system

An information processing device automates data collection and analysis to improve the efficiency and accuracy of security evaluations, addressing the inefficiencies and expertise dependence of traditional methods.

JP2026105503APending Publication Date: 2026-06-26SOFTBANK GROUP CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
SOFTBANK GROUP CORP
Filing Date
2024-12-16
Publication Date
2026-06-26

Smart Images

  • Figure 2026105503000001_ABST
    Figure 2026105503000001_ABST
Patent Text Reader

Abstract

We provide the system. [Solution] The information processing device provides a means for automatically collecting data from the target digital resources, A means of analyzing the collected data and automatically filling out an evaluation form for security assessment, A means for evaluating risk indicators based on analyzed data and calculating a risk score, A means of proposing improvement measures and generating a detailed report based on the evaluation results, A means for verifying evaluation results on a general-purpose computer used by the user and reviewing improvement measures, A system that includes this.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The technology of the present disclosure relates to a system.

Background Art

[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, including steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a character of the chatbot, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance in response to the user utterance.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] In modern system development and service introduction, security checks are important. However, most of them require high labor and time, and there is also a problem that the accuracy of analysis varies greatly depending on the experience of the person in charge. In addition, there is a lack of means for adapting to rapidly evolving security standards, and in particular, it is required to accurately and efficiently perform security evaluations related to AI. Against this background, it is necessary to provide an efficient means for improving the accuracy of security evaluations and reducing time and labor.

Means for Solving the Problems

[0005] This invention provides a means for an information processing device to automatically collect data from a target information source. It includes means for analyzing the collected data and automatically filling out a security assessment checklist based on the analysis. Furthermore, by providing means for evaluating risk levels and calculating risk scores based on the analyzed data, it enables rapid and accurate assessment of security risks. It also provides means for suggesting and reporting improvement measures based on the assessment results, thereby optimizing the security strategy. This configuration significantly reduces the effort and time required for security checks and improves the accuracy of the analysis.

[0006] An "information processing device" is a computer system equipped with the functions to collect, analyze, and evaluate various types of data.

[0007] "Target information sources" refer to a collection of internal and external databases and documents that provide the data necessary for conducting security checks.

[0008] "Data" refers to a collection of information that an information processing device needs to perform analysis and evaluation.

[0009] "Collection" is the process by which an information processing device obtains the necessary data from a target information source.

[0010] "Analysis" is the process of processing collected data in order to understand its content and characteristics.

[0011] "Security assessment" is the process of determining whether a system or service meets appropriate security standards.

[0012] A "checklist" is a document used to organize the results of a security assessment and record necessary information.

[0013] "Automatic entry" refers to a function that inputs information into a checklist without manual intervention, based on data collected and analyzed by an information processing device.

[0014] "Risk level" is an indicator that shows the severity and impact of potential security vulnerabilities in a system or service.

[0015] "Risk score" is an evaluation value expressed as a numerical value that quantifies the risk level.

[0016] "Improvement measures" are recommended actions or means to address identified security issues and reduce or eliminate risks.

[0017] "Report" is the process of providing information to communicate the results of a security assessment and improvement measures to interested parties.

Brief Description of the Drawings

[0018] [Figure 1] It is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] It is a conceptual diagram showing an example of the main functions of a data processing device and a smart device according to the first embodiment. [Figure 3] It is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] It is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] It is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] It is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] It is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] It is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] It shows an emotion map to which a plurality of emotions are mapped. [Figure 10]Shows an emotion map to which a plurality of emotions are mapped. [Figure 11] It is a sequence diagram showing the processing flow of the data processing system in Embodiment 1. [Figure 12] It is a sequence diagram showing the processing flow of the data processing system in Application Example 1. [Figure 13] It is a sequence diagram showing the processing flow of the data processing system in Embodiment 2 when an emotion engine is combined. [Figure 14] It is a sequence diagram showing the processing flow of the data processing system in Application Example 2 when an emotion engine is combined.

Mode for Carrying Out the Invention

[0019] Hereinafter, an example of an embodiment of a system according to the technology of the present disclosure will be described with reference to the accompanying drawings.

[0020] First, the terms used in the following description will be explained.

[0021] In the following embodiments, a numbered processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of a plurality of arithmetic units. Also, the processor may be a single type of arithmetic unit or a combination of a plurality of types of arithmetic units. Examples of arithmetic units include a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), a GPGPU (General-Purpose computing on Graphics Processing Units), an APU (Accelerated Processing Unit), and the like.

[0022] In the following embodiments, a numbered RAM (Random Access Memory) is a memory in which information is temporarily stored and is used as a work memory by the processor.

[0023] In the following embodiments, the signed storage is one or more non-volatile storage devices that store various programs and various parameters. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes.

[0024] In the following embodiments, the signed communication interface (I / F) is an interface that includes a communication processor and an antenna, etc. The communication interface manages communication between multiple computers. Examples of communication standards applicable to the communication interface include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).

[0025] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B." That is, "A and / or B" means that it may be A alone, or B alone, or a combination of A and B. Furthermore, in this specification, the same concept as "A and / or B" applies when expressing three or more things linked by "and / or."

[0026] [First Embodiment]

[0027] Figure 1 shows an example of the configuration of the data processing system 10 according to the first embodiment.

[0028] As shown in Figure 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.

[0029] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0030] The smart device 14 comprises a computer 36, a reception device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The reception device 38, output device 40, and camera 42 are also connected to the bus 52.

[0031] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, etc., and receives user input. The touch panel 38A receives user input by detecting contact with an object (e.g., a pen or finger). The microphone 38B receives user input by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the data indicating the user input.

[0032] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user 20 by outputting the data in a form perceptible to the user 20 (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.

[0033] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.

[0034] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.

[0035] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.

[0036] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0037] In the smart device 14, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The reception output program 60 is used in conjunction with a specific processing program 56 by the data processing system 10. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0038] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".

[0039] This invention relates to an information processing device and a security evaluation system. This system has the function of automatically generating a checklist based on security evaluations by collecting necessary data from various digital information sources. The embodiments for carrying out this invention will be described below from the perspectives of the server, terminal, and user.

[0040] The server first automatically collects data about the target system or service. This collection can employ various methods, including API calls and web scraping techniques to retrieve publicly available information. For example, the server can automatically extract specifications and security documents for SaaS services.

[0041] The collected data is analyzed on a server. This process may utilize natural language processing techniques to extract security-related information from the data. Based on the analyzed information, the server automatically fills out a security checklist and calculates the risk associated with each item.

[0042] Furthermore, the server evaluates the risk level from the analysis results and calculates a risk score based on that. This risk assessment is performed by referring to international security standards and established baseline values, objectively measuring the security of the implemented systems and services.

[0043] After analysis and evaluation are complete, the server, including the AI ​​agent, presents improvement suggestions to the user. These suggestions are based on known best practices and historical data. For example, in response to security risks identified as vulnerabilities, the server may suggest system upgrades or configuration changes.

[0044] The report is generated by the server and provided to the user. This report includes detailed risk assessments and recommended corrective actions, serving as a crucial resource for users in developing their security strategy. Based on the detailed report received from the server, users can seek further external assistance or entrust investigation and response to a dedicated security team.

[0045] In this way, the system according to the present invention improves the accuracy of security assessments, significantly reduces the workload, and enhances the security of systems and services.

[0046] The following describes the processing flow.

[0047] Step 1:

[0048] The server accesses information sources for the target systems and services specified by the user and automatically collects the necessary data using APIs and web scraping techniques. Local log data and configuration files are sent from the terminal and supplemented as additional information.

[0049] Step 2:

[0050] The server analyzes the collected data using natural language processing technology and automatically fills in the necessary items on a security checklist. This includes security-related information such as encryption methods and authentication methods.

[0051] Step 3:

[0052] The server operates a risk analysis engine based on the analyzed data to assess the risk level. Here, it calculates a risk score for each item by referring to historical databases and configurable security criteria.

[0053] Step 4:

[0054] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. These suggestions include identifying vulnerabilities and specific action plans to enhance the security of the system or service.

[0055] Step 5:

[0056] The server generates a detailed report containing evaluation results and improvement suggestions, and provides it to the user. The user uses this report to consider security measures and decide on the countermeasures to be taken.

[0057] (Example 1)

[0058] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."

[0059] In modern information systems, security risks are becoming increasingly diverse, making their assessment and mitigation more complex. Traditional methods often involve manual processes from information gathering to risk assessment and the development of corrective measures, which are inefficient and prone to human error. Furthermore, detailed risk assessments and countermeasures based on international standards and best practices are required, but this demands a high level of expertise, and many organizations struggle to cope. There is a need to solve these problems and improve the accuracy of security assessments.

[0060] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0061] This invention includes a server that automatically collects data from information sources, analyzes the collected data using natural language processing technology to automatically generate security check items, calculates a risk score based on international standards, and generates a report with an AI agent that proposes improvement measures based on the results. This makes it possible to automatically perform highly accurate security assessments and formulate improvement measures without requiring advanced expertise.

[0062] An "information processing device" is an electronic device equipped with functions to automatically collect, analyze, and evaluate data.

[0063] "Data" refers to a collection of information related to a system or service, obtained from various sources.

[0064] "Natural language processing technology" is a technology that enables computers to understand, analyze, and generate human language.

[0065] "Security check items" are specific elements or conditions that need to be examined in order to evaluate the security of an information system.

[0066] A "risk score" is a quantitative representation of the security risk level of an information system, calculated based on collected and analyzed data.

[0067] "International standards" refer to standard criteria for evaluation based on international standards and guidelines related to security.

[0068] An "AI agent" is a software program that uses artificial intelligence technology to automatically perform specific tasks.

[0069] "Improvement measures" are specific actions or processes proposed to reduce or eliminate identified risks.

[0070] A "report" is a document that includes details of the assessed security risks and proposed countermeasures.

[0071] This invention aims to automatically evaluate the security of an information system using an information processing device and propose necessary improvement measures. Specific embodiments for carrying out this invention are described below.

[0072] The main components of the system are servers, terminals, and users.

[0073] The server's primary role is to automatically collect data related to the target information system or service. Specifically, it can obtain log data and configuration information using API calls, or collect publicly available documents using web scraping techniques. The collected data is stored on the server and prepared for further processing.

[0074] Next, the server analyzes the collected data using natural language processing technology. This analysis extracts security-related information from the data and generates security check items. For example, it analyzes the security settings of a cloud storage service to identify vulnerabilities and areas for improvement.

[0075] Based on the analysis results, the server assesses the risk level and calculates a risk score. This assessment process takes into account international standards and configurable threshold values. Depending on the assessed risk level, the server uses an AI agent to suggest improvement measures to the user. These suggestions may include recommendations for specific configuration changes or updates.

[0076] Finally, the server generates and provides the user with a report based on the overall assessment results. This report includes a detailed risk assessment and improvement measures, which the user can use to develop a security strategy for their own system.

[0077] As a concrete example, when a server performs a security assessment of a company's cloud service, it first obtains security configuration data via an API, and then analyzes it using natural language processing. Based on the analysis results, the user is presented with specific improvement suggestions, such as "implementing two-factor authentication" or "revising data encryption protocols."

[0078] An example of an input prompt for a generating AI model might be: "Evaluate the security risks of the cloud service and propose improvements. Show which settings are effective in reducing the risks."

[0079] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0080] Step 1:

[0081] The server automatically collects data from its sources. In this step, it uses API calls to retrieve log data and configuration information from the target system and employs web scraping techniques to collect publicly available documents. The input consists of publicly available information and log data, which the server uses to aggregate information and prepare for subsequent analysis. The output is the collected raw data, which is used in the subsequent analysis steps.

[0082] Step 2:

[0083] The server uses natural language processing techniques to analyze the collected data. The input here is the raw data collected in the previous step. Specifically, the server tokenizes the text data and extracts security-related keywords. For example, it extracts important terms such as "vulnerability," "authentication," and "encryption." The output is the analyzed information, which is used in the subsequent risk assessment step.

[0084] Step 3:

[0085] The server evaluates the risk level based on the analysis results and calculates a risk score. The input is the data analyzed in the previous step, and the output is the risk level and risk score. Specifically, the server refers to international standards and set baseline values ​​and performs a numerical risk assessment accordingly. In this process, the risk is scored for each security item.

[0086] Step 4:

[0087] The server uses an AI agent to generate improvement suggestions and present them to the user. The input is the risk score calculated in step 3, and the output is specific improvement measures and recommendations. The AI ​​agent creates the optimal improvement suggestions by referring to past data and best practices. For example, it may issue specific recommendations such as "upgrade the system version" or "strengthen security settings."

