JP2014010598A - Information processing unit - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing unit capable of preventing leakage of important information even when an application program which may cause information leakage is executed.SOLUTION: A plurality of applications AP1-AP5 are stored in a program storage section 20, and a plurality of normal data files D1-D6 and camouflage data files D1', D2', D4' for some of the normal data files are stored in a data file storage section 30. Property information of the applications is stored in a property list storage section 80. When a given application is started by a start processing section 40, a data file mediation section 50, according to a file request of the application, delivers a normal data file in the event of property 1, or a camouflage data file in the event of property 2 (or a normal data file in the absence of a camouflage data file), and have the data file expanded on a memory 60. When a new application is introduced from an introduction processing section 10, a camouflage data file setting section 100 sets a new camouflage data, and a property list update section 110 updates a property list.

Description

  The present invention relates to an information processing apparatus, and more particularly to an information processing apparatus in which the same data file is commonly used by a plurality of application programs.

  General-purpose information processing apparatuses are used by various users for various purposes. For this reason, many information processing apparatuses adopt a form in which a desired application program can be appropriately installed for each user as needed, and the entire apparatus is managed by an OS program. For example, electronic devices such as general-purpose personal computers, tablet information terminal devices, and mobile phones are all representative information processing devices that take such a form.

  In particular, in recent years, the spread of smartphones has been remarkable among mobile phones, and in the future, it is expected that the spread will progress to the rate of one per person. A smartphone has a processing function similar to that of a conventional personal computer, and a user can cause a user to execute a desired application program under the control of an OS program, like a personal computer. For example, Android OS (registered trademark) provided by Google Inc. in the United States and iOS (registered trademark) provided by Apple Inc. in the United States are prevalent as typical OS programs for smartphones.

  In general-purpose information processing apparatuses such as smartphones, the same data file may be commonly used by a plurality of application programs. For example, a telephone function, which is a typical function of a smartphone, is provided by executing a telephone application program. This telephone application program is usually used by a user using a phone book data file. Dials the destination specified by. The telephone directory data file is originally a data file prepared on the assumption that it is used by a telephone application program. However, if necessary, it can be used from another application program. For example, if it is an address book application program that performs an address book function to manage addresses and e-mail addresses of friends, it is originally recorded using a phone book data file that is used by the phone application program. It is possible to divert the phone number that is being used. By using an application program that can access the telephone directory data file in this way, it becomes possible to collect telephone numbers of many users and their acquaintances via the Internet.

  Moreover, recent portable information processing devices such as smartphones have a built-in GPS, and there are not a few application programs that collect position data using this GPS function. In such an application program, the GPS measurement history is stored, but it is also possible to use this GPS measurement history from another application program, and if such an application program is distributed, a large number of users can use it. It is also possible to collect daily action history via the Internet. Recently, leakage of personal information has become a social problem, and it is not preferable that such personal information be collected without permission.

  On the other hand, since the collection of such personal information is important for corporate sales activities, various application programs that are of interest to users are distributed and installed free of charge. There are some cases in which various personal information stored in the information processing apparatus is collected via the Internet by an accompanying function. In addition, malicious application programs (virus programs, etc.) developed for the purpose of stealing personal information are widespread, and if such application programs are executed, there is a possibility that they will suffer unforeseen actual harm. Come.

  In order to counter malicious application programs such as virus programs, anti-virus software has been developed for smartphones and the like, and measures similar to those for information processing apparatuses such as personal computers have been adopted. As a measure for preventing leakage of personal information regarding a mobile phone, for example, Patent Document 1 below discloses a method for performing user authentication using the current position of a mobile phone. Discloses a technique for transmitting phone book data from a server to an authenticated mobile phone. Patent Document 3 discloses a technique for preventing leakage of confidential information by storing confidential data in a confidential folder created on a nonvolatile memory in a mobile phone.

JP 2008-257212 A JP 2007-123959 A International Publication WO2008 / 129701

  As described above, various measures have been taken in the past to prevent information leakage from the information processing device. In any of these measures, the user himself / herself recognizes the risk of information leakage and executes the application program. In such a case, a sufficient effect cannot be exhibited.

  For example, when anti-virus software is incorporated into a smartphone, application programs that are determined to be malicious programs by the software can be eliminated at the time of introduction. However, since anti-virus software can only eliminate programs registered in the management center in advance as malicious programs, it cannot completely eliminate programs that cause information leakage. For example, the latest trendy virus programs that are not registered in the management center cannot be excluded. In addition, application programs distributed for sales activities by companies are not recognized as malicious programs even if they have a function to read personal information to the outside, so they are generally excluded by anti-virus software. I can't do it.

  Even if the technology disclosed in each of the above-mentioned patent documents is used, if a legitimate user operates an application program in a correct manner, personal information is read out as correct processing by the application program. It will be done.

  Of course, whether or not to execute an individual application program is a matter that can be determined by the user himself. If it is determined that there is a risk of leakage of personal information, the option of not executing the application program should be taken. Good. In particular, many application programs for smartphones inform the user of whether or not personal information is accessed, whether or not connected to the Internet, and whether or not GPS information is used at the time of execution. Or, when there are matters that the user does not approve, there are many cases that adopt an operation such as starting in a mode in which some restrictions are imposed.

  Therefore, basically, the user recognizes the risk of personal information leakage himself and executes each application program under his / her own responsibility. The conventional information leakage countermeasure described above also assumes such a premise. For this reason, when the user himself / herself recognizes the risk of information leakage and executes the application program, even if personal information is read out by the application program, it is not “information leakage” This is regarded as “legitimate reading of information” and cannot be prevented.

  The number of application programs distributed for smartphones is expected to continue to increase dramatically in the future, and some of them will be equipped with a function to read personal information in some form. Whether or not to execute such an application program is left to the user's discretion. However, the user can execute the application program after accepting that personal information is read out to the outside, An alternative decision must be made whether to abandon the execution of the application program while avoiding the risk of information leakage. If the user decides to execute the application program while recognizing the danger of information leakage, the conventional method can no longer prevent leakage of important information.

  Therefore, the present invention provides an information processing apparatus capable of preventing leakage of important information due to the operation of an application program even when an application program that may cause information leakage is executed. Objective.

(1) According to a first aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A file storage for storing application programs and data files;
Memory for deploying application programs and data files;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the file storage unit is the first attribute or the second attribute;
An application program to be executed and a data file required by the program are read from the file storage unit and expanded in a memory, and an expanded execution unit that executes the expanded application program using the expanded data file;
Provided,
A plurality of n regular data files are stored in the file storage unit, and some or all of these n regular data files are designated as protection target files. A data file with the same data format is stored as an impersonation data file,
The expansion execution unit recognizes the attribute of the application program to be executed by referring to the attribute list, and selects the regular data file when the recognized attribute is the first attribute, and recognizes the recognized attribute. If is the second attribute, select a camouflaged data file (or a legitimate data file if no camouflaged data file exists), expand the selected data file in memory, and execute it It is.

(2) According to a second aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
An activation processing unit that reads an application program to be activated from a program storage unit and expands the data file used by the specific application program in a memory when an activation instruction for a specific application program is given; ,
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file intermediary unit that reads a data file to be requested from the data file storage unit and delivers it to the activation processing unit when there is a request from the activation processing unit for a data file used by the application program to be activated;
Provided,
A plurality of n regular data files are stored in the data file storage unit, and some or all of these n regular data files are designated as protection target files. , Data files with the same data format are stored in correspondence as fake data files,
The data intermediary unit recognizes the attribute of the application program to be activated by referring to the attribute list, selects a regular data file when the recognized attribute is the first attribute, and recognizes the recognized attribute Is a second attribute, a camouflaged data file (however, if there is no camouflaged data file) is selected, and the selected data file is delivered.

(3) According to a third aspect of the present invention, in the information processing apparatus according to the second aspect described above,
The program execution unit has a function of reading out a data file used by the application program based on an instruction of the application program being executed via the data file mediation unit and expanding the data file in a memory.
The data file intermediary unit has a function of reading out a data file to be requested from the data file storage unit based on a file read request from the program execution unit and delivering the data file to the program execution unit. , The attribute of the application program making the file read request is recognized, and if the recognized attribute is the first attribute, the regular data file is selected, and the recognized attribute is the second attribute. If it is an attribute, a camouflaged data file (however, if there is no camouflaged data file) is selected, and the selected data file is delivered.

(4) According to a fourth aspect of the present invention, in the information processing apparatus according to the third aspect described above,
The program execution unit has a function of transferring the data file being used by the application program to the data file intermediary unit and storing it in the data file storage unit based on the instruction of the application program being executed. And
The data file mediation unit has a function to save the transferred data file in the data file storage unit based on the file save request from the program execution unit, and at this time, the file save request is an overwrite save request. If it is, the save process to rewrite the old file is executed. If the file save request is a new save request, the new file save process is executed as a regular data file. .

(5) According to a fifth aspect of the present invention, in the information processing apparatus according to the second to fourth aspects described above,
The corresponding regular data file and fake data file are stored in the data file storage unit as data files having different file names,
The data file intermediary unit treats the regular data file and the camouflaged data file separately based on the file name.

(6) According to a sixth aspect of the present invention, in the information processing apparatus according to the second to fourth aspects described above,
The data file storage unit has a main storage location for storing the regular data file and a secondary storage location for storing the camouflaged data file (however, if the corresponding camouflaged data file does not exist, the regular data file). And
The data file mediation unit distinguishes the file to be handled by distinguishing between the main storage location and the secondary storage location.

(7) According to a seventh aspect of the present invention, in the information processing apparatus according to the second to fourth aspects described above,
A data file storage unit has a main folder storing a regular data file and a subfolder storing a camouflaged data file (however, if the corresponding camouflaged data file does not exist, the regular data file); The corresponding regular data file and fake data file have the same file name,
The data file mediation unit distinguishes the handling target file by distinguishing the main folder and the subfolder.

(8) According to an eighth aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file required by the specific application program is read from the data file storage unit and stored in the memory. A startup processing unit for performing startup processing to be expanded into,
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit for changing the access environment for the data file stored in the data file storage unit;
Provided,
A plurality of n regular data files are stored in the data file storage unit, and some or all of these n regular data files are designated as protection target files. , Data files with the same data format are stored in correspondence as fake data files,
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and if the recognized attribute is the first attribute, the regular data file is read and recognized. When the attribute is the second attribute, the access environment is changed so that the camouflaged data file (however, if the camouflaged data file does not exist) is read out.

(9) According to a ninth aspect of the present invention, in the information processing apparatus according to the eighth aspect described above,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The program execution unit has a function of accessing a data file in the data file storage unit,
The regular data file is accessed during a period in which the application program having the first attribute is activated, and the data file management unit is impersonated during the period in which the application program having the second attribute is activated. The access environment is changed so that a data file (however, a regular data file if no fake data file exists) is accessed.

(10) According to a tenth aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name required by the specific application program is stored in the data file An activation processing unit that performs an activation process of reading out from the unit and expanding it in the memory;
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
Data to be changed by switching the file name of the data file stored in the data file storage section between the requested file name requested by the application program and a non-requested file name different from the requested file name A file manager,
Provided,
A plurality of n regular data files are stored in the data file storage unit, and some or all of these n regular data files are designated as protection target files. , Data files with the same data format are stored in correspondence as fake data files,
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and recognizes the attribute for at least the period until the reading of the data file in the activation process for the activation object is completed. Is the first setting state in which the request target file name is assigned to the regular data file and the non-request target file name is assigned to the spoofed data file. If the attribute is the second attribute, the non-request target file name is given to the regular data file (however, the request target file name is given to the regular data file for which there is no corresponding impersonation data file). In the second setting state, the request target file name is assigned to the fake data file. , In which to perform the change of the file name.

(11) An eleventh aspect of the present invention is the information processing apparatus according to the tenth aspect described above,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The data file management unit is in the first setting state during a period in which the application program having the first attribute is activated, and in the period in which the application program having the second attribute is activated. The file name is changed so that the setting state 2 is obtained.

(12) According to a twelfth aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name required by the specific application program is stored in the data file An activation processing unit that performs an activation process of reading out from the unit and expanding it in the memory;
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
Data to be changed by switching the file name of the data file stored in the data file storage section between the requested file name requested by the application program and a non-requested file name different from the requested file name A file manager,
Provided,
A plurality of n regular data files are stored in the data file storage unit, and some or all of these n regular data files are designated as protection target files. , Data files with the same data format are stored in correspondence as fake data files,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The attribute list storage unit stores information indicating the usage data file used by each application program.
By referring to the attribute list, the data file management unit recognizes the attribute of the application program to be activated or activated, and if the recognized attribute is the first attribute, at least As far as the data file used by the application program that is the target of activation or in the activated state is concerned, the request target file name is assigned to the regular data file, and the non-request target file name is assigned to the fake data file. If the recognized attribute is the second attribute, at least as far as the data file used by the application program to be activated or in the activated state is not requested, the regular data file is not requested. Target file name (however, the corresponding camouflage File name is changed so that the request file name is assigned to the fake data file. It is.

(13) According to a thirteenth aspect of the present invention, in the information processing apparatus according to the tenth to twelfth aspects described above,
When the data file management unit is not in a state in which any application program is activated, the non-request target file name for the regular data file (however, the request target for the regular data file for which no corresponding fake data file exists) The file name is changed so that the request target file name is assigned to the camouflaged data file.

(14) According to a fourteenth aspect of the present invention, in the information processing apparatus according to the tenth to thirteenth aspects described above,
When the data file management unit performs processing to change the file name from the request target file name to the non-request target file name for the regular data file, the file name is changed from the non-request target file name to the request target file. The decryption process is performed when the process of changing to a name is performed.

(15) According to a fifteenth aspect of the present invention, in the information processing apparatus according to the tenth to thirteenth aspects described above,
When the data file management unit performs processing to change the file name from the request target file name to the non-request target file name for the regular data file, the processing is performed to expand the regular data file in the memory, and the file name is not requested. When the process of changing the target file name to the request target file name is performed, the process of closing the regular data file developed in the memory is performed.

(16) According to a sixteenth aspect of the present invention, in the information processing apparatus according to the tenth to thirteenth aspects described above,
The data file management unit uses file names with different extensions as the corresponding request target file names and non-request target file names.

(17) According to a seventeenth aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage unit having a main storage location and a secondary storage location for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name required by the specific application program is stored in the data file A startup processing unit that reads from a storage location having an access storage location name in the department and expands it in a memory;
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file manager that changes the storage location name for the main storage location and the secondary storage location by switching between the access storage location name and a non-access storage location name different from the access storage location name;
Provided,
A plurality of n regular data files are stored in the main storage location, and some or all of these n regular data files are designated as files to be protected. Stores a fake data file with the same data format as the regular data file specified as the target file, and a regular data file not specified as the protection target file.
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and recognizes the attribute for at least the period until the reading of the data file in the activation process for the activation object is completed. Is the first setting state where the access storage location name is assigned to the main storage location and the non-access storage location name is assigned to the secondary storage location, When the recognized attribute is the second attribute, the second setting in which the storage location name for access is assigned to the secondary storage location and the storage location name for non-access is assigned to the primary storage location The storage location name is changed so as to be in a state.

(18) According to an eighteenth aspect of the present invention, in the information processing apparatus according to the seventeenth aspect described above,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The data file management unit is in the first setting state during a period in which the application program having the first attribute is activated, and in the period in which the application program having the second attribute is activated. The storage location name is changed so that the setting state 2 is obtained.

(19) According to a nineteenth aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage unit having a main storage location and a secondary storage location for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name required by the specific application program is stored in the data file An activation processing unit that reads from the main storage location in the department and expands it in the memory;
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit for switching the data file in the main storage location and the data file in the secondary storage location;
Provided,
A plurality of n regular data files are stored in the entire storage location including the main storage location and the secondary storage location, and some or all of the n regular data files are designated as protection target files. In the entire storage location, a spoofed data file having the same data format as the regular data file designated as the protection target file is further stored.
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and recognizes the attribute for at least the period until the reading of the data file in the activation process for the activation object is completed. Is the first setting state in which the regular data file is stored in the main storage location and the camouflaged data file is stored in the secondary storage location, and the recognized attribute is the second attribute. If there is a second data in which the regular data file designated as the protection target file is stored in the secondary storage location, and the regular data file and the impersonation data file not designated as the protection target file are stored in the main storage location. The corresponding data file is replaced so that the setting state is reached. .

(20) According to a twentieth aspect of the present invention, in the information processing apparatus according to the nineteenth aspect described above,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The data file management unit is in the first setting state during a period in which the application program having the first attribute is activated, and in the period in which the application program having the second attribute is activated. The data files are exchanged so that the setting state 2 is obtained.

