system

The system automates security incident responses in SMEs using generative AI to propose countermeasures, guide stakeholders, and learn from past incidents, addressing the challenge of insufficient security measures and knowledge.

JP2026106968APending Publication Date: 2026-06-30SOFTBANK GROUP CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
SOFTBANK GROUP CORP
Filing Date
2024-12-18
Publication Date
2026-06-30

Smart Images

  • Figure 2026106968000001_ABST
    Figure 2026106968000001_ABST
Patent Text Reader

Abstract

The system according to this embodiment aims to automate a calm and appropriate response in the event of a security incident. [Solution] The system according to the embodiment comprises a proposal unit, a guide unit, a learning unit, a notification unit, and an identification unit. The proposal unit proposes the optimal countermeasure according to the type and circumstances of the security incident. The guide unit guides the relevant parties through specific procedures based on the countermeasure proposed by the proposal unit. The learning unit learns from past incident data to provide future threat predictions and countermeasures for improvement. The notification unit notifies the user when an incident occurs. The identification unit identifies the scope of impact of the incident.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The technology of the present disclosure relates to a system.

Background Art

[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, and includes steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a character of the chatbot, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance in response to the user utterance.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] In the conventional technology, there is a problem that it is difficult for small and medium-sized enterprises to take sufficient security measures and they cannot respond calmly and accurately when an incident occurs.

[0005] The system according to the embodiment aims to automate calm and accurate responses when a security incident occurs.

Means for Solving the Problems

[0006] The system according to this embodiment comprises a proposal unit, a guide unit, a learning unit, a notification unit, and an identification unit. The proposal unit proposes the optimal countermeasure according to the type and circumstances of the security incident. The guide unit guides the relevant parties through specific procedures based on the countermeasure proposed by the proposal unit. The learning unit learns from past incident data to provide future threat predictions and countermeasures for improvement. The notification unit notifies the user when an incident occurs. The identification unit identifies the scope of impact of the incident. [Effects of the Invention]

[0007] The system according to this embodiment can automate a calm and accurate response when a security incident occurs. [Brief explanation of the drawing]

[0008] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10]This shows an emotion map where multiple emotions are mapped. [Modes for carrying out the invention]

[0009] Hereinafter, an example of an embodiment of the system relating to the technology of this disclosure will be described with reference to the attached drawings.

[0010] First, let's explain the terminology used in the following explanation.

[0011] In the following embodiments, the signed processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of multiple arithmetic units. Furthermore, the processor may be a single type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include CPU (Central Processing Unit), GPU (Graphics Processing Unit), GPGPU (General-Purpose computing on Graphics Processing Units), APU (Accelerated Processing Unit), or TPU (Tensor Processing Unit).

[0012] In the following embodiments, signed RAM (Random Access Memory) is a memory that temporarily stores information and is used as work memory by the processor.

[0013] In the following embodiments, the signed storage is one or more non-volatile storage devices that store various programs and various parameters. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes.

[0014] In the following embodiments, the labeled communication I / F (Interface) is an interface including a communication processor, an antenna, etc. The communication I / F controls communication between multiple computers. Examples of communication standards applicable to the communication I / F include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).

[0015] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B". That is, "A and / or B" means that it may be only A, only B, or a combination of A and B. Also, in this specification, when expressing three or more matters connected by "and / or", the same concept as "A and / or B" is applied.

[0016] [First Embodiment] FIG. 1 shows an example of the configuration of a data processing system 10 according to the first embodiment.

[0017] As shown in FIG. 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.

[0018] The data processing device 12 includes a computer 22, a database 24, and a communication I / F 26. The computer 22 includes a processor 28, a RAM 30, and a storage 32. The processor 28, the RAM 30, and the storage 32 are connected to a bus 34. Also, the database 24 and the communication I / F 26 are connected to the bus 34. The communication I / F 26 is connected to a network 54. Examples of the network 54 include a WAN (Wide Area Network) and / or a LAN (Local Area Network).

[0019] The smart device 14 comprises a computer 36, a reception device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The reception device 38, output device 40, and camera 42 are also connected to the bus 52.

[0020] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, and accepts user input. The touch panel 38A accepts user input via touch by detecting contact with an object (e.g., a pen or finger). The microphone 38B accepts user input via voice by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 (see Figure 2) acquires the data indicating the user input.

[0021] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user by outputting the data in a form perceptible to the user (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.

[0022] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.

[0023] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.

[0024] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.

[0025] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.

[0026] In the smart device 14, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The specific processing program 60 is used in conjunction with the specific processing program 56 by the data processing system 10. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 operating as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart device 14 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.

[0027] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device (e.g., a generation server) may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device having the data generation model 58. The data processing device 12 may also be a server device or a terminal device owned by a user (e.g., a mobile phone, robot, home appliance, etc.). Next, an example of processing by the data processing system 10 according to the first embodiment will be described.

[0028] (Example of form 1) The security incident initial response system according to an embodiment of the present invention is a system that utilizes generative AI to automate the initial response to security incidents in small and medium-sized enterprises (SMEs). This system was developed to solve the problem that SMEs often have insufficient security measures and lack specialized knowledge and personnel, making it difficult to take appropriate initial action when a security incident occurs. The security incident initial response system utilizes generative AI to automate the initial response to security incidents, enabling a rapid and accurate response. For example, when a security incident occurs, the generative AI proposes the optimal response measures according to the type and circumstances of the incident. For example, if a phishing attack is detected, the generative AI immediately notifies the user, identifies the scope of impact, and proposes countermeasures such as temporarily suspending related accounts. Next, the generative AI guides the relevant parties through specific procedures based on the proposed countermeasures. This allows the relevant parties to respond calmly and accurately. Furthermore, the generative AI learns from past incident data and provides future threat predictions and improvement measures for responses. This enables continuous improvement of security measures. For example, by learning from past phishing attack data, it becomes possible to respond more quickly and effectively when similar attacks occur in the future. By implementing this system, small and medium-sized enterprises (SMEs) can respond quickly and accurately to security incidents, minimize security risks, and build a safe and reliable business environment. Furthermore, automation of manual tasks reduces operational costs while improving the quality of responses. Continuous improvement based on feedback from AI-generated data ensures optimal incident response at all times. In summary, this security incident initial response system enables SMEs to respond quickly and accurately to security incidents.

[0029] The security incident initial response system according to the embodiment comprises a proposal unit, a guide unit, a learning unit, a notification unit, and a specification unit. The proposal unit proposes the optimal response measures according to the type and circumstances of the security incident. The proposal unit proposes the optimal response measures according to the type and circumstances of the incident, for example, using a generation AI. For example, if a phishing attack is detected, the proposal unit proposes response measures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. For example, the proposal unit proposes that the generation AI detects a phishing attack, notifies the user, identifies the scope of impact, and temporarily suspends related accounts. Some or all of the above processing in the proposal unit may be performed using the generation AI or without the generation AI. The guide unit guides the relevant parties through specific procedures based on the response measures proposed by the proposal unit. The guide unit guides the relevant parties through specific procedures based on the proposed response measures, for example, using a generation AI. For example, the guide unit guides the relevant parties through specific procedures based on the proposed response measures, using the generation AI. Some or all of the above-described processes in the guidance unit may be performed using or without a generation AI. The learning unit learns from past incident data to provide future threat predictions and improved response measures. The learning unit, for example, uses a generation AI to learn from past incident data to provide future threat predictions and improved response measures. For example, the learning unit allows the generation AI to learn from past phishing attack data so that it can respond more quickly and effectively when similar attacks occur in the future. Some or all of the above-described processes in the learning unit may be performed using or without a generation AI. The notification unit notifies the user when an incident occurs. The notification unit, for example, uses a generation AI to notify the user when an incident occurs. For example, the notification unit uses a generation AI to immediately notify the user when an incident occurs. Some or all of the above-described processes in the notification unit may be performed using or without a generation AI. The identification unit identifies the scope of the incident's impact. The identification unit, for example, uses a generation AI to identify the scope of the incident's impact. For example, the identification unit uses a generation AI to identify the scope of the incident's impact.Some or all of the above-described processing in the specific section may be performed using a generation AI, or it may be performed without using a generation AI. As a result, the security incident initial response system according to the embodiment can automate the initial response when a security incident occurs, enabling a rapid and accurate response.

[0030] The proposal department proposes the most appropriate countermeasures based on the type and circumstances of the security incident. For example, the proposal department uses generative AI to propose the most appropriate countermeasures based on the type and circumstances of the incident. Specifically, the generative AI identifies the type of incident (e.g., phishing attack, malware infection, DDoS attack, etc.) and generates the most appropriate countermeasure for each incident. For example, if a phishing attack is detected, the generative AI proposes countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. The generative AI learns from past incident data and existing security guidelines to build a knowledge base for generating the most appropriate countermeasures. This allows the proposal department to provide quick and accurate countermeasures. Furthermore, the proposal department can present the countermeasures proposed by the generative AI to stakeholders and seek human judgment as needed. This allows the proposal department to provide more reliable countermeasures by combining the automated proposals of the generative AI with human judgment. Some or all of the above-described processes in the proposal department may be performed using generative AI or not.

[0031] The Guidance Department guides stakeholders through specific procedures based on the countermeasures proposed by the Proposal Department. The Guidance Department uses, for example, generative AI to guide stakeholders through specific procedures based on the proposed countermeasures. Specifically, the generative AI presents specific procedures to stakeholders based on the proposed countermeasures. For example, if a phishing attack is detected, the generative AI guides users on how to delete phishing emails and how to change their passwords. It also provides specific guidance on identifying the scope of impact and suspending related accounts. The generative AI can present procedures in a format that stakeholders can easily understand using natural language processing technology. This allows the Guidance Department to help stakeholders implement countermeasures quickly and accurately. Furthermore, the Guidance Department has multiple means of notifying stakeholders of the procedures provided by the generative AI. For example, procedures can be notified via email, SMS, chat applications, etc. This allows the Guidance Department to enable stakeholders to quickly receive and implement the procedures. Some or all of the above-described processes in the Guidance Department may be performed using the generative AI or not.