[0088] Step 5:

[0089] The user implements specific security measures based on improvement suggestions provided by the server. The input is the server's report and improvement suggestions, and the output is the enhanced security status. The user takes specific actions, such as changing system settings or installing new security software, to apply the recommended measures.

[0090] (Application Example 1)

[0091] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart device 14 will be referred to as the "terminal."

[0092] In today's digital society, there is a need to comprehensively and efficiently manage the security risks of the diverse digital devices and services used by individuals and businesses. However, current manual methods and management through individual applications make it difficult to quickly grasp the overall picture of risks and implement appropriate countermeasures. On the other hand, deficiencies in these security measures can lead to data breaches and privacy violations, potentially causing significant damage. To address these challenges, there is a need for a system that can perform rapid and accurate security assessments and propose countermeasures using automated methods.

[0093] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0094] In this invention, the server includes means for automatically collecting data from target digital resources using an information processing device, means for analyzing the collected data and automatically filling in an evaluation sheet for security assessment, and means for evaluating risk indicators based on the analyzed data and calculating a risk score. This enables users to quickly grasp the security risks of their digital environment and review and implement appropriate improvement measures.

[0095] An "information processing device" is a computer system that handles digital information and performs data collection, analysis, evaluation, and presentation.

[0096] "Digital resources" refer to data and services managed within an environment that utilizes information technology, including networks, applications, and cloud services.

[0097] "Automated data collection" refers to the process of collecting information by a system based on pre-set conditions, without user intervention.

[0098] "Analysis" is the process of evaluating collected data and extracting and interpreting information according to a specific purpose.

[0099] An "evaluation sheet" is a document that organizes and visualizes security-related information based on the results of data analysis.

[0100] A "risk indicator" is a numerical value or standard used to quantitatively show the degree and nature of security risks.

[0101] A "risk score" is a numerical value calculated based on risk indicators, and it indicates the level of potential security risk.

[0102] "Review" is the process of scrutinizing and evaluating the proposed security improvements.

[0103] The system implementing this invention is centered around an information processing device, with a server, terminals, and users collaborating to conduct security assessments. The server first automatically collects necessary data from digital resources such as networks, applications, and cloud services using API calls and web scraping techniques. The collected data is analyzed using natural language processing technology running on the server to extract security-related information.

[0104] The server then evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, it uses configurable baseline indicators to ensure an objective and standardized evaluation. The evaluation results are automatically recorded as an evaluation sheet on the user's general-purpose computer.

[0105] Users review the provided evaluation sheet and revise their security strategy based on the improvement measures suggested by the server. For example, if a new location-based access is detected in a social networking application in the user's digital environment, the server assesses the risk and suggests restricting location-based access. This allows users to take swift action.

[0106] This system utilizes a smartphone application built with Swift or Java (registered trademark) on the client side, APIs using Python and Flask / Django on the server side, and spaCy for data analysis. It also includes data processing using AWS (registered trademark) Lambda and data storage using Amazon S3 as cloud infrastructure. Overall, it is a system capable of quickly analyzing risks in a user's digital environment and providing concrete improvement measures.

[0107] An example of a prompt message is: "Given the latest software update data, identify any changes in security policies and evaluate associated risks. Suggest relevant actions to enhance security compliance."

[0108] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0109] Step 1:

[0110] The server collects data from digital resources. Specifically, it uses API calls and web scraping techniques to obtain publicly available information from various systems and services. The input consists of the URLs and API endpoints of the target digital resources, and the output is the raw data extracted from them.

[0111] Step 2:

[0112] The server analyzes the collected data. Using natural language processing techniques, it extracts security-related information from the data. For example, it identifies changes in security policies and risk factors within the collected data. The input is the raw data collected in step 1, and the output is the analyzed information.

[0113] Step 3:

[0114] The server evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, data calculations are performed based on the established baseline indicators, and the risk level is quantified. The input is the analysis result from step 2, and the output is the risk score.

[0115] Step 4:

[0116] The server generates improvement measures based on the evaluation results and presents them to the user. Using a generative AI model, it proposes specific improvement plans based on best practices. The risk score from step 3 is used as input, and improvement plans are generated as output.

[0117] Step 5:

[0118] The user uses a terminal to review the evaluation sheet and improvement suggestions provided by the server. The user considers specific security proposals and changes system settings as needed. The input is the improvement suggestions from step 4, and the output is the user's actions.

[0119] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0120] This invention provides a security solution that takes user emotions into account by combining an emotion engine with a security evaluation system using an information processing device. This system automatically collects and analyzes data from information sources and performs security checks. During this process, it recognizes the user's emotional state and reflects that information in the analysis and suggestion of improvement measures.

[0121] When a user accesses the server, it uses an emotion engine to recognize the user's emotions. This process involves analyzing video and audio inputs, identifying emotions by analyzing the user's facial expressions and tone of voice. Based on this emotional state, the server adjusts the analysis results of the collected data to provide the user with the most effective improvement measures.

[0122] In particular, when evaluation results or improvement measures are deemed important and urgent for the user, communication methods that take emotional data into account are employed. For example, if it is detected that the user is feeling anxious, the server will present a message in a polite and calm tone to reassure the user.

[0123] The device dynamically adjusts the interface based on collected emotional data, providing an intuitive and user-friendly interface. This dynamic adjustment of the interface can improve the user experience.

[0124] Sentimental information is also taken into consideration when generating reports. Visuals and language choices are adjusted to make it easier for users to understand risks and areas for improvement, and further details are provided as needed, allowing for flexible responses tailored to user needs.

[0125] Thus, in embodiments based on the present invention, by integrating an emotion engine, the user's psychological state can be taken into consideration, enabling more effective implementation of security solutions. As a result, improved user experience and enhanced system security efficiency are achieved.

[0126] The following describes the processing flow.

[0127] Step 1:

[0128] The server recognizes the user's emotions using its built-in emotion engine when the user logs into the system. This process analyzes the user's camera footage and microphone audio to estimate their emotions from their facial expressions and tone of voice.

[0129] Step 2:

[0130] The server automatically collects data from target sources, taking into account sentiment data obtained by the sentiment engine. It effectively obtains security-related data using API calls and scraping techniques.

[0131] Step 3:

[0132] The server analyzes the collected data and automatically fills in a security checklist. During this process, natural language processing technology is used to adjust the analysis results based on sentiment data, ensuring that information is presented in a way that respects the user's emotions.

[0133] Step 4:

[0134] The server performs a risk assessment based on the analyzed data and calculates the risk level and risk score. Taking into account configurable thresholds and international standards, it provides the results in a format optimized for the user based on sentiment data.

[0135] Step 5:

[0136] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. Here, customized messages reflecting the recognized emotional state are used to present improvement measures in a specific and easy-to-understand manner.

[0137] Step 6:

[0138] The device generates an interface that is appropriate to the user's emotions and helps the user to readily accept suggestions for improvement. This improves the user's experience.

[0139] Step 7:

[0140] The server generates and provides a report to the user that reflects the evaluation results and improvement suggestions. It uses sentiment information to adjust the report's content, helping users better understand the risks and suggestions.

[0141] (Example 2)

[0142] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart device 14 as the "terminal".

[0143] Traditional security systems, while providing risk assessments and improvement suggestions based on data analysis, often executed specified procedures without considering the user's emotional state. This resulted in problems such as security assessments and improvement measures being difficult for users to understand or causing psychological burden. This could potentially reduce the user experience and the efficiency of the system's security.

[0144] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0145] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for analyzing the collected data and automatically filling in a checklist for security evaluation, and means for analyzing the user's emotions and providing the user with effective improvement measures using generative AI technology. This makes it possible to provide security solutions that take the user's emotional state into account, improving both user experience and security efficiency.

[0146] "Information processing equipment" refers to all devices, including computer systems and software, used to collect, analyze, and evaluate data.

[0147] "Automated data collection" refers to the process of acquiring data from specific sources without requiring manual intervention.

[0148] A "security assessment checklist" refers to a document format used to evaluate the security situation based on data analysis results and identify areas for improvement.

[0149] "Risk level" refers to an indicator that numerically or qualitatively assesses the degree of security risk associated with a particular situation or data.

[0150] "Analyzing user emotions" refers to the process of analyzing users' facial expressions and tone of voice to understand their psychological state.

[0151] "Generative AI technology" refers to technology that uses artificial intelligence to automatically generate content and improvement suggestions based on specific conditions and inputs.

[0152] "User interface" refers to the screen configuration and design that provides the display methods and means of operation for users to interact with the system.

[0153] This invention provides a new security solution that takes user emotions into consideration in a security evaluation system using an information processing device. The main components of the system include a server, a terminal, and a user.

[0154] The server first automatically collects data from its sources. This process uses automated scripts and programs to target publicly available information on the internet and internal corporate log data. Next, the server uses natural language processing techniques to analyze the collected data. This allows for efficient identification of security risks and calculation of risk scores.

[0155] To recognize user emotions, the server uses an emotion engine. This engine includes algorithms that analyze facial expression data and voice tone acquired through video cameras and microphones. If the user is feeling anxious, this information is input into a generative AI model, which then generates security improvements based on the user's psychological state.

[0156] As a concrete example, when a user is concerned about the security of the system, the server generates and provides a message such as, "All data is securely protected and constantly monitored." This is text generated by a generative AI model, which is driven by a prompt such as, "Generate a message that will reassure the user when they are feeling uneasy."

[0157] The device dynamically adjusts the user interface based on emotional data to ensure the user receives the optimal interaction. For example, if the device determines that the user is relaxed, the colors and interface movements are adjusted to maintain that relaxed state.

[0158] As described above, by incorporating user emotional states into security solutions, we can improve the user experience and enhance the security efficiency of the system.

[0159] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0160] Step 1:

[0161] The server automatically collects data from the target information source. The input is the information source (e.g., website, log file), and a data collection script is executed based on this input. Specifically, the server retrieves data by making API requests or performing web scraping through the program, and outputs the collected dataset.

[0162] Step 2:

[0163] The server analyzes the collected data and automatically creates a checklist for security assessment. The data collected in Step 1 is used as input, and natural language processing techniques are used to extract security elements from the data. Specifically, the server performs text analysis using a machine learning model, summarizes assessment items based on risk factors and detected threats, and outputs them as analysis results.

[0164] Step 3:

[0165] When a user accesses the system, the server uses an emotion engine to recognize the user's emotions. The input includes the user's video and audio data, and based on this, facial expression analysis algorithms and voice analysis algorithms are applied. Specifically, the server analyzes facial feature points and voice pitch and outputs the detected emotional state.

[0166] Step 4:

[0167] The server, while considering the user's emotional state, uses a generative AI model to suggest effective improvement measures. The analysis results from step 2 and the emotion recognition data from step 3 are used as input, and prompt sentences are sent to the generative AI. Specifically, the server generates prompts, performs procedures to generate messages necessary for improvement, and outputs customized improvement suggestions to be provided to the user.

[0168] Step 5:

[0169] The device dynamically adjusts the user interface based on emotion data and improvement suggestions received from the server. Input includes emotion recognition results and generated improvement messages, which are used to modify user interface elements (color, layout). Specifically, the device automatically changes UI design settings to provide an intuitive user experience while considering the user's psychological state, outputting an easily understandable interface.

[0170] (Application Example 2)

[0171] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as a "server" and the smart device 14 as a "terminal".

[0172] Traditional security evaluation systems often presented mechanical evaluation results without considering the user's emotional state. This could lead to users experiencing stress, anxiety, and discomfort, resulting in a decreased acceptance of security solutions. Furthermore, presenting information without considering the user's psychological state can hinder information transmission and understanding of improvement measures.

[0173] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0174] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for recognizing the user's emotional state and adjusting the analysis results based on the recognition results, and means for suggesting and reporting improvement measures based on the adjusted analysis results. This makes it possible to provide security solutions that take the user's emotional state into consideration.

[0175] An "information processing device" is an electronic device used for the automatic collection, analysis, and evaluation of data.

[0176] "Emotional state" refers to the psychological emotional state of the user, and is perceived from facial expressions and tone of voice.

[0177] "Analysis results" refer to the evaluation and analysis results obtained based on the collected data.

[0178] "Improvement measures" refer to countermeasures and measures proposed based on security assessments.

[0179] "Adjustment" refers to optimizing the acquired data and analysis results based on the user's emotional state.

[0180] "Reporting" refers to notifying or explaining to users about evaluations and improvement measures.

[0181] The system that realizes this invention will be built as an application that runs on a smartphone. First, the server uses the smartphone's front camera and microphone to capture the user's facial expressions and voice in real time and collect data. For this data collection, OpenCV or other facial recognition engines are used, and IBM Watson® Tone Analyzer is used to analyze the user's emotional state from their facial expressions and voice tone.

