responsible for the central function of detecting suspicious electronic communications, while the terminal generates and sends automated responses. The server operates in addition to a standard email filtering system and performs data analysis using a generative AI model to detect suspicious electronic communications. Specifically, it employs a mechanism to scan incoming emails, analyze whether they may be spam or phishing, and quickly detect suspicious patterns.

[0448] Furthermore, the server attempts to identify the sender from the email header information. This involves using software that performs cross-referencing with known databases and analyzes IP addresses and domain information. By utilizing programming languages ​​including Python and machine learning libraries such as TensorFlow, AI models can be built, enabling highly accurate analysis.

[0449] On the terminal side, an automated response to suspicious communications is sent via the SMTP library installed in the smartphone. This response is generated using a generative AI model, and its content is optimized using a prompt. A specific example of a prompt is, "Analyze the newly received email and detect any suspicious patterns. Also, if possible, generate an automated response to identify the sender."

[0450] These mechanisms allow users to quickly detect suspicious emails and take further action based on advanced information. By utilizing this system, the risks associated with electronic communications can be significantly reduced, and concrete measures can be taken to address them appropriately.

[0451] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0452] Step 1:

[0453] The server scans incoming electronic communications in real time. The input data consists of the message body and header information of emails received by the user. A generative AI model is used to analyze patterns that may indicate spam or phishing. If the scan results in a suspicious electronic communication, the email is identified for further processing.

[0454] Step 2:

[0455] The server analyzes the IP address and domain information contained in the email header to identify the source of suspicious electronic communications. The input data is the email header information. The information analysis is performed by comparing it with known malicious source data. This process clarifies the sender information of the source. The analysis result will be either that the source has been identified or that it cannot be identified.

[0456] Step 3:

[0457] The device generates an automated response email in response to identified suspicious communications. The input consists of the email content obtained in Step 1 and the sender information identified in Step 2. A generation AI model is used to optimize the response based on the prompt. Specifically, the prompt "Analyze newly received emails to detect suspicious patterns. Also, generate an automated response to identify the sender, if possible." is used. The output is a response email containing content designed to extract further information from the sender.

[0458] Step 4:

[0459] The server monitors and analyzes replies from the sender after an automated response email is sent. The input is the reply email from the sender. The received reply is then analyzed again using an AI model to collect useful information. This aggregates detailed information about the sender of suspicious communications. The output is a set of information for legal action.

[0460] Step 5:

[0461] The server stores the aggregated caller information as evidence in secure storage. The input is the set of information collected in step 4. This information is managed with high security in preparation for future legal action. The output is a record of the stored data.

[0462] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0463] This invention combines a system that detects suspicious electronic communications, identifies the source, generates a response, and transmits it with an emotion engine that recognizes the user's emotions and optimizes the response. The specific configuration and operation of this system will be described below.

[0464] First, the server scans incoming emails in real time to identify suspicious patterns. The server uses an AI model to identify the characteristics of spam and phishing emails and flags them as suspicious.

[0465] Next, the server analyzes the email header information to identify the sender of the flagged email. During this process, it compares the IP address and domain against a known list of malicious emails to assess their reliability.

[0466] The device then uses AI and an emotion engine to generate a response email. This response reflects the user's emotional state and is customized to be the most effective response in their interaction with the sender. For example, if the user is feeling anxious, it will generate a more reassuring response.

[0467] The server sends a response email to the sender and then receives a reply. By analyzing the content of this reply, the sender's intentions and methods can be further identified.

[0468] Furthermore, user sentiment data is continuously learned by the sentiment engine. By utilizing past sentiment data, it becomes possible to formulate optimal response strategies for future suspicious emails.

[0469] As a concrete example, consider a scenario where a user receives a suspicious email and is frightened by its contents. The server identifies the email as suspicious, and the device uses an emotion engine to generate and send a polite and calm response that takes the user's emotions into consideration. This response aims to elicit additional information from the sender.

[0470] Ultimately, the collected information is stored as evidence on the server and shared with the appropriate authorities when considering legal action. This system allows for a more empathetic response to users' feelings and provides more effective protection against suspicious emails.

[0471] The following describes the processing flow.

[0472] Step 1:

[0473] The server scans incoming emails in real time and analyzes suspicious patterns using an AI model. If an email is deemed suspicious based on specific keywords or sender domains, it is flagged.

[0474] Step 2:

[0475] The server analyzes the header information of flagged emails to extract IP addresses and domain names. This information is then compared against a list of known malicious senders to assess the sender's trustworthiness. This information is used to attempt to identify the sender.

[0476] Step 3:

[0477] The device analyzes the user's emotions using an emotion engine. This process involves understanding the user's current emotional state and adjusting the style of response accordingly.

[0478] Step 4:

[0479] The device uses AI and an emotion engine to generate a response email to the sender. The generated email is customized to a more friendly or calm tone based on the user's emotions. This response aims to elicit additional information from the sender.

[0480] Step 5:

[0481] The server sends a generated response email and receives a reply from the sender. The reply is then analyzed to further identify the sender's intentions and the methods they are using.

[0482] Step 6:

[0483] The server aggregates the analysis results and stores them as evidence. This data is encrypted and securely stored to support future legal action against fraudulent activity.

[0484] Step 7:

[0485] The system uses an emotion engine to learn from past emotional data expressed by users, optimizing future responses to suspicious emails. This data is then used to develop the most appropriate response for each user.