[0032] The learning unit learns from past incident data to provide future threat predictions and improved response measures. Specifically, the learning unit uses, for example, generative AI to learn from past incident data and provide future threat predictions and improved response measures. The generative AI analyzes past incident data to identify incident occurrence patterns and trends. This allows for prediction of the likelihood of similar incidents occurring in the future and enables proactive countermeasures. For example, the generative AI learns from past phishing attack data to enable a faster and more effective response when similar attacks occur in the future. Furthermore, the generative AI can evaluate the effectiveness of past countermeasures and identify areas for improvement. This allows the learning unit to improve the accuracy and effectiveness of future countermeasures. Some or all of the above processing in the learning unit may be performed using generative AI or without generative AI.

[0033] The notification unit notifies users when an incident occurs. The notification unit uses, for example, a generative AI to notify users when an incident occurs. Specifically, the generative AI identifies the type and scope of the incident and provides appropriate notifications to users. For example, if a phishing attack is detected, the generative AI will notify users on how to delete phishing emails and how to change their passwords. Furthermore, by quickly notifying users before the scope of the impact expands, damage can be minimized. The notification unit has multiple notification methods, such as email, SMS, and chat applications, to ensure that users receive notifications quickly. This allows the notification unit to provide users with quick and accurate notifications when an incident occurs, minimizing damage. Some or all of the above-described processes in the notification unit may be performed using a generative AI, or they may be performed without using a generative AI.

[0034] The identification unit identifies the scope of the incident's impact. The identification unit uses, for example, generative AI to identify the scope of the incident's impact. Specifically, the generative AI identifies the source of the incident and the affected systems and data. For example, if a phishing attack is detected, the generative AI can identify affected user accounts and systems and take swift countermeasures. The generative AI analyzes past incident data and real-time system logs to build a knowledge base for identifying the scope of impact. This allows the identification unit to quickly and accurately identify the scope of impact and take appropriate countermeasures. Furthermore, the identification unit can notify relevant parties of the scope of impact identified by the generative AI to support a rapid response. Some or all of the above-described processes in the identification unit may be performed using the generative AI or not. This allows the identification unit to quickly and accurately identify the scope of the incident's impact and minimize damage.

[0035] The notification unit can immediately notify the user when an incident occurs. The notification unit can, for example, immediately notify the user when an incident occurs. The notification unit can, for example, use a generation AI to immediately notify the user when an incident occurs. The notification unit can, for example, notify the user by email when an incident occurs. The notification unit can, for example, notify the user by SMS when an incident occurs. The notification unit can, for example, send a push notification to the user when an incident occurs. This allows the notification unit to expedite the initial response by quickly notifying the user when an incident occurs. Some or all of the above processing in the notification unit may be performed using a generation AI, or may not be performed using a generation AI.

[0036] The identification unit can identify the scope of impact of an incident. The identification unit can, for example, identify the scope of impact of an incident. The identification unit can, for example, identify the scope of impact of an incident using a generation AI. The identification unit can, for example, identify the scope of impact of an incident by analyzing network logs. The identification unit can, for example, identify the scope of impact of an incident by analyzing system logs. The identification unit can, for example, identify the scope of impact of an incident by analyzing user activity logs. By doing so, the identification unit can take appropriate countermeasures by identifying the scope of impact of an incident. Some or all of the above-described processes in the identification unit may be performed using a generation AI, or they may be performed without using a generation AI.

[0037] The proposal unit can propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts if a phishing attack is detected. For example, the proposal unit proposes notifying users, identifying the scope of impact, and temporarily suspending related accounts if a phishing attack is detected. For example, the proposal unit can use generative AI to propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts if a phishing attack is detected. For example, the proposal unit proposes that generative AI detects a phishing attack, notifies users, identifies the scope of impact, and temporarily suspends related accounts. This allows the proposal unit to propose quick and accurate countermeasures against phishing attacks. Some or all of the above processing in the proposal unit may be performed using generative AI or without using generative AI.

[0038] The guiding unit can guide stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit guides stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit uses generative AI to guide stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit uses generative AI to guide stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit uses generative AI to provide stakeholders with step-by-step instructions based on the proposed countermeasures. For example, the guiding unit uses generative AI to provide stakeholders with visual guidance based on the proposed countermeasures. For example, the guiding unit uses generative AI to provide audio guidance based on the proposed countermeasures. This enables stakeholders to respond calmly and accurately. Some or all of the above-described processes in the guiding unit may be performed using generative AI or without generative AI.

[0039] The learning unit can learn from past incident data and provide improvements to future threat predictions and responses. For example, the learning unit can learn from past incident data and provide improvements to future threat predictions and responses. For example, the learning unit can use generative AI to learn from past incident data and provide improvements to future threat predictions and responses. For example, the learning unit can use generative AI to learn from past phishing attack data, enabling a faster and more effective response when similar attacks occur in the future. For example, the learning unit can use generative AI to learn from past malware infection data, enabling a faster and more effective response when similar infections occur in the future. For example, the learning unit can use generative AI to learn from past data breaches, enabling a faster and more effective response when similar breaches occur in the future. This allows the learning unit to improve future threat predictions and responses by learning from past incident data. Some or all of the above processing in the learning unit may be performed using generative AI, or without using generative AI.

[0040] The proposal unit can propose different countermeasures depending on the type of incident. For example, the proposal unit proposes different countermeasures depending on the type of incident. For example, the proposal unit uses generative AI to propose different countermeasures depending on the type of incident. For example, the proposal unit has generative AI propose different countermeasures depending on the type of incident. For example, if a phishing attack is detected, the proposal unit proposes user notification, identification of the scope of impact, and temporary suspension of related accounts. For example, if a malware infection is detected, the proposal unit proposes isolation of infected terminals, identification of the scope of impact, and implementation of data backups. For example, if a data breach is detected, the proposal unit proposes identification of the leakage route, identification of the scope of impact, and notification to relevant parties. This enables the proposal unit to respond quickly and accurately by proposing appropriate countermeasures according to the type of incident. Some or all of the above processing in the proposal unit may be performed using generative AI or not using generative AI.

[0041] The proposal unit can determine the priority of countermeasures based on the frequency of incident occurrence. The proposal unit, for example, determines the priority of countermeasures based on the frequency of incident occurrence. The proposal unit, for example, uses generative AI to determine the priority of countermeasures based on the frequency of incident occurrence. The proposal unit, for example, uses generative AI to determine the priority of countermeasures based on the frequency of incident occurrence. For example, the proposal unit will propose immediate countermeasures as a priority for frequently occurring phishing attacks. For example, the proposal unit will propose detailed investigation and countermeasures for rarely occurring malware infections. For example, the proposal unit will propose preventive measures and initial response measures for new types of attacks that have never occurred before. In this way, the proposal unit can respond quickly to important incidents by determining the priority of countermeasures based on the frequency of incident occurrence. Some or all of the above processing in the proposal unit may be performed using generative AI or not.

[0042] The proposal department can determine the priority of countermeasures based on the scope of the incident's impact. For example, the proposal department determines the priority of countermeasures based on the scope of the incident's impact. For example, the proposal department uses generative AI to determine the priority of countermeasures based on the scope of the incident's impact. For example, the proposal department uses generative AI to determine the priority of countermeasures based on the scope of the incident's impact. For example, if the scope of impact is wide, the proposal department will prioritize proposing rapid countermeasures. For example, if the scope of impact is limited, the proposal department will propose a detailed investigation and countermeasures. For example, if the scope of impact is unknown, the proposal department will propose identifying the scope of impact and initial response measures. In this way, the proposal department can respond quickly to important incidents by determining the priority of countermeasures based on the scope of the incident's impact. Some or all of the above processes in the proposal department may be performed using generative AI or not.

[0043] The proposal department can customize countermeasures based on the location where the incident occurred. For example, the proposal department customizes countermeasures based on the location where the incident occurred. For example, the proposal department uses generative AI to customize countermeasures based on the location where the incident occurred. For example, the proposal department uses generative AI to customize countermeasures based on the location where the incident occurred. For example, if the incident occurred in an office, the proposal department proposes physical security measures. For example, if the incident occurred in a remote work environment, the proposal department proposes restricting remote access. For example, if the incident occurred in a cloud environment, the proposal department proposes changing the settings of cloud services. This allows the proposal department to take a more appropriate response by customizing countermeasures based on the location where the incident occurred. Some or all of the above processing in the proposal department may be performed using generative AI or not.

[0044] The guide unit can provide different procedures depending on the roles of the stakeholders. For example, the guide unit provides different procedures depending on the roles of the stakeholders. For example, the guide unit uses generative AI to provide different procedures depending on the roles of the stakeholders. For example, the guide unit uses generative AI to provide different procedures depending on the roles of the stakeholders. For example, the guide unit provides system administrators with technical response procedures. For example, the guide unit provides general users with simple operating procedures. For example, the guide unit provides managers with the overall situation and response policies. This enables the guide unit to provide more appropriate responses by providing procedures according to the roles of the stakeholders. Some or all of the above-described processes in the guide unit may be performed using generative AI or without using generative AI.

[0045] The guide unit can update procedures in real time according to the progress of the incident. For example, the guide unit updates procedures in real time according to the progress of the incident. For example, the guide unit uses generative AI to update procedures in real time according to the progress of the incident. For example, the guide unit uses generative AI to update procedures in real time according to the progress of the incident. For example, the guide unit updates response procedures in real time according to the progress of the incident. For example, the guide unit updates instructions to stakeholders in real time according to the progress of the incident. For example, the guide unit updates the priority of countermeasures in real time according to the progress of the incident. This enables the guide unit to respond more appropriately by updating procedures in real time according to the progress of the incident. Some or all of the above processing in the guide unit may be performed using generative AI or without generative AI.