[0182] Subsequently, the server analyzes the collected data to identify the user's emotional state. Based on the recognized emotional state, the server generates and presents adjusted security analysis results to the user. During this process, the user interface is dynamically adjusted according to the emotional state, allowing the user to operate the interface with confidence.

[0183] For example, when a user attempts to access a website, a smartphone app analyzes the user's facial expression. If the app determines that the user is feeling anxious, the server uses this information to soften the tone of the security warning. The warning message uses simple and direct language, and provides further guidance and information as needed.

[0184] A prompt for effectively using the AI ​​model is: "Generate security notifications based on the user's emotional state. If the user is feeling anxious, the notification should use a gentle tone and provide detailed information." Based on this prompt, the AI ​​model analyzes complex emotional data and develops an approach to provide a more effective user experience.

[0185] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0186] Step 1:

[0187] The user launches the app. The smartphone's front camera and microphone are activated, and the capture of the user's facial expressions and audio data begins. The server then receives the facial image data and audio data as input.

[0188] Step 2:

[0189] The server performs face recognition using facial image data. OpenCV is used for this process to extract facial features and input them into an emotion analysis engine. The output is metadata indicating the emotional state.

[0190] Step 3:

[0191] The server analyzes the audio data and identifies the tone of voice. IBM Watson Tone Analyzer is used for this process, inferring emotional states from the voice characteristics. The output generates metadata of the emotional state based on the voice.

[0192] Step 4:

[0193] The server integrates the metadata obtained in steps 2 and 3 to determine the final emotional state. This integration allows for a more accurate emotional assessment by combining information on facial expressions and tone of voice.

[0194] Step 5:

[0195] The server adjusts security analysis results based on the user's emotional state and generates a message to present to the user. The input consists of existing security analysis data and the user's final emotional state, and the output is an adjusted security notification message.

[0196] Step 6:

[0197] The device displays security notifications tailored to the user. The user interface dynamically changes according to the user's emotional state, adjusting the tone and content of messages to improve user experience. The output is a notification screen that the user can intuitively operate.

[0198] Step 7:

[0199] The user reviews the security notification and selects an action. The selected action is sent back to the server, and additional instructions or guidance are output as needed.

[0200] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.

[0201] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> ), Gemini (registered trademark) (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0202] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart device 14.

[0203] [Second Embodiment]

[0204] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.

[0205] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.

[0206] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0207] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.

[0208] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0209] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).

[0210] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0211] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0212] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.

[0213] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0214] In the smart glasses 214, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0215] Next, the identification processing performed by the identification processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".

[0216] This invention relates to an information processing device and a security evaluation system. This system has the function of automatically generating a checklist based on security evaluations by collecting necessary data from various digital information sources. The embodiments for carrying out this invention will be described below from the perspectives of the server, terminal, and user.

[0217] The server first automatically collects data about the target system or service. This collection can employ various methods, including API calls and web scraping techniques to retrieve publicly available information. For example, the server can automatically extract specifications and security documents for SaaS services.

[0218] The collected data is analyzed on a server. This process may utilize natural language processing techniques to extract security-related information from the data. Based on the analyzed information, the server automatically fills out a security checklist and calculates the risk associated with each item.

[0219] Furthermore, the server evaluates the risk level from the analysis results and calculates a risk score based on that. This risk assessment is performed by referring to international security standards and established baseline values, objectively measuring the security of the implemented systems and services.

[0220] After analysis and evaluation are complete, the server, including the AI ​​agent, presents improvement suggestions to the user. These suggestions are based on known best practices and historical data. For example, in response to security risks identified as vulnerabilities, the server may suggest system upgrades or configuration changes.

[0221] The report is generated by the server and provided to the user. This report includes detailed risk assessments and recommended corrective actions, serving as a crucial resource for users in developing their security strategy. Based on the detailed report received from the server, users can seek further external assistance or entrust investigation and response to a dedicated security team.

[0222] In this way, the system according to the present invention improves the accuracy of security assessments, significantly reduces the workload, and enhances the security of systems and services.

[0223] The following describes the processing flow.

[0224] Step 1:

[0225] The server accesses information sources for the target systems and services specified by the user and automatically collects the necessary data using APIs and web scraping techniques. Local log data and configuration files are sent from the terminal and supplemented as additional information.

[0226] Step 2:

[0227] The server analyzes the collected data using natural language processing technology and automatically fills in the necessary items on a security checklist. This includes security-related information such as encryption methods and authentication methods.

[0228] Step 3:

[0229] The server operates a risk analysis engine based on the analyzed data to assess the risk level. Here, it calculates a risk score for each item by referring to historical databases and configurable security criteria.

[0230] Step 4:

[0231] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. These suggestions include identifying vulnerabilities and specific action plans to enhance the security of the system or service.

[0232] Step 5:

[0233] The server generates a detailed report containing evaluation results and improvement suggestions, and provides it to the user. The user uses this report to consider security measures and decide on the countermeasures to be taken.

[0234] (Example 1)

[0235] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."

[0236] In modern information systems, security risks are becoming increasingly diverse, making their assessment and mitigation more complex. Traditional methods often involve manual processes from information gathering to risk assessment and the development of corrective measures, which are inefficient and prone to human error. Furthermore, detailed risk assessments and countermeasures based on international standards and best practices are required, but this demands a high level of expertise, and many organizations struggle to cope. There is a need to solve these problems and improve the accuracy of security assessments.

[0237] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0238] This invention includes a server that automatically collects data from information sources, analyzes the collected data using natural language processing technology to automatically generate security check items, calculates a risk score based on international standards, and generates a report with an AI agent that proposes improvement measures based on the results. This makes it possible to automatically perform highly accurate security assessments and formulate improvement measures without requiring advanced expertise.

[0239] An "information processing device" is an electronic device equipped with functions to automatically collect, analyze, and evaluate data.

[0240] "Data" refers to a collection of information related to a system or service, obtained from various sources.

[0241] "Natural language processing technology" is a technology that enables computers to understand, analyze, and generate human language.

[0242] "Security check items" are specific elements or conditions that need to be examined in order to evaluate the security of an information system.

[0243] A "risk score" is a quantitative representation of the security risk level of an information system, calculated based on collected and analyzed data.

[0244] "International standards" refer to standard criteria for evaluation based on international standards and guidelines related to security.

[0245] An "AI agent" is a software program that uses artificial intelligence technology to automatically perform specific tasks.

[0246] "Improvement measures" are specific actions or processes proposed to reduce or eliminate identified risks.

[0247] A "report" is a document that includes details of the assessed security risks and proposed countermeasures.

[0248] This invention aims to automatically evaluate the security of an information system using an information processing device and propose necessary improvement measures. Specific embodiments for carrying out this invention are described below.

[0249] The main components of the system are servers, terminals, and users.

[0250] The server's primary role is to automatically collect data related to the target information system or service. Specifically, it can obtain log data and configuration information using API calls, or collect publicly available documents using web scraping techniques. The collected data is stored on the server and prepared for further processing.

[0251] Next, the server analyzes the collected data using natural language processing technology. This analysis extracts security-related information from the data and generates security check items. For example, it analyzes the security settings of a cloud storage service to identify vulnerabilities and areas for improvement.

[0252] Based on the analysis results, the server assesses the risk level and calculates a risk score. This assessment process takes into account international standards and configurable threshold values. Depending on the assessed risk level, the server uses an AI agent to suggest improvement measures to the user. These suggestions may include recommendations for specific configuration changes or updates.

[0253] Finally, the server generates and provides the user with a report based on the overall assessment results. This report includes a detailed risk assessment and improvement measures, which the user can use to develop a security strategy for their own system.

[0254] As a concrete example, when a server performs a security assessment of a company's cloud service, it first obtains security configuration data via an API, and then analyzes it using natural language processing. Based on the analysis results, the user is presented with specific improvement suggestions, such as "implementing two-factor authentication" or "revising data encryption protocols."

[0255] An example of an input prompt for a generating AI model might be: "Evaluate the security risks of the cloud service and propose improvements. Show which settings are effective in reducing the risks."

[0256] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0257] Step 1:

[0258] The server automatically collects data from its sources. In this step, it uses API calls to retrieve log data and configuration information from the target system and employs web scraping techniques to collect publicly available documents. The input consists of publicly available information and log data, which the server uses to aggregate information and prepare for subsequent analysis. The output is the collected raw data, which is used in the subsequent analysis steps.

[0259] Step 2:

[0260] The server uses natural language processing techniques to analyze the collected data. The input here is the raw data collected in the previous step. Specifically, the server tokenizes the text data and extracts security-related keywords. For example, it extracts important terms such as "vulnerability," "authentication," and "encryption." The output is the analyzed information, which is used in the subsequent risk assessment step.

[0261] Step 3:

[0262] The server evaluates the risk level based on the analysis results and calculates a risk score. The input is the data analyzed in the previous step, and the output is the risk level and risk score. Specifically, the server refers to international standards and set baseline values ​​and performs a numerical risk assessment accordingly. In this process, the risk is scored for each security item.

[0263] Step 4:

[0264] The server uses an AI agent to generate improvement suggestions and present them to the user. The input is the risk score calculated in step 3, and the output is specific improvement measures and recommendations. The AI ​​agent creates the optimal improvement suggestions by referring to past data and best practices. For example, it may issue specific recommendations such as "upgrade the system version" or "strengthen security settings."

[0265] Step 5:

[0266] The user implements specific security measures based on improvement suggestions provided by the server. The input is the server's report and improvement suggestions, and the output is the enhanced security status. The user takes specific actions, such as changing system settings or installing new security software, to apply the recommended measures.

[0267] (Application Example 1)

[0268] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."

[0269] In today's digital society, there is a need to comprehensively and efficiently manage the security risks of the diverse digital devices and services used by individuals and businesses. However, current manual methods and management through individual applications make it difficult to quickly grasp the overall picture of risks and implement appropriate countermeasures. On the other hand, deficiencies in these security measures can lead to data breaches and privacy violations, potentially causing significant damage. To address these challenges, there is a need for a system that can perform rapid and accurate security assessments and propose countermeasures using automated methods.

[0270] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0271] In this invention, the server includes means for automatically collecting data from target digital resources using an information processing device, means for analyzing the collected data and automatically filling in an evaluation sheet for security assessment, and means for evaluating risk indicators based on the analyzed data and calculating a risk score. This enables users to quickly grasp the security risks of their digital environment and review and implement appropriate improvement measures.

[0272] An "information processing device" is a computer system that handles digital information and performs data collection, analysis, evaluation, and presentation.

[0273] "Digital resources" refer to data and services managed within an environment that utilizes information technology, including networks, applications, and cloud services.

[0274] "Automated data collection" refers to the process of collecting information by a system based on pre-set conditions, without user intervention.

[0275] "Analysis" is the process of evaluating collected data and extracting and interpreting information according to a specific purpose.

[0276] An "evaluation sheet" is a document that organizes and visualizes security-related information based on the results of data analysis.

[0277] A "risk indicator" is a numerical value or standard used to quantitatively show the degree and nature of security risks.

[0278] A "risk score" is a numerical value calculated based on risk indicators, and it indicates the level of potential security risk.

[0279] "Review" is the process of scrutinizing and evaluating the proposed security improvements.

[0280] The system implementing this invention is centered around an information processing device, with a server, terminals, and users collaborating to conduct security assessments. The server first automatically collects necessary data from digital resources such as networks, applications, and cloud services using API calls and web scraping techniques. The collected data is analyzed using natural language processing technology running on the server to extract security-related information.

[0281] The server further evaluates risk indicators based on the analyzed information and calculates a risk score. At this time, an objective and standardized evaluation is performed by referring to configurable reference indicators. The evaluation results are automatically filled in as an evaluation form on the general-purpose computer used by the user.

[0282] The user reviews the provided evaluation form and revises the security strategy based on the improvement measures presented by the server. For example, if a new addition of location information access is detected in the SNS application in the user's digital environment, the server evaluates the risk and proposes restrictions on location information access. This enables the user to respond promptly.

[0283] In this system, on the client side, a smartphone application built using Swift or Java, on the server side, an API using Python and Flask / Django, and spaCy etc. are used for data analysis. Also, data processing using AWS Lambda and data storage using Amazon S3 are included as cloud infrastructure. Overall, it is a system capable of quickly analyzing the risks in the user's digital environment and providing specific improvement measures.

[0284] An example of a prompt sentence is "Given the latest software update data, identify any changes in security policies and evaluate associated risks. Suggest relevant actions to enhance security compliance."

[0285] The flow of the specific process in Application Example 1 will be described using FIG. 12.

[0286] Step 1:

[0287] The server collects data from digital resources. Specifically, it uses API calls and web scraping techniques to obtain publicly available information from various systems and services. The input consists of the URLs and API endpoints of the target digital resources, and the output is the raw data extracted from them.

