JP7436436B2 - Information processing device, information processing method, and information processing program - Google Patents

Description

The present invention relates to an information processing device, an information processing method, and an information processing program.

When the user's identity is verified based on information about the user's behavior history (location history), perform recovery of the account held by the user. The technology has been disclosed.

JP 2018-181074 Publication

However, with the above conventional technology, the user's location information must be sent to the server side as the user's action history, but from the viewpoint of privacy and security, it is not desirable to send sensitive information such as location information to the server side. Many users think that there is no such thing. Additionally, there is a risk of hijacking if a simple determination is made based on matching location information. For example, if a user stays at home all the time, such as by working from home, there is a possibility that the location information will match and the user will be hijacked just by going near the home. Furthermore, if the user follows a certain behavior pattern (movement pattern) on a daily basis, if the behavior pattern is discovered, the same location information may be acquired and the user may be hijacked.

The present application has been made in view of the above, and aims to perform identity verification on the terminal side by combining verification of logs of daily activities and questions about unique logs.

The information processing device according to the present application is an information processing device used as an authenticator, and includes an acquisition unit that acquires the user's behavior history from the user's wearable device , and the information processing device that uses the user's behavior history as learning data. Machine learning is performed to identify and select a unique history among the user's behavior history, and store the learning model and unique history as the learning results in a secure area as authentication data at the time of recovery. a specific unit that backs up the authentication data at the time of recovery to a recovery server ; If there is, the data for authentication at the time of recovery is obtained from the secure area, and if there is no data for authentication at the time of recovery, the data for authentication at the time of recovery is obtained from the recovery server, and the data for authentication at the time of recovery is obtained from the recovery server. an authentication unit that performs authentication by combining the verification of the user's usual behavior history using the authentication data of the user and questions regarding the unique history; and, if the authentication is successful, indicates the authentication success to the authentication server a transmitting unit that transmits a signal or a message , the authentication unit determining whether or not the user's usual behavior history matches the behavior history indicated in the authentication data at the time of recovery; The unique history is extracted from the action history shown in the authentication data at the time of recovery, and authentication is performed by asking questions regarding the extracted unique history .

According to one aspect of the embodiment, it is possible to perform identity verification on the terminal side by combining verification of logs of normal behavior and questions about unique logs.

FIG. 1 is an explanatory diagram showing a first overview of an information processing method according to an embodiment. FIG. 2 is an explanatory diagram showing a second overview of the information processing method according to the embodiment. FIG. 3 is a diagram illustrating a configuration example of an information processing system according to an embodiment. FIG. 4 is a diagram illustrating a configuration example of a terminal device according to an embodiment. FIG. 5 is a diagram illustrating a configuration example of an authentication server according to the embodiment. FIG. 6 is a diagram illustrating a configuration example of a recovery server according to the embodiment. FIG. 7 is a diagram showing an example of a user information database. FIG. 8 is a diagram showing an example of a history information database. FIG. 9 is a diagram showing an example of a recovery information database. FIG. 10 is a flowchart showing the processing procedure according to the embodiment. FIG. 11 is a diagram showing an example of the hardware configuration.

DESCRIPTION OF THE PREFERRED EMBODIMENTS An information processing apparatus, an information processing method, and an information processing program according to the present application (hereinafter referred to as "embodiments") will be described in detail below with reference to the drawings. Note that the information processing apparatus, information processing method, and information processing program according to the present application are not limited to this embodiment. In addition, in the following embodiments, the same parts are given the same reference numerals, and redundant explanations will be omitted.

[1. Overview of information processing method]
First, with reference to FIGS. 1 and 2, an overview of an information processing method performed by an information processing apparatus according to an embodiment will be described. FIG. 1 is an explanatory diagram showing a first overview of an information processing method according to an embodiment. FIG. 2 is an explanatory diagram showing a second overview of the information processing method according to the embodiment. Note that in FIGS. 1 and 2, an example will be described in which the terminal side verifies the user's identity by combining the verification of logs of normal behavior and the questioning of unique logs.

As shown in FIGS. 1 and 2, the information processing system 1 includes a terminal device 10, a wearable device 50, an authentication server 100, and a recovery server 200. The terminal device 10, the authentication server 100, and the recovery server 200 are connected to be able to communicate with each other by wire or wirelessly via a network N (see FIG. 3).

The terminal device 10 is a smart device such as a smartphone or a tablet used by a user U (user), and can communicate with any server device via a wireless communication network such as 4G (Generation) or LTE (Long Term Evolution). This is a mobile terminal device that can perform Further, the terminal device 10 has a screen such as a liquid crystal display, which has a touch panel function, and displays data such as content through a tap operation, a slide operation, a scroll operation, etc. from the user U using a finger or a stylus. Accepts various operations on. Note that an operation performed on an area of the screen where content is displayed may be an operation on the content. Further, the terminal device 10 may be not only a smart device but also an information processing device such as a desktop PC (Personal Computer) or a notebook PC.

The wearable device 50 is an information processing device that is worn and used like clothing, and includes wristwatch-type smart watches, eyeglass-type smart glasses, and the like.

The authentication server 100 and the recovery server 200 are information processing devices that provide services related to authentication and recovery according to this embodiment, and are realized by a server device, a cloud system, or the like.

The authentication server 100 authenticates the terminal device 10 of each user U. For example, authentication server 100 may be a RADIUS server and/or a RADIUS client. A RADIUS server and/or a RADIUS client provides an authentication service using an authentication protocol called RADIUS (Remote Authentication Dial In User Service). Further, the authentication server 100 may be an authentication server having either or both of a FIDO authentication function and a password authentication function.

The recovery server 200 acquires and stores authentication data at the time of recovery, which is used for recovering each user U's account from the terminal device 10 of each user U. do. Note that account recovery is performed not only when recovering from a failure, but also when changing models. Further, the recovery server 200 may acquire data stored in the terminal device 10 of each user U along with the authentication data at the time of recovery and store the acquired data as backup data. For example, the recovery server 200 is a server device operated by a business operator or a communication line business operator (carrier) that develops and provides an OS (Operating System) for mobile terminals.

In this embodiment, location information is verified locally (on the terminal side) using the FIDO (Fast Identity Online) protocol, without transmitting delicate information such as location information to the server side. The terminal device 10 according to this embodiment has a FIDO authentication function. In FIDO authentication, a user's identity is verified by an authenticator built into or externally attached to a client device such as a smartphone. In this embodiment, the identity of the user U is verified by an authenticator built into or externally attached to the terminal device 10 of the user U. In this embodiment, the terminal device 10 includes an authenticator 34 and an application 35.

The authenticator 34 is an authenticator built into or externally attached to the terminal device 10 of the user U, and verifies the identity of the user U. For example, the authenticator 34 may be a biometric authentication function of a smartphone, or may be implemented inside the terminal device 10 of the user U in a format that includes software such as an application or a browser and a specific hardware area. You can leave it there. The authenticator 34 may be an external authenticator such as a USB (Universal Serial Bus) key, or may be a physical device that can communicate with the terminal device 10 of the user U through wired communication or short-range wireless communication. It is also possible to use a different authentication device.

The application 35 is application software that is introduced (installed) into the terminal device 10 and used when performing recovery of the user U's account.

[1-1. Normal usage phase]
As shown in FIGS. 1 and 2, the authenticator 34 of the terminal device 10 acquires location information of the terminal device 10 (step S1). For example, the authenticator 34 may acquire the location information of the terminal device 10 using the GPS (Global Positioning System) function of the terminal device 10, or may acquire the location information of the terminal device 10 via the network N (see FIG. 3). may be obtained. Then, the authenticator 34 stores the position information as an action history (location history) in a secure area.

