JP2006279321A - Security software for mobile terminal and security communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication system which prevents the leakage of data stored in the interior of a lost mobile terminal and confirms the validation of the data not being revealed, and also to provide a communication system with which only a terminal specified by a certain company access the intra network of the company. <P>SOLUTION: The communication system includes a terminal, a data communication device connected to the terminal, and a server which provides security service. The software is installed in the terminal. When the operation of the terminal is initiated, a step of transmitting terminal unique information to the server, and a step of receiving the directions about whether the operation of the terminal should be permitted by the terminal from the server, are executed by the terminal. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a mobile communication system, and in particular, protects data in a mobile terminal using a mobile communication service via a communication device such as a data communication card, and only a predetermined terminal accesses a predetermined network. The present invention relates to a security system that can be enabled, security software used for a mobile terminal in such a system, a mobile terminal in which the security software is installed, and a recording medium on which the security software is recorded.

  In recent years, with the rapid spread of the Internet, not only data transmission / reception with a personal computer connected to a network via a wired line but also data communication with a mobile terminal such as a notebook personal computer or PDA (Personal Data Assistants). By attaching a communication device such as a card, data distribution and data download from a data server to such a mobile terminal are also becoming popular. Security problems in such a communication system are roughly divided into problems on the network side and problems on the individual terminal side.

  One of the security problems on the network side is the risk of spoofing access, that is, it is possible to gain unauthorized access to the network by pretending to be the person by stealing the user ID and password of a legitimate user Exists. As a solution to this problem, for example, a system that prevents such unauthorized access by setting a password that can be used only once or using biometric authentication technology such as fingerprint authentication and vein authentication has been proposed. Already put into practical use.

  In addition, as a second security problem on the network side, the risk that a third party can gain unauthorized access to the company's intra-network by stealing the ID or password of an employee of a company. Exists. Intranets that can be accessed only with employee IDs and passwords can be accessed even when using communication devices such as mobile terminals and communication cards owned by third parties. As a result, the risk of leakage of internal data increases. As a solution to such a problem, for example, a technique has been proposed in which access between a communication card owned by a third party is prevented by performing authentication between the access point and the communication card.

  On the other hand, as one of the security problems on the terminal side, the terminal is used by a third party other than the authorized user of the terminal, and as a result, the data stored in the terminal leaks to the third party There is a risk. As a solution to this problem, biometric authentication techniques such as fingerprint authentication and vein authentication have been proposed.

  As a second security problem on the terminal side, there is a risk that the terminal is misplaced in a train or the terminal is stolen. This problem is unique to mobile terminals. A solution to this problem is to use a USB-compatible hardware key, for example, so that the terminal cannot be operated unless the key is inserted into the terminal. By doing so, a technology for preventing information leakage at the time of loss has been proposed.

  Recently, electronic money services using mobile terminals have become widespread, and the risk when a mobile terminal is lost is further increased. Regarding this problem, the solution of stopping the function of the terminal when it is lost and making it unusable is particularly effective. Some mobile phone terminals have such a function. Things have also been proposed. In the case of a mobile phone terminal, it is possible for a telecommunications carrier to sell the terminal in a state where software having a necessary function is incorporated, so that it is easy to flexibly deal with the above problems. Also, since the user normally uses the mobile phone terminal with the power turned on, it is relatively easy to take measures such as making the terminal unusable by controlling the terminal from the network side when it is lost.

The applicant has already proposed a device authentication system that can provide an appropriate service corresponding to each model by identifying the model of the terminal used by each user (see Patent Document 1). However, the device authentication system does not have a function that protects data in a terminal when a legitimate user loses the terminal and allows the user to confirm that the data is protected.
JP 2004-355562 A

  However, when performing authentication between an access point and a communication device such as a communication card as a solution to the second problem on the network side, the communication device is connected to a mobile terminal owned by an employee at home or the like. Since the intra-network can be accessed by inserting it, there arises a problem that confidential data in the company is taken into an unspecified number of terminals. Further, there may be a problem that in-house data is leaked by a third party who obtains a regular communication device, employee ID and password. Accordingly, in order to further enhance security, for example, to a company's intra-network from a terminal other than a pre-designated terminal, which is equipped with a predetermined communication device, such as a mobile terminal provided by a company to employees. It is desired to realize a communication system that can deny access.

  In addition, a communication service subscriber who uses the hardware key listed as the means for solving the second problem on the terminal side can carry the terminal with the key inserted, or the key and the terminal. Since the terminal and the communication device and the key are often lost at the same time or stolen at the same time, it is often the case. In such a case, since the key is still inserted, there is a very high possibility that the data stored in the terminal can be easily leaked by a third party who acquires the terminal. Furthermore, it is completely unknown to the legitimate user of the terminal whether or not the data inside the lost terminal is still protected. Therefore, it is possible to prevent data leakage when the terminal and communication device are lost together with a security tool such as a hardware key, and whether the user who lost the terminal leaked data in his / her terminal. There is a demand for realization of a communication system that can confirm whether or not.

  Further, as described above, a system that can stop the function when a terminal is lost can be realized relatively easily for a mobile phone terminal. In the case of (PC) etc., the situation is different. In other words, unlike a user of a mobile phone terminal, a notebook PC user turns off the PC when carrying it, or puts the PC in a hibernation state, and powers the PC only when it is used. Normally, the PC is turned on or the PC is in an operating state. Therefore, when the PC is lost, there is a high possibility that the power is turned off or in a hibernation state. In this case, the terminal cannot be controlled from the network side, and it is difficult to take effective measures. Accordingly, a communication system that can protect data in a terminal by stopping the function of the terminal when the mobile terminal is lost while the power is turned off or the operation is suspended. Realization of is demanded.

