JP4065821B2 - Mobile terminal and security management method for mobile terminal - Google Patents

Description

  The present invention relates to a mobile terminal security management method.

  Mobile terminals such as PHS (Personal Handy-phone System: registered trademark) and mobile phones are equipped with a key lock function as a security management mechanism for avoiding unauthorized use when lost. This function allows a call or the like on the condition that a preset personal identification number is entered. However, since this function requires a troublesome operation such as setting or releasing a lock, it is rarely used in reality. .

  Recently, a technique for preventing abuse by a person other than a legitimate user by mounting a fingerprint authentication unit on a mobile terminal and collating the fingerprint by placing a finger on the unit has been put into practical use. According to this technique, it is possible to authenticate a valid user without forcing the user to perform a troublesome operation such as inputting a personal identification number.

  Furthermore, although it has not yet been put into practical use, it is disclosed in Patent Document 2 in an attempt to limit the use by a non-authorized user by applying the technology disclosed in Patent Document 1 to a mobile terminal. Attempts have also been made to construct a system for tracking the Service-to-Self who illegally use a lost mobile terminal by using the technology.

  Patent Document 1 discloses a keyphone system that can limit the type of service to be provided to each subscriber according to its grade. According to this document, this system is composed of a keyphone main device and a plurality of keyphone terminals, and this keyphone terminal further includes a card reader. The keyphone main unit stores each grade in association with the type of service to be provided to each grade subscriber. The outline of the operation of this system is as follows. When the subscriber uses the keyphone, the keyphone terminal reads out the grade data from the grade card distributed to the subscriber and transmits it to the keyphone main unit. The keyphone main unit that has received the grade data notifies the keyphone terminal of the type of service that may be provided to the subscriber of the grade. The key phone terminal provides a service permitted by the key phone main device to the subscriber.

  Patent Document 2 discloses a system that can track the location of an unauthorized user of a mobile phone that has been lost or stolen. According to this document, this system is composed of a mobile phone, a service node, a plurality of operator nodes, and the like. The owner of a mobile phone is entitled to receive services from the operator node of this operator by disclosing the mobile phone serial number and other personal information to the operator and receiving a SIM card. Get. In this SIM card, a SIM identifier that matches the serial number is stored in advance. The outline of the operation of this system is as follows. First, the owner inserts his SIM card into the mobile phone. Then, the mobile phone determines whether or not the SIM identifier read from the SIM card matches the serial number stored in the mobile phone. If they are SIM cards of the right owner of the mobile phone, they match and can receive service from the operator node. On the other hand, if they do not match, the service node is notified of this and the SIM identifier of the inserted SIM card. The service node that has received the notification specifies the location of the mobile phone. Further, the SIM identifier is delivered to the operator node, and personal information corresponding to this is obtained.

JP 10-70605 A Special table 2000-510303

  As described above, a mobile terminal equipped with a fingerprint authentication unit has already been put into practical use as a mechanism for ensuring the security of the mobile terminal. It is more expensive than the terminal. On the other hand, if the mechanisms disclosed in Patent Documents 1 and 2 are applied, it is possible to reliably prevent misuse of a lost mobile terminal, but all of the mechanisms disclosed in these documents have special functions. Since the installed server device is an indispensable component, it cannot be introduced unless the system configuration of the existing mobile communication network is significantly changed.

  The present invention has been devised under the background as described above, and provides a security management method for a mobile terminal that does not require modification of an existing mobile communication network and can be introduced at low cost. Its purpose is to provide.

Mobile terminal is successful optimal embodiment of the present invention, the detachable data storage module, the authentication information preset for each service realized by hardware of the terminal associated respectively with a service identifier indicating the respective service Storage means, acquisition means for acquiring each set of service identifiers and authentication information associated therewith from the attached data storage module, and storage means associated with each service identifier. Authentication information that is associated with each service identifier and the authentication information acquired by the acquisition unit, respectively, and a determination unit that permits provision of the service that is determined to match the two authentication information.

  According to another preferred aspect of the present invention, there is provided a security management method comprising: a mounting process in which a mobile terminal mounts a data storage module; and a hardware of the terminal in the data storage module in which the mobile terminal is mounted The request process for requesting delivery of authentication information of each service realized by the above, and the data storage module reads each set of the service identifier indicating the service and the authentication information of this service from its own storage means and delivers it to the mobile terminal The delivery process, the mobile terminal collates each authentication information stored in its storage means in association with each service identifier, and the authentication information acquired in association with each service identifier in the delivery process. And a determination process for permitting the provision of the service determined that the authentication information matches.