[0486] (Example 2)

[0487] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0488] Amidst the increase in suspicious data communications, there is a growing need to automatically generate effective responses that take into account the user's emotions and protect them from potential dangers. However, conventional systems are limited to simply detecting suspicious communications and identifying their sources, and have been unable to generate responses that are appropriate to the user's emotions. As a result, there has been a challenge in adequately mitigating situations that cause fear and anxiety in users and providing them with a sense of security.

[0489] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0490] In this invention, the server includes means for analyzing data communications in real time and detecting suspicious communications, means for analyzing information to identify the source of transmission and evaluate its reliability, and means for using artificial intelligence and natural language processing technology to generate responses while utilizing user sentiment data. This makes it possible to generate responses that are sensitive to the user's emotions, and effectively reduces the risks associated with suspicious communications.

[0491] "Suspicious data communication" refers to data exchanges that deviate from normal communication patterns and may be spam or phishing.

[0492] The "source" refers to the point of origin of a data communication, containing information such as the Internet Protocol (IP) address and domain from which the data communication originated.

[0493] "Response" refers to data that is given in response to suspicious data communication, and may include content that reflects the user's emotional state.

[0494] "Artificial intelligence" refers to the technology in which computer systems imitate human intellectual behavior and process information through emotion recognition and natural language processing.

[0495] "Natural language processing technology" refers to the technology used to enable computers to understand and respond appropriately to the language that humans use on a daily basis.

[0496] "Evidence" refers to a collection of information or data that is recorded or stored for use in later verification or legal proceedings.

[0497] "Emotional data" refers to information that quantifies or records a user's emotional state as attributes, and is used to optimize responses.

[0498] This system effectively protects users from suspicious communications by detecting suspicious data traffic, generating responses, and providing content optimized based on the user's sentiment. The server scans emails in real time and uses AI models to identify suspicious communication patterns. Emails deemed suspicious have their email headers analyzed to check if the sender's IP address and domain are included in known malicious lists. Machine learning frameworks such as TensorFlow and PyTorch are used for this process.

[0499] The device generates responses based on analysis results from the server, taking into account the user's emotional data. This utilizes natural language processing technology to customize the content to make the user feel at ease. The device also operates an emotion engine that learns from the user's past emotional data to improve the quality of the responses.

[0500] If a user receives a phishing email, for example, disguised as coming from a bank, the server will flag the email as suspicious, and the device will provide a response such as, "Please rest assured. Our security team is investigating this matter." This response aims to alleviate the user's anxiety while also gathering further information from the sender.

[0501] An example of a prompt from a generated AI model is, "Consider the most effective and reassuring response a user would give if they received a phishing email." This format allows the system to be more user-centric and provide a safer digital environment.

[0502] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0503] Step 1:

[0504] The server scans incoming data communications in real time. All received email data is taken in as input. Using an AI model, it analyzes the email body and header information, detecting suspicious patterns and flagging suspicious emails. Specifically, the server uses AI to detect emails where the sender requests an "urgent password change," and based on this, determines it is a phishing attempt.

[0505] Step 2:

[0506] The server identifies the source of the flagged email. The input here is the data of the email that was flagged as suspicious in step 1. The server extracts IP addresses and domain information from the email header and processes the data by comparing it against a known list of malicious sources. The output is the result of the source reliability assessment. Specifically, if the server detects that an email contains a "malicious IP," it will further analyze that email.

[0507] Step 3:

[0508] The terminal generates a response based on analysis results obtained from the server, taking into account the user's emotional state. The input for this step is the results of the reliability evaluation and the user's past emotional data. Using an emotion engine and natural language processing technology, data calculations are performed to generate a reassuring response email, and the output is a response email template. Specifically, if the user indicates "fear," the terminal generates a response such as, "Please rest assured. We are taking measures to address this."

[0509] Step 4:

[0510] The server sends the response email generated by the terminal to the source. The input is the response email generated in step 3. The server executes the email sending process and outputs the completion status of the sending. Specifically, the server confirms the success of the sending and saves that information as a record.

[0511] Step 5:

[0512] User behavior and emotional data are continuously learned by a connected emotion engine. The input for this step is raw data of the emotional responses the user has shown to emails. This data is then processed to update it and improve future response generation, resulting in an enhanced emotion dataset as output. Specifically, the system learns how to respond to responses that indicate the user's "reassurance," improving the quality of subsequent responses.

[0513] (Application Example 2)

[0514] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0515] In today's information society, security risks from suspicious communications, particularly phishing and spam emails, are increasing. Furthermore, simple filtering and blocking are insufficient countermeasures; it's necessary to consider the recipient's emotions and take the best possible action. However, conventional systems lack the functionality to automatically recognize such emotions and generate optimal responses. As a result, users face the challenge of having to deal with suspicious communications while experiencing anxiety and stress.

[0516] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0517] In this invention, the server includes means for detecting suspicious information communications, means for analyzing records to identify the source, and means for recognizing the user's emotional state and optimizing it to reflect in the response. This enables the user to deal with suspicious communications quickly and appropriately in a manner that takes their own emotional state into consideration.

[0518] "Suspicious information transmission" refers to the transmission of information without a legitimate purpose or intention, which may cause harm to the recipient.

[0519] "Originator" refers to the entity that sent the suspicious information or communication, or the location where the communication began.

[0520] "Records" refer to a broad collection of information, including data and log information related to suspicious communications.

[0521] A "response" is the reply information sent to the sender, and its content reflects the user's intentions and feelings.

[0522] "Emotional state" refers to the psychological reactions and feelings that users experience when they receive suspicious information or communications.

