JP2023159601A - Information processing device, information processing method, and information processing program - Google Patents

Abstract

To further improve the efficiency of authentication.SOLUTION: An information processing device according to the present application includes: a reception part which receives the change in an authentication method from a user; and a provision part which provides the user with the incentive corresponding to the effect or benefit generated by the change in the authentication method. Further, the information processing device according to the present application further includes an estimation part which estimates, in advance, the effect or profit generated by the change in the authentication method, and the provision part presents the user with the incentive according to the estimated effect or profit in advance, and proposes the change in the authentication method to the user.SELECTED DRAWING: Figure 2

Description

The present invention relates to an information processing device, an information processing method, and an information processing program.

2. Description of the Related Art A technology related to FIDO (Fast Identity Online) authentication using an authenticator has been disclosed (see Patent Document 1).

Japanese Patent Application Publication No. 2020-141331

However, with the above-mentioned conventional technology, there is still room for improvement regarding FIDO authentication, including identity verification at the time of authentication.

The present application has been made in view of the above, and aims to further improve the efficiency of authentication.

The information processing device according to the present application is characterized by comprising a receiving unit that receives a change in authentication method from a user, and a providing unit that provides the user with an incentive according to the effect or profit caused by the change in the authentication method. do.

According to one aspect of the embodiment, the efficiency of authentication can be further improved.

FIG. 1 is an explanatory diagram showing an overview of an information processing method according to an embodiment. FIG. 2 is an explanatory diagram showing an overview of incentive payment for security migration. FIG. 3 is an explanatory diagram showing an overview of preliminary collection of authentication information. FIG. 4 is a diagram illustrating a configuration example of an information processing system according to an embodiment. FIG. 5 is a diagram illustrating a configuration example of a terminal device according to an embodiment. FIG. 6 is a diagram illustrating a configuration example of a server device according to an embodiment. FIG. 7 is a diagram showing an example of a user information database. FIG. 8 is a diagram showing an example of a history information database. FIG. 9 is a diagram showing an example of the authentication setting database. FIG. 10 is a flowchart showing the processing procedure according to the embodiment. FIG. 11 is a diagram showing an example of the hardware configuration.

DESCRIPTION OF THE PREFERRED EMBODIMENTS An information processing apparatus, an information processing method, and an information processing program according to the present application (hereinafter referred to as "embodiments") will be described in detail below with reference to the drawings. Note that the information processing apparatus, information processing method, and information processing program according to the present application are not limited to this embodiment. In addition, in the following embodiments, the same parts are given the same reference numerals, and redundant explanations will be omitted.

[1. Overview of information processing method]
First, with reference to FIG. 1, an overview of an information processing method performed by an information processing apparatus according to an embodiment will be described. FIG. 1 is an explanatory diagram showing an overview of an information processing method according to an embodiment. Note that, in FIG. 1, an example will be described in which the efficiency of authentication is further improved.

As shown in FIG. 1, the information processing system 1 includes a terminal device 10 and a server device 100. The terminal device 10 and the server device 100 are connected to be able to communicate with each other by wire or wirelessly via a network N (see FIG. 4). In this embodiment, the terminal device 10 cooperates with the server device 100.

The terminal device 10 is a smart device such as a smartphone or a tablet terminal used by a user U (user), and is connected to an arbitrary server device via a wireless communication network such as 4G (Generation) or LTE (Long Term Evolution). This is a mobile terminal device that can communicate. Further, the terminal device 10 has a screen such as a liquid crystal display, which has a touch panel function, and displays data such as content through a tap operation, a slide operation, a scroll operation, etc. from the user U using a finger or a stylus. Accepts various operations on. Note that an operation performed on an area of the screen where content is displayed may be an operation on the content. Further, the terminal device 10 may be not only a smart device but also an information processing device such as a desktop PC (Personal Computer) or a notebook PC.

In this embodiment, the terminal device 10 functions as a FIDO client in FIDO authentication (Fast Identity Online). The FIDO client performs user authentication in cooperation with an authenticator. Note that the authenticator may be installed in the same device as the FIDO client (built-in authenticator), or may be installed in a device physically different from the FIDO client (external authenticator).

For example, FIDO authentication uses authentication methods that use memories or possessions such as PIN (Personal Identification Number), USB (Universal Serial Bus) security keys, and smart cards, as well as biometric information such as fingerprints, face, iris, veins, and voice prints. It is possible to implement an authentication method using behavioral information. The authentication method is not limited to these, and any method can be introduced. It is also possible to combine multiple authentication methods to achieve multimodal biometric authentication and multifactor authentication.

Hereinafter, in order to simplify the explanation, the terminal device 10 will be described as both a FIDO client and an authenticator without distinguishing between a FIDO client and an authenticator. That is, a case where the authenticator is an internal authenticator will be explained as an example. Note that, in reality, the authenticator may be an external authenticator that is physically independent from the terminal device 10 and can cooperate with the terminal device 10.

It is also possible to implement a web authentication API (Application Programming Interface) that calls an authenticator from the web content displayed on the FIDO client's web browser and enables FIDO authentication through interaction with the authentication server. I will omit the explanation of the form.

The server device 100 is an information processing device that functions as an authentication server (FIDO server) in FIDO authentication, and is realized by a computer, a cloud system, or the like. The authentication server corresponds to an RP (Relying Party)/IdP (Identity Provider). FIDO authentication is resistant to phishing because "secrets" such as passwords and biometric information are not shared between the authenticator and the authentication server.

As shown in FIG. 1, in FIDO authentication, upon receiving an authentication request from a user, the authentication server sends a challenge to the authenticator on the user side. The challenge is a random character string that is valid only once, and is a data string that is different each time based on random numbers. The user performs user verification using an authenticator and verifies his/her identity locally. Then, the authenticator signs the verification result with a private key and sends it to the authentication server as a signed verification result (signed response). Upon receiving the signed verification result, the authentication server verifies the signature using a public key.

In this way, in FIDO authentication, the authentication server uses a public key to realize authentication by confirming that the user's authenticator has an appropriate private key. The authenticator and authentication server do not share a "private key".

The server device 100 also functions as a cooperative RP/SP (Service Provider) that provides identity services through ID cooperation (federation) with an RP/IdP that supports FIDO authentication. When FIDO authentication and ID federation are combined, the authentication context is propagated from the authenticator to the cooperating RP/SP via the RP/IdP.

Hereinafter, in order to simplify the explanation, the server device 100 will be described as both an RP/IdP and a cooperative RP/SP without distinguishing between RP/IdP and cooperative RP/SP. Note that, in reality, the server device 100 as the RP/IdP and the server device 100 as the cooperative RP/SP may be physically independent and different server devices 100.

For example, the server device 100 cooperates with the terminal device 10 of each user U, and provides API (Application Programming Interface) services for various applications (hereinafter referred to as applications) to the terminal device 10 of each user U. Various data may be provided.

Further, the server device 100 may be an information processing device that provides some kind of web service online to the terminal device 10 of each user U. For example, the server device 100 provides web services such as Internet connection, search service, SNS (Social Networking Service), electronic commerce (EC), electronic payment, online games, online banking, online trading, accommodation/ticket reservation, Services such as video/music distribution, news, maps, route searches, route guidance, route information, operation information, weather forecasts, etc. may be provided. In reality, the server device 100 may cooperate with various servers that provide the above-mentioned Web services, mediate the Web services, or may be in charge of processing the Web services.