The mobile terminal according to the present invention does not provide a service unless the authentication information acquired from the data storage module matches the authentication information stored in advance in its own storage means. It is possible to reliably avoid a risk that the stolen terminal is illegally used by another person.

(A: 1st Embodiment)
The feature of the mobile terminal according to this embodiment is provided to the user of this terminal by performing authentication for each service unit using information stored in a data storage module called UIM (User Identity Module). The service can be restricted for each type.

  Here, “service” in the present embodiment means a service realized by controlling the hardware of the mobile terminal. Specifically, a call service for sending and receiving voice data to and from a terminal that is a call partner, an address management service for registering phone numbers and e-mail addresses of acquaintances and browsing the registered contents, and a specific terminal Each of them corresponds to a mail service that transmits an e-mail addressed to an address and receives an e-mail addressed to itself, and a browsing service that acquires and displays data existing in a specific URL (uniform resource locator).

(A-1: Mobile terminal)
FIG. 1 is a block diagram showing a hardware configuration of a mobile terminal. This mobile terminal includes a radio communication unit (for example, having an antenna, a radio unit, a transmitter, a receiver, etc.) 20 that performs radio communication with a base station (not shown), and a sound generation unit (for example, a sound source, a speaker, etc.) 21), a sound collecting unit (for example, having a microphone) 22 for collecting sound, an input unit 23 for performing input operations such as numeric input and character input, a liquid crystal display unit 24 having a display area of a predetermined size, data A module interface unit 25 for inputting / outputting data between the storage module and the terminal, a CPU 26 for performing various controls, a RAM 27 used as a work area for the CPU 26, a table for associating data, a flash for storing various setting contents, etc. A memory 28 and a ROM 29 that stores various programs in advance are provided.
Here, the above-described flash memory 28 stores a terminal-side authentication code table 28t.
FIG. 2 shows the data structure of the terminal side authentication code table 28t. The table is an aggregate of a plurality of records each corresponding to one service. Here, one record corresponding to one service has a “service” field, an “authentication code” field, and an “activation flag” field.
In the “service” field, a service identifier indicating each service is stored in advance. Specifically, data of “call” indicating a call service, “address management” indicating an address management service, “mail” indicating a mail service, and “browser” indicating a browsing service are stored.
Authentication information is stored in the “authentication code” field. The authentication information is a unique character string that is a key for determining whether or not to permit use of each service. Since the character string as the authentication information is determined by the purchaser of the mobile terminal at the time of the initial setting process described later, data is not stored in the “authentication code” feed when the terminal is shipped.
In the “activation flag” field, a flag indicating a state in which use of each service is permitted is temporarily stored.

In addition to an OS (not shown), the ROM 29 stores a security management program 29a, a call application 29b, an address management application 29c, a mailer application 29d, and a browser application 29e.
The security management program 29a is a program that gives the CPU 26 a function specific to this embodiment. By causing the CPU 26 to execute this program, an initial setting process, a user authentication process, and a setting change process, which will be described in detail later, are realized.

  The call application 29b is a program describing a control procedure for realizing the above-described call service. The address management application 29c is a program describing a control procedure for realizing an address management service. The mailer application 29d is a program describing a control procedure for realizing a mail service. The browser application 29e is a program that describes a control procedure for realizing a browsing service. By executing each of these applications under the control of the OS, each part of the mobile terminal is controlled and a service is provided.

(A-2: Configuration of data storage module)
FIG. 3 is a block diagram showing a hardware configuration of the data storage module. As described above, this data storage module is a UIM and is to be sold as a set with the mobile terminal described above.
As shown in the figure, the data storage module includes an external interface unit 45, a CPU 46, a RAM 47, an EEPROM 48, and a ROM 49.
The external interface unit 45 controls data communication performed with the mobile terminal. The RAM 47 is used as a work area for the CPU 46, and temporarily stores programs executed by the CPU 46 and various data. The ROM 49 stores a control program executed by the CPU 46 in advance.

