KR20150045053A

KR20150045053A - Method for application control and control system thereof

Info

Publication number: KR20150045053A
Application number: KR20130124209A
Authority: KR
Inventors: 김동진; 김대진; 심충섭; 신민식; 김진만
Original assignee: 주식회사 씽크풀
Priority date: 2013-10-17
Filing date: 2013-10-17
Publication date: 2015-04-28

Abstract

Disclosed are an application control method and a system for the same. The application control method comprises the steps of: performing a certain application in a data process device; judging whether the control system performed in the data process device would stop the application; making the control system stop the application based on judgment result; judging whether authentication action for the control system to continue performance of the application is performed; and making the control system cancel the stop of performance of the application in the authentication action is judged to be performed as the judgment result.

Description

TECHNICAL FIELD [0001] The present invention relates to an application control method,

The present invention relates to an application control method and a control system. And more particularly, to a method and system for efficiently and securely controlling an executed application even after an application is executed.

The need for execution control for applications executable on data processing devices (e.g., smart phones, tablet PCs, computers, etc.) is well known. Execution control is particularly necessary to prevent an unauthorized user from obtaining information or performing certain data processing in an unauthorized way through the application.

In the conventional method of execution control, a method is generally used in which an application executes an authentication function by itself and is executed when an input is inputted by a user (for example, input of a password). This method will be briefly described with reference to FIG.

1A shows a method of performing execution control of an application by authentication or approval through a server, which is conventionally used conventionally. 1A, when an execution request of a predetermined application is input from a user (S10), the application communicates with a predetermined server to transmit predetermined information (e.g., login information, terminal identification information, application serial number, etc.) And is approved by the server (S11). If the server approves, an approval signal may be transmitted to the application to allow the application to execute normally (S12).

An example of this is disclosed in Korean Patent Application No. 10-2011-0089111, "Method and Apparatus for Controlling Application Execution for Smart Phone ". However, such a conventional technology has a problem that a server must exist separately for execution control of an application. Particularly, in the case of an application which is executed only in the data processing apparatus without the need to perform communication with the server, there is a problem that execution control can not be performed by such conventional technology.

On the other hand, another conventional technique is shown in Fig. 1B. FIG. 1B shows a case where a control application that performs execution control detects an execution request of a specific application (S20), and when an execution request of the specific application is detected, requests inputting preset approval information (e.g., password, (S21). Then, it is determined whether the approval information input by the user corresponds to the preset approval information (S23), and if so, the execution of the specific application is allowed normally (S23). This type of execution control is widely adopted in application execution control applications that can be downloaded from an app store (e.g., Google play, Apple app store, etc.) that can currently download applications executable on a smart phone.

However, the method of FIG. 1B has a problem that anyone who knows the approval information can receive approval.

In addition, a notification message requesting input of preset approval information is displayed, so that the user is informed that the corresponding application can be executed by inputting approval information. That is, it is possible for anyone to know that it is necessary to input approval information in order to normally use the application. Therefore, if the user is under coercion or threat to another person, it may be forced to input the approval information, so that the execution control through the approval information may be practically useless.

In order to stop the execution of a specific application, the control application must always monitor whether or not the application is executed. In this case, all the execution requests (for example, I / O) input to the data processing apparatus are monitored or hooked hooking), so it consumes too much resources. Particularly, in the case of a mobile data processing apparatus such as a smart phone, such a resource has a problem that consumes a lot of power.

Therefore, a technical idea that can control the execution of another application executed in a predetermined data processing apparatus, and that can perform execution control with a high security level is required.

SUMMARY OF THE INVENTION The present invention has been made in an effort to solve the above technical problems, and it is an object of the present invention to provide a method and apparatus for controlling execution of a target application, And to provide a method and system for performing execution control of an application.

It is also possible to perform execution control of the target application through the presence or absence of an apparatus independent of the data processing apparatus (for example, a short-range wireless communication apparatus), rather than execution control through preset approval information (for example, password or pattern or gesture) Thereby enabling effective execution control even when the approval information is exposed.

In addition, even when a device independent of the data processing device (e.g., a short-range wireless communication device) is not possessed, a legitimate user can use the data processing device normally (i.e., The present invention provides a method and system for enabling a high security dynamic password to be used in order to provide a secure password.

There is also provided a method and system for enabling a control application to be seen as if it were running by making the control display have transparent properties when loaded on the run screen of the target application to control the execution of the target application will be.

An application control method according to an aspect of the present invention includes a step of executing a predetermined application in a data processing apparatus, a step of determining whether or not to stop the application in which a control system running in the data processing apparatus is executed, Determining whether an authentication action is performed to cause the control system to continue execution of the application; and if it is determined that the authentication action has been performed, And releasing the execution of the application.

Wherein the step of determining whether the control system is to suspend an application running on the data processing apparatus comprises the steps of the control system confirming a top priority operation of a running work list held in the data processing apparatus, And if the application is a preset target application, determining that the control system is an application to stop the application.

Wherein the application control method further comprises the step of setting the target application to be controlled by the control system, wherein the target application is an application that is installed in the data processing apparatus, different from the control application corresponding to the control system, .

The step of stopping the application by the control system may include the step of causing the control system to execute a predetermined stop process at a higher priority than the application in the data processing apparatus to stop the application.

The predetermined stopping process may be performed such that a predetermined control display is loaded at the top of a display device provided in the data processing apparatus.

The control display may be a display having a transparent property.

Wherein the step of determining whether an authentication action for continuing execution of the application is performed by the control system may include determining whether the short range wireless communication apparatus set to correspond to the application and the data processing apparatus are performing short range wireless communication have.

The application control method further comprises the step of the control system setting up a master short range wireless communication apparatus to be associated with the control system, wherein the master short range wireless communication apparatus comprises: And is set as a short-range wireless communication device corresponding to at least one application.

The application control method further comprises a step of setting the application, which is the target application to be controlled by the control system, by the control system, and setting a short range wireless communication device corresponding to the application set as the target application, May be a device different from the second short range wireless communication device corresponding to another application set as the target application by the control system.

Wherein the step of determining whether the control system is performing an authentication action to continue execution of the application comprises determining that the authentication information input from the user corresponds to a dynamic password, And a dynamic part specified based on usage history information that is changed in accordance with a use history of the processing apparatus.

A method for solving the above technical problem is characterized in that the control system executing in the data processing apparatus confirms the highest priority task of the running task list held in the data processing apparatus, , The control system loading a predetermined control display to the top display of the data processing apparatus, the control system determining whether an authentication action to continue execution of the application is performed, And if the action is determined to have been performed, the control system may unload the control display.

The application control method may be stored in a computer-readable recording medium on which the program is recorded.

According to another aspect of the present invention, there is provided a control system for executing a predetermined application in a data processing apparatus, the control system comprising: a determination module for determining whether to stop the executed application; A control module for suspending the application, and an authentication module for determining whether an authentication action for continuing execution of the suspended application is performed, wherein if it is determined that the authentication action is performed by the authentication module, The control module releases the execution of the application.