(21) According to a twenty-first aspect of the present invention, in an information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage unit having a main storage location and a secondary storage location for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on instructions from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and the data introduced as necessary An application installation processing unit for storing the file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name required by the specific application program is stored in the data file An activation processing unit that reads from the main storage location in the department and expands it in the memory;
Based on an instruction from the user, a program execution unit that executes an application program expanded in the memory using a data file expanded in the memory, and presents information obtained as an execution result to the user;
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit for switching the data file in the main storage location and the data file in the secondary storage location;
Provided,
A plurality of n regular data files are stored in the entire storage location including the main storage location and the secondary storage location, and some or all of the n regular data files are designated as protection target files. In the entire storage location, a spoofed data file having the same data format as the regular data file designated as the protection target file is further stored.
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The attribute list storage unit stores information indicating the usage data file used by each application program.
By referring to the attribute list, the data file management unit recognizes the attribute of the application program to be activated or activated, and if the recognized attribute is the first attribute, at least As far as the data file used by the application program that is the target of activation or in the activated state is concerned, the regular data file is stored in the main storage location and the impersonation data file is stored in the secondary storage location. If the attribute is the second attribute, at least as far as the data file used by the application program to be activated or in the activated state is concerned, the regular data file designated as the protection target file is the secondary storage location. Stored as a protected file As normal data files and disguised data file is not specified is set state stored in the main storage location, in which to perform replacement of the corresponding data files.

(22) According to a twenty-second aspect of the present invention, in the information processing apparatus according to the seventeenth to twenty-first aspects described above,
When the data file management unit is not running any application program, the storage location name is changed or the corresponding data file is replaced so that the setting state is obtained when the second attribute is recognized. It is a thing.

(23) According to a twenty-third aspect of the present invention, in the information processing apparatus according to the seventeenth to twenty-second aspects described above,
The data file management unit performs encryption processing when performing a replacement for transferring a regular data file from the main storage location to the secondary storage location, and performs a decryption process when performing a replacement for moving from the secondary storage location to the primary storage location. It is what I do.

(24) According to a twenty-fourth aspect of the present invention, in the information processing apparatus according to the seventeenth to twenty-second aspects described above,
When the data file management unit performs replacement to move the regular data file from the main storage location to the secondary storage location, the data file management unit performs processing to expand the regular data file to the memory, and changes the regular data file from the secondary storage location to the main storage location. In this case, the process of closing the regular data file developed in the memory when performing the moving replacement is performed.

(25) According to a twenty-fifth aspect of the present invention, in the information processing apparatus according to the seventeenth to twenty-fourth aspects described above,
The primary folder and secondary folder are used as the main storage location and the secondary storage location, respectively, and the access folder name and non-access folder name are used as the access storage location name and non-access storage location name, respectively. is there.

(26) According to a twenty-sixth aspect of the present invention, in the information processing apparatus according to the second to twenty-fifth aspects described above,
As a fake data file, a fake data file in which fake information is recorded, a meaningless data file in which meaningless character strings are recorded, or an empty data file in which no substantial data is recorded are stored. It is a thing.

(27) According to a twenty-seventh aspect of the present invention, in the information processing apparatus according to the second to twenty-fifth aspects described above,
A camouflaged data file setting unit for storing a camouflaged data file corresponding to a new regular data file designated as a protection target file in the data file storage unit is further provided.

(28) According to a twenty-eighth aspect of the present invention, in the information processing apparatus according to the twenty-seventh aspect described above,
The camouflaged data file setting unit creates the camouflaged data file by copying the regular data file.

(29) According to a twenty-ninth aspect of the present invention, in the information processing apparatus according to the twenty-eighth aspect described above,
After the fake data file setting unit creates a copy data file by copying the regular data file, the copy data file is modified based on the user's modification instruction given from the input / output interface. Is set as a fake data file.

(30) According to a thirtieth aspect of the present invention, in the information processing apparatus according to the twenty-seventh aspect described above,
The camouflaged data file setting unit introduces and sets a camouflaged data file corresponding to the regular data file from the outside.

(31) According to a thirty-first aspect of the present invention, in the information processing apparatus according to the twenty-seventh aspect described above,
When the impersonation data file setting unit introduces a new application program and a regular data file used by the application program by the application installation processing unit, the regular data file is specified as a protection target file. The process of setting a camouflaged data file for the regular data file is performed.

(32) According to a thirty-second aspect of the present invention, in the information processing apparatus according to the twenty-seventh aspect described above,
When the impersonation data file setting unit creates and saves a new regular data file by the application program, the impersonation data file setting section impersonates the regular data file on the condition that the regular data file is designated as a protection target file. A process for setting a data file is performed.

(33) According to a thirty-third aspect of the present invention, in the information processing apparatus according to the thirty-first or thirty-second aspect described above,
A regular data file used by an application program having the first attribute is a file to be protected.

(34) According to a thirty-fourth aspect of the present invention, in the information processing apparatus according to the thirty-first or thirty-second aspect described above,
The regular data file specified by the user's instruction given from the input / output interface is set as the protection target file.

(35) In a thirty-fifth aspect of the present invention, in the information processing apparatus according to the second to thirty-fourth aspects described above,
When a new application program is introduced by the application introduction processing unit, an update process for adding information indicating the attribute of the new application program to the attribute list in the attribute list storage unit, or an attribute based on a user instruction An attribute list update unit for performing an update process for changing the contents of the attribute list in the list storage unit is further provided.

(36) In a thirty-sixth aspect of the present invention, in the information processing apparatus according to the thirty-fifth aspect described above,
The attribute list storage unit stores an attribute list indicating the first attribute of the application program stored in advance in the program storage unit,
When a new application program is introduced by the application introduction processing unit, the attribute list update unit performs an update process for adding information indicating that the new application program is the second attribute to the attribute list. It is a thing.

(37) According to a 37th aspect of the present invention, in the information processing apparatus according to the 35th aspect described above,
When the attribute list update unit stores a predetermined certification standard to be an application program to which the first attribute is to be given and a new application program is introduced by the application introduction processing unit, the new application program It is determined whether or not the certification standard is satisfied, and an update process is performed to add information indicating that the attribute is the first attribute if the certification standard is satisfied and the second attribute if the certification standard is not satisfied. It is a thing.

(38) According to a thirty-eighth aspect of the present invention, in the information processing apparatus according to the thirty-fifth aspect,
When a new application program is introduced by the application introduction processing unit, the attribute list update unit causes the user to specify an attribute for the new application program via the input / output interface, and for the new application program, An update process for adding information indicating an attribute designated by the user to the attribute list is performed.

(39) According to a 39th aspect of the present invention, in the information processing apparatus according to the above-described second to 34th aspects,
The attribute list storage unit stores a list for identifying an application program having the first attribute as an attribute list,
The data file mediation unit or the data file management unit recognizes an application program listed in the attribute list as a first attribute and an application program not listed as a second attribute.

(40) In a 40th aspect of the present invention, in the information processing apparatus according to the 2nd to 39th aspects described above,
The activation processing unit has a function of simultaneously activating a plurality of application programs. During a period in which the application program having the first attribute is activated, a new application program having the second attribute is processed. When an activation instruction is given, or when an activation instruction for a new application program having the first attribute is given during a period in which the application program having the second attribute is activated, the new The application program is refused to start.

(41) According to a 41st aspect of the present invention, in the information processing apparatus according to the 2nd to 39th aspects described above,
The activation processing unit has a function of simultaneously activating a plurality of application programs. During a period in which the application program having the first attribute is activated, a new application program having the second attribute is processed. Activated when an activation instruction is given, or when an activation instruction for a new application program having the first attribute is given during a period in which the application program having the second attribute is activated After forcibly terminating the application program in the state, the new application program is started.

(42) According to a forty-second aspect of the present invention, in the information processing apparatus according to the second to thirty-ninth aspects described above,
The activation processing unit has a function of simultaneously activating a plurality of application programs. During a period in which the application program having the first attribute is activated, a new application program having the second attribute is processed. When the activation instruction is given, activation of the new application program is rejected, and activation of the new application program having the first attribute is performed during a period in which the application program having the second attribute is activated. When an instruction is given, the application program in the activated state is forcibly terminated and then the new application program is activated.

(43) According to a 43rd aspect of the present invention, in the information processing apparatus according to the 12th or 21st aspect described above,
The start processing unit performs the start restriction in principle so that both the application program having the first attribute and the application program having the second attribute are not started at the same time, and the same data mutually The application program having the first attribute that does not use the file and the application program having the second attribute are exceptionally permitted to be simultaneously activated.

  (44) In a forty-fourth aspect of the present invention, a cellular phone is configured by incorporating at least an application program that performs a telephone function into the information processing apparatus according to the first to forty-third aspects described above.

  (45) According to a 45th aspect of the present invention, in the information processing apparatus according to the first to 43rd aspects described above, some of the components are incorporated into the mobile terminal device, and some of the components are incorporated into the server device. A communication function is provided between the portable terminal device and the server device.

  (46) In a 46th aspect of the present invention, the information processing apparatus according to any of the first to 43rd aspects is configured by incorporating a program into a computer.

(47) According to a 47th aspect of the present invention, in the information processing apparatus according to the above 8th to 25th aspects,
An application introduction processing unit, a program storage unit, a data file storage unit, a startup processing unit, a memory, a program execution unit, and an input / output interface are configured by a computer and an OS program incorporated in the computer,
A data file management unit, an attribute list storage unit, and, if necessary, a camouflaged data file setting unit and an attribute list update unit, a computer, a specific application program incorporated in the computer, and the specific application program And a usage data file used by.

  (48) According to a 48th aspect of the present invention, a specific application program for configuring the information processing apparatus according to the 47th aspect described above is prepared and distributed.

(49) According to a 49th aspect of the present invention, in an application program execution method in which a computer executes an application program using a data file,
Prepare an application deployment phase and an application execution phase so that each of these phases is executed by a computer,
The application deployment phase
An application storage step of storing an application program and a regular data file used by the application program in a predetermined storage location;
A camouflaged data file storage step for storing a camouflaged data file having the same data format as the regular data file in a storage location;
An attribute list storing step of storing an attribute list indicating whether the application program stored in the storage location is the first attribute or the second attribute in the storage location;
Have
The application execution stage
A program expansion step of reading an application program to be executed from a storage location and expanding it on a memory;
Referring to the attribute list, an attribute recognition step for recognizing the attribute of the application program to be executed;
If the attribute recognized in the attribute recognition step is the first attribute, the regular data file requested by the application program to be executed is read from the storage location and expanded on the memory, and the second attribute is used. If there is, instead of the regular data file requested by the application program to be executed, a data development step of reading the corresponding fake data file from the storage location and expanding it on the memory;
An execution step of executing the application program expanded on the memory using the data file expanded on the memory;
It is made to have.

  In the information processing apparatus according to the present invention, for the regular data file designated as the file to be protected among the stored data files, a forged data file including forged information that does not cause a problem is prepared. The On the other hand, for each application program, the first attribute or the second attribute is determined in advance. When executing the application program having the first attribute, the regular data file is expanded on the memory, and when executing the application program having the second attribute, the fake data file is stored on the memory. (However, if no camouflaged data file exists, a regular data file) is expanded. For this reason, the application program having the second attribute executes the process using the camouflaged data file instead of the regular data file designated as the protection target file. Therefore, even if the information of the data file is read outside by the application program having the second attribute, the information is impersonation information in the impersonation data file. Thus, even when an application program that may cause information leakage is executed by the user's own judgment, it is possible to prevent leakage of important information to be protected due to the operation of the application program.

It is a block diagram which shows the structure of the information processing apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the characteristic of each application program AP1-AP5 stored in the information processing apparatus shown in FIG. It is a figure which shows the characteristic of each data file stored in the information processing apparatus shown in FIG. It is a figure which shows an example of the specific information recorded on each data file. It is a block diagram which shows the structure of the information processing apparatus which concerns on the modification of the 1st Embodiment of this invention. It is a flowchart which shows the procedure of the first half of the execution method of the application program which concerns on this invention. It is a flowchart which shows the procedure of the second half of the execution method of the application program which concerns on this invention. FIG. 6 is a diagram illustrating an example in which a regular data file and a camouflaged data file are distinguished by changing a file name in the information processing apparatus illustrated in FIG. 5. 6 is a diagram illustrating an example in which a regular data file and a camouflaged data file are distinguished by providing two sets of folders in the data file storage unit 30 in the information processing apparatus illustrated in FIG. It is a block diagram which shows the structure of the information processing apparatus which concerns on the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the information processing apparatus which concerns on the modification of the 2nd Embodiment of this invention. It is a figure which shows an example of the switching operation of the setting state of the file name by the data file management part 120 in 2nd Embodiment. It is a figure which shows another example of the switching operation of the setting state of the file name by the data file management part 120 in 2nd Embodiment. It is a figure which shows the modification of the attribute list used for this invention. It is a figure which shows an example which changes a file name by changing an extension. It is a figure which shows another example which changes a file name by changing an extension. It is a figure which shows an example of the switching operation of the setting state of the folder name by the data file management part 120 in 2nd Embodiment. It is a figure which shows an example of the switching operation of the setting state by the file movement by the data file management part 120 in 2nd Embodiment. It is a figure which shows another example of the switching operation of the setting state by the file movement by the data file management part 120 in 2nd Embodiment. FIG. 12 is a block diagram illustrating an example in which some components are realized by an application program in the embodiment illustrated in FIG. 11.

  Hereinafter, the present invention will be described based on the illustrated embodiments.

<<< §1. Basic configuration of the first embodiment >>
FIG. 1 is a block diagram showing the configuration of the information processing apparatus according to the first embodiment of the present invention. As illustrated, the information processing apparatus includes an application introduction processing unit 10, a program storage unit 20, a data file storage unit 30, a startup processing unit 40, a data file mediation unit 50, a memory 60, a program execution unit 70, and an attribute list storage unit. 80, and an input / output interface 90. In the case of schematically explaining the function of this information processing apparatus, the components including the program storage unit 20 and the data file storage unit 30 are referred to as a file storage unit α, as indicated by a dashed line for convenience. A component including the activation processing unit 40, the data file mediation unit 50, and the program execution unit 70 is referred to as a deployment execution unit β.

  The information processing apparatus according to the present invention is an apparatus having a function of executing an application program using a data file, and specifically includes various mobile phones such as a personal computer, a tablet information terminal apparatus, and a smartphone. Can be configured by various electronic devices. However, in the following description, an example in which the present invention is applied to a smartphone will be described for convenience.

  In the information processing apparatus illustrated in FIG. 1, the application introduction processing unit 10 is a component that performs a function of introducing a new application program from the outside based on an instruction from a user. The introduced application program is stored in the program storage unit 20. The figure shows a state where five sets of application programs AP1 to AP5 are stored. On the other hand, the data file storage unit 30 is a component that performs a function of storing a data file used by an application program. The figure shows a state in which nine sets of data files D1 to D6 and D1 ′, D2 ′, D4 ′ are stored.

  Each data file may be created and stored by an application program, or may be installed and stored together by the application installation processing unit 10 when the application program is installed. Therefore, the application introduction processing unit 10 not only introduces a new application program based on an instruction from the user, but also has a function of introducing a data file used by the application program from the outside as needed. The installed application program is stored in the program storage unit 20, and the function of storing the introduced data file in the data file storage unit 30 as necessary is also achieved.

  In the embodiment described here, since this information processing device is a device that constitutes a smartphone, the application introduction processing unit 10 uses the communication function provided in this smartphone (even if it uses a mobile phone network) The application program and the data file can be downloaded by using the program storage unit 20 or the data file storage unit 30. Of course, when a personal computer or the like is used as the information processing apparatus, the application introduction processing unit 10 can introduce an application program or a data file via a general network such as a LAN, a hard disk device, a USB memory, or the like. Application programs and data files can also be introduced by reading from an optical recording medium or the like.

  The file storage unit α configured by the program storage unit 20 and the data file storage unit 30 is a component that plays a role of storing application programs and data files. In the case of a general smartphone, the file storage unit α can be configured by a built-in nonvolatile memory or a detachable nonvolatile memory that is attached. Of course, the file storage unit α can be configured by a hard disk device, an optical recording device, or the like, regardless of whether it is built-in or detachable. As will be described later, an external storage location accessible via a network can be used as the file storage unit α. In short, the file storage unit α may be configured by any hardware as long as it is a component having a function of storing programs and data files so that they can be read out when necessary. It doesn't matter.

  On the other hand, the memory 60 is a component for developing an application program to be executed and a data file used by the program. In a broad sense, a component having a function of storing programs and data, the memory 60 also performs the same function as the file storage unit α. However, when the file storage unit α needs a program and a data file, The memory 60 plays a role of storing and storing a program or data file to be executed in order to place it in an execution environment.

  Because of such a difference in roles, the file storage unit α requires a storage device that can provide a large-capacity storage location at a low cost, whereas the memory 60 has a high-speed access from the CPU. A storage device with possible performance is required. For this reason, a volatile memory such as a RAM is usually used as the memory 60 (of course, a non-volatile memory may be used as the memory 60 if there is no problem with the function of the information processing apparatus).

  The expansion execution unit β reads out the application program to be executed and the data file requested by the program from the file storage unit α, expands them in the memory 60, and executes the expanded application program using the expanded data file It is a component to do. In the figure, an application program AP1 and two data files D1 and D3 used by the application program AP1 are read from the file storage unit α and expanded on the memory 60. The expansion execution unit β accesses the program and data thus expanded on the memory 60 and executes the application program.