Subsequently, the authenticator 34 performs machine learning using the acquired position information as learning data, and stores the learning results (step S2). In this embodiment, the authenticator 34 performs on-device learning on the terminal device 10 . In reality, the authenticator 34 may perform machine learning such as federated learning, where data is distributed to individual terminal devices without being aggregated to a server device. good. Further, the authenticator 34 stores the learning model as a learning result, information on singular points (unique position information), etc. in the secure area as authentication data at the time of recovery.

Subsequently, the authenticator 34 backs up authentication data (learning model, singularity information, etc.) during recovery to the recovery server 200 via the network N (see FIG. 3) (step S3). That is, the authenticator 34 transmits authentication data during recovery to the recovery server 200 via the network N (see FIG. 3). The recovery server 200 stores the transmitted authentication data at the time of recovery. At this time, the authenticator 34 may transmit the data stored in the terminal device 10 of the user U along with the authentication data at the time of recovery to the recovery server 200 via the network N (see FIG. 3). The recovery server 200 may acquire the data stored in the terminal device 10 of the user U along with the authentication data at the time of recovery and store the acquired data as backup data. Note that the recovery server 200 may be a secondary storage device such as an HDD (Hard Disk Drive) or an SSD (Solid State Drive) owned by the user U.

Note that regarding the authentication data that is backed up at the time of recovery, the learning model is an irreversible model that cannot be converted back to position information from the model (cannot be restored). Further, the authenticator 34 or the recovery server 200 may further encrypt or vectorize the authentication data at the time of recovery.

Subsequently, the authenticator 34 receives authentication different from the terminal device 10 and the authentication server 100 from the recovery server 200 when backing up the data (step S4). At this time, the recovery server 200 authenticates the terminal device 10. This authentication may be FIDO authentication or password authentication. In other words, the type of authentication does not matter.

[1-2. Recovery phase]
As shown in FIGS. 1 and 2, the application 35 of the terminal device 10 needs to recover the account owned by the user U for some reason. At this time, a recovery request is sent to the authentication server 100 via the network N (see FIG. 3) (step S11).

For example, if the account needs to be recovered due to a problem with the terminal device 10, the system, or the network, or if the user U loses, damages, replaces, replaces, or changes the model of the terminal device 10, the user U When purchasing a new product, the user U starts and operates the application 35 on the device of the terminal device 10. The application 35 transmits a recovery request to the authentication server 100 via the network N (see FIG. 3) in response to the user U's operation. Alternatively, the application 35 automatically sends a recovery request to the authentication server 100 via the network N (see FIG. 3) when the application 35 itself or the terminal device 10 is started, or when the account of the user U cannot be recognized. You may also do so.

Subsequently, the application 35 receives an identity verification request from the authentication server 100 via the network N (see FIG. 3) (step S12). At this time, the authentication server 100 transmits an identity verification request to the terminal device 10 via the network N (see FIG. 3).

Subsequently, the application 35 requests the authenticator 34 to confirm the identity in response to the identity confirmation request from the authentication server 100 (step S13). At this time, the authenticator 34 receives a request for identity verification from the application 35.

Next, as shown in FIG. 1, if there is no authentication data (learning model, singularity information, etc.) at the time of recovery, the authenticator 34 sends the recovery information to the recovery server 200 via the network N (see FIG. 3). request for authentication data (step S14). For example, if the authentication data at the time of recovery is lost due to a malfunction or the like, or if the data for authentication at the time of recovery is not saved on the device of the terminal device 10 because the terminal device 10 is newly installed, the authenticator 34 N (see FIG. 3), requests authentication data at the time of recovery backed up in the recovery server 200.

Note that the authentication server 100 and the recovery server 200 may be the same entity. For example, the authentication server 100 and the recovery server 200 may be the same server device, or may be server functions that operate on the same computer.

Subsequently, the authenticator 34 receives authentication different from the terminal device 10 and the authentication server 100 from the recovery server 200 when requesting data (step S15). At this time, the recovery server 200 authenticates the terminal device 10. This authentication may be FIDO authentication or password authentication. In other words, the type of authentication does not matter.

Subsequently, the authenticator 34 acquires authentication data during recovery from the recovery server 200 via the network N (see FIG. 3) (step S16). For example, if the recovery server 200 succeeds in authentication, it transmits the authentication data during recovery to the authenticator 34 via the network N (see FIG. 3) in response to a request for authentication data during recovery. The authenticator 34 receives authentication data during recovery from the recovery server 200 via the network N (see FIG. 3). At this time, the recovery server 200 may transmit the saved backup data of the user U's terminal device 10 to the authenticator 34 together with the authentication data at the time of recovery. The authenticator 34 may receive the saved backup data of the terminal device 10 of the user U from the recovery server 200 together with the authentication data at the time of recovery. Further, the authenticator 34 may not be able to use the backup data of the terminal device 10 of the user U received from the recovery server 200 until the authentication on the terminal side is successful.

Note that if there is authentication data (learning model, singular point information, etc.) at the time of recovery, the authenticator 34 does not need to request or obtain the authentication data at the time of recovery. In this case, after step S13, the process may directly proceed to step S17, which will be described later, as shown in FIG. 2, without performing steps S14 to S16.

Next, the authenticator 34 accesses the wearable device 50 worn by the user U through short-range wireless communication or wired communication, and acquires cache data of the position information of the wearable device 50. (Step S17). The method by which wearable device 50 acquires its own location information may be the same as that for terminal device 10.

If the wearable device itself has a GPS function, location information data can be obtained if the user wears the device and stored within the wearable device. Wearable devices may have a synchronization function and are stored on a dedicated server, but some data remains in the wearable if it is not synchronized or before it is synchronized. Even if there is no GPS function, location information can be obtained through another device such as a user's smartphone that is linked to the wearable device, and may remain stored on the wearable device. Furthermore, regarding the acquisition method, there may be cases where the information is obtained by downloading from a synchronized server without using a cache.

Note that, in reality, the authenticator 34 and the wearable device 50 may be the same device. For example, the wearable device 50 may function as the authenticator 34, or the wearable device 50 may be equipped with the authenticator 34.

Subsequently, the authenticator 34 acquires the location information of the wearable device 50 from the cache data of the location information of the wearable device 50 by short-range wireless communication, wired communication, etc. (step S18).

Subsequently, the authenticator 34 verifies the acquired position information and asks questions regarding the singularity as an authentication process (step S19). Regarding verification of location information, for example, when comparing two pieces of location information, if the location obtained from each latitude and longitude information stays within a predetermined distance error range, it is considered to be the same location information. can do.

For example, to verify the location information, the authenticator 34 may determine whether the behavior history indicated by the cache data of the location information of the wearable device 50 matches the behavior history indicated by the authentication data at the time of recovery. good.

Further, the authenticator 34 extracts a singular point (unique history) from the behavior history shown in the authentication data at the time of recovery. For example, if a person normally only works in Tokyo, but travels to a place overseas on a business trip that is not famous (city, location, store, etc.), the location information can be considered a singularity. Alternatively, the authenticator 34 compares the behavior history indicated by the cache data of the location information of the wearable device 50 and the behavior history indicated by the authentication data at the time of recovery, and extracts the singularity. The authenticator 34 then asks questions regarding the extracted singularity.

At this time, the authenticator 34 selects (extracts) the basic singular points by selecting places that the user rarely visits (places that the user does not usually visit, places that he has visited for the first time, etc.), places that are far from his home, Places where the time is strange (unnatural, different from normal) (places visited at unusual timing), places that only the user seems to know, places that are not posted on SNS, places that are not tourist spots etc. may be selected and extracted as a singular point.

