KR20150045053A - Method for application control and control system thereof - Google Patents
Method for application control and control system thereof Download PDFInfo
- Publication number
- KR20150045053A KR20150045053A KR20130124209A KR20130124209A KR20150045053A KR 20150045053 A KR20150045053 A KR 20150045053A KR 20130124209 A KR20130124209 A KR 20130124209A KR 20130124209 A KR20130124209 A KR 20130124209A KR 20150045053 A KR20150045053 A KR 20150045053A
- Authority
- KR
- South Korea
- Prior art keywords
- application
- control system
- data processing
- processing apparatus
- control
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Stored Programmes (AREA)
Abstract
Description
The present invention relates to an application control method and a control system. And more particularly, to a method and system for efficiently and securely controlling an executed application even after an application is executed.
The need for execution control for applications executable on data processing devices (e.g., smart phones, tablet PCs, computers, etc.) is well known. Execution control is particularly necessary to prevent an unauthorized user from obtaining information or performing certain data processing in an unauthorized way through the application.
In the conventional method of execution control, a method is generally used in which an application executes an authentication function by itself and is executed when an input is inputted by a user (for example, input of a password). This method will be briefly described with reference to FIG.
1A shows a method of performing execution control of an application by authentication or approval through a server, which is conventionally used conventionally. 1A, when an execution request of a predetermined application is input from a user (S10), the application communicates with a predetermined server to transmit predetermined information (e.g., login information, terminal identification information, application serial number, etc.) And is approved by the server (S11). If the server approves, an approval signal may be transmitted to the application to allow the application to execute normally (S12).
An example of this is disclosed in Korean Patent Application No. 10-2011-0089111, "Method and Apparatus for Controlling Application Execution for Smart Phone ". However, such a conventional technology has a problem that a server must exist separately for execution control of an application. Particularly, in the case of an application which is executed only in the data processing apparatus without the need to perform communication with the server, there is a problem that execution control can not be performed by such conventional technology.
On the other hand, another conventional technique is shown in Fig. 1B. FIG. 1B shows a case where a control application that performs execution control detects an execution request of a specific application (S20), and when an execution request of the specific application is detected, requests inputting preset approval information (e.g., password, (S21). Then, it is determined whether the approval information input by the user corresponds to the preset approval information (S23), and if so, the execution of the specific application is allowed normally (S23). This type of execution control is widely adopted in application execution control applications that can be downloaded from an app store (e.g., Google play, Apple app store, etc.) that can currently download applications executable on a smart phone.
However, the method of FIG. 1B has a problem that anyone who knows the approval information can receive approval.
In addition, a notification message requesting input of preset approval information is displayed, so that the user is informed that the corresponding application can be executed by inputting approval information. That is, it is possible for anyone to know that it is necessary to input approval information in order to normally use the application. Therefore, if the user is under coercion or threat to another person, it may be forced to input the approval information, so that the execution control through the approval information may be practically useless.
In order to stop the execution of a specific application, the control application must always monitor whether or not the application is executed. In this case, all the execution requests (for example, I / O) input to the data processing apparatus are monitored or hooked hooking), so it consumes too much resources. Particularly, in the case of a mobile data processing apparatus such as a smart phone, such a resource has a problem that consumes a lot of power.
Therefore, a technical idea that can control the execution of another application executed in a predetermined data processing apparatus, and that can perform execution control with a high security level is required.
SUMMARY OF THE INVENTION The present invention has been made in an effort to solve the above technical problems, and it is an object of the present invention to provide a method and apparatus for controlling execution of a target application, And to provide a method and system for performing execution control of an application.
It is also possible to perform execution control of the target application through the presence or absence of an apparatus independent of the data processing apparatus (for example, a short-range wireless communication apparatus), rather than execution control through preset approval information (for example, password or pattern or gesture) Thereby enabling effective execution control even when the approval information is exposed.
In addition, even when a device independent of the data processing device (e.g., a short-range wireless communication device) is not possessed, a legitimate user can use the data processing device normally (i.e., The present invention provides a method and system for enabling a high security dynamic password to be used in order to provide a secure password.
There is also provided a method and system for enabling a control application to be seen as if it were running by making the control display have transparent properties when loaded on the run screen of the target application to control the execution of the target application will be.
An application control method according to an aspect of the present invention includes a step of executing a predetermined application in a data processing apparatus, a step of determining whether or not to stop the application in which a control system running in the data processing apparatus is executed, Determining whether an authentication action is performed to cause the control system to continue execution of the application; and if it is determined that the authentication action has been performed, And releasing the execution of the application.