Note that the server device 100 can acquire user information regarding the user U. For example, the server device 100 acquires information regarding user U's attributes such as user U's gender, age, and residential area. The server device 100 stores and manages identification information indicating the user U (user ID, etc.) as well as information regarding attributes of the user U.

Further, the server device 100 acquires various kinds of history information (log data) indicating the actions of the user U from the terminal device 10 of the user U or from various servers based on the user ID or the like. For example, the server device 100 acquires a location history, which is a history of user U's location, date and time, from the terminal device 10. The server device 100 also acquires a search history, which is a history of search queries input by the user U, from a search server (search engine). Additionally, the server device 100 acquires a viewing history, which is a history of content viewed by the user U, from the content server. The server device 100 also acquires a purchase history (payment history) that is a history of product purchases and payment processing by the user U from the electronic commerce server and the payment processing server. Further, the server device 100 may acquire the listing history and the sales history, which are the listing history of the user U on the marketplace, from the electronic commerce server or the payment processing server. The server device 100 also acquires a posting history, which is a history of postings by the user U, from a posting server or SNS server that provides a word-of-mouth posting service. Note that the various servers described above may be the server device 100 itself. That is, the server device 100 may function as the various servers described above.

[1-1. Guidance to FIDO authentication]
An overview of incentive payment for security migration (migration: migration to a new environment) will be explained with reference to FIG. 2. FIG. 2 is an explanatory diagram showing an overview of incentive payment for security migration. Note that, in reality, it is not limited to migration, but may also be conversion (conversion or replacement of the system).

Authentication is an act in which a service provider (operator) confirms the authenticity of a user, and the user desires to use a service through authentication. At this time, performing authentication is also in the user's interest, and the user's benefit is an opportunity to actively introduce strong authentication such as FIDO authentication, but the service provider receives The benefits (improved overall system security) could potentially be distributed to users.

[1-1-1. Mechanism for paying incentives]
(1) Visualizing the effect of changing the authentication method The server device 100, which is an authentication server, estimates the benefit of changing to a predetermined authentication method with respect to authentication, and uses the network N (see FIG. 4) to Profit information based on the profit estimation is presented to the terminal device 10.

At this time, the server device 100 calculates the cost for time based on the hourly wage, minimum wage, etc. of the user U, and presents profit information based on the calculation result. For example, the server device 100 sends a message to the terminal device 10 of user U saying, ``If you use FIDO authentication, the authentication time will be reduced by ○ seconds.The customer will have opportunities to authenticate △ times this year, and the effect of time reduction will be (Equivalent to XX yen in total/per session).'' Profit information is presented.

(2) Payment of incentives for effects The server device 100 pays the user U for the time required for registration. Alternatively, the server device 100 charges the user U a fixed amount (such as 500 yen) minus the time required for registration as compensation for providing the service. Alternatively, the server device 100 pays the amount of time that would have otherwise been required if the PW was entered using password (PW) authentication for each purchase made using FIDO authentication in electronic commerce or the like.

[1-1-2. System overview〕
For example, as shown in FIG. 2, the server device 100, which is an authentication server, sends information to the terminal device 10, which serves as an authenticator, in advance via the network N (see FIG. 4) about the time required for authentication (hereinafter referred to as authentication time) is distributed (step S1).

Subsequently, the server device 100 presents the expected effects of changing the authentication method to the terminal device 10 via the network N (see FIG. 4) (step S2). Note that changing the authentication method includes adding an authentication method and making new settings. At this time, the server device 100 collects observation results from an unspecified number of terminal devices 10 using an observation script of authentication time for each user and each authentication method, and changes the authentication method based on the collected observation results. Expected effects may be determined and presented.

Subsequently, the terminal device 10, which is an authenticator, receives an authentication operation from the user U (step S3). At this time, the terminal device 10 may receive an instruction to change the authentication method, an authentication operation using the changed authentication method, etc. from the user U who has been presented with the expected effect.

Subsequently, the terminal device 10 generates a transaction (TX) according to the authentication operation from the user U with the server device 100 via the network N (see FIG. 4) (step S4). . Note that this transaction occurs not only for transactions but also for authentication-related occasions such as registration. At this time, the terminal device 10 provides metrics to the server device 100. In this embodiment, the terminal device 10 provides observation results based on an observation script of the authentication time after changing the authentication method.

Subsequently, the server device 100 pays an incentive (remuneration, reward) to the terminal device 10 via the network N (see FIG. 4) for the actual effect (step S5). The server device 100, which is an authentication server, has an authentication incentive calculation function that calculates incentives for effects. At this time, the server device 100 may determine the effect that actually occurred from the observation results of the authentication time after the change of the authentication method using the observation script, and may pay an incentive for the effect.

For example, if the authentication method before change is password authentication, the authentication method after change is FIDO authentication.

The server device 100 determines the amount of reduction in time required for authentication as an effect of changing the authentication method. For example, the server device 100 determines how much the saved time will be converted into monetary amounts. At this time, the server device 100 may estimate it based on the user's past authentication frequency.

Furthermore, the server device 100 may pay incentives not only at the time of authentication but also at the time of registration. For example, the server device 100 may pay an incentive when registering multiple authenticators for the purpose of backup or account recovery.

Further, the server device 100 may provide points, coupons, etc. for the time saved by FIDO for each purchase in e-commerce etc. that have undergone the changed authentication method, or may provide points, coupons, etc. according to the purchase amount. You may also provide benefits.

Further, the server device 100 may calculate the difference between the time required by the user for the original authentication and the time estimated to be required when changing to FIDO authentication. That is, the server device 100 may calculate the difference between the time required by the user for the original authentication and the time estimated to be required for the changed authentication.

In addition, the server device 100 estimates the amount required for the changed authentication depending on the "number of authentications" in multi-step authentication, multi-factor authentication, etc., and the "type of authentication" such as SNS authentication, password authentication, etc. You can ask for time.

The server device 100 may also estimate the benefit to the service provider (operator) due to the user changing to FIDO authentication, and determine the benefit to the user according to the benefit to the service provider. good.

Note that the server device 100 may convert the profit on the service provider side into labor hours or costs. For example, the server device 100 estimates the benefits of reducing communication costs on the service provider side, reducing the power or number of servers, reducing management costs, reducing the number of password servers (password servers are no longer needed), etc., and provides the service. The benefit to the user may be determined according to the benefit of the provider.

Additionally, the server device 100 may redistribute the overall profit. For example, the server device 100 may estimate the benefit from improvement of conversion rate (CVR), countermeasures against hijacking, etc., and determine the benefit to the user according to the benefit to the service provider. .

Further, the server device 100 may hold a prize using profits for users. For example, the server device 100 may allow the first user to win a sweepstakes to take all of the benefits to an unspecified number of users according to the service provider's benefits, or the server device 100 may make it possible for the first user to win a sweepstakes to take all the benefits to an unspecified number of users according to the service provider's benefits, or it may ) may be allocated. Alternatively, the server device 100 may divide the numbers on a first-come, first-served basis (an upper limit may be set for each user).

In addition, the server device 100 provides incentives according to the performance of the authentication performed by encouraging or guiding the user to perform authentication using a specific authenticator for the purpose of promotion or security. You may.

[1-2. Pre-collection of authentication information〕
An overview of preliminary collection of authentication information will be described with reference to FIG. 3. FIG. 3 is an explanatory diagram showing an overview of preliminary collection of authentication information.

Currently, the authentication and consent processes are often separated, as a challenge to authentication activities. For example, if you want to consent to the purchase of a product, you may be asked to authenticate first and then consent again. Therefore, in this embodiment, an authentication factor is embedded in the consent process as user verification in FIDO authentication.