  The present invention can prevent leakage of data stored in a mobile terminal that communicates via a communication device such as a data communication card, and can confirm that data is not leaked. And a communication system in which only a terminal designated by a certain group (for example, a company) can access the intra-network of the group, software for use in a mobile terminal in such a communication system (computer And a mobile terminal used in such a communication system. According to the present invention, for example, a more comprehensive security service can be provided to a user of a terminal using a conventional communication service.

  The software of the present invention is used in a mobile communication system, and the mobile communication system includes a mobile terminal having an operating system (OS), a data communication device connected to the mobile terminal, and a communication line or the mobile terminal. A server connected via a communication network, and in the mobile terminal, the software is automatically started when the operation of the mobile terminal is started, and the mobile terminal can be operated via the OS. And (A) transmitting information related to the mobile terminal to the server; and (B) indicating whether the mobile terminal is a terminal whose operation should be stopped. Receiving from the server; and (C) if the instruction indicates that the mobile terminal is not a terminal to stop operation, Enabling the operation of the mobile terminal via the OS, and (D) if the instruction indicates that the mobile terminal is a terminal that should stop its operation. And performing a predetermined procedure for protecting the data of the mobile terminal.

  The software according to the present invention is characterized in that the steps (A) to (D) are completed before the operation of the mobile terminal via the OS becomes possible.

  In the software of the present invention, the instruction includes an instruction regarding which of at least two different types of data protection should be applied to the mobile terminal, and the step (D) includes (E1) the data protection. And (E2) transmitting a message indicating that login to the OS is disabled to the server when the level of the first level is the first level; E3) shutting down the mobile terminal.

  The software of the present invention includes an instruction regarding which of the at least two different types of data protection should be applied to the mobile terminal, and the step (D) includes (F1) the data protection. And (F2) a message indicating that erasure of information related to the data in the mobile terminal has started (F2) starting the erasure of information related to the data in the mobile terminal. Transmitting to the server, and (F3) completing the erasure of information related to data in the mobile terminal.

  In addition, the software of the present invention further includes a radio base station in which the mobile communication system is connected to the communication line or communication network and communicates with the terminal. G) obtaining position information regarding the mobile terminal from the data communication device; and (H) determining whether the mobile terminal is located within a service area of the mobile communication system based on the position information. And (I) the step of connecting to the server when the mobile terminal is located in the service area, further causing the mobile terminal to execute the step (A), (J) the mobile The method includes a step of transmitting the position information together with information related to a terminal to the server.

  The communication system further includes a radio base station that is connected to the communication line or communication network and communicates with the terminal. The software of the present invention includes (K) the data communication before step (A). (L) determining whether or not the mobile terminal is located in a service area of the mobile communication system based on the location information; and (M) acquiring (M) location information about the mobile terminal from a device; ) When the mobile terminal is located outside the service area, the mobile terminal subsequently moves into the service area, and when the mobile terminal starts communication via the data communication device for the first time, the connection to the server The step of performing is further executed by the mobile terminal.

  In the software of the present invention, the information related to the mobile terminal includes the user ID of the mobile terminal, the telephone number of the data communication device, the serial number of the mobile terminal, and the authorized user of the mobile terminal. It includes at least one code unique to the group.

  The software of the present invention is characterized in that the step (I) uses PPP (Point to Point Protocol).

  The software of the present invention further causes (N) the mobile terminal to execute a step of stopping the operation of the terminal when the data communication device is not connected to the mobile terminal.

  The mobile communication system of the present invention is connected to a mobile terminal in which the above-described software of the present invention is installed, a data communication device connected to the mobile terminal, and the mobile terminal via a communication line or a communication network. The server has a storage device for storing information related to the mobile terminal whose operation should be stopped, and (O) receiving information related to the mobile terminal from the mobile terminal; ) Determining whether the mobile terminal is a terminal whose operation should be stopped based on information received from the mobile terminal and information stored in the storage device; and (Q) based on the determination Software for causing the server to execute an instruction to transmit to the mobile terminal whether or not to stop the operation of the mobile terminal is installed in the server. Characterized in that it is.

  The mobile communication system according to the present invention is characterized in that the steps (O) to (Q) are completed before the operation of the mobile terminal via the OS becomes possible.

  The software of the present invention is used in a mobile communication system, and the mobile communication system communicates with a mobile terminal having an operating system (OS), a data communication device connected to the mobile terminal, and the mobile terminal. A server connected via a line or a communication network, and an intra network of a group to which a legitimate user of the mobile terminal belongs, and automatically starts when the mobile terminal starts operating in the mobile terminal And (A) transmitting the information related to the mobile terminal to the server, and (B) the mobile terminal that operates before the operation of the mobile terminal via the OS becomes possible. A step of receiving an instruction from the server as to whether or not the terminal is a terminal that should be allowed to access the intra-network. And (C) receiving the intra network access number from the server when the instruction indicates that the mobile terminal is a terminal that should be allowed to access the intra network. Let it run.

  The software according to the present invention is characterized in that the steps (A) to (C) are completed before the operation of the mobile terminal via the OS becomes possible.