Wherein the step of determining whether the control system is to suspend an application running on the data processing apparatus comprises the steps of the control system confirming a top priority operation of a running work list held in the data processing apparatus, And if the application is a preset target application, determining that the control system is an application to stop the application.
Wherein the application control method further comprises the step of setting the target application to be controlled by the control system, wherein the target application is an application that is installed in the data processing apparatus, different from the control application corresponding to the control system, .
The step of stopping the application by the control system may include the step of causing the control system to execute a predetermined stop process at a higher priority than the application in the data processing apparatus to stop the application.
The predetermined stopping process may be performed such that a predetermined control display is loaded at the top of a display device provided in the data processing apparatus.
The control display may be a display having a transparent property.
Wherein the step of determining whether an authentication action for continuing execution of the application is performed by the control system may include determining whether the short range wireless communication apparatus set to correspond to the application and the data processing apparatus are performing short range wireless communication have.
The application control method further comprises the step of the control system setting up a master short range wireless communication apparatus to be associated with the control system, wherein the master short range wireless communication apparatus comprises: And is set as a short-range wireless communication device corresponding to at least one application.
The application control method further comprises a step of setting the application, which is the target application to be controlled by the control system, by the control system, and setting a short range wireless communication device corresponding to the application set as the target application, May be a device different from the second short range wireless communication device corresponding to another application set as the target application by the control system.
Wherein the step of determining whether the control system is performing an authentication action to continue execution of the application comprises determining that the authentication information input from the user corresponds to a dynamic password, And a dynamic part specified based on usage history information that is changed in accordance with a use history of the processing apparatus.
A method for solving the above technical problem is characterized in that the control system executing in the data processing apparatus confirms the highest priority task of the running task list held in the data processing apparatus, , The control system loading a predetermined control display to the top display of the data processing apparatus, the control system determining whether an authentication action to continue execution of the application is performed, And if the action is determined to have been performed, the control system may unload the control display.
The application control method may be stored in a computer-readable recording medium on which the program is recorded.
According to another aspect of the present invention, there is provided a control system for executing a predetermined application in a data processing apparatus, the control system comprising: a determination module for determining whether to stop the executed application; A control module for suspending the application, and an authentication module for determining whether an authentication action for continuing execution of the suspended application is performed, wherein if it is determined that the authentication action is performed by the authentication module, The control module releases the execution of the application.
The determination module may determine the highest priority task of the running task list held in the data processing apparatus and may determine that the application is the application to stop the application if the application is the priority task and the application is a preset target application .
Wherein the control system further includes a setting module for setting a target application to be controlled by the control system, wherein the target application set by the setting module is a program that is installed in the control system And is an application different from the corresponding control application.
The control module may cause the data processing apparatus to execute a preset stop process in order of priority in order to stop the application.
The predetermined stopping process may be performed such that a predetermined control display is loaded at the top of a display device provided in the data processing apparatus.
The authentication module may determine whether the short range wireless communication device set to correspond to the application and the data processing device are performing short range wireless communication.
Wherein the control system further comprises a setting module for setting a master short-range wireless communication device to be associated with the control system, wherein the master short-range wireless communication device set by the setting module is configured by the control system, And a short-range wireless communication device corresponding to at least one application including the at least one application.
Wherein the control system further comprises a setting module configured to set the application as a target application to be controlled by the control system and to set a short range wireless communication device corresponding to the application set as a target application, The short range wireless communication device corresponding to the application may be different from the second short range wireless communication device corresponding to another application set as the target application by the control system.
Wherein the authentication module determines whether authentication information input from a user corresponds to a dynamic password in a state where the application is suspended and the dynamic password is specified based on usage history information that is changed according to a usage history of the data processing apparatus And may include a dynamic part.
A determination module for confirming a top priority task of a running task list held in a data processing apparatus to solve the technical problem; and a control module for, when the priority task identified by the determination module is a preset target application, A control module for loading the data into the uppermost display of the data processing apparatus, and an authentication module for determining whether an authentication action for continuing execution of the application is performed in a state that the application is stopped, If it is determined by the authentication module that the authentication action has been performed, the control display may be unloaded.
According to the technical idea of the present invention, the execution control of the target application is performed simply by stopping the execution of the executed target application while permitting the execution, rather than controlling the execution of the target application to be execution control itself There is an effect that can be done. Particularly, when the execution of the target application is stopped after the execution of the target application, the execution control can be performed even when the execution of the target application is not terminated and is reused, so that the security can be further enhanced.
In addition, there is no need to monitor all execution requests in order to prevent the execution of the target application, which is the object of execution control, so that consumption of resources and power can be remarkably reduced.
Further, there is an effect that the execution of the target application can be simply stopped by activating, i.e., loading, the control display with higher priority than the target application in order to stop the execution of the target application.