[0523] "Optimization means" refers to methods or devices that adjust the generated responses based on the user's emotional state to provide the most effective content.

[0524] "Legal action" refers to official procedures and actions taken in accordance with the law to deal with suspicious information and communications.

[0525] An "organization" is a group or institution that handles legal and technical issues related to suspicious information and communications.

[0526] In embodiments of this invention, the server first detects suspicious communications. The server scans emails in real time and uses an AI model to identify phishing and spam characteristics. Suspicious emails are flagged. Next, the email header information is analyzed to identify the source. This involves matching IP addresses and domains against a known list of malicious entities.

[0527] The device uses an emotion engine to recognize the user's emotional state. For example, the device recognizes the user's facial expressions through the camera and analyzes their emotional state based on that. The response is then customized based on the emotional state. This system operates on smartphones and other devices.

[0528] For example, if a user receives an email that says, "Please send funds to an unknown account," and feels uneasy, the device's emotion engine detects this emotional state. Based on this, it generates an automated reply to reassure the user. Using a generation AI model and prompt text, it might suggest something like, "This email is suspected to be a phishing attempt, please ignore it. Contact support if necessary."

[0529] In this invention, the server automates email processing using AWS Lambda and builds an email analysis server using Python or Flask. Furthermore, TensorFlow or PyTorch is used for emotion recognition in the AI ​​model. This makes it possible to quickly and appropriately address suspicious communications while taking into consideration the user's emotions.

[0530] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0531] Step 1:

[0532] The server scans incoming emails in real time. In this process, the server inputs the email content as text data and uses an AI model to detect suspicious patterns. Suspicious emails are flagged as output. The suspicious features are based on common patterns found in spam and phishing emails.

[0533] Step 2:

[0534] The server analyzes the header information of flagged emails. Specifically, it takes the email's IP address and domain information as input and compares it against a known list of malicious accounts. The output generates an evaluation of whether the email sender is trustworthy. This process provides the data necessary for determining trustworthiness.

[0535] Step 3:

[0536] The device recognizes the emotional state of the user who receives the email. It acquires the user's facial expressions and voice data as input via sensors and analyzes their emotions using an emotion engine. The output generates an analysis result representing the emotional state, such as anxiety or surprise. This allows for an accurate understanding of the user's psychological state.

[0537] Step 4:

[0538] The device generates an appropriate response to suspicious emails based on analysis results from its emotion engine. It utilizes the email content and the user's emotional state as input, and uses a generative AI model to create a prompt. The output is an optimized response email to be sent. This process constructs a message designed to reassure the user.

[0539] Step 5:

[0540] The server sends an email to the sender based on the generated response. It then monitors the subsequent exchange and analyzes the response content. It uses sent responses and reply information as input and outputs a detailed understanding of the sender's intent. This gathers information to enable further countermeasures.

[0541] Step 6:

[0542] The server stores all relevant information as evidence. Email metadata and response history are recorded in the database as input. As output, records for legal action are accumulated. This storage process forms the foundation for future legal action.

[0543] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0544] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0545] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and specific processing may also be performed by the headset terminal 314.

[0546] [Fourth Embodiment]

[0547] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.

[0548] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.

[0549] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0550] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.

[0551] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0552] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).

[0553] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0554] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. Furthermore, the robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.

[0555] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0556] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.

[0557] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0558] In robot 414, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0559] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0560] To implement this invention, the server, terminal, and user must each play their respective roles. In this system, the server is primarily responsible for detecting suspicious electronic communications, identifying the source, preserving evidence, and sharing data with legal authorities. The terminal performs the tasks of generating and transmitting responses to suspicious communications. The specific operations are described below.

[0561] The server operates in addition to the standard email filtering system, automatically scanning incoming emails. At this stage, an AI model is used to analyze whether an email is potentially spam or phishing, detecting suspicious patterns. Suspicious emails detected are then identified for further processing.

[0562] The server attempts to identify the sender by analyzing the details of the identified suspicious email. It analyzes the IP address and domain information contained in the email header and compares it against a database of known malicious senders to try and identify the sender. This information analysis aims to reveal the true identity of the sender as much as possible.

[0563] The device automatically generates a response email in response to suspicious electronic communications. This AI-generated response includes content suggesting the recipient is interested and requesting further information. The purpose of the response email is to extract additional information from the sender and generate a more detailed exchange.

[0564] The server then performs evaluation analysis on the information obtained, aggregating and storing information about the senders of suspicious communications. The stored data is treated as evidence in preparation for legal proceedings and is kept in highly secure storage.

[0565] As a concrete example, suppose a user receives a suspicious phishing email. The server immediately scans the email and determines it is suspicious. Next, the device generates and sends an automated response to the email. If the sender responds, the server analyzes its contents and stores it as evidence. Then, it verifies detailed information about the sender and, if necessary, shares this information with law enforcement agencies to support further investigation and appropriate legal action.

[0566] This system is expected to enhance the security of electronic communications and protect users from threats caused by suspicious emails.

[0567] The following describes the processing flow.

[0568] Step 1:

[0569] The server monitors new emails in the inbox and scans all emails with an AI model. The AI ​​analyzes the content of the emails and sender information to identify suspicious patterns and signs of phishing. Suspicious emails are flagged as suspicious.

[0570] Step 2:

[0571] Further analysis is performed on emails flagged as suspicious by the server. The IP address and domain are extracted from the email header and compared against a database of known malicious senders. If this comparison indicates the sender is unreliable, further investigation is required.

