JP7242513B2 - Information management method - Google Patents

Description

Embodiments of the present invention relate to information management methods .

In recent years, it is known to provide various services to a user using a client terminal by authenticating the user using an authenticator such as a camera. Note that user recognition is performed by applying a predetermined algorithm to information representing user features (hereinafter referred to as feature information) obtained using an authenticator.

Here, the information about the above-described predetermined algorithm (hereinafter referred to as algorithm information) needs to be managed in the client terminal or the server device. There is concern about risks such as unauthorized login to the server device.

Japanese Patent No. 6284576

Therefore, the problem to be solved by the present invention is to provide an information management method capable of reducing the risk of information leakage.

An information management method according to an embodiment acquires feature information representing features of a user using a terminal device via an authenticator, and algorithm information relating to an algorithm for recognizing the user based on the feature information. generating first and second restoration information capable of restoring the algorithm information from the algorithm information; and storing the first restoration information in a first storage means included in the terminal device and storing the second restoration information in second storage means included in a server device communicably connected to the terminal device. The algorithm information includes machine learning models generated by learning the feature information. Generating the first and second restoration information includes dividing the machine learning model into first and second restoration information on a file-by-file basis when the machine learning model is composed of a plurality of files. .

1 is a block diagram showing an example of the functional configuration of an information management system according to the first embodiment; FIG. FIG. 4 is a diagram showing an example of the hardware configuration of a client terminal; 4 is a sequence chart showing an example of a processing procedure of registration processing; 4 is a sequence chart showing an example of a processing procedure of login processing; FIG. 11 is a block diagram showing an example of the functional configuration of an information management system according to the second embodiment; FIG. The figure which shows the outline|summary of Web Authentication API. 4 is a sequence chart showing an example of a processing procedure of registration processing; The figure which shows an example of the data structure of a machine-learning model. The figure which shows an example of 1st restoration information. The figure which shows an example of 2nd restoration information. The figure which shows the other example of the data structure of a machine-learning model. FIG. 11 is a diagram showing another example of first restoration information; FIG. 11 is a diagram showing another example of second restoration information; 4 is a sequence chart showing an example of a processing procedure of login processing; FIG. 4 is a diagram for explaining a specific flow when using services provided in the information management system according to the embodiment;

Hereinafter, each embodiment will be described with reference to the drawings.
(First embodiment)
First, the first embodiment will be explained. FIG. 1 is a block diagram showing an example of the functional configuration of an information management system according to this embodiment.

As shown in FIG. 1, the information management system includes client terminals 10 and server devices 20 .

The client terminal 10 is a terminal device (electronic device) used by a user, and includes, for example, a smart phone, a tablet computer, a personal computer, and the like.

The server device 20 is communicably connected to the client terminal 10 and provides various services to the user using the client terminal 10 .

Here, in this embodiment, it is assumed that a user needs to log in to the server device 20 (information management system) in order to use the services provided by the server device 20 . It is assumed that the authenticator 30 connected to the client terminal 10 is used when the user logs into the server device 20 .

The authenticator 30 is an electronic equipment (device) capable of obtaining feature information representing features (biological features) of the user using the client terminal 10, and includes at least a camera, a microphone, a fingerprint authentication device, and the like. including one. Note that when the authenticator 30 is a camera, the feature information obtained using the authenticator 30 is an image (information) including the user's face. Also, when the authenticator 30 is a microphone, the characteristic information obtained using the authenticator 30 is the voice (information) of the user. Furthermore, when the authenticator 30 is a fingerprint authenticator, the feature information obtained from the authenticator 30 is the feature points (information) of the user's fingerprint obtained via the fingerprint authenticator. Note that the feature information described below may be part of the feature points of an image, voice, or fingerprint obtained using the authenticator 30, or a value obtained by converting or processing these (feature value ) etc. may be included.

The client terminal 10 includes a user recognition section 11 , a login control section 12 , an algorithm information management section 13 and a storage section (first storage section) 14 .

The user recognition unit 11 acquires feature information from the authenticator 30 described above. The user recognition unit 11 has a function of recognizing the user using the client terminal 10 based on the acquired characteristic information.

The login control unit 12 determines whether the user recognized by the user recognition unit 11 is an authorized user. A valid user is a user registered in advance in the information management system (that is, a user who can use the services provided by the server device 20). When the user is determined to be an authorized user, the login control unit 12 requests the server device 20 to log in the user to the server device 20 .

Here, although details will be described later, when the user recognition unit 11 recognizes a user, feature information representing the features of the user is applied to a predetermined algorithm. Algorithm information in this case is generated by the user recognition unit 11 based on feature information representing features of the user when the user using the client terminal 10 is registered in advance as a valid user.

Based on the algorithm information generated by the user recognition unit 11, the algorithm information management unit 13 generates at least two pieces of restoration information capable of restoring the algorithm information.

The algorithm information management unit 13 stores (saves) one of the two generated restoration information (hereinafter referred to as first restoration information) in the storage unit 14, and stores the other (hereinafter referred to as second restoration information). ) to the server device 20 .