For example, the terminal device 10 as an authenticator performs fingerprint authentication by reading the user's fingerprint during a scrolling operation to read the terms and conditions for which consent is requested. At this time, the terminal device 10 may read the user's fingerprint when scrolling to a specific part or the end (end of sentence) of the agreement. Further, the terminal device 10 may perform vein authentication using the user's finger or hand vein instead of fingerprint authentication.

Furthermore, since the user looks at the screen to read the terms and conditions for which consent is requested, the terminal device 10 performs facial authentication by reading the user's face at that time. Furthermore, the terminal device 10 may perform iris authentication by reading the user's eyes.

Further, the terminal device 10 performs gesture authentication by reading the characteristics of the movement of the user's fingers, face, eyes, etc. when reading the terms and conditions for which consent is requested. For example, the terminal device 10 may perform gesture authentication by reading characteristics such as a user's flick operation.

Further, the terminal device 10 performs voice authentication (voiceprint authentication) by picking up the voice when reading out the regulations or predetermined keywords for which agreement is requested. At this time, the terminal device 10 may request the user to read out the rules or a predetermined keyword.

In this embodiment, "agreement to terms" and "user authentication" can be performed simultaneously. Furthermore, in this embodiment, the act of consent by the user itself serves as user authentication. By making the act of agreeing to the terms and conditions itself a form of authentication, it is also possible to prevent subsequent denials of actions such as purchases (such as the user claiming that he or she did not purchase the product). . Alternatively, instead of requiring consent for each agreement, the user may be automatically authenticated while reading each agreement, and the user may be deemed to have consented if the user continues with the process. .

Furthermore, according to the present embodiment, it is possible to simultaneously confirm that "the user has read the rules" and "the user's identity." This also prevents the user from pressing the agree button and proceeding without reading the terms and conditions (just opening them).

Note that, in reality, this is not limited to when reading the terms and conditions. For example, the terminal device 10 may perform authentication by reading biometric information of the user while the user is using an authenticator or registering user information. Further, the terminal device 10 may read the user's biometric information and perform authentication at the same time when the user performs predetermined operations such as searching, browsing, and purchasing.

Furthermore, in the present embodiment, the terminal device 10 collects information for authenticating the actual act in the preliminary act leading up to the actual act. At this time, the terminal device 10 may request the user to perform a preliminary action to collect information used for main authentication.

[1-2-1. System overview〕
For example, as shown in FIG. 3, the terminal device 10, which is an authenticator, receives an operation (user operation) from the user U (step S11). The user operation in step S11 may be the authentication operation in step S3 shown in FIG.

Subsequently, the terminal device 10 serving as an authenticator or the sensor device 200 such as an external device senses the operation related to the operation while the user U performs the authentication operation (step S12). In this embodiment, as described above, the terminal device 10 or the sensor device 200 senses the motion of the user U while the user U is reading the terms and conditions to which the user U is required to consent, and Get information.

The sensor device 200 is, for example, a camera, a microphone, or the like. Sensor device 200 may be a wireless device or a smart device. Further, the sensor device 200 may be another user's terminal device 10. Further, the sensor device 200 may be installed in a facility used by the user U, such as a store or a railway station, or in a vehicle such as a vehicle, a ship, or an aircraft. The sensor device 200 provides sensing results to the terminal device 10, which is an authenticator.

Subsequently, the terminal device 10, which is an authenticator, performs biometric authentication based on the biometric information acquired from the user U (step S13).

Subsequently, the terminal device 10, which is an authenticator, transmits the authentication context to the server device 100, which is an authentication server, via the network N (see FIG. 4) (step S14). The authentication context indicates a user authentication method at an IdP (Identity Provider).

Next, the server device 100, which is an authentication server, has an authentication consent determination function, and determines that the user U has been successfully authenticated and that the user U has agreed to the terms according to the authentication context. (Step S15). For example, when the server device 100 receives a signed verification result signed with a private key from an authenticator, it verifies the signature with a public key, and if the signature verification is successful, determines that the user U has been successfully authenticated.

According to this embodiment, by embedding an authentication factor in the consent process, authentication can be performed simultaneously with the process of agreeing to the terms and conditions. This can be expected to improve the user's convenience and reduce the burden of authentication. It also leads to a reduction in the time required for consent and authentication.

[2. Configuration example of information processing system]
Next, the configuration of the information processing system 1 including the server device 100 according to the embodiment will be described using FIG. 4. FIG. 4 is a diagram illustrating a configuration example of the information processing system 1 according to the embodiment. As shown in FIG. 4, the information processing system 1 according to the embodiment includes a terminal device 10 and a server device 100. These various devices are connected via a network N so that they can communicate by wire or wirelessly. The network N is, for example, a LAN (Local Area Network) or a WAN (Wide Area Network) such as the Internet.

Furthermore, the number of devices included in the information processing system 1 shown in FIG. 4 is not limited to what is illustrated. For example, in FIG. 4, only one terminal device 10 is shown for simplification of illustration, but this is just an example and is not limited, and there may be two or more terminal devices.

The terminal device 10 is an information processing device used by the user U. For example, the terminal device 10 may be a smart device such as a smartphone or a tablet terminal, a feature phone, a PC (Personal Computer), a PDA (Personal Digital Assistant), a game console or AV device with a communication function, a car navigation system, a smart watch, or the like. These include wearable devices such as head-mounted displays, smart glasses, etc. Further, the terminal device 10 may be a house/building, a car, a home appliance, an electronic device, etc. compatible with IOT (Internet of Things).

The terminal device 10 also supports wireless communication networks such as LTE (Long Term Evolution), 4G (4th Generation), and 5G (5th Generation), Bluetooth (registered trademark), and wireless LAN (Local The server device 100 can be connected to the network N via short-range wireless communication such as an area network) and can communicate with the server device 100.

The server device 100 is, for example, a computer such as a PC or a blade server, or a mainframe or a workstation. Note that the server device 100 may be realized by cloud computing.

[3. Configuration example of terminal device]
Next, the configuration of the terminal device 10 will be explained using FIG. 5. FIG. 5 is a diagram showing a configuration example of the terminal device 10. As shown in FIG. As shown in FIG. 5, the terminal device 10 includes a communication section 11, a display section 12, an input section 13, a positioning section 14, a sensor section 20, a control section 30 (controller), and a storage section 40. Be prepared.

(Communication Department 11)
The communication unit 11 is connected to a network N (see FIG. 4) by wire or wirelessly, and transmits and receives information to and from the server device 100 via the network N. For example, the communication unit 11 is realized by a NIC (Network Interface Card), an antenna, or the like.

(Display section 12)
The display unit 12 is a display device that displays various information such as position information. For example, the display unit 12 is a liquid crystal display (LCD) or an organic electro-luminescent display (EL display). Further, the display unit 12 is a touch panel type display, but is not limited to this.

(Input section 13)
The input unit 13 is an input device that receives various operations from the user U. For example, the input unit 13 includes buttons for inputting characters, numbers, and the like. Note that the input unit 13 may be an input/output port (I/O port), a USB (Universal Serial Bus) port, or the like. Further, when the display section 12 is a touch panel display, a part of the display section 12 functions as the input section 13. Further, the input unit 13 may be a microphone or the like that receives voice input from the user U. The microphone may be wireless.

(Positioning unit 14)
The positioning unit 14 receives a signal (radio wave) sent from a GPS (Global Positioning System) satellite, and based on the received signal, determines position information (for example, latitude and longitude). That is, the positioning unit 14 positions the terminal device 10 . Note that GPS is just one example of GNSS (Global Navigation Satellite System).