In addition, by loading the control display having the transparent property on the screen on which the execution screen of the target application is displayed, it is possible to prevent the other person from recognizing the reason why the execution of the target application is not normally performed.
Further, even when the approval information (for example, a password or a pattern) is exposed, the target application can be prevented from being normally used without occupation of a predetermined short range wireless communication device, Can be provided.
In addition, even when a device independent of the data processing device (e.g., a short-range wireless communication device) is not possessed, a legitimate user can use the data processing device normally (i.e., Authentication can be performed using a dynamic password in order to increase security and convenience.
BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
FIG. 1 is a diagram for schematically explaining a method of performing a conventional execution control.
2 is a diagram showing a schematic configuration of a control system according to an embodiment of the present invention.
FIG. 3 shows a flowchart for schematically explaining an application control method according to an embodiment of the present invention.
4 is a diagram for explaining a method for determining whether to stop execution of a predetermined application according to an application control method according to an embodiment of the present invention.
5 is a diagram illustrating a process of setting a target application according to an embodiment of the present invention.
6 is a diagram for explaining a process of controlling the execution of a target application according to an embodiment of the present invention.
7 to 8 are diagrams for explaining a method of performing execution control using a control display according to an embodiment of the present invention.
9 is a diagram for describing an authentication action for continuing execution of a suspended application according to an embodiment of the present invention.
10 to 11 are diagrams for explaining the concept of a dynamic password according to an embodiment of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.
In this specification, the terms "comprises" or "having" and the like refer to the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, But do not preclude the presence or addition of features, numbers, steps, operations, components, parts, or combinations thereof.
Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.
Hereinafter, the present invention will be described in detail with reference to the embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
2 is a diagram showing a schematic configuration of a control system according to an embodiment of the present invention.
Referring to FIG. 2, a
The
The
The target application may mean an application whose execution is controlled according to the technical idea of the present invention. The target application may be all applications installed in the data processing apparatus, or may be some applications. The
The term " controlling execution " in the present invention does not mean that the execution itself is not performed as described above. Instead of executing the execution itself, The execution control of all types that prevent the use of the execution control.
According to one embodiment, the
For example, the
The fact that the control display is loaded may mean activating the control display such that the control display is displayed at the highest level of the data processing apparatus. The data processing device may be configured to pause or pause a currently running process (a process executing the target application) or an application when another process (e.g., the process of displaying the control display) or another application is activated with a high priority ). ≪ / RTI > For example, in the case of the Android (OS) OS or iOS (TM), if a process or another application is executed with a higher priority (or activation) while a specific process or a specific application is being executed, May not be executed in the background but may be suspended. Therefore, when the
According to an embodiment, the
According to the embodiment, even if an event (for example, execution of a specific function or the target application accesses specific data or a specific file) occurring in the target application during execution of the target application, You can judge. For example, when an application (i.e., a target application) capable of loading various data or files such as a gallery is executed and the app plays (accesses) general data or files, it is not controlled by the
Depending on the implementation, the execution control according to the technical idea of the present invention may be performed according to the request of the user. For example, when the user wants to stop execution of the target application for a while while using the target application, when the
According to one embodiment of the present invention, the
In order to set the display attribute of the control display to be transparent, it may be possible to adjust the so-called alpha value of the display attribute of the object called the control display. Herein, the fact that a certain object (e.g., the control display) has a transparent property does not necessarily mean that it is set to be completely transparent, such that the alpha value is set to zero. That is, even if at least the control display is displayed on a higher layer than the screen of the currently displayed target application, transparency of a certain level or more (that is, a transparency that allows the screen of the target application to be recognized as being continuously displayed The control display can also be expressed as transparent.
As described above, according to the technical idea of the present invention, a control display having a transparent property is displayed on an upper layer than an execution screen of a target application, so that a person who is not aware of execution control of the target application secretly executes Control can be performed.
Meanwhile, according to another embodiment of the present invention, the control display may not have a transparency attribute. Even in such a case, the technical idea of the present invention can still be effective. Further, all kinds of possible methods for stopping the execution of the target application can be applied to the technical idea of the present invention. In any case, after the target application is stopped by the technical idea of the present invention, the
The authentication action according to the technical idea of the present invention is also different from the authentication using the existing simple approval information (for example, a password, a secret pattern, a gesture, etc.), and the authentication is simple due to such differentiated features, Relatively high authentication can be performed. An example of such an authentication action will be described later.
