WO2023105586A1 - Dispositif de traitement d'informations, procédé de traitement d'informations et programme - Google Patents

Dispositif de traitement d'informations, procédé de traitement d'informations et programme Download PDF

Info

Publication number
WO2023105586A1
WO2023105586A1 PCT/JP2021/044758 JP2021044758W WO2023105586A1 WO 2023105586 A1 WO2023105586 A1 WO 2023105586A1 JP 2021044758 W JP2021044758 W JP 2021044758W WO 2023105586 A1 WO2023105586 A1 WO 2023105586A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
biometric information
operator
terminal
model
Prior art date
Application number
PCT/JP2021/044758
Other languages
English (en)
Japanese (ja)
Inventor
悠 大島
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2021/044758 priority Critical patent/WO2023105586A1/fr
Publication of WO2023105586A1 publication Critical patent/WO2023105586A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present invention relates to an information processing device, an information processing method, and a program.
  • Patent Literature 1 describes a person authentication unit that authenticates the person by comparing acquired static biometric information with pre-registered static biometric information;
  • an information processing device comprising: a state determination unit that determines a user's state by comparing the user's state with biological information; It is
  • biometric information such as fingerprints, veins, faces, irises, and retinas is used as static biometric information for personal authentication.
  • biometric information requires a dedicated reading device and cannot always be used in a terminal.
  • One aspect of the present invention has been made in view of the above problems. To provide a technique for identifying whether or not an operation is based on the intention of the person himself/herself.
  • An information processing apparatus includes: identity verification information acquisition means for acquiring identity verification information input from a terminal; biometric information acquisition means for acquiring biometric information of an operator of the terminal; with reference to one or more biometric information models learned using biometric information in normal times, the biometric information acquired by the biometric information acquisition means, and the identity verification information acquired by the identity verification information acquisition means and identification means for executing identification processing for identifying whether or not the operation is performed intentionally by the person himself/herself.
  • An information processing method comprises: at least one processor acquiring identity verification information input from a terminal; acquiring biometric information of an operator of the terminal; By referring to one or more biometric information models learned using the biometric information of the above, the acquired biometric information, and the acquired identity verification information, whether or not the operation is being performed intentionally by the person including identifying
  • An information processing program includes a process of acquiring identity verification information input from a terminal, a process of acquiring biometric information of an operator of the terminal, and a process of acquiring biometric information of the operator during normal times.
  • a technique for identifying whether an operation on a terminal is an operation based on the intention of the operator, based on personal authentication information entered by the operator and biometric information of the operator. can do.
  • FIG. 1 is a block diagram showing the configuration of an information processing device according to exemplary Embodiment 1 of the present invention
  • FIG. 4 is a flow chart showing the flow of an information processing method according to exemplary embodiment 1
  • FIG. 7 is a block diagram showing the configuration of an information processing apparatus according to exemplary Embodiment 2 of the present invention
  • FIG. 11 is a flowchart showing an outline flow of information processing performed by an information processing apparatus according to exemplary embodiment 2
  • FIG. 4 is a conceptual diagram showing that the biometric information model has a plurality of models
  • 4 is a table showing a method of selectively using models depending on the importance of operation content or purpose.
  • FIG. 11 is a block diagram showing the configuration of an information processing apparatus according to exemplary Embodiment 3 of the present invention
  • FIG. 11 is a flow diagram showing an outline flow of information processing performed by an information processing apparatus according to exemplary embodiment 3
  • 11 is a flow chart showing the flow of an information processing method according to exemplary embodiment 3
  • FIG. 11 is a block diagram showing the configuration of an information processing apparatus according to exemplary Embodiment 4 of the present invention
  • 1 is a configuration diagram for realizing an information processing apparatus by software
  • FIG. 11 is a flow diagram showing an outline flow of information processing performed by an information processing apparatus according to exemplary embodiment 3
  • 11 is a flow chart showing the flow of an information processing method according to exemplary embodiment 3
  • FIG. 11 is a block diagram showing the configuration of an information processing apparatus according to exemplary Embodiment 4 of the present invention
  • It is an example of warning information displayed on the display unit.
  • 1 is a configuration diagram for realizing an information processing apparatus
  • FIG. 1 is a block diagram showing the configuration of an information processing device 1.
  • the information processing device 1 is a device that identifies whether or not the operation of the user (operator) 40 who operated the terminal 30 was performed based on the intention of the person himself/herself.
  • the principal refers to the principal identified by personal identification information described later.
  • the information processing device 1 includes an identity verification information acquisition unit 11, a biometric information acquisition unit 12, and an identification unit 13.
  • the personal identification information acquisition unit 11, the biometric information acquisition unit 12, and the identification unit 13 are forms of the personal identification information acquisition unit, the biometric information acquisition unit, and the identification unit described in the claims, respectively.
  • the personal identification information obtaining unit 11 obtains the personal identification information of the operator input by the operator from the terminal.
  • identity verification information is information that proves the identity of the person, such as information that only the person knows or information that is contained in an object believed to be owned only by the person. is.
  • personal identification information include my number, information recorded on my number cards, information recorded on cards with built-in IC chips (credit cards, cash cards, etc.), personal identification numbers, account information, passwords, facial images, and fingerprints. etc.
  • a terminal is a terminal for the operator to perform input operations.
  • terminals include personal computers, mobile terminals such as smartphones and mobile tablets, various wearable devices, ATMs (Automatic Teller Machines) of financial institutions, input terminals of public institutions, and the like.
  • ATMs Automatic Teller Machines
  • the type of the terminal is not limited to the above examples, and the form is not limited as long as it is configured to allow the operator to operate for the desired procedure and has an information communication function.
  • the information processing device 1 may be connected to terminals via an information communication network such as the Internet.
  • a wearable device is a device that a person wears on a part of their body and uses.
  • Wearable devices include, for example, wristwatches, eyeglasses, headphones, earphones, and the like.
  • it refers to a wearable device that has a function that can acquire biological information such as the wearer's pulse and body temperature.
  • the personal identification information to be entered may be any one that can be entered from the terminal, or a combination of these.