Further, the positioning unit 14 can measure the position using various methods other than GPS. For example, the positioning unit 14 may use various communication functions of the terminal device 10 to measure the position as an auxiliary positioning means for position correction and the like, as described below.

(Wi-Fi positioning)
For example, the positioning unit 14 positions the terminal device 10 using the Wi-Fi (registered trademark) communication function of the terminal device 10 or the communication network provided by each communication company. Specifically, the positioning unit 14 performs Wi-Fi communication, etc., and determines the position of the terminal device 10 by measuring the distance to nearby base stations and access points.

(Beacon positioning)
Further, the positioning unit 14 may use the Bluetooth (registered trademark) function of the terminal device 10 to measure the position. For example, the positioning unit 14 measures the position of the terminal device 10 by connecting to a beacon transmitter connected by a Bluetooth (registered trademark) function.

(geomagnetic positioning)
Furthermore, the positioning unit 14 positions the terminal device 10 based on the geomagnetic pattern of the structure measured in advance and the geomagnetic sensor included in the terminal device 10 .

(RFID positioning)
Further, for example, if the terminal device 10 has an RFID (Radio Frequency Identification) tag function equivalent to a contactless IC card used at station ticket gates, stores, etc., or has a function to read an RFID tag. In this case, the location where the terminal device 10 used the terminal device 10 is recorded together with the information that the payment was made. The positioning unit 14 may measure the position of the terminal device 10 by acquiring such information. Further, the position may be determined by an optical sensor, an infrared sensor, or the like provided in the terminal device 10.

The positioning unit 14 may position the terminal device 10 using one or a combination of the above-mentioned positioning means, if necessary.

(sensor section 20)
The sensor unit 20 includes various sensors mounted on or connected to the terminal device 10. Note that the connection may be a wired connection or a wireless connection. For example, the sensors may be a detection device other than the terminal device 10, such as a wearable device or a wireless device. In the example shown in FIG. 5, the sensor unit 20 includes an acceleration sensor 21, a gyro sensor 22, an atmospheric pressure sensor 23, an air temperature sensor 24, a sound sensor 25, an optical sensor 26, a magnetic sensor 27, and an image sensor ( camera) 28.

Note that each of the sensors 21 to 28 described above is merely an example and is not limited to the above. That is, the sensor section 20 may be configured to include a portion of each of the sensors 21 to 28, or may include other sensors such as a humidity sensor in addition to or instead of each of the sensors 21 to 28. .

The acceleration sensor 21 is, for example, a three-axis acceleration sensor, and detects the physical movement of the terminal device 10, such as the moving direction, speed, and acceleration of the terminal device 10. The gyro sensor 22 detects physical movements of the terminal device 10 such as tilt in three axes directions based on the angular velocity of the terminal device 10 and the like. The atmospheric pressure sensor 23 detects the atmospheric pressure around the terminal device 10, for example.

Since the terminal device 10 is equipped with the above-mentioned acceleration sensor 21, gyro sensor 22, atmospheric pressure sensor 23, etc., it is possible to implement technologies such as pedestrian autonomous navigation (PDR) using these sensors 21 to 23, etc. It becomes possible to measure the position of the terminal device 10 using the . This makes it possible to obtain indoor position information that is difficult to obtain using positioning systems such as GPS.

For example, a pedometer using the acceleration sensor 21 can calculate the number of steps, walking speed, and distance walked. Furthermore, by using the gyro sensor 22, it is possible to know the direction of travel of the user U, the direction of the line of sight, and the inclination of the user's body. Further, from the atmospheric pressure detected by the atmospheric pressure sensor 23, it is also possible to know the altitude and the number of floors where the terminal device 10 of the user U is located.

The temperature sensor 24 detects, for example, the temperature around the terminal device 10. The sound sensor 25 detects, for example, sounds around the terminal device 10. The optical sensor 26 detects the illuminance around the terminal device 10 . The magnetic sensor 27 detects, for example, the earth's magnetism around the terminal device 10. The image sensor 28 captures an image of the surroundings of the terminal device 10.

The above-mentioned atmospheric pressure sensor 23, temperature sensor 24, sound sensor 25, optical sensor 26, and image sensor 28 each detect atmospheric pressure, temperature, sound, and illuminance, and capture images of the surroundings, so that the terminal device 10 It is possible to detect the surrounding environment and situation. Furthermore, it is possible to improve the accuracy of the location information of the terminal device 10 based on the environment and situation around the terminal device 10.

(Control unit 30)
The control unit 30 includes, for example, a microcomputer having a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM, an input/output port, etc., and various circuits. Further, the control unit 30 may be configured with hardware such as an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array). The control section 30 includes a transmitting section 31 , a receiving section 32 , a processing section 33 , a receiving section 34 , an acquiring section 35 , and an authentication processing section 36 .

(Transmission unit 31)
The transmitting unit 31 receives, for example, various information input by the user U using the input unit 13, various information detected by the sensors 21 to 28 mounted on or connected to the terminal device 10, and information measured by the positioning unit 14. The location information of the terminal device 10 and the like can be transmitted to the server device 100 via the communication unit 11.

(Receiving unit 32)
The receiving unit 32 can receive various information provided from the server device 100 and requests for various information from the server device 100 via the communication unit 11 .

(Processing unit 33)
The processing unit 33 controls the entire terminal device 10, including the display unit 12 and the like. For example, the processing unit 33 can output various information transmitted by the transmitting unit 31 and various information received from the server device 100 by the receiving unit 32 to the display unit 12 for display.

Note that the receiving section 34, the acquiring section 35, and the authentication processing section 36, which will be described later, may be part of the processing section 33. Further, the processing unit 33 may function as a reception unit 34, an acquisition unit 35, and an authentication processing unit 36 described below by starting an application or executing a program.

(Reception Department 34)
The receiving unit 34 receives a user's operation via the input unit 13. For example, the reception unit 34 accepts a user's operation when the user views or selects content displayed on the display unit 12.

(Acquisition unit 35)
The acquisition unit 35 acquires the user's biometric information while the user is performing operations other than authentication. For example, the acquisition unit 35 acquires the user's biometric information via the input unit 13 and the sensor unit 20 while the user is performing an operation.

In this embodiment, the acquisition unit 35 acquires the user's biometric information during the process of requesting consent from the user. For example, the acquisition unit 35 reads the user's fingerprint when performing a scroll operation to read the terms and conditions for which consent is requested. Alternatively, the acquisition unit 35 reads the veins of the user's fingers or hands during a scroll operation to read the terms and conditions for which agreement is requested.

Further, the acquisition unit 35 reads the user's face when the user is looking at the screen to read the terms and conditions for which consent is requested. Alternatively, the acquisition unit 35 reads the user's iris while the user is looking at the screen to read the terms and conditions to which consent is requested.

The acquisition unit 35 also reads the characteristics of the user's movements when reading the terms and conditions for which agreement is requested. The acquisition unit 35 also picks up audio when the agreement or predetermined keyword for which consent is requested is read aloud.

At this time, the acquisition unit 35 may acquire the user's biometric information via an external device while the user is performing operations other than authentication.

(Authentication processing unit 36)
The authentication processing unit 36 performs biometric authentication based on the user's biometric information. For example, the authentication processing unit 36 performs biometric authentication based on the user's biometric information and confirms the user's identity in FIDO authentication.