[0572] Step 3:

[0573] The device receives instructions from the server and uses AI to automatically generate a response to the sender of the suspicious email. The response email is designed to elicit additional information from the sender. The generated response is then sent from the device to the sender.

[0574] Step 4:

[0575] The server receives the reply from the sender and analyzes its contents. This analysis may reveal the sender's intentions and methods, and facilitates the collection of more specific information. The server records all information obtained through this exchange.

[0576] Step 5:

[0577] The server stores the collected information as evidence. This evidence, crucial for legal proceedings, is stored in an encrypted database to ensure security. The database is subject to strict access control.

[0578] Step 6:

[0579] The server provides collected evidence data to law enforcement agencies as needed. Collaboration with law enforcement agencies assists in the investigation of criminal activity and facilitates the implementation of legal action against the perpetrator. This process enables victim protection and prevention of recurrence.

[0580] (Example 1)

[0581] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0582] In modern digital communications, suspicious data can lead to the leakage of personal information and unauthorized access. While there is a need for protection systems that can respond immediately to such threats, current systems face challenges in identifying the source and analyzing suspicious data, making rapid response difficult.

[0583] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0584] In this invention, the server includes means for detecting suspicious data, means for analyzing information to identify the source of the data, and means for generating an automated response and collecting additional information from the source. This makes it possible to deal with suspicious data quickly and effectively, and to streamline the identification of the source and information collection.

[0585] "Suspicious data" refers to data that is determined to be potentially related to spam, phishing, malware, or other malicious purposes while using a communication network.

[0586] The "source" refers to the original location, IP address, or domain from which suspicious data was transmitted, and is the element that marks the beginning of the communication.

[0587] An "artificial intelligence model" refers to a computer program or algorithm that utilizes machine learning and data analysis techniques to perform pattern recognition and prediction.

[0588] An "automated response" refers to a message that is generated by a specific algorithm or program and sent back to the source based on pre-set conditions.

[0589] "Storage area" refers to physical or virtual storage space designed for the long-term storage and management of digital data.

[0590] "Analysis" refers to data processing techniques used to investigate and understand detailed information about each element of data, and in particular includes the act of identifying the characteristics and source of suspicious data.

[0591] "Evidence" refers to information that is stored as data to meet legal requirements, including past communications, the truthfulness of their content, and information about the sender.

[0592] In implementing this invention, the server, terminal, and user each play specific roles. These details are described below.

[0593] First, the server receives electronic communications via a network interface. The received communications are scanned by a generative AI model implemented in the email filtering system. Specifically, analysis software running on the server performs pattern recognition based on the content and header information within the emails to detect suspicious data. This analysis process may utilize open-source machine learning libraries or commercial AI tools.

[0594] Next, when the server detects suspicious data, it attempts to identify its source. The server analyzes the IP address and domain information contained in the email header and attempts to identify the source by comparing it with a database of known malicious sources. Database management software is used for this identification process and is utilized to efficiently manage information on remote malicious hosts.

[0595] Subsequently, the device generates an automated response email. The content of the response email is optimized using a generation AI model to be of interest to the recipient. Specifically, a template-based email generation system dynamically modifies the content through the generation AI, allowing for the extraction of additional information from the sender. Email client software is also used in this process to send the response.

[0596] Next, the server analyzes the response from the source and securely stores the information in a database. This data is used as evidence in preparation for legal proceedings. The stored information is backed up and stored long-term through a highly secure storage provider.

[0597] As a concrete example, consider a scenario where a user receives a suspicious email. The server immediately scans the email, and if it determines it to be suspicious, the terminal automatically generates and sends a response. If the sender responds, the server analyzes its contents and stores the results in reliable storage. As a result, information can be quickly provided to legal authorities as needed.

[0598] An example of a prompt message might be: "Scan new emails and assess their spam potential. Based on the results, create and send an automated response that will attract the sender's attention. Analyze the responses from the senders, store them in a database, and prepare to share them with law enforcement agencies."

[0599] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0600] Step 1:

[0601] The server receives new electronic communications through the network. These communications contain message data, such as emails. The server first receives this data as input and scans it through a generative AI model. Specifically, it analyzes the text and attachments within the received messages to detect signs of spam and phishing. The detection results are output as a flag indicating whether the message is suspicious or not.

[0602] Step 2:

[0603] For data flagged as suspicious, the server performs analysis to identify the source. This analysis uses email header information, IP addresses, and domain names as input. It consults a database of known malicious sources to process the data and determine the precise location and reliability of the source. Finally, information related to the identification of the source is output.

[0604] Step 3:

[0605] For identified suspicious sources, the terminal generates and sends an automated response. In this process, a generative AI model is used to generate messages that the recipient is likely to be interested in. The AI ​​automatically constructs a document and generates an output message optimized to attract the recipient's attention. This output message is then sent to the source.

[0606] Step 4:

[0607] Once the source sends a response, the server analyzes its contents again. At this stage, the previous response and the new reply are used as input to perform data calculations aimed at identifying the source in more detail and collecting new information. Specifically, this involves understanding the source's intent and accumulating further evidence. The output of this process is the data of the newly collected information and evidence.

[0608] Step 5:

[0609] Finally, the server stores all the collected information in a secure database. The stored data is used for legal proceedings and subsequent analysis. This step involves entering all the information into the database and organizing the data for accurate recording. As output, a completed storage status is generated, maintaining a secure storage state.

