JP5828439B1 - Information processing apparatus, information processing method, program, and storage medium - Google Patents

Abstract

The authentication accuracy for determining whether or not the request from the terminal device is based on a human operation is improved. One or more images are selected as display target images from a request receiving unit that receives a request transmitted by the terminal device and a user-related image that is an image that can be specified based on user identification information acquired from the terminal device. Display control for displaying on the terminal device an image selection unit and a question screen displayed in such a manner that one or more of the display target images provoke a user's discomfort while the display target image selected by the image selection unit is arranged An input information receiving unit that receives input information for the question screen, an answer determining unit that determines whether the answer to the question screen is a correct answer based on the input information received by the input information receiving unit, and an answer determination A request processing unit that performs processing on the request based on the determination result of the unit.

Description

  The present invention relates to an information processing device and an information processing method, a program for realizing the information processing device, and a storage medium storing the program, and particularly relates to the field of authentication processing for a request made from a terminal device.

International Publication No. 2013/071158 JP 2012-3467 A

Computer programs called bots that automatically exchange with a server, such as automatically logging in to a specific site on a network such as the Internet, are known.
As a countermeasure against unauthorized login by such a bot, a technique for determining whether or not a request from a terminal device is based on a human operation has been proposed (for example, Patent Document 1 described above). 2).

In Patent Document 1, as an authentication device that performs authentication for an access request from a client terminal, an authentication character string for performing authentication when an access request is received from the client terminal is generated, and image data of an authentication image, and When an input request for the authentication character string included in the authentication image is sent to the client terminal and the input character string sent from the client terminal is received in response to the input request, the input character string matches the authentication character string. An authentication device is disclosed that determines whether or not to perform an access and authenticates an access request from a client terminal when an input character string matches an authentication character string.
By using an image that can be identified by an optical illusion as an authentication image, it becomes difficult to correctly answer the authentication character string depending on a bot that does not cause an optical illusion. We are trying to improve.

  Further, in Patent Document 2, an image that has not been processed with respect to color tone and an image that has been processed are displayed on a terminal device, and a request is made to a human operation by asking which image is a processed image. An authentication method for determining whether the authentication is based or based on a bot is disclosed.

  Here, the authentication process related to the determination as to whether or not the person is as described above is important in preventing various nuisances caused by the bot.

  In view of the above, an object of the present invention is to overcome the above-described problems and to improve the authentication accuracy of an authentication process for determining whether a request from a terminal device is based on a human operation.

  The information processing apparatus according to the present invention includes one or more of a request receiving unit that receives a request transmitted by a terminal device and a user-related image that is an image that can be specified based on user identification information acquired from the terminal device. An image selection unit that selects one image as a display target image, and the display target image selected by the image selection unit are arranged, and one or more of the display target images provoke a user's discomfort. Based on the input information received by the input information received by the display control unit for displaying the question screen to be displayed on the terminal device, the input information receiving unit for receiving the input information for the question screen, and the question screen An answer determination unit for determining whether the answer is a correct answer, and a process for processing the request based on a determination result by the answer determination unit. And Est processor is one with a.

According to the above question screen, it is easy for a person to feel a sense of incongruity by using a user-related image associated with the user identification information of the person. It is difficult to determine whether or not it is aroused, making it difficult to answer correctly.
In addition, since the question screen can change for each user (for each user identification information), it is possible to make the authentication process by the bot more difficult.

In the information processing apparatus according to the present invention described above, the user-related images are managed in association with characters, and the display control unit displays the display target image and the display target image in correspondence with each other. It is desirable to display the question screen that arouses the sense of incongruity by a combination with the characters to be displayed on the terminal device.
In this way, if a sense of incongruity is aroused by a combination of characters to be displayed corresponding to the display target image, image processing for inducing a sense of incongruity can be realized simply by combining characters with the image. Alternatively, image processing is not necessary when images and characters are displayed separately.

In the information processing apparatus according to the present invention described above, the image selection unit corresponds to the number of user-related images that are larger than the number of images to be selected as the display target image and the user-related images for each user identification information. Managing a set of the character to be selected, and selecting the display target image and the character to be displayed corresponding to the display target image from the managed user-related image and the character, The display control unit may display the question screen on the terminal device based on the display target image and the characters selected by the image selection unit.
As a result, by preparing a relatively small number of image and character pairs, it is possible to display a large number of variations of question screens.

In the information processing apparatus according to the present invention described above, for each of the user identification information, action history information related to browsing of an image of the user specified by the user identification information is managed, and the image selection unit It is desirable to select the user-related image identified by the user from the action history information as a knowledge estimation image, and select one or more of the knowledge estimation images as the display target image.
As a result, it is possible to display a knowledge estimation image that is estimated to have been acquired by browsing by the user during authentication.

In the information processing apparatus according to the present invention described above, it is preferable that the image selection unit selects the knowledge estimation image by excluding information past the predetermined time or more from the action history information.
Thereby, an image newly stored for the user is displayed at the time of authentication.

In the information processing apparatus according to the present invention described above, the knowledge estimation image is managed in association with characters, and the display control unit corresponds to the display target image and the display target image. The question screen that provokes the sense of incongruity by a combination with the character to be displayed is displayed on the terminal device, and the information of the character associated with each knowledge estimation image is a web page on which the question screen is displayed. It is desirable that the information is managed as information presented to the user together with the knowledge estimation image on a different web page.
As a result, on the question screen, the knowledge estimated image is displayed as the display target image, and information that is estimated to be acquired by the user by actually browsing and displayed is also displayed as the character information combined with the display target image. Is done.

In the information processing apparatus according to the present invention described above, for each of the user identification information, information on a genre that tends to be preferred by a user specified by the user identification information is managed, and the image selection unit is configured to display an image for each genre. Among the images stored in the storage unit that are managed and stored, the image belonging to the genre that matches the genre that the user tends to prefer is selected as the knowledge estimation image, and one or more of the knowledge estimation images are selected as the knowledge estimation image. It is desirable to select it as a display target image.
As a result, an image other than the image estimated to be actually viewed by the user can also be selected as the knowledge estimated image.

In the information processing apparatus according to the present invention described above, it is preferable that the display control unit selects one or more of the user-related images as moving images as the display target images.
Thereby, a moving image is displayed as a display target image on the question screen.

The information processing method according to the present invention includes: a request reception step for receiving a request transmitted by a terminal device; and a user-related image that is an image that can be specified based on user identification information acquired from the terminal device. Alternatively, an image selection step for selecting a plurality of images as display target images, and the display target images selected by the image selection step are arranged, and one or more of the display target images arouse a user's uncomfortable feeling. Based on the display control step for displaying the question screen displayed in the form on the terminal device, the input information receiving step for receiving input information for the question screen, and the input information received by the input information receiving step. An answer determination step for determining whether an answer to the screen is a correct answer, and the answer determination step Said request processing step of performing processing for a request based on the determination result that the an information processing method by the information processing device executes.
Also by such an information processing method, the same operation as the information processing apparatus according to the present invention described above can be obtained.

Furthermore, a program according to the present invention is a program that causes an information processing apparatus to execute processing executed as the information processing method.
Furthermore, a storage medium according to the present invention is a program storing the above program. The above information processing apparatus is realized by these programs and storage media.

ADVANTAGE OF THE INVENTION According to this invention, the authentication precision can be aimed at about the authentication process for determining whether the request from a terminal device is based on a person's operation.
In addition, since the question screen can change for each user (for each user identification information), it is possible to make authentication processing by the bot more difficult, and in this respect also, the authentication accuracy can be improved.