The authentication processing unit 36 performs biometric authentication based on the user's biometric information at the same time as processing to request consent from the user. For example, the authentication processing unit 36 performs fingerprint authentication based on the user's fingerprint. Alternatively, the authentication processing unit 36 performs vein authentication based on the veins of the user's fingers or hands.

Further, the authentication processing unit 36 performs face authentication based on the user's face. Alternatively, the authentication processing unit 36 performs iris authentication based on the user's iris. Further, the authentication processing unit 36 performs gesture authentication based on the characteristics of the user's movements. Further, the authentication processing unit 36 performs voice authentication based on the user's voice.

Furthermore, the authentication processing unit 36 may consider the act of the user giving consent itself as one of the authentications.

(Storage unit 40)
The storage unit 40 is realized by, for example, a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as an HDD (Hard Disk Drive), an SSD (Solid State Drive), or an optical disk. Ru. The storage unit 40 stores various programs, various data, and the like.

[4. Configuration example of server device]
Next, the configuration of the server device 100 according to the embodiment will be described using FIG. 6. FIG. 6 is a diagram showing a configuration example of the server device 100 according to the embodiment. As shown in FIG. 6, the server device 100 includes a communication section 110, a storage section 120, and a control section 130.

(Communication Department 110)
The communication unit 110 is realized by, for example, a NIC (Network Interface Card). Further, the communication unit 110 is connected to the network N (see FIG. 4) by wire or wirelessly.

(Storage unit 120)
The storage unit 120 is realized by, for example, a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as an HDD, an SSD, or an optical disk. As shown in FIG. 6, the storage unit 120 includes a user information database 121, a history information database 122, and an authentication setting database 123.

(User information database 121)
The user information database 121 stores user information regarding the user U. For example, the user information database 121 stores various information such as user U's attributes. FIG. 7 is a diagram showing an example of the user information database 121. In the example shown in FIG. 7, the user information database 121 has items such as "user ID (identifier),""age,""gender,""home,""worklocation," and "interest."

“User ID” indicates identification information for identifying user U. Note that the "user ID" may be user U's contact information (telephone number, email address, etc.), or may be identification information for identifying user U's terminal device 10.

Moreover, "age" indicates the age of the user U identified by the user ID. Note that the "age" may be information indicating the specific age of the user U (for example, 35 years old, etc.), or may be information indicating the age of the user U (for example, 30s, etc.) . Alternatively, the "age" may be information indicating the date of birth of the user U, or may be information indicating the generation of the user U (for example, born in the 1980s). Furthermore, “gender” indicates the gender of the user U identified by the user ID.

Moreover, "home" indicates the location information of the home of the user U identified by the user ID. In the example shown in FIG. 7, "home" is illustrated as an abstract code such as "LC11", but it may also be latitude/longitude information or the like. Furthermore, for example, "home" may be a region name or address.

Moreover, "work place" indicates the location information of the work place (school in the case of a student) of the user U identified by the user ID. In the example shown in FIG. 7, the "work location" is illustrated as an abstract code such as "LC12," but it may also be latitude and longitude information. Further, for example, the "work location" may be a region name or address.

Moreover, "interest" indicates the interest of the user U identified by the user ID. That is, "interest" indicates an object in which the user U identified by the user ID has a high interest. For example, "interest" may be a search query (keyword) that the user U inputs into a search engine. In the example shown in FIG. 7, one "interest" is shown for each user U, but there may be a plurality of "interests".

For example, in the example shown in FIG. 7, the age of the user U identified by the user ID "U1" is "20s", and the gender is "male". Further, for example, the user U identified by the user ID "U1" indicates that his home is "LC11". Further, for example, the user U identified by the user ID "U1" indicates that the work location is "LC12". Further, for example, the user U identified by the user ID "U1" indicates that he is interested in "sports."

Here, in the example shown in FIG. 7, abstract values such as "U1", "LC11", and "LC12" are used for illustration, but "U1", "LC11", and "LC12" have specific values. It is assumed that information such as character strings and numerical values is stored. Below, abstract values may be illustrated in diagrams related to other information as well.

Note that the user information database 121 is not limited to the above, and may store various information depending on the purpose. For example, the user information database 121 may store various information regarding the terminal device 10 of the user U. In addition, the user information database 121 includes information such as demographic (demographic attributes), psychographic (psychological attributes), geographic (geographical attributes), behavioral (behavioral attributes), etc. of user U. Information regarding attributes may also be stored. For example, the user information database 121 includes name, family structure, place of birth (locality), occupation, position, income, qualifications, type of residence (single-family house, condominium, etc.), presence or absence of a car, commuting/commuting time, commuting/commuting. Memorizes information such as routes, commuter pass sections (stations, lines, etc.), frequently used stations (other than the stations closest to your home or work), lessons (location, time zone, etc.), hobbies, interests, lifestyle, etc. You can.

(History information database 122)
The history information database 122 stores various information related to history information (log data) indicating the actions of the user U. FIG. 8 is a diagram showing an example of the history information database 122. In the example shown in FIG. 8, the history information database 122 has items such as "user ID", "location history", "search history", "browsing history", "purchase history", and "posting history".

“User ID” indicates identification information for identifying user U. Further, “position history” indicates a position history that is a history of the user U's position and movement. Further, “search history” indicates a search history that is a history of search queries input by the user U. In addition, “browsing history” indicates a browsing history that is a history of contents that the user U has viewed. Moreover, "purchase history" indicates a purchase history that is a history of purchases by user U. Moreover, "posting history" indicates a posting history that is a history of postings by user U. Note that the "posting history" may include questions regarding user U's belongings.

For example, in the example shown in FIG. 8, user U identified by user ID "U1" moves as per "location history #1", searches as per "search history #1", and searches as per "view history #1". This indicates that the content is viewed according to "history #1", a predetermined product, etc. is purchased at a predetermined store etc. according to "purchase history #1", and the content is posted according to "post history #1".

Here, in the example shown in FIG. 8, abstracts such as "U1", "location history #1", "search history #1", "browsing history #1", "purchase history #1" and "posting history #1" are used. Although the figures are illustrated using ``U1'', ``Location history #1'', ``Search history #1'', ``Browsing history #1'', ``Purchase history #1'' and ``Posting history #1'', It is assumed that information such as specific character strings and numerical values is stored.

Note that the history information database 122 is not limited to the above, and may store various information depending on the purpose. For example, the history information database 122 may store the user U's usage history of a predetermined service. Further, the history information database 122 may store the user U's visit history to a physical store, visit history to a facility, or the like. Further, the history information database 122 may store the payment history of user U's payment using the terminal device 10 (electronic payment).

(Authentication setting database 123)
The authentication setting database 123 stores various information regarding user U's authentication. FIG. 9 is a diagram showing an example of the authentication setting database 123. In the example shown in FIG. 9, the authentication setting database 123 has items such as "user ID", "authentication method", "authentication context", "authentication success", "agreement to terms", and "incentive".

“User ID” indicates identification information for identifying user U. Moreover, the "authentication method" indicates the authentication method (authentication means) performed for the user U. For example, the authentication method is password authentication, SNS authentication, FIDO authentication, etc.

Further, "authentication context" indicates an authentication context in FIDO authentication. Moreover, "authentication success" indicates that the authentication of the user U was successful. Moreover, "agreeing to the terms" indicates that the user U has agreed to the terms. In this embodiment, the server device 100 confirms successful authentication and agreement to the rules by receiving the authentication context. Moreover, "incentive" indicates an incentive according to the effect or profit generated by changing the authentication method.