  • the personal identification information can be input using a keyboard, a touch panel, various information reading devices, etc. provided in the terminal. For example, it is possible to input my number, account (account number), personal identification number, password, etc. from a touch panel provided in a personal computer or mobile terminal.
  • a personal computer or mobile terminal is equipped with a card reading device, it is possible to read my number card.
  • a reading device for a financial institution card is attached.
  • a face image may be transmitted as personal identification information.
  • biometric information acquisition unit 12 acquires biometric information of the operator of the terminal.
  • biometric information is physical information or physiological information.
  • the biometric information includes, as an example, at least one of keystrokes on a keyboard or touch panel, pulse, body temperature, and facial expression.
  • Keystrokes which are physical information, refer generally to key operation characteristics of a keyboard or touch panel in this exemplary embodiment.
  • keystrokes include the speed at which a key is struck, the pattern or frequency of mistyping, the difference in input speed depending on the type of character string, and the like. Information about such keystrokes is information that tends to show different input habits for each individual.
  • Physiological information such as pulse or body temperature can be obtained by a wearable device equipped with a pulse meter or thermometer when worn by the operator.
  • facial expressions can be acquired with a camera when the operator is operating a terminal equipped with a camera. By comparing the pulse, body temperature, facial expression, etc. with normal times, it is possible to identify that the operator is operating in a mental state different from normal.
  • the above biometric information is acquired by equipment that terminals generally have. Also, if the operator is wearing a wearable device, the information may be acquired by the wearable device. In other words, there is no need to newly arrange dedicated equipment for acquiring biometric information.
  • the identification unit 13 identifies one or more biometric information models learned using the biometric information of the operator 40 during normal times, the biometric information acquired by the biometric information acquisition unit 12, and the identity acquired by the identity verification information acquisition unit 11. By referring to the confirmation information, an identification process is executed to identify whether the operation by the operator 40 is intentionally performed.
  • the biometric information model is a machine learning model built by learning the operator's normal biometric information.
  • the biometric information model is based on the biometric information acquired by the biometric information acquisition unit 12, which is the normal state of a person (hereinafter also referred to as “the person”) identified by the identity verification information acquired by the identity verification information acquisition unit 11.
  • the degree of matching with the biometric information is calculated, and identification processing is performed to identify whether or not the operation performed on the terminal is intentionally performed by the person himself/herself. A method for constructing the biometric information model will be described later.
  • normal means, as an example, a state in which the person has no emotions such as anxiety, fear, or worry, or a state in which the person is mentally stable.
  • the normal time may be rephrased as the time when the person performs an operation based on his or her original intention.
  • the original intention is, for example, the will to act voluntarily without being threatened or coerced by others, or without encountering fraud or the like.
  • the personal identification information acquisition unit 11, the biometric information acquisition unit 12, and the identification unit 13 are described as an example in which they are integrated into one information processing device 1, but each of these units is integrated into one unit. They do not have to be grouped together in one place. In other words, some or all of these may be dispersed and arranged at different locations. Also, some or all of these may be distributed and arranged on the cloud. This also applies to the following exemplary embodiments.
  • the personal identification information acquisition unit 11 that obtains personal identification information input from the terminal 30 and the biometric information of the operator 40 of the terminal 30 are obtained.
  • the biometric information acquiring unit 12 one or more biometric information models learned using the normal biometric information of the operator 40, the biometric information acquired by the biometric information acquiring unit 12, and the identity verification information acquiring unit 11 and an identification unit 13 that refers to the acquired personal identification information and performs identification processing to identify whether or not the operation is performed intentionally by the person himself/herself.
  • operations on the terminal can be operations based on the intention of the operator based on the personal authentication information entered by the operator and the biometric information of the operator. It is possible to obtain the effect of being able to identify whether or not there is.
  • FIG. 2 is a flow chart showing the flow of the information processing method S1.
  • the information processing method S1 includes the following steps.
  • at step S11 at least one processor (for example, the personal identification information obtaining unit 11) obtains personal identification information input from the terminal.
  • at least one processor for example, the biometric information acquisition unit 12 acquires the biometric information of the terminal operator.
  • at least one processor for example, the identification unit 13
  • the identification unit 13 includes one or more biological information models learned using the normal biological information of the operator, the acquired biological information, and the acquired By referring to the personal identification information, it is identified whether or not the operation is performed by the person himself/herself.
  • the contents of the personal identification information, biometric information, and biometric learning model are as described above.
  • At least one processor acquires identity verification information input from a terminal, acquires biometric information of an operator of the terminal, By referring to one or more biometric information models learned using the biometric information of the operator during normal times, the acquired biometric information, and the acquired identity verification information, the operation is performed voluntarily by the operator. and identifying whether or not there is.
  • the operation on the terminal is an operation based on the intention of the operator based on the personal authentication information entered by the operator and the biometric information of the operator. It is possible to obtain the effect of being able to identify whether or not there is.
  • FIG. 3 is a block diagram showing the configuration of the information processing device 1A according to this exemplary embodiment. As illustrated, the information processing apparatus 1A includes a control section 10, a communication section 15, and a memory 16. FIG.
  • the control unit 10 includes an identity verification information acquisition unit 11, a biometric information acquisition unit 12, and an identification unit 13.
  • the functions of the personal identification information acquisition unit 11, the biometric information acquisition unit 12, and the identification unit 13 are as described in the first exemplary embodiment.
  • the memory 16 stores one or more programs in a ROM (Read Only Memory), and implements the function of each part of the control unit 10 by expanding it to a RAM (Random Access Memory) and executing it. do.
  • the information processing device 1A is connected to the terminal 30 via the information communication network N such as the Internet by the communication unit 15 so as to be capable of information communication.
  • the terminal 30 is a terminal operated by the operator 40, and its specific example is as described in the first exemplary embodiment.