It is the figure which showed the example of the network system of 1st Embodiment. It is the block diagram which showed the hardware constitutions of the computer apparatus which comprises the network system of embodiment. It is the functional block diagram which showed the function which concerns on the authentication process of 1st Embodiment as a block. It is the figure which showed the example of the question screen material management information in 1st Embodiment. It is the figure which showed the 1st example of the question screen. It is the figure which showed the 2nd example of the question screen. It is a flowchart of the prior selection process in 1st Embodiment. It is a flowchart of the process performed corresponding to at the time of authentication. It is a flowchart of the question screen generation process in 1st Embodiment. It is the figure which showed the example of the network system of 2nd Embodiment. It is the figure which showed the example of image management information. It is the functional block diagram which showed the function which concerns on the authentication process of 2nd Embodiment as a block. It is the figure which showed the example of the question screen material management information in 2nd Embodiment. It is the figure which showed the example of the question screen in 2nd Embodiment. It is a flowchart of the prior selection process in 2nd Embodiment. It is a flowchart of the question screen generation process in 2nd Embodiment.

Hereinafter, embodiments will be described in the following order.
<1. First Embodiment>
[1-1. Overview of network system]
[1-2. Hardware configuration of computer device]
[1-3. Authentication method of the first embodiment]
[1-4. Processing procedure]
[1-5. Summary of First Embodiment]
<2. Second Embodiment>
[2-1. System overview and authentication method]
[2-2. Processing procedure]
[2-3. Summary of Second Embodiment]
<3. Program and Storage Medium>
<4. Modification>

<1. First Embodiment>
[1-1. Overview of network system]

FIG. 1 shows an example of a network system 1 assumed in the first embodiment. The network system 1 functions as an EC (EC: electronic commerce) system.
The network system 1 is configured so that a shopping site management system 3, a plurality of user terminals 4, 4,..., A plurality of store terminals 5, 5,.

The user terminal 4 is a computer device provided with a web browser. Examples of the user terminal 4 include a high-function mobile phone (smart phone), a mobile phone, a personal digital assistant (PDA), and a portable or stationary personal computer (PC). It is not limited.
The user terminal 4 requests a web page or a predetermined process by transmitting an HTTP (Hypertext Transfer Protocol) request to the shopping server 3a or the like in the shopping site management system 3. The user terminal 4 receives the web page sent in response to the HTTP request and displays it on the web browser. Thereby, the user can browse and operate a desired web page.

  The shopping site management system 3 includes a shopping server 3a, a product DB (database) 3b, a user DB 3c, and an image DB 3d each configured by a computer device. These devices can communicate with each other via a network such as a LAN (Local Area Network).

  The shopping server 3a performs various processes based on the HTTP request sent from the user terminal 4. For example, various web pages (for example, a product web page, a shopping cart web page, an order web page, etc.) are generated and transmitted, and a purchase process according to an order confirmation operation by the user is executed.

  In the network system 1, the shopping server 3a provides a virtual shopping street website (EC site: shopping site) to the user (user of the user terminal 4). There are a plurality of stores (members of a virtual shopping street) in the EC site. When the staff of each store registers the product of the store through the computer device as the store terminal 5, various products of various stores are uploaded onto the EC site. The user can purchase a desired product by accessing the EC site through the user terminal 4.

  In this example, the case where the object of the commercial transaction in the network system 1 is a product is illustrated, but the target of the commercial transaction may be a service.

In the shopping site management system 3, information related to products registered through the store terminal 5 is stored in the product DB 3 b. Specifically, product information such as a product name, product genre, product image, specification, product introduction summary, advertisement information, etc. is stored in association with a product ID that is an identifier for identifying a product. Has been. The product DB 3b also stores a data file of a product web page described in a markup language such as HTML (HyperText Markup Language) or XML (Extensible Markup Language).
With such a product DB 3b, for example, a product search based on an input keyword or the like can be performed.

  Here, the user can register as a member in the shopping site management system 3 when using the EC site. At the time of member registration, the user registers necessary information such as a user ID (user identification information), a password, a name, an e-mail address, merchandise destination information (address information), and a credit card number. The user logs in to the EC site with the registered user ID and password, thereby saving the trouble of inputting necessary information again when purchasing a product on the EC site.

The user DB 3c stores user information registered by the user as a member as described above.
Furthermore, in the user DB 3c, for each user ID, various history information about browsing of a product page, putting a product into a shopping cart, purchasing a product (ordering), etc., and information on a product bookmarked as a favorite product (favorite information) ) And the like (hereinafter referred to as “behavior history information”) related to the user's action history.
The user DB 3c also stores preference information for each user analyzed from the above behavior history information and the like for each user ID. The preference information includes, for example, information on genres that tend to be preferred by users estimated from product browsing histories and purchase histories, bookmarked products, etc., and information on price ranges and manufacturers of products that are frequently purchased. Hereinafter, of such preference information, genre information that the user tends to prefer is also referred to as “favorable genre information Ij”.
Hereinafter, the above information managed for each user ID in the user DB 3c is generically referred to as “user management information Iu”.

Here, the shopping server 3a performs an authentication process on a specific request made by a terminal device such as the user terminal 4. In the embodiment, the authentication process is performed to determine whether the request from the terminal device is based on a human operation or based on a computer program as a bot.
Such an authentication process can be executed, for example, at the time of login requested to receive a specific service provided on the EC site. Specifically, when logging in using a login box (for example, a user ID and password input box) provided for login on the top page of the EC site, a request is made when purchasing a product on the EC site. For example, when logged in, when logged in when browsing registered user information, when logging in requested to edit registered user information, and the like.
At this time, requesting authentication for each login is not desirable because it imposes an excessive burden on legitimate users. Therefore, terminal devices that request authentication may be limited based on a predetermined standard. For example, if a predetermined time or more has passed since the last authentication, or a terminal device that has failed to log in a predetermined number of times within a predetermined time with the same IP address is estimated as an illegal terminal, and the unauthorized terminal It is also possible to request authentication for.

The authentication process can also be performed for a terminal device that is logged in. For example, when the user of the terminal device requests download of a specific file provided on the EC site during login, there may be a case where authentication is imposed as a download permission condition.
Here, in order to try to enjoy illegal use using a bot for such a logged-in service such as a download service, the bot needs to log in with some account (user ID and password). As a case where login is possible, for example, so-called “spoofing” using an account illegally obtained from another person can be considered.

  The details of the authentication process performed by the shopping server 3a will be described later.

Here, in FIG. 1, various examples of the configuration of the network 2 are assumed. For example, the Internet, intranet, extranet, LAN (Local Area Network), CATV (Community Antenna TeleVision) communication network, virtual private network, telephone line network, mobile communication network, satellite communication network, etc. Is assumed.
Various examples of transmission media constituting all or part of the network 2 are also envisaged. For example, IEEE (Institute of Electrical and Electronics Engineers) 1394, USB (Universal Serial Bus), power line carrier, telephone line, etc. can be wired with infrared, IrDA (Infrared Data Association), Bluetooth (registered trademark), 802.11 wireless It can also be used by radio such as a mobile phone network, satellite line, and digital terrestrial network.

[1-2. Hardware configuration of computer device]

FIG. 2 shows a hardware configuration of a computer device constituting each device (product DB 3b, user DB 3c, user terminal 4 (terminal device), store terminal 5) including the shopping server 3a shown in FIG.
In FIG. 2, a CPU (Central Processing Unit) 101 of a computer apparatus performs various processes according to a program stored in a ROM (Read Only Memory) 102 or a program loaded from a storage unit 108 to a RAM (Random Access Memory) 103. Execute the process. The RAM 103 also appropriately stores data necessary for the CPU 101 to execute various processes.
The CPU 101, ROM 102, and RAM 103 are connected to each other via a bus 104. An input / output interface 105 is also connected to the bus 104.
The input / output interface 105 includes an input device 106 made up of a keyboard, mouse, touch panel, etc., a display (display device) made up of an LCD (Liquid Crystal Display), a CRT (Cathode Ray Tube), an organic EL (Electroluminescence) panel, etc., and a speaker. Are connected to a storage unit 108 configured by an HDD (Hard Disk Drive) or a flash memory device, and a communication unit 109 for mutual communication with an external device.
A media drive 110 is also connected to the input / output interface 105 as necessary, and a removable medium 111 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory is appropriately mounted, and information can be written to the removable medium 111. Reading is performed.