The determination module may determine the highest priority task of the running task list held in the data processing apparatus and may determine that the application is the application to stop the application if the application is the priority task and the application is a preset target application .

Wherein the control system further includes a setting module for setting a target application to be controlled by the control system, wherein the target application set by the setting module is a program that is installed in the control system And is an application different from the corresponding control application.

The control module may cause the data processing apparatus to execute a preset stop process in order of priority in order to stop the application.

The authentication module may determine whether the short range wireless communication device set to correspond to the application and the data processing device are performing short range wireless communication.

Wherein the control system further comprises a setting module for setting a master short-range wireless communication device to be associated with the control system, wherein the master short-range wireless communication device set by the setting module is configured by the control system, And a short-range wireless communication device corresponding to at least one application including the at least one application.

Wherein the control system further comprises a setting module configured to set the application as a target application to be controlled by the control system and to set a short range wireless communication device corresponding to the application set as a target application, The short range wireless communication device corresponding to the application may be different from the second short range wireless communication device corresponding to another application set as the target application by the control system.

Wherein the authentication module determines whether authentication information input from a user corresponds to a dynamic password in a state where the application is suspended and the dynamic password is specified based on usage history information that is changed according to a usage history of the data processing apparatus And may include a dynamic part.

A determination module for confirming a top priority task of a running task list held in a data processing apparatus to solve the technical problem; and a control module for, when the priority task identified by the determination module is a preset target application, A control module for loading the data into the uppermost display of the data processing apparatus, and an authentication module for determining whether an authentication action for continuing execution of the application is performed in a state that the application is stopped, If it is determined by the authentication module that the authentication action has been performed, the control display may be unloaded.

According to the technical idea of the present invention, the execution control of the target application is performed simply by stopping the execution of the executed target application while permitting the execution, rather than controlling the execution of the target application to be execution control itself There is an effect that can be done. Particularly, when the execution of the target application is stopped after the execution of the target application, the execution control can be performed even when the execution of the target application is not terminated and is reused, so that the security can be further enhanced.

In addition, there is no need to monitor all execution requests in order to prevent the execution of the target application, which is the object of execution control, so that consumption of resources and power can be remarkably reduced.

Further, there is an effect that the execution of the target application can be simply stopped by activating, i.e., loading, the control display with higher priority than the target application in order to stop the execution of the target application.

In addition, by loading the control display having the transparent property on the screen on which the execution screen of the target application is displayed, it is possible to prevent the other person from recognizing the reason why the execution of the target application is not normally performed.

Further, even when the approval information (for example, a password or a pattern) is exposed, the target application can be prevented from being normally used without occupation of a predetermined short range wireless communication device, Can be provided.

In addition, even when a device independent of the data processing device (e.g., a short-range wireless communication device) is not possessed, a legitimate user can use the data processing device normally (i.e., Authentication can be performed using a dynamic password in order to increase security and convenience.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
FIG. 1 is a diagram for schematically explaining a method of performing a conventional execution control.
2 is a diagram showing a schematic configuration of a control system according to an embodiment of the present invention.
FIG. 3 shows a flowchart for schematically explaining an application control method according to an embodiment of the present invention.
4 is a diagram for explaining a method for determining whether to stop execution of a predetermined application according to an application control method according to an embodiment of the present invention.
5 is a diagram illustrating a process of setting a target application according to an embodiment of the present invention.
6 is a diagram for explaining a process of controlling the execution of a target application according to an embodiment of the present invention.
7 to 8 are diagrams for explaining a method of performing execution control using a control display according to an embodiment of the present invention.
9 is a diagram for describing an authentication action for continuing execution of a suspended application according to an embodiment of the present invention.
10 to 11 are diagrams for explaining the concept of a dynamic password according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.

In this specification, the terms "comprises" or "having" and the like refer to the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, But do not preclude the presence or addition of features, numbers, steps, operations, components, parts, or combinations thereof.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

Hereinafter, the present invention will be described in detail with reference to the embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

2 is a diagram showing a schematic configuration of a control system according to an embodiment of the present invention.

Referring to FIG. 2, a control system 100 according to an exemplary embodiment of the present invention includes a control module 110, a determination module 120, and an authentication module 130. The control system 100 may further include a setting module 140, and / or a DB 150.

The control system 100 is installed in a predetermined data processing apparatus (for example, a mobile phone, a tablet PC, a notebook computer, or the like), so that software for implementing the technical idea of the present invention and hardware included in the data processing apparatus are organized As shown in FIG.

The control system 100 is installed in the data processing apparatus, and can control the execution of at least one target application executed in the data processing apparatus.

The target application may mean an application whose execution is controlled according to the technical idea of the present invention. The target application may be all applications installed in the data processing apparatus, or may be some applications. The control system 100 can set the predetermined application to the target application according to the technical idea of the present invention or at the user's option. To this end, the control system 100 provides a predetermined UI and provides a list of applications installed in the data processing apparatus through the UI. Then, the application selected from the provided list can be set as the target application.

The term " controlling execution " in the present invention does not mean that the execution itself is not performed as described above. Instead of executing the execution itself, The execution control of all types that prevent the use of the execution control.

According to one embodiment, the control system 100 can stop the target application according to the technical idea of the present invention as soon as it confirms that the target application has been executed. Alternatively, the control system 100 may operate normally after the target application is executed, but may suspend the execution of the target application when a specific event occurs or a user's request is made.

For example, the control system 100 may determine whether or not the target application is executed, and if the determination result indicates that the target application has been executed, the control system 100 may load the control display according to the technical idea of the present invention.

The fact that the control display is loaded may mean activating the control display such that the control display is displayed at the highest level of the data processing apparatus. The data processing device may be configured to pause or pause a currently running process (a process executing the target application) or an application when another process (e.g., the process of displaying the control display) or another application is activated with a high priority ). &Lt; / RTI > For example, in the case of the Android (OS) OS or iOS (TM), if a process or another application is executed with a higher priority (or activation) while a specific process or a specific application is being executed, May not be executed in the background but may be suspended. Therefore, when the control system 100 loads the control display as soon as it detects that the target application is being executed, it is substantially the same as controlling the execution of the target application from being started at all, There is an effect that control can be performed with a small amount of resources. That is, according to the technical idea of the present invention, in order to prevent the other application executing separately from the target application from starting execution of the target application, all requests executed in the data processing apparatus are monitored or hooked There is an effect that the execution of the target application can be substantially controlled without the need.