For example, in the example shown in FIG. 9, user U identified by user ID "U1" is set to be authenticated by "authentication method #1" and "authentication context #1" is sent from the authenticator. This confirms "authentication success" and "agreement to terms and conditions," indicating that "incentive #1" will be paid by changing the authentication method.

Here, in the example shown in FIG. 9, abstract values such as "U1", "authentication method #1", "authentication context #1", and "incentive #1" are used, but "U1", " It is assumed that information such as specific character strings and numerical values is stored in "Authentication method #1", "Authentication context #1", and "Incentive #1".

Note that the authentication setting database 123 is not limited to the above, and may store various information depending on the purpose. For example, the authentication setting database 123 may store information regarding the user's authenticator, such as identification information and public keys of the authenticator. The authentication setting database 123 may also store an observation script for the time required for authentication (hereinafter referred to as authentication time). The authentication setting database 123 may also store observation results based on an observation script of authentication time. Further, the authentication setting database 123 may store effects or benefits of changing the authentication method. Further, the authentication setting database 123 may separately store incentives estimated (predicted) in advance and incentives actually calculated.

(Control unit 130)
Returning to FIG. 6, the explanation will be continued. The control unit 130 is a controller, and controls the server device 100 using, for example, a CPU (Central Processing Unit), an MPU (Micro Processing Unit), an ASIC (Application Specific Integrated Circuit), or an FPGA (Field Programmable Gate Array). This is realized by executing various programs (corresponding to an example of an information processing program) stored in an internal storage device using a storage area such as a RAM as a work area. In the example shown in FIG. 6, the control unit 130 includes an acquisition unit 131, a reception unit 132, an estimation unit 133, a calculation unit 134, and a provision unit 135.

(Acquisition unit 131)
The acquisition unit 131 acquires a search query input by the user U. For example, when the user U inputs a search query into a search engine or the like and performs a keyword search, the acquisition unit 131 acquires the search query via the communication unit 110. That is, the acquisition unit 131 acquires, via the communication unit 110, a keyword input by the user U into a search window of a search engine, site, or application.

The acquisition unit 131 also acquires user information regarding the user U via the communication unit 110. For example, the acquisition unit 131 acquires identification information indicating the user U (user ID, etc.), location information of the user U, attribute information of the user U, etc. from the terminal device 10 of the user U. Further, the acquisition unit 131 may acquire identification information indicating the user U, attribute information of the user U, etc. at the time of user U's user registration. The acquisition unit 131 then registers the user information in the user information database 121 of the storage unit 120.

Further, the acquisition unit 131 acquires various types of history information (log data) indicating the behavior of the user U via the communication unit 110. For example, the acquisition unit 131 acquires various types of history information indicating the behavior of the user U from the terminal device 10 of the user U or from various servers based on the user ID or the like. The acquisition unit 131 then registers various types of history information in the history information database 122 of the storage unit 120.

Further, the acquisition unit 131 acquires the observation result of the authentication time observation script from the terminal device 10 of the user U via the communication unit 110.

(Reception Department 132)
The reception unit 132 receives a change in the authentication method from the user via the communication unit 110. In this embodiment, the reception unit 132 receives a change in the authentication method from the terminal device 10 of the user U via the communication unit 110. Note that the reception unit 132 may be integrated with the acquisition unit 131.

Further, upon receiving the authentication context from the terminal device 10 of the user U via the communication unit 110, the reception unit 132 determines that the authentication has been successful with the authenticator. For example, by accepting the authentication context from the terminal device 10 of the user U via the communication unit 110, the reception unit 132 can successfully authenticate the user U with the authenticator (user verification) and confirm agreement to the terms. Confirm what has been done. At this time, the receiving unit 132 may receive the signed verification result signed by the authenticator with the private key, and may verify the signature with the public key.

(Estimation unit 133)
The estimation unit 133 estimates in advance the effect or benefit caused by changing the authentication method. At this time, the estimating unit 133 may estimate in advance an incentive according to the effect or profit caused by changing the authentication method. For example, the estimating unit 133 estimates the cost for the time required for authentication based on the user's hourly wage or minimum wage as an effect or benefit caused by changing the authentication method. Furthermore, the estimating unit 133 estimates the time required for authentication after the change, as an effect or benefit caused by changing the authentication method, according to the number and type of authentication.

Furthermore, the estimating unit 133 estimates the benefit to the service provider by changing the authentication method as the effect or benefit caused by changing the authentication method. For example, the estimating unit 133 estimates benefits resulting from reductions in communication costs on the service provider side, power or number of servers, or management costs as effects or benefits caused by changing the authentication method. Furthermore, the estimating unit 133 estimates an improvement in the conversion rate or a benefit due to security measures as an effect or benefit caused by changing the authentication method.

Here, the estimating unit 133 may perform machine learning and construct a model (estimation model) for estimating (inferring) the effect or benefit caused by changing the authentication method. For example, the estimation unit 133 performs machine learning and constructs a model for estimating the difference in the time required for authentication before and after the change for user U from the difference in the time required for authentication before and after the change for an unspecified number of users. You may. Furthermore, the estimation unit 133 may perform machine learning and construct a model for estimating the time and cost required for authentication after the change from the time and cost required for authentication on the service provider side.

(Calculation unit 134)
The calculation unit 134 calculates the effect or profit actually caused by changing the authentication method. At this time, the calculation unit 134 may calculate an incentive according to the effect or profit actually caused by changing the authentication method. For example, the calculation unit 134 may collect the observation results of the authentication time for each user and each authentication method using an observation script, and calculate the expected effect of changing the authentication method based on the collected observation results. . Note that the calculation unit 134 may be integrated with the estimation unit 133.

(Providing unit 135)
The providing unit 135 provides the authentication time observation script to the terminal device 10 of the user U via the communication unit 110.

Further, the providing unit 135 provides the user U's terminal device 10 with an incentive corresponding to the effect or profit generated by changing the authentication method via the communication unit 110. Further, the providing unit 135 presents the user U's terminal device 10 with an incentive according to the estimated effect or profit in advance via the communication unit 110, and provides the user U's terminal device 10 with an authentication method. Suggest changes. At this time, the providing unit 135 visualizes the estimated effect or profit, presents it to the user U's terminal device 10, and proposes to the user U's terminal device 10 a change in the authentication method.

Further, the providing unit 135 provides the user U's terminal device 10 with an incentive according to the calculated effect or profit via the communication unit 110. At this time, the providing unit 135 may hold a prize using an incentive according to the calculated effect or profit, and provide the incentive to the terminal device 10 of the user U who wins the prize.

[5. Processing procedure]
Next, processing procedures performed by the terminal device 10 and the server device 100 according to the embodiment will be described using FIG. 10. FIG. 10 is a flowchart showing the processing procedure according to the embodiment. Note that the processing procedure shown below is repeatedly executed by the control unit 30 of the terminal device 10 and the control unit 130 of the server device 100.

For example, as shown in FIG. 10, the acquisition unit 131 of the server device 100, which is an authentication server, obtains authentication information for each user and each authentication method from an unspecified number of terminal devices 10 via the communication unit 110 in advance. Time observation results are collected (step S101).

Subsequently, the estimation unit 133 of the server device 100 estimates the expected effect of changing the authentication method based on the observation results of the authentication time for each user and each authentication method (step S102).

Next, the providing unit 135 of the server device 100 presents the estimated effect (the expected effect of changing the authentication method) to the terminal device 10 of the user U via the communication unit 110 (step S103).