The
In this specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware. Can be easily deduced to the average expert in the field of < / RTI >
The
The
After the execution of the target application is stopped, the
The
The
The process of setting the target application by the
FIG. 5 is a diagram for explaining a process of setting a target application according to an embodiment of the present invention. Referring to FIG. 5, the
In addition, the
Meanwhile, the
The short-range wireless communication device can be used for the authentication action required to cancel the execution of the stopped target application, i.e., to continue execution of the target application.
When the execution of a predetermined target application is stopped, the user can perform an authentication action for short-range wireless communication with the data processing apparatus by the short range wireless communication apparatus corresponding to the target application. Then, the execution of the target application can be released. If the master short-range wireless communication apparatus is set, the execution stop of the target application may be canceled even if the master short-range wireless communication is performed in short-range wireless communication with the data processing apparatus.
Of course, the master short-range wireless communication device is set, and at least one specific target application among the target applications whose execution is controlled by the
Since the short-range wireless communication device corresponding to the entirety of the target applications as well as the target applications can be set individually corresponding to the target applications, the user can set the own The desired short range wireless communication device can be set differently. This allows higher security to be provided.
The
The
The application control method of the present invention implemented by the
FIG. 3 shows a flowchart for schematically explaining an application control method according to an embodiment of the present invention. 4 is a diagram for explaining a method for determining whether to stop execution of a predetermined application according to an application control method according to an embodiment of the present invention.
2 and 3, when the predetermined application is executed in the data processing apparatus (S100), the
If it is determined that the application should be suspended, the
Then, the
If the
The
In addition, according to one embodiment, the process of determining whether to stop execution of the application by the
Referring to FIGS. 2 and 4, the
Then, the
For example, assuming that the user executes a predetermined application, the OS of the data processing apparatus places the application in the top priority task of the running work in response to the execution request of the user's application. The running work list may be, for example, a system configuration of an OS having a stack structure. Therefore, the job listed later in the work list may be executed first. For example, in the Android OS, the execution-in-progress list can be confirmed through a predetermined function in the system class.
Accordingly, the
Meanwhile, when the execution of the target application executed in the data processing apparatus is controlled by monitoring the highest priority task of the task list during execution, the target application is not only executed when the target application is executed for the first time, There is a significant advantageous effect that execution can be controlled even if it is aborted and reused. This is because, if the usage is stopped and reused by the user, there is a possibility that the user will be reused by a user other than the user who was originally authenticated and used.
This technical idea is shown in Fig.
6 is a diagram for explaining a process of controlling the execution of a target application according to an embodiment of the present invention.
Referring to FIG. 6, the work list of the data processing apparatus may include a work list as shown in FIG. In this situation, a predetermined application (e.g., application C) may be executed by the user. Then, the data processing apparatus can include the identification information of the C as the top priority task of the running work list while executing the C.
The
The execution request of the application D can then be input by the user. Of course, a predetermined process or operation (e.g., a process corresponding to the home button input of the Android OS, etc.) may be executed while C is being executed and the execution request of the D is input. Then, the data processing apparatus can include the identification information of the D in the highest priority work of the running work list while executing the D.
The
The
When the stop process is executed, the
If it is determined by the
If D is again the top priority task, the data processing device may resume execution of D that was stopped. Then, the user can input a request to the data processing apparatus to call the home screen. In this embodiment, the home screen is called. However, it can be understood that the same result can be obtained even when various applications or processes are called in place of the home screen, Can easily be deduced.
Then, the data processing apparatus can include the process of executing the home screen in the top priority task of the running work list while calling the home screen. Then, when the user makes a request to call D again, D is again the highest priority operation.
Since the
Since D is the target application, the
That is, as in the technical idea of the present invention, it is possible to easily perform execution control on a target application by monitoring only the highest priority task of the task list during execution without monitoring all requests input to the data processing apparatus. There is also a significant effect that execution can be controlled not only when execution is requested, but also when the target application is reused, as described in Figure 6.
Referring back to FIG. 2, when the
According to one embodiment, the stopping process may be to load the control display according to the technical idea of the present invention at the highest level of the display device.
The time at which the control display is loaded and the time at which the execution of the target application is stopped may not necessarily be the same. That is, even if the control display is loaded, the target application may be implemented to perform certain data processing and stop. In any case, the target application may be stopped as soon as the control display is loaded or after a certain point in time.
If the
After the target application is executed, the
If it is determined that the execution control is to be performed by the
In order for the
The control display may have a size corresponding to a full size of a display device (e.g., a touch screen) of the data processing device, or may have a size corresponding to a part of the display device.
In addition, the control display may or may not include an input object capable of receiving an input signal from a user via a display device (e.g., a touch screen). If no input object is included in the control display, a predetermined input object (for example, a button, a text or a numeric character) is displayed on the screen of the user before the control display is loaded , Etc.), the data processing device may not respond to any touch signal. This is because the touch signal is input to the process corresponding to the control display because there is no input object to handle the touch signal input to the control display.