According to an embodiment, the control system 100 controls the execution of the target application by loading the control display when the target application is executed and used by the user and a specific event occurs or there is a request from the user It is possible. For example, the control system 100 can control the target application to be executed normally only at a specific position. When the control system 100 determines that the data processing apparatus is out of a specific position, it can control the execution of the target application using the control display described above. Or may control the execution of the target application at a specific time. To this end, the control module 110 may further include a position determination module (not shown) for determining the position of the data processing apparatus. As described later, when the target application is listed in the highest priority task of the running list, the control module 110 stops the target application if it is determined that the data processing apparatus is in the predetermined first position, It may not stop the target application. In addition, the embodiment of the event that the control system 100 determines to control the execution of the target application may vary.

According to the embodiment, even if an event (for example, execution of a specific function or the target application accesses specific data or a specific file) occurring in the target application during execution of the target application, You can judge. For example, when an application (i.e., a target application) capable of loading various data or files such as a gallery is executed and the app plays (accesses) general data or files, it is not controlled by the control system 100 When it is intended to reproduce the specific data or file set in advance, execution control of the target application according to the technical idea of the present invention can be performed. In addition, when some functions (for example, inquiry) of various functions performed in a major financial transaction application (i.e., a target application) such as a mobile banking application are executed, they are not controlled by the control system 100, The execution control may be performed according to the technical idea of the present invention. In this case, it is needless to say that an API (application programming interface) capable of notifying the occurrence of the event may be used between the control system 100 and the target application. Alternatively, when the API is not used, a method of analyzing a screen of the target application may analyze whether a specific event occurs during execution of the target application.

Depending on the implementation, the execution control according to the technical idea of the present invention may be performed according to the request of the user. For example, when the user wants to stop execution of the target application for a while while using the target application, when the control system 100 requests the control system 100 for control by using a predetermined UI or button, You can control the execution.

According to one embodiment of the present invention, the control system 100 may load the control display at the top level to control the execution of the target application. In particular, the control display may have a transparent property. That is, even though the control display is displayed on the uppermost layer of the display device provided in the data processing apparatus, the control display can be implemented so that the currently displayed screen is displayed as it is. Therefore, the user can be implemented so as not to visually recognize whether the control display is displayed or not. This provides the same effect as stopping the application while displaying the screen of the target application originally being executed. That is, in spite of the fact that the control display is being displayed at the top layer, and thus the execution of the target application that was originally running is suspended, the user simply can recognize that the target application is stopped during execution without any reason . Therefore, a person who does not know in advance that the application being executed is a target application whose execution is controlled according to the technical idea of the present invention, may mistake that execution is stopped due to a bug or an error during execution. Therefore, it is possible to avoid a situation in which the user is not required to input the approval information due to a threat or coercion that can be generated in the case where the approval information is input normally to guide the execution of the target application, as in the conventional method .

In order to set the display attribute of the control display to be transparent, it may be possible to adjust the so-called alpha value of the display attribute of the object called the control display. Herein, the fact that a certain object (e.g., the control display) has a transparent property does not necessarily mean that it is set to be completely transparent, such that the alpha value is set to zero. That is, even if at least the control display is displayed on a higher layer than the screen of the currently displayed target application, transparency of a certain level or more (that is, a transparency that allows the screen of the target application to be recognized as being continuously displayed The control display can also be expressed as transparent.

As described above, according to the technical idea of the present invention, a control display having a transparent property is displayed on an upper layer than an execution screen of a target application, so that a person who is not aware of execution control of the target application secretly executes Control can be performed.

Meanwhile, according to another embodiment of the present invention, the control display may not have a transparency attribute. Even in such a case, the technical idea of the present invention can still be effective. Further, all kinds of possible methods for stopping the execution of the target application can be applied to the technical idea of the present invention. In any case, after the target application is stopped by the technical idea of the present invention, the control system 100 can determine whether a predetermined authentication action is performed and continue the execution of the target application after the authentication action is performed.

The authentication action according to the technical idea of the present invention is also different from the authentication using the existing simple approval information (for example, a password, a secret pattern, a gesture, etc.), and the authentication is simple due to such differentiated features, Relatively high authentication can be performed. An example of such an authentication action will be described later.

The control system 100 may include a control module 110, a determination module 120, and an authentication module 130 as described above. The control system 100 may further comprise a configuration module 140 and / or a DB 150 according to an embodiment.

In this specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware. Can be easily deduced to the average expert in the field of < / RTI >

The control module 110 may include other components (e.g., a determination module 120, an authentication module 130, a configuration module 140, and / or a control module) included in the control system 100 according to an embodiment of the present invention. DB 150 and the like) and / or resources.

The judgment module 120 can judge whether or not an application executed in the data processing apparatus is an application to be suspended. That is, the determination module 120 may determine whether the application is a target application for controlling execution. To this end, the determination module 120 may use a running task list as described below.

After the execution of the target application is stopped, the authentication module 130 may determine whether an authentication action for continuing execution of the target application is performed.

The control module 110 may stop execution of the target application. Also, the execution stop of the target application can be canceled. That is, execution of the stopped target application can be continued.

The setting module 140 can set a target application to which the technical idea of the present invention is applied. According to an implementation, the time or situation at which the target application is to be stopped can be further set.

The process of setting the target application by the setting module 140 is shown in Fig.

FIG. 5 is a diagram for explaining a process of setting a target application according to an embodiment of the present invention. Referring to FIG. 5, the setting module 140 determines whether at least one application installed in the data processing apparatus The list can be displayed on the data processing apparatus as shown in Fig. According to an example, the setting module 140 may be a configuration in which an execution request of a user is input and executed.

In addition, the configuration module 140 may provide a UI by which a user may select at least one of the displayed list of the at least one application. If at least one application is selected by the user, the setting module 140 may set the selected application as the target application. The setting module 140 may store information on the set target application in the DB 150.

Meanwhile, the setting module 140 may be configured to set a short-range wireless communication device corresponding to the target application. At this time, the setting module 140 can set a short-range wireless communication device corresponding to each target application. According to an embodiment, the setting module 140 may be configured to set a short-range wireless communication device corresponding to the control system 100. [ The short-range wireless communication apparatus corresponding to the control system 100 may be a short-range wireless communication apparatus corresponding to all of the target applications whose execution is controlled by the control system 100. [ In this case, the short range wireless communication apparatus corresponding to the control system 100 is defined as a master short range wireless communication apparatus.

The short-range wireless communication device can be used for the authentication action required to cancel the execution of the stopped target application, i.e., to continue execution of the target application.

When the execution of a predetermined target application is stopped, the user can perform an authentication action for short-range wireless communication with the data processing apparatus by the short range wireless communication apparatus corresponding to the target application. Then, the execution of the target application can be released. If the master short-range wireless communication apparatus is set, the execution stop of the target application may be canceled even if the master short-range wireless communication is performed in short-range wireless communication with the data processing apparatus.

Of course, the master short-range wireless communication device is set, and at least one specific target application among the target applications whose execution is controlled by the control system 100 separately from the master short- The short-range wireless communication apparatus may be set as a corresponding short-range wireless communication apparatus. In this case, the short-range wireless communication apparatus corresponding to the specific target application may be the second short-range wireless communication apparatus and the master short-range wireless communication apparatus.