[0046] The guide unit can customize the procedures according to the skill level of the stakeholders. For example, the guide unit customizes the procedures according to the skill level of the stakeholders. For example, the guide unit uses generative AI to customize the procedures according to the skill level of the stakeholders. For example, the guide unit has generative AI customize the procedures according to the skill level of the stakeholders. For example, the guide unit provides basic procedures to beginners. For example, the guide unit provides detailed procedures to intermediate users. For example, the guide unit provides technical procedures to advanced users. This allows the guide unit to provide more appropriate responses by providing procedures according to the skill level of the stakeholders. Some or all of the above processing in the guide unit may be performed using generative AI or not using generative AI.

[0047] The guide unit can adjust procedures based on the scope of the incident's impact. The guide unit adjusts procedures based on the scope of the incident's impact, for example. The guide unit adjusts procedures based on the scope of the incident's impact, for example, using generative AI. The guide unit uses generative AI to adjust procedures based on the scope of the incident's impact, for example. The guide unit provides rapid response procedures when the scope of impact is wide, for example. The guide unit provides detailed investigation procedures when the scope of impact is limited, for example. The guide unit provides procedures for identifying the scope of impact when the scope of impact is unknown, for example. This enables the guide unit to respond more appropriately by adjusting procedures based on the scope of the incident's impact. Some or all of the above-described processes in the guide unit may be performed using generative AI or not.

[0048] The learning unit can optimize its learning algorithm by referring to past incident data. The learning unit optimizes its learning algorithm by referring to past incident data, for example. The learning unit optimizes its learning algorithm by referring to past incident data, for example using generative AI. The learning unit optimizes its learning algorithm by having generative AI refer to past incident data, for example. The learning unit optimizes its learning algorithm by referring to past phishing attack data, for example. The learning unit optimizes its learning algorithm by referring to past malware infection data, for example. The learning unit optimizes its learning algorithm by referring to past data breach data, for example. In this way, the learning unit can optimize its learning algorithm by referring to past incident data, enabling more effective learning. Some or all of the above processing in the learning unit may be performed using generative AI, or without using generative AI.

[0049] The learning unit can apply different learning methods depending on the type of incident. For example, the learning unit applies different learning methods depending on the type of incident. For example, the learning unit uses generative AI to apply different learning methods depending on the type of incident. For example, the learning unit uses generative AI to apply different learning methods depending on the type of incident. For example, the learning unit applies a learning method using pattern recognition for phishing attacks. For example, the learning unit applies a learning method using anomaly detection for malware infections. For example, the learning unit applies a learning method using access log analysis for data breaches. This allows the learning unit to learn more effectively by applying the most suitable learning method for each type of incident. Some or all of the above-described processes in the learning unit may be performed using generative AI or without using generative AI.

[0050] The learning unit can customize the training data based on the location where an incident occurred. For example, the learning unit customizes the training data based on the location where an incident occurred. For example, the learning unit uses generative AI to customize the training data based on the location where an incident occurred. For example, the learning unit uses generative AI to customize the training data based on the location where an incident occurred. For example, the learning unit customizes the training data based on incident data that occurred in an office. For example, the learning unit customizes the training data based on incident data that occurred in a remote work environment. For example, the learning unit customizes the training data based on incident data that occurred in a cloud environment. This enables the learning unit to learn more effectively by customizing the training data based on the location where an incident occurred. Some or all of the above processing in the learning unit may be performed using generative AI or not using generative AI.

[0051] The learning unit can weight the training data based on the scope of impact of an incident. For example, the learning unit weights the training data based on the scope of impact of an incident. For example, the learning unit uses a generative AI to weight the training data based on the scope of impact of an incident. For example, the learning unit uses a generative AI to weight the training data based on the scope of impact of an incident. For example, the learning unit gives higher weight to incident data with a wide scope of impact. For example, the learning unit gives lower weight to incident data with a limited scope of impact. For example, the learning unit gives medium weight to incident data with an unknown scope of impact. This allows the learning unit to learn more effectively by weighting the training data based on the scope of impact of an incident. Some or all of the above processing in the learning unit may be performed using a generative AI, or it may be performed without using a generative AI.

[0052] The notification unit can select different notification methods depending on the type of incident. For example, the notification unit selects different notification methods depending on the type of incident. For example, the notification unit uses a generation AI to select different notification methods depending on the type of incident. For example, the notification unit uses a generation AI to select different notification methods depending on the type of incident. For example, if a phishing attack is detected, the notification unit immediately sends an email notification. For example, if a malware infection is detected, the notification unit sends a pop-up notification. For example, if a data breach is detected, the notification unit sends an SMS notification. This allows the notification unit to send more effective notifications by selecting the most appropriate notification method depending on the type of incident. Some or all of the above-described processes in the notification unit may be performed using a generation AI, or they may be performed without using a generation AI.

[0053] The notification unit can determine the priority of notifications based on the scope of impact of an incident. For example, the notification unit determines the priority of notifications based on the scope of impact of an incident. For example, the notification unit uses a generative AI to determine the priority of notifications based on the scope of impact of an incident. For example, the notification unit uses a generative AI to determine the priority of notifications based on the scope of impact of an incident. For example, the notification unit sends a notification immediately if the scope of impact is wide. For example, the notification unit sends a notification at an appropriate time if the scope of impact is limited. For example, the notification unit sends a notification after identifying the scope of impact if the scope of impact is unknown. This enables the notification unit to send more effective notifications by determining the priority of notifications based on the scope of impact of an incident. Some or all of the above processing in the notification unit may be performed using a generative AI or not using a generative AI.

[0054] The identification unit can apply different identification methods depending on the type of incident. For example, the identification unit applies different identification methods depending on the type of incident. For example, the identification unit uses a generation AI to apply different identification methods depending on the type of incident. For example, the identification unit uses a generation AI to apply different identification methods depending on the type of incident. For example, the identification unit analyzes email logs for phishing attacks. For example, the identification unit analyzes system logs for malware infections. For example, the identification unit analyzes access logs for data breaches. This allows the identification unit to perform more effective identification by applying the most appropriate identification method for each type of incident. Some or all of the above-described processes in the identification unit may be performed using a generation AI or without using a generation AI.

[0055] The identification unit can customize the scope of impact based on the location where the incident occurred. For example, the identification unit customizes the scope of impact based on the location where the incident occurred. For example, the identification unit uses generative AI to customize the scope of impact based on the location where the incident occurred. For example, the identification unit uses generative AI to customize the scope of impact based on the location where the incident occurred. For example, if the incident occurred in an office, the identification unit identifies the physical scope of impact. For example, if the incident occurred in a remote work environment, the identification unit identifies the scope of impact on remote access. For example, if the incident occurred in a cloud environment, the identification unit identifies the scope of impact on cloud services. This allows the identification unit to perform more effective identification by customizing the scope of impact based on the location where the incident occurred. Some or all of the above processing in the identification unit may be performed using generative AI or not.

[0056] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.

[0057] The notification unit can select different notification methods depending on the type of incident. For example, if a phishing attack is detected, an email notification can be sent immediately. If a malware infection is detected, a pop-up notification can be sent. If a data breach is detected, an SMS notification can be sent. This allows the notification unit to select the most appropriate notification method for each type of incident, enabling more effective notifications. Some or all of the above-described processes in the notification unit may be performed using a generation AI, or they may be performed without using a generation AI.

[0058] The identification unit can adjust the method for identifying the scope of impact based on the scope of the incident. For example, if the scope of impact is wide, it can provide a rapid identification method. If the scope of impact is limited, it can provide a detailed identification method. If the scope of impact is unknown, it can provide a procedure for identifying the scope of impact. This allows the identification unit to perform more effective identification by adjusting the method for identifying the scope of impact based on the scope of the incident. Some or all of the above processing in the identification unit may be performed using generative AI, or it may be performed without using generative AI.

[0059] The learning unit can optimize its learning algorithm by referring to past incident data. For example, it can optimize its learning algorithm by referring to past phishing attack data. It can optimize its learning algorithm by referring to past malware infection data. It can optimize its learning algorithm by referring to past data breach data. In this way, the learning unit can optimize its learning algorithm by referring to past incident data, enabling more effective learning. Some or all of the above processing in the learning unit may be performed using generative AI, or it may be performed without using generative AI.

[0060] The proposal department can customize countermeasures based on the location where the incident occurred. For example, if it occurred in an office, it can propose physical security measures. If it occurred in a remote work environment, it can propose restrictions on remote access. If it occurred in a cloud environment, it can propose changes to the cloud service settings. This allows the proposal department to provide a more appropriate response by customizing countermeasures based on the location of the incident. Some or all of the above processing in the proposal department may be performed using generative AI, or it may be performed without using generative AI.

[0061] The learning unit can apply different learning methods depending on the type of incident. For example, a learning method using pattern recognition can be applied to phishing attacks. A learning method using anomaly detection can be applied to malware infections. A learning method using access log analysis can be applied to data breaches. This allows the learning unit to learn more effectively by applying the most suitable learning method for each type of incident. Some or all of the above-described processes in the learning unit may be performed using generative AI, or they may be performed without using generative AI.

[0062] The guidance unit can update procedures in real time according to the progress of the incident. For example, it can update response procedures in real time according to the progress of the incident. It can update instructions to stakeholders in real time. It can update the priority of countermeasures in real time. As a result, the guidance unit can respond more appropriately by updating procedures in real time according to the progress of the incident. Some or all of the above processing in the guidance unit may be performed using generative AI, or it may be performed without using generative AI.

[0063] The following briefly describes the processing flow for example form 1.