Further, the authenticator 34 may combine various positional information and express it as a singular point. For example, the authenticator 34 may select various locations with different timelines and extract them as singular points. Further, the authenticator 34 may select a location where the system is different and extract it as a singular point. Moreover, it is more preferable that the authenticator 34 extracts and combines singular points from the behavior histories of each of a plurality of communities. For example, the authenticator 34 refers to the SNS group.

Further, the authenticator 34 can determine what the user is doing based on the way the user moves. For example, the authenticator 34 determines that the person is sightseeing if the person is moving slowly at random, and determines that the person is on a business trip if the person goes to the destination without making a detour and returns (goes straight back). The authenticator 34 then asks questions regarding these.

Note that the question regarding the singularity may also be a question regarding companions, such as who did the trip with. Further, the questions regarding the singularity may be questions regarding the 5H1W, such as the purpose of the movement, date and time, place, who did it with, and what they did.

Next, as authentication processing, the authenticator 34 verifies the acquired location information and asks questions regarding the singularity. If the authentication is successful, the authenticator 34 sends a signal or message indicating authentication success (OK) to the application 35. (step S20).

Subsequently, the application 35 transmits a signal or message indicating authentication success (OK) to the authentication server 100 via the network N (see FIG. 3) (step S21). At this time, the authentication server 100 confirms the identity of the user U by receiving a signal or message indicating authentication success (OK). This completes the recovery of the account owned by user U.

Thereafter, the authentication server 100 cooperates with the terminal device 10 of each user U, and provides API (Application Programming Interface) services for various applications (hereinafter referred to as applications) to the terminal device 10 of each user U. Various data may be provided.

Further, the authentication server 100 may be an information processing device that serves as a service provider and provides some kind of web service online to the terminal device 10 of each user U. For example, the authentication server 100 provides web services such as Internet connection, search service, SNS (Social Networking Service), electronic commerce (EC), electronic payment, online games, online banking, online trading, accommodation/ticket reservation, Services such as video/music distribution, news, maps, route searches, route guidance, route information, operation information, weather forecasts, etc. may be provided. In reality, the authentication server 100 may cooperate with various servers that provide the above-mentioned Web services, mediate the Web services, or may be in charge of processing the Web services.

Note that the authentication server 100 can acquire user information regarding the user U. For example, the authentication server 100 acquires information regarding user U's attributes such as user U's gender, age, and area of residence. The authentication server 100 stores and manages identification information indicating the user U (user ID, etc.) as well as information regarding attributes of the user U.

The authentication server 100 also acquires various types of history information (log data) indicating the user U's behavior from the user U's terminal device 10 or from various servers based on the user ID and the like. For example, the authentication server 100 acquires a location history that is a history of the location, date and time of the user U from the terminal device 10. The authentication server 100 also acquires a search history, which is a history of search queries input by the user U, from a search server (search engine). The authentication server 100 also acquires a viewing history, which is a history of content viewed by the user U, from the content server. The authentication server 100 also acquires a purchase history (payment history) that is a history of product purchases and payment processing by the user U from the electronic commerce server and the payment processing server. Further, the authentication server 100 may acquire the listing history and the sales history, which are the listing history of the user U on the marketplace, from the electronic commerce server or the payment server. The authentication server 100 also acquires a posting history, which is a history of postings by the user U, from a posting server or SNS server that provides a word-of-mouth posting service.

[2. Configuration example of information processing system]
Next, the configuration of the information processing system 1 including the authentication server 100 according to the embodiment will be described using FIG. 3. FIG. 3 is a diagram showing a configuration example of the information processing system 1 according to the embodiment. As shown in FIG. 3, the information processing system 1 according to the embodiment includes a terminal device 10, an authentication server 100, and a recovery server 200. These various devices are connected via a network N so that they can communicate by wire or wirelessly. The network N is, for example, a LAN (Local Area Network) or a WAN (Wide Area Network) such as the Internet.

Further, the number of each device included in the information processing system 1 shown in FIG. 3 is not limited to what is illustrated. For example, in FIG. 3, only one terminal device 10 is shown for simplification of illustration, but this is just an example and is not limited, and there may be two or more terminal devices.

The terminal device 10 is an information processing device used by the user U. For example, the terminal device 10 may be a smart device such as a smartphone or a tablet terminal, a feature phone, a PC (Personal Computer), a PDA (Personal Digital Assistant), a game console or AV device with a communication function, a car navigation system, a smart watch, or the like. These include wearable devices such as head-mounted displays, smart glasses, etc.

The terminal device 10 also supports wireless communication networks such as LTE (Long Term Evolution), 4G (4th Generation), and 5G (5th Generation), Bluetooth (registered trademark), and wireless LAN (Local The authentication server 100 can be connected to a network N via short-range wireless communication such as a local area network), and can communicate with the authentication server 100.

The authentication server 100 is, for example, a PC, a server device, a mainframe, a workstation, or the like. Note that the authentication server 100 may be realized by cloud computing.

[3. Configuration example of terminal device]
Next, the configuration of the terminal device 10 will be explained using FIG. 4. FIG. 4 is a diagram showing a configuration example of the terminal device 10. As shown in FIG. As shown in FIG. 4, the terminal device 10 includes a communication section 11, a display section 12, an input section 13, a positioning section 14, a sensor section 20, a control section 30 (controller), and a storage section 40. Be prepared.

(Communication Department 11)
The communication unit 11 is connected to the network N (see FIG. 3) by wire or wirelessly, and transmits and receives information to and from the authentication server 100 via the network N. For example, the communication unit 11 is realized by a NIC (Network Interface Card), an antenna, or the like.

(Display section 12)
The display unit 12 is a display device that displays various information such as position information. For example, the display unit 12 is a liquid crystal display (LCD) or an organic electro-luminescent display (EL display). Further, the display unit 12 is a touch panel type display, but is not limited to this.

(Input section 13)
The input unit 13 is an input device that receives various operations from the user U. For example, the input unit 13 includes buttons for inputting characters, numbers, and the like. Note that the input unit 13 may be an input/output port (I/O port), a USB (Universal Serial Bus) port, or the like. Further, when the display section 12 is a touch panel display, a part of the display section 12 functions as the input section 13. Further, the input unit 13 may be a microphone or the like that receives voice input from the user U. The microphone may be wireless.

(Positioning unit 14)
The positioning unit 14 receives a signal (radio wave) sent from a GPS (Global Positioning System) satellite, and based on the received signal, determines position information (for example, latitude and longitude). That is, the positioning unit 14 positions the terminal device 10 . Note that GPS is just one example of GNSS (Global Navigation Satellite System).

Further, the positioning unit 14 can measure the position using various methods other than GPS. For example, the positioning unit 14 may use various communication functions of the terminal device 10 to measure the position as an auxiliary positioning means for position correction and the like, as described below.

(Wi-Fi positioning)
For example, the positioning unit 14 positions the terminal device 10 using the Wi-Fi (registered trademark) communication function of the terminal device 10 or the communication network provided by each communication company. Specifically, the positioning unit 14 performs Wi-Fi communication, etc., and determines the position of the terminal device 10 by measuring the distance to nearby base stations and access points.

(Beacon positioning)
Further, the positioning unit 14 may use the Bluetooth (registered trademark) function of the terminal device 10 to measure the position. For example, the positioning unit 14 measures the position of the terminal device 10 by connecting to a beacon transmitter connected by a Bluetooth (registered trademark) function.