  More specifically, as shown in the figure, the expansion execution unit β is composed of a start processing unit 40, a data file mediation unit 50, and a program execution unit 70.

  When a start instruction for a specific application program is given, the start processing unit 40 reads the start target application program from the program storage unit 20 and expands it in the memory 60, and also uses data used by the specific application program A process of expanding the file into the memory 60 is performed. In the case of the illustrated example, the activation processing unit 40 reads the application program AP1 from the program storage unit 20 and expands it on the memory 60 in response to the activation instruction for the application program AP1. Subsequently, by referring to the information in the application program AP1, it is recognized that the application program AP1 uses the two data files D1 and D3, and these are expanded on the memory 60. However, in this case, the data files D1 and D3 are read from the data file storage unit 30 via the data file mediation unit 50.

  In other words, the activation processing unit 40 requests the data file mediating unit 50 for the necessary data files D1 and D3. When there is a request from the activation processing unit 40 for the data files D1 and D3 used by the application program AP1 to be activated, the data file mediating unit 50 receives the data file D1 to be requested from the data file storage unit 30. D3 is read and delivered to the activation processing unit 40.

  Thus, when the startup process by the startup processing unit 40 is completed, the program execution unit 70 can execute the application program for which the startup process has been completed. In the case of the illustrated example, the program execution unit 70 executes the application program AP1 developed on the memory 60 using the data files D1 and D3 developed on the memory 60 based on an instruction from the user. Then, a process of presenting information obtained as an execution result to the user is performed.

  The input / output interface 90 is a component having a function of inputting an instruction from the user and presenting information to the user. The user can give various instructions to the input / output interface 90. Specifically, the application introduction processing unit 10 is instructed to introduce a new application program, the activation processing unit 40 is instructed to start up a desired application program, and the program execution unit 70 is instructed. On the other hand, various instructions concerning program execution can be given. On the other hand, the application introduction processing unit 10, the activation processing unit 40, and the program execution unit 70 can present information necessary for these instructions to the user via the input / output interface 90.

  In the case of a general smartphone, the input / output interface 90 can be configured by a display device with a touch panel. In this case, an instruction from the user is input by an operation of bringing a finger or the like into contact with a predetermined location on the display screen, and information is presented to the user by performing a predetermined image display on the display screen. . Of course, an instruction from the user is performed based on sound (for example, the user's voice may be recognized and processed as an instruction input), or information is presented to the user by sound (for example, synthesis) Presentation of voice, notification by beep sound, etc.). Further, when a personal computer or the like is used as the information processing apparatus, the input / output interface 90 can be configured by a keyboard or a mouse.

  Finally, the attribute list storage unit 80 displays an attribute list L indicating whether each application program AP1 to AP5 stored in the program storage unit 20 is the first attribute or the second attribute. A component to be stored. In the case of the illustrated example, an attribute list L indicating attribute 1 (first attribute) for application programs AP1 to AP3 and attribute 2 (second attribute) for AP4 to AP5 is stored. The attribute list L is referred to by the data mediation unit 50, and mediation processing corresponding to the attribute is executed. The role of this attribute list L will be described in detail in section 2 and later.

  Note that the data file stored in the data file storage unit 30 can be read by the program execution unit 70 as needed, and the program execution unit 70 can also store the data file. . In either case, the data file reading process and storage process are performed via the data file mediation unit 50.

  That is, when a specific data file is required during the execution of the application program, the program execution unit 70 requests the data file mediation unit 50 to read the file. In response to this read request, the data file mediation unit 50 reads the data file to be requested from the data file storage unit 30 and delivers it to the program execution unit 70. The program execution unit 70 expands the transferred data file on the memory 60, and continues execution of the application program using the data file.

  In addition, when the program execution unit 70 needs to save a specific data file developed on the memory 60 during execution of the application program, the program execution unit 70 delivers the file to the data file mediation unit 50 and saves it. Make a request. The data file mediation unit 50 stores the transferred data file in the data file storage unit 30 in response to the storage request. In this case, it can be saved as a new data file, or the old data file can be saved in a rewritten form (so-called overwriting).

  The basic configuration of the information processing apparatus according to the first embodiment of the present invention has been described above with reference to the block diagram of FIG. 1, but this apparatus operates under the control of a predetermined OS program. Therefore, in practice, the OS program and data files used by the OS program are also stored in this apparatus, and the OS program and its use data are also expanded in the memory 60. However, for the sake of convenience, a description of these OS programs is omitted here. Actually, the functions of the activation processing unit 40, the data file mediation unit 50, and the program execution unit 70 constituting the deployment execution unit β are realized by a combination of this OS program and hardware such as a CPU. The attribute list L stored in the attribute list storage unit 80 is constituted by data used by the OS program.

  In addition, the activation processing of the application program by the activation processing unit 40 and the execution processing of the application program by the program execution unit 70 are not necessarily performed only on the basis of an instruction from the user. In some cases, it is performed by an instruction or an instruction from another application program.

  In the first embodiment shown in FIG. 1, the application introduction processing unit 10, the program storage unit 20, the data file storage unit 30, the activation processing unit 40, the memory 60, the program execution unit 70, and the input / output interface 90. The constituent elements are constituent elements provided in a conventional general information processing apparatus (however, the data files D1 ′, D2 ′, D4 ′ in the data file storage unit 30 are included in the present invention as will be described later). It is unique to smartphones and computers that are currently in common use.

  Therefore, a feature of the first embodiment of the present invention is that a data file mediating unit 50 and an attribute list storage unit 80 are newly added to such an existing information processing apparatus, and data is stored in the data file storage unit 30. This means that the files D1 ', D2', D4 'are stored. In other words, the information processing apparatus according to the first embodiment incorporates a function as the data file mediation unit 50 in the OS program of the conventional information processing apparatus, and uses the attribute list L as data used by the OS program. In addition, it can be realized by storing the data files D1 ′, D2 ′, D4 ′ in the data file storage unit 30.

<<< §2. Specific contents of program and data >>>
Here, taking as an example the case where the information processing apparatus according to the first embodiment shown in FIG. 1 is a smartphone, the application programs AP1 to AP5 and the data file storage unit 30 stored in the program storage unit 20 The contents of the data files D1 to D6 stored in will be described with specific examples.

  FIG. 2 is a diagram showing the characteristics of the application programs AP1 to AP5 stored in the program storage unit 20 of FIG. 1, and the items such as the program name, type, usage data, and attributes are illustrated for each application program AP1 to AP5. Has been. Here, of the five sets of application programs, three sets of AP1 to AP3 are application programs that are already installed at the time of factory shipment of the smartphone, and the remaining AP4 and AP5 are later downloaded by the user who purchased the smartphone. Consider the case of an application program installed from.

  In this example, the application program AP1 is a program that functions as a Web browser, and can perform processing such as display of a Web page by using the Internet connection function provided in the smartphone. The application program AP2 is a program having a telephone call function, and is a program that provides an original function as a smartphone, that is, a function of calling with the other party as a mobile phone. Thus, a mobile phone such as a smartphone can be configured by incorporating an application program that performs at least a telephone function in an information processing apparatus. The application program AP3 is a program having a function of recognizing the current position and displaying a map of the surroundings using a GPS device provided in the smartphone.

  A user who has purchased this smartphone can browse a web page, make a phone call, and view a map using three application programs already installed at the time of purchase. In addition, in order to realize such a function, it is necessary that the smartphone has a component for performing the Internet connection function, the communication function, and the GPS signal receiving function. Is known, and illustration and detailed explanation are omitted in the present application.

  On the other hand, the application program AP4 is a battle game in which a battle can be performed while communicating with another person, and the application program AP5 is compatibility diagnosis software that can divide compatibility with acquaintances. Both are programs installed (installed) from the outside by the user who purchased the smartphone using the application introduction processing unit 10 after the purchase. After all, in the example shown in the figure, the user can appropriately execute any program among the five types of application programs AP1 to AP5. Of course, it is also possible to introduce the sixth and seventh application programs AP6, AP7, etc. as required.

  In the usage data column in the table of FIG. 2, data files used by the application programs AP1 to AP5 at the time of execution are listed. For example, the application program AP1 requires data files D1 and D3 at the time of execution, and the application program AP2 requires data files D1 and D2.

  In the attribute column, either 1 or 2 is shown. Each application program is given either the first attribute (attribute 1) or the second attribute (attribute 2). Here, the first attribute is an attribute that should be given to a program that can be determined to be handled as a reliable program, and the second attribute is an attribute that should be given to other programs. Which attribute is to be given may be determined in advance, and may be determined based on the rule, or may be determined freely by the user.

  As a general policy, the first attribute should be set for programs that do not have the possibility of sending personal information to the outside, or programs that are assumed to be handled under strict management even if they are sent to the outside. The second attribute may be assigned to other programs. In the case of the illustrated example, the application programs AP1 to AP3 (so-called preinstalled software) introduced at the time of factory shipment of the smartphone have the first attribute, and the application programs AP4 and AP5 introduced after the purchase by the user are the second attribute. An attribute is granted. This is based on the determination that the application programs AP1 to AP3 prepared by the smartphone provider as genuine programs may be handled as reliable programs.

  The table shown in FIG. 2 shows information for explaining the operation of the information processing apparatus shown in FIG. 1 for convenience, and the information in this table remains in the information processing apparatus in the form of this table. Is not stored. For example, the information in the type column is for convenience of explanation and does not need to be actually recorded in the information processing apparatus. The information in the attribute column is stored in the attribute list storage unit 80 in the format of attribute list L. It is sufficient that the information in the usage data column is described as a command for reading a necessary data file in the application program.

  Next, let's give specific examples for each data file. FIG. 3 is a diagram showing the characteristics of the data files D1 to D6 stored in the data file storage unit 30 of FIG. 1. For each data file D1 to D6, items such as data name, contents, application used, and protection target Is illustrated. The table shown in FIG. 3 also shows information for explaining the operation of the information processing apparatus shown in FIG. 1 for convenience, and is not stored in the information processing apparatus. For example, the information in the contents column is for simply explaining the contents of each data file, and the information in the application application column uses each data file corresponding to the information in the utilization data column in FIG. This is a list of application programs. In addition, the information in the protection target column indicates whether or not the data file is specified as a protection target, as described later, “O” indicates that it is specified as a protection target, and “X” indicates no specification. , Shows.

  The data file D1 is user data, and is composed of data including personal information such as a user's name, date of birth, and address. In the case of the example shown here, the data file D1 is created by the program AP1 for the Web browser, corrected as necessary, and used for data input applications such as online shopping. It is also used by each program of telephone call AP2, competitive game AP4, compatibility diagnosis AP5.

  The data file D2 is telephone directory data and includes telephone numbers of telephone call partners such as user acquaintances. This data file D2 is created by the telephone call program AP2, is corrected as necessary, and is used for the purpose of specifying the other party when making a call. This data file D2 is also used by the compatibility diagnosis program AP5.

  The data file D3 is Web browsing history data, and is created and updated sequentially by the Web browser program AP1. When a user browses various web pages using a web browser, the URL data of the browsing destination is accumulated as a browsing history. When the user gives an instruction to the Web browser program, the substantial contents of the browsing history can be deleted.

  The data file D4 is GPS measurement history data, and is created and sequentially updated by the map browsing program AP3. When the user moves the smartphone with the program AP3 activated, the GPS signal is received at a predetermined sampling period, and the latitude / longitude information of the current position is accumulated as a measurement history together with the current time. . This data file D4 is also used by the battle game program AP4. Note that the data file D4 may be created by the OS program. In this case, even if the application program is not activated, if the OS program is activated, the measurement history of the current position is always accumulated at a constant sampling period.

  The data file D5 is game progress data, and is created when the battle game program AP4 is started for the first time. Then, as the user advances the play of the game, various data necessary for the progress of the game are sequentially updated and recorded as data in the data file D5. In this example, the data file D5 is used only by the program AP4.

  The data file D6 is constellation operation data and is used by the compatibility diagnosis program AP5. Since the data file D6 is indispensable data when the program AP5 performs compatibility diagnosis, the data file D6 is also introduced together when the application program AP5 is introduced by the application introduction processing unit 10. . The program AP5 refers to the constellation operation data in the data file D6 and executes a compatibility diagnosis process. In this example, the data file D6 is used only by the program AP5.

  Now, pay attention to FIG. 2 again, and check the usage data of each application program. First, the Web browser program AP1 uses user data (data file D1) and Web browsing history data (data file D3) during execution. Therefore, when the user starts the application program AP1, as illustrated in FIG. 1, the data file D1 and D3 used by the program are developed in the memory 60 together with the program AP1. As described above, the Web browser program AP1 can automatically input data necessary for online shopping by referring to the personal information in the user data (D1). It can be recorded as a web browsing history (D3).

  The telephone call program AP2 uses user data (data file D1) and telephone book data (data file D2) at the time of execution. Therefore, when the user activates the application program AP2, the data file D1, D2 used by the program is developed in the memory 60 together with the program AP2. The telephone call program AP2 refers to the personal information in the user data (D1), transmits the caller information to the call destination, refers to the telephone number list in the telephone directory data (D2), and It is possible to automatically enter the telephone number of the destination.

  The map browsing program AP3 uses the GPS measurement history (data file D4) at the time of execution. Therefore, when the user activates the application program AP3, the data file D4 used by the program is developed in the memory 60 together with the program AP3. The map browsing program AP3 can provide a service for displaying the user's past travel route on the map with reference to the measurement data in the GPS measurement history (D4).

  At the time of execution, the game AP4 for the battle game uses user data (data file D1), GPS measurement history (D4), and game progress data (D5). Therefore, when the user activates the application program AP4, the data files D1, D4, and D5 used by the program are expanded in the memory 60 together with the program AP4 (as described above, Data file D5 is automatically created). The competitive game program AP4 can record various data necessary for the progress of the game as the game progress data (D5), and if necessary, the personal information in the user data (D1) is stored. With reference to the name of the player of the game, it is possible to automatically input an opponent, or to search for an opponent in the geographical vicinity by referring to the position information in the GPS measurement history (D4).

  The compatibility diagnosis program AP5 uses user data (data file D1), telephone directory data (D2), and constellation operation data (D6) at the time of execution. Therefore, when the user activates the application program AP5, the data file D1, D2, D6 used by the program is developed in the memory 60 together with the program AP5. The compatibility diagnosis program AP5 can perform compatibility diagnosis between the user and an arbitrary friend using the constellation operation data (D6). If necessary, the personal information in the user data (D1) is referred to, the user's name and date of birth are automatically entered, or the information in the phone book data (D2) is referred to for compatibility. It is possible to automatically enter the name of a friend to be diagnosed.

  Thus, in an information processing apparatus that uses a plurality of application programs, the same data file is often used by a plurality of application programs. For example, in the case of the above example, the user data (D1) is used not only by the web browser (AP1) but also by telephone call (AP2), the battle game (AP4), and the compatibility diagnosis (AP5). Since data such as user data (D1), phone book data (D2), and web browsing history (D3) are generally versatile, text data (extension txt), comma-separated data (extension csv), etc. It is often prepared as a data file described in a general format. Since the data structure of such a general-purpose format data file is open to the public, it can be read from an arbitrary program and used.

  Accordingly, in the above example, the user data (D1) is also used by the competitive game program AP4 and the compatibility diagnosis program AP5. However, basically, many of the data files in the data file storage unit 30 include the user's personal information, and it is not preferable that the contents leak out. In particular, arbitrary application programs downloaded by the user from the application introduction processing unit 10 include programs that intentionally collect personal information. Further, the personal information is stolen and misused. Some malicious programs that are meant to be included.

  For example, the competition game program AP4 in the above example uses user data (D1) and GPS measurement history (D4), and in some cases, stores such information on an external server via the Internet. There is also a possibility of performing such processing. Alternatively, although it is in the form of a game program, it may be a program originally developed for the purpose of stealing personal information. The same applies to the compatibility diagnosis program AP5. In fact, it is difficult for a general user to accurately determine which application program has a risk of leakage of personal information.

  Of course, as a standard, for genuine application programs (AP1 to AP3 in the above example) preinstalled at the time of purchasing the smartphone, it is judged that the risk of leakage of personal information is very small. I can do it. These genuine programs can be expected to be managed with sufficient security even if personal information is read out to the outside. Therefore, in order to avoid the risk of leakage of personal information, it is possible to adopt a policy of using only a genuine preinstalled application program. Similarly, application programs provided by trusted major companies can be judged to have little risk of leakage of personal information, so it is possible to adopt a policy of using only application programs provided by major companies. Is possible. Recently, however, fraudulent falsification application programs that disguise the signatures of major companies have become widespread, and even if the application program displays the name of the major company as a provider, it is necessary to be careful enough in practice. is there.

  An application program that runs under the Android OS tells the user whether or not personal information is accessed, whether or not connected to the Internet, and whether or not GPS information is used, and starts only when the user approves. In many cases, the operation is to be performed (or, when there is a matter that the user does not approve), it is started in a mode subject to some restrictions. Therefore, the user can select not to execute a program that accesses personal information, a program that connects to the Internet, a program that uses GPS information, etc., giving priority to safety.