[0064] Step 1: The proposal team proposes the most appropriate countermeasures based on the type and circumstances of the security incident. For example, if a phishing attack is detected using generated AI, they will propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. Step 2: The Guiding Department guides stakeholders through specific procedures based on the countermeasures proposed by the Proposal Department. For example, it guides stakeholders through specific procedures based on countermeasures proposed using generative AI. Step 3: The learning unit learns from past incident data to provide future threat predictions and improved response strategies. For example, it uses generative AI to learn from past phishing attack data, enabling a faster and more effective response when similar attacks occur in the future. Step 4: The notification unit notifies the user when an incident occurs. For example, it uses a generation AI to immediately notify the user when an incident occurs. Step 5: The identification unit identifies the scope of the incident's impact. For example, it might use a generative AI to identify the scope of the incident's impact.

[0065] (Example of form 2) The security incident initial response system according to an embodiment of the present invention is a system that utilizes generative AI to automate the initial response to security incidents in small and medium-sized enterprises (SMEs). This system was developed to solve the problem that SMEs often have insufficient security measures and lack specialized knowledge and personnel, making it difficult to take appropriate initial action when a security incident occurs. The security incident initial response system utilizes generative AI to automate the initial response to security incidents, enabling a rapid and accurate response. For example, when a security incident occurs, the generative AI proposes the optimal response measures according to the type and circumstances of the incident. For example, if a phishing attack is detected, the generative AI immediately notifies the user, identifies the scope of impact, and proposes countermeasures such as temporarily suspending related accounts. Next, the generative AI guides the relevant parties through specific procedures based on the proposed countermeasures. This allows the relevant parties to respond calmly and accurately. Furthermore, the generative AI learns from past incident data and provides future threat predictions and improvement measures for responses. This enables continuous improvement of security measures. For example, by learning from past phishing attack data, it becomes possible to respond more quickly and effectively when similar attacks occur in the future. By implementing this system, small and medium-sized enterprises (SMEs) can respond quickly and accurately to security incidents, minimize security risks, and build a safe and reliable business environment. Furthermore, automation of manual tasks reduces operational costs while improving the quality of responses. Continuous improvement based on feedback from AI-generated data ensures optimal incident response at all times. In summary, this security incident initial response system enables SMEs to respond quickly and accurately to security incidents.

[0066] The security incident initial response system according to the embodiment comprises a proposal unit, a guide unit, a learning unit, a notification unit, and a specification unit. The proposal unit proposes the optimal response measures according to the type and circumstances of the security incident. The proposal unit proposes the optimal response measures according to the type and circumstances of the incident, for example, using a generation AI. For example, if a phishing attack is detected, the proposal unit proposes response measures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. For example, the proposal unit proposes that the generation AI detects a phishing attack, notifies the user, identifies the scope of impact, and temporarily suspends related accounts. Some or all of the above processing in the proposal unit may be performed using the generation AI or without the generation AI. The guide unit guides the relevant parties through specific procedures based on the response measures proposed by the proposal unit. The guide unit guides the relevant parties through specific procedures based on the proposed response measures, for example, using a generation AI. For example, the guide unit guides the relevant parties through specific procedures based on the proposed response measures, using the generation AI. Some or all of the above-described processes in the guidance unit may be performed using or without a generation AI. The learning unit learns from past incident data to provide future threat predictions and improved response measures. The learning unit, for example, uses a generation AI to learn from past incident data to provide future threat predictions and improved response measures. For example, the learning unit allows the generation AI to learn from past phishing attack data so that it can respond more quickly and effectively when similar attacks occur in the future. Some or all of the above-described processes in the learning unit may be performed using or without a generation AI. The notification unit notifies the user when an incident occurs. The notification unit, for example, uses a generation AI to notify the user when an incident occurs. For example, the notification unit uses a generation AI to immediately notify the user when an incident occurs. Some or all of the above-described processes in the notification unit may be performed using or without a generation AI. The identification unit identifies the scope of the incident's impact. The identification unit, for example, uses a generation AI to identify the scope of the incident's impact. For example, the identification unit uses a generation AI to identify the scope of the incident's impact.Some or all of the above-described processing in the specific section may be performed using a generation AI, or it may be performed without using a generation AI. As a result, the security incident initial response system according to the embodiment can automate the initial response when a security incident occurs, enabling a rapid and accurate response.

[0067] The proposal department proposes the most appropriate countermeasures based on the type and circumstances of the security incident. For example, the proposal department uses generative AI to propose the most appropriate countermeasures based on the type and circumstances of the incident. Specifically, the generative AI identifies the type of incident (e.g., phishing attack, malware infection, DDoS attack, etc.) and generates the most appropriate countermeasure for each incident. For example, if a phishing attack is detected, the generative AI proposes countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. The generative AI learns from past incident data and existing security guidelines to build a knowledge base for generating the most appropriate countermeasures. This allows the proposal department to provide quick and accurate countermeasures. Furthermore, the proposal department can present the countermeasures proposed by the generative AI to stakeholders and seek human judgment as needed. This allows the proposal department to provide more reliable countermeasures by combining the automated proposals of the generative AI with human judgment. Some or all of the above-described processes in the proposal department may be performed using generative AI or not.

[0068] The Guidance Department guides stakeholders through specific procedures based on the countermeasures proposed by the Proposal Department. The Guidance Department uses, for example, generative AI to guide stakeholders through specific procedures based on the proposed countermeasures. Specifically, the generative AI presents specific procedures to stakeholders based on the proposed countermeasures. For example, if a phishing attack is detected, the generative AI guides users on how to delete phishing emails and how to change their passwords. It also provides specific guidance on identifying the scope of impact and suspending related accounts. The generative AI can present procedures in a format that stakeholders can easily understand using natural language processing technology. This allows the Guidance Department to help stakeholders implement countermeasures quickly and accurately. Furthermore, the Guidance Department has multiple means of notifying stakeholders of the procedures provided by the generative AI. For example, procedures can be notified via email, SMS, chat applications, etc. This allows the Guidance Department to enable stakeholders to quickly receive and implement the procedures. Some or all of the above-described processes in the Guidance Department may be performed using the generative AI or not.

[0069] The learning unit learns from past incident data to provide future threat predictions and improved response measures. Specifically, the learning unit uses, for example, generative AI to learn from past incident data and provide future threat predictions and improved response measures. The generative AI analyzes past incident data to identify incident occurrence patterns and trends. This allows for prediction of the likelihood of similar incidents occurring in the future and enables proactive countermeasures. For example, the generative AI learns from past phishing attack data to enable a faster and more effective response when similar attacks occur in the future. Furthermore, the generative AI can evaluate the effectiveness of past countermeasures and identify areas for improvement. This allows the learning unit to improve the accuracy and effectiveness of future countermeasures. Some or all of the above processing in the learning unit may be performed using generative AI or without generative AI.

[0070] The notification unit notifies users when an incident occurs. The notification unit uses, for example, a generative AI to notify users when an incident occurs. Specifically, the generative AI identifies the type and scope of the incident and provides appropriate notifications to users. For example, if a phishing attack is detected, the generative AI will notify users on how to delete phishing emails and how to change their passwords. Furthermore, by quickly notifying users before the scope of the impact expands, damage can be minimized. The notification unit has multiple notification methods, such as email, SMS, and chat applications, to ensure that users receive notifications quickly. This allows the notification unit to provide users with quick and accurate notifications when an incident occurs, minimizing damage. Some or all of the above-described processes in the notification unit may be performed using a generative AI, or they may be performed without using a generative AI.

[0071] The identification unit identifies the scope of the incident's impact. The identification unit uses, for example, generative AI to identify the scope of the incident's impact. Specifically, the generative AI identifies the source of the incident and the affected systems and data. For example, if a phishing attack is detected, the generative AI can identify affected user accounts and systems and take swift countermeasures. The generative AI analyzes past incident data and real-time system logs to build a knowledge base for identifying the scope of impact. This allows the identification unit to quickly and accurately identify the scope of impact and take appropriate countermeasures. Furthermore, the identification unit can notify relevant parties of the scope of impact identified by the generative AI to support a rapid response. Some or all of the above-described processes in the identification unit may be performed using the generative AI or not. This allows the identification unit to quickly and accurately identify the scope of the incident's impact and minimize damage.

[0072] The notification unit can immediately notify the user when an incident occurs. The notification unit can, for example, immediately notify the user when an incident occurs. The notification unit can, for example, use a generation AI to immediately notify the user when an incident occurs. The notification unit can, for example, notify the user by email when an incident occurs. The notification unit can, for example, notify the user by SMS when an incident occurs. The notification unit can, for example, send a push notification to the user when an incident occurs. This allows the notification unit to expedite the initial response by quickly notifying the user when an incident occurs. Some or all of the above processing in the notification unit may be performed using a generation AI, or may not be performed using a generation AI.

[0073] The identification unit can identify the scope of impact of an incident. The identification unit can, for example, identify the scope of impact of an incident. The identification unit can, for example, identify the scope of impact of an incident using a generation AI. The identification unit can, for example, identify the scope of impact of an incident by analyzing network logs. The identification unit can, for example, identify the scope of impact of an incident by analyzing system logs. The identification unit can, for example, identify the scope of impact of an incident by analyzing user activity logs. By doing so, the identification unit can take appropriate countermeasures by identifying the scope of impact of an incident. Some or all of the above-described processes in the identification unit may be performed using a generation AI, or they may be performed without using a generation AI.

[0074] The proposal unit can propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts if a phishing attack is detected. For example, the proposal unit proposes notifying users, identifying the scope of impact, and temporarily suspending related accounts if a phishing attack is detected. For example, the proposal unit can use generative AI to propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts if a phishing attack is detected. For example, the proposal unit proposes that generative AI detects a phishing attack, notifies users, identifies the scope of impact, and temporarily suspends related accounts. This allows the proposal unit to propose quick and accurate countermeasures against phishing attacks. Some or all of the above processing in the proposal unit may be performed using generative AI or without using generative AI.