Subsequently, while the user U is reading the terms and conditions that require consent to change the authentication method, the reception unit 34 of the terminal device 10 of the user U accepts the user's operation via the input unit 13. Upon reception, the acquisition unit 35 of the terminal device 10 acquires the biometric information of the user U via the input unit 13 and the sensor unit 20 (step S104).

For example, the acquisition unit 35 reads the user's fingerprint when performing a scroll operation to read the terms and conditions for which consent is requested. Alternatively, the acquisition unit 35 reads the veins of the user's fingers or hands during a scroll operation to read the terms and conditions for which agreement is requested. Further, the acquisition unit 35 reads the user's face when the user is looking at the screen to read the terms and conditions for which consent is requested. Alternatively, the acquisition unit 35 reads the user's iris while the user is looking at the screen to read the terms and conditions to which consent is requested. The acquisition unit 35 also reads the characteristics of the user's movements when reading the terms and conditions for which agreement is requested. The acquisition unit 35 also picks up audio when the agreement or predetermined keyword for which consent is requested is read aloud. At this time, the acquisition unit 35 may acquire the user's biometric information via an external device while the user is performing operations other than authentication.

Subsequently, the authentication processing unit 36 of the terminal device 10 performs biometric authentication based on the biometric information of the user U (step S105). At this time, the authentication processing unit 36 may perform multi-factor authentication or multi-step authentication.

Subsequently, the authentication processing unit 36 (or transmitting unit 31) of the terminal device 10 transmits the authentication context to the server device 100, which is an authentication server, via the communication unit 110 (step S106).

Subsequently, the reception unit 132 of the server device 100 receives the authentication context from the terminal device 10 of the user U via the communication unit 110, thereby successfully authenticating the user U with the authenticator and agreeing to the terms. It is confirmed that this has been performed (step S107). That is, the reception unit 132 determines that the user U has officially agreed to the change of the authentication method.

Subsequently, the calculation unit 134 of the server device 100 calculates the effect or profit actually caused by changing the authentication method (step S108). At this time, the calculation unit 134 may calculate an incentive according to the effect or profit actually caused by changing the authentication method.

Subsequently, the providing unit 135 of the server device 100 provides an incentive according to the calculated effect or profit to the terminal device 10 of the user U via the communication unit 110 (step S109). At this time, the providing unit 135 may hold a prize using an incentive according to the calculated effect or profit, and provide the incentive to the terminal device 10 of the user U who wins the prize.

[6. Modified example]
The terminal device 10 and server device 100 described above may be implemented in various different forms other than the above embodiments. Therefore, a modification of the embodiment will be described below.

In the above embodiment, part or all of the processing executed by the server device 100 may actually be executed by the terminal device 10. For example, the process may be completed stand-alone (by the terminal device 10 alone). In this case, it is assumed that the terminal device 10 has the functions of the server device 100 in the above embodiment. Further, in the embodiment described above, since the terminal device 10 cooperates with the server device 100, it appears to the user U that the terminal device 10 is also executing the processing of the server device 100. That is, from another point of view, it can be said that the terminal device 10 includes the server device 100.

Further, in the above embodiment, the server device 100 may perform multi-step authentication by combining FIDO authentication and other authentication. For example, the server device 100 may perform two-step authentication by combining FIDO authentication and password authentication. Alternatively, the server device 100 may perform two-step authentication by combining FIDO authentication and a secret question.

In the above embodiment, the server device 100 performs FIDO authentication by combining two or more of the three authentication elements: "knowledge information," "possession information," and "biometric information." It's okay. That is, the server device 100 may employ multi-factor authentication (MFA).

Furthermore, in the above embodiment, when collecting the observation results based on the authentication time observation script, the server device 100 may collect the observation results for each user attribute or segment. This is because the authentication time may vary depending on user attributes and segments.

Furthermore, in the above embodiment, when paying an incentive to a user for an effect, the server device 100 may change the content of the incentive for each user segment. For example, the server device 100 may change the content of the benefit as an incentive depending on the grade of the user who uses the service.

[7. effect〕
As described above, the information processing device (server device 100) according to the present application includes a reception unit 132 that accepts a change in authentication method from a user, and provides an incentive to the user according to the effect or profit resulting from the change in the authentication method. and a providing unit 135 for providing information.

Further, the information processing device according to the present application further includes an estimating unit 133 that estimates in advance the effect or benefit caused by changing the authentication method. The providing unit 135 presents the user with an incentive according to the estimated effect or profit in advance, and suggests changing the authentication method to the user.

The providing unit 135 visualizes the estimated effects or benefits and presents them to the user, and suggests changing the authentication method to the user.

The estimating unit 133 estimates the cost for the time required for authentication based on the user's hourly wage or minimum wage as an effect or benefit caused by changing the authentication method.

The estimating unit 133 estimates the time required for authentication after the change, as an effect or benefit caused by changing the authentication method, according to the number and type of authentication.

The estimating unit 133 estimates the benefit to the service provider of changing the authentication method as an effect or benefit resulting from changing the authentication method.

The estimating unit 133 estimates benefits resulting from reductions in communication costs on the service provider side, power or number of servers, or management costs as effects or benefits caused by changing the authentication method.

The estimating unit 133 estimates an improvement in the conversion rate or a benefit due to security measures as an effect or benefit caused by changing the authentication method.

Further, the information processing device according to the present application further includes a calculation unit 134 that calculates the effect or profit actually caused by changing the authentication method. The providing unit 135 provides the user with an incentive according to the calculated effect or profit.

The providing unit 135 conducts a sweepstakes using incentives according to the calculated effects or profits, and provides the incentives to users who win the sweepstakes.

Further, another information processing device (terminal device 10) according to the present application includes a reception unit 34 that receives user operations, and an acquisition unit 35 that acquires biometric information of the user while user operations other than authentication are performed. and an authentication processing unit 36 that performs biometric authentication based on the user's biometric information.

The acquisition unit 35 acquires the user's biometric information during the process of requesting consent from the user. The authentication processing unit 36 performs biometric authentication based on the user's biometric information at the same time as processing to request consent from the user.

The acquisition unit 35 reads the user's fingerprint during a scroll operation to read the terms and conditions for which agreement is requested. The authentication processing unit 36 performs fingerprint authentication based on the user's fingerprint.

The acquisition unit 35 reads the veins of the user's fingers or hands during a scroll operation to read the terms and conditions for which consent is requested. The authentication processing unit 36 performs vein authentication based on the veins of the user's fingers or hands.

The acquisition unit 35 reads the user's face when the user is looking at the screen to read the terms and conditions for which consent is requested. The authentication processing unit 36 performs face authentication based on the user's face.

The acquisition unit 35 reads the user's iris while the user is looking at the screen to read the terms and conditions to which consent is requested. The authentication processing unit 36 performs iris authentication based on the user's iris.

The acquisition unit 35 reads the characteristics of the user's movements when reading the terms and conditions to which consent is requested. The authentication processing unit 36 performs gesture authentication based on the characteristics of the user's movements.

The acquisition unit 35 picks up the audio when the agreement or predetermined keyword for which consent is requested is read aloud. The authentication processing unit 36 performs voice authentication based on the user's voice.

The authentication processing unit 36 considers the act of consent by the user itself as one type of authentication.

The acquisition unit 35 acquires the user's biometric information via an external device while the user is performing operations other than authentication.

By using any one or a combination of the above-described processes, the information processing apparatus according to the present application can further improve the efficiency of authentication.