  In this way, the user ultimately recognizes the risk of personal information leakage and executes each application program under self-responsibility. As a result, there is a problem that the more cautious users are limited in the degree of freedom of execution of application programs. That is, the user executes a desired application program after accepting that personal information is read out to the outside, or gives up the execution of the application program while avoiding the risk of leakage of personal information, You must make a choice between the two. In the case of the above example, if the user is careful, the execution of the downloaded competitive game program AP4 and the compatibility diagnosis program AP5 must be abandoned.

<<< §3. Basic operation of the first embodiment >>
An object of the present invention is to prevent leakage of important information to be protected due to operation of an application program even when an application program that may cause information leakage is executed by the user's own judgment. There is. The basic principle will be described below.

  First, regarding an application program, a first attribute is given to a program that can be determined to be reliable, and a second attribute is given to other programs to distinguish them. For example, in the example shown in FIG. 2, the first attribute is given to the genuine application programs AP1 to AP3 preinstalled, and the second attribute is given to the application programs AP4 and AP5 downloaded by the user later. It has been. Information about such attributes is stored as an attribute list L in the attribute list storage unit 80 as shown in FIG. That is, the attribute list storage unit 80 has an attribute list L indicating whether each application program AP1 to AP5 stored in the program storage unit 20 is the first attribute or the second attribute. Will be stored.

  On the other hand, for a data file, a file to be protected against information leakage is designated as a protection target file, and a “spoof data file” having the same data format is prepared for the protection target file. Here, the original data file to be used by the application program is called a “regular data file” and is distinguished from a “fake data file”. The data files D1 to D6 shown in FIG. 3 are all original data files to be used by the application program, and are “regular data files” in the present application. In contrast, a “fake data file” is a file prepared in association with a specific “regular data file” and has the same data format as the “regular data file” in form. The actual contents of the file are forged information (information that can be leaked).

  A camouflaged data file is prepared only for those designated as protected files among regular data files. For example, in the case of the example shown in FIG. 3, a camouflaged data file is prepared only for each of the regular data files D1, D2, and D4 with “◯” in the protection target column. Here, the camouflaged data files corresponding to these regular data files D1, D2, and D4 are shown with dashes and camouflaged data files D1 ′, D2 ′, and D4 ′, respectively.

  In general terms, in FIG. 1, when a plurality of n regular data files are stored in the data file storage unit 30 (n = 5 in the illustrated example), these n regular data files are stored. Some or all of them are designated as protection target files, and for these protection target files (D1, D2 and D4 in the example shown in the figure), data files having the same data format correspond to the respective forged data files. (D1 ′, D2 ′, D4 ′ in the illustrated example) are prepared and stored in the data file storage unit 30. In FIG. 1, the broken lines are drawn between D1-D1 ′, between D2-D2 ′, and between D4-D4 ′ in order to show that they are in correspondence with each other.

  FIG. 4 is a diagram showing an example of specific information recorded for the regular data files D1, D2, and D4 and the camouflaged data files D1 ′, D2 ′, and D4 ′ created in correspondence therewith. . While the content of the regular data file shown on the left is appropriate for each data file, the content of the fake data file shown on the right is inappropriate for the original information. You can see that it is (information that does not matter if it is leaked).

  For example, in the case of user data, the legitimate data file D1 and the camouflaged data file D1 ′ seem to record information such as name, date of birth, and address at first glance. On the other hand, true personal information of the user is recorded, whereas in the latter, random information that is irrelevant to the personal information of the user is recorded. That is, the fake data file D1 ′ is a fake data file in which fake information is recorded.

  In the case of phonebook data, the name and phone number of an acquaintance entered by the user himself / herself are recorded in the regular data file D2, but the impersonation data file D2 ′ has “**” in the name field. A meaningless character string “*” is recorded, and a meaningless character string “***-****-****” is recorded in the telephone number column. In addition, the number of data is 6 for the regular data file D2 (6 records), whereas the number of forged data files D2 ′ is 4, and they do not match.

  Furthermore, in the case of the GPS measurement history, the regular data file D4 is initially recorded with data indicating that the accumulated number is 5, and thereafter, the measurement is performed along the user's own actual action route. The date and time of the hour and the measured latitude and longitude are recorded. On the other hand, the camouflaged data file D4 ′ is an empty data file in which only data indicating that the number of stored cases is 0 is recorded, and no substantial data is recorded.

  Thus, FIG. 4 shows a fake data file D1 ′ in which fake information is recorded, a meaningless data file D2 ′ in which meaningless character strings are recorded, and an empty data file D4 in which no substantial data is recorded. In the above example, 'is used as a camouflaged data file. In short, the camouflaged data file may have any content as long as it is a dummy file that does not contain information that would cause problems if leaked. .

  However, each fake data file must be read by the application program instead of the corresponding regular data file. Therefore, the same data format as the corresponding regular data file (even if the application program using the regular data file reads it) The data file has a data format that does not occur. For example, if the regular data file is text data (extension txt), the camouflaged data file corresponding to the regular data file is also a text data (extension txt) file. If it is delimited data (extension csv), the camouflaged data file corresponding to the regular data file may be a comma delimited data (extension csv) file.

  After all, in the case of the example shown in FIG. 4, the application program that reads the camouflaged data file D1 ′ recognizes the recorded name as correct personal information, and the application that reads the camouflaged data file D2 ′. The program recognizes the recorded name and phone number as the correct name and phone number, and the application program that has read the fake data file D4 ′ does not collect any past location information at this time. You will recognize that it is not.

  The contents of the regular data files D1, D2, and D4 are input and corrected by the user using a specific application program, respectively, but the contents of the fake data files D1 ′, D2 ′, and D4 ′. For example, it may be incorporated in advance at the time of factory shipment of this smartphone (the user can also set it later, as will be described later). Further, in the example shown here, as shown in FIG. 3, since the data file D3 (Web browsing history) is not designated as a protection target file, no fake data file is prepared. Of course, if necessary, the data file D3 may also be designated as a file to be protected and a corresponding camouflaged data file may be prepared. Note that the data file D6 introduced together with the application program having the second attribute and the data file D5 created by the application program having the second attribute are not designated as the protection target file. .

  Now, based on such an example, the basic operation of the information processing apparatus shown in FIG. 1 will be described. As described above, the data file storage unit 30 stores six sets of regular data files D1 to D6, and among these, three sets of regular data files D1, D2, and D3 designated as protection target files. For D4, camouflaged data files D1 ', D2', D4 'as illustrated in the right column of FIG. 4 are stored.

  A feature of the embodiment shown in FIG. 1 is that the activation processing unit 40 and the program execution unit 70 indirectly access the data file storage unit 30 via the data file mediation unit 50 instead of directly accessing the data file storage unit 30. It is a point.

  As described in §1, when the user gives an instruction to activate a desired application program to the input / output interface 90, the activation processing unit 40 stores a specific data file used by the application program to be activated as a data A request is made to the file mediation unit 50. In response to this request, the data file mediation unit 50 reads out the data file to be requested from the data file storage unit 30 and delivers it to the activation processing unit 40. At this time, the data file mediation unit 50 Recognizes the attribute of the application program to be activated by referring to the attribute list L prepared in the attribute list storage unit 80, and if the recognized attribute is the first attribute, Select a data file, and if the recognized attribute is the second attribute, select a camouflaged data file (however, if there is no camouflaged data file), and hand over the selected data file Do.

  For example, when the user gives an instruction to start the Web browser program AP1 shown in FIG. 2, the data file mediation unit 50 refers to the attribute list L, so that the application program having the first attribute is displayed. Since the activation can be recognized, the regular data files D1 and D3 are read from the data file storage unit 30 and delivered to the activation processing unit 40. Thus, as shown in FIG. 1, the regular data files D1 and D3 are expanded on the memory 60 together with the application program AP1, and the Web browser program AP1 hinders processing using the regular data files D1 and D3. Can run without.

  Even when the telephone call program AP2 shown in FIG. 2 is activated, the regular data files D1 and D2 are delivered because of the first attribute. Similarly, when the map browsing program AP3 is activated, since it is the first attribute, the regular data file D4 is delivered. As described above, when the application program having the first attribute is started, the regular data file is always handed over and expanded on the memory 60, and there is no trouble in execution.

  On the other hand, when an application program having the second attribute is started, if a fake data file exists in the data file requested by the application program (that is, the requested data file is a protection target file). The fake data file is delivered instead of the regular data file. If no fake data file exists in the request target, the regular data file is delivered.

  For example, when the user gives an instruction to start the competitive game program AP4 shown in FIG. 2, since the application program has the second attribute, the data file mediation unit 50 determines the three target requests. Among the data files D1, D4, and D5, for D1 and D4, the fake data files D1 ′ and D4 ′ are delivered instead of the regular data files D1 and D4. D5 is handed over as it is. As a result, in the memory 60, the regular data file D5 is expanded for the game progress data, and the camouflaged data files D1 ′ and D4 ′ are expanded for the user data and the GPS measurement history.

  In this case, the application program AP4 can use the game progress data (D5) to progress the game for the time being. However, since the user data (D1 ′) and the GPS measurement history (D4 ′) are camouflaged data files, there is a possibility that functions using these will not operate normally (for example, the original user name “Taro Taro”). May be mistaken for the camouflaged name “Practical Kuro” or you may not be able to find an opponent in a geographical vicinity).

  Further, when the user gives an instruction to start the compatibility diagnosis program AP5 shown in FIG. 2, the data file mediation unit 50 becomes a request target because the application program also has the second attribute. Of the three data files D1, D2, and D6, for D1 and D2, the forged data files D1 ′ and D2 ′ are delivered instead of the regular data files D1 and D2, and for D6, the forged data file does not exist, so The data file D6 is delivered as it is. As a result, in the memory 60, the regular data file D6 is expanded for the constellation operation data, and the camouflaged data files D1 ′ and D2 ′ are expanded for the user data and the phone book data.

  In this case, the application program AP5 can perform compatibility diagnosis processing using the constellation operation data (D6). However, since the user data (D1 ′) and the phone book data (D2 ′) are camouflaged data files, there is a possibility that the functions using these will not operate normally (for example, the user name and date of birth, In the function of automatically inputting the name of a friend who is the partner of the compatibility diagnosis, impersonation data is input).

  As described above, in the information processing apparatus according to the present invention, when an application program with the second attribute is executed, a camouflaged data file may be used instead of a regular data file. May not be expected. However, it is possible to prevent the data file designated as the protection target from being used by the application program to which the second attribute is assigned, and it is possible to eliminate the risk of important information leakage.

  In the case of the above example, even if the user cannot determine the reliability of the competitive game program AP4 or the compatibility diagnosis program AP5, if the attribute of these programs is set to the second attribute, it is designated as a protection target. Since there is no risk of leaking the contents of the data file, the user can execute these programs with peace of mind.

  Of course, some functions may not operate normally when an application program having the second attribute is executed. However, for users who place importance on the safety related to leakage of personal information, the programs AP4 and AP5 can be used with confidence. Will be able to. That is, the user can execute the program after recognizing that there is a possibility of information leakage when the program is executed. Even if information leakage actually occurs, since the content of the camouflaged data leaks in place of the regular data for the protection target file, no serious actual harm occurs. So far, users who place importance on safety have had to give up execution of application programs whose reliability is unknown, even if they are interested. However, in the information processing apparatus according to the present invention, Application programs of unknown nature can be used with confidence. This is an important effect of the present invention.

  The processing at the time of starting the application program in the information processing apparatus shown in FIG. 1 has been described above. However, the data file access to the data file storage unit 30 is not necessarily performed only at the time of starting. Some application programs have a function of performing file read processing and storage processing after startup. The data file mediating unit 50 plays a role of mediating the data file for such file reading processing and storage processing.

  For example, the program execution unit 70 has a function of reading out a data file used by the application program via the data file mediation unit 50 and developing it in the memory 60 based on an instruction of the application program being executed. Such a file reading process is executed when it becomes necessary to use a data file that has not been expanded at the time of startup. In this case, the program execution unit 70 issues a file read request for a necessary file to the data file mediation unit 50.

  The data file mediation unit 50 has a function of reading a data file to be requested from the data file storage unit 30 based on a file read request from the program execution unit 70 and delivering it to the program execution unit 70. In addition, at the time of delivery, selection similar to the delivery at the time of activation described above is performed. That is, the data file mediating unit 50 recognizes the attribute of the application program that is requesting the file reading by referring to the attribute list L in the attribute list storage unit 80, and the recognized attribute is the first attribute. If there is, select the legitimate data file. If the recognized attribute is the second attribute, select the camouflaged data file (however, if no camouflaged data file exists), select A process of delivering the data file to the program execution unit 70 is performed.

  The program execution unit 70 expands the transferred data file in the memory 60, and executes various processes using the data file. In this case as well, an impersonation data file is given to the application program having the second attribute instead of the regular data file designated as the protection target, so that leakage of important information is also prevented. Can do. That is, a file designated as a protection target among data files developed in the memory 60 to be used by an application program having the second attribute, whether at startup or after startup, is always This is a fake data file.

  As a result, the deployment execution unit β shown in FIG. 1 recognizes the attribute of the application program to be executed by referring to the attribute list L at the time of activation or after activation, and the recognized attribute is If the attribute is the first attribute, the regular data file is selected. If the recognized attribute is the second attribute, the camouflaged data file (if the camouflaged data file does not exist, the regular data file) is selected. The selected data file is loaded into the memory 60 and executed.

  The program execution unit 70 delivers the data file used by the application program developed in the memory 60 to the data file mediation unit 50 based on the instruction of the application program being executed, and the data file storage unit 30. It also has a function to save in. The data file mediating unit 50 also performs appropriate handling in which the regular data file and the camouflaged data file are distinguished from each other when the file saving process is performed.

  That is, in the case of the embodiment shown here, the data file mediation unit 50 has a function of saving the transferred data file in the data file storage unit 30 based on a file saving request from the program execution unit 70. When saving, if the file save request is an overwrite save request (request to rewrite and save the contents of the file at the time of reading), a save process for rewriting the old file (file at the time of reading) is executed. To do. For example, when the regular data file D2 of the phone book data is read and the content of the telephone book data is modified and an overwriting save request is issued, a process of rewriting the regular data file D2 is executed. . Similarly, when the fake data file D2 ′ of the phone book data is read and the content of the phone book data is altered and an overwriting save request is issued, a process of rewriting the fake data file D2 ′ is executed. Is done.

  On the other hand, if the file save request is a new save request (request to save as a file independent from the file at the time of reading), a new file save process is executed as a regular data file. For example, after the regular data file D5 of the game progress data is read, if the content is modified and a new save request is issued, the regular data file D5-2 that is separate from the original regular data file D5 is issued. Is stored.

<<< §4. Practical modification of first embodiment >>>
Subsequently, a practical modification of the first embodiment shown in FIG. 1 will be described. FIG. 5 is a block diagram showing a configuration of an information processing apparatus according to this practical modification. The apparatus according to the modification shown in FIG. 5 is obtained by adding a camouflaged data file setting unit 100 and an attribute list update unit 110 to the apparatus shown in FIG. Therefore, hereinafter, the functions of these two new components will be described in order.

  The camouflaged data file setting unit 100 is a component having a function of storing a camouflaged data file corresponding to a new regular data file designated as a protection target file in the data file storage unit 30. In the first embodiment described so far, three sets of application programs AP1, AP2, AP3 are stored in the program storage unit 20 as preinstalled software when the information processing apparatus is shipped from the factory, and these preinstalled software use them. The example in which the forged data files D1 ′, D2 ′, D4 ′ of the regular data files D1 to D4 and a part thereof are stored in the data file storage unit 30 is shown. In this example, the regular data files D5 and D6 used by the application programs AP4 and AP5 installed by the user themselves are not designated as protection target files because AP4 and AP5 are programs having the second attribute. No fake data file is prepared.

  However, in practice, if the application program installed by the user is a program having the first attribute, a regular data file used by the program is also designated as a protection target file, and a forged data file is prepared. You may want to keep it. Alternatively, when a new data file is created by an existing application program and newly saved as a regular data file, it may be preferable to designate the regular data file as a protection target file.

  The camouflaged data file setting unit 100 designates a protection target file for a desired regular data file currently stored in the data file storage unit 30, procures the corresponding camouflaged data file by some method, and data The file storage unit 30 has a function of storing in association with the regular data file. If the camouflaged data file setting unit 100 is provided, it is not always necessary to prepare a camouflaged data file when the information processing apparatus is shipped from the factory. After the user purchases the information processing apparatus, if necessary, when an instruction is given from the input / output interface 90 to the camouflaged data file setting unit 100, the camouflaged data file setting unit 100 prepares the necessary camouflaged data file. Will be.