[0288] Step 2:

[0289] The server analyzes the collected data. Using natural language processing techniques, it extracts security-related information from the data. For example, it identifies changes in security policies and risk factors within the collected data. The input is the raw data collected in step 1, and the output is the analyzed information.

[0290] Step 3:

[0291] The server evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, data calculations are performed based on the established baseline indicators, and the risk level is quantified. The input is the analysis result from step 2, and the output is the risk score.

[0292] Step 4:

[0293] The server generates improvement measures based on the evaluation results and presents them to the user. Using a generative AI model, it proposes specific improvement plans based on best practices. The risk score from step 3 is used as input, and improvement plans are generated as output.

[0294] Step 5:

[0295] The user uses a terminal to review the evaluation sheet and improvement suggestions provided by the server. The user considers specific security proposals and changes system settings as needed. The input is the improvement suggestions from step 4, and the output is the user's actions.

[0296] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0297] This invention provides a security solution that takes user emotions into account by combining an emotion engine with a security evaluation system using an information processing device. This system automatically collects and analyzes data from information sources and performs security checks. During this process, it recognizes the user's emotional state and reflects that information in the analysis and suggestion of improvement measures.

[0298] When a user accesses the server, it uses an emotion engine to recognize the user's emotions. This process involves analyzing video and audio inputs, identifying emotions by analyzing the user's facial expressions and tone of voice. Based on this emotional state, the server adjusts the analysis results of the collected data to provide the user with the most effective improvement measures.

[0299] In particular, when evaluation results or improvement measures are deemed important and urgent for the user, communication methods that take emotional data into account are employed. For example, if it is detected that the user is feeling anxious, the server will present a message in a polite and calm tone to reassure the user.

[0300] The device dynamically adjusts the interface based on collected emotional data, providing an intuitive and user-friendly interface. This dynamic adjustment of the interface can improve the user experience.

[0301] Sentimental information is also taken into consideration when generating reports. Visuals and language choices are adjusted to make it easier for users to understand risks and areas for improvement, and further details are provided as needed, allowing for flexible responses tailored to user needs.

[0302] In this way, in the form based on the present invention, by integrating the emotion engine, the psychological state of the user can be considered, and the security solution can be implemented more effectively. As a result, an improvement in the user experience and an enhancement of the security efficiency of the system are realized.

[0303] The processing flow will be described below.

[0304] Step 1:

[0305] When the user logs in to the system, the server uses the built-in emotion engine to recognize the user's emotion. This is a process of analyzing the user's camera video and microphone audio, and estimating the emotion from the expression and voice tone.

[0306] Step 2:

[0307] The server automatically collects data from the target information source while taking into account the emotion data obtained by the emotion engine. By using API calls and scraping techniques, data related to security is effectively acquired.

[0308] Step 3:

[0309] The server analyzes the collected data and automatically fills it into the security checklist. At this time, by utilizing natural language processing technology and adjusting the analysis results while referring to the emotion data, information presentation that takes into account the user's emotion is performed.

[0310] Step 4:

[0311] The server performs a risk assessment based on the analyzed data and calculates the risk level and risk score. While considering configurable reference values and international standards, the results are provided in the optimal form for the user based on the emotion data.

[0312] Step 5:

[0313] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. Here, customized messages reflecting the recognized emotional state are used to present improvement measures in a specific and easy-to-understand manner.

[0314] Step 6:

[0315] The device generates an interface that is appropriate to the user's emotions and helps the user to readily accept suggestions for improvement. This improves the user's experience.

[0316] Step 7:

[0317] The server generates and provides a report to the user that reflects the evaluation results and improvement suggestions. It uses sentiment information to adjust the report's content, helping users better understand the risks and suggestions.

[0318] (Example 2)

[0319] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the smart glasses 214 will be referred to as the "terminal".

[0320] Traditional security systems, while providing risk assessments and improvement suggestions based on data analysis, often executed specified procedures without considering the user's emotional state. This resulted in problems such as security assessments and improvement measures being difficult for users to understand or causing psychological burden. This could potentially reduce the user experience and the efficiency of the system's security.

[0321] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0322] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for analyzing the collected data and automatically filling in a checklist for security evaluation, and means for analyzing the user's emotions and providing the user with effective improvement measures using generative AI technology. This makes it possible to provide security solutions that take the user's emotional state into account, improving both user experience and security efficiency.

[0323] "Information processing equipment" refers to all devices, including computer systems and software, used to collect, analyze, and evaluate data.

[0324] "Automated data collection" refers to the process of acquiring data from specific sources without requiring manual intervention.

[0325] A "security assessment checklist" refers to a document format used to evaluate the security situation based on data analysis results and identify areas for improvement.

[0326] "Risk level" refers to an indicator that numerically or qualitatively assesses the degree of security risk associated with a particular situation or data.

[0327] "Analyzing user emotions" refers to the process of analyzing users' facial expressions and tone of voice to understand their psychological state.

[0328] "Generative AI technology" refers to technology that uses artificial intelligence to automatically generate content and improvement suggestions based on specific conditions and inputs.

[0329] "User interface" refers to the screen configuration and design that provides the display methods and means of operation for users to interact with the system.

[0330] This invention provides a new security solution that takes user emotions into consideration in a security evaluation system using an information processing device. The main components of the system include a server, a terminal, and a user.

[0331] The server first automatically collects data from its sources. This process uses automated scripts and programs to target publicly available information on the internet and internal corporate log data. Next, the server uses natural language processing techniques to analyze the collected data. This allows for efficient identification of security risks and calculation of risk scores.

[0332] To recognize user emotions, the server uses an emotion engine. This engine includes algorithms that analyze facial expression data and voice tone acquired through video cameras and microphones. If the user is feeling anxious, this information is input into a generative AI model, which then generates security improvements based on the user's psychological state.

[0333] As a concrete example, when a user is concerned about the security of the system, the server generates and provides a message such as, "All data is securely protected and constantly monitored." This is text generated by a generative AI model, which is driven by a prompt such as, "Generate a message that will reassure the user when they are feeling uneasy."

[0334] The device dynamically adjusts the user interface based on emotional data to ensure the user receives the optimal interaction. For example, if the device determines that the user is relaxed, the colors and interface movements are adjusted to maintain that relaxed state.

[0335] As described above, by incorporating user emotional states into security solutions, we can improve the user experience and enhance the security efficiency of the system.

[0336] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0337] Step 1:

[0338] The server automatically collects data from the target information source. The input is the information source (e.g., website, log file), and a data collection script is executed based on this input. Specifically, the server retrieves data by making API requests or performing web scraping through the program, and outputs the collected dataset.

[0339] Step 2:

[0340] The server analyzes the collected data and automatically creates a checklist for security assessment. The data collected in Step 1 is used as input, and natural language processing techniques are used to extract security elements from the data. Specifically, the server performs text analysis using a machine learning model, summarizes assessment items based on risk factors and detected threats, and outputs them as analysis results.

[0341] Step 3:

[0342] When a user accesses the system, the server uses an emotion engine to recognize the user's emotions. The input includes the user's video and audio data, and based on this, facial expression analysis algorithms and voice analysis algorithms are applied. Specifically, the server analyzes facial feature points and voice pitch and outputs the detected emotional state.

[0343] Step 4:

[0344] The server, while considering the user's emotional state, uses a generative AI model to suggest effective improvement measures. The analysis results from step 2 and the emotion recognition data from step 3 are used as input, and prompt sentences are sent to the generative AI. Specifically, the server generates prompts, performs procedures to generate messages necessary for improvement, and outputs customized improvement suggestions to be provided to the user.

[0345] Step 5:

[0346] The device dynamically adjusts the user interface based on emotion data and improvement suggestions received from the server. Input includes emotion recognition results and generated improvement messages, which are used to modify user interface elements (color, layout). Specifically, the device automatically changes UI design settings to provide an intuitive user experience while considering the user's psychological state, outputting an easily understandable interface.

[0347] (Application Example 2)

[0348] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the smart glasses 214 will be referred to as the "terminal."

[0349] Traditional security evaluation systems often presented mechanical evaluation results without considering the user's emotional state. This could lead to users experiencing stress, anxiety, and discomfort, resulting in a decreased acceptance of security solutions. Furthermore, presenting information without considering the user's psychological state can hinder information transmission and understanding of improvement measures.

[0350] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0351] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for recognizing the user's emotional state and adjusting the analysis results based on the recognition results, and means for suggesting and reporting improvement measures based on the adjusted analysis results. This makes it possible to provide security solutions that take the user's emotional state into consideration.

[0352] An "information processing device" is an electronic device used for the automatic collection, analysis, and evaluation of data.

[0353] "Emotional state" refers to the psychological emotional state of the user, and is perceived from facial expressions and tone of voice.

[0354] "Analysis results" refer to the evaluation and analysis results obtained based on the collected data.

[0355] "Improvement measures" refer to countermeasures and measures proposed based on security assessments.

[0356] "Adjustment" refers to optimizing the acquired data and analysis results based on the user's emotional state.

[0357] "Reporting" refers to notifying or explaining to users about evaluations and improvement measures.

[0358] The system that realizes this invention will be built as an application that runs on a smartphone. First, the server uses the smartphone's front camera and microphone to capture the user's facial expressions and voice in real time and collect data. For this data collection, OpenCV or other facial recognition engines are used, and IBM Watson Tone Analyzer or similar tools are used to analyze the user's emotional state from their facial expressions and voice tone.

[0359] Subsequently, the server analyzes the collected data to identify the user's emotional state. Based on the recognized emotional state, the server generates and presents adjusted security analysis results to the user. During this process, the user interface is dynamically adjusted according to the emotional state, allowing the user to operate the interface with confidence.

[0360] For example, when a user attempts to access a website, a smartphone app analyzes the user's facial expression. If the app determines that the user is feeling anxious, the server uses this information to soften the tone of the security warning. The warning message uses simple and direct language, and provides further guidance and information as needed.

[0361] A prompt for effectively using the AI ​​model is: "Generate security notifications based on the user's emotional state. If the user is feeling anxious, the notification should use a gentle tone and provide detailed information." Based on this prompt, the AI ​​model analyzes complex emotional data and develops an approach to provide a more effective user experience.

[0362] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0363] Step 1:

[0364] The user launches the app. The smartphone's front camera and microphone are activated, and the capture of the user's facial expressions and audio data begins. The server then receives the facial image data and audio data as input.

[0365] Step 2:

[0366] The server performs face recognition using facial image data. OpenCV is used for this process to extract facial features and input them into an emotion analysis engine. The output is metadata indicating the emotional state.

[0367] Step 3:

[0368] The server analyzes the audio data and identifies the tone of voice. IBM Watson Tone Analyzer is used for this process, inferring emotional states from the voice characteristics. The output generates metadata of the emotional state based on the voice.

[0369] Step 4:

[0370] The server integrates the metadata obtained in steps 2 and 3 to determine the final emotional state. This integration allows for a more accurate emotional assessment by combining information on facial expressions and tone of voice.

[0371] Step 5:

[0372] The server adjusts security analysis results based on the user's emotional state and generates a message to present to the user. The input consists of existing security analysis data and the user's final emotional state, and the output is an adjusted security notification message.

[0373] Step 6:

[0374] The device displays security notifications tailored to the user. The user interface dynamically changes according to the user's emotional state, adjusting the tone and content of messages to improve user experience. The output is a notification screen that the user can intuitively operate.

[0375] Step 7:

[0376] The user reviews the security notification and selects an action. The selected action is sent back to the server, and additional instructions or guidance are output as needed.

[0377] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0378] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0379] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the smart glasses 214.

[0380] [Third Embodiment]

[0381] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.

[0382] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.

[0383] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0384] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.

[0385] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0386] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).

[0387] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0388] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0389] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.

[0390] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0391] In the headset terminal 314, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0392] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the headset terminal 314 will be referred to as the "terminal".

[0393] This invention relates to an information processing device and a security evaluation system. This system has the function of automatically generating a checklist based on security evaluations by collecting necessary data from various digital information sources. The embodiments for carrying out this invention will be described below from the perspectives of the server, terminal, and user.

[0394] The server first automatically collects data about the target system or service. This collection can employ various methods, including API calls and web scraping techniques to retrieve publicly available information. For example, the server can automatically extract specifications and security documents for SaaS services.

[0395] The collected data is analyzed on a server. This process may utilize natural language processing techniques to extract security-related information from the data. Based on the analyzed information, the server automatically fills out a security checklist and calculates the risk associated with each item.

[0396] Furthermore, the server evaluates the risk level from the analysis results and calculates a risk score based on that. This risk assessment is performed by referring to international security standards and established baseline values, objectively measuring the security of the implemented systems and services.