When the user recognition unit 11 recognizes the user as described above, the algorithm information restored based on the first and second restoration information is used.

The server device 20 includes a login processing section 21 and a storage section (second storage section) 22 . The login processing unit 21 causes the user to log in to the server device 20 when a login request is received from the client terminal 10 (login control unit 12) as described above.

The storage unit 22 stores the second restoration information transmitted from the client terminal 10 (algorithm information management unit 13) as described above.

Although only one client terminal 10 is shown in FIG. 1 for convenience, the information management system may be configured to include multiple client terminals 10 used by multiple users.

FIG. 2 shows an example of the hardware configuration of the client terminal 10 shown in FIG. Here, a case where the client terminal 10 is, for example, a smartphone will be described.

As shown in FIG. 2, the client terminal 10 includes a CPU 101, a nonvolatile memory 102, a main memory (RAM) 103, a communication device 104, a touch screen display 105, and the like.

The CPU 101 is a hardware processor that controls the operation of each component within the client terminal 10 . The CPU 101 may be a single processor or may be composed of multiple processors. The CPU 101 executes various programs loaded into the main memory 103 from the non-volatile memory 102, which is a storage device. The programs executed by the CPU 101 include an operating system (OS) and an application program 103a for a user using the client terminal 10 to log into the server device 20 and use the services provided by the server device 20. be

In this embodiment, some or all of the user recognition unit 11, the login control unit 12, and the algorithm information management unit 13 shown in FIG. That is, it shall be realized by software. This application program 103a may be stored in a computer-readable storage medium and distributed, or may be downloaded to the client terminal 10 through a network. Also, the storage unit 14 shown in FIG. 1 is realized by, for example, the non-volatile memory 102 or other storage devices.

The communication device 104 is a device configured to communicate with an external device such as the server device 20 .

The touch screen display 105 is attached to the upper surface of the main body of the client terminal 10 so as to be superimposed thereon. The touch screen display 105 incorporates a flat panel display and a sensor configured to detect a touch position, such as a finger, on the screen of the flat panel display. Flat panel displays include, for example, liquid crystal displays (LCDs) and the like. As the sensor, for example, a capacitive touch panel or the like can be used.

With such a touch screen display 105, it is possible to detect a user's operation (for example, an operation of touching the screen, etc.) on the screen displayed on the client terminal 10 (flat panel display).

In FIG. 1, the client terminal 10 and the authenticator 30 are described as separate devices (apparatuses), but the authenticator 30 (for example, a camera, etc.) is incorporated in the client terminal 10. I don't mind.

2, the client terminal 10 is described as being a smart phone, but if the client terminal 10 is a personal computer, for example, instead of the touch screen display 105, an input device such as a mouse and a keyboard and a liquid crystal display A configuration including a display device such as a display may be used.

Although the hardware configuration of the client terminal 10 has been described here, the server device 20 may be configured to include, for example, a CPU, a nonvolatile memory, a main memory, a communication device, and the like.

Next, the operation of the information management system according to this embodiment will be described. In this embodiment, the information management system mainly includes a process of registering a user in advance (hereinafter referred to as a registration process) in order to be able to use the service provided by the server device 20, and a user registered by the registration process. A process (hereinafter referred to as a log-in process) for causing the user to log in to the server device 20 using the algorithm information is executed. Registration processing and login processing will be described below.

First, with reference to the sequence chart of FIG. 3, an example of the procedure of registration processing executed in the information management system will be described.

In order for a user to use the services provided by the server device 20, it is necessary to log in to the server device 20. In order for the user to log in to the server device 20, the user must be registered in the information management system in advance. need to keep Note that, in the present embodiment, registering a user means enabling the user to log in to the server device 20 . A user registered in the information management system by the registration process shown in FIG. 3 is hereinafter referred to as a target user for convenience.

In this case, the target user displays a user registration screen on the client terminal 10 (touch screen display 105) by operating the client terminal 10, and inputs user information indicating the target user on the user registration screen. A user ID or the like for identifying a target user is used as user information, but the user information may be other information such as a user name.

The user information thus input by the target user is transmitted to the login control unit 12 as a user registration request (step S1).

When the process of step S1 is executed, the login control unit 12 receives the user registration request (user information) transmitted in step S1, and transmits the user information to the user recognition unit 11 as an algorithm information generation request. (Step S2). By executing the process of step S2, the user recognition unit 11 is requested to generate algorithm information.

Next, the user recognition unit 11 receives the algorithm information generation request (user information) transmitted in step S2, and sends feature information representing the features of the target user to the authenticator 30 (hereinafter referred to as feature information of the target user). notation) (step S3).

The authenticator 30 acquires the feature information of the target user in response to the request from the user recognition section 11, and returns the feature information of the target user to the user recognition section 11 (step S4).

Note that the authenticator 30 may operate to notify the target user that is necessary to acquire the feature information of the target user. Specifically, when the authenticator 30 is a camera, a message may be displayed that prompts the target user to take an image including the target user's face. The same applies when the authenticator 30 is a microphone or a fingerprint authenticator.