[0075] The guiding unit can guide stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit guides stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit uses generative AI to guide stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit uses generative AI to guide stakeholders through specific procedures based on the proposed countermeasures. For example, the guiding unit uses generative AI to provide stakeholders with step-by-step instructions based on the proposed countermeasures. For example, the guiding unit uses generative AI to provide stakeholders with visual guidance based on the proposed countermeasures. For example, the guiding unit uses generative AI to provide audio guidance based on the proposed countermeasures. This enables stakeholders to respond calmly and accurately. Some or all of the above-described processes in the guiding unit may be performed using generative AI or without generative AI.

[0076] The learning unit can learn from past incident data and provide improvements to future threat predictions and responses. For example, the learning unit can learn from past incident data and provide improvements to future threat predictions and responses. For example, the learning unit can use generative AI to learn from past incident data and provide improvements to future threat predictions and responses. For example, the learning unit can use generative AI to learn from past phishing attack data, enabling a faster and more effective response when similar attacks occur in the future. For example, the learning unit can use generative AI to learn from past malware infection data, enabling a faster and more effective response when similar infections occur in the future. For example, the learning unit can use generative AI to learn from past data breaches, enabling a faster and more effective response when similar breaches occur in the future. This allows the learning unit to improve future threat predictions and responses by learning from past incident data. Some or all of the above processing in the learning unit may be performed using generative AI, or without using generative AI.

[0077] The suggestion unit can estimate the user's emotions and adjust the way it presents its suggestions based on those emotions. For example, the suggestion unit can estimate the user's emotions and adjust the way it presents its suggestions based on those emotions. For example, the suggestion unit can use generative AI to estimate the user's emotions and adjust the way it presents its suggestions based on those emotions. For example, the suggestion unit can use generative AI to estimate the user's emotions and adjust the way it presents its suggestions based on those emotions. For example, if the user is stressed, the suggestion unit can make concise and easy-to-understand suggestions. For example, if the user is relaxed, the suggestion unit can make suggestions that include detailed explanations. For example, if the user is tense, the suggestion unit can make suggestions using reassuring language. This allows the suggestion unit to make more effective suggestions by adjusting the way it presents its suggestions according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above-described processes in the proposed section may be performed using a generative AI, or they may be performed without using a generative AI.

[0078] The proposal unit can propose different countermeasures depending on the type of incident. For example, the proposal unit proposes different countermeasures depending on the type of incident. For example, the proposal unit uses generative AI to propose different countermeasures depending on the type of incident. For example, the proposal unit has generative AI propose different countermeasures depending on the type of incident. For example, if a phishing attack is detected, the proposal unit proposes user notification, identification of the scope of impact, and temporary suspension of related accounts. For example, if a malware infection is detected, the proposal unit proposes isolation of infected terminals, identification of the scope of impact, and implementation of data backups. For example, if a data breach is detected, the proposal unit proposes identification of the leakage route, identification of the scope of impact, and notification to relevant parties. This enables the proposal unit to respond quickly and accurately by proposing appropriate countermeasures according to the type of incident. Some or all of the above processing in the proposal unit may be performed using generative AI or not using generative AI.

[0079] The proposal unit can determine the priority of countermeasures based on the frequency of incident occurrence. The proposal unit, for example, determines the priority of countermeasures based on the frequency of incident occurrence. The proposal unit, for example, uses generative AI to determine the priority of countermeasures based on the frequency of incident occurrence. The proposal unit, for example, uses generative AI to determine the priority of countermeasures based on the frequency of incident occurrence. For example, the proposal unit will propose immediate countermeasures as a priority for frequently occurring phishing attacks. For example, the proposal unit will propose detailed investigation and countermeasures for rarely occurring malware infections. For example, the proposal unit will propose preventive measures and initial response measures for new types of attacks that have never occurred before. In this way, the proposal unit can respond quickly to important incidents by determining the priority of countermeasures based on the frequency of incident occurrence. Some or all of the above processing in the proposal unit may be performed using generative AI or not.

[0080] The suggestion unit can estimate the user's emotions and adjust the level of detail of its suggestions based on the estimated emotions. For example, the suggestion unit estimates the user's emotions and adjusts the level of detail of its suggestions based on the estimated emotions. For example, the suggestion unit uses generative AI to estimate the user's emotions and adjusts the level of detail of its suggestions based on the estimated emotions. For example, if the user is stressed, the suggestion unit provides concise and to-the-point suggestions. For example, if the user is relaxed, the suggestion unit provides suggestions with detailed explanations. For example, if the user is tense, the suggestion unit provides suggestions using reassuring language. This allows the suggestion unit to provide more effective suggestions by adjusting the level of detail of its suggestions according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above-described processes in the proposed section may be performed using a generative AI, or they may be performed without using a generative AI.

[0081] The proposal department can determine the priority of countermeasures based on the scope of the incident's impact. For example, the proposal department determines the priority of countermeasures based on the scope of the incident's impact. For example, the proposal department uses generative AI to determine the priority of countermeasures based on the scope of the incident's impact. For example, the proposal department uses generative AI to determine the priority of countermeasures based on the scope of the incident's impact. For example, if the scope of impact is wide, the proposal department will prioritize proposing rapid countermeasures. For example, if the scope of impact is limited, the proposal department will propose a detailed investigation and countermeasures. For example, if the scope of impact is unknown, the proposal department will propose identifying the scope of impact and initial response measures. In this way, the proposal department can respond quickly to important incidents by determining the priority of countermeasures based on the scope of the incident's impact. Some or all of the above processes in the proposal department may be performed using generative AI or not.

[0082] The proposal department can customize countermeasures based on the location where the incident occurred. For example, the proposal department customizes countermeasures based on the location where the incident occurred. For example, the proposal department uses generative AI to customize countermeasures based on the location where the incident occurred. For example, the proposal department uses generative AI to customize countermeasures based on the location where the incident occurred. For example, if the incident occurred in an office, the proposal department proposes physical security measures. For example, if the incident occurred in a remote work environment, the proposal department proposes restricting remote access. For example, if the incident occurred in a cloud environment, the proposal department proposes changing the settings of cloud services. This allows the proposal department to take a more appropriate response by customizing countermeasures based on the location where the incident occurred. Some or all of the above processing in the proposal department may be performed using generative AI or not.

[0083] The guide unit can estimate the user's emotions and adjust the way the guide is presented based on the estimated emotions. For example, the guide unit estimates the user's emotions and adjusts the way the guide is presented based on the estimated emotions. For example, the guide unit uses generative AI to estimate the user's emotions and adjusts the way the guide is presented based on the estimated emotions. For example, if the user is stressed, the guide unit provides a concise and easy-to-understand guide. For example, if the user is relaxed, the guide unit provides a guide that includes detailed explanations. For example, if the user is tense, the guide unit provides a guide using reassuring language. This allows the guide unit to provide more effective guidance by adjusting the way the guide is presented according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above-described processing in the guide section may be performed using a generation AI, or it may be performed without using a generation AI.

[0084] The guide unit can provide different procedures depending on the roles of the stakeholders. For example, the guide unit provides different procedures depending on the roles of the stakeholders. For example, the guide unit uses generative AI to provide different procedures depending on the roles of the stakeholders. For example, the guide unit uses generative AI to provide different procedures depending on the roles of the stakeholders. For example, the guide unit provides system administrators with technical response procedures. For example, the guide unit provides general users with simple operating procedures. For example, the guide unit provides managers with the overall situation and response policies. This enables the guide unit to provide more appropriate responses by providing procedures according to the roles of the stakeholders. Some or all of the above-described processes in the guide unit may be performed using generative AI or without using generative AI.

[0085] The guide unit can update procedures in real time according to the progress of the incident. For example, the guide unit updates procedures in real time according to the progress of the incident. For example, the guide unit uses generative AI to update procedures in real time according to the progress of the incident. For example, the guide unit uses generative AI to update procedures in real time according to the progress of the incident. For example, the guide unit updates response procedures in real time according to the progress of the incident. For example, the guide unit updates instructions to stakeholders in real time according to the progress of the incident. For example, the guide unit updates the priority of countermeasures in real time according to the progress of the incident. This enables the guide unit to respond more appropriately by updating procedures in real time according to the progress of the incident. Some or all of the above processing in the guide unit may be performed using generative AI or without generative AI.

[0086] The guide unit can estimate the user's emotions and adjust the level of detail of the guide based on the estimated emotions. For example, the guide unit estimates the user's emotions and adjusts the level of detail of the guide based on the estimated emotions. For example, the guide unit uses generative AI to estimate the user's emotions and adjusts the level of detail of the guide based on the estimated emotions. For example, if the user is stressed, the guide unit provides a concise and to-the-point guide. For example, if the user is relaxed, the guide unit provides a guide with detailed explanations. For example, if the user is tense, the guide unit provides a guide using reassuring language. This allows the guide unit to provide more effective guidance by adjusting the level of detail of the guide according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above-described processing in the guide section may be performed using a generation AI, or it may be performed without using a generation AI.

[0087] The guide unit can customize the procedures according to the skill level of the stakeholders. For example, the guide unit customizes the procedures according to the skill level of the stakeholders. For example, the guide unit uses generative AI to customize the procedures according to the skill level of the stakeholders. For example, the guide unit has generative AI customize the procedures according to the skill level of the stakeholders. For example, the guide unit provides basic procedures to beginners. For example, the guide unit provides detailed procedures to intermediate users. For example, the guide unit provides technical procedures to advanced users. This allows the guide unit to provide more appropriate responses by providing procedures according to the skill level of the stakeholders. Some or all of the above processing in the guide unit may be performed using generative AI or not using generative AI.