[0610] (Application Example 1)

[0611] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0612] In today's information society, individuals and organizations are exposed to a massive volume of electronic communications every day. These include suspicious communications, such as phishing emails, which can pose serious risks such as data breaches and property losses. However, because it is difficult to quickly and effectively detect these suspicious communications and identify their origins, individuals and organizations are currently unable to adequately address them. In particular, there is a need for methods to instantly detect suspicious communications and implement sophisticated responses on information processing devices used daily.

[0613] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0614] In this invention, the server includes means for detecting suspicious electronic communications, means for analyzing information to identify the source, and means for automatically generating and transmitting a response. This enables real-time detection of suspicious electronic communications on a smartphone, allowing for rapid identification of the source and subsequent investigation.

[0615] "Suspicious electronic communications" are electronic messages that deviate from normal communication patterns and may have adverse effects on the recipient.

[0616] "Means of analyzing information to identify the source" refers to methods of analyzing communication content and related metadata in order to identify the source of electronic communications.

[0617] "Means for automatically generating and sending responses" refers to a mechanism for automatically creating and sending responses to target communications based on specific criteria.

[0618] "Means of collecting information" refers to the process of gathering and storing necessary information from the target communications.

[0619] "Means of preserving as legal evidence" refers to methods of securely storing collected information in a format that can be used for legal proceedings.

[0620] "Means for accessing a communication medium to realize the above means on a smartphone" refers to technology for connecting to the network and communication environment necessary for the suspicious communication detection system to function on a smart device.

[0621] A "generative artificial intelligence model" is a type of machine learning-based artificial intelligence used to generate responses or solutions to specific tasks.

[0622] A "prompt statement" is an instruction given to an AI model to guide it to a desired response.

[0623] To implement this invention, the server, terminal, and user each play a specific role. The server is responsible for the central function of detecting suspicious electronic communications, while the terminal generates and sends automated responses. The server operates in addition to a standard email filtering system and performs data analysis using a generative AI model to detect suspicious electronic communications. Specifically, it employs a mechanism to scan incoming emails, analyze whether they may be spam or phishing, and quickly detect suspicious patterns.

[0624] Furthermore, the server attempts to identify the sender from the email header information. This involves using software that performs cross-referencing with known databases and analyzes IP addresses and domain information. By utilizing programming languages ​​including Python and machine learning libraries such as TensorFlow, AI models can be built, enabling highly accurate analysis.

[0625] On the terminal side, an automated response to suspicious communications is sent via the SMTP library installed in the smartphone. This response is generated using a generative AI model, and its content is optimized using a prompt. A specific example of a prompt is, "Analyze the newly received email and detect any suspicious patterns. Also, if possible, generate an automated response to identify the sender."

[0626] These mechanisms allow users to quickly detect suspicious emails and take further action based on advanced information. By utilizing this system, the risks associated with electronic communications can be significantly reduced, and concrete measures can be taken to address them appropriately.

[0627] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0628] Step 1:

[0629] The server scans incoming electronic communications in real time. The input data consists of the message body and header information of emails received by the user. A generative AI model is used to analyze patterns that may indicate spam or phishing. If the scan results in a suspicious electronic communication, the email is identified for further processing.

[0630] Step 2:

[0631] The server analyzes the IP address and domain information contained in the email header to identify the source of suspicious electronic communications. The input data is the email header information. The information analysis is performed by comparing it with known malicious source data. This process clarifies the sender information of the source. The analysis result will be either that the source has been identified or that it cannot be identified.

[0632] Step 3:

[0633] The device generates an automated response email in response to identified suspicious communications. The input consists of the email content obtained in Step 1 and the sender information identified in Step 2. A generation AI model is used to optimize the response based on the prompt. Specifically, the prompt "Analyze newly received emails to detect suspicious patterns. Also, generate an automated response to identify the sender, if possible." is used. The output is a response email containing content designed to extract further information from the sender.

[0634] Step 4:

[0635] The server monitors and analyzes replies from the sender after an automated response email is sent. The input is the reply email from the sender. The received reply is then analyzed again using an AI model to collect useful information. This aggregates detailed information about the sender of suspicious communications. The output is a set of information for legal action.

[0636] Step 5:

[0637] The server stores the aggregated caller information as evidence in secure storage. The input is the set of information collected in step 4. This information is managed with high security in preparation for future legal action. The output is a record of the stored data.

[0638] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0639] This invention combines a system that detects suspicious electronic communications, identifies the source, generates a response, and transmits it with an emotion engine that recognizes the user's emotions and optimizes the response. The specific configuration and operation of this system will be described below.

[0640] First, the server scans incoming emails in real time to identify suspicious patterns. The server uses an AI model to identify the characteristics of spam and phishing emails and flags them as suspicious.

[0641] Next, the server analyzes the email header information to identify the sender of the flagged email. During this process, it compares the IP address and domain against a known list of malicious emails to assess their reliability.

[0642] The device then uses AI and an emotion engine to generate a response email. This response reflects the user's emotional state and is customized to be the most effective response in their interaction with the sender. For example, if the user is feeling anxious, it will generate a more reassuring response.

[0643] The server sends a response email to the sender and then receives a reply. By analyzing the content of this reply, the sender's intentions and methods can be further identified.

[0644] Furthermore, user sentiment data is continuously learned by the sentiment engine. By utilizing past sentiment data, it becomes possible to formulate optimal response strategies for future suspicious emails.

[0645] As a concrete example, consider a scenario where a user receives a suspicious email and is frightened by its contents. The server identifies the email as suspicious, and the device uses an emotion engine to generate and send a polite and calm response that takes the user's emotions into consideration. This response aims to elicit additional information from the sender.