Since the short-range wireless communication device corresponding to the entirety of the target applications as well as the target applications can be set individually corresponding to the target applications, the user can set the own The desired short range wireless communication device can be set differently. This allows higher security to be provided.

The DB 150 may store various information necessary for implementing the technical idea of the present invention. For example, information on the target application set by the setting module 140 (e.g., application ID, name, or process ID) may be stored.

The control system 100 may be a system in which the control application installed in the data processing apparatus and the hardware of the data processing apparatus are organically combined as described above. At this time, the configuration of some of the configurations of the control system 100 may be always executed in the background in the data processing apparatus when the control application is installed, and some configurations may be executed in the data processing apparatus Lt; / RTI > For example, the functions performed by the setting module 140 or the setting module 140 may be executed in the data processing apparatus when a user's execution request is input, and the control module 110, the determination module 120, , And / or the authentication module 130 may be configured in the background when the control application is installed.

The application control method of the present invention implemented by the control system 100 including these configurations will be described with reference to Figs. 3 and 4. Fig.

FIG. 3 shows a flowchart for schematically explaining an application control method according to an embodiment of the present invention. 4 is a diagram for explaining a method for determining whether to stop execution of a predetermined application according to an application control method according to an embodiment of the present invention.

2 and 3, when the predetermined application is executed in the data processing apparatus (S100), the determination module 120 may determine whether to stop execution of the executed application (S110) .

If it is determined that the application should be suspended, the control module 110 may suspend the execution of the application (S120).

Then, the authentication module 130 may determine whether the authentication action according to the technical idea of the present invention is performed in the state where the execution of the application is suspended (S130).

If the authentication module 130 determines that the authentication action has been performed, the control module 110 may continue execution of the suspended application (S140).

The determination module 120 may determine to stop execution of the application if the executed application is a preset target application.

In addition, according to one embodiment, the process of determining whether to stop execution of the application by the determination module 120 may be as shown in FIG.

Referring to FIGS. 2 and 4, the determination module 120 may check information about an execution task list held in the data processing apparatus. The highest priority task in the execution list can be confirmed (S111).

Then, the determination module 120 may determine whether the identified highest priority task corresponds to the target application (S112). Information about the target application (e.g., an application name or a process name) may be stored in the DB 150 in advance. If the confirmed highest priority job is a job corresponding to the target application, the determination module 120 may determine that the highest priority job is a job to be stopped. Then, the control module 110 receives the determination result of the determination module 120 and can stop the execution of the priority task.

For example, assuming that the user executes a predetermined application, the OS of the data processing apparatus places the application in the top priority task of the running work in response to the execution request of the user's application. The running work list may be, for example, a system configuration of an OS having a stack structure. Therefore, the job listed later in the work list may be executed first. For example, in the Android OS, the execution-in-progress list can be confirmed through a predetermined function in the system class.

Accordingly, the determination module 120 can confirm the most recent execution requested task, that is, the application, by confirming the highest priority task in the execution list. If the identified highest priority task, that is, the application corresponds to the target application stored in the DB 150 in advance, the determination module 120 determines that the highest priority task, that is, can do.

Meanwhile, when the execution of the target application executed in the data processing apparatus is controlled by monitoring the highest priority task of the task list during execution, the target application is not only executed when the target application is executed for the first time, There is a significant advantageous effect that execution can be controlled even if it is aborted and reused. This is because, if the usage is stopped and reused by the user, there is a possibility that the user will be reused by a user other than the user who was originally authenticated and used.

This technical idea is shown in Fig.

6 is a diagram for explaining a process of controlling the execution of a target application according to an embodiment of the present invention.

Referring to FIG. 6, the work list of the data processing apparatus may include a work list as shown in FIG. In this situation, a predetermined application (e.g., application C) may be executed by the user. Then, the data processing apparatus can include the identification information of the C as the top priority task of the running work list while executing the C.

The determination module 120 may determine whether the highest priority task (i.e., application C) is the target application. As a result of the determination, the C may not be the target application. Then, the control module 110 may not perform any execution control on the C. Then, C can be executed in the data processing apparatus.

The execution request of the application D can then be input by the user. Of course, a predetermined process or operation (e.g., a process corresponding to the home button input of the Android OS, etc.) may be executed while C is being executed and the execution request of the D is input. Then, the data processing apparatus can include the identification information of the D in the highest priority work of the running work list while executing the D.

The determination module 120 may determine whether the highest priority task, i.e., D, is the target application. As a result of the determination, D may be a target application. Then, the control module 110 can stop the execution control, that is, the execution of the D, for the D.

The control module 110 may execute a suspend process for suspending the execution of the D with a task having a higher priority than the D. According to an embodiment, the suspend process may be executed with a higher priority than the D by simply executing the suspend process later than the D, or the suspend process may be executed after separately setting a priority. A specific example of the stopping process will be described later.

When the stop process is executed, the authentication module 130 can determine whether or not an authentication action according to the technical idea of the present invention is performed by the data processing apparatus or the user. Of course, a predetermined task may be additionally included in the top priority task of the running task list to determine whether the authentication action is performed, but it is not shown in FIG.

If it is determined by the authentication module 130 that the authentication action has been performed, the control module 110 may terminate the suspension process. Then, the above-mentioned D can be a top priority task again. If the priority task is changed from the pause process to another task (e.g., D) as the pause process ends, the determination module 120 may not determine whether the priority task is again the target application. Otherwise, even if the user performs the authentication action, the user may fall into an infinite loop in which the authentication process must be performed again after the termination process ends.

If D is again the top priority task, the data processing device may resume execution of D that was stopped. Then, the user can input a request to the data processing apparatus to call the home screen. In this embodiment, the home screen is called. However, it can be understood that the same result can be obtained even when various applications or processes are called in place of the home screen, Can easily be deduced.

Then, the data processing apparatus can include the process of executing the home screen in the top priority task of the running work list while calling the home screen. Then, when the user makes a request to call D again, D is again the highest priority operation.

Since the decision module 120 does not change the priority task by the end of the stop process, it can check whether the priority task (i.e., D) is the target application.

Since D is the target application, the control module 110 may execute the stop process to stop execution of the D again according to the determination result of the determination module 120. [

That is, as in the technical idea of the present invention, it is possible to easily perform execution control on a target application by monitoring only the highest priority task of the task list during execution without monitoring all requests input to the data processing apparatus. There is also a significant effect that execution can be controlled not only when execution is requested, but also when the target application is reused, as described in Figure 6.

Referring back to FIG. 2, when the determination module 120 determines that the execution of a predetermined application should be stopped, the control module 110 may load the stop process as described above.

According to one embodiment, the stopping process may be to load the control display according to the technical idea of the present invention at the highest level of the display device.