When the process of step S4 is executed, the user recognition unit 11 receives (acquires) the feature information of the target user transmitted from the authenticator 30 in step S4, and recognizes the user based on the feature information of the target user. Algorithm information about an algorithm for recognition is generated (step S5).

Note that the algorithm indicated by the algorithm information generated in step S5 can obtain user information when the feature information of the target user is input (that is, one piece of user information can be specified from the feature information). ), and may consist of, for example, a plurality of conditions for recognizing a user. Also, the algorithm information may include, for example, feature information of the target user, user information, and the like.

By generating such algorithm information, the information management system (client terminal 10) can recognize the target user based on the algorithm indicated by the algorithm information.

The algorithm information generated in step S5 is sent to the algorithm information management unit 13 as a restoration information generation request (step S6).

Next, the algorithm information management unit 13 receives the algorithm information transmitted as the restoration information generation request in step S6, and generates first and second restoration information capable of restoring the algorithm information based on the algorithm information. (step S7).

The first restoration information among the first and second restoration information generated in step S7 is stored (registered) in the storage unit 14 included in the client terminal 10 (step S8).

On the other hand, the second restoration information out of the first and second restoration information generated in step S7 is the algorithm The data is returned from the information management section 13 to the user recognition section 11 (step S9).

The second restoration information returned to the user recognition unit 11 as a response to the restoration generation request in step S9 is used by the user as a response to the algorithm information generation request transmitted from the login control unit 12 to the user recognition unit 11 in step S2. It is returned from the recognition unit 11 to the login control unit 12 (step S10).

When the process of step S10 is executed, the login control unit 12 transmits the second restoration information returned from the user recognition unit 11 in step S10 to the server device 20 (login processing unit 21) (step S11). In step S<b>11 , the user information indicating the target user is transmitted from the login control unit 12 to the server device 20 together with the second restoration information.

The login processing unit 21 included in the server device 20 receives the second restoration information and the user information transmitted from the login control unit 12 (client terminal 10) in step S11, and associates the second restoration information with the user information. is stored (saved) in the storage unit 22 (step S12).

As will be described later, the target user is recognized based on the algorithm information restored from the first and second restoration information. You will be able to log in to

When the process of step S12 is executed, the server device 20 notifies the client terminal 10 (login control unit 12) that the second restoration information has been stored in the storage unit 22 (storage completion notification) (step S13). .

The login control unit 12 that has received the notification from the server device 20 in step S13 notifies the target user that the target user has been registered in the information management system (registration completion notification) (step S14). Note that when step S14 is executed, a message or the like indicating that the target user has been registered in the information management system is displayed on the touch screen display 105, for example.

By executing the processing shown in FIG. 3 described above, the target user is registered in the information management system and can log in to the server device 20 .

Here, the case where a target user using one client terminal 10 is registered in the information management system has been described. The processing shown in FIG. 3 is executed for each user. In this case, the storage unit 22 included in the server device 20 stores the second restoration information for each (user using) the client terminal 10 .

Next, an example of the procedure of login processing executed in the information management system will be described with reference to the sequence chart of FIG.

First, when a target user registered in advance in the information management system logs in to the server device 20 by executing the processing in FIG. 10 (touch screen display 105) to display a login screen, and input user information (first user information) indicating the target user on the login screen. The user information input by the target user here is the same as the user information input by the target user in FIG. 3 described above.

The user information thus input by the target user is transmitted to the login control unit 12 as a login request (step S21).

When the process of step S21 is executed, the login control unit 12 receives the login request (user information) transmitted in step S21, and transmits the user information to the user recognition unit 11 as a user recognition (identification) request. (step S22). By executing the processing of step S22, the user recognition unit 11 is requested to perform processing for recognizing the target user.

Next, the user recognition unit 11, which has received the user recognition request transmitted in step S22, requests algorithm information used for recognizing the target user from the algorithm information management unit 13 (step S23). In step S23, the user information indicating the target user is transmitted from the user recognition section 11 to the algorithm information management section 13. FIG.

The algorithm information management unit 13 requests the second restoration information from the server device 20 in response to the request from the user recognition unit 11 in step S23 (step S24). In this step S24, the user information indicating the target user described above is transmitted from the algorithm information management section 13 to the server device 20. FIG.

In this case, the server device 20 (login processing unit 21) acquires the second restoration information from the storage unit 22 included in the server device 20 in response to the request from the algorithm information management unit 13 in step S24.

Here, as described above, since the storage unit 22 stores the second restoration information and the user information in association with each other, the server device 20 receives the data from the algorithm information management unit 13 (client terminal 10) in step S24. The second restoration information stored in the storage unit 22 in association with the received user information is acquired. The second restoration information acquired here is the algorithm information generated based on the feature information of the target user in step S5 shown in FIG. 3 (that is, the algorithm information used to recognize the target user). This is the information for restoring the

The server device 20 returns the acquired second restoration information to the algorithm information management unit 13 (client terminal 10) as a response to the request from the algorithm information management unit 13 in step S24 (step S25).