[0646] Ultimately, the collected information is stored as evidence on the server and shared with the appropriate authorities when considering legal action. This system allows for a more empathetic response to users' feelings and provides more effective protection against suspicious emails.

[0647] The following describes the processing flow.

[0648] Step 1:

[0649] The server scans incoming emails in real time and analyzes suspicious patterns using an AI model. If an email is deemed suspicious based on specific keywords or sender domains, it is flagged.

[0650] Step 2:

[0651] The server analyzes the header information of flagged emails to extract IP addresses and domain names. This information is then compared against a list of known malicious senders to assess the sender's trustworthiness. This information is used to attempt to identify the sender.

[0652] Step 3:

[0653] The device analyzes the user's emotions using an emotion engine. This process involves understanding the user's current emotional state and adjusting the style of response accordingly.

[0654] Step 4:

[0655] The device uses AI and an emotion engine to generate a response email to the sender. The generated email is customized to a more friendly or calm tone based on the user's emotions. This response aims to elicit additional information from the sender.

[0656] Step 5:

[0657] The server sends a generated response email and receives a reply from the sender. The reply is then analyzed to further identify the sender's intentions and the methods they are using.

[0658] Step 6:

[0659] The server aggregates the analysis results and stores them as evidence. This data is encrypted and securely stored to support future legal action against fraudulent activity.

[0660] Step 7:

[0661] The system uses an emotion engine to learn from past emotional data expressed by users, optimizing future responses to suspicious emails. This data is then used to develop the most appropriate response for each user.

[0662] (Example 2)

[0663] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0664] Amidst the increase in suspicious data communications, there is a growing need to automatically generate effective responses that take into account the user's emotions and protect them from potential dangers. However, conventional systems are limited to simply detecting suspicious communications and identifying their sources, and have been unable to generate responses that are appropriate to the user's emotions. As a result, there has been a challenge in adequately mitigating situations that cause fear and anxiety in users and providing them with a sense of security.

[0665] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0666] In this invention, the server includes means for analyzing data communications in real time and detecting suspicious communications, means for analyzing information to identify the source of transmission and evaluate its reliability, and means for using artificial intelligence and natural language processing technology to generate responses while utilizing user sentiment data. This makes it possible to generate responses that are sensitive to the user's emotions, and effectively reduces the risks associated with suspicious communications.

[0667] "Suspicious data communication" refers to data exchanges that deviate from normal communication patterns and may be spam or phishing.

[0668] The "source" refers to the point of origin of a data communication, containing information such as the Internet Protocol (IP) address and domain from which the data communication originated.

[0669] "Response" refers to data that is given in response to suspicious data communication, and may include content that reflects the user's emotional state.

[0670] "Artificial intelligence" refers to the technology in which computer systems imitate human intellectual behavior and process information through emotion recognition and natural language processing.

[0671] "Natural language processing technology" refers to the technology used to enable computers to understand and respond appropriately to the language that humans use on a daily basis.

[0672] "Evidence" refers to a collection of information or data that is recorded or stored for use in later verification or legal proceedings.

[0673] "Emotional data" refers to information that quantifies or records a user's emotional state as attributes, and is used to optimize responses.

[0674] This system effectively protects users from suspicious communications by detecting suspicious data traffic, generating responses, and providing content optimized based on the user's sentiment. The server scans emails in real time and uses AI models to identify suspicious communication patterns. Emails deemed suspicious have their email headers analyzed to check if the sender's IP address and domain are included in known malicious lists. Machine learning frameworks such as TensorFlow and PyTorch are used for this process.

[0675] The device generates responses based on analysis results from the server, taking into account the user's emotional data. This utilizes natural language processing technology to customize the content to make the user feel at ease. The device also operates an emotion engine that learns from the user's past emotional data to improve the quality of the responses.

[0676] If a user receives a phishing email, for example, disguised as coming from a bank, the server will flag the email as suspicious, and the device will provide a response such as, "Please rest assured. Our security team is investigating this matter." This response aims to alleviate the user's anxiety while also gathering further information from the sender.

[0677] An example of a prompt from a generated AI model is, "Consider the most effective and reassuring response a user would give if they received a phishing email." This format allows the system to be more user-centric and provide a safer digital environment.

[0678] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0679] Step 1:

[0680] The server scans incoming data communications in real time. All received email data is taken in as input. Using an AI model, it analyzes the email body and header information, detecting suspicious patterns and flagging suspicious emails. Specifically, the server uses AI to detect emails where the sender requests an "urgent password change," and based on this, determines it is a phishing attempt.

[0681] Step 2:

[0682] The server identifies the source of the flagged email. The input here is the data of the email that was flagged as suspicious in step 1. The server extracts IP addresses and domain information from the email header and processes the data by comparing it against a known list of malicious sources. The output is the result of the source reliability assessment. Specifically, if the server detects that an email contains a "malicious IP," it will further analyze that email.

[0683] Step 3:

[0684] The terminal generates a response based on analysis results obtained from the server, taking into account the user's emotional state. The input for this step is the results of the reliability evaluation and the user's past emotional data. Using an emotion engine and natural language processing technology, data calculations are performed to generate a reassuring response email, and the output is a response email template. Specifically, if the user indicates "fear," the terminal generates a response such as, "Please rest assured. We are taking measures to address this."

[0685] Step 4:

[0686] The server sends the response email generated by the terminal to the source. The input is the response email generated in step 3. The server executes the email sending process and outputs the completion status of the sending. Specifically, the server confirms the success of the sending and saves that information as a record.