The time at which the control display is loaded and the time at which the execution of the target application is stopped may not necessarily be the same. That is, even if the control display is loaded, the target application may be implemented to perform certain data processing and stop. In any case, the target application may be stopped as soon as the control display is loaded or after a certain point in time.

If the determination module 120 determines that the target application is to be executed, the control module 110 may promptly load the control display. Depending on the implementation, even if the target application is executed, it may load the control display only when certain conditions or conditions are satisfied. When loading the control display immediately after the target application is executed, an effect substantially similar to that for preventing the execution of the target application can be obtained.

After the target application is executed, the determination module 120 may monitor whether the specific event is normally used by the user or whether there is a request from the user. The specific event may be varied according to the embodiment and may be defined as a point in time when the determination module 120 controls the execution of generation of various events for determining whether the data processing apparatus is generated. For this, the determination module 120 may perform communication with various devices (e.g., position determination means, time determination means, etc.) provided in the data processing apparatus. Alternatively, the determination module 120 may use an event generated in the target application through communication with the target application as a criterion of whether or not execution control is to be performed.

If it is determined that the execution control is to be performed by the determination module 120, the control module 110 may execute a stop process (for example, loading of the control display) according to the technical idea of the present invention. Also, the control module 110 may terminate the suspended process that has been executed. For example, the control display may be un-loaded.

In order for the control module 110 to unload the control display, it may terminate the process activating the control display or terminate the application activating the control display. In the latter case, the control system 100 may load the control display in the data processing apparatus as a separate application.

The control display may have a size corresponding to a full size of a display device (e.g., a touch screen) of the data processing device, or may have a size corresponding to a part of the display device.

In addition, the control display may or may not include an input object capable of receiving an input signal from a user via a display device (e.g., a touch screen). If no input object is included in the control display, a predetermined input object (for example, a button, a text or a numeric character) is displayed on the screen of the user before the control display is loaded , Etc.), the data processing device may not respond to any touch signal. This is because the touch signal is input to the process corresponding to the control display because there is no input object to handle the touch signal input to the control display.

According to another embodiment, the control display may comprise a predetermined input object. At this time, the input object may also be transparent so as not to be visually perceived by the user. At this time, only a user who knows the existence of the input object can correctly select (e.g., touch) at least one input object included in the control display. Therefore, it is possible to secretly input, via the control display, predetermined information for unloading the control display and for continuing execution of the target application again.

In any case, when the control display is loaded, the input signal input by the user becomes the input signal of the process corresponding to the control display, so that the user can control the target application I will not.

Of course, the control display may also display UI or guidance information that the user can visually confirm. The guide information may be, for example, information for guiding the user to perform a preset authentication action.

The authentication module 130 may determine, in a state that the control display is loaded, that an authentication action for unloading the control display is performed.

For example, when no input object is included in the control display, since no signal or information can be input to the touch screen of the data processing apparatus, (E.g., an NFC chip, a camera module, or a biometric information recognition module, etc.) provided in the apparatus. According to an embodiment of the present invention, the authentication action may be an action in which the data processing apparatus performs near field wireless communication (e.g., NFC communication, etc.) with a predetermined local wireless communication apparatus (e.g., IC card or the like). Alternatively, it may be an action for controlling the camera module in a predetermined manner. In any case, a predetermined action using a predetermined device provided in the data processing apparatus, not through the touch screen, may be the authentication action. In this case, it can be verified that the user possesses the data processing apparatus and the predetermined apparatus (e.g., a short-range wireless communication apparatus), thereby further increasing the security.

Of course, in the case where the data processing apparatus is provided with a biometric information recognition module which is a means capable of recognizing biometric information (e.g., fingerprint, iris, etc.), the authentication action is performed by the user through the biometric information recognition module, It may be an action to authenticate information. To this end, the control system 100 may receive and store biometric information of a user through the biometric information recognition module in advance.

According to another embodiment, the authentication action may be whether predetermined information is input in advance. The information may be input through a touch screen provided in the data processing apparatus. When the data processing apparatus is provided with an input device (e.g., a keypad, a keyboard, etc.) separate from the touch screen, May be input. If a separate input device other than the touch screen is not provided in the data processing device, an input object capable of inputting the information (for example, an input UI for inputting a predetermined button or a pattern, etc.) is included in the control display . At this time, the input object may or may not have a transparent property. When the input object has a transparent property, the user must input necessary information (for example, a password or a secret pattern) through an input object that can not be visually confirmed, so that the user can use the target application normally.

Meanwhile, the authentication action may be an action in which a dynamic password according to the technical idea of the present invention is input to the data processing apparatus. The dynamic password may be a password that changes depending on the situation, unlike a conventional static password. In particular, the dynamic password may be a password that can be known only by having a specific terminal. An example of such a dynamic password will be described later with reference to FIG. 10 to FIG.

The DB 150 may store information (for example, an application ID, a name, a storage path, and the like) about a target application that is an object of execution control according to the technical idea of the present invention. The target application may be at least one application installed in the data processing apparatus. In addition, the DB 150 may include information on an event to be execution control or an event to be execution control for each target application. In addition, the identification information of the local area wireless communication apparatus to which the data processing apparatus should perform the local area wireless communication for the target application or for the release of the execution control of all the target applications (i.e., unloading of the control display) may be stored. Also, depending on an implementation, information on predetermined approval information (e.g., password or secret pattern) to be applied to each of the target applications or the entire target applications may be stored. In addition, the biometric information of the user may be stored in the DB 150 in advance. In addition, a rule for defining the dynamic part of the dynamic password may be stored in the DB 150 in advance. Of course, when a static part (user part) is included as described later, information on the static part (user part) may be further stored in the DB 150. [ The information stored in the DB 150 may be stored in a state of being secured through encryption or the like.

7 to 8 are diagrams for explaining a method of performing execution control using a control display according to an embodiment of the present invention.

7, the control display 10 according to the embodiment of the present invention is configured such that, while the execution screen 20 of the target application is being displayed in the data processing apparatus 1 as shown in FIG. 4, Can be displayed on the screen 20.

7 shows a case where the execution screen 20 of the target application is displayed in a full size in a display area for displaying predetermined information in the data processing apparatus 1 and the control display 10 is also displayed in a full size Respectively. However, it should be understood that the technical idea of the present invention can be implemented even when the execution screen 20 and / or the control display 10 are displayed only on a part of the display area, It will be possible.

According to the technical idea of the present invention, the control display 10 has a transparent property as described above, and even when the control display 10 includes a predetermined object (for example, an input object as described above) The object can also be set to have transparent properties. Therefore, the user using the data processing apparatus 1 may not be aware that the control display 10 is displayed on the execution screen of the target application.