  For example, it is assumed that no fake data file is stored in the data file storage unit 30 when the information processing apparatus shown in FIG. 5 is purchased. In this case, the user can prepare a required fake data file in the data file storage unit 30 by giving a predetermined instruction to the fake data file setting unit 100. For example, the camouflaged data file setting unit 100 presents a list of regular data files stored in the data file storage unit 30 to the user via the input / output interface 90 and receives designation of a file to be protected. If the function is provided, the camouflaged data file setting unit 100 can recognize the designated regular data file as a protection target file based on a user instruction given from the input / output interface 90, and the regular data file It is possible to prepare a camouflaged data file corresponding to and store the data in the data file storage unit 30.

  Alternatively, if an arrangement such as “a regular data file used by an application program having the first attribute is a file to be protected” is made in advance, an individual designation from the user is not received. The camouflaged data file setting unit 100 can prepare a camouflaged data file corresponding to the protection target file when a new protection target file is stored in the data file storage unit 30. For example, when a new application program and a new data file used by the program are installed by the application introduction processing unit 10 and the first attribute is set in the program, the impersonation data file setting unit 100 A camouflaged data file corresponding to the newly installed data file (regular data file) is automatically prepared and stored in the data file storage unit 30. The same applies when a new data file is newly saved by an existing application program having the first attribute.

  As described above, when the application introduction processing unit 10 introduces a new application program and a regular data file used by the application program, the camouflaged data file setting unit 100 designates the regular data file as a protection target file. On the condition that the camouflaged data file is set for the regular data file. In addition, when the application program creates and saves a new regular data file, the camouflaged data file setting unit 100 assumes that the regular data file is designated as a protection target file. The data file has a function of performing processing for setting a camouflaged data file.

  Next, a specific method for preparing a camouflaged data file by the camouflaged data file setting unit 100 will be described. FIG. 4 illustrates three specific examples of camouflaged data files. That is, the user data camouflaged data file D1 ′ shown in the upper part is indistinguishable from the grated regular data file at first glance, but is actually a fake data file in which fake information is recorded. The camouflaged data file D2 ′ is a meaningless data file in which meaningless character strings such as “*” and “*” are recorded. Utilizing the point that the format for recording the number of stored records is used, the number of stored records is set to 0, and an empty data file in which no substantial data is recorded.

  If such a camouflaged data file is prepared at the time of product shipment and stored in the data file storage unit 30 in advance, the camouflaged data file setting unit 100 is not necessary, but after the user purchases the product, When preparing a camouflaged data file, the camouflaged data file setting unit 100 must procure a new camouflaged data file by some method and store it in the data file storage unit 30. Here, the camouflaged data file has the same data format as the corresponding regular data file (a format in which an error does not occur even if an application program that uses the regular data file reads), and even if it is leaked to the outside, there is no problem. It must be a file with no content. Hereinafter, some specific methods for procuring such a camouflaged data file by the camouflaged data file setting unit 100 will be exemplified.

  The first method is a method in which the camouflaged data file setting unit 100 creates a camouflaged data file by copying a regular data file. If a file that exactly copies the regular data file is created, of course, a camouflaged data file having the same format as the regular data file can be created. However, the content of the impersonation data file created by this method is the same as the original data file of the copy source. Cannot act as a file.

  Therefore, this first method is premised on an initial state in which the legitimate data file is not yet input with information that causes a problem when personal information or the like is leaked. For example, after the user purchases a product, when each application program is first activated, each regular data file stored in the data file storage unit 30 is in an initial state, and personal information is not input. It will not be done. For example, the contents of the regular user data file D1 and the telephone directory data file D2 shown in FIG. 4 are recorded by the user's own input operation, and are not input in the initial state.

  Therefore, if the user creates an impersonation data file by giving an instruction to create an impersonation data file to the impersonation data file setting unit 100 in the initial state immediately after purchasing the product and copying the regular data file in the initial state. It is possible to create a camouflaged data file that does not contain substantial content. Thereafter, the user only needs to perform a substantial content input operation on the regular data file.

  Even when a new application program is installed, when the application program is used for the first time, an instruction to create a camouflaged data file may be given to the camouflaged data file setting unit 100. When you start using a new application program, various information will be recorded in the regular data file for the program, but important information is not entered in the regular data file at the beginning. Therefore, if an impersonation data file is created by copying this at this point, an empty impersonation data file in which no substantial data is recorded can be created.

  In the second method, the fake data file setting unit 100 creates a copy data file by copying the regular data file, and then modifies the copy data file based on a user modification instruction given from the input / output interface 90. To set the modified file as a camouflaged data file. For example, the authorized user data file D1 shown in FIG. 4 may be copied to create a copy data file, the contents are presented to the user, and the user himself / herself may perform the modification work. Specifically, the user changes "Taro Patent" in the name field to "Practical Kuro" and changes "1980/06/15" in the date of birth to "1900/01/01" If this is done, the camouflaged data file D1 'shown in FIG. 4 can be created. Although the second method requires work by the user, it is not necessarily performed when the regular data file is in the initial state, and can be performed at any time desired by the user.

  The third method is a method in which the camouflaged data file setting unit 100 introduces and sets a camouflaged data file corresponding to a regular data file from the outside. In order to execute the third method, it is necessary to prepare a specific fake data file corresponding to a specific regular data file in an external server device or the like in advance. It is only necessary to introduce the necessary camouflaged data file from the outside and store it in the data file storage unit 30.

  For example, in the case of the example shown in FIG. 2, the application programs AP1, AP2, and AP3 are programs provided by the provider of the information processing apparatus in a pre-installed state on the apparatus. It is possible to prepare a camouflaged data file suitable for an application program. In such a case, the camouflaged data file setting unit 100 can procure a camouflaged data file by a method of downloading from the Internet site. Of course, for the other main application programs, a camouflaged data file for a regular data file used by the application program can be prepared on the Internet site.

  Next, the function of the attribute list update unit 110 in the modification shown in FIG. 5 will be described. As shown in FIG. 5, the attribute list L is stored in the attribute list storage unit 80. The attribute list L indicates attributes for each application program stored in the program storage unit 20, and in the case of the illustrated example, the first attribute for the preinstalled application programs AP1 to AP3, The second attribute is set for the application programs AP4 and AP5 installed by the user.

  If the user uses only the preinstalled programs AP1 to AP3, there is no need to update the attribute list L because new application programs do not increase. In addition, if a rule is set such that the pre-installed program is always set to the first attribute and the application program installed by the user is always set to the second attribute, the attribute list L includes the first attribute. It is sufficient to prepare a list for identifying application programs having the attribute of. For example, in the case of the above example, if information indicating the pre-installed programs “AP1, AP2, AP3” is posted in the attribute list L, the data file mediation unit 50 can identify the application programs listed in the attribute list L. Can be recognized as the second attribute for the first attribute and the application program not listed, it is not necessary to update the attribute list L.

  However, for practical use, it is preferable that the attribute settings can be set more flexibly for each application program, and the attributes can be changed as necessary. For example, in the attribute list L shown in FIG. 5, the second attribute is set for the battle game program AP4 and the compatibility diagnosis program AP5 installed by the user, but the source of the program AP5 is trusted. If it is possible to determine that the risk of information leakage is low, the user will want to set the first attribute when installing the program AP5. Also, for the program AP4, the second attribute was initially set. However, while playing the game, I thought that I wanted to enjoy it in earnest by enabling the function to search for opponents in the geographical vicinity. Try. In this case, since it is necessary to use a regular data file for the GPS measurement history, it is necessary to change to the first attribute.

  The attribute list update unit 110 is a component having a function to meet such a request. When a new application program is introduced by the application introduction processing unit 10, the attribute list update unit 110 indicates an attribute of the new application program. A function of performing an update process for adding information to the attribute list L in the attribute list storage unit 80 and an update process for changing the contents of the attribute list L in the attribute list storage unit 80 based on a user instruction; ing.

  If a certain rule is set in advance regarding the attribute assignment, the attribute list update unit 110 performs a process of automatically assigning an attribute to the application program when a new application program is introduced. be able to. For example, a rule that a first attribute is given to an application program preinstalled in the initial state of the information processing apparatus at the time of shipment from the factory, and a second attribute is given to an application program installed thereafter. , The attribute list update unit 110 can automatically update the attribute list L according to the rule.

  In this case, the attribute list storage unit 80 stores an attribute list L indicating that the application program stored in the program storage unit 20 is the first attribute. When a new application program is introduced by the application introduction processing unit 10, the attribute list update unit 110 updates the attribute list L with information indicating that the new application program is the second attribute. Can be done.

  Alternatively, for a new application program, either the first attribute or the second attribute can be automatically selected based on some certification standard, and the selected attribute can be given. For example, the attribute list update unit 110 stores a predetermined certification standard to be an application program to which the first attribute is to be given, and when a new application program is introduced by the application introduction processing unit 10, the new Application program, whether or not the certification standard is satisfied is determined, and if the certification standard is satisfied, the first attribute is added to the attribute list L. What is necessary is just to perform the update process to perform.

  Specifically, for example, when a reliable provider is registered in advance, such as company A / company B / company C, and it can be determined that the application program is provided by the registered provider. It may be determined that the certification standard is satisfied. In this case, the first attribute is automatically assigned to the application program provided from the registered company A / company B / company C, and the second attribute is automatically assigned to the other application programs. .

  Alternatively, the attribute list update unit 110 has a function of inspecting the inside of the application program to be determined, and if the inspection result satisfies a predetermined certification standard, the first attribute is assigned and satisfied. If not, the second attribute may be given. As test results and their certification standards, for example, standards such as “no virus is detected by a predetermined virus test” and standards such as “a predetermined tamper check program is incorporated” are included. Can be set.

  Of course, it is also possible to determine the attribute based on the user's free will. That is, when a new application program is introduced by the application introduction processing unit 10, the attribute list update unit 110 causes the user to specify an attribute for the new application program via the input / output interface 90, and For such an application program, an update process for adding information indicating the attribute designated by the user to the attribute list L may be performed. The same applies to the case of changing the attribute of an application program already listed in the attribute list L.

<<< §5. Application program execution method >>
Here, the invention relating to the information processing apparatus according to the present invention is regarded as the invention of the application program execution method, and the basic procedure thereof will be described. The application program execution method described here is a method in which a computer (a personal computer, a tablet information terminal device, various mobile phones such as a smartphone) executes an application program using a data file. It comprises a stage and a second half application execution stage. Each of these stages is a stage executed by a computer.

  FIG. 6 is a flowchart showing the procedure of the application introduction stage in the first half. As shown in the figure, in the application introduction stage, first, in an application storage step S11, processing for storing an application program and a regular data file used by the application program in a predetermined storage location is performed. In the embodiment described so far, the application program is stored in the program storage unit 20, and the regular data file is stored in the data file storage unit 30.

  Subsequently, in the camouflaged data file storage step S12, processing for storing the camouflaged data file having the same data format as the regular data file in the storage location is performed. In the case of the embodiment shown in FIG. 5, this process is executed by the camouflaged data file setting unit 100. The camouflaged data file is created in the apparatus based on the regular data file, or introduced into the apparatus from the outside and stored in the data file storage unit 30. In practice, it is sufficient to prepare the camouflaged data file only for a file designated as a protection target among the regular data files stored in the storage location.

  In the attribute list storage step S13, a process of storing the attribute list L indicating whether the application program stored in step S11 is the first attribute or the second attribute in the storage location is performed. Is called. In the case of the embodiment shown in FIG. 5, the attribute list L is stored in the attribute list storage unit 80.

  As described above, the application introduction stage in the first half should be a preparation stage for executing the application program. Following this, the procedure of the latter application execution stage shown in FIG. 7 is executed.

  First, in the program development step S21, processing for reading an application program to be executed from the storage location and developing it on the memory is performed. In the case of the embodiment shown in FIG. 5, a state in which the application program AP1 is expanded in the memory 60 by the activation processing unit 40 is shown.

  In the attribute recognition step S22, the attribute of the application program to be executed is recognized with reference to the attribute list L. In the embodiment shown in FIG. 5, by referring to the attribute list L, it is recognized that the attribute of the application program AP1 to be executed is the first attribute.

  In step S23, if the recognized attribute is the first attribute, the process proceeds to step S24. If the recognized attribute is the second attribute, the branch process proceeds to step S25. When the process proceeds to step S24, a process is performed in which the regular data file that is a request target by the application program to be executed is read from the storage location and expanded on the memory. On the other hand, if the process proceeds to step S25, the presence / absence of a forged data file that is a request target is confirmed. If there is a forged data file, the process proceeds to step S26, and the requested forged data file is stored. A process of reading from the location and developing it on the memory is performed. If there is no fake data file, the process proceeds to step S24, and a process of reading the regular data file to be requested from the storage location and developing it on the memory is performed.

  When the regular data file or the camouflaged data file is expanded on the memory in this way, in step S27, a program execution process is executed to execute the program expanded on the memory using the data expanded on the memory. It will be. In the case of the embodiment shown in FIG. 5, the program execution unit 70 executes the application program AP1 developed on the memory 60 using the data files D1 and D3 developed on the memory 60. .

  After all, referring only to the case in which the camouflaged data file is created, each step of Steps S23 to S26 is executed when the attribute recognized in the attribute recognition step S22 is the first attribute. When the regular data file requested by the application program is read from the storage location and expanded in the memory, and it is the second attribute, it is replaced with the regular data file requested by the application program to be executed. It can be said to be a data expansion step of reading out a corresponding camouflaged data file from the storage location and expanding it on the memory.

  The process of step S25 is a process assuming that the regular data file is not designated as a protection target. Since a fake data file is not created for a regular data file that is not designated as a protection target, when such a data file is a request target, the process branches from step S25 to step S24, and the regular data The file will be expanded.

  Eventually, when a data file is requested from the application program to be executed, it is either a regular data file to be requested (step S24) or a fake data file to be substituted for it (step S26). Will be expanded in memory. In the embodiment shown in FIG. 5, this selection is executed by the data file mediating unit 50, but here, the data file storage unit 30 treats the regular data file and the camouflaged data file separately. Some specific methods will be exemplified.

  In FIG. 5, for convenience of explanation, regular data files are represented by symbols D1 to D6 and camouflaged data files are represented by symbols D1 ′, D2 ′, and D4 ′. Normally, when a computer handles files, A specific file name is assigned, and individual files are identified based on the file name. Therefore, the application program specifies and requests a required data file with a specific file name, and the activation processing unit 40 and the program execution unit 70 request a data file with the specific file name requested from the application program. A mediation request is made to the data file mediation unit 50 so as to read it out.

  Therefore, consider the case where the file names illustrated in FIG. 8 are given to the nine sets of data files stored in the data file storage unit 30 shown in FIG. That is, in this example, for the six sets of regular data files D1 to D6, “File D1.txt”, “File D2.csv”, “File D3.txt”, “File D4.csv”, File names “File D5.war” and “File D6.zod” are assigned, and for the three sets of camouflaged data files D1 ′, D2 ′, and D4 ′, “File D1! .Txt” and “File” File names “D2! .Csv” and “File D4! .Csv” are assigned.

  Here, the symbols D1 to D6, D1 ′, D2 ′, and D4 ′ are names given to individual data files as reference numerals in the present specification and drawings for convenience of explanation. Such symbol information is not included. On the other hand, information such as “File D1.txt” is information that is given as a file name to an actual data file and is recorded as some form of actual data in the data file. The data file mediation unit 50 uses the file name information to specify individual data files. The application program also uses the information on the file name to request a data file that it needs.

  The last three letters (alphabet after the dot) of each file name are an extension part adopted by many OSs, and function to indicate the type and format of the data file. Specifically, the extension “txt” indicates text data, and “csv” indicates a data file described in a general format such as comma-separated data. On the other hand, the extensions “war” and “zod” are fictitious extensions used for explaining the embodiment of the present application. That is, the extension “war” indicates that the data file is described in a dedicated format for the game progress data D5 used by the competitive game program AP4, and the extension “zod” indicates the compatibility diagnosis program AP5. Is a data file described in a dedicated format for the constellation operation data D6 used. Of course, when the OS program used by the apparatus does not require an extension, it is not necessary to adopt the extension for the file name.

  As described above, the camouflaged data file is described in the same data format as the corresponding regular data file in order to be read by the application program instead of the corresponding regular data file. Therefore, also in the example shown in FIG. 8, the corresponding regular data file and the camouflaged data file are given file names having the same extension.

  Further, since it is necessary to store both in the data file storage unit 30 so that it can be seen that they are in correspondence with each other, in the example shown in FIG. 8, the corresponding regular data file and impersonation data file are not expanded. Except for “!” Immediately before the child, the same file name is assigned. For example, the file name “File D1.txt” is assigned to the regular data file D1, and the file name “File D1! .Txt” is assigned to the camouflaged data file D1 ′ corresponding thereto. It is only the presence or absence of "!". In other words, the file name of the camouflaged data file is uniquely determined by the rule that “!” Is added immediately before the file name extension of the corresponding regular data file.