[0088] The guide unit can adjust procedures based on the scope of the incident's impact. The guide unit adjusts procedures based on the scope of the incident's impact, for example. The guide unit adjusts procedures based on the scope of the incident's impact, for example, using generative AI. The guide unit uses generative AI to adjust procedures based on the scope of the incident's impact, for example. The guide unit provides rapid response procedures when the scope of impact is wide, for example. The guide unit provides detailed investigation procedures when the scope of impact is limited, for example. The guide unit provides procedures for identifying the scope of impact when the scope of impact is unknown, for example. This enables the guide unit to respond more appropriately by adjusting procedures based on the scope of the incident's impact. Some or all of the above-described processes in the guide unit may be performed using generative AI or not.

[0089] The learning unit can estimate the user's emotions and select training data based on the estimated user emotions. For example, the learning unit estimates the user's emotions and selects training data based on the estimated user emotions. For example, the learning unit uses generative AI to estimate the user's emotions and selects training data based on the estimated user emotions. For example, the learning unit uses generative AI to estimate the user's emotions and selects training data based on the estimated user emotions. For example, if the user is stressed, the learning unit selects training data that is concise and to the point. For example, if the user is relaxed, the learning unit selects training data that includes detailed explanations. For example, if the user is tense, the learning unit selects training data that uses reassuring language. This allows the learning unit to perform more effective learning by selecting training data according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the processing described above in the learning unit may be performed using a generative AI, or it may be performed without using a generative AI.

[0090] The learning unit can optimize its learning algorithm by referring to past incident data. The learning unit optimizes its learning algorithm by referring to past incident data, for example. The learning unit optimizes its learning algorithm by referring to past incident data, for example using generative AI. The learning unit optimizes its learning algorithm by having generative AI refer to past incident data, for example. The learning unit optimizes its learning algorithm by referring to past phishing attack data, for example. The learning unit optimizes its learning algorithm by referring to past malware infection data, for example. The learning unit optimizes its learning algorithm by referring to past data breach data, for example. In this way, the learning unit can optimize its learning algorithm by referring to past incident data, enabling more effective learning. Some or all of the above processing in the learning unit may be performed using generative AI, or without using generative AI.

[0091] The learning unit can apply different learning methods depending on the type of incident. For example, the learning unit applies different learning methods depending on the type of incident. For example, the learning unit uses generative AI to apply different learning methods depending on the type of incident. For example, the learning unit uses generative AI to apply different learning methods depending on the type of incident. For example, the learning unit applies a learning method using pattern recognition for phishing attacks. For example, the learning unit applies a learning method using anomaly detection for malware infections. For example, the learning unit applies a learning method using access log analysis for data breaches. This allows the learning unit to learn more effectively by applying the most suitable learning method for each type of incident. Some or all of the above-described processes in the learning unit may be performed using generative AI or without using generative AI.

[0092] The learning unit can estimate the user's emotions and adjust the learning frequency based on the estimated emotions. For example, the learning unit estimates the user's emotions and adjusts the learning frequency based on the estimated emotions. For example, the learning unit uses generative AI to estimate the user's emotions and adjusts the learning frequency based on the estimated emotions. For example, the learning unit uses generative AI to estimate the user's emotions and adjusts the learning frequency based on the estimated emotions. For example, if the user is stressed, the learning unit lowers the learning frequency. For example, if the user is relaxed, the learning unit increases the learning frequency. For example, if the user is tense, the learning unit sets the learning frequency to a moderate level. This allows the learning unit to perform more effective learning by adjusting the learning frequency according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the processing described above in the learning unit may be performed using a generative AI, or it may be performed without using a generative AI.

[0093] The learning unit can customize the training data based on the location where an incident occurred. For example, the learning unit customizes the training data based on the location where an incident occurred. For example, the learning unit uses generative AI to customize the training data based on the location where an incident occurred. For example, the learning unit uses generative AI to customize the training data based on the location where an incident occurred. For example, the learning unit customizes the training data based on incident data that occurred in an office. For example, the learning unit customizes the training data based on incident data that occurred in a remote work environment. For example, the learning unit customizes the training data based on incident data that occurred in a cloud environment. This enables the learning unit to learn more effectively by customizing the training data based on the location where an incident occurred. Some or all of the above processing in the learning unit may be performed using generative AI or not using generative AI.

[0094] The learning unit can weight the training data based on the scope of impact of an incident. For example, the learning unit weights the training data based on the scope of impact of an incident. For example, the learning unit uses a generative AI to weight the training data based on the scope of impact of an incident. For example, the learning unit uses a generative AI to weight the training data based on the scope of impact of an incident. For example, the learning unit gives higher weight to incident data with a wide scope of impact. For example, the learning unit gives lower weight to incident data with a limited scope of impact. For example, the learning unit gives medium weight to incident data with an unknown scope of impact. This allows the learning unit to learn more effectively by weighting the training data based on the scope of impact of an incident. Some or all of the above processing in the learning unit may be performed using a generative AI, or it may be performed without using a generative AI.

[0095] The notification unit can estimate the user's emotions and adjust the way notifications are expressed based on the estimated emotions. For example, the notification unit can estimate the user's emotions and adjust the way notifications are expressed based on the estimated emotions. For example, the notification unit can use generative AI to estimate the user's emotions and adjust the way notifications are expressed based on the estimated emotions. For example, the notification unit can use generative AI to estimate the user's emotions and adjust the way notifications are expressed based on the estimated emotions. For example, if the user is feeling stressed, the notification unit will provide a concise and easy-to-understand notification. For example, if the user is relaxed, the notification unit will provide a notification with a detailed explanation. For example, if the user is tense, the notification unit will provide a notification using reassuring language. In this way, the notification unit can provide more effective notifications by adjusting the way notifications are expressed according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above-described processing in the notification unit may be performed using a generation AI, or it may be performed without using a generation AI.

[0096] The notification unit can select different notification methods depending on the type of incident. For example, the notification unit selects different notification methods depending on the type of incident. For example, the notification unit uses a generation AI to select different notification methods depending on the type of incident. For example, the notification unit uses a generation AI to select different notification methods depending on the type of incident. For example, if a phishing attack is detected, the notification unit immediately sends an email notification. For example, if a malware infection is detected, the notification unit sends a pop-up notification. For example, if a data breach is detected, the notification unit sends an SMS notification. This allows the notification unit to send more effective notifications by selecting the most appropriate notification method depending on the type of incident. Some or all of the above-described processes in the notification unit may be performed using a generation AI, or they may be performed without using a generation AI.

[0097] The notification unit can estimate the user's emotions and adjust the timing of notifications based on the estimated emotions. For example, the notification unit estimates the user's emotions and adjusts the timing of notifications based on the estimated emotions. For example, the notification unit uses generative AI to estimate the user's emotions and adjusts the timing of notifications based on the estimated emotions. For example, the notification unit uses generative AI to estimate the user's emotions and adjusts the timing of notifications based on the estimated emotions. For example, the notification unit provides an immediate notification if the user is stressed. For example, the notification unit provides a notification at an appropriate time if the user is relaxed. For example, the notification unit provides a notification at a time that provides reassurance if the user is tense. This allows the notification unit to provide more effective notifications by adjusting the timing of notifications according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above-described processing in the notification unit may be performed using a generation AI, or it may be performed without using a generation AI.

[0098] The notification unit can determine the priority of notifications based on the scope of impact of an incident. For example, the notification unit determines the priority of notifications based on the scope of impact of an incident. For example, the notification unit uses a generative AI to determine the priority of notifications based on the scope of impact of an incident. For example, the notification unit uses a generative AI to determine the priority of notifications based on the scope of impact of an incident. For example, the notification unit sends a notification immediately if the scope of impact is wide. For example, the notification unit sends a notification at an appropriate time if the scope of impact is limited. For example, the notification unit sends a notification after identifying the scope of impact if the scope of impact is unknown. This enables the notification unit to send more effective notifications by determining the priority of notifications based on the scope of impact of an incident. Some or all of the above processing in the notification unit may be performed using a generative AI or not using a generative AI.

[0099] The identification unit can estimate the user's emotions and adjust the method of identifying the scope of influence based on the estimated user's emotions. For example, the identification unit estimates the user's emotions and adjusts the method of identifying the scope of influence based on the estimated user's emotions. For example, the identification unit uses generative AI to estimate the user's emotions and adjusts the method of identifying the scope of influence based on the estimated user's emotions. For example, the identification unit uses generative AI to estimate the user's emotions and adjusts the method of identifying the scope of influence based on the estimated user's emotions. For example, if the user is stressed, the identification unit provides a concise and easy-to-understand identification method. For example, if the user is relaxed, the identification unit provides an identification method that includes a detailed explanation. For example, if the user is tense, the identification unit provides an identification method using reassuring language. This allows the identification unit to perform more effective identification by adjusting the method of identifying the scope of influence according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, with an emotion engine or generative AI. The generative AI may be a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to such examples. Some or all of the processing described above in a particular section may be performed using a generative AI or not using a generative AI.

[0100] The identification unit can apply different identification methods depending on the type of incident. For example, the identification unit applies different identification methods depending on the type of incident. For example, the identification unit uses a generation AI to apply different identification methods depending on the type of incident. For example, the identification unit uses a generation AI to apply different identification methods depending on the type of incident. For example, the identification unit analyzes email logs for phishing attacks. For example, the identification unit analyzes system logs for malware infections. For example, the identification unit analyzes access logs for data breaches. This allows the identification unit to perform more effective identification by applying the most appropriate identification method for each type of incident. Some or all of the above-described processes in the identification unit may be performed using a generation AI or without using a generation AI.