According to another embodiment, the control display may comprise a predetermined input object. At this time, the input object may also be transparent so as not to be visually perceived by the user. At this time, only a user who knows the existence of the input object can correctly select (e.g., touch) at least one input object included in the control display. Therefore, it is possible to secretly input, via the control display, predetermined information for unloading the control display and for continuing execution of the target application again.
In any case, when the control display is loaded, the input signal input by the user becomes the input signal of the process corresponding to the control display, so that the user can control the target application I will not.
Of course, the control display may also display UI or guidance information that the user can visually confirm. The guide information may be, for example, information for guiding the user to perform a preset authentication action.
The
For example, when no input object is included in the control display, since no signal or information can be input to the touch screen of the data processing apparatus, (E.g., an NFC chip, a camera module, or a biometric information recognition module, etc.) provided in the apparatus. According to an embodiment of the present invention, the authentication action may be an action in which the data processing apparatus performs near field wireless communication (e.g., NFC communication, etc.) with a predetermined local wireless communication apparatus (e.g., IC card or the like). Alternatively, it may be an action for controlling the camera module in a predetermined manner. In any case, a predetermined action using a predetermined device provided in the data processing apparatus, not through the touch screen, may be the authentication action. In this case, it can be verified that the user possesses the data processing apparatus and the predetermined apparatus (e.g., a short-range wireless communication apparatus), thereby further increasing the security.
Of course, in the case where the data processing apparatus is provided with a biometric information recognition module which is a means capable of recognizing biometric information (e.g., fingerprint, iris, etc.), the authentication action is performed by the user through the biometric information recognition module, It may be an action to authenticate information. To this end, the
According to another embodiment, the authentication action may be whether predetermined information is input in advance. The information may be input through a touch screen provided in the data processing apparatus. When the data processing apparatus is provided with an input device (e.g., a keypad, a keyboard, etc.) separate from the touch screen, May be input. If a separate input device other than the touch screen is not provided in the data processing device, an input object capable of inputting the information (for example, an input UI for inputting a predetermined button or a pattern, etc.) is included in the control display . At this time, the input object may or may not have a transparent property. When the input object has a transparent property, the user must input necessary information (for example, a password or a secret pattern) through an input object that can not be visually confirmed, so that the user can use the target application normally.
Meanwhile, the authentication action may be an action in which a dynamic password according to the technical idea of the present invention is input to the data processing apparatus. The dynamic password may be a password that changes depending on the situation, unlike a conventional static password. In particular, the dynamic password may be a password that can be known only by having a specific terminal. An example of such a dynamic password will be described later with reference to FIG. 10 to FIG.
The
7 to 8 are diagrams for explaining a method of performing execution control using a control display according to an embodiment of the present invention.
7, the
7 shows a case where the
According to the technical idea of the present invention, the
In other words, only a user who knows in advance that the target application is performing the execution control according to the technical idea of the present invention needs to perform predetermined authentication actions (for example, short-range wireless communication with the short- (E.g., tagging) or inputting predetermined approval information (e.g., a password or secret pattern, etc.). Also, a user who does not know that the execution control is being executed will see only a screen that is stopped when the target application is executed, and will be perceived as an error or a malfunction, so that the user can not normally use the target application. In addition, since the
8, the
8 shows an example in which the input object is implemented as an input button for inputting numbers from 1 to 9. However, various objects such as a pattern input UI for inputting a preset pattern by a user may be displayed on the control display (10) and can be displayed transparently.
If the user has set the password "1234 " in order to normally use the target application, for example, the user can press the
The
Although FIG. 8 shows an example in which the number buttons are sequentially arranged in the order of numbers, it goes without saying that they can be displayed in a non-sequential manner or in various ways.
9 is a diagram for describing an authentication action for continuing execution of a suspended application according to an embodiment of the present invention.
Referring to FIG. 9, the
If a legitimate user appears to have stopped the target application, the legitimate user recognizes that the target application is under execution control according to the technical idea of the present invention, and performs authentication action (for example, predetermined short range wireless communication device 2) (E.g., tagging) with the
In the case where the execution control of the target application is controlled using the short-range
On the other hand, when the target application is suspended during execution, the person who intends to use the
According to another embodiment, the authentication action may be an action that receives a dynamic password. Such an example is shown in Figs. 10 and 11. Fig.
10 to 11 are diagrams for explaining the concept of a dynamic password according to an embodiment of the present invention.