  If the file names are named in this way, the regular data file and the camouflaged data file can be distinguished, and the correspondence between them can be easily recognized. For example, a data file with the file name “File D1.txt” can be determined to be a regular data file, and if a corresponding fake data file is required, the file name “File D1! .Txt” can be changed. Find the data file you have. Of course, in order to adopt the above rule, it is necessary to determine an implicit understanding that “!” Is not used in the file name of the regular data file. Depending on the OS, there may be restrictions on the characters that can be used in the character string that constitutes the file name. Therefore, the contents of the rules are determined so as not to cause any trouble in consideration of such restrictions. There is a need.

  When the above rule is adopted, the original file names may be used as they are for the regular data files D1 to D6. The regular data files D1 to D6 are introduced together when a predetermined application program is installed, or are created by the program after the predetermined application program is started, and at that time, some file name is given. ing. Therefore, the file name assigned from the beginning may be used as it is for the regular data file. On the other hand, for the camouflaged data file, a file name corresponding to the corresponding regular data file may be given based on the above rules. For example, when the camouflaged data file setting unit 100 performs the process of creating the camouflaged data file D1 ′ corresponding to the regular data file D1, the file name “File D1.txt” of the regular data file D1 is based on the above rules. "!" Is added to generate a file name "File D1! .Txt", and this is given to the forged data file D1 '.

  By adopting such a method, the corresponding regular data file and fake data file are stored in the data file storage unit 30 as data files having different file names, and “!” Is excluded. The correspondence between the two can be easily recognized by the file name portion. Therefore, the data file mediating unit 50 can distinguish and handle the regular data file and the camouflaged data file based on the file name.

  For example, when the application program AP1 requests a data file having the file name “File D1.txt” as a data file used by the application program AP1, the data file mediation unit 50 sets the attribute of the program AP1 as the first attribute. It is necessary to recognize that there is a process of transferring the regular data file D1 to the activation processing unit 40 or the program execution unit 70. On the other hand, when the application program AP4 similarly requests a data file having the file name “File D1.txt”, the data file mediation unit 50 recognizes that the attribute of the program AP4 is the second attribute, It is necessary to perform a process of delivering the camouflaged data file D1 ′ to the activation processing unit 40 or the program execution unit 70.

  In this case, if the above rule is established for naming the file name, the data file mediation unit 50 receives the request for the data file having the file name “File D1.txt” from the specific application program. If the program is a program having the first attribute, the regular data file D1 having the requested file name “File D1.txt” is read from the data file storage unit 30 and delivered, and the application program receives the second file. In the case of a program having the attribute of, a forged data file D1 ′ having a file name “File D1! .Txt” in which “!” Is added immediately before the extension of the file name “File D1.txt” as requested. May be read from the data file storage unit 30 and delivered.

  Then, in the example of each application program shown in FIG. 2, even if the application programs AP1, AP2, AP4, AP5 requesting the usage data D1 all make a file request with the file name “File D1.txt”. The data file mediation unit 50 performs a process of delivering the regular data file D1 having the file name “File D1.txt” as requested to the programs AP1 and AP2 having the first attribute, and the second attribute. For the programs AP4 and AP5 having, a process of delivering a forged data file D1 ′ having a file name “File D1! .Txt” obtained by adding “!” To the file name as requested can be performed.

  As described above, the method for distinguishing between the regular data file and the camouflaged data file by changing the file name has been described. However, it is also possible to adopt a method for distinguishing by changing the accommodation folder of the data file. In this case, the corresponding regular data file and the fake data file may have the same file name (of course, different file names may be used).

  FIG. 9 is a diagram showing an example in which the regular data file and the camouflaged data file are distinguished by providing two sets of folders in the data file storage unit 30 in the information processing apparatus shown in FIG. That is, in the case of this example, a main folder F1 and a subfolder F2 are provided in the data file storage unit 30. In the main folder F1, regular data files D1 to D6 are stored, and in the subfolder F2, there are regular data in which no fake data files D1 ′, D2 ′, D4 ′ and corresponding fake data files exist. Files D3, D5 and D6 are stored.

  As shown in the figure, in this example, the corresponding regular data file and fake data file have the same file name. For example, the regular data file D1 in the main folder F1 and the camouflaged data file D1 ′ in the subfolder F2 both have the same file name “File D1.txt”. However, the contents are completely different as exemplified in the upper part of FIG. Therefore, in FIG. 9, for convenience of explanation, the file name of each data file is displayed in an ellipse, and the camouflaged data file is displayed with a thick frame and hatched inside so that it can be clearly distinguished. did. For the regular data files D3, D5, and D6, since there is no corresponding forged data file, these files are accommodated in both the main folder F1 and the subfolder F2. The regular data files D3, D5, D6 accommodated in the main folder F1 and the regular data files D3, D5, D6 accommodated in the subfolder F2 have the same file name and contents. is there.

  In general OS program file management, it is prohibited to have multiple files with the same file name in the same folder except for a special folder such as a trash folder. Multiple files with file names are allowed. Therefore, the file accommodation form as illustrated in FIG. 9 is a problem-free form as long as it is a general OS program.

  After all, in the case of the example shown in FIG. 9, the main folder F1 storing the regular data file and the camouflaged data file (however, for the regular data file for which no corresponding camouflaged data file exists) The subfolder F2 storing the regular data file) is provided, and the corresponding regular data file and the fake data file have the same file name. When such a data file accommodation form is adopted, the data file mediation unit 50 can distinguish the file to be handled by distinguishing the main folder F1 and the subfolder F2.

  Specifically, when receiving a data file request from a specific application program, the data file mediation unit 50 requests from the main folder F1 if the attribute of the application program is the first attribute. When the data file having the target file name is read and delivered, and the attribute of the application program is the second attribute, the data file having the file name to be requested is read from the subfolder F2 and transferred. Just give it.

  For example, when the application program AP1 shown in FIG. 2 requests a data file having file names “File D1.txt” and “File D3.txt” as a data file used by itself, the data file mediation unit 50 , Recognizes that the attribute of the program AP1 is the first attribute, reads the regular data files D1 and D3 having the file names “File D1.txt” and “File D3.txt” from the main folder F1, and starts them. A process of handing over to the processing unit 40 or the program execution unit 70 can be performed. On the other hand, when the application program AP4 requests a data file having the file names “File D1.txt”, “File D4.csv”, and “File D5.war” as a data file used by itself, the data file broker The unit 50 recognizes that the attribute of the program AP4 is the second attribute, and the data having the file names “File D1.txt”, “File D4.csv”, and “File D5.war” from the subfolder F2. The files D1 ′ (impersonation), D4 ′ (impersonation), and D5 (regular) can be read and delivered to the activation processing unit 40 or the program execution unit 70.

  In this way, by switching the folder to be read based on the attribute of the request source application program, if the method of distinguishing between the regular data file and the camouflaged data file is adopted, the corresponding regular data file and the camouflaged data file are Thus, it is possible to handle the file with the same file name assigned, so that the complexity of assigning different file names can be avoided.

  The method for switching the reading target in the data file storage unit 30 is not necessarily limited to the method using a folder. The data file storage unit 30 in the present application does not need to be physically one storage device. For example, the data file storage unit 30 may be an aggregate of a plurality of drive devices or distributed in a state accessible via a network. It may be a collection of storage locations in the arranged server device. In file management by a general OS program, there is no problem even if files having the same file name are stored in different drive devices or storage locations in different server devices.

  Therefore, if the method of switching the folder described above is further understood as a method of switching the storage location of the data file, the data file storage unit 30 can be divided into the main storage location where the regular data file is stored and the fake data file (however, The regular data file for which there is no corresponding camouflaged data file is configured with a secondary storage location storing the regular data file), and the data file mediation unit 50 determines the primary storage location and the secondary storage location. By distinguishing, it is sufficient to distinguish the files to be handled.

  Specifically, when the data file mediation unit 50 receives a request for a data file from a specific application program, and the attribute of the application program is the first attribute, the data file mediation unit 50 requests from the main storage location. If the attribute of the application program is the second attribute, read the data file with the file name to be requested from the secondary main storage location and deliver it. That's fine.

<<< §6. Basic Configuration of Second Embodiment >>>
So far, the present invention has been described with respect to the first embodiment shown in FIG. 1 and its modification shown in FIG. Here, the present invention will be described for the second embodiment shown in FIG. 10 and its modification shown in FIG.

  The difference between the first embodiment shown in FIG. 1 and the second embodiment shown in FIG. 10 is that the former data file mediation unit 50 is replaced with a data file management unit 120 in the latter, and the former is an activation processing unit. 40 and the program execution unit 70 have indirectly accessed the data file storage unit 30 via the data file mediation unit 50, whereas in the latter case, the activation processing unit 40 and the program execution unit 70 have the data file This is the point that the storage unit 30 is directly accessed. For this reason, in the embodiment shown in FIG. 10, the activation processing unit 40, the data file management unit 120, and the program execution unit 70 constitute a development execution unit β ′. Therefore, in the following description, only the difference will be described, and description of other components will be omitted.

  Also in the second embodiment, a regular data file is used for an application program having the first attribute, and a fake data file is used for an application program having the second attribute. The basic concept is exactly the same as in the first embodiment described above. However, in the first embodiment, the data file mediation unit 50 recognizes the attribute of the application program and performs the process of selecting and transferring the data file corresponding to the recognized attribute. In the embodiment, the data file management unit 120 changes the access environment for the data file stored in the data file storage unit 30 so that the data file is appropriately selected.

  That is, in the case of the information processing apparatus shown in FIG. 10, when the activation processing unit 40 is given an activation instruction for a specific application program by an instruction from the user or an instruction from another program, the activation application program is programmed. The data file is read from the storage unit 20 and expanded in the memory 60, and the data file required by the specific application program is read by accessing the data file storage unit 30 (the data file storage unit 30 is directly accessed by itself). Then, a startup process to be expanded in the memory 60 is performed.

  At this time, the data file management unit 120 detects that the activation processing unit 40 has started the activation process. In FIG. 10, an arrow from the activation processing unit 40 to the data file management unit 120 indicates a flow of information for such activation detection (in contrast, an arrow from the data file management unit 120 to the activation processing unit 40). Indicates a flow of information for performing activation restriction described later).

  The data file management unit 120 that has detected the start of the startup process in this way performs the following access environment change process. That is, when the data file management unit 120 recognizes the attribute of the application program to be activated by referring to the attribute list L in the attribute list storage unit 80, and the recognized attribute is the first attribute In the access environment, a legitimate data file is read, and if the recognized attribute is the second attribute, a camouflaged data file (but a legitimate data file if no camouflaged data file exists) is read. Make changes.

  For example, when starting the application program AP1 shown in FIG. 2, the activation processing unit 40 reads the program AP1 from the program storage unit 20 and expands it on the memory 60, and further refers to the information in the program AP1. Thus, after recognizing that the program AP1 uses the data files D1 and D3, a process of reading the data files D1 and D3 from the data file storage unit 30 is performed. At this time, the data file management unit 120 detects that the activation process of the application program AP1 has started, and the regular data files D1 and D3 are accessed before the actual access to the data file storage unit 30 is performed at the latest. As described above, an access environment for the data file storage unit 30 is prepared.

  On the other hand, when activating the application program AP4 shown in FIG. 2, the activation processing unit 40 reads the program AP4 from the program storage unit 20 and expands it on the memory 60, and further refers to information in the program AP4. Thus, after recognizing that the program AP4 uses the data files D1, D4, and D5, a process of reading the data files D1, D4, and D5 from the data file storage unit 30 is performed. At this time, the data file management unit 120 detects that the activation process of the application program AP4 has started, and until the actual access to the data file storage unit 30 is performed at the latest, the requested three data files D1. , D4, and D5, for D1 and D4 in which a forged data file exists, the forged data files D1 'and D4' are accessed instead, and for D5 in which no forged data file exists, the regular data file D5 is accessed. Thus, an access environment for the data file storage unit 30 is prepared.

  Eventually, the data file management unit 120 accesses the data file storage unit 30 during the startup process of the application program AP1 having the first attribute and during the startup process of the application program AP4 having the second attribute. Will be processed. In other words, in the case of the example shown in FIG. 10, the data files D1, D2, D3, D4, D5, and D6 are accessed during the activation process of the application program having the first attribute and have the second attribute. When the application program is started, the data file management unit 120 changes the access environment for the data file storage unit 30 so that the data files D1 ', D2', D3, D4 ', D5, and D6 are accessed. It will be.

  Note that such an access environment change is not only performed at the time of startup processing by the startup processing unit 40 but also at the time of program execution by the program execution unit 70 (i.e., after the startup processing is completed, until the program is terminated, It is preferable that the application program is also valid during the period in which the application program is activated. As described above, the program execution unit 70 has a function of accessing a data file in the data file storage unit 30 in response to a request from the application program being executed.

  Therefore, the data file management unit 120 obtains from the program execution unit 70 information on which application program is a program that is currently activated (a program that has been activated by the activation processing unit 40 and has not been terminated). The regular data file is accessed during the period when the application program having the first attribute is activated, and the camouflaged data file (provided that the application program having the second attribute is activated) If the impersonation data file does not exist, the access environment is changed so that the regular data file is accessed. In FIG. 10, an arrow from the program execution unit 70 to the data file management unit 120 indicates a flow of information for notifying an application program that is currently being executed. By doing so, it is possible to realize an environment in which an appropriate data file is accessed even when the program execution unit 70 accesses the data file.

  Eventually, the data file management unit 120 accesses the regular data file during the period from the start to the end of the application program having the first attribute, and from the start to the end of the application program having the second attribute. During the period up to this time, management may be performed so as to maintain an environment in which a camouflaged data file (however, if there is no camouflaged data file) is accessed.

  Note that many information processing apparatuses such as smartphones have a function (so-called multitask function) for simultaneously starting a plurality of application programs. In such an information processing apparatus, a plurality of application programs can be simultaneously executed. You will be in the activated state. Of course, normally, by using a technique such as preemptive multitasking, the program execution unit 70 (actually the CPU) assigns an execution schedule to a plurality of application programs in a time-sharing manner, and alternately switches the execution schedule. The processing of the program assigned in the schedule will be executed in order. However, the application program that has been started once is placed in a started state until it is terminated, and the application program itself and the data file used by the program remain expanded on the memory 60.

  In the case of an information processing apparatus having such a multitask function, a period from start to end of an application program having the first attribute and start to end of the application program having the second attribute. If the period up to this time overlaps, the switching process operation of the data file management unit 120 becomes extremely complicated. Such an overlap period may be accessed from an application program having the first attribute, and may be accessed from an application program having the second attribute. , While monitoring such access step by step, determine which attribute the application program is accessing from, and perform the process of switching to the correct access environment until the data file is actually accessed There is a need.

  In order to avoid such a complicated process, the activation processing unit 40 is activated so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time. You should have a function to perform In FIG. 10, an arrow from the data file management unit 120 to the activation processing unit 40 indicates a flow of information necessary for performing such activation restriction.

  Specifically, the contents of the attribute list L may be transmitted from the data file management unit 120 to the activation processing unit 40, and the current access environment switching status may be transmitted. Then, while the current access environment is the environment when the application program having the first attribute is activated, the activation processing unit 40 restricts activation of the application program having the second attribute. However, while the environment is the case where the application program having the second attribute is activated, the activation processing unit 40 can restrict the activation of the application program having the first attribute.

  FIG. 11 is a block diagram showing a configuration of an information processing apparatus according to a practical modification example of the second embodiment shown in FIG. The apparatus according to the modification shown in FIG. 11 is obtained by adding a camouflaged data file setting unit 100 and an attribute list update unit 110 to the apparatus shown in FIG.

  Here, the camouflaged data file setting unit 100 is a component having a function of storing a camouflaged data file corresponding to a new regular data file designated as a protection target file in the data file storage unit 30, and has an attribute The list update unit 110 is an update process for adding information indicating an attribute of the new application program to the attribute list L in the attribute list storage unit 80 when a new application program is installed by the application installation processing unit 10. And an update process for changing the contents of the attribute list L in the attribute list storage unit 80 based on a user instruction.

  The specific functions of the camouflaged data file setting unit 100 and the attribute list update unit 110 are as described in §4 as the modification according to the first embodiment, and detailed description thereof is omitted here.

<<< §7. Specific operation of the second embodiment >>
Subsequently, a specific operation of the second embodiment described in §6 will be described. The feature of the second embodiment is the function of the data file management unit 120. As described above, the data file management unit 120 has a function of changing the access environment for the data file stored in the data file storage unit 30.

  That is, by referring to the attribute list L, the data file management unit 120 recognizes the attribute of the application program to be activated or the activated application program, and the recognized attribute is the first attribute. If the recognized attribute is the second attribute, the camouflaged data file (but the camouflaged data file if no camouflaged data file exists) is read. Processing for changing the access environment for the data file storage unit 30 is performed. Here, some specific methods for changing the access environment are illustrated.

<7-1: Method for changing file name (batch switching of two setting states)>
In the description of the first embodiment, the method for changing the file name as illustrated in FIG. 8 has been described as a specific method for the data file mediating unit 50 to distinguish and handle the regular data file and the camouflaged data file. The method described here also changes the access environment by changing the file name.