In such a computer apparatus, data and programs can be uploaded and downloaded through communication by the communication unit 109, and data and programs can be transferred via the removable medium 111.
When the CPU 101 performs processing operations based on various programs, information processing and communication described below are executed particularly in the computer device as the shopping server 3a.

[1-3. Authentication method of the first embodiment]

With reference to the functional block diagram of FIG. 3, the authentication process which the shopping server 3a performs according to the request which terminal devices, such as the user terminal 4, perform is demonstrated.
In the following description, it is assumed that the service requested by the terminal device is a service that can be enjoyed during login unless otherwise specified. In other words, regarding the bot, for example, as described above, when the user logs in illegally with another person's account and makes a request for the service.

In FIG. 3, various processes executed by the shopping server 3 a for realizing the authentication process according to the first embodiment are shown in blocks for each function.
As shown in the figure, the shopping server 3a is divided into functions according to a request reception processing unit F1, an image selection processing unit F2, a display control processing unit F3, an input information reception processing unit F4, an answer determination processing unit F5, and a request processing unit F6. Can be represented as having

  The request reception processing unit F1 receives a specific request transmitted by the terminal device. That is, in this example, it is a request for services that can be enjoyed during the above-described login.

The image selection processing unit F2 selects a plurality of images as display target images Gd from user-related images that are images that can be specified based on the user ID acquired from the terminal device that transmitted the request.
The display target image Gd is an image arranged on the question screen used for the authentication process, and a predetermined number is displayed on the question screen in a manner that arouses the user's uncomfortable feeling as will be described later.

  In this example, as the “user-related image”, a knowledge estimation image Gi that is an image estimated to be known by the user is used.

The knowledge estimation image Gi is selected from the product images stored in the product DB 3b. That is, the display target image Gd arranged on the question screen is an image selected from among product images that the user can know.
The image selection processing unit F2 selects the knowledge estimation image Gi based on the above-described user management information Iu stored in the user DB 3c. Specifically, the knowledge estimation image Gi is selected based on the action history information stored for each user ID in the user DB 3c. For example, a product image of a product having a purchase history is selected as the knowledge estimation image Gi based on the purchase history information of the product. Or based on the bookmark information of goods, the goods picture about bookmark goods is selected as knowledge presumption picture Gi. The knowledge estimation image Gi in the first embodiment is an image estimated that the user browses and knows in this way.
At this time, the number of images to be selected as the knowledge estimation images Gi is set to be larger than at least the number of images to be selected as the display target images Gd (“3” in this example). In this example, since one piece of knowledge estimation image Gi is selected for each product, the selection process of the knowledge estimation image Gi matches the condition that the user is assumed to know. This is a process of selecting a product image for each of a plurality of products.

  In the EC site provided by the shopping server 3a, the product image is displayed on the product page, and the bookmark of the product is performed by operating the “favorite” button arranged on the product page. The history information corresponds to “behavior history information relating to an image”.

In the first embodiment, as a method for causing the user to feel uncomfortable about the display target image Gd, a method of displaying information on different product names in correspondence with the product image as the display target image Gd is adopted.
For this reason, the image selection processing unit F2 also performs a process of selecting product name information to be displayed in association with the display target image, in addition to the selection of the knowledge estimation image Gi and the selection of the display target image Gd as described above. .
As will be described later, on the question screen, the display target image Gd that does not cause a sense of incongruity and the display target image Gd that does not cause a sense of incongruity are displayed. Product name information about the corresponding product is selected, and for the display target image Gd that arouses a sense of discomfort, product name information about a product different from the corresponding product is selected.
In the EC site, the product name information can be expressed as information displayed on the same product page together with the corresponding product image.

Here, the knowledge estimation image Gi and the product name information necessary for displaying the question screen can be sequentially selected according to the reception of the request from the terminal device.
However, in this example, in order to avoid the selection process of the knowledge estimation image Gi and the product name information every time the authentication process is performed in response to the request, the image selection processing unit F2 previously stores the question screen for each user ID. The knowledge estimation image Gi as a candidate for the display target image Gd to be displayed on the screen and the product name information are selected in advance.
Specifically, for all user IDs managed by the user DB 3c, the image selection processing unit F2 sets a condition that “the user is assumed to know” based on the behavior history information for each user ID. After selecting a plurality of products to satisfy, each product image of the product is selected as a knowledge estimation image Gi, and product name information of the product is also acquired, and the image ID of the selected knowledge estimation image Gi is acquired. Are stored in association with the user ID.

  At this time, in order to prevent an image in which the user's memory is faint based on the old action history from being selected as the knowledge estimation image Gi, the image selection processing unit F2 includes past information for a predetermined time or more in the action history information. Is selected and the knowledge estimation image Gi and the product name information are selected.

FIG. 4 shows an example of the question screen material management information I1 constructed by the pre-selection process performed for each user ID as described above.
As shown in the figure, in the question screen material management information I1, for each user ID, the product ID selected as the knowledge estimation image Gi and the selected product image correspond to the selected product image (that is, for the same product). Product name information (character information) is associated.
The question screen material management information I1 is stored in a state in which the shopping site management system 3 can read the shopping server 3a. In this example, the question screen material management information I1 is stored in a storage device provided in the shopping server 3a such as the storage unit 108 shown in FIG.

When the request from the terminal device is received, the image selection processing unit F2 in this example displays the display target image Gd and the display target image Gd based on the question screen material management information I1 as described above. Select the character information to be used.
That is, the image selection processing unit F2 uses the question screen from among the image ID and product name information associated with the user ID that matches the user ID acquired from the terminal device among the user IDs in the question screen material management information I1. The image ID and the product name information of the number to be displayed in (3 in this example) are selected. At this time, with respect to the product name information, instead of simply selecting information associated with each of the selected image IDs, at least one of the selected image IDs is selected in order to realize the above-described discomfort sensation method. Product name information associated with an image ID other than is selected (a character that does not match the product image is selected). For example, if “I0001”, “I0002”, and “I00XX” in the figure are selected as the image IDs, as the product name information, for example, product name information associated with “I0001” and “I0002”, respectively, Product name information associated with an image ID other than “I00XX” is selected.
Specifically, the image selection processing unit F2 is associated with a corresponding user ID in the question screen material management information I1 as a selection process related to an image to be aroused with a sense of incongruity (hereinafter referred to as “discomfort subject image Gc”). A predetermined number (“1” in this example) of image IDs is selected from among the image IDs, and among the image IDs associated with the user ID, an image ID different from the selected image ID is selected. Select associated product name information.
Further, the image selection processing unit F2 selects a predetermined number (from the image IDs associated with the corresponding user IDs in the question screen material management information I1) as the selection processing related to the display target image Gd other than the uncomfortable feeling target image Gc. In this example, the image ID “2”) is selected, and product name information associated with the selected image ID is selected.

  At this time, the selection of the image ID may be performed according to a predetermined rule. However, considering that the selection rule for the display target image Gd is understood, a bot algorithm that captures the authentication process may be constructed. Then, it is desirable to make it a random selection.

  Returning to FIG. 3, the display control processing unit F <b> 3 performs a process of displaying a question screen for authentication on the terminal device that transmitted the request. Specifically, in the question screen of this example, the display target images Gd selected by the image selection processing unit F2 are arranged, and a predetermined number of display target images Gd among the display target images Gd are displayed according to product name information combined. It is displayed in a manner that arouses the user's discomfort.