In other words, only a user who knows in advance that the target application is performing the execution control according to the technical idea of the present invention needs to perform predetermined authentication actions (for example, short-range wireless communication with the short- (E.g., tagging) or inputting predetermined approval information (e.g., a password or secret pattern, etc.). Also, a user who does not know that the execution control is being executed will see only a screen that is stopped when the target application is executed, and will be perceived as an error or a malfunction, so that the user can not normally use the target application. In addition, since the control display 10 is displayed on the upper layer than the execution screen 20 of the target application, the user can not perform any input to the target application.

8, the control display 10 displayed on the execution screen 20 of the target application according to the technical idea of the present invention may not include any objects as shown in Fig. 7, And may include a predetermined object as shown. The object may be an input object (for example, 11 to 13) for receiving a touch signal from a user. Of course, the input object is also set to transparent so that the user can not visually confirm the input object. Therefore, a user with a legitimate right may have to know in advance where the input object (e.g., 11-13) will be placed on the control display 10.

8 shows an example in which the input object is implemented as an input button for inputting numbers from 1 to 9. However, various objects such as a pattern input UI for inputting a preset pattern by a user may be displayed on the control display (10) and can be displayed transparently.

If the user has set the password "1234 " in order to normally use the target application, for example, the user can press the button 11 corresponding to the number 1, the button 12 corresponding to the number 2, The password 13 can be inputted by selecting (for example, touching) the button 13 corresponding to the number 3 and the button 14 corresponding to the number 4.

The control system 100 judges whether the input information corresponds to the preset information and when the control screen 100 determines that the input information corresponds to the information, the control screen 100 unloads the control display 10, As shown in FIG. Then, the user can normally use the target application.

Although FIG. 8 shows an example in which the number buttons are sequentially arranged in the order of numbers, it goes without saying that they can be displayed in a non-sequential manner or in various ways.

9 is a diagram for describing an authentication action for continuing execution of a suspended application according to an embodiment of the present invention.

Referring to FIG. 9, the data processing apparatus 1 may stop execution of the target application while the target application is running. According to one embodiment, the control system 100 installed in the data processing apparatus 1 may be in a state in which the control display 10 is loaded and displayed on the execution screen 20 of the target application.

If a legitimate user appears to have stopped the target application, the legitimate user recognizes that the target application is under execution control according to the technical idea of the present invention, and performs authentication action (for example, predetermined short range wireless communication device 2) (E.g., tagging) with the control system 100. Then, the control system 100 confirms whether the apparatus 2 communicated by the short-range wireless communication is a predetermined apparatus, and if it is determined as a predetermined apparatus The control display 10 can be unloaded.

In the case where the execution control of the target application is controlled using the short-range wireless communication device 2 as described above, it is possible to authenticate a user who has a proper authority based on occupancy of the short-range wireless communication device 2 Thereby providing excellent security. At this time, the control display 10 may or may not include any input object. That is, the user can satisfy predetermined conditions irrespective of whether or not an input object is included in the control display 10. This is because short-range wireless communication is an action using a device which is not related to the touch screen provided in the data processing apparatus 1. [

On the other hand, when the target application is suspended during execution, the person who intends to use the data processing apparatus 1 or the target application unauthorized can not know that the execution control is being performed and normally can not use the target application .

According to another embodiment, the authentication action may be an action that receives a dynamic password. Such an example is shown in Figs. 10 and 11. Fig.

10 to 11 are diagrams for explaining the concept of a dynamic password according to an embodiment of the present invention.

Referring to FIGS. 10 to 11, the authentication module 130 provides a dynamic password according to the technical idea of the present invention, and can perform a user authentication using the dynamic password. In this case, the authentication action may be an action in which the authentication module 130 receives the dynamic password from the user.

The dynamic password may be a password that can be automatically changed by various factors such as time or place without change by the user. The password may be implemented as a series of strings including numbers, letters, symbols, and the like.

The dynamic password may include a dynamic part, and may further include a user part. The user part may refer to a portion of the dynamic password set by the user, and the user part may also include at least one number, letter, or symbol. By this user part, the dynamic password has user dependency. That is, it is determined by the user and can be determined differently for each user.

The dynamic part may be information that can be changed dynamically by various factors, and the dynamic part may also include at least one number, letter, or symbol. According to the technical idea of the present invention, the dynamic part has a dependency on a predetermined terminal (for example, the data processing apparatus). That is, it is determined by the terminal, and may be determined differently for each user terminal. Further, the dynamic part can be determined depending on the inherent function of the terminal. That is, instead of using a separate device or algorithm to generate a password (or a part of a password) that is dynamically changed, such as a conventional OTP, a user terminal (e.g., a separate (E.g., communication history, application information, address book information, and the like) corresponding to the use history, information stored in the terminal when the communication device is used according to the purpose. Therefore, according to the technical idea of the present invention, even if a dynamic password (or one-time password) generation device or algorithm which is treated to be extremely secure and which requires a considerable cost to use a device or algorithm is not provided, It is possible to provide a technical idea that can perform the same or similar function as a conventional dynamic password (or one-time password) generating apparatus using only a terminal (for example, a user's mobile phone).

Further, according to the technical idea of the present invention, since the dynamic part can be determined based on the usage history in which the terminal (for example, the data processing apparatus or the other data processing apparatus) is used, the dynamic part has dependency on the user terminal do.

The authentication module 130 may be installed in a user terminal (e.g., the data processing device) used to determine the dynamic part.

The authentication module 130 may specify a user part as described above. The authentication module 130 may receive the user part from the user. The authentication module 130 may store the user part entered by the user in the DB 150. [

In addition, the authentication module 130 can identify a dynamic part. When the data processing apparatus is used for its own purpose, the dynamic part can be extracted as a domain as usage history information that can be confirmed by the data processing apparatus. Therefore, the authentication module 130 can set a rule that can specify the dynamic part from the usage history information. The rule may be a rule set by the authentication module 130 in a default state or may be a rule set by a user, and may be any one of a plurality of rules provided by the authentication module 130, . Information on such rules can be stored in the DB 150. [

According to the technical idea of the present invention, the usage history information may also be a plurality of types. When the data processing apparatus is used for a specific purpose, the usage history information may be changed according to usage patterns. Also, the usage history information may be changed according to an embodiment of the data processing apparatus, that is, the type of the user terminal. Although the mobile phone is described as an example of the data processing apparatus in the present specification, it can easily be deduced that the average expert in the technical field of the present invention can easily deduce that the implementation examples of the usage history information can also be varied according to the embodiment of the data processing apparatus will be.

When the data processing apparatus is a mobile phone (for example, a feature phone, a smart phone, or the like), the use history information includes a communication history (e.g., call history, message transmission / reception history, A list of applications, etc.), an address book, and the like. That is, the communication history, the application installation or use history, the address book, and the like can be personalized according to the mode or history in which the user uses the data processing apparatus. Therefore, if the use history information does not occupy the data processing apparatus, it may be unknown information even if it is a legitimate user. Of course, the other person can not know the dynamic part specified by a predetermined rule among the use history information. Even if a predetermined rule is known, the dynamic part can not be known unless the data processing apparatus is occupied. Therefore, when the dynamic part is extracted from the use history information, the authenticated user through the dynamic password including the dynamic part can be regarded as occupying the data processing apparatus.