(geomagnetic positioning)
Furthermore, the positioning unit 14 positions the terminal device 10 based on the geomagnetic pattern of the structure measured in advance and the geomagnetic sensor included in the terminal device 10 .

(RFID positioning)
Further, for example, if the terminal device 10 has an RFID (Radio Frequency Identification) tag function equivalent to a contactless IC card used at station ticket gates, stores, etc., or has a function to read an RFID tag. In this case, the location where the terminal device 10 used the terminal device 10 is recorded together with the information that the payment was made. The positioning unit 14 may measure the position of the terminal device 10 by acquiring such information. Further, the position may be determined by an optical sensor, an infrared sensor, or the like provided in the terminal device 10.

The positioning unit 14 may position the terminal device 10 using one or a combination of the above-mentioned positioning means, if necessary.

(sensor section 20)
The sensor unit 20 includes various sensors mounted on or connected to the terminal device 10. Note that the connection may be a wired connection or a wireless connection. For example, the sensors may be a detection device other than the terminal device 10, such as a wearable device or a wireless device. In the example shown in FIG. 4, the sensor unit 20 includes an acceleration sensor 21, a gyro sensor 22, an atmospheric pressure sensor 23, an air temperature sensor 24, a sound sensor 25, an optical sensor 26, a magnetic sensor 27, and an image sensor ( camera) 28.

Note that each of the sensors 21 to 28 described above is merely an example and is not limited to the above. That is, the sensor section 20 may be configured to include a portion of each of the sensors 21 to 28, or may include other sensors such as a humidity sensor in addition to or instead of each of the sensors 21 to 28. .

The acceleration sensor 21 is, for example, a three-axis acceleration sensor, and detects the physical movement of the terminal device 10, such as the moving direction, speed, and acceleration of the terminal device 10. The gyro sensor 22 detects physical movements of the terminal device 10 such as tilt in three axes directions based on the angular velocity of the terminal device 10 and the like. The atmospheric pressure sensor 23 detects the atmospheric pressure around the terminal device 10, for example.

Since the terminal device 10 is equipped with the above-mentioned acceleration sensor 21, gyro sensor 22, atmospheric pressure sensor 23, etc., it is possible to implement technologies such as pedestrian autonomous navigation (PDR) using these sensors 21 to 23, etc. It becomes possible to measure the position of the terminal device 10 using the . This makes it possible to obtain indoor position information that is difficult to obtain using positioning systems such as GPS.

For example, a pedometer using the acceleration sensor 21 can calculate the number of steps, walking speed, and distance walked. Furthermore, by using the gyro sensor 22, it is possible to know the direction of travel of the user U, the direction of the line of sight, and the inclination of the user's body. Further, from the atmospheric pressure detected by the atmospheric pressure sensor 23, it is also possible to know the altitude and the number of floors where the terminal device 10 of the user U is located.

The temperature sensor 24 detects, for example, the temperature around the terminal device 10. The sound sensor 25 detects, for example, sounds around the terminal device 10. The optical sensor 26 detects the illuminance around the terminal device 10 . The magnetic sensor 27 detects, for example, the earth's magnetism around the terminal device 10. The image sensor 28 captures an image of the surroundings of the terminal device 10.

The above-mentioned atmospheric pressure sensor 23, temperature sensor 24, sound sensor 25, optical sensor 26, and image sensor 28 each detect atmospheric pressure, temperature, sound, and illuminance, and capture images of the surroundings, so that the terminal device 10 It is possible to detect the surrounding environment and situation. Furthermore, it is possible to improve the accuracy of the location information of the terminal device 10 based on the environment and situation around the terminal device 10.

(Control unit 30)
The control unit 30 includes, for example, a microcomputer having a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM, an input/output port, etc., and various circuits. Further, the control unit 30 may be configured with hardware such as an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array). The control unit 30 includes a transmitting unit 31, a receiving unit 32, a processing unit 33, an authenticator 34, and an application 35.

(Transmission unit 31)
The transmitting unit 31 receives, for example, various information input by the user U using the input unit 13, various information detected by the sensors 21 to 28 mounted on or connected to the terminal device 10, and information measured by the positioning unit 14. The location information of the terminal device 10 and the like can be transmitted to the authentication server 100 via the communication unit 11.

(Receiving unit 32)
The receiving unit 32 can receive various information provided from the authentication server 100 and requests for various information from the authentication server 100 via the communication unit 11 .

(Processing unit 33)
The processing unit 33 controls the entire terminal device 10, including the display unit 12 and the like. For example, the processing unit 33 can output various information transmitted by the transmitting unit 31 and various information received from the authentication server 100 by the receiving unit 32 to the display unit 12 for display.

(Authenticator 34)
The authenticator 34 is an authenticator built into or externally attached to the terminal device 10 of the user U, and verifies the identity of the user U. For example, the authenticator 34 may be a biometric authentication function of a smartphone, or may be implemented inside the terminal device 10 of the user U in a format that includes software such as an application or a browser and a specific hardware area. You can leave it there. The authenticator 34 may be an external authenticator such as a USB (Universal Serial Bus) key, or may be a physical device that can communicate with the terminal device 10 of the user U through wired communication or short-range wireless communication. It is also possible to use a different authentication device.

Although not shown, in this embodiment, the authenticator 34 includes an acquisition unit 34A that acquires the behavior history of the user U, and a specification unit 34B that identifies and selects a unique history from the behavior history of the user U. When recovering the user U's account, the authentication unit 34C functions as an authentication unit 34C that performs authentication by combining the verification of the user U's usual behavior history and questions about the unusual history.

The identification unit 34B identifies and selects, as a unique history, a place that only the user U seems to know, a place that the user U visits infrequently, a place that the user U visited at a unique timing, etc. do.

Further, the specifying unit 34B combines locations with different timelines as a unique history. Alternatively, the specifying unit 34B identifies and combines each unique history from among the behavior histories of different communities as the unique history. Further, the identifying unit 34B identifies a unique history based on the way the user U moves in the behavior history of the user U.

Then, when recovering the account of the user U, the authentication unit 34C asks the user U a question based on a unique history, and determines that the authentication has been successful if there is an appropriate answer to the question.

Furthermore, in the present embodiment, the authenticator 34 transmits and stores the authentication data at the time of recovery of the user U's account to the outside, and the authentication data stored externally at the time of the recovery of the user U's account. Request and obtain. Then, when recovering the account of the user U, authentication is performed based on the authentication data by combining verification of the user U's usual behavior history and questions about the unique history.

The authenticator 34 externally transmits and stores a learning model obtained through machine learning using user U's location information as learning data as one of the authentication data when recovering user U's account. . Note that the learning model is an irreversible model that cannot be converted back into position information.

Further, the authenticator 34 transmits and stores information regarding the singularity to the outside as one of the authentication data when recovering the user U's account.

For example, the authenticator 34 acquires cache data of the location information of the wearable device 50 from the wearable device 50 worn by the user U, and performs authentication using the location information of the wearable device 50 and the authentication data.

In addition, the authenticator 34 questions the user U about the purpose, date and time, place, companion, and activity details of the singular point in the user U's behavior history, and if there is an appropriate answer to the question, the authentication is performed. Determine it as successful.

In addition, if the location information of the wearable device 50 worn by the user U is appropriate and an appropriate answer is obtained to the question regarding the singularity posed to the user U, the authenticator 34 performs authentication. Determine it as successful.

(Application 35)
The application 35 is application software that is introduced (installed) into the terminal device 10 and used when performing recovery of the user U's account.