FIG. 5 shows a first example of the question screen.
As shown in the drawing, on the question screen as the first example, images in which the product name information selected by the image selection processing unit F2 is combined with the display target image Gd selected by the image selection processing unit F2 are arranged. At the same time, character information (a, b, c) attached to each image as an identifier of the image, character information as a question sentence, character information that is an answer option for the question, and an option are selected. Check boxes cb1 to cb3 are arranged.
FIG. 5 illustrates a case where a product image corresponding to the product “crab” is selected as the discomfort target image Gc among the display target images Gd. Specifically, an image in which the product name information corresponding to the product “sea urchin” is combined with the product image corresponding to the product “crab” is displayed as an image for inducing a sense of incongruity. In FIG. 5, the product “toilet paper” is the same as the product image corresponding to the product “camera” and the product image corresponding to the product “camera” and the product image corresponding to the product “toilet paper”. An image in which product name information corresponding to is synthesized is displayed as an image that does not arouse a sense of incongruity.

FIG. 6 shows a second example of the question screen.
On the question screen as the second example, the display target image Gd selected by the image selection processing unit F2 and the product name information selected by the image selection processing unit F2 are arranged separately (separated), and Check boxes for selecting any of characters (a, b, c) attached to each image as an image identifier, character information as a question sentence, character information as an answer to a question, and an option cb1 to cb3 are arranged.
Also in the example of FIG. 6, the display target image Gd selected as the discomfort target image Gc is a product image corresponding to the product “crab”. That is, in the example of FIG. 6, the product name information corresponding to the product “Sea Urchin” is arranged at the position corresponding to the product image (display target image Gd) corresponding to the product “Crab” (in the vicinity of the lower part of the image in this example). And the said display target image Gd is displayed in the aspect which arouses a user's discomfort. On the other hand, the product image corresponding to the product “camera” and the product image corresponding to the product “toilet paper” correspond to the product name information corresponding to the product “camera” and the product “toilet paper” at the corresponding positions, respectively. Product name information is arranged, and these display target images Gd are displayed in a manner that does not arouse the user's uncomfortable feeling.

  Based on the display target image Gd selected by the image selection processing unit F2 and the product name information, the display control processing unit F3 generates a question screen according to the mode illustrated as the first example or the second example, and transmits the request. Display on the terminal device.

  In FIG. 3, an input information reception processing unit F4 receives input information for a question screen. Specifically, in the case of the question screen of FIG. 5, check operation information for any of the check boxes cb1 to cb4 is received from the terminal device as input information for the question screen, and in the case of the question screen of FIG. The received information is received from the terminal device as input information for the question screen. Such input information can be rephrased as answer information for the question screen.

The answer determination processing unit F5 determines whether or not the answer to the question screen is a correct answer based on the input information received by the input information reception processing unit F4.
In the case of the question screens illustrated in FIG. 5 and FIG. 6 above, the answer for selecting an image that causes a sense of incongruity is a correct answer, so whether or not the answer is correct is displayed on the question screen. Of the images, an image in which product name information selected so as not to satisfy the correspondence between the image ID and the product name information (character information) in the question screen material management information I1 shown in FIG. 4 is displayed is selected. It is determined whether it is an answer.

  The request processing unit F6 performs processing for the request of the terminal device based on the determination result by the answer determination processing unit F5. Specifically, when a determination result that the answer to the question screen is a correct answer is obtained, a web page (hereinafter referred to as “service page”) for providing a service according to the request is displayed on the terminal device. When the determination result that the answer to the question screen is not a correct answer is obtained, the process of displaying the service page on the terminal device is not executed, and the error handling process is performed.

  In the wrong answer handling process of this example, instead of immediately making an authentication error in response to a wrong answer, the number of times that the terminal device made a wrong answer within a predetermined time (hereinafter referred to as “number of wrong answers m”). ) Repeats at least the reception of the input information for the question screen from the terminal device and the determination of the answer to the question screen, unless the set allowable number of erroneous answers M (M is a natural number of 2 or more). That is, when the answer determination processing unit F6 obtains a determination result that is not a correct answer, the request processing unit F6 uses at least the input information reception processing unit F4 unless the number m of incorrect answers is equal to or greater than the allowable number M of incorrect answers. Reception of input information and answer determination by the answer determination processing unit F5 are executed, and if the number of erroneous answers m is equal to or greater than the allowable number of incorrect answers M, an authentication error process is executed. Specifically, as the authentication error process, a process of displaying an “error page” indicating that an authentication error has occurred on the terminal device is performed.

Here, in the case where an erroneous answer within the allowable error count M is allowed as described above, in this example, every time an incorrect answer is made, a different question screen is displayed on the terminal device to prevent a decrease in authentication accuracy. Plan. At this time, as the “different question screen”, the combination of the image and the product name information may be unchanged, and only the question text may be changed, or vice versa. Alternatively, both the question text and the combination of the image and the product name information may be different.
In this example, when the number of erroneous answers m is within the allowable number of erroneous answers M so that at least the combination of the image and the product name information is different, the display target image Gd by the image selection processing unit F2 Start over from the product name information selection process.

[1-4. Processing procedure]

With reference to the flowcharts of FIGS. 7 to 9, the procedure of processing to be executed to realize the authentication method of the first embodiment will be described.
FIG. 7 shows a procedure of processing to be executed in order to realize the above-described pre-selection for the knowledge estimation image Gi and the product name information. The processing shown in FIG. 7 is executed by the CPU 101 in the shopping server 3a based on a program stored in a predetermined storage device such as the ROM 102 or the storage unit 108, for example.

In FIG. 7, the shopping server 3a sets the start value nS as the processing target ID identification value n in step S101. The processing target ID identification value n is a value for identifying a user ID that is a target of execution of processing related to the prior selection of the knowledge estimation image Gi and the product name information.
In this example, the pre-selection process of the knowledge estimation image Gi and the product name information can be executed by dividing the target user ID range. The start value nS and the end value nE described later are values set by, for example, the operator of the shopping server 3a in order to determine the range of the target user ID.

When the start value nS is set as the processing target ID identification value n in step S101, the shopping server 3a is in step S102, the merchandise image and merchandise that are estimated to be known by the user based on the behavior history information for the nth user ID. Select name information. That is, for the n-th user ID stored in the user DB 3c, a plurality of conditions satisfying the condition that “the user is assumed to know” such as a product with a purchase history or a bookmarked product based on the behavior history information After selecting individual products, the product images of the selected products are selected as knowledge estimation images Gi, and product name information of the products is further selected.
At this time, the shopping server 3a selects the knowledge estimation image Gi and the product name information by excluding past information for a predetermined time or more from the action history information.

  In subsequent step S103, the shopping server 3a stores the image ID of the product image as the selected knowledge estimation image Gi and the product name information in association with the user ID (nth user ID).

Further, in the next step S104, the shopping server 3a determines whether or not the processing target ID identification value n is equal to or greater than the end value nE. If the processing target ID identification value n is not equal to or greater than the end value nE, the shopping server 3a proceeds to step S105, increments the processing target ID identification value n (n ← n + 1), and returns to step S102.
That is, in the range of the processing target ID identification value n = the start value nS to the end value nE, the knowledge estimation image Gi and the selection of the product name information corresponding to each user ID and the association storage with the user ID are performed. Is called. Thereby, the question screen material management information I1 as shown in FIG. 4 is constructed.

  If the processing target ID identification value n is equal to or greater than the end value nE, the shopping server 3a ends the preselection process shown in this figure.

FIG. 8 shows processing executed in response to authentication.
In FIG. 8, the process shown as “shopping server” is executed by the CPU 101 in the shopping server 3a based on a program stored in a predetermined storage device such as the ROM 102 or the storage unit 108, for example.

  In FIG. 8, a terminal device such as the user terminal 4 makes a request for access to a service page for receiving a specific service provided on the EC site to the shopping server 3a as an access request process in step 201. .

  Shopping server 3a will perform question screen generation processing at Step S301, if the access request from a terminal unit is received.