  • the operation performed by the operator 40 using the terminal 30 is not an operation performed on the information processing apparatus 1A, but a personal transaction such as a financial transaction or a commercial transaction, or an instruction from the government based on laws, regulations, or the like. Or it refers to requested administrative procedures (procedures related to resident cards, family registers, etc., electronic tax payment, electronic voting, etc.).
  • the information processing device 1A is connected to the biological information model 20 via the communication unit 15 so that information communication is possible.
  • the function of the biometric model 20 is as described in the first exemplary embodiment.
  • the personal identification information acquisition unit 11, the biometric information acquisition unit 12, the identification unit 13, the communication unit 15, and the memory 16 do not need to be integrated into one information processing apparatus 1A. In other words, some or all of these may be dispersed and arranged at different locations. Also, some or all of these may be distributed and arranged on the cloud. Also, the biometric information model 20 may be placed in a different location from the above units, or may be placed on the cloud.
  • the biological information model 20 is, as described above, a machine learning model constructed by learning the normal biological information of the operator.
  • the biometric information model 20 acquires in advance the biometric information of the operator during normal times, and learns the biometric information patterns of the operator during normal times.
  • the biometric information model 20 provides an evaluation index indicating how much the biometric information matches the biometric information of the person in normal times. It derives and outputs to the identification unit 13 .
  • FIG. 4 is a flowchart showing an outline of information processing performed by the information processing apparatus 1A.
  • the information processing apparatus 1A acquires personal identification information and biometric information of the operator. Specifically, as for the personal identification information, the personal identification information acquisition unit 11 obtains the personal identification information input by the operator 40 from the terminal 30 . Moreover, the biometric information of the operator 40 is acquired by the biometric information acquisition unit 12 via the terminal 30 or the wearable device worn by the operator 40 . The biometric information acquired via the wearable device is confirmed to be the biometric information of the operator 40 by the biometric information acquiring unit 12 also acquiring the identification information (such as the MAC address) of the wearable device. can do.
  • the identification information such as the MAC address
  • the information processing device 1A performs identification processing using the identification model.
  • the identification unit 13 uses the biometric information model 20 to perform identification processing to identify whether or not an operation performed by a certain operator 40 was performed according to the original intention of the operator. do.
  • the information processing device 1A may perform processing according to the identification result. If the identification result is normal, that is, if it is identified that the operation was performed with the person's original intention, the information processing apparatus 1A does not process anything. On the other hand, when the identification result is abnormal, that is, when it is identified that the operation was not performed by the person's original intention, the information processing apparatus 1A may perform some processing.
  • the identification unit 13 records the acquired biometric information of the operator 40 as the operation information at the time of abnormality. good too.
  • An abnormal case is a case where it is identified that a certain operation was not performed intentionally by the person himself/herself. Operation information confirmed to be abnormal can be used for model learning. This makes it possible to further improve the model evaluation accuracy.
  • the identification unit 13 may send some kind of warning to the department in charge of security at the operation destination in the event of an abnormality.
  • the identification unit 13 may transmit to the police or the like that there is a possibility of an abnormal operation in the event of an abnormality.
  • the biological information model 20 learns in advance one or more characteristics of normal biological information for each of the multiple operators 40 .
  • the operator 40 operates the terminal 30 against his/her original intention by intimidation, coercion, fraud, or the like, his/her mental state is different from normal.
  • biometric information different from the biometric information at the time is acquired. For example, when a person is threatened or forced to become tense, the pulse rate often becomes higher than normal, and the body temperature often becomes higher than normal.
  • the facial expression is expected to change from normal, such as a tense facial expression and an increase in blinking. If the wearable device can measure the conductivity of the skin, it is expected that the conductivity will be different from normal. The same applies when the operator 40 thinks that an emergency operation must be performed due to transfer fraud or the like.
  • the keystrokes during input are expected to be different from normal. For example, it is expected that there will be a high rate of mistakes in inputting character strings (your name, password, etc.) that you are familiar with and do not normally make mistakes in inputting. In addition, it is conceivable that the character input speed will obviously slow down, and that input errors will increase as a whole.
  • the biological information model 20 compares the characteristics of the operator's normal biological information acquired via the terminal 30 or the wearable device with the characteristics of the biological information acquired during a certain operation, and compares the characteristics of the biological information acquired during a certain operation. It is possible to output an evaluation index that indicates the extent to which the biological information at the time matches (or differs from) the biological information from the person's normal operation.
  • the biometric information model 20 may have a plurality of biometric information models (hereinafter also simply referred to as "models").
  • FIG. 5 is a conceptual diagram showing that the biological information model 20 has a plurality of models.
  • the biological information model 20 includes a model 20A (model A), a model 20B (model B), and a model 20C (model C). Note that the biological information model 20 may include more models.
  • the identification unit 13 acquires information indicating the importance of the operation of the terminal 30, selects one of the plurality of biological information models according to the acquired information indicating the importance, and selects the selected biological information model. may be used to perform the identification process.
  • the identification unit 13 acquires information indicating the purpose of the operation of the terminal 30, selects one of the plurality of biological information models according to the acquired information indicating the purpose of the operation, and selects the selected biological information model. may be used to perform the identification process.
  • Fig. 6 is a table showing how to use different models depending on the importance or purpose of the operation content.
  • the identification unit 13 may use different models depending on the importance of the operation (for example, the amount of money processed by the operation). It is believed that operations involving large amount transactions are more stressful than operations involving small amounts. Therefore, the identification unit 13 may select a model to be used depending on the amount of money for operation.
  • a table 601 is a table for selectively using models according to the degree of importance.
  • model A is a model used when the importance of an operation is high. For example, if the amount of money input in a certain operation is greater than or equal to the first threshold (corresponding to high importance), the identification unit 13 determines that the amount of money input in a normal operation is greater than or equal to the first threshold. Identification processing is performed using a model A that has been learned using biometric information obtained at the time of operation.