[0397] After analysis and evaluation are complete, the server, including the AI ​​agent, presents improvement suggestions to the user. These suggestions are based on known best practices and historical data. For example, in response to security risks identified as vulnerabilities, the server may suggest system upgrades or configuration changes.

[0398] The report is generated by the server and provided to the user. This report includes detailed risk assessments and recommended corrective actions, serving as a crucial resource for users in developing their security strategy. Based on the detailed report received from the server, users can seek further external assistance or entrust investigation and response to a dedicated security team.

[0399] In this way, the system according to the present invention improves the accuracy of security assessments, significantly reduces the workload, and enhances the security of systems and services.

[0400] The following describes the processing flow.

[0401] Step 1:

[0402] The server accesses information sources for the target systems and services specified by the user and automatically collects the necessary data using APIs and web scraping techniques. Local log data and configuration files are sent from the terminal and supplemented as additional information.

[0403] Step 2:

[0404] The server analyzes the collected data using natural language processing technology and automatically fills in the necessary items on a security checklist. This includes security-related information such as encryption methods and authentication methods.

[0405] Step 3:

[0406] The server operates a risk analysis engine based on the analyzed data to assess the risk level. Here, it calculates a risk score for each item by referring to historical databases and configurable security criteria.

[0407] Step 4:

[0408] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. These suggestions include identifying vulnerabilities and specific action plans to enhance the security of the system or service.

[0409] Step 5:

[0410] The server generates a detailed report containing evaluation results and improvement suggestions, and provides it to the user. The user uses this report to consider security measures and decide on the countermeasures to be taken.

[0411] (Example 1)

[0412] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0413] In modern information systems, security risks are becoming increasingly diverse, making their assessment and mitigation more complex. Traditional methods often involve manual processes from information gathering to risk assessment and the development of corrective measures, which are inefficient and prone to human error. Furthermore, detailed risk assessments and countermeasures based on international standards and best practices are required, but this demands a high level of expertise, and many organizations struggle to cope. There is a need to solve these problems and improve the accuracy of security assessments.

[0414] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0415] This invention includes a server that automatically collects data from information sources, analyzes the collected data using natural language processing technology to automatically generate security check items, calculates a risk score based on international standards, and generates a report with an AI agent that proposes improvement measures based on the results. This makes it possible to automatically perform highly accurate security assessments and formulate improvement measures without requiring advanced expertise.

[0416] An "information processing device" is an electronic device equipped with functions to automatically collect, analyze, and evaluate data.

[0417] "Data" refers to a collection of information related to a system or service, obtained from various sources.

[0418] "Natural language processing technology" is a technology that enables computers to understand, analyze, and generate human language.

[0419] "Security check items" are specific elements or conditions that need to be examined in order to evaluate the security of an information system.

[0420] A "risk score" is a quantitative representation of the security risk level of an information system, calculated based on collected and analyzed data.

[0421] "International standards" refer to standard criteria for evaluation based on international standards and guidelines related to security.

[0422] An "AI agent" is a software program that uses artificial intelligence technology to automatically perform specific tasks.

[0423] "Improvement measures" are specific actions or processes proposed to reduce or eliminate identified risks.

[0424] A "report" is a document that includes details of the assessed security risks and proposed countermeasures.

[0425] This invention aims to automatically evaluate the security of an information system using an information processing device and propose necessary improvement measures. Specific embodiments for carrying out this invention are described below.

[0426] The main components of the system are servers, terminals, and users.

[0427] The server's primary role is to automatically collect data related to the target information system or service. Specifically, it can obtain log data and configuration information using API calls, or collect publicly available documents using web scraping techniques. The collected data is stored on the server and prepared for further processing.

[0428] Next, the server analyzes the collected data using natural language processing technology. This analysis extracts security-related information from the data and generates security check items. For example, it analyzes the security settings of a cloud storage service to identify vulnerabilities and areas for improvement.

[0429] Based on the analysis results, the server assesses the risk level and calculates a risk score. This assessment process takes into account international standards and configurable threshold values. Depending on the assessed risk level, the server uses an AI agent to suggest improvement measures to the user. These suggestions may include recommendations for specific configuration changes or updates.

[0430] Finally, the server generates and provides the user with a report based on the overall assessment results. This report includes a detailed risk assessment and improvement measures, which the user can use to develop a security strategy for their own system.

[0431] As a concrete example, when a server performs a security assessment of a company's cloud service, it first obtains security configuration data via an API, and then analyzes it using natural language processing. Based on the analysis results, the user is presented with specific improvement suggestions, such as "implementing two-factor authentication" or "revising data encryption protocols."

[0432] An example of an input prompt for a generating AI model might be: "Evaluate the security risks of the cloud service and propose improvements. Show which settings are effective in reducing the risks."

[0433] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0434] Step 1:

[0435] The server automatically collects data from its sources. In this step, it uses API calls to retrieve log data and configuration information from the target system and employs web scraping techniques to collect publicly available documents. The input consists of publicly available information and log data, which the server uses to aggregate information and prepare for subsequent analysis. The output is the collected raw data, which is used in the subsequent analysis steps.

[0436] Step 2:

[0437] The server uses natural language processing techniques to analyze the collected data. The input here is the raw data collected in the previous step. Specifically, the server tokenizes the text data and extracts security-related keywords. For example, it extracts important terms such as "vulnerability," "authentication," and "encryption." The output is the analyzed information, which is used in the subsequent risk assessment step.

[0438] Step 3:

[0439] The server evaluates the risk level based on the analysis results and calculates a risk score. The input is the data analyzed in the previous step, and the output is the risk level and risk score. Specifically, the server refers to international standards and set baseline values ​​and performs a numerical risk assessment accordingly. In this process, the risk is scored for each security item.

[0440] Step 4:

[0441] The server uses an AI agent to generate improvement suggestions and present them to the user. The input is the risk score calculated in step 3, and the output is specific improvement measures and recommendations. The AI ​​agent creates the optimal improvement suggestions by referring to past data and best practices. For example, it may issue specific recommendations such as "upgrade the system version" or "strengthen security settings."

[0442] Step 5:

[0443] The user implements specific security measures based on improvement suggestions provided by the server. The input is the server's report and improvement suggestions, and the output is the enhanced security status. The user takes specific actions, such as changing system settings or installing new security software, to apply the recommended measures.

[0444] (Application Example 1)

[0445] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0446] In today's digital society, there is a need to comprehensively and efficiently manage the security risks of the diverse digital devices and services used by individuals and businesses. However, current manual methods and management through individual applications make it difficult to quickly grasp the overall picture of risks and implement appropriate countermeasures. On the other hand, deficiencies in these security measures can lead to data breaches and privacy violations, potentially causing significant damage. To address these challenges, there is a need for a system that can perform rapid and accurate security assessments and propose countermeasures using automated methods.

[0447] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0448] In this invention, the server includes means for automatically collecting data from target digital resources using an information processing device, means for analyzing the collected data and automatically filling in an evaluation sheet for security assessment, and means for evaluating risk indicators based on the analyzed data and calculating a risk score. This enables users to quickly grasp the security risks of their digital environment and review and implement appropriate improvement measures.

[0449] An "information processing device" is a computer system that handles digital information and performs data collection, analysis, evaluation, and presentation.

[0450] "Digital resources" refer to data and services managed within an environment that utilizes information technology, including networks, applications, and cloud services.

[0451] "Automated data collection" refers to the process of collecting information by a system based on pre-set conditions, without user intervention.

[0452] "Analysis" is the process of evaluating collected data and extracting and interpreting information according to a specific purpose.

[0453] An "evaluation sheet" is a document that organizes and visualizes security-related information based on the results of data analysis.

[0454] A "risk indicator" is a numerical value or standard used to quantitatively show the degree and nature of security risks.

[0455] A "risk score" is a numerical value calculated based on risk indicators, and it indicates the level of potential security risk.

[0456] "Review" is the process of scrutinizing and evaluating the proposed security improvements.

[0457] The system implementing this invention is centered around an information processing device, with a server, terminals, and users collaborating to conduct security assessments. The server first automatically collects necessary data from digital resources such as networks, applications, and cloud services using API calls and web scraping techniques. The collected data is analyzed using natural language processing technology running on the server to extract security-related information.

[0458] The server then evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, it uses configurable baseline indicators to ensure an objective and standardized evaluation. The evaluation results are automatically recorded as an evaluation sheet on the user's general-purpose computer.

[0459] Users review the provided evaluation sheet and revise their security strategy based on the improvement measures suggested by the server. For example, if a new location-based access is detected in a social networking application in the user's digital environment, the server assesses the risk and suggests restricting location-based access. This allows users to take swift action.

[0460] This system utilizes smartphone applications built with Swift or Java on the client side, APIs using Python and Flask / Django on the server side, and spaCy for data analysis. It also includes data processing using AWS Lambda and data storage using Amazon S3 as cloud infrastructure. Overall, it is a system capable of quickly analyzing risks in a user's digital environment and providing concrete improvement measures.

[0461] An example of a prompt message is: "Given the latest software update data, identify any changes in security policies and evaluate associated risks. Suggest relevant actions to enhance security compliance."

[0462] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0463] Step 1:

[0464] The server collects data from digital resources. Specifically, it uses API calls and web scraping techniques to obtain publicly available information from various systems and services. The input consists of the URLs and API endpoints of the target digital resources, and the output is the raw data extracted from them.

[0465] Step 2:

[0466] The server analyzes the collected data. Using natural language processing techniques, it extracts security-related information from the data. For example, it identifies changes in security policies and risk factors within the collected data. The input is the raw data collected in step 1, and the output is the analyzed information.

[0467] Step 3:

[0468] The server evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, data calculations are performed based on the established baseline indicators, and the risk level is quantified. The input is the analysis result from step 2, and the output is the risk score.

[0469] Step 4:

[0470] The server generates improvement measures based on the evaluation results and presents them to the user. Using a generative AI model, it proposes specific improvement plans based on best practices. The risk score from step 3 is used as input, and improvement plans are generated as output.

[0471] Step 5:

[0472] The user uses a terminal to review the evaluation sheet and improvement suggestions provided by the server. The user considers specific security proposals and changes system settings as needed. The input is the improvement suggestions from step 4, and the output is the user's actions.

[0473] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0474] This invention provides a security solution that takes user emotions into account by combining an emotion engine with a security evaluation system using an information processing device. This system automatically collects and analyzes data from information sources and performs security checks. During this process, it recognizes the user's emotional state and reflects that information in the analysis and suggestion of improvement measures.

[0475] When a user accesses the server, it uses an emotion engine to recognize the user's emotions. This process involves analyzing video and audio inputs, identifying emotions by analyzing the user's facial expressions and tone of voice. Based on this emotional state, the server adjusts the analysis results of the collected data to provide the user with the most effective improvement measures.

[0476] In particular, when evaluation results or improvement measures are deemed important and urgent for the user, communication methods that take emotional data into account are employed. For example, if it is detected that the user is feeling anxious, the server will present a message in a polite and calm tone to reassure the user.

[0477] The device dynamically adjusts the interface based on collected emotional data, providing an intuitive and user-friendly interface. This dynamic adjustment of the interface can improve the user experience.

[0478] Sentimental information is also taken into consideration when generating reports. Visuals and language choices are adjusted to make it easier for users to understand risks and areas for improvement, and further details are provided as needed, allowing for flexible responses tailored to user needs.

[0479] Thus, in embodiments based on the present invention, by integrating an emotion engine, the user's psychological state can be taken into consideration, enabling more effective implementation of security solutions. As a result, improved user experience and enhanced system security efficiency are achieved.

[0480] The following describes the processing flow.

[0481] Step 1:

[0482] The server recognizes the user's emotions using its built-in emotion engine when the user logs into the system. This process analyzes the user's camera footage and microphone audio to estimate their emotions from their facial expressions and tone of voice.

[0483] Step 2:

[0484] The server automatically collects data from target sources, taking into account sentiment data obtained by the sentiment engine. It effectively obtains security-related data using API calls and scraping techniques.

[0485] Step 3:

[0486] The server analyzes the collected data and automatically fills in a security checklist. During this process, natural language processing technology is used to adjust the analysis results based on sentiment data, ensuring that information is presented in a way that respects the user's emotions.

[0487] Step 4:

[0488] The server performs a risk assessment based on the analyzed data and calculates the risk level and risk score. Taking into account configurable thresholds and international standards, it provides the results in a format optimized for the user based on sentiment data.

[0489] Step 5:

[0490] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. Here, customized messages reflecting the recognized emotional state are used to present improvement measures in a specific and easy-to-understand manner.

[0491] Step 6:

[0492] The device generates an interface that is appropriate to the user's emotions and helps the user to readily accept suggestions for improvement. This improves the user's experience.