Next, the algorithm information management unit 13 acquires first restoration information stored in the storage unit 14 included in the client terminal 10 (step S26).

The algorithm information management unit 13 restores algorithm information based on the first restoration information acquired in step S26 and the second restoration information returned from the server device 20 in step S25 (step S27).

The algorithm information restored in step S27 is returned from the algorithm information management section 13 to the user recognition section 11 as a response to the request from the user recognition section 11 in step S23 (step S28).

When the process of step S28 is executed, the user recognition unit 11 requests feature information representing the features of the target user (target user feature information) from the authenticator 30 (step S29).

The authenticator 30 acquires the feature information of the target user in response to the request from the user recognition section 11, and returns the feature information of the target user to the user recognition section 11 (step S30).

The processing of steps S29 and S30 is the same as the processing of steps S3 and S4 shown in FIG. 3 described above.

Next, the user recognition unit 11 recognizes (identifies) the target user based on the algorithm information returned from the algorithm information management unit 13 in step S28 and the feature information of the target user returned from the authenticator 30 in step S30. (step S31).

In this case, the user recognition unit 11 acquires user information (second user information) by applying the feature information of the target user to the algorithm indicated by the algorithm information.

When the process of step S31 is executed, the user recognition unit 11 transmits the recognition result (second user information) of the target user in step S31 from the login control unit 12 to the user recognition unit 11 in step S22. It is returned to the login control unit 12 as a response to the user recognition request received (step S32).

Next, the login control unit 12 compares the user information returned from the user recognition unit 11 in step S32 with the user information (first user information) input by the target user to determine whether the target user is an authorized user. It is determined whether or not.

Here, if it is determined that the target user is not an authorized user (that is, the user information does not match), the processing shown in FIG. 4 ends. In this case, for example, the login control unit 12 may notify the user that the target user cannot log in because the user is not an authorized user.

On the other hand, when it is determined that the target user is an authorized user (that is, the user information matches), the login control unit 12 sends the user information indicating the target user, for example, as a login request to the server device 20 (login processing unit 21) (step S33).

The server device 20 that has received the login request logs the target user into the server device 20, and transmits the login result to the client terminal 10 (login control unit 12) (step S34).

Upon receiving the login result, the login control unit 12 notifies the target user that the login of the target user to the server device 20 is completed (login completion notification) (step S35). Note that when step S35 is executed, a message or the like indicating that the target user's login to the server device 20 has been completed is displayed on the touch screen display 105, for example.

By executing the processing shown in FIG. 4, the target user can log in to the server device 20 and start using the service provided by the server device 20 via the client terminal 10. FIG.

As described above, in the present embodiment, as the registration process for registering the target user in advance in the information management system, the feature information of the target user who uses the client terminal 10 via the authenticator 30 (feature representing the feature of the target user) is performed. information) is obtained, algorithm information is generated based on the feature information of the target user, and first and second restoration information capable of restoring the algorithm information are generated from the algorithm information. In this case, the first restoration information is stored in the storage unit 14 (first storage unit) included in the client terminal 10, and the second restoration information is stored in the storage unit 22 (second storage unit) included in the server device 20. be.

Further, in the present embodiment, as the login process for logging the target user into the server device 20, the feature information of the target user using the client terminal 10 is acquired via the authenticator 30, and stored in the client terminal 10. The first restoration information stored in the unit 14 is obtained, the second restoration information stored in the storage unit 22 included in the server device 20 is obtained, and the algorithm information is generated based on the first and second restoration information. and recognize the target user based on the feature information and algorithm information of the target user.

The target user recognized in this way can, for example, log in to the server device 20 and use various services provided by the server device 20 .

According to the configuration of the present embodiment described above, instead of the algorithm information related to the algorithm for recognizing the user who uses the service provided by the server device 20 (that is, allowing the user to log in to the server device 20), the algorithm information By separately managing the first and second restoration information for restoring in the client terminal 10 and the server device 20, even if information leaks from one of the client terminal 10 and the server device 20, the algorithm information Since it is not restored, the risk of unauthorized login to the server device 20 or information leakage can be reduced.

In the present embodiment, the recognized target user is logged in to the server device 20, but in the present embodiment, the first and second restoration information capable of restoring the algorithm information are sent to the client terminal. It is sufficient if the configuration is managed separately from the server device 20, and the processing after the target user is recognized may be another processing.

Further, in the present embodiment, the authenticator 30 is described as being at least one of a camera, a microphone, and a fingerprint authenticator. information) may be used.

Also, in the present embodiment, two pieces of restoration information (first and second restoration information) are generated from algorithm information, but three or more pieces of restoration information may be generated. Furthermore, in the present embodiment, a plurality of pieces of restoration information may be managed separately, and part of the pieces of restoration information may be managed by an external device other than the client terminal 10 and the server device 20 .

(Second embodiment)
Next, a second embodiment will be described. In this embodiment, a specific aspect of the first embodiment described above will be described, and mainly an information management system that provides various services from the server device 20 to users via Web applications (programs) will be described.