  • the identification unit 13 determines that the operation amount is equal to or greater than the second threshold and less than the first threshold in normal times. Identification processing is performed using a model B that has been learned using biometric information obtained during the following operations. In addition, when the amount of money input in a certain operation is less than the second threshold (corresponding to low importance), the identification unit 13 normally recognizes the biometric information obtained when the operation is performed in which the amount of money for the operation is less than the second threshold. Discrimination processing is performed using the model C learned using .
  • the importance of operations is not limited to the amount of money.
  • the degree of importance of the operation includes at least one of the type of financial transaction, the amount of financial transaction, the type of commercial transaction, the amount of commercial transaction, the other party of the operation, and the frequency of operations performed on the other party in the past. It's okay.
  • the identification unit 13 may use different models depending on the purpose of operation. For example, depositing and withdrawing money at an ATM of a bank is considered to be a frequent operation and is familiar to the user. In addition, administrative procedures are considered to be unfamiliar due to the infrequent operation. Unfamiliar operations are considered to differ in degree of tension, input speed, etc. from familiar operations. Therefore, the identification unit 13 may use different models depending on the purpose of the operation.
  • a table 602 is a table for selectively using models depending on the purpose.
  • model A is a model used when the purpose of the operation is an operation for a purpose that is considered to be relatively frequent, such as financial transactions and commercial transactions.
  • Model B is a model used when the purpose of the operation is electronic voting, electronic tax payment, or the like.
  • Model C is a model used when the purpose of the operation is an administrative procedure other than electronic voting, electronic tax payment, or the like.
  • the biometric information model 20 may include both models of the table 601 and the table 602 of FIG.
  • the biometric information model 20 may quantify and output features of each biometric information. Since the pulse rate and body temperature are expected to vary greatly between normal and abnormal conditions, the identification unit 13 may set threshold values in advance for each pulse and body temperature. The biometric information model 20 may output to the identification unit 13 the difference between these numerical values acquired at the time of operation and the normal numerical values. Then, the identification unit 13 may compare the output difference with a preset threshold value to identify whether the operation was intentionally performed by the person himself/herself. In addition, the biometric information model 20 may quantify and output features obtained by combining some of a plurality of biometric information. In addition, the biometric information model 20 may quantify and output a feature obtained by combining all of a plurality of biometric information. Then, the identification unit 13 may compare the output numerical value with a threshold value. The method of quantifying the features is not limited either.
  • FIG. 7 is a conceptual diagram showing an example of how a model compares features of biometric information by combining some of a plurality of biometric information.
  • the biometric information model 20 may be trained using combined biometric information obtained by combining a plurality of normal biometric information. Then, the identification unit 13 may perform identification processing using the biometric information model 20 to determine whether or not the operation is performed intentionally by the person himself/herself. Thereby, the identification unit 13 can more accurately identify whether or not a certain operation is performed intentionally by the person himself/herself.
  • the illustrated example shows an example in which two biometric information out of four biometric information are combined to compare normal times and operating times.
  • the model derives features of two biometric information (a combination of two biometric information connected by a straight line in the figure) combined from four biometric information of keystrokes, pulse, body temperature, and facial expression. .
  • the features of the two combined biometric information are correlated, for example, when one is high, the other is high, and when one is high, the other is low (positive correlation is high or negative correlation is high). It is a feature.
  • the correlation degree of two biometric information is low, the combination may not be used.
  • the biometric information model 20 learns in advance the degree of correlation between two biometric information combinations during normal times. Then, it calculates and outputs an evaluation index (degree of matching, etc.) indicating how much the degree of correlation between two combinations of biometric information obtained in a certain operation matches the degree of correlation during normal times. good too. Then, the identifying unit 13 may compare the output degree of matching with a preset threshold to identify whether or not the operation is performed intentionally by the person himself/herself.
  • the biometric information may include at least one of keystrokes, pulse, body temperature, facial expression, and line of sight when input on a keyboard or touch panel, and may include biometric information other than these.
  • biometric information acquired by a device normally provided in a terminal or owned by many operators. This is because biometric information of many operators can be obtained and a model can be constructed efficiently.
  • the biological information model 20 is learned by acquiring normal biological information for each operator. However, due to its nature, it is difficult to obtain a large amount of biometric information for each operator during normal times, and it may be difficult to construct an accurate model for each operator. Therefore, it is preferable to let the biometric information model 20 learn the biometric information of an unspecified number of operators during normal times. As a result, it is possible to construct an average biological information model of the operator during normal times.
  • the average biological information model 20 learned using the normal biological information of an unspecified number of operators is further trained with the normal biological information of individual operators to modify the average model.
  • a model dedicated to each individual operator may be constructed. Then, when identifying a certain operation, the identifying unit 13 identifies whether or not the operation is performed intentionally by the operator using a model dedicated to the operator of the operation (the person himself/herself).
  • the identification unit 13 may set a threshold value to be referred to for identifying whether or not the operation is performed intentionally by the person, according to the amount of acquired biometric information of the operator during normal times. good.
  • the threshold may be changed according to the evaluation accuracy of the model.
  • the frequency of erroneously identifying an abnormality can be reduced by setting a threshold with a relatively large leeway (threshold with a high hurdle for determining abnormality). Then, as the amount of normal biometric information acquired for each individual increases, the threshold value may be changed so that normality and abnormality can be distinguished more accurately.
  • biometric information during normal times is acquired via the terminal 30 or the wearable device worn by the operator 40 .
  • the operator 40 may be requested to simulate a situation simulating the operation, and the data may be acquired as normal data. This makes it possible to acquire more data during normal times.
  • the operator 40 may acquire the identity verification information of another person by some means and pretend to be the person to perform the operation. Even in this case, the information processing device 1A can identify whether the operation was performed intentionally by the person identified by the person's identity verification information.
  • the biometric information of the person (person impersonating) acquired by the biometric information acquiring unit 12 is It is different from biometric information. Therefore, the biometric information model 20 outputs an evaluation index indicating that the biometric information is different from normal biometric information. Therefore, the identification unit 13 can identify that the operation was not performed intentionally by the person.
  • the biometric information model 20 is made to learn in advance the biometric information of the agent during normal times, and the biometric information model 20 compares the biometric information of the principal or the agent during normal times and evaluates the results. may be output.
  • the biometric information is personal information, it is preferable to obtain the consent of the operator 40 before obtaining the biometric information.
  • the acquired biometric information is preferably encrypted at the time of transmission.
  • the feature data may be transmitted, and the image itself may not be transmitted.
  • the transmitted biometric information is processed in the information processing apparatus 1A in an encoded state and cannot be decoded. By processing in this manner, it is guaranteed that even the administrator of the information processing apparatus cannot access the biometric information itself, and the privacy of the operator can be ensured.
  • the identification unit 13 acquires information indicating the importance or purpose of the operation of the terminal, and according to the information indicating the importance or purpose, , any one of a plurality of biometric information models 20A, 20B, and 20C is selected, and the selected biometric information model is used to execute identification processing. Therefore, according to the information processing apparatus 1A according to the present exemplary embodiment, in addition to the effects of the information processing apparatus 1 according to the first exemplary embodiment, the operation on the terminal is an operation based on the operator's intention. It is possible to obtain the effect of being able to more accurately identify whether or not there is.
  • FIG. 8 is a block diagram showing the configuration of an information processing device 1B according to exemplary embodiment 3 of the present invention.
  • the information processing apparatus 1B includes a control section 10A, a communication section 15, and a memory 16.
  • FIG. The configurations of the communication unit 15 and the memory 16 are as described in the first exemplary embodiment.
  • the information processing apparatus 1B generates an average biometric information model 20 or individual biometric information models 20 of the plurality of operators 40 from the biometric information of the plurality of operators 40 at normal times.
  • the information processing device 1B is connected to the terminal 30 via an information communication network N such as the Internet by the communication unit 15 so as to be capable of information communication.
  • the terminal 30 is a terminal operated by the operator 40 .
  • the information processing apparatus 1B is connected to the biological information model 20 via the communication unit 15 so as to be capable of information communication.
  • the control unit 10A includes an identity verification information acquisition unit 11, a biometric information acquisition unit 12, and a model construction unit 14.
  • the configurations of the personal identification information acquisition unit 11 and the biometric information acquisition unit 12 are as described in the first exemplary embodiment.
  • the model building unit 14 builds a normal biological information model of the operator from the normal biological information of the operator.
  • FIG. 9 is a flowchart showing an outline of information processing performed by the information processing apparatus 1B.
  • the model construction unit 14 acquires the identity verification information of the operator 40 acquired by the identity verification information acquisition unit 11 and the normal biometric information of the operator 40 acquired by the biometric information acquisition unit 12. and are input to the biometric information model 20 .
  • the biological information model 20 numerically calculates the features of the normal biological information of the operator 40 based on the received identity verification information of the operator 40 and the normal biological information of the operator (principal) 40. be converted into a formula or stored as a formula.
  • the method of quantifying or formulating the features is not limited.
  • the biometric information model 20 may learn information obtained by quantifying features of each biometric information among multiple biometric information. For example, the biometric information model 20 may learn the average value and standard deviation of numerical values for pulse or body temperature. Also, the biometric information model 20 may learn and store features obtained by combining some of a plurality of biometric information. For example, if there is a correlation between two pieces of biometric information, the correlation may be expressed as a mathematical formula and stored. In addition, the biometric information model 20 may store features obtained by combining all of a plurality of biometric information in numerical form or formula by learning.
  • biometric information model 20 may learn two or more biometric information having an invariant relationship among a plurality of biometric information.
  • Biometric information having an invariant relationship is biometric information that always has a specific interlocking relationship such that when one increases, the other increases, or when one increases, the other decreases.
  • the biometric information model 20 learns a combination of biometric information data having such an invariant relationship among the biometric information data input from the model construction unit 14 and creates a relational expression therefor. There may be a plurality of relational expressions of the invariant relation.
  • the relational expression can be learned and generated by machine learning.
  • the biological information model 20 that has learned the relational expression can output an evaluation value indicating how much the biological information acquired at the time of operation matches the pre-learned relational expression.
  • the identification unit 13 can comprehensively compare the plurality of evaluation values with a predetermined threshold to identify whether the operation was performed intentionally by the person himself/herself.
  • the biological information model 20 can be learned using normal biological information data and abnormal (or abnormal) data.
  • the biometric information model 20 uses the training biometric information data labeled normal and the biometric training data labeled abnormal, which are input from the model construction unit 14, to determine whether normal and abnormal You may learn the biological information of time. Learning using labeled data can be performed by machine learning using a neural network or the like.
  • the learned biological information model 20 can output the probability that the biological information acquired at the time of operation is normal and abnormal.
  • the identification unit 13 can compare this probability with a predetermined threshold to identify whether the operation was performed intentionally by the person himself/herself.
  • the biological information model 20 is preferably constructed for each operator 40 .
  • the information processing apparatus 1B uses all the biometric information of the plurality of operators 40 to build an average biometric information model of the operator 40 during normal times, as described in the second exemplary embodiment. good too. Then, the information processing apparatus 1B may add the biometric information of each operator 40 to the average biometric information model to construct a model for each operator 40 individually.
  • the personal identification information acquiring unit 11 acquires the personal identification information input from the terminal 30, and the biometric information acquiring unit 12 40 is obtained, and the model construction unit 14 constructs a normal biological information model of the operator 40 from the normal biological information of the operator 40 .