Also, the authentication module 130 may select any one of various types of usage history information as a domain from which to extract a dynamic part.

The authentication module 130 may dynamically change the rule itself for extracting the dynamic part from the use history information. That is, although the use history information is information that is dynamically changed as the data processing apparatus is used, the rule itself is also dynamically changed, thereby further enhancing the security. Also, the authentication module 130 may dynamically change the type of the usage history information for a similar reason.

The authentication module 130 may use various factors such as time or place as a reference for changing the rule and / or the type of the usage history information. For example, in the first time zone (e.g., from 9:00 am to 12:00 am) or at the first location (e.g., home), the authentication module 130 may determine whether the communication history A rule of extracting a predetermined number of digits of the number as a dynamic part is applied, and in a second time zone (for example, from 12:00 pm to 3:00 pm) or in a second place (for example, a company) A rule for extracting a predetermined number of digits of a telephone number of a communication party (telephone or messaging) as a dynamic part can be applied. Needless to say, of course, the position of extracting the digits to be used for the dynamic part in the same telephone number may vary.

In addition, the authentication module 130 may extract a dynamic part in the first time zone or the first location according to a predetermined rule by using the communication history of the usage history information as a domain, and in the second time zone or the second location, The application part of the application may be extracted as a domain according to a predetermined rule.

As a result, according to the technical idea of the present invention, the dynamic password can be changed according to various factors, thereby increasing security. For example, the use history information is information that is changed depending on the use of the data processing apparatus, and the rule for extracting the dynamic part and / or the type of usage history information may be changed according to a separate parameter (e.g., time or place) have. Information on how to dynamically change the type of the rule and / or use history information may also be stored in the DB 150, and the authentication module 130 may obtain information on how to dynamically change the type of the rule and / When authentication is requested, dynamic parts can be extracted.

The authentication module 130 can generate a dynamic password when execution of a predetermined target application is suspended. To do this, dynamic parts and user parts can be specified. The authentication module 130 may then generate a dynamic password based on the received user part and the dynamic part. The user can be authenticated by comparing the generated dynamic password with the password input from the user.

Also, the authentication module 130 may dynamically change the method of generating a dynamic password using the user part and the dynamic part, that is, the combining method. When the combining method of dynamically combining the user part and the dynamic part is changed, the authentication module 130 may notify the user requesting the authentication method, or may notify the user of the authentication method have.

When the predetermined target application is stopped, the authentication module 130 can receive the password input from the user. The authentication module 130 may then perform an authentication action to determine whether the received password corresponds to a dynamic password. As described above, the authentication action identifies the use history information that the authentication module 130 can check from the data processing apparatus, extracts the dynamic part using the predefined rule from the use history information that has been confirmed, And generating a dynamic password using the dynamic part and the pre-stored user part. When the rule for extracting the dynamic part, the type of usage history information, and / or the combining method for combining the user part and the dynamic part are dynamically changed as described above, the rule to be applied at the time of the current authentication, It is of course possible to generate the dynamic password after confirming the type and / or the combining method based on the information stored in the DB 150.

For example, as shown in FIG. 10, the authentication module 130 according to the embodiment of the present invention may provide a predetermined authentication UI 30 to the data processing apparatus so that the user can easily specify a dynamic part .

The authentication UI 30 may include a password input UI 31 for inputting a password and a UI 32 for displaying usage history information. If the type of usage history information used by the authentication module 130 is variable, only the usage history information to be currently applied may be selectively displayed on the UI 32. Alternatively, the usage history information may include all or a plurality of usage history information May be displayed. When a plurality of pieces of usage history information are displayed, the user has to know which usage history information is used as a domain for extracting a dynamic part at present, so that security is enhanced.

FIG. 10 shows a case where call history (communication history) or in-use application information is displayed as use history information as usage history information.

The user can directly extract a dynamic part from the information displayed in the UI 32 according to a preset rule, and generate a dynamic password and input the dynamic password to the UI 31. [ Therefore, there is an effect that it is not necessary to perform a series of processes for confirming the use history information from the data processing apparatus.

On the other hand, a rule for extracting a dynamic part from use history information or a concept used for selectively extracting a dynamic part from a plurality of types of usage history information will be described with reference to FIG.

10 and 11, the user part is information specified by the user and may be, for example, "ABC ".

Also, if communication history (history of telephone or message, or recent reception history, call history, or the like) among the use history information shown in FIG. 10 is selected as a domain from which dynamic parts are extracted, (For example, 010-123-4567, 02-345-6789, 010-456-7890, etc.) included in the communication history (e.g., the identification information of the counterpart terminal, for example) 1 < / RTI > condition based on the identification information of the communication target. For example, the condition is a rule for extracting the identification information of the most recent communication object (010-123-4567), the host communication object (02-345-6789), or the latest communication object (010-456-7890) . Further, the rule may specify the whole of the communication object identification information (for example, 010-123-4567) as a dynamic part, but it is also possible to extract the dynamic part from the identification information of the communication object extracted by the first condition The second condition may be satisfied. For example, the second condition may be a condition for extracting the last four digits (e.g., 4567), or a condition for extracting the fourth digit (e.g., 456) from the second digit from the end.

In this way, if the rule is applied that the last four digits are extracted as dynamic parts from the identification information of the most recent communication object (e.g., 010-123-4567), the dynamic part may be "4567" . Further, if the rule is such that the rule that the last four digits are extracted as the dynamic part from the identification information of the communication target (for example, 02-345-6789) of the customer is applied, the dynamic part may be "6789 ".

Further, even when the use history information is selected as the information of the in-use application, the rule may be any one of the information of the in-use application including the identification information of the plurality of applications such as the most recently executed application, Lt; RTI ID = 0.0 > identity < / RTI > Further, the identification information of the specified application itself may be used as a dynamic part, or a condition for selecting a part of letters, numbers, or symbols may be further included. For example, when the rule that the three characters preceding the identification information of the application executed in the car charger is extracted as a dynamic part is applied, the dynamic part can be extracted as "bcd ".

It is noted that various rules can be set, and such rules can also be dynamically changed according to a predetermined criterion.

On the other hand, if the user part and the dynamic part are determined, the authentication module 130 can generate a dynamic password using the determined user part and the dynamic part. .

According to one example, when the user part is "ABC " and the dynamic part is" 4567 ", the authentication module 130 can generate dynamic passwords in various ways such as "ABC4567 "," 4567ABC ", "A4B5C67 & , This generation method can be shared by the user. Similarly, when the dynamic part is "6789 ", the authentication module 130 can generate dynamic passwords in various ways such as" ABC6789 ", "6789ABC "," A6B7C89 " The module 130 may generate dynamic passwords in various ways such as "ABCbcd "," bcdABC ", "AbBcCd ", and the like.