FIG. 5 is a block diagram showing an example of the functional configuration of the information management system according to this embodiment. In FIG. 5, parts similar to those in FIG. 1 are denoted by the same reference numerals, and detailed description thereof will be omitted here.

In this embodiment, the client terminal 10 includes an algorithm information management unit 15, a localStorage 16 and a signature generation unit 17. Also, the algorithm information management unit 15 includes a dividing unit 15a and a restoring unit 15b.

In this embodiment, the user recognition unit 11, the login control unit 12, the algorithm information management unit 15, the local storage 16, and the signature generation unit 17 included in the client terminal 10 are Web It is a functional part related to the application.

The division unit 15a divides the algorithm information generated by the user recognition unit 11 to generate first and second restoration information. The first restoration information is stored (saved) in localStorage 16 . On the other hand, the second restoration information is transmitted to the server device 20 and stored (saved) in the storage unit 22 included in the server device 20 .

The restoration unit 15b restores the algorithm information based on the first restoration information stored in the localStorage 16 and the second restoration information stored in the storage unit 22 included in the server device 20. FIG.

The Web application described above runs on a browser (Web browser) that is activated (executed) on the client terminal 10, and the localStorage 16 is a storage area unique to the browser (that is, a storage area that can be used on the Web application). region).

In addition, in this embodiment, Web Authentication API, which is a standard for web applications that log in using biometric authentication, is applied. The signature generation unit 17 is a functional unit that generates a signature based on this Web Authentication API.

Here, FIG. 6 shows an outline of the authentication procedure by the Web Authentication API.

According to FIG. 6, first, the server device 20 transmits a parameter called Challenge (random value transmitted from the server) to the client terminal 10 (step S41).

Next, the browser internally verifies the parameters in the client terminal 10, and the AuthenticatorResponse. Create clientDataJSON. This parameter is passed to the authenticator 30 along with the clientDataJSON hash (step S42).

When the process of step S2 is executed, user recognition is performed using the authenticator 30, and an assertion is created (step S43). Note that the Assertion is a statement including a hash of clientDataJSON signed by a prepared private key.

The Assertion created in step S43 is returned to the browser (step S44).

Next, the browser generates final data, and the application (Javascript (registered trademark) Application) transmits a response to the server device 20 (step S45).

When the process of step S45 is executed, the server apparatus 20 verifies the response in step S45 using the public key paired with the private key (step S46).

That is, according to the authentication procedure (login processing) based on the Web Authentication API, the client terminal 10 side generates a signature using the private key for the parameter (Challenge), and the server side performs verification using the public key. It is possible to prove that the data has not been tampered with.

Next, the operation of the information management system according to this embodiment will be described. In this embodiment, the information management system executes registration processing and login processing as in the first embodiment described above. Registration processing and login processing in this embodiment will be described below.

First, an example of the procedure of registration processing executed in the information management system will be described with reference to the sequence chart of FIG. A user registered in the information management system by the registration process shown in FIG. 7 is hereinafter referred to as a target user for convenience.

In the registration process in this embodiment, the processes of steps S51 to S55 corresponding to the processes of steps S1 to S5 shown in FIG. 3 are executed.

In this embodiment, the authenticator 30 is assumed to be a camera, and the feature information obtained by using the authenticator 30 is an image including the target user's face (hereinafter referred to as the target user's image). do. In this case, in step S55, a machine learning model capable of outputting user information (label) from the target user's image (input image) is generated. This machine learning model is generated by updating parameters (for example, weighting coefficients) so as to output user information indicating the target user when an image (feature information) of the target user is input. That is, in the present embodiment, "generating algorithm information (machine learning model)" means learning the machine learning model and updating the machine learning model. Machine learning models may be generated using various known machine learning algorithms such as neural networks or random forests.

The machine learning model generated in step S55 is transmitted from the user recognition unit 11 to the algorithm information management unit 15 as an algorithm information division request (step S56).

Further, the algorithm information management unit 15 passes the algorithm information division request (machine learning model) transmitted from the user recognition unit 11 in step S56 to the division unit 15a (step S57).

The division unit 15a divides the machine learning model passed from the algorithm information management unit 15 as the algorithm information division request into first and second restoration information (step S58).

Here, the machine learning model (algorithm information) may consist of a plurality of files, or may consist of a single file.

When a machine learning model is composed of a plurality of files, the dividing unit 15a divides the machine learning model into first and second restoration information, for example, in units of files.

On the other hand, when the machine learning model is composed of a single file, the dividing unit 15a performs the machine learning based on the data structure of the machine learning model described in the file in a predetermined data format, for example. You can split the model. Specifically, when the data format of the machine learning model is JSON (JavaScript Object Notation) format, the JSON format can express a tree structure (hierarchical structure). shall be divided.