[0101] The identification unit can estimate the user's emotions and determine the priority of identifying the scope of influence based on the estimated user emotions. For example, the identification unit estimates the user's emotions and determines the priority of identifying the scope of influence based on the estimated user emotions. For example, the identification unit uses generative AI to estimate the user's emotions and determines the priority of identifying the scope of influence based on the estimated user emotions. For example, the identification unit uses generative AI to estimate the user's emotions and determines the priority of identifying the scope of influence based on the estimated user emotions. For example, if the user is stressed, the identification unit quickly identifies the scope of influence. For example, if the user is relaxed, the identification unit identifies the scope of influence at the appropriate time. For example, if the user is tense, the identification unit identifies the scope of influence at the time to provide reassurance. This allows the identification unit to perform more effective identification by determining the priority of identifying the scope of influence according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the processing described above in the specific section may be performed using a generation AI, or it may be performed without using a generation AI.

[0102] The identification unit can customize the scope of impact based on the location where the incident occurred. For example, the identification unit customizes the scope of impact based on the location where the incident occurred. For example, the identification unit uses generative AI to customize the scope of impact based on the location where the incident occurred. For example, the identification unit uses generative AI to customize the scope of impact based on the location where the incident occurred. For example, if the incident occurred in an office, the identification unit identifies the physical scope of impact. For example, if the incident occurred in a remote work environment, the identification unit identifies the scope of impact on remote access. For example, if the incident occurred in a cloud environment, the identification unit identifies the scope of impact on cloud services. This allows the identification unit to perform more effective identification by customizing the scope of impact based on the location where the incident occurred. Some or all of the above processing in the identification unit may be performed using generative AI or not.

[0103] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.

[0104] The suggestion unit can estimate the user's emotions and adjust the way it presents suggestions based on those emotions. For example, if the user is stressed, it can present concise and easy-to-understand suggestions. If the user is relaxed, it can present suggestions that include detailed explanations. If the user is tense, it can present suggestions using reassuring language. This allows the suggestion unit to make more effective suggestions by adjusting the way it presents suggestions according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the processing described above in the suggestion unit may be performed using generative AI or not.

[0105] The notification unit can select different notification methods depending on the type of incident. For example, if a phishing attack is detected, an email notification can be sent immediately. If a malware infection is detected, a pop-up notification can be sent. If a data breach is detected, an SMS notification can be sent. This allows the notification unit to select the most appropriate notification method for each type of incident, enabling more effective notifications. Some or all of the above-described processes in the notification unit may be performed using a generation AI, or they may be performed without using a generation AI.

[0106] The identification unit can adjust the method for identifying the scope of impact based on the scope of the incident. For example, if the scope of impact is wide, it can provide a rapid identification method. If the scope of impact is limited, it can provide a detailed identification method. If the scope of impact is unknown, it can provide a procedure for identifying the scope of impact. This allows the identification unit to perform more effective identification by adjusting the method for identifying the scope of impact based on the scope of the incident. Some or all of the above processing in the identification unit may be performed using generative AI, or it may be performed without using generative AI.

[0107] The guide unit can estimate the user's emotions and adjust the way the guide is presented based on the estimated emotions. For example, if the user is stressed, the guide can be concise and easy to understand. If the user is relaxed, the guide can include detailed explanations. If the user is tense, the guide can be presented in a reassuring manner. In this way, the guide unit can provide more effective guidance by adjusting the way the guide is presented according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above processing in the guide unit may be performed using generative AI or not.

[0108] The learning unit can optimize its learning algorithm by referring to past incident data. For example, it can optimize its learning algorithm by referring to past phishing attack data. It can optimize its learning algorithm by referring to past malware infection data. It can optimize its learning algorithm by referring to past data breach data. In this way, the learning unit can optimize its learning algorithm by referring to past incident data, enabling more effective learning. Some or all of the above processing in the learning unit may be performed using generative AI, or it may be performed without using generative AI.

[0109] The proposal department can customize countermeasures based on the location where the incident occurred. For example, if it occurred in an office, it can propose physical security measures. If it occurred in a remote work environment, it can propose restrictions on remote access. If it occurred in a cloud environment, it can propose changes to the cloud service settings. This allows the proposal department to provide a more appropriate response by customizing countermeasures based on the location of the incident. Some or all of the above processing in the proposal department may be performed using generative AI, or it may be performed without using generative AI.

[0110] The notification unit can estimate the user's emotions and adjust the way notifications are presented based on the estimated emotions. For example, if the user is stressed, a concise and easy-to-understand notification can be provided. If the user is relaxed, a notification with detailed explanations can be provided. If the user is tense, a notification can be presented using reassuring language. In this way, the notification unit can provide more effective notifications by adjusting the way notifications are presented according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above processing in the notification unit may be performed using generative AI or not using generative AI.

[0111] The learning unit can apply different learning methods depending on the type of incident. For example, a learning method using pattern recognition can be applied to phishing attacks. A learning method using anomaly detection can be applied to malware infections. A learning method using access log analysis can be applied to data breaches. This allows the learning unit to learn more effectively by applying the most suitable learning method for each type of incident. Some or all of the above-described processes in the learning unit may be performed using generative AI, or they may be performed without using generative AI.

[0112] The identification unit can estimate the user's emotions and determine the priority of identifying the scope of influence based on the estimated user emotions. For example, if the user is stressed, the scope of influence can be identified quickly. If the user is relaxed, the scope of influence can be identified at the appropriate time. If the user is tense, the scope of influence can be identified at a time that provides reassurance. This allows the identification unit to perform more effective identification by determining the priority of identifying the scope of influence according to the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Some or all of the above processing in the identification unit may be performed using generative AI or not using generative AI.

[0113] The guidance unit can update procedures in real time according to the progress of the incident. For example, it can update response procedures in real time according to the progress of the incident. It can update instructions to stakeholders in real time. It can update the priority of countermeasures in real time. As a result, the guidance unit can respond more appropriately by updating procedures in real time according to the progress of the incident. Some or all of the above processing in the guidance unit may be performed using generative AI, or it may be performed without using generative AI.

[0114] The following briefly describes the processing flow for example form 2.

[0115] Step 1: The proposal team proposes the most appropriate countermeasures based on the type and circumstances of the security incident. For example, if a phishing attack is detected using generated AI, they will propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. Step 2: The Guiding Department guides stakeholders through specific procedures based on the countermeasures proposed by the Proposal Department. For example, it guides stakeholders through specific procedures based on countermeasures proposed using generative AI. Step 3: The learning unit learns from past incident data to provide future threat predictions and improved response strategies. For example, it uses generative AI to learn from past phishing attack data, enabling a faster and more effective response when similar attacks occur in the future. Step 4: The notification unit notifies the user when an incident occurs. For example, it uses a generation AI to immediately notify the user when an incident occurs. Step 5: The identification unit identifies the scope of the incident's impact. For example, it might use a generative AI to identify the scope of the incident's impact.

[0116] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.

[0117] Data generation model 58 is a form of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> Examples of generative AI include text generation AI, image generation AI, and multimodal generation AI. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats from audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVMs), k-means clustering, convolutional neural networks (CNNs), recurrent neural networks (RNNs), generative adversarial networks (GANs), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI ​​may be an AI agent. Furthermore, when the processing of each of the above parts is performed by the AI, the processing may be performed by the AI ​​in part or in whole, but is not limited to this example.Furthermore, processing performed by AI, including generative AI, may be replaced with rule-based processing, and rule-based processing may be replaced with processing performed by AI, including generative AI.

[0118] Furthermore, the processing performed by the data processing system 10 described above is carried out by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart device 14, but it may also be carried out by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart device 14. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart device 14 or an external device, and the smart device 14 acquires or collects information necessary for processing from the data processing device 12 or an external device.

[0119] Each of the multiple elements described above, including the suggestion unit, guide unit, learning unit, notification unit, and identification unit, is implemented in at least one of the smart device 14 and the data processing device 12. For example, the suggestion unit is implemented by the control unit 46A of the smart device 14 or the identification unit 290 of the data processing device 12. The guide unit is implemented by the control unit 46A of the smart device 14 or the identification unit 290 of the data processing device 12. The learning unit is implemented by the identification unit 290 of the data processing device 12. The notification unit is implemented by the control unit 46A of the smart device 14 or the identification unit 290 of the data processing device 12. The identification unit is implemented by the control unit 46A of the smart device 14 or the identification unit 290 of the data processing device 12. The correspondence between each unit and the device or control unit is not limited to the examples described above, and various modifications are possible.

[0120] [Second Embodiment] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.

[0121] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.

[0122] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.

[0123] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.

[0124] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0125] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).

[0126] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0127] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing by the processor 28. The storage 32 stores the specific processing program 56.

[0128] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.

[0129] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.

[0130] In the smart glasses 214, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart glasses 214 also have a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.

[0131] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).

[0132] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0133] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI ​​may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI ​​in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.

[0134] The data processing system 210 according to the second embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 210 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart glasses 214, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart glasses 214. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart glasses 214 or an external device, and the smart glasses 214 acquires or collects information necessary for processing from the data processing device 12 or an external device.

[0135] Each of the multiple elements described above, including the suggestion unit, guide unit, learning unit, notification unit, and identification unit, is implemented in at least one of the smart glasses 214 and the data processing device 12. For example, the suggestion unit is implemented by the control unit 46A of the smart glasses 214 or the identification unit 290 of the data processing device 12. The guide unit is implemented by the control unit 46A of the smart glasses 214 or the identification unit 290 of the data processing device 12. The learning unit is implemented by the identification unit 290 of the data processing device 12. The notification unit is implemented by the control unit 46A of the smart glasses 214 or the identification unit 290 of the data processing device 12. The identification unit is implemented by the control unit 46A of the smart glasses 214 or the identification unit 290 of the data processing device 12. The correspondence between each unit and the device or control unit is not limited to the examples described above, and various modifications are possible.

[0136] [Third Embodiment] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.

[0137] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.

[0138] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.

[0139] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.

[0140] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0141] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).

[0142] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0143] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0144] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.

[0145] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.