  In the software of the present invention, the information related to the mobile terminal may include at least one of a user ID of the mobile terminal, a telephone number of the data communication device, a serial number of the mobile terminal, and a code unique to the group. It is characterized by including one.

  The software of the present invention is characterized in that, before the step (A), the mobile terminal further executes a step of (D) connecting to the server using PPP.

The software of the present invention further causes the mobile terminal to further execute (D) a step of stopping the operation of the mobile terminal when the data communication device is not connected to the mobile terminal.
The mobile communication system of the present invention is connected to a mobile terminal in which the above-described software of the present invention is installed, a data communication device connected to the mobile terminal, and the mobile terminal via a communication line or a communication network. And a server that stores information related to the mobile terminal that should be allowed to access the intra-network, and an intra-network of a group to which a legitimate user of the mobile terminal belongs, (E) receiving information related to the mobile terminal from the mobile terminal; and (F) based on the information received from the mobile terminal and information stored in the storage device, the mobile terminal transmits to the intra network. (G) based on the determination, the mobile end There wherein the software to execute a step of transmitting an indication of whether the terminal should be allowed access to the intra-network to the mobile terminal to the server is installed on the server.

  The mobile communication system of the present invention is characterized in that the steps (E) to (G) are completed before the operation of the mobile terminal via the OS becomes possible.

  The present invention also provides a mobile terminal in which the above-described software of the present invention is installed, and a recording medium on which the software of the present invention is recorded.

  According to the present invention, it is possible to construct a mobile communication system equipped with a strong security measure with a simple configuration by arranging a server for terminal security authentication and installing necessary software in the terminal. According to the present invention, it is possible to prevent leakage of data stored inside a lost mobile terminal and to confirm that data is not leaked. In addition, it is possible to construct a communication system in which only a terminal designated by a certain group (for example, a certain company) can access the intra-network of the group, for example, from a terminal other than the terminal that the company has provided to the employee. Access can be prevented.

  Hereinafter, embodiments of the mobile communication security system according to the present invention will be described in detail with reference to the drawings.

  A schematic diagram of one embodiment of the mobile communication security system of the present invention is shown in FIG. The system shown in FIG. 1 is particularly shown as a PHS data communication system, and includes a mobile terminal 101 such as a notebook PC, a PHS card (communication device) 102, and a server for providing security services (hereinafter referred to as “security server”). ”103, a wireless base station 104, a dedicated line, a communication line such as the Internet or a communication network 105, and an NAS (Network Access Server) or LNS (L2TP Network Server) 106. The PHS card 102 is a card-type communication device compatible with a PHS system having a data communication function, and has a function of dial-up connection to an access point. A slot for inserting the PHS card 102 is formed in a part of the mobile terminal 101, and electrical connection is possible by inserting the PHS card 102 into this slot. The system of FIG. 1 operates as a security system that protects data inside the mobile terminal 101 connected to the PHS card 102 of the user of the terminal 101 when the mobile terminal 101 is lost. The security server 103 includes a database that stores information on individual PHS cards and mobile terminals used in connection with the PHS card, for example, information on terminals whose functions should be stopped. The NAS / LNS 106 is a server that accesses a network such as the Internet in response to a request from the mobile terminal 1, and performs routing to an appropriate server in accordance with a request from the mobile terminal 101. The NAS / LNS 106 and the mobile terminal 101 are connected by PPP (Point to Point Protocol). PPP is one method of connecting a terminal to a network by dial-up connection to the Internet using a communication line such as a telephone, that is, a physical layer / data link layer for communication using a serial line. Unlike SLIP, PPP has the feature that it can simultaneously support TCP / IP, IPX, and other protocols. In addition, the protocol is rich in flexibility such as reconnection according to the link state (modem and line state being used), automatic negotiation of IP addresses used at both ends, an authentication function and a compression function. The mobile terminal 101 is installed with software (a program related to the operation of the computer) (hereinafter referred to as “security software”) corresponding to the security system of the present invention, which has the functions described below. Or the recording medium which recorded the security software of this invention may be stored in the mobile terminal 101, or may be connected. The mobile terminal 101 communicates with the security server 103 via the base station 104, the network 105, and the NAS / LNS 106, for example.

  The PHS card 102 may function as a hardware key for the mobile terminal 101. Also, the security software corresponding to the security system of the present invention installed in advance on the mobile terminal 101 checks whether or not the PHS card 102 is attached to the mobile terminal 101, and only when the mobile terminal 101 is attached You may have a function which permits operation | movement. In order to further improve safety, the security software installed in the mobile terminal 101 may have a function that allows only the person who has the administrator authority of the mobile terminal 101 to uninstall or change the setting. Good.

  When the PHS card 102 is inserted, the operation is started by a person who intends to operate the mobile terminal 101. Here, the “start of operation” of the mobile terminal 101 is not only the case where the operation is started by turning on the power of the mobile terminal 101, but also, for example, the operation of the mobile terminal 101 that has been previously set in a sleep state When the mobile terminal 101 is a notebook PC and the case lid is closed and the operation is resumed when the case lid is opened. May also be included.