FIG. 9 shows processing executed as the question screen generation processing in step S301.
In FIG. 9, the shopping server 3a acquires the user ID corresponding to the terminal device in step S401. As described above, since it is assumed that the service requested by the terminal device is a service that can be enjoyed during login, the shopping server 3a supports the terminal device based on the login information of the terminal device that transmitted the request. The user ID to be acquired is acquired.

  In subsequent step S402, the shopping server 3a selects the display target image Gd used for the question screen based on the user ID and the question screen material management information I1. That is, in the question screen material management information I1, the number (for example, “3”) of image IDs to be displayed on the question screen is selected from the image IDs associated with the user ID acquired in step S401. At this time, the image ID is selected at random from the image IDs associated with the user ID acquired in step S401 in order to prevent the image displayed on the question screen from being fixed.

In the next step S403, the shopping server 3a selects a predetermined number of images among the display target images Gd as the discomfort target images Gc. Specifically, in this example, one of the display target images Gd is selected as the image ID of the discomfort target image Gc.
Then, in subsequent step S404, the shopping server 3a selects and acquires product name information for the uncomfortable image Gc. In other words, among the image IDs associated with the user ID acquired in step S401 in the question screen material management information I1, the product name associated with an image ID different from the image ID selected as the discomfort target image Gc. Select and get information.

  Further, in the next step S405, the shopping server 3a selects / acquires product name information for the remaining display target image Gd. That is, the product names associated with the image IDs in the question screen material management information I1 for each image ID excluding the image ID of the uncomfortable image Gc among the image IDs of the display target image Gd selected in step S402. Select and get information.

In subsequent step S406, shopping server 3a generates HTML data of a question screen using the selected display target image Gd and the acquired product name information. For example, when the question screen as the first example shown in FIG. 5 is displayed, the shopping server 3a displays the display target image selected as the discomfort target image Gc in step S403 as the image to be displayed on the question screen. An image in which the product name information acquired in step S404 is combined with Gd and an image in which the product name information acquired in step S405 is combined with the remaining display target image Gd are generated. HTML data of a web page in which character information as an identifier, character information as a question sentence, character information as an answer option, and a check box cb are laid out in a predetermined manner is generated as HTML data of a question screen.
When displaying the question screen as the second example (FIG. 6), the shopping server 3a displays the display target image Gd selected in step S402, the product name information acquired in steps S404 and S405, and the image. HTML data of a web page in which character information as an identifier, character information as a question sentence, character information as an answer option, and a check box cb are laid out in a predetermined layout is generated as HTML data of a question screen. At this time, the product name information acquired in step S404 is laid out at a position corresponding to the display target image Gd selected as the discomfort target image Gc, and the product name information acquired in step S405 is displayed on the remaining display target images Gd. Lay out at the corresponding position.
For confirmation, the display target image Gd is acquired from the product DB 3b based on the image ID acquired in step S402.

In response to executing the process of step S406, the shopping server 3a finishes the question screen generation process of step S301.
Hereinafter, the HTML data of the question screen generated in step S406 is referred to as “question screen HTML data”.

  Returning to FIG. 8, in step S302, the shopping server 3a transmits the question screen HTML data generated by the above-described question screen generation processing to the terminal device that made the request in the previous step S201.

In the terminal device, reception of question screen HTML data is waited in step S201. When question screen HTML data is received, question screen display processing is executed in step S203.
In step S204, the terminal device receives an input of an answer to the displayed question screen, and transmits the answer information (input information to the question screen) input in step S205 to the shopping server 3a.

  The shopping server 3a waits for reception of the response information from the terminal device in step S303, and when the response information is received, the response information is analyzed in step S304, and whether the response matches the correct answer in step S305. Determine whether or not.

If a negative result is obtained in step S305 that the answer does not match the correct answer, the shopping server 3a proceeds to step S306 and increments the value of the number m of incorrect answers (m ← m + 1), and in step S307 it is incorrect. It is determined whether the number of times m is equal to or greater than the allowable number of erroneous answers M.
Here, the initial value of the number m of erroneous answers is “0”. The value of the number m of incorrect responses is reset to 0 for each terminal device that has made a request in response to the elapse of a predetermined time from the time when the initial increment with respect to the initial value is performed. Although illustration is omitted, the shopping server 3a performs such a zero reset process of the number m of erroneous answers for each terminal device in parallel with the process shown in FIG.

If a negative result is obtained in step S307 that the number of erroneous answers m is not equal to or greater than the allowable number of erroneous answers M, the shopping server 3a transmits an erroneous answer notification to the terminal device in step S308, and the previous step S301. Return.
In other words, a process for newly displaying a question screen on the terminal device is executed for an incorrect answer within the allowable number M of incorrect answers.

  On the other hand, if an affirmative result is obtained in step S307 that the number of erroneous answers m is equal to or greater than the allowable number of erroneous answers M, the shopping server 3a transmits an authentication error notification to the terminal device in step S309, and an error in subsequent step S310. The page HTML data is transmitted to the terminal device, and the process shown in FIG.

  If an affirmative result that the answer matches the correct answer is obtained in the previous step S305, the shopping server 3a transmits a correct answer notification to the terminal device in step S311, and the service page HTML data is transmitted to the terminal device in step S312. 8 to finish the processing shown in FIG.

The terminal device waits in step S206 to receive any of the above-mentioned incorrect answer notification (S308), authentication error notification (S309), or correct answer notification (S311), and if received, notifies in step S207. Determine the type.
If the notification type is an incorrect answer, the terminal device returns to step S202 and waits for reception of a new question screen.

  If the notification type is an authentication error, the terminal device proceeds to step S208, performs an error page display process based on the error page HTML data received from the shopping server 3a, and ends the process shown in FIG.

  If the notification type is correct, the terminal device proceeds to step S209, performs service page display processing based on the service page HTML data received from the shopping server 3a, and ends the processing shown in FIG.

In the above, an example in which a question screen for authentication is displayed in response to a request for a service that can be enjoyed during login has been given. However, as a question screen, in addition to a user ID and a password input box on the login screen In some cases, the terminal device that made the request is in a non-login state, and the user ID corresponding to the terminal device may not be acquired. If it is a legitimate user other than a bot, the login information that has been made in the past may be left in the browser cookie in the terminal device, in which case the user ID can be obtained. It is highly possible that an unauthorized terminal by a bot has not logged in in the past, and a corresponding user ID cannot be acquired. Thus, when displaying a question screen in response to a request from a terminal device, if a user ID corresponding to the terminal device cannot be acquired, an image or product name information cannot be acquired from the question screen material management information I1. Therefore, the display target image Gd and product name information used for the question screen are selected from a plurality of separately prepared images and product name information, and a predetermined number of them is displayed in a manner in which a sense of discomfort can be felt. Also in this case, the selection is made at random so that the combination of the image and product name information displayed on the question screen is not fixed.
The method for dealing with such a case where the user ID cannot be obtained is the same as in the second embodiment described later.

Moreover, although the case where the display number of the display target images Gd on the question screen is plural is illustrated above, the display number may be at least “1”. That is, one of the knowledge estimation images Gi may be selected as the display target image Gd, and the selected display target image Gd may be displayed on the question screen in a manner that arouses discomfort. In this case, as the question screen, for example, text information such as “Do you feel uncomfortable about this image?” Is arranged as a question sentence, and the presence or absence of uncomfortable feeling is asked about one displayed display target image Gd. Good.