[8. Hardware configuration]
Further, the terminal device 10 and the server device 100 according to the embodiments described above are realized by, for example, a computer 1000 having a configuration as shown in FIG. 11. The following will explain the server device 100 as an example. FIG. 11 is a diagram showing an example of the hardware configuration. The computer 1000 is connected to an output device 1010 and an input device 1020, and a calculation device 1030, a primary storage device 1040, a secondary storage device 1050, an output I/F (Interface) 1060, an input I/F 1070, and a network I/F 1080 are connected to a bus. 1090.

The arithmetic unit 1030 operates based on programs stored in the primary storage device 1040 and the secondary storage device 1050, programs read from the input device 1020, and performs various processes. The arithmetic device 1030 is realized by, for example, a CPU (Central Processing Unit), an MPU (Micro Processing Unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or the like.

The primary storage device 1040 is a memory device such as a RAM (Random Access Memory) that temporarily stores data used by the calculation device 1030 for various calculations. Further, the secondary storage device 1050 is a storage device in which data used by the calculation device 1030 for various calculations and various databases are registered, and includes a ROM (Read Only Memory), an HDD (Hard Disk Drive), and an SSD (Solid Disk Drive). This is realized using flash memory, etc. The secondary storage device 1050 may be a built-in storage or an external storage. Further, the secondary storage device 1050 may be a removable storage medium such as a USB (Universal Serial Bus) memory or an SD (Secure Digital) memory card. Further, the secondary storage device 1050 may be a cloud storage (online storage), a NAS (Network Attached Storage), a file server, or the like.

The output I/F 1060 is an interface for transmitting information to be output to the output device 1010 that outputs various information such as a display, a projector, and a printer. (Digital Visual Interface) and HDMI (registered trademark) (High Definition Multimedia Interface). Further, the input I/F 1070 is an interface for receiving information from various input devices 1020 such as a mouse, keyboard, keypad, button, scanner, etc., and is realized by, for example, a USB or the like.

Further, the output I/F 1060 and the input I/F 1070 may be wirelessly connected to the output device 1010 and the input device 1020, respectively. That is, output device 1010 and input device 1020 may be wireless devices.

Moreover, the output device 1010 and the input device 1020 may be integrated like a touch panel. In this case, the output I/F 1060 and the input I/F 1070 may also be integrated as an input/output I/F.

Note that the input device 1020 is, for example, an optical recording medium such as a CD (Compact Disc), a DVD (Digital Versatile Disc), or a PD (Phase change rewritable disk), a magneto-optical recording medium such as an MO (Magneto-Optical disk), or a tape. It may be a device that reads information from a medium, a magnetic recording medium, a semiconductor memory, or the like.

Network I/F 1080 receives data from other devices via network N and sends it to computing device 1030, and also sends data generated by computing device 1030 to other devices via network N.

Arithmetic device 1030 controls output device 1010 and input device 1020 via output I/F 1060 and input I/F 1070. For example, the arithmetic device 1030 loads a program from the input device 1020 or the secondary storage device 1050 onto the primary storage device 1040, and executes the loaded program.

For example, when the computer 1000 functions as the server device 100, the arithmetic unit 1030 of the computer 1000 realizes the functions of the control unit 130 by executing a program loaded onto the primary storage device 1040. Further, the arithmetic device 1030 of the computer 1000 may load a program obtained from another device via the network I/F 1080 onto the primary storage device 1040, and execute the loaded program. Furthermore, the arithmetic unit 1030 of the computer 1000 may cooperate with other devices via the network I/F 1080, and may call and use program functions, data, etc. from other programs of other devices.

[9. others〕
Although the embodiments of the present application have been described above, the present invention is not limited to the contents of these embodiments. Furthermore, the above-mentioned components include those that can be easily assumed by those skilled in the art, those that are substantially the same, and those that are in a so-called equivalent range. Furthermore, the aforementioned components can be combined as appropriate. Furthermore, various omissions, substitutions, or modifications of the constituent elements can be made without departing from the gist of the embodiments described above.

Further, among the processes described in the above embodiments, all or part of the processes described as being performed automatically can be performed manually, or the processes described as being performed manually can be performed manually. All or part of this can also be performed automatically using known methods. In addition, information including the processing procedures, specific names, and various data and parameters shown in the above documents and drawings may be changed arbitrarily, unless otherwise specified. For example, the various information shown in each figure is not limited to the illustrated information.

Furthermore, each component of each device shown in the drawings is functionally conceptual, and does not necessarily need to be physically configured as shown in the drawings. In other words, the specific form of distributing and integrating each device is not limited to what is shown in the diagram, and all or part of the devices can be functionally or physically distributed or integrated in arbitrary units depending on various loads and usage conditions. Can be integrated and configured.

For example, the server device 100 described above may be realized by a plurality of server computers, and depending on the function, it may be realized by calling an external platform etc. using an API (Application Programming Interface), network computing, etc. Can be changed flexibly.

Furthermore, the above-described embodiments and modifications can be combined as appropriate within a range that does not conflict with the processing contents.

Further, the above-mentioned "section, module, unit" can be read as "means", "circuit", etc. For example, the acquisition unit can be read as an acquisition means or an acquisition circuit.

1 Information processing system 10 Terminal device 33 Processing unit 34 Reception unit 35 Acquisition unit 36 Authentication processing unit 100 Server device 110 Communication unit 120 Storage unit 121 User information database 122 History information database 123 Authentication setting database 130 Control unit 131 Acquisition unit 132 Reception Section 133 Estimating section 134 Calculating section 135 Providing section 200 Sensor device

Claims (12)

a reception unit that accepts changes to the authentication method from users;
a providing unit that provides the user with an incentive according to the effect or profit caused by changing the authentication method;
An information processing device comprising: an estimation unit that estimates in advance the effects or benefits caused by changing the authentication method;
Furthermore,
The information processing device according to claim 1, wherein the providing unit presents the user with an incentive according to the estimated effect or profit in advance and suggests changing the authentication method to the user. The information processing apparatus according to claim 2, wherein the providing unit visualizes the estimated effect or benefit and presents it to the user, and suggests changing the authentication method to the user. The information processing device according to claim 2, wherein the estimating unit estimates a cost for time required for authentication from the user's hourly wage or minimum wage as an effect or benefit caused by changing the authentication method. The information processing apparatus according to claim 2, wherein the estimation unit estimates the time required for authentication after the change, as an effect or benefit caused by changing the authentication method, according to the number and type of authentication. The information processing device according to claim 2, wherein the estimating unit estimates a benefit to the service provider side due to changing the authentication method as an effect or profit caused by changing the authentication method. 3. The estimating unit estimates benefits resulting from a reduction in communication costs on the service provider side, power or number of servers, or management costs as effects or benefits resulting from changing the authentication method. information processing equipment. The information processing device according to claim 2, wherein the estimating unit estimates an improvement in conversion rate or a benefit from security measures as the effect or benefit caused by changing the authentication method. a calculation unit that calculates the effect or profit actually caused by changing the authentication method;
Furthermore,
The information processing device according to claim 1, wherein the providing unit provides the user with an incentive according to the calculated effect or profit. The information processing device according to claim 1, wherein the providing unit holds a prize using an incentive according to the calculated effect or profit, and provides the incentive to a user who wins the prize. An information processing method executed by an information processing device, the method comprising:
a reception process for accepting changes to the authentication method from the user;
a providing step of providing the user with an incentive according to the effect or profit caused by changing the authentication method;
An information processing method characterized by comprising: A reception procedure for accepting a change of authentication method from a user,
a providing procedure for providing the user with an incentive according to the effect or profit caused by changing the authentication method;
An information processing program that causes a computer to execute.

Images