  Assume that the file names as shown in the upper part of FIG. 12 are given to the nine data files in the data file storage unit 30 shown in FIG. Here, a state in which such a file name is assigned is referred to as a first setting state. This first setting state is exactly the same as the state shown in FIG. That is, for six sets of regular data files D1 to D6, “File D1.txt”, “File D2.csv”, “File D3.txt”, “File D4.csv”, “File D5.war”, respectively. ”,“ File D6.zod ”, and three sets of camouflaged data files D1 ′, D2 ′, D4 ′ are preceded by“! ”Immediately before the file name extension of the corresponding regular data file. Are added to the file names “File D1! .Txt”, “File D2! .Csv”, and “File D4! .Csv”, respectively.

  Here, the file names given to the regular data files D1 to D6 are the original file names required by each application program, and the application programs AP1 to AP5 are necessary data files both at the start and after the start. Are specified by the file names given to the regular data files D1 to D6. In other words, both the application program having the first attribute and the application program having the second attribute request the data file using the original file name without “!” Added. It will be.

  Moreover, in the case of the second embodiment, as shown in FIG. 11, both the activation processing unit 40 and the program execution unit 70 directly access the data file storage unit 30. That is, the activation processing unit 40 according to the second embodiment reads an activation target application program from the program storage unit 20 and expands it in the memory 60 when an activation instruction for a specific application program is given. A data file having a file name required by a specific application program is read out from the data file storage unit 30 and loaded in the memory 60. In addition, when the specific application program is activated, the program execution unit 70 also performs data file read processing and storage processing on the data file storage unit 30 as necessary.

  As described above, in the second embodiment, the data processing unit 30 and the program execution unit 70 directly access the data file storage unit 30 under the original file name specified by the application program. After all, what is actually accessed is a data file with the original file name without "!" Appended, and files with "!" Appended to the file name are never accessed. There is no.

  This point is different from the above-described first embodiment. In the case of the first embodiment, it is always the data file mediation unit 50 that directly accesses the data file storage unit 30. The data file mediation unit 50 refers to the attribute list L, and the activation processing unit 40 and the program It is determined whether the data file having the original file name requested from the execution unit 70 is read as it is, or the data file having the file name with “!” Added thereto is read instead. The replacement process could be performed. On the other hand, in the second embodiment described here, the activation processing unit 40 and the program execution unit 70 are configured to directly access the data file storage unit 30, so that the file name is re-read. In addition, a file with “!” Added to the file name is never accessed.

  Instead, in the second embodiment, a file name changing process is performed by the data file management unit 120. The second setting state shown in the lower part of FIG. 12 is a state in which such a file name change has been performed. The difference between the first setting state and the second setting state is that the file names of the regular data files D1, D2, and D4 designated as the files to be protected and the fake data files D1 ′, D2 ′, The file name of D4 'is replaced. That is, in the first setting state, a file name with “!” Added to the three sets of camouflaged data files D1 ′, D2 ′, and D4 ′, whereas in the second setting state, The file names with “!” Added to the three sets of regular data files D1, D2 and D4 corresponding thereto.

  Based on the information obtained from the activation processing unit 40 and the program execution unit 70, the data file management unit 120 recognizes the application program being activated and activated, and stores the attribute list L in the attribute list storage unit 80. Referring to, switching between the first setting state and the second setting state is performed. That is, the data file storage unit 30 is accessed, and a process of rewriting a necessary file name at a necessary point in time for each of the stored data files is executed.

  As a result, when the attribute of the application program to be activated or the application program in the activated state is the first attribute, the access environment in which the regular data file is read (that is, the first in the upper part of FIG. 12). If the setting state is set and the second attribute is set, an access environment (that is, a second data in the lower part of FIG. 12) from which a camouflaged data file (however, if there is no camouflaged data file) is read out. Setting state) is adjusted.

  The processing performed by the data file management unit 120 is basically the file name of the data file stored in the data file storage unit 30 and the request target file name requested by the application program (in the above example, “!”). This is a process of switching between a file name to which no request is added and a non-request target file name that is different from the request target file name (in the above example, a file name to which “!” Is added). .

  When the activation process by the activation processing unit 40 is performed, the function of the data file management unit 120 will be described in detail. The data file management unit 120 refers to the attribute list L in the attribute list storage unit 80. If the attribute of the application program to be activated is recognized and the recognized attribute is the first attribute at least during the period until the reading of the data file in the activation process for the activation object is completed, The first setting in which a request target file name (file name without “!”) Is assigned to the data file, and a non-request target file name (file name with “!”) Is assigned to the fake data file If the recognized attribute is the second attribute, the non-regular data file is not Second setting state in which a request target file name (however, a request target file name is assigned to a regular data file for which there is no corresponding impersonation data file) and a request target file name is assigned to a camouflaged data file As shown in the lower part of FIG. 12, the file name is changed.

  In addition, if the file name is changed in this way, even when the program execution unit 70 performs a data file read process or save process, the regular data file and the camouflaged data file are distinguished from each other according to the attribute. Is possible. That is, if the data file management unit 120 maintains the setting state at the start-up process during the period in which the application program is started even after the start-up process for the specific application program is completed, Good. In other words, the data file management unit 120 is in the first setting state during the period in which the application program having the first attribute is activated, and the application program having the second attribute is activated. The file name may be changed so as to be in the second setting state during a certain period.

  In the case of an information processing apparatus having a multitask function, as described above, both the application program having the first attribute and the application program having the second attribute are simultaneously activated in the activation processing unit 40. If a function for restricting activation so as not to be in a state is provided, even if a plurality of application programs are activated simultaneously, the attribute of the simultaneously activated program is the first attribute or the second attribute. Therefore, a switching process for switching to the first setting state when the attribute is the first attribute and to the second setting state when the attribute is the second attribute may be performed. .

  For example, among the five sets of application programs AP1 to AP5 shown in FIG. 2, during the period from when AP1 and AP3 having the first attribute are simultaneously activated until both are terminated, the upper part of FIG. It is only necessary to switch to the first setting state. Then, when there is a file request with the original file names “File D1.txt”, “File D3.csv”, and “File D4.csv” from these programs, the regular data file D1 according to the request. , D3, D4 are read out. On the other hand, after AP4 and AP5 having the second attribute are activated at the same time, they may be switched to the second setting state shown in the lower part of FIG. Then, from these programs, file requests with the original file names “File D1.txt”, “File D2.csv”, “File D4.csv”, “File D5.war”, “File D6.zod” In response to the request, the camouflaged data files D1 ′, D2 ′, and D4 ′ are read for those for which a camouflaged data file exists, and the regular data files D5 and D6 for those for which no camouflaged data file exists. Will be read out.

  When no application program is activated (that is, when no application program is expanded on the memory 60), the data file management unit 120 uses the application program having the second attribute. In the same way as when is launched, a non-requested file name is given to a regular data file (however, a file name to be requested for a regular data file that does not have a corresponding fake data file) It is preferable to change the file name so that the request target file name is assigned to the file name.

  That is, in the case of the example shown in FIG. 12, when no application program is activated, the second setting state is maintained. In other words, a process of temporarily switching to the first setting state is performed only when an application program having the first attribute is started with the second setting state as a default state. If such processing is performed, the contents of the protection target file will not leak to the outside in the default state, so that it is possible to further improve the safety from the viewpoint of preventing information leakage of the protection target file.

<7-2: Method for changing file name (individual switching for each file)>
In FIG. 12, the example which switches the 1st setting state and the 2nd setting state was described. In this embodiment, the data file management unit 120 performs batch switching so that one of the two setting states is set, and settings other than the two setting states are not performed. .

  However, the switching of file names is not necessarily performed by batch switching of two setting states, and individual switching for each file may be performed. FIG. 13 is a diagram illustrating an example of a switching operation for individually switching each file. In this example, the state shown in the upper part of FIG. 13 is the default setting state. Actually, this default setting state is exactly the same as the second setting state shown in the lower part of FIG. 12, and for the protection target file, camouflaged data files D1 ′, D2 instead of the regular data files D1, D2, D4. 'And D4' are in a state of being read. As described above, if such a state is set to a default state, safety can be further improved in preventing information leakage.

  When the activation processing unit 40 or the program execution unit 70 performs a file reading process or a storage process in response to a request from the application program, the application program is a program having the second attribute. There is no problem with this default setting. However, if the application program is a program having the first attribute, the access environment is changed (that is, the file name is changed) so that the regular data file becomes the access target instead of the fake data file. There is a need to do. In the above-described embodiment, the method of collectively switching the setting state of each data file is adopted. However, in the embodiment shown here, only a change to the minimum necessary data file is performed.

  For example, when the activation processing unit 40 starts the activation process of the application program AP1 having the first attribute, or thereafter executes the AP1 in a state where the program execution unit 70 is activated, the data file The management unit 120 changes the access environment (file name) for the data file storage unit 30 so that the AP1 activation detection state shown in the lower part of FIG. 13 is changed from the default setting state shown in the upper part of FIG.

  The difference between the default setting state shown in the upper part of FIG. 13 and the activation detection state of AP1 shown in the lower part of FIG. 13 is that the program AP1 among the regular data files D1, D2, and D4 designated as the protection target files. The only difference is that the file name of the file D1, which is the use data file to be used, is replaced with the file name of the camouflaged data file D1 ′ corresponding thereto. That is, in the default setting state, a file name with “!” Added is assigned to the regular data file D1, whereas in the activation detection state of AP1, the corresponding camouflaged data file D1 ′ is assigned. On the other hand, a file name with “!” Added is given.

  Therefore, in the activation detection state of AP1, if the application program AP1 requests the usage data files D1 and D3 by specifying the original file names “File D1.txt” and “File D3.txt”, Data files D1 and D3 are read out. The activation detection state of AP1 is a state that is temporarily maintained until the application program AP1 is activated and then terminated. If the application program AP1 is not activated, the data file D1, Since the file name of D1 ′ is replaced again, for example, even if there is a read request with the file name “File D1.txt” from the application program AP5, for example, it is the fake data file D1 ′ that is read out. .

  Although the case where the application program AP1 is activated has been described above, the same applies to the case where another application program having the first attribute is activated. For example, when the telephone call program AP2 shown in FIG. 2 is started, the file names of the usage data files D1 and D2 of the program AP2 are replaced, and “File D1.txt” and “File D2. When the original file name “csv” is designated and the usage data files D1 and D2 are requested, the regular data files D1 and D2 are read out.

  Of course, in the case of an information processing apparatus having a multitask function, as described above, both the application program having the first attribute and the application program having the second attribute are simultaneously activated in the activation processing unit 40. If there is a function to limit activation so that it does not become a state, there will be no discrepancy in the necessary file name switching processing.

  In order for the data file management unit 120 to perform individual switching for each file, it is necessary to recognize which data file is used by each application program and perform a file name replacement process for the necessary data file. There is. Therefore, when the embodiment shown here is carried out, the attribute list storage unit 80 stores information indicating the use data file used by each application program.

  Specifically, for example, an attribute list LL as illustrated in FIG. 14 may be stored in the attribute list storage unit 80. This attribute list LL is obtained by adding a usage data column to the attribute list L described so far. In the usage data column, usage data used by each application program is shown. Here, for convenience of explanation, the usage data is shown using symbols D1 to D6. However, the attribute list update unit 110 actually uses the original file name such as “File D1.txt” as the attribute list. It should be recorded in LL.

  As described above, the basic function of the data file management unit 120 is to change the file name of the data file stored in the data file storage unit 30 to the request target file name requested by the application program (file name without “!”). And the non-request target file name (file name with “!”) Different from the request target file name. In the embodiment described here, this change processing is This is performed individually for each necessary data file in accordance with an application program to be activated or activated.

  That is, the data file management unit 120 recognizes the attribute of the application program to be activated or in the activated state by referring to the attribute list LL, and the recognized attribute is the first attribute As long as it is related to at least the data file used by the application program that is the activation target or in the activated state, the request target file name (file name without “!”) Is assigned to the regular data file, When a non-request target file name (file name with “!”) Is assigned to the data file, and the recognized attribute is the second attribute, at least the target is activated or activated Restrictions on data files used by application programs The non-request target file name is assigned to the regular data file (however, the request target file name is assigned to the regular data file for which there is no corresponding impersonation data file), and the request target file name is assigned to the spoof data file. Change the file name so that it is in the assigned state.

  For example, in the activation detection state of AP1 shown in the lower part of FIG. 13, since the activation-detected AP1 has the first attribute, at least as far as the data files D1 and D3 used by AP1 are concerned, a request target for a regular data file is requested. The file names “File D1.txt” and “File D3.txt” are assigned, and the non-request target file name “File D1! .Txt” is assigned to the camouflaged data file D1 ′. This example is an example in which activation of only AP1 is detected. For example, when AP3 is activated at the same time, the data file D4 used by AP3 is also compared with the regular data file D4. The request target file name “File D4.csv” is assigned, and the non-request target file name “File D4! .Txt” is assigned to the camouflaged data file D4 ′.

<7-3: Variation to change extension>
So far, as a method of distinguishing the file name, the method of not adding "!" Immediately before the extension has been illustrated, but of course, the file name of the regular data file and the file of the fake data file corresponding to this The method for distinguishing names is not limited to the above method. That is, it is possible to recognize that a specific regular data file and a specific fake data file correspond to each file name, and the OS program correctly handles both as different file names. You may make it distinguish a file name by such a method.

  Of course, the file name referred to in the present application includes an extension, and the file name may be distinguished by changing the extension. That is, the data file management unit 120 may use file names with different extensions as the corresponding request target file names and non-request target file names.

  FIG. 15 is a diagram showing an example in which the file name is changed by changing the extension, and shows the first setting state as in the example shown in the upper part of FIG. The setting state is not shown). In the case of the example shown in FIG. 15, the portion of the character string that forms the file name up to the portion immediately before the extension is the request target file name (in the first setting state shown, the file name for the regular data file). ) And the non-request target file name (in the first setting state shown in the figure, the file name for the fake data file) are exactly the same, and the difference between them is the extension part (in this example, the last three characters) String) only.

  That is, in the illustrated example, the extensions “.txt” and “.csv” for the request target file name are changed to a fictitious extension “.zzz” for the non-request target file name. Of course, when a data file having a file name with such a fictitious extension “.zzz” is read and saved by a general application program, an error usually occurs. However, since the data file to which the non-request target file name is assigned is not an access target by a general application program, there is no problem.

  In this way, in order to distinguish between the file name of the regular data file and the file name of the camouflaged data file corresponding to this, if the method of changing only the extension part of both is adopted, the characters up to the immediately preceding extension are used. Since both columns are common, it is possible to easily recognize which regular data file each fake data file corresponds to based on this common part. Becomes easier.

<7-4: Variations using file names having a two-to-one correspondence>
In the embodiments described so far, a request target file name and a corresponding non-request target file name are defined in a one-to-one correspondence relationship, one of which is assigned to a regular data file, and the other is a fake data file. The file name changing process by the data file storage unit 120 is not necessarily two files having such a one-to-one correspondence relationship. It is not limited to the process of replacing names.

  FIG. 16 is a diagram showing another example in which the file name is changed by changing the extension. The upper part shows the default setting state, and the lower part shows the activation detection state of AP1. In the default setting state, a non-request target file name is assigned to any data file. For example, with respect to the regular data file D1, three characters “.reg” are further added after the request target file name “File D1.txt” as in “File D1.txt.reg”. The same applies to the regular data files D2 to D6. On the other hand, for the camouflaged data file D1 ′, three characters “.dum” are further added after the request target file name “File D1.txt” as “File D1.txt.dum”. . The same applies to the camouflaged data files D2 ′ and D4 ′.

  In short, in this default setting state, the file names of all regular data files have names with a character string “.reg” at the end, and the file names of all impersonation data files have the names at the end. The name is given the string “.dum”. Here, “.reg” is an abbreviation for “regular” and indicates that it is a regular data file, and “.dum” is an abbreviation for “dummy” and is a forged data file. It shows that it is.

  Since a general OS program recognizes a character string written up to the first “.” Position from the end of the file name to the left as an extension, in the illustrated example, “.reg” and The “.dum” part will be recognized as an extension. Of course, such an extension is not generally used, but in this example, the file names assigned in the default setting state are all non-requested file names. Does not occur. In other words, in a default setting state, a general application program cannot access any data file.

  Therefore, the data file management unit 120 uses a method similar to the method described in §7-2 “Method for changing file name (individual switching for each file)” to determine which data file each application program uses. After recognizing whether to use, the file name replacement process for the necessary data file may be performed when necessary. For example, when the activation process for the application program AP1 is started or the application program AP1 is activated, the activation of AP1 shown in the lower part of FIG. 16 is changed from the default setting state shown in the upper part of FIG. What is necessary is just to change about a required file name so that it may be in a detection state.

  Specifically, referring to the attribute list LL shown in FIG. 14, the application program AP1 is a program having the first attribute, and the usage data can be recognized as the data files D1 and D3. A file name change process may be performed so that the request target file name is given to the regular data files D1 and D3. In the activation detection state of AP1 shown in the figure, the request target file name “File D1.txt” is given to the regular data file D1, and the request target file “File D3.txt” is assigned to the regular data file D3. The names are given, and all of them are read out without any problem in response to a request from the application program AP1. Of course, when the application program AP1 ends, the default setting state is restored.