  As a premise for explaining the operation of the security system of the embodiment of FIG. 1, the user of the mobile terminal 101 has subscribed to the PHS data communication service and has subscribed to the security service using the security system of the present invention. Assume that When the user of the mobile terminal 101 loses the mobile terminal 101 with the PHS card 102 inserted, the user notifies the business provider that provides the security service to that effect. Here, the security service provider may be a PHS data communication service provider to which the user of the mobile terminal 101 subscribes, or may be a separate provider. The service provider may prepare a plurality of options for the data protection level so that the subscriber can select the level of data protection to be applied to the mobile terminal 101 at the time of the declaration by the subscriber. For example, if the situation when the mobile terminal 101 is lost is not relatively serious, such as when the bag containing the mobile terminal 101 is left in the train, the subscriber can completely erase the data stored in the mobile terminal 101. (Or deletion of information about data in the terminal such as deletion of headers and deletion of directories) is not desired, and it is considered that it is merely desired to prevent the operation of the mobile terminal 101 by a third party. When the subscriber selects such a protection level (hereinafter referred to as “protection level 1”), the service provider confirms that the person who made the declaration is the subscriber himself / herself, for example, inside the security server 103 In this database, the mobile terminal 101 is registered as a terminal to which the protection level 1 should be applied. For example, information such as the telephone number of the PHS card 102, the subscriber ID, and the serial number of the mobile terminal 1 that the service provider has obtained and managed from the subscriber in advance is registered in the database of the security server 103 in advance. Used to identify the lost mobile terminal 101. Such information may be obtained from the subscriber at the time of the above declaration. When the subscriber is one company and the user of the mobile terminal 101 is an employee of the company, the above information is set in advance for the ID used by the employee in the company or the company. The company code may be included. Also, the subscriber may be able to select which information to register among the information as described above.

  On the other hand, when the situation when the mobile terminal 101 is lost is more serious, such as when it is clear that the mobile terminal 101 has been stolen, the subscriber deletes information related to data stored in the hard disk of the mobile terminal 101. It is considered that a higher level of protection is desired (for example, erasure of headers, erasure of directories, etc.) and erasure of data itself. When the subscriber selects such a protection level (hereinafter referred to as “protection level 2”), the service provider confirms that the reporting person is the subscriber himself / herself, In the database, the mobile terminal 101 is registered as a terminal to which the protection level 102 should be applied. Registration in the database is performed in the same manner as in the case of the protection level 1 described above.

  The security software of the present invention is installed in advance on the mobile terminal 101 of the security service subscriber. Alternatively, a recording medium in which security software is recorded may be incorporated into the mobile terminal 101 or inserted into the mobile terminal 101. The subscriber can activate the security software in advance and perform initial settings on a setting screen 201 as shown in FIG. 2, for example. In the example of FIG. 2, the subscriber has three types of selections: (1) whether to activate the terminal only when the PHS card is inserted, or (2) a PHS card having a pre-registered telephone number is inserted. It is possible to select whether to activate the terminal only in the case, or (3) whether to allow the activation of the terminal only in the PHS service area. In FIG. 2, “Yes” is selected for (1), “No” is selected for (2), and “No” is selected for (3).

  FIG. 3 shows a sequence diagram corresponding to the system of the present invention shown in FIG. 1 when a legitimate user operates the mobile terminal 101. When the operation of the mobile terminal 101 is started, the security software of the present invention is automatically started. The security software instructs the terminal 101 to issue an AT command to the PHS card 102 (301). The PHS card 102 that has received the AT command returns the location information acquired from the neighboring radio base station 104 to the terminal (302), and the security software acquires this location information. The security software can determine whether the terminal is located in the PHS area or outside the area from the position information. Also, the PHS card returns the phone number along with the location information to the terminal (302), and the security software acquires it.

  In the initial setting of FIG. 2, the terminal is not set to be activated only within the PHS area, and activation outside the PHS area is permitted. When the security software is determined to be located in the mobile terminal 101, for example, the security software displays a login (logon) screen of the operating system (OS) on the display of the mobile terminal 101, and the user operates the mobile terminal 101 on the OS. (303). On the other hand, when it is determined that the terminal is activated only in the PHS area and the mobile terminal 101 is determined to be located outside the area from the position information, the security software, for example, Stop the operation of the terminal by forcibly shutting down.

  In the initial setting of FIG. 2, when it is determined that the terminal is activated only in the PHS area and it is determined from the position information that the mobile terminal 101 is located in the area, the security software In order to connect to the security server 103, a Configure-Request is transmitted to the NAS / LNS 106 to perform connection setting (304), and further, user authentication is performed with the NAS / LNS by CHAP or PAP (305).

  The security software further accesses the security server 103 via the NAS / LNS, and relates to the mobile terminal 101 such as the user (subscriber) ID, the serial number of the mobile terminal 101, and the ID of the security software installed in the terminal 101. The unique information is transmitted to the security server and notified (306). Hereinafter, communication from the security software to the security server is referred to as “activation”. In the initial setting of FIG. 2, when the PHS card telephone number is set to be notified to the security server, for example, instead of the terminal serial number, the PHS card telephone obtained in step 302 of FIG. 3 is used. Send the number. The security server 103 searches its own database, checks whether or not the mobile terminal 101 is registered as a terminal whose function should be stopped, and determines whether or not the person who intends to operate the terminal is a legitimate user. Determine (307). As described above, since a case of a legitimate user is considered here, a response message permitting the operation of the terminal is returned (308). In response to this, the security software displays a login (logon) screen of the operating system of the terminal on the terminal display, for example, and allows the user to operate the terminal via the OS (309). Furthermore, a log of all operations performed on the mobile terminal 101 (communication with the PHS card 102, NAS / LNS 106, security server 103, login of the terminal OS, operation of data in the terminal, etc.) is recorded. It is also possible to provide the security software with a function to be stored, or to encrypt data in the terminal in advance.