For example, the authenticator 34 transmits authentication data for recovering user U's account to the recovery server 200 and stores it therein. The application 35 requests recovery from the authentication server 100 when recovering the user U's account. That is, the application 35 functions as a requesting unit that requests recovery from the authentication server 100 and receives an identity verification request from the authentication server 100. Then, the authenticator 34 requests and obtains authentication data from the recovery server 200 in response to the identity verification request from the authentication server 100. In this case, the authenticator 34 functions as a requesting unit that requests authentication data from the recovery server 200 and acquires authentication data during recovery from the recovery server 200.

(Storage unit 40)
The storage unit 40 is realized by, for example, a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as an HDD (Hard Disk Drive), an SSD (Solid State Drive), or an optical disk. Ru. The storage unit 40 stores various programs, various data, and the like.

In the present embodiment, the storage unit 40 stores data related to the authenticator 34 and the application 35, data for authentication during recovery (learning model, singularity information, etc.), data stored in the terminal device 10, etc. be done. All of this information is stored in the secure area.

For example, the storage unit 40 includes an action history 40A, a learning model 40B, and singularity information 40C. The action history 40A indicates the history of position information of the terminal device 10. The learning model 40B is a model obtained as a result of learning using the position information of the terminal device 10 as learning data. The singular point information 40C is information regarding a singular point extracted from the history of position information of the terminal device 10.

[4. Server configuration example]
Next, the configuration of the servers (authentication server 100, recovery server 200) according to the embodiment will be described using FIGS. 5 and 6. FIG. 5 is a diagram illustrating an example configuration of the authentication server 100 according to the embodiment. As shown in FIG. 5, the authentication server 100 includes a communication section 110, a storage section 120, and a control section 130. FIG. 6 is a diagram illustrating a configuration example of the recovery server 200 according to the embodiment. As shown in FIG. 6, recovery server 200 includes a communication section 210, a storage section 220, and a control section 230. Note that in reality, the authentication server 100 and the recovery server 200 may be the same server.

(Communication Department 110 and Communication Department 210)
The communication unit 110 and the communication unit 210 are realized by, for example, a NIC (Network Interface Card). Further, the communication unit 110 and the communication unit 210 are connected to the network N (see FIG. 3) by wire or wirelessly.

(Storage unit 120 and storage unit 220)
The storage unit 120 and the storage unit 220 are realized by, for example, a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as an HDD, an SSD, or an optical disk.

As shown in FIG. 5, the storage unit 120 includes a user information database 121 and a history information database 122.

(User information database 121)
The user information database 121 stores user information regarding the user U. For example, the user information database 121 stores various information such as user U's attributes. FIG. 7 is a diagram showing an example of the user information database 121. In the example shown in FIG. 7, the user information database 121 has items such as "user ID (identifier),""age,""gender,""home,""worklocation," and "interest."

“User ID” indicates identification information for identifying user U. Note that the "user ID" may be user U's contact information (telephone number, email address, etc.), or may be identification information for identifying user U's terminal device 10.

Moreover, "age" indicates the age of the user U identified by the user ID. Note that the "age" may be information indicating the specific age of the user U (for example, 35 years old, etc.), or may be information indicating the age of the user U (for example, 30s, etc.) . Alternatively, the "age" may be information indicating the date of birth of the user U, or may be information indicating the generation of the user U (for example, born in the 1980s). Furthermore, “gender” indicates the gender of the user U identified by the user ID.

Moreover, "home" indicates the location information of the home of the user U identified by the user ID. In the example shown in FIG. 7, "home" is illustrated as an abstract code such as "LC11", but it may also be latitude/longitude information or the like. Furthermore, for example, "home" may be a region name or address.

Moreover, "work place" indicates the location information of the work place (school in the case of a student) of the user U identified by the user ID. In the example shown in FIG. 7, the "work location" is illustrated as an abstract code such as "LC12," but it may also be latitude and longitude information. Further, for example, the "work location" may be a region name or address.

Moreover, "interest" indicates the interest of the user U identified by the user ID. That is, "interest" indicates an object in which the user U identified by the user ID has a high interest. For example, "interest" may be a search query (keyword) that the user U inputs into a search engine. In the example shown in FIG. 7, one "interest" is shown for each user U, but there may be a plurality of "interests".

For example, in the example shown in FIG. 7, the age of the user U identified by the user ID "U1" is "20s", and the gender is "male". Further, for example, the user U identified by the user ID "U1" indicates that his home is "LC11". Further, for example, the user U identified by the user ID "U1" indicates that the work location is "LC12". Further, for example, the user U identified by the user ID "U1" indicates that he is interested in "sports."

Here, in the example shown in FIG. 7, abstract values such as "U1", "LC11", and "LC12" are used for illustration, but "U1", "LC11", and "LC12" have specific values. It is assumed that information such as character strings and numerical values is stored. Below, abstract values may be illustrated in diagrams related to other information as well.

Note that the user information database 121 is not limited to the above, and may store various information depending on the purpose. For example, the user information database 121 may store various information regarding the terminal device 10 of the user U. In addition, the user information database 121 includes information such as demographic (demographic attributes), psychographic (psychological attributes), geographic (geographical attributes), behavioral (behavioral attributes), etc. of user U. Information regarding attributes may also be stored. For example, the user information database 121 includes name, family composition, place of birth (locality), occupation, position, income, qualifications, type of residence (single-family house, condominium, etc.), presence or absence of a car, commuting/commuting time, commuting/commuting, etc. Memorizes information such as routes, commuter pass sections (stations, lines, etc.), frequently used stations (other than the stations closest to your home or work), lessons (location, time zone, etc.), hobbies, interests, lifestyle, etc. It's okay.

(History information database 122)
The history information database 122 stores various information related to history information (log data) indicating the actions of the user U. FIG. 8 is a diagram showing an example of the history information database 122. In the example shown in FIG. 8, the history information database 122 has items such as "user ID", "location history", "search history", "browsing history", "purchase history", and "posting history".

“User ID” indicates identification information for identifying user U. Further, “position history” indicates a position history that is a history of the user U's position and movement. Further, “search history” indicates a search history that is a history of search queries input by the user U. In addition, “browsing history” indicates a browsing history that is a history of contents that the user U has viewed. Further, “purchase history” indicates a purchase history that is a history of purchases by user U. Moreover, "posting history" indicates a posting history that is a history of postings by user U. Note that the "posting history" may include questions regarding user U's belongings.

For example, in the example shown in FIG. 8, user U identified by user ID "U1" moves as per "location history #1", searches as per "search history #1", and searches as per "view history #1". This indicates that the content was viewed according to "history #1", a predetermined product, etc. was purchased at a predetermined store etc. according to "purchase history #1", and the content was posted according to "posting history".

Here, in the example shown in FIG. 8, abstracts such as "U1", "location history #1", "search history #1", "browsing history #1", "purchase history #1" and "posting history #1" are used. Although the figures are shown using typical values, "U1", "location history #1", "search history #1", "browsing history #1", "purchase history #1" and "posting history #1" are It is assumed that information such as specific character strings and numerical values is stored.

Note that the history information database 122 is not limited to the above, and may store various information depending on the purpose. For example, the history information database 122 may store the user U's usage history of a predetermined service. Further, the history information database 122 may store the user U's visit history to a physical store, visit history to a facility, or the like. Further, the history information database 122 may store the payment history of user U's payment using the terminal device 10 (electronic payment).

As shown in FIG. 6, the storage unit 220 includes a recovery information database 221.

(Recovery information database 221)
The recovery information database 221 stores various information regarding authentication data at the time of recovery acquired from the terminal device 10 of the user U. FIG. 9 is a diagram showing an example of the recovery information database 221. In the example shown in FIG. 9, the recovery information database 221 includes items such as "user ID,""learningmodel," and "singularity."