[1-5. Summary of First Embodiment]

As described above, the information processing apparatus (shopping server 3a) according to the first embodiment includes a request reception unit (request reception processing unit F1) that receives a request transmitted by a terminal device, and a user identification acquired from the terminal device. An image selection unit (image selection processing unit F2) that selects one or more images as display target images from user-related images that can be specified based on information, and a display target image selected by the image selection unit. A display control unit (display control processing unit F3) for displaying on the terminal device a question screen that is arranged and displayed in a manner in which one or more of the display target images arouse the user's discomfort, and input information to the question screen Based on the input information received by the input information receiving unit (input information receiving processing unit F4) and the input information receiving unit. Includes a determining whether or not answer determination unit is (answer determination processing unit F5), the request processing unit that performs processing for a request based on the determination result by the reply judgment unit (request processing unit F6).

According to the above question screen, it is easy for a person to feel a sense of incongruity by using a user-related image associated with the user identification information of the person. It is difficult to determine whether or not it is aroused, making it difficult to answer correctly.
Therefore, it is possible to improve the authentication accuracy for the authentication process for determining whether or not the request from the terminal device is based on a human operation.
In addition, since the question screen can change for each user (for each user ID), it is possible to make it difficult to capture the authentication process by the bot. Also in this respect, the authentication accuracy can be improved. In particular, if a hot administrator obtains unauthorized account information (user IDs and passwords) for multiple others and the bot makes an unauthorized login with each account and requests each service, those requests Since the question screen displayed in each authentication process performed every time changes for each user ID, it is difficult to capture the authentication process.

  In the information processing apparatus according to the first embodiment, characters are associated with the user-related images and managed, and the display control unit displays the display target image and the display target image in correspondence with each other. A question screen that arouses a sense of incongruity by combination with letters is displayed on the terminal device.

In this way, if a sense of incongruity is aroused by a combination of characters to be displayed corresponding to the display target image, image processing for inducing a sense of incongruity is realized by combining characters with the image (for example, the first example shown in FIG. 5). Can be simple. Alternatively, image processing is not necessary when images and characters are displayed separately (for example, the second example shown in FIG. 6).
Therefore, it is possible to reduce the processing load required for the question screen display control process, that is, the authentication.

  Furthermore, in the information processing apparatus according to the first embodiment, the image selection unit corresponds to the number of user-related images that are larger than the number of images to be selected as display target images and the user-related images for each user identification information. A set of characters is managed, a display target image and a character to be displayed corresponding to the display target image are selected from the managed user-related images and characters, and the display control unit selects the image The question screen is displayed on the terminal device based on the display target image and characters selected by the department.

  Thus, by preparing a relatively small number of image and character pairs, it is possible to display a large number of variations of question screens.

  Furthermore, in the information processing apparatus according to the first embodiment, for each user identification information, action history information related to browsing of a user image specified by the user identification information is managed. The user-related image identified by the user from the action history information is selected as the knowledge estimation image, and one or more of the knowledge estimation images are selected as display target images.

As a result, it is possible to display a knowledge estimation image that is estimated to have been acquired by browsing by the user during authentication.
Therefore, the probability that a person will answer correctly can be increased, and the authentication accuracy can be improved.

In the information processing apparatus according to the first embodiment, the image selection unit selects the knowledge estimation image by excluding past information for a predetermined time or more from the action history information.
Thereby, an image newly stored for the user is displayed at the time of authentication.
Therefore, the probability that a person answers correctly can be further improved, and the authentication accuracy can be further improved.

  Further, in the information processing apparatus according to the first embodiment, the knowledge estimation image is managed in association with characters, and the display control unit displays the display target image and the display target image in correspondence with each other. The question screen that arouses a sense of incongruity by the combination with the characters to be displayed is displayed on the terminal device, and the character information associated with each knowledge estimation image is displayed on a web page different from the web page on which the question screen is displayed. It is managed as information presented to the user together with the knowledge estimation image. Specifically, the information of the character in this example is managed as information presented to the user together with the knowledge estimated image (product image) on the product page.

As a result, on the question screen, the knowledge estimated image is displayed as the display target image, and information that is estimated to be acquired by the user by actually browsing and displayed is also displayed as the character information combined with the display target image. Is done.
Therefore, it becomes easier for the user to answer correctly, and the authentication accuracy can be further improved.

<2. Second Embodiment>
[2-1. System overview and authentication method]

In the second embodiment, the user's uncomfortable feeling is not aroused by a combination of an image and characters, but an uncomfortable feeling is caused by an image obtained by processing the original image. In particular, in the following, an image belonging to a genre that matches a genre that the user tends to prefer is selected as the knowledge estimation image Gi, and at least one display object image among the display object images Gd selected from the knowledge estimation image Gi. An example will be described in which Gd is processed for a sense of incongruity.
In the following description, parts that are the same as those already described so far are assigned the same reference numerals and description thereof is omitted.

FIG. 10 shows an example of the network system 1 ′ assumed in the second embodiment.
The difference from the network system 1 shown in FIG. 1 is that a shopping site management system 3 ′ is provided instead of the shopping site management system 3. The shopping site management system 3 ′ is different from the shopping site management system 3 in that a shopping server 3a ′ is provided instead of the shopping server 3a, and an image DB 3d is added.

In the image DB 3d, a plurality of images are managed and stored for each genre. As the genre, a genre of hobbies, for example, that can be inferred from the trend of browsing or purchasing products is assumed. Examples include baseball, soccer, golf, surfing, scuba diving, mountain climbing, photography, railways, cars, reading, music appreciation, and other genres.
The image stored in the image DB 3d may be either a still image or a moving image, or both.

FIG. 11 shows an example of the image management information Im for managing images stored in the image DB 3d.
In the image management information Im, for example, image IDs of a plurality of images previously selected as belonging to the genre are associated with each genre exemplified above.
Such image management information Im is stored in a state in which the shopping server 3a ′ can read out in the shopping site management system 3 ′. In this example, the image management information Im is stored in, for example, the image DB 3d.

FIG. 12 is a functional block diagram illustrating various processes executed by the shopping server 3a ′ for realizing the authentication process according to the second embodiment, divided into functions.
The difference from the shopping server 3a in the first embodiment is that an image selection processing unit F2 ′ is provided instead of the image selection processing unit F2, and a display control processing unit F3 ′ is provided instead of the display control processing unit F3. It is a point.

  The image selection processing unit F2 ′ acquires the user's favorable genre information Ij specified from the user ID based on the user ID acquired from the terminal device that transmitted the request, and the acquired favorable genre information Ij and FIG. A plurality of images belonging to a genre that the user tends to prefer are selected as knowledge estimation images Gi based on the image management information Im shown in FIG. Then, a plurality of selected knowledge estimation images Gi are selected as display target images Gd.

Also in the second embodiment, the selection of the knowledge estimation image Gi is performed in advance as a pre-selection process.
Specifically, the image selection processing unit F2 ′ acquires, for each user ID managed in the user DB 3c, the trending genre information Ij corresponding to the user ID and the image ID in the image management information Im. A process of selecting a plurality of image IDs that are associated with genre information that matches the preferred genre information Ij and storing the selected image ID in association with the user ID is executed as a pre-selection process. Keep it.

FIG. 13 shows an example of the question screen material management information I2 constructed by the above preselection process.
As shown in the figure, in the question screen material management information I2, image IDs of a plurality of images selected as the knowledge estimation images Gi based on the favorable genre information Ij are associated with each user ID.
Such question screen material management information I2 is stored in a state in which the shopping server 3a ′ can be read in the shopping site management system 3 ′. In this example, it is memorize | stored in the memory | storage device with which shopping server 3a ', such as the memory | storage part 108 shown in FIG.

  The image selection processing unit F2 'selects the display target image Gd based on the question screen material management information I2 as described above in response to the reception of the request from the terminal device. That is, the image selection processing unit F2 ′ is displayed on the question screen from among the image IDs associated with the user ID that matches the user ID acquired from the terminal device among the user IDs in the question screen material management information I2. The number of image IDs (“2” in this example) to be selected is selected as the image ID of the display target image Gd.

  Note that the selection process of the knowledge estimation image Gi can also be executed after a request from the terminal device is received.