[0493] Step 7:

[0494] The server generates and provides a report to the user that reflects the evaluation results and improvement suggestions. It uses sentiment information to adjust the report's content, helping users better understand the risks and suggestions.

[0495] (Example 2)

[0496] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0497] Traditional security systems, while providing risk assessments and improvement suggestions based on data analysis, often executed specified procedures without considering the user's emotional state. This resulted in problems such as security assessments and improvement measures being difficult for users to understand or causing psychological burden. This could potentially reduce the user experience and the efficiency of the system's security.

[0498] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0499] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for analyzing the collected data and automatically filling in a checklist for security evaluation, and means for analyzing the user's emotions and providing the user with effective improvement measures using generative AI technology. This makes it possible to provide security solutions that take the user's emotional state into account, improving both user experience and security efficiency.

[0500] "Information processing equipment" refers to all devices, including computer systems and software, used to collect, analyze, and evaluate data.

[0501] "Automated data collection" refers to the process of acquiring data from specific sources without requiring manual intervention.

[0502] A "security assessment checklist" refers to a document format used to evaluate the security situation based on data analysis results and identify areas for improvement.

[0503] "Risk level" refers to an indicator that numerically or qualitatively assesses the degree of security risk associated with a particular situation or data.

[0504] "Analyzing user emotions" refers to the process of analyzing users' facial expressions and tone of voice to understand their psychological state.

[0505] "Generative AI technology" refers to technology that uses artificial intelligence to automatically generate content and improvement suggestions based on specific conditions and inputs.

[0506] "User interface" refers to the screen configuration and design that provides the display methods and means of operation for users to interact with the system.

[0507] This invention provides a new security solution that takes user emotions into consideration in a security evaluation system using an information processing device. The main components of the system include a server, a terminal, and a user.

[0508] The server first automatically collects data from its sources. This process uses automated scripts and programs to target publicly available information on the internet and internal corporate log data. Next, the server uses natural language processing techniques to analyze the collected data. This allows for efficient identification of security risks and calculation of risk scores.

[0509] To recognize user emotions, the server uses an emotion engine. This engine includes algorithms that analyze facial expression data and voice tone acquired through video cameras and microphones. If the user is feeling anxious, this information is input into a generative AI model, which then generates security improvements based on the user's psychological state.

[0510] As a concrete example, when a user is concerned about the security of the system, the server generates and provides a message such as, "All data is securely protected and constantly monitored." This is text generated by a generative AI model, which is driven by a prompt such as, "Generate a message that will reassure the user when they are feeling uneasy."

[0511] The device dynamically adjusts the user interface based on emotional data to ensure the user receives the optimal interaction. For example, if the device determines that the user is relaxed, the colors and interface movements are adjusted to maintain that relaxed state.

[0512] As described above, by incorporating user emotional states into security solutions, we can improve the user experience and enhance the security efficiency of the system.

[0513] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0514] Step 1:

[0515] The server automatically collects data from the target information source. The input is the information source (e.g., website, log file), and a data collection script is executed based on this input. Specifically, the server retrieves data by making API requests or performing web scraping through the program, and outputs the collected dataset.

[0516] Step 2:

[0517] The server analyzes the collected data and automatically creates a checklist for security assessment. The data collected in Step 1 is used as input, and natural language processing techniques are used to extract security elements from the data. Specifically, the server performs text analysis using a machine learning model, summarizes assessment items based on risk factors and detected threats, and outputs them as analysis results.

[0518] Step 3:

[0519] When a user accesses the system, the server uses an emotion engine to recognize the user's emotions. The input includes the user's video and audio data, and based on this, facial expression analysis algorithms and voice analysis algorithms are applied. Specifically, the server analyzes facial feature points and voice pitch and outputs the detected emotional state.

[0520] Step 4:

[0521] The server, while considering the user's emotional state, uses a generative AI model to suggest effective improvement measures. The analysis results from step 2 and the emotion recognition data from step 3 are used as input, and prompt sentences are sent to the generative AI. Specifically, the server generates prompts, performs procedures to generate messages necessary for improvement, and outputs customized improvement suggestions to be provided to the user.

[0522] Step 5:

[0523] The device dynamically adjusts the user interface based on emotion data and improvement suggestions received from the server. Input includes emotion recognition results and generated improvement messages, which are used to modify user interface elements (color, layout). Specifically, the device automatically changes UI design settings to provide an intuitive user experience while considering the user's psychological state, outputting an easily understandable interface.

[0524] (Application Example 2)

[0525] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server," and the headset-type terminal 314 will be referred to as the "terminal."

[0526] Traditional security evaluation systems often presented mechanical evaluation results without considering the user's emotional state. This could lead to users experiencing stress, anxiety, and discomfort, resulting in a decreased acceptance of security solutions. Furthermore, presenting information without considering the user's psychological state can hinder information transmission and understanding of improvement measures.

[0527] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0528] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for recognizing the user's emotional state and adjusting the analysis results based on the recognition results, and means for suggesting and reporting improvement measures based on the adjusted analysis results. This makes it possible to provide security solutions that take the user's emotional state into consideration.

[0529] An "information processing device" is an electronic device used for the automatic collection, analysis, and evaluation of data.

[0530] "Emotional state" refers to the psychological emotional state of the user, and is perceived from facial expressions and tone of voice.

[0531] "Analysis results" refer to the evaluation and analysis results obtained based on the collected data.

[0532] "Improvement measures" refer to countermeasures and measures proposed based on security assessments.

[0533] "Adjustment" refers to optimizing the acquired data and analysis results based on the user's emotional state.

[0534] "Reporting" refers to notifying or explaining to users about evaluations and improvement measures.

[0535] The system that realizes this invention will be built as an application that runs on a smartphone. First, the server uses the smartphone's front camera and microphone to capture the user's facial expressions and voice in real time and collect data. For this data collection, OpenCV or other facial recognition engines are used, and IBM Watson Tone Analyzer or similar tools are used to analyze the user's emotional state from their facial expressions and voice tone.

[0536] Subsequently, the server analyzes the collected data to identify the user's emotional state. Based on the recognized emotional state, the server generates and presents adjusted security analysis results to the user. During this process, the user interface is dynamically adjusted according to the emotional state, allowing the user to operate the interface with confidence.

[0537] For example, when a user attempts to access a website, a smartphone app analyzes the user's facial expression. If the app determines that the user is feeling anxious, the server uses this information to soften the tone of the security warning. The warning message uses simple and direct language, and provides further guidance and information as needed.

[0538] A prompt for effectively using the AI ​​model is: "Generate security notifications based on the user's emotional state. If the user is feeling anxious, the notification should use a gentle tone and provide detailed information." Based on this prompt, the AI ​​model analyzes complex emotional data and develops an approach to provide a more effective user experience.

[0539] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0540] Step 1:

[0541] The user launches the app. The smartphone's front camera and microphone are activated, and the capture of the user's facial expressions and audio data begins. The server then receives the facial image data and audio data as input.

[0542] Step 2:

[0543] The server performs face recognition using facial image data. OpenCV is used for this process to extract facial features and input them into an emotion analysis engine. The output is metadata indicating the emotional state.

[0544] Step 3:

[0545] The server analyzes the audio data and identifies the tone of voice. IBM Watson Tone Analyzer is used for this process, inferring emotional states from the voice characteristics. The output generates metadata of the emotional state based on the voice.

[0546] Step 4:

[0547] The server integrates the metadata obtained in steps 2 and 3 to determine the final emotional state. This integration allows for a more accurate emotional assessment by combining information on facial expressions and tone of voice.

[0548] Step 5:

[0549] The server adjusts security analysis results based on the user's emotional state and generates a message to present to the user. The input consists of existing security analysis data and the user's final emotional state, and the output is an adjusted security notification message.

[0550] Step 6:

[0551] The device displays security notifications tailored to the user. The user interface dynamically changes according to the user's emotional state, adjusting the tone and content of messages to improve user experience. The output is a notification screen that the user can intuitively operate.

[0552] Step 7:

[0553] The user reviews the security notification and selects an action. The selected action is sent back to the server, and additional instructions or guidance are output as needed.

[0554] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0555] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0556] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and specific processing may also be performed by the headset terminal 314.

[0557] [Fourth Embodiment]

[0558] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.

[0559] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.

[0560] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 is an example of a "computer" related to the technology of this disclosure. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0561] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.

[0562] The microphone 238 receives voice signals from the user 20 and receives instructions from the user 20. The microphone 238 captures the voice signals from the user 20, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0563] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, and captures images of the area around the user 20 (for example, an imaging range defined by a field of view equivalent to the width of a typical healthy person's field of vision).

[0564] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0565] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. Furthermore, the robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.

[0566] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0567] The specific processing program 56 is an example of a "program" relating to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 in accordance with the specific processing program 56 executed on the RAM 30.

[0568] The storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290.

[0569] In robot 414, the processor 46 performs the reception output processing. The storage 50 stores the reception output program 60. The processor 46 reads the reception output program 60 from the storage 50 and executes the read reception output program 60 on the RAM 48. The reception output processing is realized by the processor 46 operating as a control unit 46A according to the reception output program 60 executed on the RAM 48.

[0570] Next, the specific processing performed by the specific processing unit 290 of the data processing device 12 will be described. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0571] This invention relates to an information processing device and a security evaluation system. This system has the function of automatically generating a checklist based on security evaluations by collecting necessary data from various digital information sources. The embodiments for carrying out this invention will be described below from the perspectives of the server, terminal, and user.

[0572] The server first automatically collects data about the target system or service. This collection can employ various methods, including API calls and web scraping techniques to retrieve publicly available information. For example, the server can automatically extract specifications and security documents for SaaS services.

[0573] The collected data is analyzed on a server. This process may utilize natural language processing techniques to extract security-related information from the data. Based on the analyzed information, the server automatically fills out a security checklist and calculates the risk associated with each item.

[0574] Furthermore, the server evaluates the risk level from the analysis results and calculates a risk score based on that. This risk assessment is performed by referring to international security standards and established baseline values, objectively measuring the security of the implemented systems and services.

[0575] After analysis and evaluation are complete, the server, including the AI ​​agent, presents improvement suggestions to the user. These suggestions are based on known best practices and historical data. For example, in response to security risks identified as vulnerabilities, the server may suggest system upgrades or configuration changes.

[0576] The report is generated by the server and provided to the user. This report includes detailed risk assessments and recommended corrective actions, serving as a crucial resource for users in developing their security strategy. Based on the detailed report received from the server, users can seek further external assistance or entrust investigation and response to a dedicated security team.

[0577] In this way, the system according to the present invention improves the accuracy of security assessments, significantly reduces the workload, and enhances the security of systems and services.

[0578] The following describes the processing flow.

[0579] Step 1:

[0580] The server accesses information sources for the target systems and services specified by the user and automatically collects the necessary data using APIs and web scraping techniques. Local log data and configuration files are sent from the terminal and supplemented as additional information.

[0581] Step 2:

[0582] The server analyzes the collected data using natural language processing technology and automatically fills in the necessary items on a security checklist. This includes security-related information such as encryption methods and authentication methods.

[0583] Step 3:

[0584] The server operates a risk analysis engine based on the analyzed data to assess the risk level. Here, it calculates a risk score for each item by referring to historical databases and configurable security criteria.

[0585] Step 4:

[0586] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. These suggestions include identifying vulnerabilities and specific action plans to enhance the security of the system or service.

[0587] Step 5:

[0588] The server generates a detailed report containing evaluation results and improvement suggestions, and provides it to the user. The user uses this report to consider security measures and decide on the countermeasures to be taken.

[0589] (Example 1)

[0590] Next, we will describe Example 1. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0591] In modern information systems, security risks are becoming increasingly diverse, making their assessment and mitigation more complex. Traditional methods often involve manual processes from information gathering to risk assessment and the development of corrective measures, which are inefficient and prone to human error. Furthermore, detailed risk assessments and countermeasures based on international standards and best practices are required, but this demands a high level of expertise, and many organizations struggle to cope. There is a need to solve these problems and improve the accuracy of security assessments.

[0592] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 1 is realized by the following means.

[0593] This invention includes a server that automatically collects data from information sources, analyzes the collected data using natural language processing technology to automatically generate security check items, calculates a risk score based on international standards, and generates a report with an AI agent that proposes improvement measures based on the results. This makes it possible to automatically perform highly accurate security assessments and formulate improvement measures without requiring advanced expertise.

[0594] An "information processing device" is an electronic device equipped with functions to automatically collect, analyze, and evaluate data.

[0595] "Data" refers to a collection of information related to a system or service, obtained from various sources.

[0596] "Natural language processing technology" is a technology that enables computers to understand, analyze, and generate human language.