Referring to FIGS. 10 to 11, the
The dynamic password may be a password that can be automatically changed by various factors such as time or place without change by the user. The password may be implemented as a series of strings including numbers, letters, symbols, and the like.
The dynamic password may include a dynamic part, and may further include a user part. The user part may refer to a portion of the dynamic password set by the user, and the user part may also include at least one number, letter, or symbol. By this user part, the dynamic password has user dependency. That is, it is determined by the user and can be determined differently for each user.
The dynamic part may be information that can be changed dynamically by various factors, and the dynamic part may also include at least one number, letter, or symbol. According to the technical idea of the present invention, the dynamic part has a dependency on a predetermined terminal (for example, the data processing apparatus). That is, it is determined by the terminal, and may be determined differently for each user terminal. Further, the dynamic part can be determined depending on the inherent function of the terminal. That is, instead of using a separate device or algorithm to generate a password (or a part of a password) that is dynamically changed, such as a conventional OTP, a user terminal (e.g., a separate (E.g., communication history, application information, address book information, and the like) corresponding to the use history, information stored in the terminal when the communication device is used according to the purpose. Therefore, according to the technical idea of the present invention, even if a dynamic password (or one-time password) generation device or algorithm which is treated to be extremely secure and which requires a considerable cost to use a device or algorithm is not provided, It is possible to provide a technical idea that can perform the same or similar function as a conventional dynamic password (or one-time password) generating apparatus using only a terminal (for example, a user's mobile phone).
Further, according to the technical idea of the present invention, since the dynamic part can be determined based on the usage history in which the terminal (for example, the data processing apparatus or the other data processing apparatus) is used, the dynamic part has dependency on the user terminal do.
The
The
In addition, the
According to the technical idea of the present invention, the usage history information may also be a plurality of types. When the data processing apparatus is used for a specific purpose, the usage history information may be changed according to usage patterns. Also, the usage history information may be changed according to an embodiment of the data processing apparatus, that is, the type of the user terminal. Although the mobile phone is described as an example of the data processing apparatus in the present specification, it can easily be deduced that the average expert in the technical field of the present invention can easily deduce that the implementation examples of the usage history information can also be varied according to the embodiment of the data processing apparatus will be.
When the data processing apparatus is a mobile phone (for example, a feature phone, a smart phone, or the like), the use history information includes a communication history (e.g., call history, message transmission / reception history, A list of applications, etc.), an address book, and the like. That is, the communication history, the application installation or use history, the address book, and the like can be personalized according to the mode or history in which the user uses the data processing apparatus. Therefore, if the use history information does not occupy the data processing apparatus, it may be unknown information even if it is a legitimate user. Of course, the other person can not know the dynamic part specified by a predetermined rule among the use history information. Even if a predetermined rule is known, the dynamic part can not be known unless the data processing apparatus is occupied. Therefore, when the dynamic part is extracted from the use history information, the authenticated user through the dynamic password including the dynamic part can be regarded as occupying the data processing apparatus.
Also, the
The
The
In addition, the
As a result, according to the technical idea of the present invention, the dynamic password can be changed according to various factors, thereby increasing security. For example, the use history information is information that is changed depending on the use of the data processing apparatus, and the rule for extracting the dynamic part and / or the type of usage history information may be changed according to a separate parameter (e.g., time or place) have. Information on how to dynamically change the type of the rule and / or use history information may also be stored in the
The
Also, the
When the predetermined target application is stopped, the
For example, as shown in FIG. 10, the
The
FIG. 10 shows a case where call history (communication history) or in-use application information is displayed as use history information as usage history information.
The user can directly extract a dynamic part from the information displayed in the
On the other hand, a rule for extracting a dynamic part from use history information or a concept used for selectively extracting a dynamic part from a plurality of types of usage history information will be described with reference to FIG.
10 and 11, the user part is information specified by the user and may be, for example, "ABC ".
Also, if communication history (history of telephone or message, or recent reception history, call history, or the like) among the use history information shown in FIG. 10 is selected as a domain from which dynamic parts are extracted, (For example, 010-123-4567, 02-345-6789, 010-456-7890, etc.) included in the communication history (e.g., the identification information of the counterpart terminal, for example) 1 < / RTI > condition based on the identification information of the communication target. For example, the condition is a rule for extracting the identification information of the most recent communication object (010-123-4567), the host communication object (02-345-6789), or the latest communication object (010-456-7890) . Further, the rule may specify the whole of the communication object identification information (for example, 010-123-4567) as a dynamic part, but it is also possible to extract the dynamic part from the identification information of the communication object extracted by the first condition The second condition may be satisfied. For example, the second condition may be a condition for extracting the last four digits (e.g., 4567), or a condition for extracting the fourth digit (e.g., 456) from the second digit from the end.