  The display control processing unit F3 ′ performs image processing on a predetermined number of display target images Gd among the display target images Gd selected by the image selection processing unit F2 ′, and displays them on the question screen in a manner that arouses the user's discomfort. .

FIG. 14 shows an example of a question screen displayed under the control of the display control processing unit F3 ′.
In FIG. 14, as the question screen, for the two display target images Gd selected by the image selection processing unit F2 ′, an image that has not been subjected to image processing and an image that has been subjected to image processing (that is, intended to arouse a sense of incongruity). An example in which a total of four images are displayed is shown. Specifically, in the example of this figure, the image with the character information “a” and “b” in the figure is an unprocessed image, and the image with the character information “c” is “b”. An image obtained by performing an image processing process as a color reversal process on an image to which character information of “d” is attached, and an image to which character information of “d” is attached to an image to which character information of “a” is attached The image is subjected to image processing as processing.

  In the question screen in this case, the non-processed and processed images, and character information (ad) attached as identifiers of the images, character information as a question sentence, and answer options Certain character information and check boxes cb1 to cb4 for selecting an answer are displayed.

It should be noted that there are various ways of image processing for raising a sense of incongruity other than the above color inversion and upside down inversion. For example, it is conceivable that only the highlight portion or shadow portion of the original image is inverted (color inversion), the shape of the subject is deformed or curved, or another image is synthesized.
In particular, when the display target image Gd is a moving image, as image processing, processing for changing the playback speed from the original image (for example, slow playback or double speed playback), or the playback order is reverse to that of the original image. (So-called reverse reproduction) processing can be performed.

  The display control processing unit F3 'generates a question screen according to the aspect illustrated in FIG. 14 based on the display target image Gd selected by the image selection processing unit F2', and displays the question screen on the terminal device that transmitted the request.

In the above description, an example is given in which image processing for inducing a sense of discomfort to all the images selected as the display target image Gd is displayed on the question screen. However, image processing for inducing discomfort is a display It may be applied to at least one of the images selected as the target image Gd.

[2-2. Processing procedure]

With reference to the flowcharts of FIG. 15 and FIG. 16, the procedure of processing to be executed to realize the authentication method of the second embodiment described above will be described.
The processing shown in FIGS. 15 and 16 is executed by the CPU 101 in the shopping server 3a ′ based on a program stored in a predetermined storage device such as the ROM 102 or the storage unit 108, for example.
In FIG. 15 and FIG. 16, processes that are the same as the processes that have already been described are denoted by the same step numbers unless otherwise specified, and description thereof is omitted.

FIG. 15 shows a procedure of processing to be executed in order to realize the prior selection of the knowledge estimation image Gi.
In FIG. 15, when the shopping server 3a ′ sets the start value nS as the processing target ID identification value n in step S101, the trending genre information Ij for the nth user ID is acquired in the subsequent step S501.
Further, in the next step S502, the shopping server 3a ′ acquires the image ID of an image belonging to a genre that matches the genre that the user tends to prefer from the image DB 3d. That is, in the image management information Im stored in the product DB 3d, a predetermined plurality of image IDs are acquired from the image IDs associated with the genre information that matches the acquired favorable genre information Ij. Acquired as an image ID.

In subsequent step S503, shopping server 3a ′ stores the acquired image ID in association with the user ID.
When the storage process of step S503 is executed, the shopping server 3a ′ proceeds to the above-described step S104, and if the process target ID identification value n is not equal to or greater than the end value nE, the process target ID identifier n is set in step S105. The process returns to step S501, and if the process target ID identification value n is equal to or greater than the end value nE, the process shown in FIG. 15 ends.

  Through the above processing, the selection of the knowledge estimation image Gi for each user ID and the association with the user ID are performed for each user ID within the range of the processing target ID identification value n = start value nS to end value nE. Question screen material management information I2 as shown in FIG. 13 is constructed.

FIG. 16 shows a question screen generation process in the second embodiment.
Note that the shopping server 3a ′ of the second embodiment also executes the same processing as the processing shown in FIG. 10 in response to a request from the terminal device, but in the case of the first embodiment. Since only the question screen generation process in step S301 is different from the above, only the question screen generation process in step S301 will be described here.

In FIG. 16, when the shopping server 3a ′ obtains the user ID corresponding to the terminal device that transmitted the request in step S401, the process proceeds to step S601 and obtains favorable genre information Ij corresponding to the obtained user ID.
In step S602, the shopping server 3a ′ selects a display target image Gd to be used for the question screen based on the trending genre information Ij and the question screen material management information I2. That is, the number of image IDs to be displayed on the question screen is displayed from among the image IDs associated with the user ID that matches the user ID acquired in step S401 among the user IDs in the question screen material management information I2. This is selected as the image ID of the target image Gd.
Note that the selection of the image ID in step S602 is desirable so that the same image is not selected every time for the same user ID, for example, by selecting at random, for example, because it is difficult to capture the authentication process by the bot.

  When the selection process of step S602 is executed, the shopping server 3a ′ selects a predetermined number of images (image IDs) from among the display target images Gd (image IDs) as the discomfort target image Gc (image IDs) in step S403. In step S603, the processing for the uncomfortable feeling target image Gc is performed. That is, an image specified by the image ID of the uncomfortable feeling target image Gc selected in step S403 is acquired from the image DB 3d, and an image processing process for inducing an uncomfortable feeling is performed on the acquired image. Examples of the type of image processing performed in step S603 include color inversion and upside down as described above. In addition, when the discomfort target image Gc is a moving image, a process of processing the moving image so that the moving image is subjected to slow reproduction, double speed reproduction, reverse reproduction, or the like in the terminal device is also included.

  Note that the type of image processing applied to the image selected as the uncomfortable feeling target image Gc is not the same every time, but it is desirable to make it different by, for example, selecting at random in order to make it difficult to capture the authentication process by the bot.

Further, in subsequent step S604, the shopping server 3a ′ generates HTML data of a question screen using the processed image, the pre-processed image, and the remaining display target image Gd. That is, of the display target image Gd selected in step S602, the image subjected to the image processing in step S603, the display target image Gd before the image processing, the remaining display target image Gd, and the character as the image identifier HTML data of a web page in which information, character information as a question sentence, character information as an answer option, and a check box cb are laid out in a predetermined manner is generated as HTML data of a question screen. At this time, the remaining display target image Gd is acquired from the image DB 3d based on the image ID selected in step S602.
Note that the question screen illustrated in FIG. 14 is an example when all the display target images Gd selected in step S602 are selected as the uncomfortable feeling target images Gc in step S403. In this case, since there is no “remaining display target image Gd”, it goes without saying that the image Gd cannot be displayed on the question screen.

  In response to executing the process of step S604, the shopping server 3a 'ends the question screen generation process of step S301.

  In addition, also when the method of arousing a sense of incongruity with the processed image is employed as in the second embodiment, the knowledge estimation image Gi (display target image Gd) is the product DB 3b as in the first embodiment. Can be used. In this case, the image DB 3d shown in FIG.

Further, in the above, as the knowledge estimation image Gi (display target image Gd), an image of a genre that the user tends to prefer is selected and displayed on the question screen, but as the knowledge estimation image Gi, As exemplified in the first embodiment, selection may be made based on action history information. For example, an image of a product having a browsing history or purchase history, an image of a product that has been put into a shopping cart, an image of a bookmarked product, or the like.

[2-3. Summary of Second Embodiment]

As described above, in the information processing apparatus (shopping server 3a ′) according to the second embodiment, for each user identification information, information on a genre that the user specified by the user identification information tends to prefer is managed. The image selection unit (image selection processing unit F2 ′) selects images belonging to a genre that matches a genre that the user tends to prefer among images in the storage unit (image DB 3d) in which images are managed and stored for each genre. It is selected as a knowledge estimation image, and one or more of the knowledge estimation images are selected as display target images.