  In addition, in the initial setting of FIG. 2, activation outside the PHS area is also permitted, and when it is determined that the mobile terminal 101 is located outside the area, the third party operating the mobile terminal 101 Moving in, it may be possible for a third party to communicate using a PHS card. In order to deal with this problem, for example, the software of the present invention holds information about the number of times communication has been performed via the PHS card since the terminal started operation until now. Can be configured. The software of the present invention can be further configured to always perform the activation to the security server as shown in FIG. 3 and receive the security server authentication determination (307) when communication is performed for the first time. Thereby, communication via a PHS card by a third party can be prevented.

  FIG. 4 shows a sequence diagram corresponding to the system of the present invention of FIG. 1 when protection level 1 is applied to the lost mobile terminal 101. The security service provider that has received the report from the subscriber gives an instruction to set the level 1 to the security server (410), and in the database in the security server, known information (user ( The mobile terminal 101 is registered as an object to which protection level 1 is applied using the ID of the subscriber), the serial number of the mobile terminal 101, the ID of the security software installed in the terminal 101, and the like. The security server returns a notification that the setting is completed to the service provider (411).

  When a third party who has acquired the terminal 101 tries to resume the operation of the mobile terminal 101, the software of the present invention is activated, and steps 401 and 402 similar to steps 301 and 302 in FIG. 3 are performed. In the initial setting of FIG. 2, the terminal is not set to be activated only within the PHS area, and activation outside the PHS area is permitted. When the security software is determined to be located at the location, the security software displays, for example, an OS login (logon) screen on the display of the mobile terminal 101 (403). Here, when a third party knows the ID or password of a legitimate user, an operation by the third party becomes possible. Regarding this problem, for example, all operations performed by the mobile terminal 101 (communication with the PHS card 102, NAS / LNS 106, security server 103, etc., login to the OS of the terminal, operation of data in the terminal, etc.) This can be dealt with by providing the security software with a function for recording a log or by encrypting data in the terminal in advance.

  When it is determined that the terminal is activated only in the PHS area and it is determined from the location information that the mobile terminal 101 is located in the area, the security software sends a Configure-Request to the NAS / LNS 106. To establish connection (404), and further perform user authentication with NAS / LNS by CHAP or PAP (405).

  The security software further activates the security server 103 via the NAS / LNS as in the case of FIG. 3 (406). The security server 103 searches its own database, confirms that the mobile terminal 101 is registered as a terminal whose function should be stopped, and determines that the person trying to operate the terminal is not a legitimate user (407). Then, a response message indicating that the protection level 1 work should be performed is returned (408). In response to this, the security software performs operations designated in advance as corresponding to the protection level 1 such as deletion or change of the login password of the OS of the mobile terminal 101 to prevent a third party from using the terminal ( 409). If the subscriber has not set a password in advance, the security software sets the password that is created and sent to the terminal by the security server as a password for use of the terminal. It is also possible to prevent this operation. Furthermore, the security software performs activation for notifying that the work is completed and the data in the terminal is protected to the security server (412). After storing the content of the message in its own storage device, the security server indicates that the level 1 operation has been completed (in this case, the password is deleted, changed, newly set in the mobile terminal 101, etc. To the security service provider) (413). Finally, the security software shuts down the terminal (414).

  The subscriber (regular user) can check the status of the lost terminal by making an inquiry to the service provider. Also, the service provider can disclose information on the current status of such a lost terminal to the subscriber on a website established by the service provider. In addition to the above-described measures, it is possible to set in advance in the security server so that various appropriate measures can be taken at the protection level 1, which will be apparent to those skilled in the art. Further, since it is assumed that the terminal will be discovered at a protection level 1, it is effective to prepare dedicated software or the like for restoring the operation of the terminal.

  FIG. 5 shows a sequence diagram corresponding to the system of the present invention of FIG. 1 when the protection level 2 is applied to the lost mobile terminal 101. The specific operation is the same as in FIG. 4, but since protection level 2 requires a higher level of protection for data in the terminal, for example, recovery of data stored in the hard disk of the terminal It is possible to delete information related to the data (for example, deletion of a header or deletion of a directory). In FIG. 5, a program for erasing information related to data in the mobile terminal 101 is started in step 509, notification to that effect is made in step 512, and deletion of information related to data is completed by the program in step 514. . In the case of FIG. 5 as well, it is possible to give the security software a function of recording a log of all operations performed in the mobile terminal 101, or to encrypt data in the terminal in advance. is there.

  3, 4 and 5, the security software instructs the PHS card 102 not to turn on the lamp indicating that the card is in communication during the operation of the PHS card 102 such as when performing activation. It may be configured. In this way, the software of the present invention can perform a predetermined procedure without being noticed by a third party.

  As the protection levels that can be selected by the subscriber who has lost the mobile terminal 101, two levels are shown here. However, these are only examples, and it is possible to prepare more selectable protection levels. It is. It is also possible to change the protection level at the request of the subscriber. For example, even if a subscriber originally selected protection level 1, if a lost terminal is not found at all, the data is changed to protection level 2 to prevent leakage of data in the terminal. It may be desired to delete information about the. When receiving a request for level change from the subscriber, the service provider updates the database of the security server 103 of the present invention and designates the protection level 2 as the level to be applied to the mobile terminal 101. After this, if a third party starts the operation of the mobile terminal 101, the security software accesses the security server 103 again, so that the security server 3 should newly apply the protection level 2 to the mobile terminal 101. Instructions can be sent.