The EEPROM 48 is a rewritable nonvolatile storage element.
FIG. 4 is a conceptual diagram showing the memory space of the EEPROM 48.
As shown in the figure, the EEPROM 48 has a PIN (Personal Identity Number) code storage area 48a, a personal information storage area 48b, a history information storage area 48c, and an authentication code storage area 48d. A PIN code is stored in the PIN code storage area 48a. The PIN code is a unique code for authenticating an authorized user of the data storage module. The data storage module is shipped with this PIN code recorded. The instruction manual attached to the data storage module includes the PIN code recorded in the module, and the purchaser can understand the PIN code by referring to the instruction manual. It has become.
The personal information storage area 48b stores personal information such as a subscriber ID such as a telephone number indicating the owner of the data storage module, a credit card number, and a bank account number. In the history information storage area 48c, history information relating to the owner's call, incoming call, call duration, etc. is stored.

A module side authentication code table 48t is stored in the authentication code storage area 48d.
FIG. 5 shows the data structure of the module side authentication code table 48t. Similar to the table shown in FIG. 2, this table is an aggregate of a plurality of records each corresponding to each service provided by the mobile terminal. One record of this table has a “service” field and an “authentication code” field. However, it does not have a “start flag” field.
Here, the data storage module in the present embodiment records the service identifiers of “call”, “address management”, “mail”, and “browser” in the “service” field of the module-side authentication code table 48t. Shipped in state.

(A-3: Operation of mobile terminal)
The operation of this embodiment is divided into an initial setting process, a user authentication process, and a setting change process. The initial setting process is a process for setting each authentication information of the mobile terminal and the data storage module, and is executed immediately after the purchased mobile terminal is activated. The user authentication process is a process for determining the type of service to be provided by the mobile terminal according to the stored contents of the data storage module, and is executed every time the terminal is started after the initial setting process is completed. Is. The setting change process is a process for changing all or part of authentication information once set.

<Initial setting process>
FIG. 6 is a flowchart showing the initial setting process.
As described above, in this embodiment, the mobile terminal and the data storage module are to be sold as a set. Then, when the mobile terminal is turned on by a person who has purchased this set, an initial setting process is started.

When the power is turned on, the CPU 26 of the mobile terminal activates the OS and then reads the security management program 29a from the ROM 29 and activates it (S110).
Subsequently, the CPU 26 displays a message such as “Please install the data storage module because the authentication code is initialized” on the liquid crystal display unit 24 (S120). The operator of the mobile terminal attaches the data storage module to the mobile terminal.

  When it is detected that the data storage module is installed, the CPU 26 starts supplying an external voltage and an external clock to the data storage module to activate the data storage module (S130). The CPU 46 of the data storage module that has received the voltage reads the control program from the ROM 49 and activates it (S140).

The CPU 26 of the mobile terminal displays a service selection screen on the liquid crystal display unit 24 (S150).
FIG. 7 shows a service selection screen. In the upper part of the screen, a message such as “Please select the service for which you want to set the authentication code.” Is displayed. Below that, the name of the service and the buttons labeled “Set” and “Do not set” respectively. Each set of is displayed. In addition, a button labeled “OK” is displayed at the bottom of the screen.

The operator of the mobile terminal operates the input unit 23 to display the cursor on either “set” or “not set” and select it. Then, after repeating this selection for all the services displayed on the same screen, the cursor is displayed on “OK” and selected.
The CPU 26 identifies a record associated with the service for which the “not set” button is selected from the terminal side authentication code table 28t, and stores data “FREE” in the “authentication code” field of this record ( S160). The data “FREE” indicates that the service is used without the condition that the authentication information matches.

Subsequently, the CPU 26 displays an authentication code setting screen on the liquid crystal display unit 24 (S170).
FIG. 8 shows an authentication code setting screen. In the upper part of the screen, “Set the authentication code for the following services. Please record the authentication code that you set in a memo etc. You will need it later when you change the authentication code. Is displayed, and below that, the service name of each service for which “Set” is selected on the service selection screen shown in FIG. 7 and an input field for inputting the authentication code of the service are displayed. Is done. FIG. 8 shows a case where “set” is selected for three of “address management service”, “mail service”, and “browsing service”. In addition, a button labeled “OK” is displayed at the bottom of the screen.
The operator of the mobile terminal operates the input unit 23 to input an arbitrarily selected character string into each input field, and then selects the “confirm” button by performing cursor display. It is desirable to enter different character strings in these input fields.

  The CPU 26 of the mobile terminal stores each input character string in the terminal side authentication code table 28t of the flash memory 28 (S180). Specifically, the character string input from the input field corresponding to each service is stored as authentication information in the “authentication code” field of the record corresponding to each service displayed on the authentication code setting screen. Execute the process.