In this way, if the rule is applied that the last four digits are extracted as dynamic parts from the identification information of the most recent communication object (e.g., 010-123-4567), the dynamic part may be "4567" . Further, if the rule is such that the rule that the last four digits are extracted as the dynamic part from the identification information of the communication target (for example, 02-345-6789) of the customer is applied, the dynamic part may be "6789 ".
Further, even when the use history information is selected as the information of the in-use application, the rule may be any one of the information of the in-use application including the identification information of the plurality of applications such as the most recently executed application, Lt; RTI ID = 0.0 > identity < / RTI > Further, the identification information of the specified application itself may be used as a dynamic part, or a condition for selecting a part of letters, numbers, or symbols may be further included. For example, when the rule that the three characters preceding the identification information of the application executed in the car charger is extracted as a dynamic part is applied, the dynamic part can be extracted as "bcd ".
It is noted that various rules can be set, and such rules can also be dynamically changed according to a predetermined criterion.
On the other hand, if the user part and the dynamic part are determined, the
According to one example, when the user part is "ABC " and the dynamic part is" 4567 ", the
Also, the method of generating (or combining) the dynamic password using the user part or the dynamic part is not fixed to any one, but may be changed dynamically.
Of course, the dynamic password may further include information determined in a predetermined manner in addition to the user part and the dynamic part according to the technical idea of the present invention.
In any case, the dynamic part can be determined based on usage history information that is changed according to the fact of use or usage of the data processing apparatus, and thereby, a dynamic password (a one-time password) Can be generated. Further, there is an effect that the occupation of the data processing apparatus is authenticated by extracting the dynamic part from the use history information.
The
Meanwhile, the application control method according to the embodiment of the present invention can be implemented in the form of program instructions readable by a computer and stored in a computer-readable recording medium. The control program and the target program according to the embodiment of the present invention And can be stored in a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.
Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of software.
Examples of the computer-readable recording medium include magnetic media such as a hard disk, a floppy disk and a magnetic tape, optical media such as CD-ROM and DVD, a floptical disk, And hardware devices that are specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like. The above-mentioned medium may also be a transmission medium such as a light or metal wire, wave guide, etc., including a carrier wave for transmitting a signal designating a program command, a data structure and the like. The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner.
Examples of program instructions include machine language code such as those produced by a compiler, as well as devices for processing information electronically using an interpreter or the like, for example, a high-level language code that can be executed by a computer.
The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
It is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. .
Claims (22)
Determining whether to stop the application in which the control system running in the data processing apparatus is executed;
Stopping the application based on a result of the determination;
Determining whether an authentication action is to be performed by the control system to continue execution of the application; And
And when the determination result indicates that the authentication action has been performed, the control system releases the execution of the application.
Confirming the highest priority task of the running task list held in the data processing apparatus by the control system;
And determining, by the control system, that the application is to be stopped if the application is the highest priority task and the application is a preset target application.
Further comprising the step of the control system setting a target application to be controlled,
Wherein the target application is an application that is installed in the data processing apparatus and is different from a control application corresponding to the control system.
And causing the control system to execute a predefined stopping process in the data processing apparatus in priority order than the application, in order to stop the application.
Wherein the predetermined control display is loaded at the top of the display device provided in the data processing apparatus.
Wherein the display is a display having transparent properties.
And determining whether the short range wireless communication apparatus and the data processing apparatus, which are set to correspond to the application, perform short range wireless communication.
Further comprising the step of the control system setting up a master short range wireless communication apparatus to be associated with the control system,
Wherein the master short-
And a short range wireless communication device corresponding to at least one application including the application set as a target application by the control system.
The control system being configured to set the application as a target application to be controlled by the control system; And
Further comprising setting a short range wireless communication device corresponding to the application set as the target application,
Wherein the short range wireless communication apparatus corresponding to the application comprises:
Wherein the control unit can be a device different from the second short range wireless communication apparatus corresponding to another application set as the target application by the control system.
Wherein the control system determines whether authentication information input from a user corresponds to a dynamic password,
Wherein the dynamic password includes a dynamic part specified based on usage history information that is changed according to a use history of the data processing apparatus.
Loading the control display into the top display of the data processing apparatus when the control system is in a state in which the priority task is a preset target application;
Determining whether an authentication action is to be performed by the control system to continue execution of the application; And
And when the determination result indicates that the authentication action has been performed, the control system unloads the control display.
A determination module for determining whether to stop the executed application when a predetermined application is executed in the data processing apparatus;
A control module for stopping the application based on a determination result of the determination module; And
And an authentication module for determining whether an authentication action to continue execution of the stopped application is performed,
And the control module releases the execution of the application if it is determined by the authentication module that the authentication action has been performed.