  Further, regardless of the protection level selected, in the security system of the present invention in FIG. 1, the location information of the terminal in steps 406 and 412 in FIG. 4, steps 506 and 512 in FIG. Can be configured to be sent to the security server. The security server can store the received location information as one piece of information regarding the lost terminal.

  In addition, after the security service subscriber cancels the service, if the subscriber fails to uninstall the security software of the present invention, the installed security software is activated every time the subscriber operates the terminal, There may be a problem of trying to access the security server. In order to deal with such a problem, the security server 103 can be configured to have information about the terminal of the former subscriber who canceled the service, or information about the terminal of the subscriber who is currently subscribed to the service, For example, in step 307 of FIG. 3, it can be configured to determine whether the terminal belongs to a subscriber who subscribes to the service and notify the result in step 308. If it is determined that the terminal belongs to a former subscriber whose service has already been canceled, an instruction for setting the security software so that access to the security server 103 will not be performed at the time of notification in step 308 Can also be sent.

  A flowchart of an embodiment of the security software of the present invention is shown in FIG. FIG. 6 corresponds to FIGS. 2 to 5 described above. The specific operation is as already described with reference to FIGS. When the login screen is displayed in steps 608 and 612 and the terminal is used and then shut down or hibernate (613), the security software is started again when the operation of the terminal is started again (601). .

  A schematic diagram of another embodiment of the mobile communication security system of the present invention is shown in FIG. 7 includes a mobile terminal 701, a PHS card (communication device) 702, a security server 703, a PHS base station 704, a communication line such as a dedicated line or a communication network 705 such as the Internet, and a NAS / LNS 706. And the intra-network 707 of the company 708 using the communication service via the PHS card 702, and the security server 703 is arranged in the company 708. The system shown in FIG. 7 operates as a security system for protecting the data inside the mobile terminal 701 connected to the PHS card 702 when lost, and is also supplied to the mobile terminal 701 designated by the company 708 (for example, to employees). The personal computer) is allowed to access the intra-network 707 and operates as a security system that denies access from other terminals. As in the case of FIG. 1, the mobile terminal 701 in the system of FIG. 7 is not limited to a notebook PC. The mobile terminal 701 is installed with the security software of the present invention. The security server 703 includes a database that stores information related to individual terminals, for example, information related to mobile terminals provided by companies to employees. The mobile terminal 701 communicates with the security server 703 or the intra network 707 via the base station 704, the communication line / communication network 705, and the NAS / LNS 706.

  FIG. 8 shows a sequence diagram corresponding to the system of FIG. Also in the system of FIG. 7, when the mobile terminal 701 is lost, it is possible to take various protection measures similar to those of the system of FIG. When the administrator of the security server 703 in the company 708 reports that the mobile terminal 701 has been lost from an employee, the administrator confirms that the person who made the declaration is the employee himself / herself. After that, information related to the lost terminal such as the telephone number of the PHS card 702, the login ID of the employee who used the terminal, the serial ID of the terminal, the company code of the company 708, the ID of the security software, etc. Is registered in the database of the security server 703, and this terminal is designated as a target to be subjected to predetermined protective measures. Thereby, the system of FIG. 7 functions similarly to the system of FIG.

  Furthermore, the system of FIG. 7 can also deny access to the intra network 707 from terminals other than a specific terminal designated in advance by the company. For example, the security software installed in the mobile terminal 701 is configured to hold in advance information such as the login ID and company code of the employee who uses the terminal, and the telephone number of the PHS card 702 and the terminal are used. Information related to the terminal, such as the login ID of the employee to the intra network 707, the serial number of the terminal, the company code of the company 708, and the ID of the security software, is registered in advance in the database of the security server 703. When an employee who is an authorized user of the mobile terminal 701 operates the terminal 701, the security software of the present invention is activated. The security software obtains the telephone number and location information of the card from the PHS card 702 (802) and also obtains the serial number of the terminal 701, and this information and the login ID, company code, software of the employee already held. The predetermined information is transmitted to the security server 703 (806). The security server 703 can know from the information registered in its own database that the accessed terminal is authentic (807), and permits the access of the terminal to the intra network 707 (808). ). In response, the security software allows the user to connect to the intra network, for example by displaying a login screen on the display of the mobile terminal 701 (809). This system can prevent a third party who obtains the login ID and password of the employee from accessing the intra network 707 from a terminal owned by the third party.

  Furthermore, the system of FIG. 7 can also operate to deny access to the intra network 707 of the company 708 from terminals that do not have the security software of the present invention installed. For example, if the security software is set to hold the access number of the company 708 in advance, the terminal in which the security software is installed can connect to the intra network 707 of the company. However, in this case, even a third party using a terminal in which no security software is installed may be able to connect to the intra network as long as the access number of the company 708 is available. In order to solve this problem, for example, the security software installed in the mobile terminal 701 is set so as to hold in advance information such as the login ID and company code of the employee who uses the terminal, and the telephone number of the PHS card 702 The information related to the terminal such as the login ID of the employee who used the terminal to the intra network 707, the serial number of the terminal, the company code of the company 708, and the ID of the security software is registered in the database of the security server 703 in advance. Keep it. When an employee who is a legitimate user of the mobile terminal 701 operates the terminal 701, the security software acquires the telephone number of the card from the PHS card 702 (802) and also acquires the serial number of the terminal 701. And the login ID, company code, software ID, etc. of the employee already held are transmitted to the security server 703 (806). The security server 703 can know from the information registered in its own database that the accessing terminal is legitimate (807), and notifies the terminal that the terminal is legitimate. (808). In response to this, the security software displays a login screen on the display of the terminal, for example (809). In addition, at step 808, the access number of the company 708 may be notified to the terminal. In this case, the mobile terminal 701 can connect to the intra network 707 by using the access number notified from the server 703. If the company 708 keeps the employee's access number confidential without notifying the employee, the third party who obtains the employee's login ID and password from the terminal owned by the company to the intra network 707 has the above configuration. Access can be prevented.