  • the normal biometric information of the person (operator) specified by the input identity verification information is acquired, and the biometric information stored with the characteristics is acquired.
  • FIG. 10 is a flow chart showing the flow of the information processing method S2.
  • the information processing method S2 includes the following steps.
  • at step S21 at least one processor (for example, the personal identification information obtaining unit 11) obtains personal identification information input from the terminal.
  • at least one processor for example, the biometric information acquisition unit 12 acquires the biometric information of the terminal operator.
  • at least one processor for example, the model building unit 14 builds a normal biometric information model of the operator from the normal biometric information of the operator.
  • At least one processor acquires the identity verification information input from the terminal, acquires the biometric information of the terminal operator, A configuration including constructing a normal biometric information model of the operator from normal biometric information of the operator is employed.
  • a biometric information model is constructed that can identify whether the operation was performed intentionally by the person himself/herself. You can get the effect that you can.
  • FIG. 11 is a block diagram showing the configuration of an information processing device 1C according to this exemplary embodiment.
  • the information processing apparatus 1C includes a control section 10C, a communication section 15, a memory 16, and a display section 19.
  • FIG. The configurations of the communication unit 15 and the memory 16 are as described in the first exemplary embodiment.
  • the display unit 19 may be, for example, a display. Also, instead of or in addition to the display, an alarm lamp or an alarm sound generator may be provided. Although the display unit 19 is included in the information processing apparatus 1C in the example shown in FIG. 11, the display unit 19 may be arranged outside the information processing apparatus 1C.
  • the information processing device 1C identifies whether or not a certain operation is being performed by the person's intention, and updates the biometric information identification model sequentially every time biometric information in normal times is newly acquired.
  • the information processing device 1C is connected to the terminal 30 via an information communication network N such as the Internet by the communication unit 15 so as to be capable of information communication.
  • the information processing device 1C is connected to the biological information model 20 via the communication unit 15 so as to be capable of information communication.
  • the control unit 10C includes an identity verification information acquisition unit 11, a biometric information acquisition unit 12, an identification unit 13, a model update unit 17, and an output unit 18.
  • the configurations of the personal identification information acquisition unit 11, the biometric information acquisition unit 12, and the identification unit 13 are as described in the above exemplary embodiments.
  • the model updating unit 17 updates the biometric information model 20 .
  • the model updating unit 17 may have the same functions as the model building unit 14 .
  • the output unit 18 outputs information to be displayed on the display unit 19 .
  • the information processing device 1C identifies whether or not a certain operation is performed intentionally by the person himself/herself. In addition, the information processing apparatus 1C updates the biometric information model 20 of the operator 40 by using the newly acquired biometric information of the operator 40 in the normal state. Further, in the information processing device 1C, the output unit 18 outputs warning information when the identification unit 13 identifies that a certain operation is not performed intentionally by the person. The output warning information is transmitted to the display unit 19 and displayed.
  • FIG. 12 is an example of warning information displayed on the display unit 19, which is a display.
  • the warning information may include the possibility that an abnormal operation has been performed, the date and time of the operation, the terminal information on which the operation was performed, the operator, and the like.
  • a remittance operation at a bank's ATM is identified as an abnormal operation, such content may be displayed on the display unit 19 located in the bank's security department.
  • the person in charge at the bank can ask the operator who performed the operation about the situation and check if there is anything suspicious.
  • a suspicious situation is clearly seen from a camera or the like, it is possible to take measures to interrupt the processing at the ATM.
  • the output unit 18 that outputs warning information when the identification unit 13 identifies that a certain operation was not performed intentionally by the person is The configuration provided is adopted. Therefore, according to the information processing apparatus 1C according to the present exemplary embodiment, in addition to the effects of the information processing apparatus 1 according to the first exemplary embodiment, an operation that may not have been performed intentionally by the person himself/herself can be performed. By outputting warning information when an error is detected, it is possible to obtain an effect that a person in charge of a security department or the like can take some action against an operation identified as abnormal.
  • the information processing apparatus 1C includes a model updating unit 17 that updates the biometric information model 20 of the operator 40 using the newly acquired biometric information of the operator 40 in the normal state. configuration is adopted. Therefore, according to the information processing apparatus 1C according to the present exemplary embodiment, in addition to the effects of the information processing apparatuses 1 and 1A according to the first and second exemplary embodiments, updating the biological information model 20 further improves It is possible to obtain the effect of being able to continue constructing a highly accurate model.
  • Some or all of the functions of the information processing apparatuses 1, 1A, 1B, and 1C may be implemented by hardware such as integrated circuits (IC chips), or by software. may be realized by
  • the information processing device 1 and the like are implemented by, for example, a computer that executes instructions of a program that is software that implements each function.
  • a computer that executes instructions of a program that is software that implements each function.
  • An example of such a computer (hereinafter referred to as computer C) is shown in FIG.
  • Computer C comprises at least one processor C1 and at least one memory C2.
  • a program P for operating the computer C as the information processing apparatus 1 or the like is recorded in the memory C2.
  • the processor C1 reads the program P from the memory C2 and executes it, thereby realizing each function of the information processing apparatus 1 and the like.
  • processor C1 for example, CPU (Central Processing Unit), GPU (Graphic Processing Unit), DSP (Digital Signal Processor), MPU (Micro Processing Unit), FPU (Floating point number Processing Unit), PPU (Physics Processing Unit) , a microcontroller, or a combination thereof.
  • memory C2 for example, a flash memory, HDD (Hard Disk Drive), SSD (Solid State Drive), or a combination thereof can be used.
  • the computer C may further include a RAM (Random Access Memory) for expanding the program P during execution and temporarily storing various data.
  • Computer C may further include a communication interface for sending and receiving data to and from other devices.
  • Computer C may further include an input/output interface for connecting input/output devices such as a keyboard, mouse, display, and printer.
  • the program P can be recorded on a non-temporary tangible recording medium M that is readable by the computer C.
  • a recording medium M for example, a tape, disk, card, semiconductor memory, programmable logic circuit, or the like can be used.
  • the computer C can acquire the program P via such a recording medium M.
  • the program P can be transmitted via a transmission medium.