Subsequently, the CPU 26 displays an authentication code presentation screen on the liquid crystal display unit 24 (S190).
FIG. 9 shows an authentication code presentation screen. On the top of the screen, “The authentication codes set this time are as follows. The following services cannot be used unless the authentication code is recorded in the module. However, for the services that are not scheduled to be used for the time being, If you do not record it, it is safer, and what message will you record the authentication code for? Below that, the name of each service for which an authentication code has been set, the set authentication code, and a set of buttons labeled “record” and “not record” are displayed. In addition, a button labeled “OK” is displayed at the bottom of the screen. Here, FIG. 9 does not show an authentication code and a button corresponding to “browsing service”, but these can be displayed by scrolling the screen downward.
The operator of the mobile terminal operates the input unit 23 to select “record” or “do not record” by performing cursor display. Then, after repeating this selection for all the services displayed on the same screen, the cursor is displayed on “OK” and selected.

The CPU 26 reads a set of service identifier and authentication information corresponding to each service for which “record” is selected from the terminal side authentication code table 28t of the flash memory 28 (S200). Then, the CPU 26 delivers the set of the read service identifier and authentication information to the data storage module (S210).
The CPU 46 of the data storage module stores each authentication information acquired from the mobile terminal in the module side authentication code table 48t of the EEPROM 48 in association with these information and each service identifier acquired as a set (S220).
This completes the initial setting process.

<User authentication processing>
FIG. 10 is a flowchart showing the user authentication process. This process is started when the power supply (not shown) of the mobile terminal is turned on again after the above-described initial setting process is performed.
When the power is turned on, the CPU 26 of the mobile terminal activates the OS (not shown) and then activates the security management program 29a read from the ROM 49 (S310).
Subsequently, the CPU 26 detects from the module interface unit 25 whether or not a data storage module is attached to the CPU 26 (S320).

When the CPU 26 cannot detect that the data storage module has been installed, the CPU 26 displays a message such as “This mobile phone cannot be used without the data storage module. Please insert your module into the slot”. It is displayed on the part 24 (S330).
When detecting that the data storage module is mounted, the CPU 26 starts supplying an external voltage and an external clock to the data storage module to activate the data storage module (S340).

When the external voltage is supplied, the CPU 46 of the data storage module reads the control program from the ROM 49 and starts it (S350). Subsequently, the CPU 46 reads the PIN code from the EEPROM 48 and delivers it to the mobile terminal (S360).
The CPU 26 of the mobile terminal that has acquired the PIN code stores the PIN code on the RAM 27 and displays a message such as “Please enter PIN code” and a PIN code input field on the liquid crystal display unit 24 ( S370). The operator of the mobile terminal referring to this message operates the input unit 23 and inputs the PIN code in the input field.

The CPU 26 of the mobile terminal collates the input PIN code with the PIN code acquired from the data storage module, and determines whether or not they match (S380).
When the two do not match, the CPU 26 displays a message such as “PIN code is different. Please input again” and a PIN code input field on the liquid crystal display unit 24 (S390).
When the two match, the CPU 26 requests the data storage module to deliver the authentication information (S400).
The CPU 26 of the data storage module that has acquired this request reads each set of service identifier and authentication information associated therewith from the module-side authentication code table 48t of the EEPROM 48, and delivers it to the mobile terminal (S410). For services in which no data is stored in the “authentication code” field of the table, data “NO CODE” indicating that no authentication information exists is delivered instead of the authentication information.

The CPU 26 of the mobile terminal that has acquired each set of service identifiers and authentication information associates these service identifiers with each authentication information stored in the terminal-side authentication code table 28t and each authentication information acquired from the data storage module. Are collated (S420).
Then, the CPU 26 specifies a record of the service that is determined that the authentication information matches as a result of the collation from the terminal side authentication code table 28t (S430). Here, the service in which the data “FREE” is stored in the “authentication code” field is treated as being unconditionally matched.
Further, the CPU 26 stores data “1” indicating that the provision of the service is permitted in the “usage permission flag” field of the identified record (S440). For example, if the authentication information for the call service and the address management service match, but the mail service and the browsing service do not match, the “usage permission flag” of each record of the call service and the address management service is set. “1” is stored in the field.