“User ID” indicates identification information for identifying user U. Moreover, the "learning model" indicates a learning model obtained by machine learning using user U's location information as learning data. Moreover, the "singular point" indicates a singular point (unique history) in the action history of the user U. Note that the "singularity" may be information indicating questions regarding the singularity in the behavior history of the user U.

For example, in the example shown in FIG. 9, the terminal device 10 of the user U identified by the user ID "U1" saves "Model #1" and "Singularity #1" as authentication data at the time of recovery. Show what you did.

Here, in the example shown in FIG. 9, abstract values such as "U1", "learning model #1" and "singularity #1" are used for illustration, but "U1", "learning model #1" and It is assumed that information such as specific character strings and numerical values is stored in "singular point #1."

Note that the recovery information database 221 is not limited to the above, and may store various information depending on the purpose. For example, the recovery information database 221 may store user U's behavior history and the like. At this time, the recovery information database 221 does not store the raw data of the position information of the user U, but stores data obtained by processing (rounding) the position information of the user U, vectorized data, etc. Good too. Furthermore, area information (prefectures, wards, cities, towns, villages, mesh codes on a map, etc.) based on the location information of the user U may be stored.

(Control unit 130 and control unit 230)
Returning to FIGS. 5 and 6, the explanation will be continued. The control unit 130 and the control unit 230 are controllers, and are configured by, for example, a CPU (Central Processing Unit), an MPU (Micro Processing Unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), etc. This is realized by executing various programs (corresponding to an example of an information processing program) stored in a storage device inside the authentication server 100 or the recovery server 200 using a storage area such as a RAM as a work area.

In the example shown in FIG. 5, the control unit 130 includes a collection unit 131, a reception unit 132, a confirmation unit 133, and a provision unit 134.

(Collection unit 131)
The collection unit 131 collects user information regarding each user U via the communication unit 110. For example, the collection unit 131 collects identification information indicating the user U (user ID, etc.), location information of the user U, attribute information of the user U, etc. from the terminal device 10 of the user U. Further, the collection unit 131 may collect identification information indicating the user U, attribute information of the user U, etc. at the time of user U's user registration. The collection unit 131 then registers the user information in the user information database 121 of the storage unit 120.

In addition, the collection unit 131 collects various types of history information (log data) indicating the actions of each user U via the communication unit 110. For example, the collection unit 131 collects various types of history information indicating the user U's behavior from the user U's terminal device 10 or from various servers based on the user ID and the like. The collection unit 131 then registers various types of history information in the history information database 122 of the storage unit 120.

(Reception Department 132)
When the reception unit 132 receives a request for recovery of the user U's account from the application 35 of the terminal device 10 of the user U via the communication unit 110, the reception unit 132 requests the application 35 of the terminal device 10 to verify the identity. . At this time, the application 35 of the terminal device 10 requests the authenticator 34 of the terminal device 10 to confirm the identity in response to the request for identity verification.

(Confirmation unit 133)
When the confirmation unit 133 receives a signal or message indicating authentication success (OK) from the application 35 of the terminal device 10 of the user U via the communication unit 110, the confirmation unit 133 confirms the identity of the user U. At this time, the authenticator 34 of the terminal device 10 authenticates the user U in response to the request for identity verification, and if the authentication is successful, sends a signal or message indicating successful authentication (OK) to the application 35.

(Providing unit 134)
The providing unit 134 provides various data to the terminal device 10 of the user U via the communication unit 110. For example, the providing unit 134 may provide the authenticator 34, the application 35, etc. to the terminal device 10 of the user U via the communication unit 110. That is, the providing unit 134 may provide the program, data, etc. to the terminal device 10 of the user U via the communication unit 110. Further, the providing unit 134 may provide (send) an identity verification request to the terminal device 10 of the user U via the communication unit 110.

In the example shown in FIG. 6, the control unit 230 includes a collection unit 231, a reception unit 232, a confirmation unit 233, and a provision unit 234.

(Collection unit 231)
The collection unit 231 collects authentication data during recovery from the authentication device 34 of the terminal device 10 of each user U via the communication unit 210. The authentication data at the time of recovery is, for example, a learning model obtained as a result of learning using the location information of the terminal device 10 as learning data, information on singular points (unique location information) in the action history of the user U, etc. It is.

(Reception Department 232)
When receiving a request for authentication data at the time of recovery from the authenticator 34 of the terminal device 10 of the user U via the communication unit 210, the reception unit 232 transmits the data for authentication at the time of recovery to the user U's terminal. Processing for transmitting to the authenticator 34 of the device 10 is performed.

(Confirmation section 233)
The confirmation unit 233 performs another authentication for the terminal device 10 when there is an access or a request from the authenticator 34 of the terminal device 10 of the user U.

(Providing unit 234)
The providing unit 234 provides various data to the terminal device 10 of the user U via the communication unit 210. For example, the providing unit 234 may provide the authenticator 34, the application 35, etc. to the terminal device 10 of the user U via the communication unit 210. That is, the providing unit 234 may provide the program, data, etc. to the terminal device 10 of the user U via the communication unit 210.

Further, when the providing unit 234 receives a request for authentication data at the time of recovery from the authenticator 34 of the terminal device 10 of the user U via the communication unit 210, the providing unit 234 transmits the authentication data at the time of recovery to the user U. may be provided to the authenticator 34 of the terminal device 10.

[5. Processing procedure]
Next, a processing procedure by the terminal device 10 according to the embodiment will be described using FIG. 10. FIG. 10 is a flowchart showing the processing procedure according to the embodiment. Note that the processing procedure shown below is repeatedly executed by the control unit 30 of the terminal device 10.

As shown in FIG. 10, the authenticator 34 of the terminal device 10 acquires location information of the terminal device 10 and stores it as an action history (step S101).

Next, the authenticator 34 of the terminal device 10 performs machine learning (on-device learning) using the location information of the terminal device 10 included in the action history as learning data, and constructs a learning model (local model) as a learning result. Save (step S102).

Subsequently, the authenticator 34 of the terminal device 10 extracts a unique history from the behavior history and stores it as a singular point (step S103).

Subsequently, the authenticator 34 of the terminal device 10 transmits the information regarding the learning model and the singularity as authentication data during recovery to the recovery server 200 via the communication unit 11 and/or the transmission unit 31 for backup. (Step S104). At this time, when the authenticator 34 is requested to authenticate with the recovery server 200, the authenticator 34 performs the authentication with the recovery server 200.

Subsequently, the application 35 of the terminal device 10, when it becomes necessary to recover the account owned by the user U for some reason, the communication unit 11 and the /Or transmits a recovery request to the authentication server 100 via the transmitter 31 (step S105).

Subsequently, when the application 35 of the terminal device 10 receives the identity verification request from the authentication server 100 via the communication unit 11 and/or the reception unit 32, the application 35 of the terminal device 10 transmits the identity verification request to the terminal device 10 in response to the identity verification request from the authentication server 100. A request is made to the authenticator 34 to confirm the identity (step S106).

Subsequently, the authenticator 34 of the terminal device 10 checks the presence or absence of authentication data (learning model, singular point information, etc.) at the time of recovery (step S107). For example, the authenticator 34 checks whether the authentication data at the time of recovery is stored in a predetermined storage location for the authentication data at the time of recovery (such as a secure area of the terminal device 10).