[0687] Step 5:

[0688] User behavior and emotional data are continuously learned by a connected emotion engine. The input for this step is raw data of the emotional responses the user has shown to emails. This data is then processed to update it and improve future response generation, resulting in an enhanced emotion dataset as output. Specifically, the system learns how to respond to responses that indicate the user's "reassurance," improving the quality of subsequent responses.

[0689] (Application Example 2)

[0690] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0691] In today's information society, security risks from suspicious communications, particularly phishing and spam emails, are increasing. Furthermore, simple filtering and blocking are insufficient countermeasures; it's necessary to consider the recipient's emotions and take the best possible action. However, conventional systems lack the functionality to automatically recognize such emotions and generate optimal responses. As a result, users face the challenge of having to deal with suspicious communications while experiencing anxiety and stress.

[0692] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0693] In this invention, the server includes means for detecting suspicious information communications, means for analyzing records to identify the source, and means for recognizing the user's emotional state and optimizing it to reflect in the response. This enables the user to deal with suspicious communications quickly and appropriately in a manner that takes their own emotional state into consideration.

[0694] "Suspicious information transmission" refers to the transmission of information without a legitimate purpose or intention, which may cause harm to the recipient.

[0695] "Originator" refers to the entity that sent the suspicious information or communication, or the location where the communication began.

[0696] "Records" refer to a broad collection of information, including data and log information related to suspicious communications.

[0697] A "response" is the reply information sent to the sender, and its content reflects the user's intentions and feelings.

[0698] "Emotional state" refers to the psychological reactions and feelings that users experience when they receive suspicious information or communications.

[0699] "Optimization means" refers to methods or devices that adjust the generated responses based on the user's emotional state to provide the most effective content.

[0700] "Legal action" refers to official procedures and actions taken in accordance with the law to deal with suspicious information and communications.

[0701] An "organization" is a group or institution that handles legal and technical issues related to suspicious information and communications.

[0702] In embodiments of this invention, the server first detects suspicious communications. The server scans emails in real time and uses an AI model to identify phishing and spam characteristics. Suspicious emails are flagged. Next, the email header information is analyzed to identify the source. This involves matching IP addresses and domains against a known list of malicious entities.

[0703] The device uses an emotion engine to recognize the user's emotional state. For example, the device recognizes the user's facial expressions through the camera and analyzes their emotional state based on that. The response is then customized based on the emotional state. This system operates on smartphones and other devices.

[0704] For example, if a user receives an email that says, "Please send funds to an unknown account," and feels uneasy, the device's emotion engine detects this emotional state. Based on this, it generates an automated reply to reassure the user. Using a generation AI model and prompt text, it might suggest something like, "This email is suspected to be a phishing attempt, please ignore it. Contact support if necessary."

[0705] In this invention, the server automates email processing using AWS Lambda and builds an email analysis server using Python or Flask. Furthermore, TensorFlow or PyTorch is used for emotion recognition in the AI ​​model. This makes it possible to quickly and appropriately address suspicious communications while taking into consideration the user's emotions.

[0706] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0707] Step 1:

[0708] The server scans incoming emails in real time. In this process, the server inputs the email content as text data and uses an AI model to detect suspicious patterns. Suspicious emails are flagged as output. The suspicious features are based on common patterns found in spam and phishing emails.

[0709] Step 2:

[0710] The server analyzes the header information of flagged emails. Specifically, it takes the email's IP address and domain information as input and compares it against a known list of malicious accounts. The output generates an evaluation of whether the email sender is trustworthy. This process provides the data necessary for determining trustworthiness.

[0711] Step 3:

[0712] The device recognizes the emotional state of the user who receives the email. It acquires the user's facial expressions and voice data as input via sensors and analyzes their emotions using an emotion engine. The output generates an analysis result representing the emotional state, such as anxiety or surprise. This allows for an accurate understanding of the user's psychological state.

[0713] Step 4:

[0714] The device generates an appropriate response to suspicious emails based on analysis results from its emotion engine. It utilizes the email content and the user's emotional state as input, and uses a generative AI model to create a prompt. The output is an optimized response email to be sent. This process constructs a message designed to reassure the user.

[0715] Step 5:

[0716] The server sends an email to the sender based on the generated response. It then monitors the subsequent exchange and analyzes the response content. It uses sent responses and reply information as input and outputs a detailed understanding of the sender's intent. This gathers information to enable further countermeasures.

[0717] Step 6:

[0718] The server stores all relevant information as evidence. Email metadata and response history are recorded in the database as input. As output, records for legal action are accumulated. This storage process forms the foundation for future legal action.

[0719] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0720] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0721] In the above embodiment, an example was given in which the specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the robot 414.

[0722] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.

[0723] Figure 9 shows an emotion map 400 in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.

[0724] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.

[0725] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.

[0726] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, motorcycles, etc., emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated, for example, based on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.

[0727] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."

[0728] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values ​​representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values ​​representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.

[0729] The above description primarily focuses on the functions of the data processing device 12 in relation to this disclosure. However, the system related to this disclosure is not necessarily implemented on a server. The system related to this disclosure may be implemented as a general information processing system. This disclosure may be implemented, for example, as a software program that runs on a personal computer or as an application that runs on a smartphone. The method related to this disclosure may be provided to users in SaaS (Software as a Service) format.

[0730] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing of the specific process may be performed by multiple computers, including computer 22. For example, a data generation model 58 may be provided in an external device of the data processing device 12, and the external device may generate data according to the input data.

[0731] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.

[0732] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.

[0733] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.

[0734] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.