Subsequently, the CPU 26 displays a standby screen on the liquid crystal display unit 24 (S450). As a result, the mobile terminal is ready to provide each service.
However, the services provided in this state are limited to the services that are permitted by the processing of step 440. Specifically, the types of services provided are limited by performing the following processing.
First, when an operation to use a specific service is performed in a state where the standby screen is displayed, the CPU 26 of the mobile terminal specifies the record associated with this service from the terminal side authentication code table 28t and specifies it. Reference is made to whether or not the flag “1” is recorded in the “usage permission flag” field of the record.
If “1” is recorded in the “use permission flag” field, the application corresponding to this service is read from the ROM 29 onto the RAM and activated. Subsequently, a “job” indicating the processing content for providing the requested service is generated, and this job is executed using the application read onto the RAM. When the job has been executed, the application is deleted from the RAM.
On the other hand, when “1” is not recorded in the “use permission flag” field, a message such as “the service cannot be used” is displayed on the liquid crystal display unit 24.

<Setting change processing>
FIG. 11 is a flowchart showing the setting change process. This process is triggered by the fact that an operation for shifting to the setting change mode is performed in a state where the awaiting screen is displayed.
When an operation for changing to the setting change mode is performed, the CPU 26 displays an authentication code input screen on the liquid crystal display unit 24 (S510). Specifically, a service that specifies data whose data other than “FREE” is stored in the “authentication code” field and prompts the operator to input an authentication code set for the identified service is displayed. Processing such as generating data is performed.

  FIG. 12 shows an authentication code input screen. At the top of the screen, “Enter the authentication code for the following service correctly. If the entered authentication code and the authentication code that you originally set do not all match, the change is not allowed. Message is displayed. Below that, an authentication code input field for each service is displayed. In addition, a button labeled “OK” is displayed at the bottom of the screen. The operator of the mobile terminal inputs each character string set for each service into the input field while referring to the memo recorded at the time of the initial registration process. ”To display the cursor and select it.

The CPU 26 of the mobile terminal collates the input character string with the authentication information stored in the “authentication code” field of the terminal-side authentication code table 28t, and determines whether or not they all match. (S520).
If all or part of the authentication information does not match, the CPU 26 displays a message such as “authentication code setting change not allowed” on the liquid crystal display unit 24 (S530). Thereafter, the process returns to step 450 and the screen for waiting is displayed again.

On the other hand, when all the authentication information matches, the CPU 26 displays a setting change screen on the liquid crystal display unit 24 (S540).
FIG. 13 shows a setting change screen. In the upper part of the screen, “Authentication code setting status is as follows. To change, enter a new authentication code in the input field. To cancel the authentication code setting, click“ Reset ”. "please choose. Is displayed. Below that, a set of authentication codes that have been set, a button labeled “cancel settings”, and a new authentication code input field are displayed for each service. When the authentication code is not set, the text “FREE” is displayed. In addition, a button labeled “OK” is displayed at the bottom of the screen. Here, in FIG. 13, an authentication code corresponding to “browsing service” or the like is not displayed, but these can be displayed by scrolling the screen downward.

The operator of the mobile terminal inputs a character string arbitrarily selected as a new authentication code in the input field, or causes the “cancel setting” to display a cursor and selects it. Then, after such input or selection is repeated for each service displayed on the same screen, the cursor is displayed on “OK” to select it.
The CPU 26 updates the terminal side authentication code table 28t according to the input content of the setting change screen (S550). Specifically, the record associated with the service for which the character string has been entered on the setting change screen is identified, and the new authentication information is overwritten in the “authentication code” field of this record, while the “cancel setting” The record associated with the selected service is specified, and the process of overwriting the data “FREE” in the “authentication code” field of this record is performed.
After this processing, the processing after step 190 shown in FIG. 6 is executed, and the authentication information to be stored in the data storage module is transferred from the mobile terminal to the data storage module and stored in the EEPROM 48 of the module.