  • a transmission medium for example, a communication network or broadcast waves can be used.
  • Computer C can also obtain program P via such a transmission medium.
  • Appendix 2 Some or all of the above-described embodiments may also be described as follows. However, the present invention is not limited to the embodiments described below.
  • Appendix 1 Personal identification information acquisition means for acquiring personal identification information input from a terminal; biometric information acquisition means for acquiring biometric information of an operator of the terminal; By referring to one or a plurality of biometric information models, the biometric information acquired by the biometric information acquisition means, and the identity verification information acquired by the identity verification information acquisition means, whether the operation is performed intentionally by the person. and identification means for executing identification processing for identifying whether or not an information processing apparatus.
  • the identifying means acquires information indicating the degree of importance of the operation of the terminal, selects one of the plurality of biological information models according to the obtained information indicating the degree of importance, and selects the selected biological information model.
  • the identifying means acquires information indicating the purpose of the operation of the terminal, selects one of the plurality of biological information models according to the acquired information indicating the purpose of the operation, and selects the selected biological information model.
  • the degree of importance of the operation includes at least one of a type of financial transaction, an amount of financial transaction, a type of commercial transaction, an amount of commercial transaction, a counterparty of the operation, and a frequency of operations performed on the counterparty in the past.
  • the information processing apparatus according to appendix 2 characterized by:
  • the identifying means sets a threshold value referred to for identifying whether the operation is performed intentionally by the person, according to the amount of acquired biometric information of the operator during normal times.
  • the information processing apparatus according to any one of appendices 1 to 5, characterized by:
  • the identification means records the acquired biological information of the operator as operation information in an abnormal state when the result of the identification processing indicates that the operation was not performed by the person himself/herself. 7.
  • the information processing apparatus according to any one of appendices 1 to 6, characterized by:
  • the operation information confirmed as abnormal can be used for model learning, for example. This makes it possible to further improve the accuracy of the model.
  • the biometric information model is learned using combined biometric information obtained by combining a plurality of the biometric information in normal times, and the identification means determines whether or not the operation is performed intentionally by the person himself/herself.
  • the information processing apparatus according to any one of appendices 1 to 7, wherein the identification processing is performed using the biological information model.
  • Appendix 9 9. The information processing according to any one of appendices 1 to 8, wherein the biometric information includes at least one of keystrokes, pulse, body temperature, facial expression, and line of sight when input by a keyboard or touch panel. Device.
  • the biometric information is easy to obtain, the biometric information of many operators can be obtained, and the model can be efficiently constructed.
  • Appendix 10 10. The information processing apparatus according to any one of appendices 1 to 9, further comprising output means for outputting warning information when the identification means identifies that the operation is not performed intentionally by the person.
  • the person in charge of the security department can take some action against the operation identified as abnormal.
  • Personal verification information acquisition means for acquiring personal verification information input from a terminal; biometric information acquisition means for acquiring biometric information of an operator of the terminal; and model building means for building a normal biological information model.
  • At least one processor acquires identity verification information input from a terminal, acquires biometric information of an operator of the terminal, and learns one or more using the operator's normal biometric information identifying whether or not the operation is performed intentionally by the person, by referring to the biometric information model of , the acquired biometric information, and the acquired identity verification information.
  • Appendix 13 A process of acquiring identity verification information input from a terminal to a computer, a process of acquiring biometric information of an operator of the terminal, and one or more learned using the biometric information of the operator during normal times Information processing for executing a process of identifying whether or not the operation is performed intentionally by the person by referring to the biometric information model, the acquired biometric information, and the acquired identity verification information. program.
  • identification accuracy can be further improved by updating the biometric information model while performing identification processing.
  • At least one processor includes an identity verification information acquisition process for acquiring identity verification information input from a terminal, a biometric information acquisition process for acquiring biometric information of an operator of the terminal, and a biometric information acquisition process for the operator.
  • an identity verification information acquisition process for acquiring identity verification information input from a terminal
  • a biometric information acquisition process for acquiring biometric information of an operator of the terminal
  • a biometric information acquisition process for the operator.
  • An information processing apparatus that executes an identification process for identifying whether or not.
  • the information processing apparatus may further include a memory, and the memory stores a program for causing the processor to execute the personal identification information acquisition process, the biometric information acquisition process, and the identification process. may be stored. Also, this program may be recorded in a computer-readable non-temporary tangible recording medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Afin de fournir une technologie d'identification, sur la base d'informations de vérification d'identité entrées par un opérateur et d'informations biométriques dudit opérateur, si une opération effectuée sur un terminal est basée sur l'intention de l'opérateur, un dispositif de traitement d'informations (1) comprend : un moyen d'acquisition d'informations de vérification d'identité (11) permettant d'acquérir des informations de vérification d'identité entrées par l'intermédiaire d'un terminal ; un moyen d'acquisition d'informations biométriques (12) permettant d'acquérir des informations biométriques de l'opérateur du terminal ; et un moyen d'identification (13) permettant d'exécuter un processus d'identification dans lequel un ou plusieurs modèles d'informations biométriques formés à l'aide d'informations biométriques de ligne de base de l'opérateur, ainsi que des informations biométriques acquises par le moyen d'acquisition d'informations biométriques et des informations de vérification d'identité acquises par le moyen d'acquisition d'informations de vérification d'identité, sont référencés pour identifier si une opération est ou non exécutée sur la base de l'intention de l'opérateur.
PCT/JP2021/044758 2021-12-06 2021-12-06 Dispositif de traitement d'informations, procédé de traitement d'informations et programme WO2023105586A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/044758 WO2023105586A1 (fr) 2021-12-06 2021-12-06 Dispositif de traitement d'informations, procédé de traitement d'informations et programme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/044758 WO2023105586A1 (fr) 2021-12-06 2021-12-06 Dispositif de traitement d'informations, procédé de traitement d'informations et programme