FIG. 8 shows an example of the data structure (JSON format) of the machine learning model. The data structure of the machine learning model shown in FIG. 8 has a tree structure and is composed of a plurality of blocks A to E. In this case, the dividing unit 15a can divide the machine learning model into, for example, the first restoration information shown in FIG. 9 and the second restoration information shown in FIG. The first restoration information shown in FIG. 9 includes blocks A to C among the plurality of blocks A to E. FIG. On the other hand, the second reconstruction information shown in FIG. 10 includes blocks D and E among the plurality of blocks A-E.

Although detailed explanation is omitted, for example, in the case of the data structure of the machine learning model shown in FIG. 11, the machine learning model is divided into the first restoration information shown in FIG. 12 and the second restoration information shown in FIG. can do.

Also, the first restoration information obtained by dividing the machine learning model is stored in the localStorage 16, but if the localStorage 16 has restrictions on storage performance (for example, the capacity of information that can be stored, the data format, etc.) There is Specifically, for example, in the case of major browsers, the capacity (upper limit) of information that can be stored in the localStorage 16 is often 10 MB.

Therefore, the dividing unit 15a divides the machine learning model based on the constraint of the localStorage 16 described above. Specifically, when the capacity of information that can be stored in the localStorage 16 is 10 MB as described above, the dividing unit 15a divides the machine learning model so that the size of at least the first restored information is less than 10 MB, for example. do. If the machine learning model is described in a data format other than JSON format (a data format that cannot divide the machine learning model), convert the machine learning model to JSON format and divide the machine learning model. do.

That is, in this embodiment, the algorithm information should be divided so as to obtain the first restoration information that satisfies at least the constraint of localStorage16.

If the machine learning model is described in a data format other than JSON format (a data format that cannot divide the machine learning model), convert the machine learning model to JSON format and divide the machine learning model. It is also possible to

Also, in the present embodiment, the algorithm information is described as being a machine learning model. , it is also possible to divide the algorithm information into first and second restoration information in units of conditions.

When the process of step S58 is executed, the processes of steps S59 to S65 corresponding to the processes of steps S8 to S14 shown in FIG. 3 are executed.

Although the first restoration information is stored in the storage unit 14 in step S59, the data format of the information that can be stored in the localStorage 16 may be a character string format, for example. Since (the data format of) the first restoration information is in the JSON format as described above, the first restoration information is converted from the JSON format into the character string format and stored in the storage unit 14 . The same applies to the process of step S63.

By executing the process shown in FIG. 7, the target user is registered in the information management system and can log in to the server device 20 .

Next, an example of the procedure of login processing executed in the information management system will be described with reference to the sequence chart of FIG. 14 .

In the login process in this embodiment, the processes of steps S71 to S73 corresponding to the processes of steps S21 to S23 shown in FIG. 4 described above are executed. Although omitted in FIG. 14, the process of step S41 shown in FIG. 6 is performed between steps S71 and S72, for example. Further, the process of step S72 corresponds to the process of step S42 shown in FIG.

Next, the algorithm information management unit 15 requests algorithm information from the restoration unit 15b in response to the request from the user recognition unit 11 in step S73 (step S74). In this step S74, the user information indicating the target user is transferred from the algorithm information management section 15 to the restoration section 15b.

In response to the request from the algorithm information management unit 15 in step S74, the restoration unit 15b requests the server device 20 for the second restoration information (step S75). In this step S75, the user information indicating the target user described above is transmitted from the restoring unit 15b to the server apparatus 20. FIG.

In this case, the server device 20 (login processing unit 21) acquires the second restoration information stored in the storage unit 22 in response to the request from the restoration unit 15b in step S75. Since the second restoration information stored in the storage unit 22 is in character string format, the second restoration information is converted from the character string format to the JSON format.

The server device 20 returns the acquired second restoration information to the restoration unit 15b (client terminal 10) as a response to the request from the restoration unit 15b in step S75 (step S76).

Next, the restoration unit 15b acquires first restoration information stored in the storage unit 14 included in the client terminal 10 (step S77). Since the first restoration information stored in the storage unit 14 is in character string format, the first restoration information is converted from the character string format to the JSON format.

The restoration unit 15b restores the machine learning model (algorithm information) based on the first restoration information acquired in step S77 and the second restoration information returned from the server device 20 in step S76 (step S78). In this embodiment, since the first and second restoration information are obtained by dividing the machine learning model as described above, in step S78, by integrating (combining) the first and second restoration information, Machine learning models can be restored. Specifically, in the case of the first restoration information shown in FIG. 9 and the second restoration information shown in FIG. 10, the machine learning model shown in FIG. 8 is restored by integrating the first and second restoration information. It is possible to Further, if the first restoration information shown in FIG. 12 and the second restoration information shown in FIG. 13 are used, the machine learning model shown in FIG. 11 can be restored by integrating the first and second restoration information. be.

The machine learning model restored in step S78 is returned from the restoration unit 15b to the algorithm information management unit 15 as a response to the request from the algorithm information management unit 15 in step S74 (step S79).

When the processing of step S79 is executed, the algorithm information management unit 15, as a response to the request from the user recognition unit 11 in step S73, transfers the machine learning model returned from the restoration unit 15b in step S79 to the user recognition unit. 11 (step S80).