According to the embodiment described above, the mobile terminal acquires authentication information from the data storage module, and when the acquired authentication information matches the authentication information stored in its own terminal-side authentication code table 28t. To provide services. Therefore, even if the mobile terminal is lost or stolen, it is possible to avoid the risk of unauthorized use of this terminal by others.
In addition, a person who purchased a mobile terminal first performs initial setting and sets authentication information for each service unit individually. Only authentication information set for a service to be used is used for the mobile terminal. Recorded from the terminal to the data storage module. And after this initial setting, the services provided by the mobile terminal are limited to those in which the authentication information recorded on the data storage module side matches the authentication information preset on the mobile terminal side. The That is, the terminal performs authentication for each service provided. Therefore, the purchaser of the mobile terminal can keep the authentication information of the service that is not scheduled to be used for the time being in a secret state without recording it in the data recording module. Can be reliably avoided.
Further, in the present embodiment, the authentication information once set by the setting change process described above can be changed. Therefore, it is possible not only to change the character string once set as authentication information for a specific service to another character string, but also to newly set authentication information related to services for which authentication information was not set during the initial setting process. On the contrary, it is possible to freely perform the setting of authentication information for a specific service. In addition, it is possible to freely change which service authentication information is recorded in the data storage module and made available.

(B: Second embodiment)
In the first embodiment, when a mobile terminal is used, a data storage module in which authentication information for each service is recorded is attached, and the authentication information and the data storage module stored in the mobile terminal are installed. The service is provided only when the recorded authentication information matches.
In contrast, the present embodiment is configured to prompt the user to re-enter the PIN code every time a predetermined expiration date has passed. As a result, even when the mobile terminal is stolen while the data storage module is mounted, a situation in which the service by the mobile terminal is used without limitation is avoided.

  FIG. 14 is a block diagram showing a hardware configuration of the mobile terminal according to the present embodiment. The mobile terminal according to the present embodiment is different from the terminal shown in FIG. The timer unit T measures a preset time. The CPU 26 of the mobile terminal according to the present embodiment functions as an expiration date management unit. That is, the CPU 26 shown in FIG. 14 transmits to the timer unit T that the provision of the service is permitted, and when the notification that the predetermined period has elapsed from the transmission time is received from the timer unit T, the CPU 26 requests re-input of the PIN code. It has the function.

Next, the operation of this embodiment will be described. FIG. 15 is a flowchart showing the difference between the operation of the present embodiment and the operation of the first embodiment.
The CPU 26 of the mobile terminal that has recorded the flag in the “use permission flag” field in step 440 shown in FIG. 10 notifies the timer unit T that service provision has been permitted (S460). The timer unit T measures the presence / absence of a preset expiration date, and notifies the CPU 26 when the expiration date has passed (S470). Receiving the notification, the CPU 26 determines whether there is a job being executed at this time (S480). When there is a job being executed, the CPU 26 waits until the job is finished (S490). When the job being executed does not exist or when the job being executed has ended, the CPU 26 displays a message such as “The expiration date has passed. Please re-enter the PIN code” and the PIN code. The input field is displayed on the liquid crystal display unit 24 (S500). The operator who refers to the message inputs the PIN code in the input field. The CPU 26 of the mobile terminal collates the input PIN code with the PIN code acquired from the data storage module, and determines whether or not they match (S510).

When the two do not match, the CPU 26 displays a message such as “PIN code is different. Please input again” and an input field on the liquid crystal display unit (S520).
On the other hand, when both match, the CPU 26 displays the standby screen again on the liquid crystal display unit 24 (S530). As a result, the mobile terminal returns to a state where each service can be provided. Thereafter, the process returns to step 460, the fact that the provision of the service is permitted is transmitted from the CPU 26 to the timer unit T, and the processes of steps 470 to 530 are repeated again.

  According to the present embodiment described above, after the user authentication process is completed, the PIN code is requested to be re-input every time a predetermined validity period elapses, and the service is not provided unless the correct code is input. ing. Therefore, after the user authentication process is completed, even if the mobile terminal is lost with the data storage module attached, each service of the mobile terminal is used without restriction by others. Can be avoided.

(C: Modification)
Although the embodiments of the present invention have been described above, the present invention is not limited to such embodiments, and various modifications can be made within the scope of the technical idea. In addition, as a modification, the following can be considered, for example.

(C-1: Modification 1)
In the above embodiment, the authentication information once set cannot be changed unless the mobile terminal and the data storage module are mounted. On the other hand, the authentication code rewriting software may be installed in a personal computer having an interface with the data storage module, and the authentication information recorded in the data storage module may be rewritten by this personal computer.

(C-2: Modification 2)
In the second embodiment described above, when a mobile terminal with a data storage module attached is stolen by performing a process of requesting re-input of a PIN code every time a predetermined period elapses. I was trying to avoid unauthorized use. On the other hand, the timing for requesting the re-input of the PIN code may be determined based on the number of jobs executed instead of being determined based on the passage of time. For example, the CPU 26 of the mobile terminal that has stored the data in the “usage permission flag” field in step 440 shown in FIG. 6 executes the process of step 500 after completing the execution of five jobs, and the PIN code May be requested.