[0597] "Security check items" are specific elements or conditions that need to be examined in order to evaluate the security of an information system.

[0598] A "risk score" is a quantitative representation of the security risk level of an information system, calculated based on collected and analyzed data.

[0599] "International standards" refer to standard criteria for evaluation based on international standards and guidelines related to security.

[0600] An "AI agent" is a software program that uses artificial intelligence technology to automatically perform specific tasks.

[0601] "Improvement measures" are specific actions or processes proposed to reduce or eliminate identified risks.

[0602] A "report" is a document that includes details of the assessed security risks and proposed countermeasures.

[0603] This invention aims to automatically evaluate the security of an information system using an information processing device and propose necessary improvement measures. Specific embodiments for carrying out this invention are described below.

[0604] The main components of the system are servers, terminals, and users.

[0605] The server's primary role is to automatically collect data related to the target information system or service. Specifically, it can obtain log data and configuration information using API calls, or collect publicly available documents using web scraping techniques. The collected data is stored on the server and prepared for further processing.

[0606] Next, the server analyzes the collected data using natural language processing technology. This analysis extracts security-related information from the data and generates security check items. For example, it analyzes the security settings of a cloud storage service to identify vulnerabilities and areas for improvement.

[0607] Based on the analysis results, the server assesses the risk level and calculates a risk score. This assessment process takes into account international standards and configurable threshold values. Depending on the assessed risk level, the server uses an AI agent to suggest improvement measures to the user. These suggestions may include recommendations for specific configuration changes or updates.

[0608] Finally, the server generates and provides the user with a report based on the overall assessment results. This report includes a detailed risk assessment and improvement measures, which the user can use to develop a security strategy for their own system.

[0609] As a concrete example, when a server performs a security assessment of a company's cloud service, it first obtains security configuration data via an API, and then analyzes it using natural language processing. Based on the analysis results, the user is presented with specific improvement suggestions, such as "implementing two-factor authentication" or "revising data encryption protocols."

[0610] An example of an input prompt for a generating AI model might be: "Evaluate the security risks of the cloud service and propose improvements. Show which settings are effective in reducing the risks."

[0611] The flow of the specific processing in Example 1 will be explained using Figure 11.

[0612] Step 1:

[0613] The server automatically collects data from its sources. In this step, it uses API calls to retrieve log data and configuration information from the target system and employs web scraping techniques to collect publicly available documents. The input consists of publicly available information and log data, which the server uses to aggregate information and prepare for subsequent analysis. The output is the collected raw data, which is used in the subsequent analysis steps.

[0614] Step 2:

[0615] The server uses natural language processing techniques to analyze the collected data. The input here is the raw data collected in the previous step. Specifically, the server tokenizes the text data and extracts security-related keywords. For example, it extracts important terms such as "vulnerability," "authentication," and "encryption." The output is the analyzed information, which is used in the subsequent risk assessment step.

[0616] Step 3:

[0617] The server evaluates the risk level based on the analysis results and calculates a risk score. The input is the data analyzed in the previous step, and the output is the risk level and risk score. Specifically, the server refers to international standards and set baseline values ​​and performs a numerical risk assessment accordingly. In this process, the risk is scored for each security item.

[0618] Step 4:

[0619] The server uses an AI agent to generate improvement suggestions and present them to the user. The input is the risk score calculated in step 3, and the output is specific improvement measures and recommendations. The AI ​​agent creates the optimal improvement suggestions by referring to past data and best practices. For example, it may issue specific recommendations such as "upgrade the system version" or "strengthen security settings."

[0620] Step 5:

[0621] The user implements specific security measures based on improvement suggestions provided by the server. The input is the server's report and improvement suggestions, and the output is the enhanced security status. The user takes specific actions, such as changing system settings or installing new security software, to apply the recommended measures.

[0622] (Application Example 1)

[0623] Next, we will explain Application Example 1. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0624] In today's digital society, there is a need to comprehensively and efficiently manage the security risks of the diverse digital devices and services used by individuals and businesses. However, current manual methods and management through individual applications make it difficult to quickly grasp the overall picture of risks and implement appropriate countermeasures. On the other hand, deficiencies in these security measures can lead to data breaches and privacy violations, potentially causing significant damage. To address these challenges, there is a need for a system that can perform rapid and accurate security assessments and propose countermeasures using automated methods.

[0625] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 1 is realized by the following means.

[0626] In this invention, the server includes means for automatically collecting data from target digital resources using an information processing device, means for analyzing the collected data and automatically filling in an evaluation sheet for security assessment, and means for evaluating risk indicators based on the analyzed data and calculating a risk score. This enables users to quickly grasp the security risks of their digital environment and review and implement appropriate improvement measures.

[0627] An "information processing device" is a computer system that handles digital information and performs data collection, analysis, evaluation, and presentation.

[0628] "Digital resources" refer to data and services managed within an environment that utilizes information technology, including networks, applications, and cloud services.

[0629] "Automated data collection" refers to the process of collecting information by a system based on pre-set conditions, without user intervention.

[0630] "Analysis" is the process of evaluating collected data and extracting and interpreting information according to a specific purpose.

[0631] An "evaluation sheet" is a document that organizes and visualizes security-related information based on the results of data analysis.

[0632] A "risk indicator" is a numerical value or standard used to quantitatively show the degree and nature of security risks.

[0633] A "risk score" is a numerical value calculated based on risk indicators, and it indicates the level of potential security risk.

[0634] "Review" is the process of scrutinizing and evaluating the proposed security improvements.

[0635] The system implementing this invention is centered around an information processing device, with a server, terminals, and users collaborating to conduct security assessments. The server first automatically collects necessary data from digital resources such as networks, applications, and cloud services using API calls and web scraping techniques. The collected data is analyzed using natural language processing technology running on the server to extract security-related information.

[0636] The server then evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, it uses configurable baseline indicators to ensure an objective and standardized evaluation. The evaluation results are automatically recorded as an evaluation sheet on the user's general-purpose computer.

[0637] Users review the provided evaluation sheet and revise their security strategy based on the improvement measures suggested by the server. For example, if a new location-based access is detected in a social networking application in the user's digital environment, the server assesses the risk and suggests restricting location-based access. This allows users to take swift action.

[0638] This system utilizes smartphone applications built with Swift or Java on the client side, APIs using Python and Flask / Django on the server side, and spaCy for data analysis. It also includes data processing using AWS Lambda and data storage using Amazon S3 as cloud infrastructure. Overall, it is a system capable of quickly analyzing risks in a user's digital environment and providing concrete improvement measures.

[0639] An example of a prompt message is: "Given the latest software update data, identify any changes in security policies and evaluate associated risks. Suggest relevant actions to enhance security compliance."

[0640] The flow of a specific process in Application Example 1 will be explained using Figure 12.

[0641] Step 1:

[0642] The server collects data from digital resources. Specifically, it uses API calls and web scraping techniques to obtain publicly available information from various systems and services. The input consists of the URLs and API endpoints of the target digital resources, and the output is the raw data extracted from them.

[0643] Step 2:

[0644] The server analyzes the collected data. Using natural language processing techniques, it extracts security-related information from the data. For example, it identifies changes in security policies and risk factors within the collected data. The input is the raw data collected in step 1, and the output is the analyzed information.

[0645] Step 3:

[0646] The server evaluates risk indicators based on the analyzed information and calculates a risk score. In this process, data calculations are performed based on the established baseline indicators, and the risk level is quantified. The input is the analysis result from step 2, and the output is the risk score.

[0647] Step 4:

[0648] The server generates improvement measures based on the evaluation results and presents them to the user. Using a generative AI model, it proposes specific improvement plans based on best practices. The risk score from step 3 is used as input, and improvement plans are generated as output.

[0649] Step 5:

[0650] The user uses a terminal to review the evaluation sheet and improvement suggestions provided by the server. The user considers specific security proposals and changes system settings as needed. The input is the improvement suggestions from step 4, and the output is the user's actions.

[0651] Furthermore, an emotion engine that estimates the user's emotions may be incorporated. That is, the identification processing unit 290 may use the emotion identification model 59 to estimate the user's emotions and perform identification processing using the user's emotions.

[0652] This invention provides a security solution that takes user emotions into account by combining an emotion engine with a security evaluation system using an information processing device. This system automatically collects and analyzes data from information sources and performs security checks. During this process, it recognizes the user's emotional state and reflects that information in the analysis and suggestion of improvement measures.

[0653] When a user accesses the server, it uses an emotion engine to recognize the user's emotions. This process involves analyzing video and audio inputs, identifying emotions by analyzing the user's facial expressions and tone of voice. Based on this emotional state, the server adjusts the analysis results of the collected data to provide the user with the most effective improvement measures.

[0654] In particular, when evaluation results or improvement measures are deemed important and urgent for the user, communication methods that take emotional data into account are employed. For example, if it is detected that the user is feeling anxious, the server will present a message in a polite and calm tone to reassure the user.

[0655] The device dynamically adjusts the interface based on collected emotional data, providing an intuitive and user-friendly interface. This dynamic adjustment of the interface can improve the user experience.

[0656] Sentimental information is also taken into consideration when generating reports. Visuals and language choices are adjusted to make it easier for users to understand risks and areas for improvement, and further details are provided as needed, allowing for flexible responses tailored to user needs.

[0657] Thus, in embodiments based on the present invention, by integrating an emotion engine, the user's psychological state can be taken into consideration, enabling more effective implementation of security solutions. As a result, improved user experience and enhanced system security efficiency are achieved.

[0658] The following describes the processing flow.

[0659] Step 1:

[0660] The server recognizes the user's emotions using its built-in emotion engine when the user logs into the system. This process analyzes the user's camera footage and microphone audio to estimate their emotions from their facial expressions and tone of voice.

[0661] Step 2:

[0662] The server automatically collects data from target sources, taking into account sentiment data obtained by the sentiment engine. It effectively obtains security-related data using API calls and scraping techniques.

[0663] Step 3:

[0664] The server analyzes the collected data and automatically fills in a security checklist. During this process, natural language processing technology is used to adjust the analysis results based on sentiment data, ensuring that information is presented in a way that respects the user's emotions.

[0665] Step 4:

[0666] The server performs a risk assessment based on the analyzed data and calculates the risk level and risk score. Taking into account configurable thresholds and international standards, it provides the results in a format optimized for the user based on sentiment data.

[0667] Step 5:

[0668] The server, including the AI ​​agent, presents improvement suggestions to the user based on the risk assessment results. Here, customized messages reflecting the recognized emotional state are used to present improvement measures in a specific and easy-to-understand manner.

[0669] Step 6:

[0670] The device generates an interface that is appropriate to the user's emotions and helps the user to readily accept suggestions for improvement. This improves the user's experience.

[0671] Step 7:

[0672] The server generates and provides a report to the user that reflects the evaluation results and improvement suggestions. It uses sentiment information to adjust the report's content, helping users better understand the risks and suggestions.

[0673] (Example 2)

[0674] Next, we will describe Example 2. In the following description, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0675] Traditional security systems, while providing risk assessments and improvement suggestions based on data analysis, often executed specified procedures without considering the user's emotional state. This resulted in problems such as security assessments and improvement measures being difficult for users to understand or causing psychological burden. This could potentially reduce the user experience and the efficiency of the system's security.

[0676] The identification process performed by the identification processing unit 290 of the data processing device 12 in Example 2 is realized by the following means.

[0677] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for analyzing the collected data and automatically filling in a checklist for security evaluation, and means for analyzing the user's emotions and providing the user with effective improvement measures using generative AI technology. This makes it possible to provide security solutions that take the user's emotional state into account, improving both user experience and security efficiency.

[0678] "Information processing equipment" refers to all devices, including computer systems and software, used to collect, analyze, and evaluate data.

[0679] "Automated data collection" refers to the process of acquiring data from specific sources without requiring manual intervention.

[0680] A "security assessment checklist" refers to a document format used to evaluate the security situation based on data analysis results and identify areas for improvement.

[0681] "Risk level" refers to an indicator that numerically or qualitatively assesses the degree of security risk associated with a particular situation or data.

[0682] "Analyzing user emotions" refers to the process of analyzing users' facial expressions and tone of voice to understand their psychological state.

[0683] "Generative AI technology" refers to technology that uses artificial intelligence to automatically generate content and improvement suggestions based on specific conditions and inputs.

[0684] "User interface" refers to the screen configuration and design that provides the display methods and means of operation for users to interact with the system.

[0685] This invention provides a new security solution that takes user emotions into consideration in a security evaluation system using an information processing device. The main components of the system include a server, a terminal, and a user.