  In addition, in the initial setting as shown in FIG. 2, activation outside the PHS area is permitted, and when it is determined that the mobile terminal 701 is located outside the area, the third party who has operated the mobile terminal 701 If the user moves into the PHS area in this state, a third party may be able to connect to the intra network 707. In order to deal with this problem, for example, the software of the present invention holds information about the number of times communication has been performed via the PHS card since the terminal started operation until now. Can be configured. Further, when communication is attempted for the first time, it can be configured to activate the security server as shown in FIG. 8 and receive the authentication determination of the security server. Thereby, the connection to the intra network by a third party can be prevented.

  A schematic diagram of another embodiment of the mobile communication security system of the present invention is shown in FIG. 9 includes a mobile terminal 901, a PHS card (communication device) 902, a security server 903, a base station 904, a communication network 905 such as the Internet, a NAS / LNS 906, and a PHS card 902. The network 907 includes an intra network 907 of a company 908 that uses a communication service. The security server 903 and the NAS / LNS 906 are arranged outside the company 908 and managed by, for example, an application service provider (ASP) 909 that provides a security service. Yes. The NAS / LNS 906 and the security server 903 may be managed by an operator of the PHS data communication service. The system of FIG. 9 operates as a security system for protecting data inside the mobile terminal 901, and allows the company 908 to access the intra-network 907 only to the mobile terminal 901 designated in advance. It also operates as a security system that permits only the mobile terminal 901 in which the security software of the present invention is installed to access the intra-network 907 of the company 908. The mobile terminal 901 communicates with the security server 903 via the network 905 and the NAS / LNS 906, and communicates with the intra network 907 via the network 905.

  The system of FIG. 9 can operate in the same manner as the system of FIG. 7 except that the ASP manages the security server 903. Accordingly, when the mobile terminal 901 is lost, various protection measures similar to those in the system of FIG. 1 are taken, access to the intra network 907 from a terminal other than a specific terminal designated in advance by the company, or security software It is possible to deny access to the intra network 907 of the company 908 from a terminal in which is not installed.

  As described above, the security system and the security software of the present invention can protect the data inside the terminal when the mobile terminal is lost, and can prevent unauthorized access to the subscriber's network from a third party. In addition to this, it is considered that a more complete security system can be constructed by taking protective measures such as encrypting data in the terminal.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings, but the specific configuration is not limited to these embodiments, and includes design changes and the like within a scope not departing from the gist of the present invention. It is. For example, in the present specification, the system of each embodiment is described as a PHS data communication system, but the present invention is not limited to various other systems such as a mobile phone, a simple mobile phone, or a system using a PDA as the mobile terminal 1. The present invention can also be applied to various communication systems. In addition, if the communication card can be connected and has a function capable of connecting to a network, the security software of the present invention can be installed to provide a system that provides communication services to other electronic devices. However, the present invention can be applied.

It is the schematic which shows one Example of the mobile communication security system of this invention. It is a figure which shows an example of the initial setting screen of the security software of this invention. FIG. 2 is a sequence diagram corresponding to the system of FIG. 1 when a legitimate user operates a mobile terminal 101. FIG. 2 is a sequence diagram corresponding to the system of FIG. 1 when protection level 1 is applied to a lost mobile terminal 101. FIG. 2 is a sequence diagram corresponding to the system of FIG. 1 when protection level 2 is applied to a lost mobile terminal 101. It is a figure of the flowchart of one Example of the security software of this invention. It is the schematic which shows another Example of the mobile communication security system of this invention. It is a sequence diagram corresponding to the system of FIG. It is the schematic which shows another Example of the mobile communication security system of this invention.

Claims (21)