As a result, an image other than the image estimated to be actually viewed by the user can also be selected as the knowledge estimated image.
Accordingly, the selection of display target images to be displayed on the question screen can be enhanced, the variation of the question screen can be increased, and the authentication process by the bot can be made more difficult.

  In the information processing apparatus according to the second embodiment, the display control unit (display control processing unit F3 ') selects one or a plurality of user-related images as moving images as display target images.

Thereby, a moving image is displayed as a display target image on the question screen.
When analyzing whether or not the computer program as a bot is displayed in a manner in which an uncomfortable feeling is displayed on the display target image on the question screen, if the target image is a moving image, the target image is a still image However, it is possible to make the analysis more difficult, for example, by spending a lot of time for the analysis. For this reason, it is possible to make the authentication processing by the bot more difficult and further improve the authentication accuracy.

<3. Program and Storage Medium>

As described above, the shopping server 3a as the embodiment of the information processing apparatus according to the present invention has been described. However, the program of the embodiment transfers the processing of the shopping server 3a (or 3a ′) to the information processing apparatus (CPU or the like). It is a program to be executed.

The program according to the embodiment includes one or more of a request reception function that receives a request transmitted by a terminal device and a user-related image that is an image that can be specified based on user identification information acquired from the terminal device. An image selection function for selecting an image as a display target image, and the display target image selected by the image selection function are arranged, and one or more of the display target images are displayed in a manner that arouses the user's uncomfortable feeling. A display control function for displaying a question screen on the terminal device, an input information receiving function for receiving input information for the question screen, and an answer to the question screen based on the input information received by the input information receiving function. An answer determination function for determining whether or not the answer is correct, and a response to the request based on a determination result by the answer determination function Realizing a request processing function to process, the information processing apparatus.
That is, this program corresponds to a program that causes an information processing apparatus such as the shopping server 3a (3a ′) to execute the processing described with reference to FIGS. 7 to 9, FIG. 15, FIG.

By such a program, the information processing apparatus as the shopping server 3a (3a ′) described above can be realized.
Such a program can be stored in advance in an HDD as a storage medium built in a device such as a computer device, a ROM in a microcomputer having a CPU, or the like. Alternatively, it can be stored (stored) temporarily or permanently in a removable storage medium such as a semiconductor memory, memory card, optical disk, magneto-optical disk, or magnetic disk. Such a removable storage medium can be provided as so-called package software.
Further, such a program can be installed from a removable storage medium to a personal computer or the like, or can be downloaded from a download site via a network such as a LAN or the Internet.

<4. Modification>

The present invention is not limited to the specific examples described above, and various modifications can be considered.
For example, in the first embodiment, the case where the product name information is used as the character information to be displayed corresponding to the display target image is exemplified, but the character information is combined with the display target image and the character information is displayed. Any character information selected as a display target image that can arouse the user's discomfort may be used, and is not limited to product name information.

  Moreover, although the case where this invention was applied to the authentication process performed in EC site as a shopping site was illustrated above, this invention is not only the authentication process which concerns on a shopping site, but the authentication currently performed in electronic commerce. It can be applied to a wide range of processing.

  1, 1 'network system, 2 network, 3, 3' shopping site management system, 3a, 3a 'shopping server, 3d image DB (database), 4 user terminal, 5 store terminal, 101 CPU, F1 request reception processing unit, F2, f2 ′ image selection processing unit, F3, F3 ′ display control processing unit, F4 input information reception processing unit, F5 answer determination processing unit, F6 request processing unit

Claims (11)

A request accepting unit that accepts a request transmitted by the terminal device;
An image selection unit that selects one or a plurality of images as display target images from among user-related images that are images that can be specified based on user identification information acquired from the terminal device;
A display control unit that causes the terminal device to display a question screen in which the display target image selected by the image selection unit is arranged and one or more of the display target images are displayed in a manner that provokes the user's discomfort When,
An input information receiving unit for receiving input information for the question screen;
An answer determination unit for determining whether an answer to the question screen is a correct answer based on the input information received by the input information receiving unit;
A request processing unit that performs processing on the request based on a determination result by the answer determination unit. Each of the user-related images is managed in association with characters,
The display control unit
The information processing apparatus according to claim 1, wherein the terminal screen displays the question screen that arouses the sense of discomfort by a combination of the display target image and the characters displayed corresponding to the display target image. The image selection unit
For each of the user identification information, managing a set of a number of the user-related images and the characters corresponding to the user-related images, which are larger than the number of images to be selected as the display target images, Select a character to be displayed corresponding to the display target image from the managed user-related image and the character,
The display control unit
The information processing apparatus according to claim 2, wherein the question screen is displayed on the terminal device based on the display target image and the characters selected by the image selection unit. For each of the user identification information, action history information related to browsing of the user image specified by the user identification information is managed,
The image selection unit
The user-related image identified by the user from the action history information is selected as a knowledge estimation image, and one or more of the knowledge estimation images are selected as the display target image. Information processing device. The image selection unit
The information processing apparatus according to claim 4, wherein the knowledge estimation image is selected by excluding past information for a predetermined time or more from the action history information. Each of the knowledge estimation images is managed in association with characters,
The display control unit
Causing the terminal device to display the question screen that provokes the sense of discomfort by a combination of the display target image and the characters to be displayed corresponding to the display target image;
The information on the character associated with each knowledge estimation image is managed as information presented to the user together with the knowledge estimation image on a web page different from the web page on which the question screen is displayed. The information processing apparatus according to claim 4. For each of the user identification information, information of a genre that tends to be preferred by the user specified by the user identification information is managed,
The image selection unit
Among the images in the storage unit in which images are managed and stored for each genre, an image belonging to a genre that matches the genre that the user tends to prefer is selected as a knowledge estimation image, and one of the knowledge estimation images is selected. The information processing apparatus according to claim 1, wherein a plurality of images are selected as the display target images. The display control unit
The information processing apparatus according to claim 1, wherein one or more of the user-related images as moving images are selected as the display target images. A request receiving step for receiving a request transmitted by the terminal device;
An image selection step of selecting one or a plurality of images as display target images from among user-related images that are images identifiable based on user identification information acquired from the terminal device;
Display control step for displaying on the terminal device a question screen in which the display target image selected in the image selection step is arranged and one or more of the display target images are displayed in a manner that arouses the user's discomfort. When,
An input information receiving step for receiving input information for the question screen;
An answer determination step of determining whether an answer to the question screen is a correct answer based on the input information received by the input information receiving step;
An information processing method in which an information processing apparatus executes a request processing step of performing processing on the request based on a determination result in the answer determination step. A request accepting function for accepting a request transmitted by the terminal device;
An image selection function for selecting one or a plurality of images as display target images from among user-related images that are images that can be specified based on user identification information acquired from the terminal device;
A display control function for displaying on the terminal device a question screen in which the display target image selected by the image selection function is arranged and one or more of the display target images are displayed in a manner that provokes the user's discomfort. When,
An input information receiving function for receiving input information for the question screen;
Based on the input information received by the input information reception function, an answer determination function for determining whether an answer to the question screen is a correct answer;
A request processing function for processing the request based on a determination result by the answer determination function;
A program that makes an information processing device realize this. A request accepting function for accepting a request transmitted by the terminal device;
An image selection function for selecting one or a plurality of images as display target images from among user-related images that are images that can be specified based on user identification information acquired from the terminal device;
A display control function for displaying on the terminal device a question screen in which the display target image selected by the image selection function is arranged and one or more of the display target images are displayed in a manner that provokes the user's discomfort. When,
An input information receiving function for receiving input information for the question screen;
Based on the input information received by the input information reception function, an answer determination function for determining whether an answer to the question screen is a correct answer;
A request processing function for processing the request based on a determination result by the answer determination function;
A storage medium that stores a program for causing an information processing apparatus to realize the program.

Images