Subsequently, if there is no authentication data at the time of recovery (step S107: No), the authenticator 34 of the terminal device 10 sends the recovery data backed up to the recovery server 200 via the communication unit 11 and/or the transmission unit 31. The authentication data at the time of recovery is requested from the recovery server 200 via the communication unit 11 and/or the receiving unit 32 (step S108).

Next, if the authentication device 34 of the terminal device 10 has the authentication data at the time of recovery (step S107: Yes), or after acquiring the authentication data at the time of recovery from the recovery server 200 (after step S108), The position information of the wearable device 50 is acquired (step S109).

Subsequently, the authenticator 34 of the terminal device 10 verifies the position information of the wearable device 50 and asks a question regarding the singularity as an authentication process (step S110).

Subsequently, if the authentication device 34 of the terminal device 10 succeeds in authentication, the authentication device 34 sends a signal or message indicating authentication success (OK) to the application 35, and the application 35 sends a signal or message indicating authentication success (OK) to the application 35 via the communication unit 11 and/or the transmission unit 31. , transmits a signal or message indicating authentication success (OK) to the authentication server 100 (step S111).

[6. Modified example]
The terminal device 10 and the authentication server 100 described above may be implemented in various different forms other than the above embodiments. Therefore, a modification of the embodiment will be described below.

In the above embodiment, part or all of the processing executed by the authentication server 100 may actually be executed by the terminal device 10. For example, the process may be completed stand-alone (by the terminal device 10 alone). In this case, it is assumed that the terminal device 10 is equipped with the functions of the authentication server 100 in the above embodiment. Furthermore, in the above embodiment, since the terminal device 10 cooperates with the authentication server 100, it appears to the user U that the terminal device 10 is also executing the processing of the authentication server 100. That is, from another point of view, it can be said that the terminal device 10 includes the authentication server 100.

Further, in the above embodiment, the authenticator 34 of the terminal device 10 performs learning and authentication using location information, but in reality, the authentication device 34 of the terminal device 10 performs learning and authentication using location information. Learning and authentication may be performed using sensor information obtained from each sensor. At this time, the authenticator 34 may extract unique sensor information as a singular point from among the accumulated sensor information. Further, the authenticator 34 may perform learning and authentication using a combination of position information and sensor information.

Further, in the above embodiment, the authenticator 34 of the terminal device 10 performs learning and authentication using location information, but in reality, not only location information but also various types of information stored in the authentication server 100 are used. Learning and authentication may be performed by acquiring history information (log data). At this time, the authenticator 34 may extract a unique log as a unique point from the acquired history information. Alternatively, the authentication server 100 may perform learning using user U's history information (log data) as learning data, and provide the terminal device 10 with a learning model obtained as a learning result. At this time, the authenticator 34 performs authentication using the learning model provided by the authentication server 100. Further, the authenticator 34 may perform learning and authentication using a combination of location information and history information.

[7. effect〕
As described above, the information processing device (terminal device 10, authenticator 34) according to the present application includes an acquisition unit 34A that acquires the behavior history of the user (user U), and an acquisition unit 34A that acquires the behavior history of the user (user U), and the acquisition unit 34A that acquires the behavior history of the user (user U). The system includes a specifying section 34B that specifies and selects a user, and an authentication section 34C that performs authentication by combining verification of the user's usual behavior history and questions regarding unique history when recovering the user's account.

For example, the specifying unit 34B specifies and selects a place that only the user himself or herself seems to know as the unique history.

Alternatively, the specifying unit 34B specifies and selects a place that the user rarely visits as the unique history.

Alternatively, the identifying unit 34B identifies and selects a place that the user visited at a unique timing as the unique history.

Further, the specifying unit 34B combines locations with different timelines as a unique history.

Further, the identifying unit 34B identifies and combines unique histories from among the behavior histories of different communities as unique histories.

Further, the identifying unit 34B identifies a unique history based on the user's movement in the user's behavior history.

Further, when recovering the user's account, the authentication unit 34C asks the user a question based on a unique history, and determines that the authentication has been successful if there is an appropriate answer to the question.

By using any one or a combination of the above-described processes, the information processing device according to the present application can perform identity verification on the terminal side by combining the verification of the log of normal behavior and the questioning of the unique log.

[8. Hardware configuration]
Furthermore, the terminal device 10, authentication server 100, and recovery server 200 according to the embodiments described above are realized by, for example, a computer 1000 having a configuration as shown in FIG. The following will explain the terminal device 10 as an example. FIG. 11 is a diagram showing an example of the hardware configuration. The computer 1000 is connected to an output device 1010 and an input device 1020, and a calculation device 1030, a primary storage device 1040, a secondary storage device 1050, an output I/F (Interface) 1060, an input I/F 1070, and a network I/F 1080 are connected to a bus. 1090.

The arithmetic unit 1030 operates based on programs stored in the primary storage device 1040 and the secondary storage device 1050, programs read from the input device 1020, and performs various processes. The arithmetic device 1030 is realized by, for example, a CPU (Central Processing Unit), an MPU (Micro Processing Unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or the like.

The primary storage device 1040 is a memory device such as a RAM (Random Access Memory) that temporarily stores data used by the calculation device 1030 for various calculations. Further, the secondary storage device 1050 is a storage device in which data used by the calculation device 1030 for various calculations and various databases are registered, and includes a ROM (Read Only Memory), an HDD (Hard Disk Drive), and an SSD (Solid Disk Drive). This is realized using flash memory, etc. The secondary storage device 1050 may be a built-in storage or an external storage. Further, the secondary storage device 1050 may be a removable storage medium such as a USB (Universal Serial Bus) memory or an SD (Secure Digital) memory card. Further, the secondary storage device 1050 may be a cloud storage (online storage), a NAS (Network Attached Storage), a file server, or the like.

The output I/F 1060 is an interface for transmitting information to be output to the output device 1010 that outputs various information such as a display, a projector, and a printer. (Digital Visual Interface) and HDMI (registered trademark) (High Definition Multimedia Interface). Further, the input I/F 1070 is an interface for receiving information from various input devices 1020 such as a mouse, keyboard, keypad, button, scanner, etc., and is realized by, for example, a USB or the like.

Further, the output I/F 1060 and the input I/F 1070 may be wirelessly connected to the output device 1010 and the input device 1020, respectively. That is, output device 1010 and input device 1020 may be wireless devices.

Moreover, the output device 1010 and the input device 1020 may be integrated like a touch panel. In this case, the output I/F 1060 and the input I/F 1070 may also be integrated as an input/output I/F.

Note that the input device 1020 is, for example, an optical recording medium such as a CD (Compact Disc), a DVD (Digital Versatile Disc), or a PD (Phase change rewritable disk), a magneto-optical recording medium such as an MO (Magneto-Optical disk), or a tape. It may be a device that reads information from a medium, a magnetic recording medium, a semiconductor memory, or the like.

Network I/F 1080 receives data from other devices via network N and sends it to computing device 1030, and also sends data generated by computing device 1030 to other devices via network N.

Arithmetic device 1030 controls output device 1010 and input device 1020 via output I/F 1060 and input I/F 1070. For example, the arithmetic device 1030 loads a program from the input device 1020 or the secondary storage device 1050 onto the primary storage device 1040, and executes the loaded program.

For example, when the computer 1000 functions as the terminal device 10, the arithmetic unit 1030 of the computer 1000 realizes the functions of the control unit 30 by executing a program loaded onto the primary storage device 1040. Further, the arithmetic device 1030 of the computer 1000 may load a program obtained from another device via the network I/F 1080 onto the primary storage device 1040, and execute the loaded program. Further, the arithmetic device 1030 of the computer 1000 may cooperate with other devices via the network I/F 1080, and may call and use program functions, data, etc. from other programs of other devices.