Software used in a mobile communication system, the communication system comprising: a mobile terminal having an operating system (OS); a data communication device connected to the mobile terminal; and the mobile terminal and a communication line or communication network In the mobile terminal, the software is automatically started when the operation of the mobile terminal is started, and the mobile terminal can be operated via the OS. Is something that works before
(A) transmitting information related to the mobile terminal to the server;
(B) receiving an instruction from the server as to whether the mobile terminal is a terminal whose operation should be stopped;
(C) if the instruction indicates that the mobile terminal is not a terminal whose operation should be stopped, allowing the operation of the mobile terminal to continue and enabling the operation of the mobile terminal via the OS;
(D) software that causes the mobile terminal to execute a predetermined procedure for protecting data in the mobile terminal when the instruction indicates that the mobile terminal is a terminal whose operation should be stopped .   The software according to claim 1, wherein the steps (A) to (D) are completed before the operation of the mobile terminal via the OS becomes possible. The instruction includes an instruction regarding which of at least two different types of data protection should be applied to the mobile terminal, and the step (D) includes:
(E1) disabling login to the OS when the level of data protection is the first level;
(E2) transmitting a message indicating that login to the OS is disabled to the server;
(E3) The software according to claim 1, further comprising a step of shutting down the mobile terminal. The instruction includes an instruction regarding which of at least two different types of data protection should be applied to the mobile terminal, and the step (D) includes:
(F1) starting erasure of information regarding data in the mobile terminal when the level of data protection is the second level;
(F2) sending a message to the server indicating that erasure of information related to data in the mobile terminal has started;
(F3) The software according to claim 1 or 2, further comprising a step of erasing information related to data in the mobile terminal. The communication system further includes a radio base station that is connected to the communication line or a communication network and communicates with the terminal, and the software is, before the step (A),
(G) obtaining position information about the mobile terminal from the data communication device;
(H) determining whether the mobile terminal is located within a service area of the mobile communication system based on the location information;
(I) when the mobile terminal is located in a service area, causing the mobile terminal to further execute a step of connecting to the server, and the step (A) includes:
(J) The software according to any one of claims 1 to 4, comprising a step of transmitting the position information together with information related to the mobile terminal to the server. The communication system further includes a radio base station that is connected to the communication line or a communication network and communicates with the terminal, and the software is, before the step (A),
(K) obtaining location information regarding the mobile terminal from the data communication device;
(L) determining whether the mobile terminal is located in a service area of the mobile communication system based on the location information;
(M) When the mobile terminal is located outside the service area, when the mobile terminal subsequently moves into the service area and the mobile terminal starts communication via the data communication device for the first time, to the server The software according to claim 1, further causing the mobile terminal to execute a step of performing connection.   The mobile terminal information includes at least one of a user ID of the mobile terminal, a telephone number of the data communication device, a serial number of the mobile terminal, and a code unique to a group to which a legitimate user of the mobile terminal belongs. The software according to claim 1, comprising one.   The software according to claim 1, wherein the step (I) uses PPP. (N) The software according to any one of claims 1 to 8, further causing the mobile terminal to execute a step of stopping the operation of the terminal when the data communication device is not connected to the mobile terminal. . Software used in a mobile communication system, the mobile communication system comprising: a mobile terminal having an operating system (OS); a data communication device connected to the mobile terminal; and the mobile terminal and a communication line or communication network A server connected via a network and an intra-network of a group to which a legitimate user of the mobile terminal belongs, in which the software is automatically activated when the operation of the mobile terminal is started And operates before the mobile terminal can be operated via the OS,
(A) transmitting information related to the mobile terminal to the server;
(B) receiving an instruction from the server as to whether or not the mobile terminal is a terminal that should be allowed to access the intra-network;
(C) Software that causes the mobile terminal to execute a step of logging in to the intra network when the instruction indicates that the mobile terminal is a terminal that should be permitted to access the intra network. The access number of the intra network is received from the server together with the instruction when the mobile terminal is a terminal that should permit access to the intra network in the step (B). The software according to 10.   The software according to claim 10 or 11, wherein the steps (A) to (C) are completed before the operation of the mobile terminal via the OS becomes possible.   The information related to the mobile terminal includes at least one of an ID of the user of the mobile terminal, a telephone number of the data communication device, a serial number of the mobile terminal, and a code unique to the group. The software according to any one of the above. Before the step (A),
The software according to claim 10, further comprising: (D) causing the mobile terminal to further execute a step of connecting to the server using PPP. (E) The said mobile terminal is made to perform further the step which stops the operation | movement of the said mobile terminal, when the said apparatus for data communication is not connected to the said mobile terminal. software.   A mobile terminal in which the software according to any one of claims 1 to 15 is installed.   A recording medium on which the software according to any one of claims 1 to 15 is recorded. 10. A mobile terminal in which the software according to claim 1 is installed, a data communication device connected to the mobile terminal, and the mobile terminal connected via a communication line or a communication network. A mobile communication system including a server, the server having a storage device for storing information related to a mobile terminal whose operation should be stopped,
(O) receiving information related to the mobile terminal from the mobile terminal;
(P) determining whether the mobile terminal is a terminal whose operation should be stopped based on information received from the mobile terminal and information stored in the storage device;
(Q) Based on the determination, software for causing the server to execute an instruction to transmit to the mobile terminal whether or not to stop the operation of the mobile terminal is installed in the server. A mobile communication system.   The communication system according to claim 18, wherein the steps (O) to (Q) are completed before the operation of the mobile terminal via the OS becomes possible. A mobile terminal in which the software according to any one of claims 10 to 15 is installed, a data communication device connected to the mobile terminal, and the mobile terminal connected via a communication line or a communication network. A mobile communication system including a server and an intra network of a group to which a legitimate user of the mobile terminal belongs, wherein the server stores information related to the mobile terminal that should be allowed to access the intra network Have the equipment,
(F) receiving information related to the mobile terminal from the mobile terminal;
(G) determining whether the mobile terminal is a terminal that should be allowed to access the intra-network based on information received from the mobile terminal and information stored in the storage device;
(H) based on the determination, software for causing the server to execute an instruction to transmit to the mobile terminal an instruction as to whether or not the mobile terminal is a terminal that should be allowed to access the intranetwork. A mobile communication system, wherein the mobile communication system is installed in a server.   21. The communication system according to claim 20, wherein the steps (F) to (H) are completed before the mobile terminal can be operated through the OS.

Images