(C-3: Modification 3)
In the above embodiment, the services that can be restricted according to the storage contents of the data storage module are limited to the four services realized by the applications stored in the ROM 29 in advance. On the other hand, the use of an application acquired later from a remote server device via a network may be restricted according to the storage contents of the data storage module.
As such an application, there is a Java (registered trademark) application. A Java application is an application written in the Java programming language, and is used when a mobile terminal that implements a software group called a Java execution environment is downloaded from a server device on a network. The activation and termination of this application are controlled by a program called JAM (Java Application Manager) that constitutes the Java execution environment. Therefore, by operating the security management program 29a and the JAM in cooperation, a new record is provided in the authentication code table of the mobile terminal and the data storage module, and authentication information unique to the Java application is registered. It is also possible to limit the use of this Java application when the authentication information on the mobile terminal side matches the authentication information on the data storage module side.

(C-4: Modification 4)
In the above-described embodiment, a set including one mobile terminal and one data storage module is sold. However, one mobile terminal and a plurality of data storage modules may be sold as a set. . In this way, even when a member of a corporation or family uses a single mobile terminal, the service provided by the mobile terminal is restricted and operated for each member individually. It becomes possible.

(C-5: Modification 5)
In the above-described embodiment, the security management program 29a, the call application 29b, the address management application 29c, the mailer application 29d, and the browser application 29e are stored in the ROM 29 of the mobile terminal, and authentication for each service realized by each of these applications is performed. This was done based on the authentication information of the data storage module.
On the other hand, only a part of the service realized by each application may be individually authenticated by referring to the authentication information of the data storage module. For example, by registering a set of a specific telephone number and authentication information in the authentication code table, a call to this telephone number may be permitted by authentication information different from the authentication information of the call service itself. Alternatively, on the contrary, a response to an incoming call from a specific telephone number may be permitted by authentication information different from the authentication information of the call service itself.
Similarly, transmission of an e-mail addressed to a specific address or browsing of an e-mail received from a specific address may be permitted by authentication information different from the mail service itself.

It is a hardware block diagram of a mobile terminal. It is a data structure figure of a terminal side authentication code table. It is a hardware block diagram of a data storage module. It is a conceptual diagram which shows the memory space of EEPROM. It is a data structure figure of a module side authentication code table. It is a flowchart which shows an initial setting process. It is a service selection screen. It is an authentication code setting screen. It is an authentication code presentation screen. It is a flowchart which shows a user authentication process. It is a flowchart which shows a setting change process. It is an authentication code input screen. It is a setting change screen. It is a hardware block diagram of a mobile terminal. It is a flowchart which shows operation | movement of 2nd Embodiment.

Explanation of symbols

20: Wireless communication unit, 21: Sound generation unit, 22: Sound collection unit, 23: Input unit, 24: Liquid crystal display unit, 25: Module interface unit, 26, 46: CPU, 27, 47: RAM, 28: Flash memory 28t: Terminal side authentication code table, 29, 49: ROM, 29a: Security management program, 29b: Call application, 29c: Address management application, 29d: Mailer application, 29e: Browser application, 45: External interface unit, 48: EEPROM, 48t: Module side authentication code table

Claims (2)

A mobile terminal with a removable data storage module,
Storage means for storing authentication information preset for each service realized by the hardware of the terminal in association with a service identifier indicating each of these services;
Obtaining means for obtaining each set of service identifiers and authentication information associated therewith from the attached data storage module;
The authentication information stored in association with each service identifier in the storage means is compared with the authentication information acquired by the acquisition means in association with each service identifier, and the authentication information is determined to match. A means of allowing the provision of the service;
A mobile terminal comprising: A mounting process in which the mobile terminal mounts the data storage module;
A request process in which the mobile terminal requests the attached data storage module to deliver authentication information of each service realized by hardware of the terminal; and
A data storage module, a delivery process in which each set of service identifier indicating service and authentication information of this service is read from its own storage means and delivered to the mobile terminal;
The mobile terminal collates authentication information stored in association with each service identifier in its storage means with authentication information acquired in association with each service identifier in the delivery process, and A determination process for permitting the provision of the service determined to match the information;
A security management method.

Images