Next, the user recognition unit 11 requests feature information of the target user from the authenticator 30 (step S81).

Here, since the authentication device 30 is a camera in this embodiment, the authentication device 30 (camera) acquires an image of the target user in response to a request from the user recognition unit 11, and uses the image as a user recognition unit. 11 (step S82).

Next, the user recognition unit 11 recognizes (identifies) the target user based on the machine learning model returned from the algorithm information management unit 13 in step S80 and the image of the target user returned from the authenticator 30 in step S82. (step S83).

In this case, the user recognition unit 11 acquires user information (label) output from the machine learning model by inputting the image of the target user into the machine learning model.

When the process of step S83 is executed, the user recognition unit 11 transmits the recognition result of the target user in step S83 (that is, whether or not the target user is a valid user) from the login control unit 12 to the user in step S72. As a response to the user recognition request sent to the recognition unit 11, it is returned to the login control unit 12 (step S84).

For example, the processing of steps S73 to S84 corresponds to the processing of step S43 shown in FIG.

Next, the login control unit 12 compares the user information returned from the user recognition unit 11 in step S84 with the user information input by the target user (user information indicating the target user) to confirm that the target user is valid. determine whether the user is a valid user. Specifically, when the user information output from the machine learning model matches the user information input by the target user, it is determined that the target user is an authorized user.

Here, if it is determined in step S84 that the target user is not an authorized user (that is, the user information does not match), the processing shown in FIG. 14 ends.

On the other hand, if it is determined in step S84 that the target user is an authorized user (that is, the user information matches), the login control unit 12 requests (generates) a signature from the signature generation unit 17 ( step S85). In this step S85, for example, a parameter including a value (Challenge) generated in the server device 20 is transmitted from the login control section 12 to the signature generation section 17. FIG.

The signature generation unit 17 generates a signature for the parameters transmitted from the login control unit 12 in response to the request from the login control unit 12 in step S85 (step S86). It should be noted that the signature in step S86 is generated using a secret key prepared in advance in the client terminal 10. FIG.

The signature generated in step S86 is returned to the login control unit 12 as a response to the request from the login control unit 12 in step S85 (step S87).

The processing of steps S85 to S87 corresponds to the processing of step S44 shown in FIG. 6 described above.

When the process of step S87 is executed, the login control unit 12 sends the user information indicating the target user and the signature returned from the signature generation unit 17 in step S87 to the server device 20 (login processing unit 21) as a login request. Send (step S88).

The server device 20 verifies the signature transmitted from the login control unit 12 using the public key paired with the private key described above (step S89). In step S89, the parameters obtained by verifying the signature using the public key are compared with the parameters generated in the server device 20 concerned.

If the parameters match in such verification (that is, if the verification is successful), the server device 20 causes the target user indicated by the user information transmitted from the login control unit 12 to log in to the server device 20, and The login result is transmitted to the client terminal 10 (login control unit 12) (step S90).

When the process of step S90 is executed, the process of step S91 corresponding to the process of step S35 shown in FIG. 4 described above is executed.

Execution of the process shown in FIG. 14 allows the target user to log in to the server device 20 and start using the services provided by the server device 20 via the client terminal 10 .

As described above, in the present embodiment, even when a service is provided from the server device 20 via a web application, it is possible to reduce the risk of information leakage, as in the first embodiment. can.

In this embodiment, the algorithm information is explained as being a machine learning model generated by learning an image (feature information), but if the machine learning model is composed of multiple files, , the machine learning model is divided into first and second restoration information on a file-by-file basis. Also, when the machine learning model consists of a single file, the machine learning model is first and second based on the data structure (for example, tree structure) of the machine learning model described in the file. 2 restoration information.

Also, as described above, if restrictions including capacity or data format are set for localStorage 16 (storage area of the browser running on the client terminal 10), the machine learning model (algorithm information) In some cases, the client terminal 10 side cannot manage it, but in this embodiment, by dividing the first restoration information from the machine learning model according to the constraint, the first restoration information can be appropriately sent to the client. Management at the terminal 10 becomes possible.

Specifically, when the capacity of the localStorage 16 is 10 MB, the machine learning model should be divided so that the first restoration information is less than 10 MB.

Also, if the localStorage 16 requires the character string format, the machine learning model (JSON format) shall be converted to the character string format (that is, the data format included in the constraint). In addition, since the JSON format is a data format that can be easily converted to a character string format, for example, if the machine learning model is in a data format other than the JSON format, a process to convert the machine learning model to the JSON format is executed. I don't mind.

According to this, even if the localStorage 16 has a capacity of 10 MB and a web application technology that requires a character string format as the data format of the localStorage 16 is applied, the configuration according to the present embodiment is realized. It is possible to

In the present embodiment, a case in which restrictions are set on the localStorage 16 included in the client terminal 10 has been mainly described. It doesn't matter if Even in such a case, similarly, the second restoration information may be divided according to the constraint from the machine learning model.