[9. others〕
Although the embodiments of the present application have been described above, the present invention is not limited to the contents of these embodiments. Furthermore, the above-mentioned components include those that can be easily assumed by those skilled in the art, those that are substantially the same, and those that are in a so-called equivalent range. Furthermore, the aforementioned components can be combined as appropriate. Furthermore, various omissions, substitutions, or modifications of the constituent elements can be made without departing from the gist of the embodiments described above.

Further, among the processes described in the above embodiments, all or part of the processes described as being performed automatically can be performed manually, or the processes described as being performed manually can be performed manually. All or part of this can also be performed automatically using known methods. In addition, information including the processing procedures, specific names, and various data and parameters shown in the above documents and drawings may be changed arbitrarily, unless otherwise specified. For example, the various information shown in each figure is not limited to the illustrated information.

Furthermore, each component of each device shown in the drawings is functionally conceptual, and does not necessarily need to be physically configured as shown in the drawings. In other words, the specific form of distributing and integrating each device is not limited to what is shown in the diagram, and all or part of the devices can be functionally or physically distributed or integrated in arbitrary units depending on various loads and usage conditions. Can be integrated and configured.

For example, the authentication server 100 and recovery server 200 described above may be realized by multiple server computers, or depending on the function, they may be realized by calling an external platform etc. using an API (Application Programming Interface), network computing, etc. The configuration can be changed flexibly.

Furthermore, the above-described embodiments and modifications can be combined as appropriate within a range that does not conflict with the processing contents.

Further, the above-mentioned "section, module, unit" can be read as "means", "circuit", etc. For example, the acquisition unit can be read as an acquisition means or an acquisition circuit.

1 Information processing system 10 Terminal device 34 Authenticator 35 Application 50 Wearable device 100 Authentication server 200 Recovery server 110, 210 Communication unit 120, 220 Storage unit 121 User information database 122 History information database 221 Recovery information database 130, 230 Control unit 131 , 231 Collection Department 132, 232 Reception Department 133, 233 Confirmation Department 134, 234 Provision Department

Claims (9)

An information processing device used as an authenticator,
an acquisition unit that acquires the user's action history from the user's wearable device ;
Perform machine learning using the user's behavior history as learning data, identify and select unique history among the user's behavior history, and use the learning model and unique history as the learning results as authentication data at the time of recovery. a specific unit that saves the authentication data in a secure area as an authentication data and further backs up the authentication data at the time of recovery to a recovery server ;
When recovering the user's account , it is checked whether the authentication data at the time of recovery is stored in the secure area, and if the authentication data at the time of recovery exists, the data for authentication at the time of recovery is saved from the secure area. If the data for authentication at the time of recovery is not available, the data for authentication at the time of recovery is acquired from the recovery server, and the user's usual behavior history using the data for authentication at the time of recovery is obtained. an authentication unit that performs authentication by combining verification of the information and questions regarding the unique history;
a transmitting unit that transmits a signal or message indicating successful authentication to the authentication server when the authentication is successful;
Equipped with
The authentication unit determines whether or not the user's usual behavior history matches the behavior history shown in the authentication data at the time of recovery, and also determines whether the user's usual behavior history matches the behavior history shown in the authentication data at the time of recovery. Authentication is performed by extracting the unique history from among them and asking questions regarding the extracted unique history.
An information processing device characterized by: The identifying unit identifies and selects, as the unique history, unique location information indicating a place that the user rarely visits;
2. The authentication unit according to claim 1 , wherein the authentication unit performs authentication by combining verification of the user's usual behavior history and questioning about the location indicated by the unique location information when recovering the user's account. The information processing device described. The identifying unit identifies and selects, as the unique history, unique location information indicating a place visited by the user at a unique timing;
2. The authentication unit according to claim 1, wherein the authentication unit performs authentication by combining verification of the user's usual behavior history and questioning about the location indicated by the unique location information when recovering the user's account . 2. The information processing device according to 2 . The identification unit combines, as the unique history, unique location information indicating each place visited not on the same timeline but on different timelines,
The authentication unit is characterized in that, when recovering the user's account, the authentication unit performs authentication by combining verification of the user's usual behavior history and a question about the location indicated by each of the unique location information included in the combination. The information processing device according to any one of claims 1 to 3 . The identifying unit identifies and combines unique histories from among the behavior histories of each of a plurality of communities to which the user belongs, as the unique history;
The authentication unit performs authentication by combining verification of the user's usual behavior history and questions about each of the unique histories included in the combination when recovering the user's account. The information processing device according to any one of 1 to 4 . When identifying the unique history from the way the user moves in the user's action history, the identifying unit determines that the user is sightseeing if the user is moving slowly at random, and allows the user to proceed to the destination without taking a detour. If you go there and come back, it will be judged as a business trip,
6. The authentication unit performs authentication by combining verification of the user's usual behavior history and questions regarding the determined sightseeing or business trip when recovering the user's account . The information processing device according to any one of them. The authentication unit is characterized in that when recovering the user's account, the authentication unit asks the user a question based on the unique history, and determines that the authentication has been successful if there is an appropriate answer to the question. The information processing device according to any one of claims 1 to 6 . An information processing method executed by an information processing device used as an authenticator, the method comprising:
an acquisition step of acquiring the user's action history from the user's wearable device ;
Perform machine learning using the user's behavior history as learning data, identify and select unique history among the user's behavior history, and use the learning model and unique history as the learning results as authentication data at the time of recovery. a specific step of backing up the authentication data at the time of recovery to a recovery server ;
When recovering the user's account , it is checked whether the authentication data at the time of recovery is stored in the secure area, and if the authentication data at the time of recovery exists, the data for authentication at the time of recovery is saved from the secure area. If the data for authentication at the time of recovery is not available, the data for authentication at the time of recovery is acquired from the recovery server, and the user's usual behavior history using the data for authentication at the time of recovery is obtained. an authentication process that performs authentication by combining verification of the information and questions regarding the unique history;
a sending step of transmitting a signal or message indicating successful authentication to the authentication server if the authentication is successful;
including;
In the authentication step, it is determined whether the user's usual behavior history matches the behavior history shown in the authentication data at the time of recovery, and the behavior history shown in the authentication data at the time of recovery is determined. Authentication is performed by extracting the unique history from among them and asking questions regarding the extracted unique history.
An information processing method characterized by: an acquisition procedure for acquiring the user's action history from the user's wearable device ;
Perform machine learning using the user's behavior history as learning data, identify and select unique history among the user's behavior history, and use the learning model and unique history as the learning results as authentication data at the time of recovery. a specific procedure for backing up the authentication data at the time of recovery to a recovery server ;
When recovering the user's account , it is checked whether the authentication data at the time of recovery is stored in the secure area, and if the authentication data at the time of recovery exists, the data for authentication at the time of recovery is saved from the secure area. If the data for authentication at the time of recovery is not available, the data for authentication at the time of recovery is acquired from the recovery server, and the user's usual behavior history using the data for authentication at the time of recovery is obtained. an authentication procedure that performs authentication by combining verification of the information and questions regarding the unique history;
a transmission step of transmitting a signal or message indicating successful authentication to the authentication server when the authentication is successful;
An information processing program for causing a computer used as an authenticator to execute,
In the authentication procedure, it is determined whether the user's usual behavior history matches the behavior history shown in the authentication data at the time of recovery, and the behavior history shown in the authentication data at the time of recovery is determined. Authentication is performed by extracting the unique history from among them and asking questions regarding the extracted unique history.
An information processing program characterized by:

Images