[0686] The server first automatically collects data from its sources. This process uses automated scripts and programs to target publicly available information on the internet and internal corporate log data. Next, the server uses natural language processing techniques to analyze the collected data. This allows for efficient identification of security risks and calculation of risk scores.

[0687] To recognize user emotions, the server uses an emotion engine. This engine includes algorithms that analyze facial expression data and voice tone acquired through video cameras and microphones. If the user is feeling anxious, this information is input into a generative AI model, which then generates security improvements based on the user's psychological state.

[0688] As a concrete example, when a user is concerned about the security of the system, the server generates and provides a message such as, "All data is securely protected and constantly monitored." This is text generated by a generative AI model, which is driven by a prompt such as, "Generate a message that will reassure the user when they are feeling uneasy."

[0689] The device dynamically adjusts the user interface based on emotional data to ensure the user receives the optimal interaction. For example, if the device determines that the user is relaxed, the colors and interface movements are adjusted to maintain that relaxed state.

[0690] As described above, by incorporating user emotional states into security solutions, we can improve the user experience and enhance the security efficiency of the system.

[0691] The flow of the specific processing in Example 2 will be explained using Figure 13.

[0692] Step 1:

[0693] The server automatically collects data from the target information source. The input is the information source (e.g., website, log file), and a data collection script is executed based on this input. Specifically, the server retrieves data by making API requests or performing web scraping through the program, and outputs the collected dataset.

[0694] Step 2:

[0695] The server analyzes the collected data and automatically creates a checklist for security assessment. The data collected in Step 1 is used as input, and natural language processing techniques are used to extract security elements from the data. Specifically, the server performs text analysis using a machine learning model, summarizes assessment items based on risk factors and detected threats, and outputs them as analysis results.

[0696] Step 3:

[0697] When a user accesses the system, the server uses an emotion engine to recognize the user's emotions. The input includes the user's video and audio data, and based on this, facial expression analysis algorithms and voice analysis algorithms are applied. Specifically, the server analyzes facial feature points and voice pitch and outputs the detected emotional state.

[0698] Step 4:

[0699] The server, while considering the user's emotional state, uses a generative AI model to suggest effective improvement measures. The analysis results from step 2 and the emotion recognition data from step 3 are used as input, and prompt sentences are sent to the generative AI. Specifically, the server generates prompts, performs procedures to generate messages necessary for improvement, and outputs customized improvement suggestions to be provided to the user.

[0700] Step 5:

[0701] The device dynamically adjusts the user interface based on emotion data and improvement suggestions received from the server. Input includes emotion recognition results and generated improvement messages, which are used to modify user interface elements (color, layout). Specifically, the device automatically changes UI design settings to provide an intuitive user experience while considering the user's psychological state, outputting an easily understandable interface.

[0702] (Application Example 2)

[0703] Next, we will explain application example 2. In the following explanation, the data processing device 12 will be referred to as the "server" and the robot 414 as the "terminal".

[0704] Traditional security evaluation systems often presented mechanical evaluation results without considering the user's emotional state. This could lead to users experiencing stress, anxiety, and discomfort, resulting in a decreased acceptance of security solutions. Furthermore, presenting information without considering the user's psychological state can hinder information transmission and understanding of improvement measures.

[0705] The specific processing performed by the specific processing unit 290 of the data processing device 12 in Application Example 2 is realized by the following means.

[0706] In this invention, the server includes means for automatically collecting data from a target information source using an information processing device, means for recognizing the user's emotional state and adjusting the analysis results based on the recognition results, and means for suggesting and reporting improvement measures based on the adjusted analysis results. This makes it possible to provide security solutions that take the user's emotional state into consideration.

[0707] An "information processing device" is an electronic device used for the automatic collection, analysis, and evaluation of data.

[0708] "Emotional state" refers to the psychological emotional state of the user, and is perceived from facial expressions and tone of voice.

[0709] "Analysis results" refer to the evaluation and analysis results obtained based on the collected data.

[0710] "Improvement measures" refer to countermeasures and measures proposed based on security assessments.

[0711] "Adjustment" refers to optimizing the acquired data and analysis results based on the user's emotional state.

[0712] "Reporting" refers to notifying or explaining to users about evaluations and improvement measures.

[0713] The system that realizes this invention will be built as an application that runs on a smartphone. First, the server uses the smartphone's front camera and microphone to capture the user's facial expressions and voice in real time and collect data. For this data collection, OpenCV or other facial recognition engines are used, and IBM Watson Tone Analyzer or similar tools are used to analyze the user's emotional state from their facial expressions and voice tone.

[0714] Subsequently, the server analyzes the collected data to identify the user's emotional state. Based on the recognized emotional state, the server generates and presents adjusted security analysis results to the user. During this process, the user interface is dynamically adjusted according to the emotional state, allowing the user to operate the interface with confidence.

[0715] For example, when a user attempts to access a website, a smartphone app analyzes the user's facial expression. If the app determines that the user is feeling anxious, the server uses this information to soften the tone of the security warning. The warning message uses simple and direct language, and provides further guidance and information as needed.

[0716] A prompt for effectively using the AI ​​model is: "Generate security notifications based on the user's emotional state. If the user is feeling anxious, the notification should use a gentle tone and provide detailed information." Based on this prompt, the AI ​​model analyzes complex emotional data and develops an approach to provide a more effective user experience.

[0717] The flow of a specific process in Application Example 2 will be explained using Figure 14.

[0718] Step 1:

[0719] The user launches the app. The smartphone's front camera and microphone are activated, and the capture of the user's facial expressions and audio data begins. The server then receives the facial image data and audio data as input.

[0720] Step 2:

[0721] The server performs face recognition using facial image data. OpenCV is used for this process to extract facial features and input them into an emotion analysis engine. The output is metadata indicating the emotional state.

[0722] Step 3:

[0723] The server analyzes the audio data and identifies the tone of voice. IBM Watson Tone Analyzer is used for this process, inferring emotional states from the voice characteristics. The output generates metadata of the emotional state based on the voice.

[0724] Step 4:

[0725] The server integrates the metadata obtained in steps 2 and 3 to determine the final emotional state. This integration allows for a more accurate emotional assessment by combining information on facial expressions and tone of voice.

[0726] Step 5:

[0727] The server adjusts security analysis results based on the user's emotional state and generates a message to present to the user. The input consists of existing security analysis data and the user's final emotional state, and the output is an adjusted security notification message.

[0728] Step 6:

[0729] The device displays security notifications tailored to the user. The user interface dynamically changes according to the user's emotional state, adjusting the tone and content of messages to improve user experience. The output is a notification screen that the user can intuitively operate.

[0730] Step 7:

[0731] The user reviews the security notification and selects an action. The selected action is sent back to the server, and additional instructions or guidance are output as needed.

[0732] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0733] Data generation model 58 is a type of so-called generative AI (Artificial Intelligence). One example of data generation model 58 is ChatGPT (Internet search<URL: https: / / openai.com / blog / chatgpt> ), Gemini (Internet search) <url: https: gemini.google.com ?hl="ja">Examples of generative AI include the following. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images. The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference results in data formats such as audio data and text data. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization.

[0734] In the above embodiment, an example was given in which specific processing is performed by the data processing device 12, but the technology of this disclosure is not limited thereto, and the specific processing may also be performed by the robot 414.

[0735] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.

[0736] Figure 9 shows an emotion map 400 in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.

[0737] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.

[0738] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.

[0739] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, motorcycles, etc., emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated, for example, based on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.

[0740] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."

[0741] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values ​​representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values ​​representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.

[0742] The above description primarily focuses on the functions of the data processing device 12 in relation to this disclosure. However, the system related to this disclosure is not necessarily implemented on a server. The system related to this disclosure may be implemented as a general information processing system. This disclosure may be implemented, for example, as a software program that runs on a personal computer or as an application that runs on a smartphone. The method related to this disclosure may be provided to users in SaaS (Software as a Service) format.

[0743] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing of the specific process may be performed by multiple computers, including computer 22. For example, a data generation model 58 may be provided in an external device of the data processing device 12, and the external device may generate data according to the input data.

[0744] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.

[0745] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.

[0746] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.

[0747] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.

[0748] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.

[0749] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.

[0750] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.

[0751] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and the like that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.

[0752] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.

[0753] The following is further disclosed regarding the embodiments described above.

[0754] (Claim 1)

[0755] The information processing device provides a means for automatically collecting data from the target information source,

[0756] A means of analyzing the collected data and automatically filling out a checklist for security assessment,

[0757] A means for evaluating the risk level and calculating a risk score based on the analyzed data,

[0758] A means of proposing and reporting improvement measures based on the evaluation results,

[0759] A system that includes this.

[0760] (Claim 2)

[0761] The system according to claim 1, characterized in that the information processing device performs data analysis based on information collection using natural language processing technology.

[0762] (Claim 3)

[0763] The system according to claim 1, characterized in that it performs a risk level assessment based on a configurable reference value.

[0764] "Example 1"

[0765] (Claim 1)

[0766] The information processing device provides a means for automatically collecting data from a target information source,

[0767] A means of analyzing collected data and automatically generating checklist items for security evaluation using natural language processing technology,

[0768] A means of evaluating risk levels based on analyzed data and calculating a risk score based on international standards and configurable threshold values,

[0769] A means of generating improvement measures and a report using a generated AI agent based on the evaluation results,

[0770] A system that includes this.

[0771] (Claim 2)

[0772] The system according to claim 1, characterized in that the information processing device scores each risk item based on the results of the analyzed data and calculates a numerically defined risk level.

[0773] (Claim 3)

[0774] The system according to claim 1, characterized in that the automatically generated improvement measures are based on past information and best practices, and that the system presents the user with measures to mitigate risks.

[0775] "Application Example 1"

[0776] (Claim 1)

[0777] The information processing device provides a means for automatically collecting data from the target digital resources,

[0778] A means of analyzing the collected data and automatically filling out an evaluation form for security assessment,

[0779] A means for evaluating risk indicators based on analyzed data and calculating a risk score,

[0780] A means of proposing improvement measures and generating a detailed report based on the evaluation results,

[0781] A means for verifying evaluation results on a general-purpose computer used by the user and reviewing improvement measures,

[0782] A system that includes this.

[0783] (Claim 2)

[0784] The system according to claim 1, characterized in that the information processing device performs analysis of collected data using language processing technology.

[0785] (Claim 3)

[0786] The system according to claim 1, characterized in that it evaluates risk indicators based on configurable standard indicators.

[0787] "Example 2 of combining an emotion engine"

[0788] (Claim 1)

[0789] The information processing device provides a means for automatically collecting data from the target information source,

[0790] A means of analyzing the collected data and automatically filling out a checklist for security assessment,

[0791] A means for evaluating the risk level and calculating a risk score based on the analyzed data,

[0792] A means of proposing and reporting improvement measures based on the evaluation results,

[0793] A means of analyzing user emotions and providing effective improvement measures to users using generative AI technology,

[0794] A means for dynamically adjusting the user interface based on emotion recognition results,

[0795] A system that includes this.

[0796] (Claim 2)

[0797] The system according to claim 1, characterized in that the information processing device performs data analysis based on information collection using natural language processing technology.

[0798] (Claim 3)

[0799] The system according to claim 1, characterized in that it performs a risk level assessment based on a configurable reference value.

[0800] "Application example 2 when combining with an emotional engine"

[0801] (Claim 1)

[0802] The information processing device provides a means for automatically collecting data from the target information source,

[0803] A means of analyzing the collected data and automatically filling in the checklist for security evaluation,

[0804] A means for evaluating the degree of risk based on the analyzed data and calculating an evaluation index,

[0805] A means for recognizing the emotional state of the user and adjusting the analysis results based on that recognition,

[0806] A means of proposing and reporting improvement measures based on the adjusted analysis results,

[0807] A system that includes this.

[0808] (Claim 2)

[0809] The system according to claim 1, characterized in that the information processing device performs data analysis based on information collection using natural language processing technology.

[0810] (Claim 3)

[0811] The system according to claim 1, characterized in that it evaluates the degree of risk based on a configurable standard value and adjusts the evaluation in consideration of the user's emotional state. [Explanation of Symbols]

[0812] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots< / url:> < / url:> < / url:> < / url:>

Claims

1. The information processing device provides a means for automatically collecting data from the target digital resources, A means of analyzing the collected data and automatically filling out an evaluation form for security assessment, A means for evaluating risk indicators based on analyzed data and calculating a risk score, A means of proposing improvement measures and generating a detailed report based on the evaluation results, A means for verifying evaluation results on a general-purpose computer used by the user and reviewing improvement measures, A system that includes this.

2. The system according to claim 1, characterized in that the information processing device performs analysis of collected data using language processing technology.

3. The system according to claim 1, characterized in that it evaluates risk indicators based on configurable standard indicators.