[0735] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.

[0736] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.

[0737] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.

[0738] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and the like that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.

[0739] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.

[0740] The following is further disclosed regarding the embodiments described above.

[0741] (Claim 1)

[0742] A means of detecting suspicious electronic communications,

[0743] A means for analyzing information in order to identify the source of the suspicious electronic communication,

[0744] Means for generating and sending a response to the aforementioned sender,

[0745] A means for collecting information from the sender in the aforementioned response,

[0746] A means for storing the collected information as evidence,

[0747] Means for sharing the aforementioned evidence with the appropriate authorities for legal action,

[0748] A system that includes this.

[0749] (Claim 2)

[0750] The system according to claim 1, further comprising means for optimizing the content using artificial intelligence when generating the aforementioned response.

[0751] (Claim 3)

[0752] The system according to claim 1, comprising means for rapidly generating a response by analyzing the suspicious electronic communications in real time.

[0753] "Example 1"

[0754] (Claim 1)

[0755] Means for detecting suspicious data,

[0756] A means for analyzing information in order to identify the source of the aforementioned suspicious data,

[0757] Means for generating and transmitting a response to the aforementioned source,

[0758] The means for collecting information from the source in the aforementioned response,

[0759] A means for storing the collected information as evidence,

[0760] Means for sharing the aforementioned evidence with the appropriate organization for legal proceedings,

[0761] When scanning suspicious data, a method of analysis using an artificial intelligence model,

[0762] When generating automated response emails, a means of optimizing the content to be interesting using artificial intelligence,

[0763] A means for analyzing response information from the source and storing the data in a secure storage area,

[0764] A system that includes this.

[0765] (Claim 2)

[0766] The system according to claim 1, which uses the artificial intelligence model to collect source information and optimizes the data analysis and storage processes.

[0767] (Claim 3)

[0768] The system according to claim 1, comprising means for analyzing the suspicious data in real time and generating a response quickly and effectively.

[0769] "Application Example 1"

[0770] (Claim 1)

[0771] A means of detecting suspicious electronic communications,

[0772] A means for analyzing information in order to identify the source of the suspicious electronic communication,

[0773] A means for automatically generating and sending a response to the aforementioned sender,

[0774] A means for collecting information from the sender in the aforementioned response,

[0775] Means for storing the collected information as legal evidence,

[0776] Means for securely storing the collected information and sharing it with appropriate authorities for legal action,

[0777] A means for accessing a communication medium to realize the above means in a smartphone,

[0778] A system that includes this.

[0779] (Claim 2)

[0780] The system according to claim 1, further comprising means for optimizing the content based on the prompt sentence using a generating artificial intelligence model when generating the aforementioned response.

[0781] (Claim 3)

[0782] The system according to claim 1, comprising means for analyzing the aforementioned suspicious electronic communications in real time and for rapidly generating and transmitting a response for identifying the source.

[0783] "Example 2 of combining an emotion engine"

[0784] (Claim 1)

[0785] A means of detecting suspicious data communications,

[0786] Means for analyzing information in order to identify the source of the suspicious data communication,

[0787] Means for generating and transmitting a response to the aforementioned transmission source,

[0788] A means of utilizing artificial intelligence to consider the user's emotional state when generating the content of the aforementioned response,

[0789] A means for collecting information from the transmission source in the aforementioned response,

[0790] A means for accumulating the aforementioned collected information as evidence,

[0791] Means for sharing the aforementioned evidence with the appropriate authorities for legal action,

[0792] A means of continuously learning from user emotional data and formulating future response strategies,

[0793] A system that includes this.

[0794] (Claim 2)

[0795] The system according to claim 1, further comprising means of using artificial intelligence and natural language processing technology to adjust the content according to the user's emotional state when generating the aforementioned response.

[0796] (Claim 3)

[0797] The system according to claim 1, further comprising means for analyzing the suspicious data communications in real time and generating a response quickly.

[0798] "Application example 2 when combining with an emotional engine"

[0799] (Claim 1)

[0800] Means for detecting suspicious information communications,

[0801] A means for analyzing records in order to identify the source of the suspicious information communication,

[0802] Means for generating and transmitting a response to the aforementioned source,

[0803] A means for collecting records from the source based on the aforementioned response,

[0804] Means for preserving the aforementioned collected records as evidence,

[0805] Means for sharing the aforementioned evidence with the appropriate organization for legal proceedings,

[0806] A means of recognizing the user's emotional state and optimizing it to reflect it in the response,

[0807] A system that includes this.

[0808] (Claim 2)

[0809] The system according to claim 1, further comprising means for generating an optimal prompt sentence based on the user's emotional state using a generation AI model when generating the aforementioned response.

[0810] (Claim 3)

[0811] The system according to claim 1, comprising means for immediately analyzing the suspicious information communication, thereby quickly recognizing emotions and generating an appropriate response. [Explanation of Symbols]

[0812] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots< / url:> < / url:> < / url:> < / url:>

Claims

1. Means for detecting suspicious electronic communications, A means for analyzing information in order to identify the source of the suspicious electronic communication, Means for generating and sending a response to the aforementioned sender, A means for collecting information from the sender in the aforementioned response, A means for storing the collected information as evidence, Means for sharing the aforementioned evidence with the appropriate authorities for legal action, A system that includes this.

2. The system according to claim 1, further comprising means for optimizing the content using artificial intelligence when generating the aforementioned response.

3. The system according to claim 1, further comprising means for rapidly generating a response by analyzing the aforementioned suspicious electronic communications in real time.