Publications (1)

Publication Number Publication Date
WO2023105586A1 true WO2023105586A1 (fr) 2023-06-15

Family

ID=86729788

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/044758 WO2023105586A1 (fr) 2021-12-06 2021-12-06 Dispositif de traitement d'informations, procédé de traitement d'informations et programme

Country Status (1)

Country Link
WO (1) WO2023105586A1 (fr)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005107668A (ja) * 2003-09-29 2005-04-21 Animo:Kk 生体認証方法及びプログラム並びに装置
JP2005293209A (ja) * 2004-03-31 2005-10-20 Ntt Data Corp 個人認証装置、情報端末、個人認証方法、およびプログラム
JP2007072871A (ja) * 2005-09-08 2007-03-22 Oki Electric Ind Co Ltd 生体認証による個人認証方法および装置
WO2015189967A1 (fr) * 2014-06-12 2015-12-17 日立マクセル株式会社 Dispositif de traitement d'informations, système de démarrage de logiciel d'application et procédé de démarrage de logiciel d'application
CN109886697A (zh) * 2018-12-26 2019-06-14 广州市巽腾信息科技有限公司 基于表情组别的操作确定方法、装置及电子设备
US20190295203A1 (en) * 2018-03-22 2019-09-26 Samsung Electronics Co., Ltd. Electronic device and authentication method thereof
JP6928191B1 (ja) * 2021-03-11 2021-09-01 功憲 末次 認証システム、プログラム

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005107668A (ja) * 2003-09-29 2005-04-21 Animo:Kk 生体認証方法及びプログラム並びに装置
JP2005293209A (ja) * 2004-03-31 2005-10-20 Ntt Data Corp 個人認証装置、情報端末、個人認証方法、およびプログラム
JP2007072871A (ja) * 2005-09-08 2007-03-22 Oki Electric Ind Co Ltd 生体認証による個人認証方法および装置
WO2015189967A1 (fr) * 2014-06-12 2015-12-17 日立マクセル株式会社 Dispositif de traitement d'informations, système de démarrage de logiciel d'application et procédé de démarrage de logiciel d'application
US20190295203A1 (en) * 2018-03-22 2019-09-26 Samsung Electronics Co., Ltd. Electronic device and authentication method thereof
CN109886697A (zh) * 2018-12-26 2019-06-14 广州市巽腾信息科技有限公司 基于表情组别的操作确定方法、装置及电子设备
JP6928191B1 (ja) * 2021-03-11 2021-09-01 功憲 末次 認証システム、プログラム

Similar Documents

Publication Publication Date Title
Ali et al. Keystroke biometric systems for user authentication
US11882118B2 (en) Identity verification and management system
US10643210B2 (en) Secure transactions using a personal device
US11757869B2 (en) Biometric signature authentication and centralized storage system
Chen et al. Taprint: Secure text input for commodity smart wristbands
US20150347734A1 (en) Access Control Through Multifactor Authentication with Multimodal Biometrics
US20210029112A1 (en) Taptic authentication system and method
CN109314641A (zh) 用于核实同态加密数据并对其执行操作的系统和方法
US11580002B2 (en) User effort detection
JP2017524998A (ja) 本人照合を行うための方法およびシステム
US20210026942A1 (en) Securing electronic documents with fingerprint/biometric data
CN113886885A (zh) 数据脱敏方法、数据脱敏装置、设备及存储介质
Corpus et al. Mobile user identification through authentication using keystroke dynamics and accelerometer biometrics
Maiorana et al. Mobile keystroke dynamics for biometric recognition: An overview
CN112634017A (zh) 远程开卡激活方法、装置、电子设备及计算机存储介质
Shadman et al. Keystroke dynamics: Concepts, techniques, and applications
US20200137213A1 (en) Evaluating environmental information during a transaction
WO2023105586A1 (fr) Dispositif de traitement d'informations, procédé de traitement d'informations et programme
JP2019012303A (ja) 仮想通貨取引システム、仮想通貨取引装置、及び仮想通貨取引プログラム
JP2018085010A (ja) 本人性判定装置、および、本人性判定方法
JP2016071598A (ja) 認証装置、認証システムおよびプログラム
TWM626411U (zh) 無卡式金融交易系統及主機伺服器
CN113508371B (zh) 用于改进计算机标识的系统和方法
Stylios et al. Continuous authentication with feature-level fusion of touch gestures and keystroke dynamics to solve security and usability issues
Shang et al. Lightdefender: Protecting pin input using ambient light sensor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21967092

Country of ref document: EP

Kind code of ref document: A1