Also, the method of generating (or combining) the dynamic password using the user part or the dynamic part is not fixed to any one, but may be changed dynamically.

Of course, the dynamic password may further include information determined in a predetermined manner in addition to the user part and the dynamic part according to the technical idea of the present invention.

In any case, the dynamic part can be determined based on usage history information that is changed according to the fact of use or usage of the data processing apparatus, and thereby, a dynamic password (a one-time password) Can be generated. Further, there is an effect that the occupation of the data processing apparatus is authenticated by extracting the dynamic part from the use history information.

The data processing apparatus 1 may include a processor and a memory for storing a program executed by the processor. The processor may include a single-core CPU or a multi-core CPU. The memory may include high speed random access memory and may include non-volatile memory such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state memory devices. Access to the memory by the processor and other components can be controlled by the memory controller. Here, the program, when executed by the processor, may include information coded to perform the functions of the control system 100 according to an embodiment of the present invention.

Meanwhile, the application control method according to the embodiment of the present invention can be implemented in the form of program instructions readable by a computer and stored in a computer-readable recording medium. The control program and the target program according to the embodiment of the present invention And can be stored in a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.

Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of software.

Examples of the computer-readable recording medium include magnetic media such as a hard disk, a floppy disk and a magnetic tape, optical media such as CD-ROM and DVD, a floptical disk, And hardware devices that are specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like. The above-mentioned medium may also be a transmission medium such as a light or metal wire, wave guide, etc., including a carrier wave for transmitting a signal designating a program command, a data structure and the like. The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner.

Examples of program instructions include machine language code such as those produced by a compiler, as well as devices for processing information electronically using an interpreter or the like, for example, a high-level language code that can be executed by a computer.

The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

It is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. .

Claims

Executing a predetermined application in the data processing apparatus;
Determining whether to stop the application in which the control system running in the data processing apparatus is executed;
Stopping the application based on a result of the determination;
Determining whether an authentication action is to be performed by the control system to continue execution of the application; And
And when the determination result indicates that the authentication action has been performed, the control system releases the execution of the application.

2. The method according to claim 1, wherein the step of determining whether the control system is to stop an application running in the data processing apparatus comprises:
Confirming the highest priority task of the running task list held in the data processing apparatus by the control system;
And determining, by the control system, that the application is to be stopped if the application is the highest priority task and the application is a preset target application.

3. The method according to claim 2,
Further comprising the step of the control system setting a target application to be controlled,
Wherein the target application is an application that is installed in the data processing apparatus and is different from a control application corresponding to the control system.

2. The method of claim 1, wherein the step of causing the control system to suspend the application comprises:
And causing the control system to execute a predefined stopping process in the data processing apparatus in priority order than the application, in order to stop the application.

5. The method of claim 4,
Wherein the predetermined control display is loaded at the top of the display device provided in the data processing apparatus.

6. The apparatus of claim 5,
Wherein the display is a display having transparent properties.

2. The method of claim 1, wherein the step of determining whether an authentication action is performed by the control system to continue execution of the application comprises:
And determining whether the short range wireless communication apparatus and the data processing apparatus, which are set to correspond to the application, perform short range wireless communication.

8. The method according to claim 7,
Further comprising the step of the control system setting up a master short range wireless communication apparatus to be associated with the control system,
Wherein the master short-
And a short range wireless communication device corresponding to at least one application including the application set as a target application by the control system.

8. The method according to claim 7,
The control system being configured to set the application as a target application to be controlled by the control system; And
Further comprising setting a short range wireless communication device corresponding to the application set as the target application,
Wherein the short range wireless communication apparatus corresponding to the application comprises:
Wherein the control unit can be a device different from the second short range wireless communication apparatus corresponding to another application set as the target application by the control system.

2. The method of claim 1, wherein the step of determining whether an authentication action is performed by the control system to continue execution of the application comprises:
Wherein the control system determines whether authentication information input from a user corresponds to a dynamic password,
Wherein the dynamic password includes a dynamic part specified based on usage history information that is changed according to a use history of the data processing apparatus.

Confirming a priority operation of a running work list held in the data processing apparatus by a control system running in the data processing apparatus;
Loading the control display into the top display of the data processing apparatus when the control system is in a state in which the priority task is a preset target application;
Determining whether an authentication action is to be performed by the control system to continue execution of the application; And
And when the determination result indicates that the authentication action has been performed, the control system unloads the control display.

A computer-readable recording medium recording a program for performing the method according to any one of claims 1 to 11.

A control system that is executed in a data processing apparatus,
A determination module for determining whether to stop the executed application when a predetermined application is executed in the data processing apparatus;
A control module for stopping the application based on a determination result of the determination module; And
And an authentication module for determining whether an authentication action to continue execution of the stopped application is performed,
And the control module releases the execution of the application if it is determined by the authentication module that the authentication action has been performed.

14. The method of claim 13,
Confirms the highest priority task of the running task list held in the data processing apparatus, and judges that the application is the application to stop if the application is the highest priority task and the application is a preset target application.

14. The control system according to claim 13,
Further comprising a setting module for setting a target application to be controlled by the control system,
Wherein the target application, which is set by the setting module,
The control application being different from a control application corresponding to the control system installed in the data processing apparatus.

14. The control module according to claim 13,
And a predetermined stop process that is set in advance is executed in the data processing apparatus in order of priority to stop the application.

17. The method of claim 16,
Wherein the predetermined control display is loaded at the top of the display device provided in the data processing apparatus.

14. The authentication system according to claim 13,
And a short-range wireless communication device set to correspond to the application and the data processing device determine whether short-range wireless communication is to be performed.

19. The control system according to claim 18,
Further comprising a setting module configured to set a master short-range wireless communication apparatus to be compatible with the control system,
The master short-range wireless communication apparatus set by the setting module,
And a short range wireless communication device corresponding to at least one application including the application, which is set by the control system as a target application.

19. The control system according to claim 18,
Further comprising a setting module that sets the application as a target application to be controlled by the control system and sets a short range wireless communication device corresponding to the application set as a target application,
The short range wireless communication apparatus corresponding to the application set by the setting module,
Wherein the control unit can be a device different from the second short range wireless communication apparatus corresponding to another application set as the target application by the control system.

14. The authentication system according to claim 13,
Determining whether authentication information input from a user corresponds to a dynamic password in a state where the application is stopped,
Wherein the dynamic password includes a dynamic part specified based on usage history information that is changed according to a usage history of the data processing apparatus.

A determination module for confirming a top priority operation of a running work list held in the data processing apparatus;
A control module for loading a preset control display into the top display of the data processing apparatus when the priority task identified by the determination module is a preset target application; And
And an authentication module for, when the application is stopped, determining whether an authentication action for continuing execution of the application is performed,
The control module includes:
And to unload the control display if it is determined by the authentication module that the authentication action has been performed.