[0146] In the headset terminal 314, specific processing is performed by the processor 46. The storage 50 stores a specific program 60. The processor 46 reads the specific program 60 from the storage 50 and executes the read specific program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific program 60 executed on the RAM 48. The headset terminal 314 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.

[0147] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).

[0148] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0149] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI ​​may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI ​​in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.

[0150] The data processing system 310 according to the third embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 310 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the headset terminal 314, but may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the headset terminal 314. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the headset terminal 314 or an external device, and the headset terminal 314 acquires or collects information necessary for processing from the data processing device 12 or an external device.

[0151] Each of the multiple elements described above, including the suggestion unit, guide unit, learning unit, notification unit, and identification unit, is implemented in at least one of the headset terminal 314 and the data processing device 12. For example, the suggestion unit is implemented by the control unit 46A of the headset terminal 314 or the identification unit 290 of the data processing device 12. The guide unit is implemented by the control unit 46A of the headset terminal 314 or the identification unit 290 of the data processing device 12. The learning unit is implemented by the identification unit 290 of the data processing device 12. The notification unit is implemented by the control unit 46A of the headset terminal 314 or the identification unit 290 of the data processing device 12. The identification unit is implemented by the control unit 46A of the headset terminal 314 or the identification unit 290 of the data processing device 12. The correspondence between each unit and the device or control unit is not limited to the examples described above, and various modifications are possible.

[0152] [Fourth Embodiment] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.

[0153] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.

[0154] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.

[0155] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.

[0156] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.

[0157] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS image sensor or CCD image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).

[0158] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.

[0159] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. The robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.

[0160] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.

[0161] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.

[0162] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.

[0163] In robot 414, specific processing is performed by processor 46. A specific program 60 is stored in storage 50. Processor 46 reads the specific program 60 from storage 50 and executes it on RAM 48. The specific processing is achieved by processor 46 acting as a control unit 46A according to the specific program 60 executed on RAM 48. Robot 414 also has data generation model 58 and emotion identification model 59, similar to those of the robot, and can perform processing similar to that of the specific processing unit 290 using these models.

[0164] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).

[0165] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.

[0166] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI ​​may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI ​​in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.

[0167] The data processing system 410 according to the fourth embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 410 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the robot 414, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the robot 414. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the robot 414 or an external device, and the robot 414 acquires or collects information necessary for processing from the data processing device 12 or an external device.

[0168] Each of the multiple elements described above, including the suggestion unit, guide unit, learning unit, notification unit, and identification unit, is implemented in at least one of the robot 414 and the data processing unit 12. For example, the suggestion unit is implemented by the control unit 46A of the robot 414 or the identification unit 290 of the data processing unit 12. The guide unit is implemented by the control unit 46A of the robot 414 or the identification unit 290 of the data processing unit 12. The learning unit is implemented by the identification unit 290 of the data processing unit 12. The notification unit is implemented by the control unit 46A of the robot 414 or the identification unit 290 of the data processing unit 12. The identification unit is implemented by the control unit 46A of the robot 414 or the identification unit 290 of the data processing unit 12. The correspondence between each unit and the device or control unit is not limited to the examples described above, and various modifications are possible.

[0169] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.

[0170] Figure 9 shows the emotion map 400, in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.

[0171] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.

[0172] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.

[0173] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, and motorcycles, emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated based, for example, on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.

[0174] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."

[0175] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values ​​representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values ​​representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.

[0176] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing method for the specific process may be used, which includes computer 22 and multiple other computers.

[0177] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.

[0178] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.

[0179] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.

[0180] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.

[0181] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.

[0182] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.

[0183] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.

[0184] Furthermore, although the above-described examples were divided into four embodiments, some or all of these embodiments may be combined. Also, the smart device 14, smart glasses 214, headset terminal 314, and robot 414 are just examples, and they may be combined, or other devices may be used. Also, although the above-described examples were divided into two embodiments, Embodiment 1 and Embodiment 2, these may be combined.

[0185] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and other things that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.

[0186] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.

[0187] (Note 1) The proposal department proposes the most suitable countermeasures according to the type and circumstances of security incidents, A guidance department guides stakeholders through specific procedures based on the countermeasures proposed by the aforementioned proposal department. The learning unit learns from past incident data to provide future threat predictions and improvement measures for response, A notification unit that notifies the user when an incident occurs, It comprises an identification unit that identifies the scope of impact of an incident. A system characterized by the following features. (Note 2) The aforementioned notification unit, Users will be immediately notified when an incident occurs. The system described in Appendix 1, characterized by the features described herein. (Note 3) The specified part is, Identify the scope of the incident's impact. The system described in Appendix 1, characterized by the features described herein. (Note 4) The aforementioned proposal section is, If a phishing attack is detected, we will propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. The system described in Appendix 1, characterized by the features described herein. (Note 5) The aforementioned guide section is Guide stakeholders through the specific steps based on the proposed countermeasures. The system described in Appendix 1, characterized by the features described herein. (Note 6) The aforementioned learning unit, It learns from past incident data to provide future threat predictions and improved response strategies. The system described in Appendix 1, characterized by the features described herein. (Note 7) The aforementioned proposal section is, It estimates the user's emotions and adjusts the way suggestions are presented based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 8) The aforementioned proposal section is, We propose different countermeasures depending on the type of incident. The system described in Appendix 1, characterized by the features described herein. (Note 9) The aforementioned proposal section is, Prioritize countermeasures based on the frequency of incident occurrences. The system described in Appendix 1, characterized by the features described herein. (Note 10) The aforementioned proposal section is, It estimates the user's emotions and adjusts the level of detail of suggestions based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 11) The aforementioned proposal section is, Prioritize response measures based on the scope of the incident's impact. The system described in Appendix 1, characterized by the features described herein. (Note 12) The aforementioned proposal section is, Customize response measures based on the location where the incident occurred. The system described in Appendix 1, characterized by the features described herein. (Note 13) The aforementioned guide section is The system estimates the user's emotions and adjusts the way the guide is presented based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 14) The aforementioned guide section is Provide different procedures depending on the roles of the stakeholders. The system described in Appendix 1, characterized by the features described herein. (Note 15) The aforementioned guide section is The procedure will be updated in real time according to the progress of the incident. The system described in Appendix 1, characterized by the features described herein. (Note 16) The aforementioned guide section is It estimates the user's emotions and adjusts the level of detail in the guide based on those emotions. The system described in Appendix 1, characterized by the features described herein. (Note 17) The aforementioned guide section is Customize the procedures according to the skill level of the participants. The system described in Appendix 1, characterized by the features described herein. (Note 18) The aforementioned guide section is Adjust procedures based on the scope of the incident's impact. The system described in Appendix 1, characterized by the features described herein. (Note 19) The aforementioned learning unit, The system estimates the user's emotions and selects training data based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 20) The aforementioned learning unit, Optimize the learning algorithm by referring to past incident data. The system described in Appendix 1, characterized by the features described herein. (Note 21) The aforementioned learning unit, Apply different learning methods depending on the type of incident. The system described in Appendix 1, characterized by the features described herein. (Note 22) The aforementioned learning unit, It estimates the user's emotions and adjusts the learning frequency based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 23) The aforementioned learning unit, Customize training data based on the location where the incident occurred. The system described in Appendix 1, characterized by the features described herein. (Note 24) The aforementioned learning unit, Weight the training data based on the scope of the incident's impact. The system described in Appendix 1, characterized by the features described herein. (Note 25) The aforementioned notification unit, It estimates the user's emotions and adjusts the way notifications are presented based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 26) The aforementioned notification unit, Select different notification methods depending on the type of incident. The system described in Appendix 1, characterized by the features described herein. (Note 27) The aforementioned notification unit, It estimates the user's emotions and adjusts the timing of notifications based on those emotions. The system described in Appendix 1, characterized by the features described herein. (Note 28) The aforementioned notification unit, Prioritize notifications based on the scope of the incident's impact. The system described in Appendix 1, characterized by the features described herein. (Note 29) The specified part is, We estimate user sentiment and adjust the method of identifying the scope of impact based on the estimated user sentiment. The system described in Appendix 1, characterized by the features described herein. (Note 30) The specified part is, Apply different specific methods depending on the type of incident. The system described in Appendix 1, characterized by the features described herein. (Note 31) The specified part is, It estimates user sentiment and determines specific priorities for the scope of impact based on the estimated user sentiment. The system described in Appendix 1, characterized by the features described herein. (Note 32) The specified part is, Customize the scope of impact based on the location where the incident occurred. The system described in Appendix 1, characterized by the features described herein. [Explanation of symbols]

[0188] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots

Claims

1. The proposal department proposes the most suitable countermeasures according to the type and circumstances of security incidents, A guidance department guides stakeholders through specific procedures based on the countermeasures proposed by the aforementioned proposal department. The learning unit learns from past incident data to provide future threat predictions and improvement measures for response, A notification unit that notifies the user when an incident occurs, It comprises an identification unit that identifies the scope of impact of an incident. A system characterized by the following features.

2. The aforementioned notification unit, Users will be immediately notified when an incident occurs. The system according to feature 1.

3. The specified part is, Identify the scope of the incident's impact. The system according to feature 1.

4. The aforementioned proposal section is, If a phishing attack is detected, we will propose countermeasures such as user notification, identification of the scope of impact, and temporary suspension of related accounts. The system according to feature 1.

5. The aforementioned guide section is Guide stakeholders through the specific steps based on the proposed countermeasures. The system according to feature 1.

6. The aforementioned learning unit, It learns from past incident data to provide future threat predictions and improved response strategies. The system according to feature 1.

7. The aforementioned proposal section is, It estimates the user's emotions and adjusts the way suggestions are presented based on those estimated emotions. The system according to feature 1.

8. The aforementioned proposal section is, We propose different countermeasures depending on the type of incident. The system according to feature 1.