Confirms the highest priority task of the running task list held in the data processing apparatus, and judges that the application is the application to stop if the application is the highest priority task and the application is a preset target application.
Further comprising a setting module for setting a target application to be controlled by the control system,
Wherein the target application, which is set by the setting module,
The control application being different from a control application corresponding to the control system installed in the data processing apparatus.
And a predetermined stop process that is set in advance is executed in the data processing apparatus in order of priority to stop the application.
Wherein the predetermined control display is loaded at the top of the display device provided in the data processing apparatus.
And a short-range wireless communication device set to correspond to the application and the data processing device determine whether short-range wireless communication is to be performed.
Further comprising a setting module configured to set a master short-range wireless communication apparatus to be compatible with the control system,
The master short-range wireless communication apparatus set by the setting module,
And a short range wireless communication device corresponding to at least one application including the application, which is set by the control system as a target application.
Further comprising a setting module that sets the application as a target application to be controlled by the control system and sets a short range wireless communication device corresponding to the application set as a target application,
The short range wireless communication apparatus corresponding to the application set by the setting module,
Wherein the control unit can be a device different from the second short range wireless communication apparatus corresponding to another application set as the target application by the control system.
Determining whether authentication information input from a user corresponds to a dynamic password in a state where the application is stopped,
Wherein the dynamic password includes a dynamic part specified based on usage history information that is changed according to a usage history of the data processing apparatus.
A control module for loading a preset control display into the top display of the data processing apparatus when the priority task identified by the determination module is a preset target application; And
And an authentication module for, when the application is stopped, determining whether an authentication action for continuing execution of the application is performed,
The control module includes:
And to unload the control display if it is determined by the authentication module that the authentication action has been performed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130124209A KR20150045053A (en) | 2013-10-17 | 2013-10-17 | Method for application control and control system thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130124209A KR20150045053A (en) | 2013-10-17 | 2013-10-17 | Method for application control and control system thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150045053A true KR20150045053A (en) | 2015-04-28 |
Family
ID=53037115
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR20130124209A KR20150045053A (en) | 2013-10-17 | 2013-10-17 | Method for application control and control system thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150045053A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210281423A1 (en) * | 2020-03-09 | 2021-09-09 | Kabushiki Kaisha Toshiba | Information processing device |
-
2013
- 2013-10-17 KR KR20130124209A patent/KR20150045053A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210281423A1 (en) * | 2020-03-09 | 2021-09-09 | Kabushiki Kaisha Toshiba | Information processing device |
US11888990B2 (en) * | 2020-03-09 | 2024-01-30 | Kabushiki Kaisha Toshiba | Information processing device controlling analysis of a program being executed based on a result of verification of an analysis program |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11637824B2 (en) | Multi-factor authentication devices | |
EP2809046B1 (en) | Associating distinct security modes with distinct wireless authenticators | |
US9762573B2 (en) | Biometric framework allowing independent application control | |
KR101552587B1 (en) | Location-based access control for portable electronic device | |
US10432620B2 (en) | Biometric authentication | |
EP3882800B1 (en) | Methods and apparatus to monitor permission-controlled hidden sensitive application behavior at run-time | |
EP2437198B1 (en) | Secure PIN reset process | |
CN105574723A (en) | Information security processing method and security processing apparatus | |
US20240169344A1 (en) | System, method, and computer-accessible medium for blocking malicious emv transactions | |
JP6408969B2 (en) | Mobile device, method for facilitating transactions, computer program and product | |
KR101584218B1 (en) | Method for application control and control system thereof | |
KR20150099697A (en) | Method for application control and control system thereof | |
KR20150045053A (en) | Method for application control and control system thereof | |
EP3125183A1 (en) | Methods and systems for financial account access management | |
KR101569045B1 (en) | Method and system for application control | |
KR101512987B1 (en) | System for controlling user terminal usage and providing method thereof | |
KR101385723B1 (en) | Digital system having financial transaction function, pair system making a pair with the digital system, and method for financial transaction | |
KR101314720B1 (en) | Mobile terminal for plural environment and providing method thereof | |
KR101385224B1 (en) | Digital system performing secure log-in and providing method thereof | |
KR101355862B1 (en) | Application system, authentication system, and mobile payment method using authentication information | |
KR20150145792A (en) | System for controlling user terminal usage and providing method thereof | |
KR20130126446A (en) | Digital system having financial transaction function, pair system making a pair with the digital system, and method for financial transaction | |
KR20140122971A (en) | Mobile terminal for plural environment and providing method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |