JP2008148048A - Information terminal and method and program for lock control - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information terminal which appropriately protects personal information and improves user convenience. <P>SOLUTION: The information terminal prestores passwords for lock set and restriction set in a secure storage part 20. When receiving an unlock password, the information terminal checks whether or not the lock password coincides with the unlock password (step S105). If they don't coincide with each other within N times (S107: NO) and then they coincide with each other (S105: YES), the information terminal receives a restriction-remove password (S114) and checks whether or not the restriction password coincides with the restriction-remove password (S115). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information terminal having a lock function, and more particularly to a technique for improving the security strength of the information terminal.

In recent years, information terminals such as mobile phones have exploded in popularity, and opportunities for theft and loss have increased, and protection of personal information stored in the mobile device has become a problem.
In view of the above problems, Patent Document 1 discloses a technique for protecting personal information even when an information terminal or the like is stolen or lost.
According to Patent Document 1, the mobile terminal includes a fingerprint sensor and stores fingerprint information of a legitimate user in advance, and when the fingerprint information read by the fingerprint sensor does not match the fingerprint information of the legitimate user stored in advance. The base station is notified of the result. Based on the results, various measures such as limiting the use of the corresponding portable terminal or contacting the owner via a wired telephone are possible.

However, when applying the technique disclosed in Patent Document 1, it is necessary to provide an expensive fingerprint sensor in the mobile terminal, and when the radio wave does not reach and communication is impossible, the above-described various measures can be taken. Absent.
As a simpler method, there is a method of using a password for the security lock.
In a state where the information terminal is locked, the information terminal prompts the input of a personal identification number when receiving a use request for the provided function. The user inputs the personal identification number, but if the regular personal identification number is not entered, the user cannot use the function of the information terminal.
JP 2004-304294 A

However, in the above-described authentication by inputting the personal identification number, it takes time to enter the personal identification number using the keypad provided in the information terminal. Even if it is limited to a certain amount of time, the possibility that the authentication is canceled is not low.
In view of the above-described problems, an object of the present invention is to provide an information terminal whose security strength is improved as compared with the prior art.

  In order to solve the above-described problem, an information terminal according to the present invention includes a failure detection unit that detects a predetermined number of authentication failures in the first authentication unit for unlocking, and a first unit that detects cancellation of the first authentication. 1 cancellation detecting means, and an enabling means for enabling the second authentication means when the predetermined number of authentication failures and the cancellation of the first authentication are detected.

  Since the information terminal according to the present invention has the above-described configuration, when the first authentication fails a predetermined number of times, the information terminal considers that the input is not made by the authorized user, and further performs the second authentication. It is possible to reduce the possibility that the function of the information terminal will be used by the regarded user as compared with the conventional case and improve the security strength.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
As shown in FIG. 1, a mobile phone 1 as an information terminal according to an embodiment of the present invention includes an audio input unit 11, an audio processing unit 12, an audio output unit 13, an antenna 14, and a radio unit 15. A GPS (Global Positioning System) antenna 16, a GPS processing unit 17, an operation receiving unit 18, a control unit 19, a secure storage unit 20, and a display unit 21.

  Specifically, the cellular phone 1 is a computer system including a microprocessor, a ROM, a RAM, a display unit, a keypad, a wireless communication unit, and an antenna. A computer program is stored in the RAM. The cellular phone 1 achieves its functions by the microprocessor operating according to the computer program.

The radio unit 15 receives a signal from a base station (not shown) by radio communication via the antenna 14, obtains a baseband signal by demodulating the received signal, and converts the baseband signal into an audio processing unit. 12 is output. The radio unit 15 modulates the baseband signal received from the audio processing unit 12 and transmits the modulated baseband signal to the base station via the antenna 14.
The audio output unit 13 is a speaker and outputs an audio signal to the outside of the mobile phone 1 as audio.

The sound input unit 11 is a microphone, converts input sound into a sound signal, and outputs the sound signal to the sound processing unit 12.
The audio processing unit 12 receives a baseband signal from the radio unit 15, converts the baseband signal into an audio signal, and outputs the audio signal to the audio output unit 13. The audio processing unit 12 receives an audio signal from the audio input unit 11, converts the audio signal into a baseband signal, and outputs the baseband signal to the radio unit 15.

The operation reception unit 18 has a keypad including keys necessary for making a call such as a numeric keypad for inputting a destination telephone number, an on-hook key, an off-hook key, etc. It is configured to include a control circuit that detects pressing and transmits an instruction corresponding to the pressed key to the control unit 19.
The GPS processing unit 17 receives radio waves from each of a plurality of GPS satellites (not shown) via the GPS antenna 16, and indicates the latitude, longitude, altitude, etc. of the location where the device is located based on the received radio waves. Position information, time information indicating time, and the like are generated.

The display unit 21 includes a liquid crystal display and a display generation unit. The display generation unit receives a display instruction from the control unit 19 and outputs a signal indicating a screen to be displayed according to the display instruction to the liquid crystal display. To do. The liquid crystal display performs screen display based on the received signal.
The secure storage unit 20 is a memory device that securely stores data. As shown in FIG. 2, for example, as shown in FIG. 2, address book information 201, mail information 202, menu information 203, emergency contact information 204, GPS information 205, Communication history information 206, lock setting password 207, restriction setting password 208, function restriction flag group 209, lock flag 210, fail flag 211, limit flag 212, and accounting information 213 are stored.

Further, it is assumed that the secure storage unit 20 stores a restriction release sequence described later.
The address book information 201 is data in which the user of the mobile phone 1 stores one or more contact names, telephone numbers, mail addresses, and the like designated as contact information in association with each other.
The mail information 202 is data indicating the contents of e-mails sent and received in the past.

The menu information 203 is image information for configuring a screen to be displayed, such as a menu, and is stored in advance.
The emergency contact information 204 is an emergency contact name, telephone number, mail address, or the like designated by the user.
The GPS information 205 is data included in a range not exceeding a predetermined number in order from the newly generated time information and position information generated by the GPS processing unit 17.

The communication history information 206 is information including a history of transmission / reception of data such as e-mails and calls.
The lock setting password 207 is information indicating a password for unlocking designated by the user. In the present embodiment, it is assumed that the number is a four-digit number.
The restriction setting password 208 is information indicating a password for canceling the function restriction designated by the user. In the present embodiment, it is assumed that it is a 10-digit number having more digits than the lock setting password 207.

The authentication with the restriction setting password 208 is harder to break than the authentication with the lock setting password 207, and the security strength is increased.
The function restriction flag group 209 includes a plurality of function flags, and each function flag indicates whether or not the function is in a restricted state. When the function flag has a value of 1, it indicates that the function cannot be used.

The function restriction flag group 209 includes, for example, a call flag 231, a mail flag 232, a WEB flag 233, a phone book flag 234, a camera flag 235, a ring tone flag 236, and a contact address flag 237.
The lock flag 210 is set to 1 when the lock setting state is set by the user, and is set to 0 when the lock setting password is successfully input.

The fail flag 211 is a counter that stores the number of times (for example, 5 times) the input of a valid lock setting password has failed.
The limit flag 212 has a value of 0 when there is no restriction on the functions that can be used, and a value of 1 is set when the function restriction state is entered.
The billing information 213 is data indicating the amount of money such as the amount indicated by the server when the paid content is downloaded and the approximate call charge calculated based on the call time.

The control unit 19 includes a microcomputer and its control software, and performs overall control of the mobile phone 1. The operation of the control unit 19 will be described later.
<Operation>
(Preparation process)
The owner of the mobile phone 1 selects a function for performing function restriction in advance and inputs it to the mobile phone 1.

Specifically, when the owner gives an instruction to start selecting a function for performing function restriction via the operation receiving unit 18, the control unit 19 receives a selection start instruction from the operation receiving unit 18.
For example, the control unit 19 causes the display unit 21 to display a function restriction selection panel 304 illustrated in FIG.
The owner selects the function restriction function from the call function, mail function, WEB browsing function, phone book display function, camera function, ring tone selection function, contact display function, etc., which the mobile phone 1 has. , Using the operation reception unit 18.

In response to the input, the operation receiving unit 18 notifies the control unit 19 of the function whose function should be restricted.
The control unit 19 sets the value of the function flag corresponding to the function restriction flag 209 to 1 in accordance with the notification designating the function restriction.
For example, the control unit 19 sets the value of the call flag 231 to 1 when receiving a notification that the function whose function should be restricted is a call function.

When the control unit 19 receives a notification that the function to be restricted is the mail transmission / reception function, the control unit 19 sets the value of the mail flag 232 to 1.
Similarly, when the function to be restricted is any one of the WEB browsing function, the telephone directory display function, the camera function, the ring tone selection function, and the contact display function, the WEB flag 233 corresponding to the function, the telephone Any one of the book flag 234, the camera flag 235, the ring tone flag 236, and the contact address flag 237 is set to 1.

Here, the function to be function-restricted is not necessarily set, and one or more functions or all functions may be set.
(Lock setting and release processing)
The lock setting and release process will be described with reference to FIG.
As described above, the owner sets a function restriction flag for the function he desires, and then presses a specific key or selects from a menu displayed on the display unit 21 via the operation reception unit 18. Instruct to shift to the locked state.

The operation receiving unit 18 outputs the input instruction to shift to the locked state to the control unit 19, and the control unit 19 receives the instruction to shift to the locked state (step S101).
The control unit 19 assigns 0 to the variable limit, assigns 1 to the variable lock, assigns 0 to the variable fail, and stores them in the secure storage unit 20 as limit 212, lock 210, and fail 211, respectively.

  Thereafter, even if not specifically described, when the value of the variable limit is changed, the limit 212 stored in the secure storage unit 20 is also overwritten with the changed value to achieve synchronization. Similarly to the case of the variable limit, when the values of the variable lock and the variable fail are changed, it is assumed that synchronization with the lock 210 and the fail 211 is performed. In the locked state, the mobile phone 1 only accepts the instruction to start the unlocking sequence and the input of the password, performs only the process according to the accepted input, and does not perform the mail transmission process and other processes. To do.

Up to here, the lock setting process is performed, and the subsequent processes are the lock release process.
When the user inputs a lock release sequence start instruction using the operation reception unit 18, the control unit 19 receives a lock release sequence start instruction via the operation reception unit 18. The control unit 19 displays the panel 302 of FIG. 3B on the display unit 21 (step S103), and prompts the user to input an unlock password.

The user inputs the unlock password via the operation accepting unit 18, and the control unit 19 receives the unlock password from the operation accepting unit 18 (step S104).
The control unit 19 determines whether or not the received unlock password and the lock setting password 207 match (step S105). If they do not match, the variable fail is incremented by 1 (step S106), and the file is preset. It is determined whether or not the password input failure count N is greater (step S107).

N is a value determined at the design stage of the mobile phone 1 and is assumed to be 5 here, but there is no problem even if the value is changed according to the design contents.
If the fail is greater than or equal to N (step S107: YES), 1 is substituted into limit (step S108), and the process proceeds to step S104. If the fail is not greater than N (step S107: NO), step The process proceeds to S104.

In step S105, if the unlock password matches the lock setting password 207 (step S105: YES), it is determined whether or not lock is 1 (step S109).
If lock is not 1 (step S109: NO), the process is terminated. If lock is 1 (step S109: YES), the panel 301 shown in FIG. 3C is displayed (step S110), and the emergency contact information is displayed. An emergency contact is made by sending a notification mail to the contact indicated by the information 204 (step S111).

Here, if the person who is currently using the mobile phone 1 is not an authorized owner, there is a high possibility of giving up the use of the mobile phone 1 by recognizing that the emergency contact has been made. It can be expected that the possibility of returning the mobile phone 1 to the legitimate owner is increased.
The content of the notification mail includes the latest time information and position information in the GPS information 205.

Next, the user inputs a restriction release sequence (step S112).
The restriction release sequence is a sequence preset by the owner of the mobile phone 1 or programmed in advance in the control unit 19. For example, a specific key on the keypad may be pressed for a long time, or a plurality of keys may be pressed in a predetermined order. If the user who wants to release the restriction does not know the restriction release sequence, naturally the restriction cannot be released. The restriction release sequence is stored in the secure storage unit 20. This makes it difficult for the person other than the owner of the mobile phone 1 to release the restriction.

When the restriction release sequence is input in step S112, the control unit 19 displays the restriction release panel 303 shown in FIG. 3D on the display unit 21 (step S113), and the user inputs the restriction release password. Prompt.
The control unit 19 receives the restriction release password input by the user via the operation reception unit 18 (step S114).

The control unit 19 determines whether or not the restriction release password matches the restriction setting password 208 (step S115).
If the restriction release password and the restriction setting password do not match (step S115: NO), the process proceeds to step 114, and if the restriction release password and the restriction setting password match (step S115: YES), 0 is substituted into the variable lock (step S116), and the process is terminated.
(Overall operation outline of mobile phone 1)
In the lock setting and release process described above, the overall operation of the mobile phone 1 when the limit flag 212 is 1, that is, when the function is in a restricted state will be described with reference to FIG. When the limit flag 212 has a value of 0, since it is not in the function restriction state, there is no particular difference from the operation of other general mobile phones, and the description thereof will be omitted.

The user of the mobile phone 1 performs an input for instructing a function to be used via the operation reception unit 18. The control unit 19 acquires function information indicating a function that requests use from the operation receiving unit 18 (step S201).
The control unit 19 determines whether or not the flag corresponding to the function that requires use is 1 (steps S202, S211, S221, S231, S241, S251, S261, and S271).

For example, when the function that requests use is a call function, the control unit 19 reads the value of the call flag 231 in the function restriction flag group 209 stored in the secure storage unit 20, and sets the call flag 231. It is determined whether or not the value is 1 (step S211).
Similarly, when the function that requests use is the mail transmission / reception function, the control unit 19 reads the value of the mail flag 232 in the function restriction flag 209 and determines whether the value is 1 (step S221). ).

  When the flag corresponding to the function that requires use is 1 (step S211: YES, S221: YES, S231: YES, S241: YES, S251: YES, S261: YES, S271: YES), the requested function A function unavailable panel (not shown) is displayed (step S203), the user is notified that the function cannot be used, and the process proceeds to step S201. Wait for input of the use request function.

  If the flag corresponding to the function that requires use is not 1 (step S211: NO, S221: NO, S231: NO, S241: NO, S251: NO, S261: NO, S271: NO), it corresponds to the requested function (Steps S212, S222, S232, S242, S252, S262, S272), the process proceeds to Step S201 and waits for the user to input the next use request function.

For example, if it is determined in step S211 that the call flag is not 1, call processing is performed. If it is determined in step S221 that the mail flag is not 1, mail transmission / reception processing is performed.
Since the call process and the mail transmission / reception process are not particularly different from the call process and the mail transmission / reception process in other general mobile phones, description thereof will be omitted.

Also, the WEB browsing process in step S232, the phone book display process in step S242, the photograph taking process by the camera in step S252, the ring tone setting process in step S262, and the contact display process in step S272 are also provided. Similar to the call processing and mail transmission / reception processing, the processing is not particularly different from processing in other general mobile phones, and thus the description thereof is omitted.
<Modification>
Although the present invention has been described based on the above embodiment, the present invention is not limited to the above embodiment, and various modifications can be made without departing from the gist of the present invention. Of course.