Further, in the present embodiment, by inputting the user information (first user information) input (specified) by the target user and the feature information of the target user into the machine learning model (algorithm information), from the machine learning model It compares with output user information (second user information). According to this, it is determined whether or not the target user is a valid user, and if the target user is a valid user (that is, the user information matches), the target user is logged into the server device 20. can be done.

Furthermore, in the present embodiment, a Web Authentication API is applied, a signature for a parameter including a value generated in the server device 20 is generated using a private key, and verification based on the generated signature is performed using the private key. Security can be improved by using a pair of public keys and having the target user log in to the server device 20 when the verification is successful.

Here, in the case of a configuration in which the first restoration information is managed in the client terminal 10 (localStorage 16) and the second restoration information is managed in the server device 20 (storage unit 22) as described in this embodiment, the target user is the server Since it is necessary to acquire the second restoration information from the server device 20 when logging into the device 20, the network latency increases compared to, for example, a configuration in which the entire machine learning model (algorithm information) is managed in the client terminal 10. .

On the other hand, according to the configuration according to this embodiment, it is possible to reduce the risk of information leakage as described above.

Therefore, the information management system according to the present embodiment is useful when it is desired to give priority to security even if the latency increases when the target user logs into the server device 20 . Specifically, it is useful to apply this embodiment to, for example, a financial system or an electronic payment system.

Here, FIG. 15 shows a specific case in which the target user uses (logs into the server device 20) a service provided by the information management system (for example, financial system, electronic payment system, etc.) according to the present embodiment. represents the flow.

Assuming that the client terminal 10 is a smartphone and the authenticator 30 is a camera mounted on the smartphone, the target user uses the camera mounted on the smartphone, for example, as shown in FIG. Take a picture of the user's face.

In this case, in the registration process, a machine learning model 402 is generated based on an image 401 including the target user's face taken by a camera, and first and second restoration information obtained by dividing the machine learning model 402 are respectively It is stored (saved) in the client terminal 10 and the server device 20 .

On the other hand, in the login process, an image 401 including the face of the target user captured by the camera is input to the machine learning model 402 restored from the first and second restoration information, and is output from the machine learning model 402. A target user is recognized based on the user information provided. This allows the target user to log in to the information management system (server device 20) and use the services provided by the system.

In this embodiment, a case where a web application runs on the client terminal 10 (browser) has been described, but this embodiment is applied to a case where, for example, a native application (program) runs on the client terminal 10. Even with such a configuration, it is possible to reduce the risk of information leakage.

According to at least one embodiment described above, it is possible to provide an information management method, an information management system, a terminal device, and a program capable of reducing the risk of information leakage.

While several embodiments of the invention have been described, these embodiments have been presented by way of example and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, replacements, and modifications can be made without departing from the scope of the invention. These embodiments and their modifications are included in the scope and spirit of the invention, as well as the scope of the invention described in the claims and equivalents thereof.

DESCRIPTION OF SYMBOLS 10... Client terminal (terminal device), 11... User recognition part, 12... Login control part, 13, 15... Algorithm information management part, 14... Storage part (first storage part), 15a... Division part, 15b... Restoration part , 16... localStorage, 17... signature generation unit, 20... server apparatus, 21... login processing unit, 22... storage unit (second storage unit), 30... authenticator, 101... CPU, 102... non-volatile memory, 103... Main memory 103a Application program 104 Communication device 105 Touch screen display.

Claims (5)

Acquiring feature information representing features of a user using a terminal device via an authenticator;
generating algorithm information regarding an algorithm for recognizing the user based on the feature information;
generating first and second restoration information capable of restoring the algorithm information from the algorithm information;
storing the first restoration information in a first storage means included in the terminal device;
storing the second restoration information in a second storage means included in a server device communicably connected to the terminal device ;
the algorithm information includes a machine learning model generated by learning the feature information;
Generating the first and second restoration information includes dividing the machine learning model into first and second restoration information on a file-by-file basis when the machine learning model is composed of a plurality of files.
Information management method. Acquiring feature information representing features of a user using a terminal device via an authenticator;
generating algorithm information regarding an algorithm for recognizing the user based on the feature information;
generating first and second restoration information capable of restoring the algorithm information from the algorithm information;
storing the first restoration information in a first storage means included in the terminal device;
storing the second restoration information in second storage means included in a server device communicatively connected to the terminal device;
and
the algorithm information includes a machine learning model generated by learning the feature information;
Generating the first and second recovery information includes, if the machine learning model consists of a single file, splitting the single file into first and second recovery information.
Information management method. 3. The information management method according to claim 1 , wherein said machine learning model is divided into said first and second restoration information based on constraints set for said first or second storage means. The constraint includes the capacity of the machine learning model that can be stored in the first or second storage means,
4. The information management method according to claim 3 , wherein said first or second restoration information is divided so as to be less than the capacity included in said constraint. the constraints include a data format of a machine learning model that can be stored in the first or second storage means;
4. Information according to claim 3 , wherein when the data format of the machine learning model included in the generated algorithm information is different from the data format included in the constraint, the machine learning model is converted to the data format included in the constraint. Management method.

Images