(1) The mobile phone 1 may further generate a random password, store the generated password as a restriction setting password, and transmit the password to the emergency contact.
The authorized user of the mobile phone 1 inputs the password transmitted to the emergency contact information to the mobile phone 1 as the restriction release password.

As a result, since the restriction setting password can be changed randomly without being fixed, analysis of the restriction setting password becomes more difficult, and the security strength of the mobile phone 1 is increased.
(2) Each of the above devices is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. Each device achieves its function by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

(3) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
The present invention also records the computer program or the digital signal on a computer-readable recording medium, such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, semiconductor memory, etc. It is good also as what you did. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

(4) The above embodiment and the above modifications may be combined.
In each claim of the claims, the failure detection means corresponds to steps S105 to S108 among the processes performed by the control unit 19 of the embodiment, and the first release detection means is a process performed by the control unit 19. The generation unit corresponds to S109: YES to S116 among the processes performed by the control unit 19.

Further, the second release detection means corresponds to S115: YES in the process performed by the control unit 19, the restriction release means corresponds to S116 of the process performed by the control unit 19, and the storage means corresponds to S116 of the mobile phone 1. This corresponds to the secure storage unit 20.
The operation accepting unit corresponds to step S112 in the processing performed by the control unit 19, and the sequence storage unit corresponds to the secure storage unit 20.

  The information terminal of the present invention is used to configure a communication system such as a network as a terminal capable of storing personal information.

It is a block diagram which shows the internal structure of the mobile telephone which concerns on one embodiment of this invention. It is a figure which shows an example of the data structure which a secure memory | storage part memorize | stores securely. It is a figure which shows an example of the panel displayed on a display part. It is a flowchart which shows a lock release process. It is a figure which shows the whole operation | movement of a mobile telephone in a function restriction state.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 Audio | voice input part 12 Audio | voice processing part 13 Audio | voice output part 14 Antenna 15 Radio | wireless part 16 GPS antenna 17 GPS processing part 19 Control part 20 Secure memory | storage part 21 Display part

Claims (7)

Failure detection means for detecting a predetermined number of authentication failures in the first authentication means for unlocking;
First cancellation detection means for detecting cancellation of the first authentication;
An information terminal comprising: an enabling means for enabling a second authentication means when detecting the predetermined number of authentication failures and the cancellation of the first authentication. The enabling means further cancels the use restriction other than the preset function when detecting the cancellation of the first authentication,
The information terminal further includes:
Second cancellation detection means for detecting cancellation of the second authentication;
2. The information terminal according to claim 1, further comprising: a restriction release unit configured to release use restriction of the preset function when the second authentication release is detected. 3. The information terminal according to claim 2, wherein the validation unit validates, as the second authentication unit, a unit that executes authentication having an authentication strength higher than that of the first authentication. The information terminal further includes:
Storage means for storing a contact address when the predetermined number of authentication failures is detected;
The first release detecting means, when detecting the release of the first authentication, further generates authentication information for releasing the second authentication and notifies the contact information of the authentication information. The information terminal according to claim 2, wherein: The information terminal further includes:
An operation accepting means for accepting an operation by a user;
Sequence storage means for storing predetermined operations, and
The validation means validates the second authentication means when the operation accepted by the operation acceptance means coincides with the operation stored in the sequence storage means. Information terminal described in 1. A lock control method applied to an information terminal,
A failure detection step of detecting a predetermined number of authentication failures in the first authentication process for unlocking;
A first release detection step of detecting release of the first authentication;
A lock control method comprising: an enabling step of enabling a second authentication process when the predetermined number of authentication failures and the cancellation of the first authentication are detected. A lock control program applied to an information terminal,
A failure detection step of detecting a predetermined number of authentication failures in the first authentication process for unlocking;
A first release detection step of detecting release of the first authentication;
A lock control program comprising: an enabling step of enabling a second authentication process when detecting the predetermined number of authentication failures and cancellation of the first authentication.

Images