  The file name changing process when shifting to the activation detection state of AP1 is very simple. In other words, for the regular data file D1 to be changed, the ".reg" part is deleted from the end of the non-request target file name "File D1.txt.reg" and changed to "File D1.txt" For the regular data file D3 to be changed, the “.reg” part is deleted from the end of the non-requested file name “File D3.txt.reg” and “File D3 The process of changing to “.txt” may be performed. When returning to the default setting state, the process of adding the “.reg” part may be performed.

  The file name changing process when shifting to the activation detection state of the application program having the second attribute is substantially the same. For example, when the activation of the application program AP4 is detected, referring to the attribute list LL shown in FIG. 14, the application program AP4 is a program having the second attribute, and its usage data is the data file D1, Since the file names can be recognized as D4 and D5, the file name changing process may be performed such that the requested file names are assigned to the fake data files D1 ′ and D4 ′ and the regular data file D5.

  That is, in the default setting state shown in the upper part of FIG. And a process of deleting “.reg” from the end of the file name of the regular data file D5 and changing it to “File D5.war”. In order to return to the default setting state, on the contrary, the process of adding “.dum” and “.reg” may be performed.

  Finally, in the embodiment shown in FIG. 16, in the default setting state, the regular data file is given a non-requested file name with an extension of “.reg”, and “.dum” is assigned to the camouflaged data file. In a state where a non-request target file name having an extension is given and a file with a forged data file exists, two types of non-request target file names are prepared. Then, depending on the attribute of the application program that requests the file, the process of obtaining the request target file name by deleting the extension “.reg” or “.dum” from one of the non-request target file names. Done.

  Accordingly, the correspondence relationship between the non-request target file name and the request target file name is not 1: 1 but 2: 1. If there is a one-to-one correspondence between the non-request target file name and the request target file name, one is assigned to the regular data file and the other is assigned to the fake data file, as in the above example. Depending on the situation, the process of exchanging the two is performed. However, as in the embodiment described here, when there is a two-to-one correspondence, in the default setting state, the regular data file and the fake data file A non-request target file name may be assigned to any of these, and if necessary, one of them may be changed to a request target file name.

  In any case, when the application program making the file request has the first attribute, the data file management unit 120 requests the regular data file at least as far as the data file used by the application program is concerned. If the file name is given and the non-requested file name is given to the camouflaged data file and it is the second attribute, at least as far as the data file used by the application program is concerned, the regular data file A non-requested file name is assigned to the file (however, a request target file name is assigned to a regular data file that does not have a corresponding fake data file), and a request file name is assigned to the fake data file So that the file name It may be carried out change.

  In FIG. 16, a variation using a file name having a two-to-one correspondence by changing the extension portion is illustrated, but it goes without saying that portions other than the extension may be changed. For example, in the default setting state, the non-request target file name “File D1 # .txt” is given to the regular data file D1, and the non-request target file “File D1 $ .txt” is assigned to the fake data file D1 ′. When the activation of the application program having the first attribute is detected, the file name of the regular data file D1 is changed to the requested file name “File D1.txt”, and the second attribute When the activation of the application program having the above is detected, the file name of the fake data file D1 ′ may be changed to the requested file name “File D1.txt”.

<7-5: How to change the folder name>
In the description of the first embodiment, as a specific method for the data file mediation unit 50 to distinguish and handle the regular data file and the camouflaged data file, the method of changing the folder to be accommodated as illustrated in FIG. 9 has been described. . The method described here also changes the access environment by changing the accommodation folder.

  Consider the case where two folders as shown in the upper part of FIG. 17 are created in the data file storage unit 30 shown in FIG. Here, the folder shown on the left side of the figure is called a main folder F1, and the folder shown on the right side of the figure is called a subfolder F2. In the first setting state shown in the upper part of FIG. 17, a folder name “DATA” is assigned to the main folder F1, and a folder name “X” is assigned to the subfolder F2. Yes. Each of these folders functions as a storage location for storing data files used by the application program.

  In fact, the main folder F1 and the subfolder F2 shown in the upper part of FIG. 17 are exactly the same as the main folder F1 and the subfolder F2 shown in FIG. That is, as described in the description of FIG. 9, regular data files D1 to D6 are stored in the main folder F1, and camouflaged data files D1 ′, D2 ′, D4 ′ and corresponding information are stored in the subfolder F2. The regular data files D3, D5, and D6 in which no fake data file exists are stored. As described in FIG. 9, both the regular data file D1 in the main folder F1 and the fake data file D1 ′ in the subfolder F2 have the same file name “File D1.txt”. The content is quite different. Therefore, also in FIG. 17, the file name of each data file is displayed in the ellipse, and the camouflaged data file is displayed with a thick frame and hatched inside.

  In the case of the first embodiment, the data file mediation unit 50 switches the access target to either one of the main folder F1 or the subfolder F2, so that the application program having the first attribute is not processed. The data file in the folder F1 is delivered, and the application program having the second attribute is processed to deliver the data file in the subfolder F2.

  The basic concept is the same in the embodiments shown here. That is, when a main folder F1 and a subfolder F2 as shown in the upper part of FIG. 17 are created in the data file storage unit 30 and access is received from an application program having the first attribute, An access environment in which access to the folder F1 is performed is obtained, and when access is received from an application program having the second attribute, an access environment in which access to the subfolder F2 is performed is obtained. The access environment change process may be performed by the data file management unit 120.

  As a method for changing the access environment, a folder name change method is employed in the embodiment described here. That is, the data file management unit 120 performs processing to switch between the first setting state shown in the upper part of FIG. 17 and the second setting state shown in the lower part. The difference between the first setting state and the second setting state is only how to assign a folder name to each folder. That is, in the first setting state, the folder name “DATA” is assigned to the main folder F1, and the folder name “X” is assigned to the subfolder F2. In the setting state of 2, the folder names are switched.

  As described above, in order to change the access environment by changing the folder name, when the activation processing unit 40 or the program execution unit 70 accesses the data file storage unit 30, a specific access folder name is set. It is assumed that an arrangement has been made for the access location to be within the folder. Many OS programs have such an arrangement. For example, in Android OS (registered trademark), which is a typical OS program for smartphones, it is determined that a data file used by a general application program is stored in a folder having a folder name “DATA”. .

  As described above, when the folder having the folder name “DATA” is determined as the storage location for access, the activation processing unit 40 and the program execution unit 70 are in the first setting state shown in the upper part of FIG. For example, the main folder F1 is accessed, and if the second setting state shown in the lower row is reached, the subfolder F2 is accessed.

  Therefore, the data file management unit 120 activates an application program having the first attribute by the activation processing unit 40, or the file execution by the program execution unit 70 based on an instruction of the application program in the activated state. When a read process or a save process is performed, a folder name is assigned so as to be in the first setting state shown in the upper part of FIG. 17, and an application program having the second attribute is started or started. When a file reading process or storage process is performed by the program execution unit 70 based on an instruction of the application program in the set state, the second setting state shown in the lower part of FIG. 17 is set. A folder name may be given.

  After all, in the embodiment described here, on the premise that the activation processing unit 40 and the program execution unit 70 recognize and access the folder having the folder name “DATA” as an access folder, the data file management unit 120 The folder name for the main folder F1 and the subfolder F2 is changed by switching between the access folder name “DATA” and a different non-access folder name “X”.

  Here, a plurality of n regular data files (D1 to D6 in the example of FIG. 17) are stored in the main folder F1, and some or all of these n regular data files are protected. It is specified as a target file (in the example of FIG. 17, D1, D2, and D4 are protection target files), and the subfolder F2 has the same data format as the regular data file specified as the protection target file. Impersonation data files (D1 ′, D2 ′, D4 ′ in the example of FIG. 17) and regular data files that are not designated as protection target files (D3, D5, D6 in the example of FIG. 17) Stored.

  The specific process performed by the data file management unit 120 when the activation process is performed by the activation processing unit 40 is as follows. First, the data file management unit 120 refers to the attribute list L in the attribute list storage unit 80 to recognize the attribute of the application program to be activated. If the recognized attribute is the first attribute at least until the data file is read in the activation process for the activation target, the access folder name “DATA” is assigned to the main folder F1. Is set in the first setting state in which the non-access folder name “X” is assigned to the subfolder F2 (upper part of FIG. 17), and the recognized attribute is the second attribute, As shown in a second setting state in which the access folder name “DATA” is assigned to the subfolder F2 and the non-access folder name “X” is assigned to the main folder F1 (lower part of FIG. 17). Change the folder name.

  In the example shown in FIG. 17, the non-access folder name “X” given to the subfolder F2 in the first setting state shown in the upper row and the main folder F1 given in the second setting state shown in the lower row. The non-access folder name “X” is the same, but the non-access folder name is not necessarily the same. For example, the former folder name is “X” and the latter folder name is “Y”. It doesn't matter if you do.

  If the folder name is changed as described above, it is possible to distinguish between a regular data file and a camouflaged data file according to the attribute even when the program execution unit 70 performs a data file read process or save process. It is. That is, if the data file management unit 120 maintains the setting state at the start-up process during the period in which the application program is started even after the start-up process for the specific application program is completed, Good. In other words, the data file management unit 120 is in the first setting state during the period in which the application program having the first attribute is activated, and the application program having the second attribute is activated. The folder name may be changed so as to be in the second setting state during a certain period.

  In the case of an information processing apparatus having a multitask function, as described above, both the application program having the first attribute and the application program having the second attribute are simultaneously activated in the activation processing unit 40. If a function for restricting activation so as not to be in a state is provided, even if a plurality of application programs are activated simultaneously, the attribute of the simultaneously activated program is the first attribute or the second attribute. Therefore, a switching process for switching to the first setting state when the attribute is the first attribute and to the second setting state when the attribute is the second attribute may be performed. .

  When no application program is activated (that is, when no application program is expanded on the memory 60), the data file management unit 120 enters the second setting state. In addition, it is preferable to change the folder name. In the second setting state, the content of the protection target file does not flow out to the outside, so that it is possible to further improve the safety from the viewpoint of preventing information leakage of the protection target file.

<7-6: Method for changing data files (batch replacement)>
Subsequently, as a modification of the embodiment described in §7-5, a method of changing the access environment by moving data files between folders and replacing the data files will be described with reference to FIG.

  In the embodiment shown in FIG. 17, the access environment is changed by changing the folder name without changing any of the individual data files stored in the main folder F1 and the subfolder F2. On the other hand, in the modification described here, the folder name is not changed, the access folder name “DATA” is always assigned to the main folder F1, and the data file in the main folder F1 is always the access target. Like that. Instead, the data file that is actually accessed is switched by appropriately replacing the contents of the main folder F1.

  That is, in this modification, the activation processing unit 40 always reads the data file having the file name requested by the application program to be activated from the main folder F1, and similarly, the program execution unit 70 also activates the program execution unit 70. The data file having the file name requested by the application program in the set state is always read from the main folder F1. However, when the attribute of the application program is the first attribute, the data file management unit 120 enters the first setting state shown in the upper part of FIG. 18 and the attribute of the application program is the second attribute. If there is, the switching process is executed as necessary so that the second setting state shown in the lower part of FIG. 18 is obtained.

  Such a switching process can be easily understood by comparing the first setting state shown in the upper part of FIG. 18 with the second setting state shown in the lower part. In the first setting state, regular data files D1 to D6 are stored in the main folder F1 (folder name is “DATA”), and impersonation data is stored in the subfolder F2 (folder name is “X”). Files D1 ', D2', D4 'are stored. Since the secondary folder F2 is not a target of access by a general application program, it is not necessary to prepare regular data files D3, D5, and D6 in which no corresponding fake data file exists in the secondary folder F2. In the first setting state, when the main folder F1 is accessed, the regular data files D1 to D6 can always be obtained.

  On the other hand, the second setting state can be said to be a state in which the regular data files D1, D2, and D4 designated as the protection target files in the first setting state are replaced. That is, in the main folder F1 (folder name is “DATA”), camouflaged data files D1 ′, D2 ′, and D4 ′ and regular data files D3, D5, and D6 for which no corresponding camouflaged data file exists are stored. ing. On the other hand, in the subfolder F2 (folder name is “X”), regular data files D1, D2, and D4 in which corresponding camouflaged data files exist are stored. Eventually, in this modification, the subfolder F2 has a meaning as a save location of the data file removed from the main folder F1.

  In the example shown in FIG. 18, the subfolder in the first setting state shown in the upper part and the subfolder in the second setting state shown in the lower part are the same folder F2. It may be prepared as a save location, and the subfolder as the save location may be different for each data file to be saved.

  In short, in this modification, a plurality of n regular data files are stored in the entire storage location including the main folder and the subfolder, and some or all of the n regular data files are stored. It is specified as a protection target file, and it is only necessary to store a camouflaged data file having the same data format as the regular data file specified as the protection target file in the entire storage location.

  The data file management unit 120 performs processing for appropriately replacing the data file in the main folder F1 and the data file in the subfolder F2. That is, an application program having the first attribute is activated by the activation processing unit 40, or a file reading process or a storage process is performed by the program execution unit 70 based on an instruction of the application program in the activated state. When the file is broken, the data file is replaced so that the first setting state shown in the upper part of FIG. 18 is obtained, and the application program having the second attribute is started or the application program in the started state When a file reading process or a storing process is performed by the program execution unit 70 based on an instruction of the application program, the data file is replaced so as to be in the second setting state shown in the lower part of FIG. Just do it.

  In this modified example, the specific process performed by the data file management unit 120 when the activation process by the activation processing unit 40 is performed is as follows. First, the data file management unit 120 refers to the attribute list L stored in the attribute list storage unit 80 to recognize the attribute of the application program to be activated. If the recognized attribute is the first attribute at least until the data file is read in the activation process for the activation target, the regular data file is stored in the main folder F1, and the fake data When the file is in the first setting state stored in the subfolder (upper part of FIG. 18) and the recognized attribute is the second attribute, the regular data file designated as the protection target file is the subfolder F2. The corresponding data files are exchanged so that the regular data file and the camouflaged data file that are not specified as the files to be protected are stored in the main folder to be in the second setting state (lower part of FIG. 18). .

  If the data file is exchanged as described above, even when the program execution unit 70 performs a data file read process or save process, it is possible to distinguish between a regular data file and a camouflaged data file according to attributes. It is. That is, if the data file management unit 120 maintains the setting state at the start-up process during the period in which the application program is started even after the start-up process for the specific application program is completed, Good. In other words, the data file management unit 120 is in the first setting state during the period in which the application program having the first attribute is activated, and the application program having the second attribute is activated. The data files may be replaced so that the second setting state is maintained during a certain period.

  In the case of an information processing apparatus having a multitask function, as described above, both the application program having the first attribute and the application program having the second attribute are simultaneously activated in the activation processing unit 40. If a function for restricting activation so as not to be in a state is provided, even if a plurality of application programs are activated simultaneously, the attribute of the simultaneously activated program is the first attribute or the second attribute. Therefore, a switching process for switching to the first setting state when the attribute is the first attribute and to the second setting state when the attribute is the second attribute may be performed. .

  When no application program is activated (that is, when no application program is expanded on the memory 60), the data file management unit 120 enters the second setting state. That is, the regular data file designated as the protection target file is stored in the subfolder F2, and the regular data file and the camouflaged data file not designated as the protection target file are stored in the main folder F1. Thus, it is preferable to replace the corresponding data file. In the second setting state, the content of the protection target file does not leak to the outside, so that it is possible to further improve the safety from the viewpoint of preventing information leakage of the protection target file.

<7-7: Method for changing data files (individual replacement)>
In FIG. 18, the example which switches the 1st setting state and the 2nd setting state was described. In this embodiment, since the data file management unit 120 performs batch replacement of data files so that one of these two setting states is set, settings other than these two setting states are performed. There is nothing.

  However, the replacement of data files is not necessarily performed at once, and individual replacement for each file may be performed. FIG. 19 is a diagram illustrating an example of the operation of individually replacing each file. In this example, the state shown in the upper part of FIG. 19 is the default setting state. Actually, this default setting state is exactly the same as the second setting state shown in the lower part of FIG. 18, and for the protection target file, camouflaged data files D1 ′, D2 instead of the regular data files D1, D2, D4. 'And D4' are in a state of being read.

  That is, in this default setting state, the regular data files D1, D2, D4 designated as the protection target files are stored in the subfolder F2, and the regular data files D3, D5, D6 not designated as the protection target files and The camouflaged data files D1 ′, D2 ′, D4 ′ are stored in the main folder F1. As described above, if such a state is set to a default state, safety can be further improved in preventing information leakage.

  When the activation processing unit 40 or the program execution unit 70 performs a file reading process or a storage process in response to a request from the application program, the application program is a program having the second attribute. There is no problem with this default setting. However, if the application program is a program having the first attribute, the access environment is changed so that the regular data file becomes the access target instead of the camouflaged data file (ie, the main folder that becomes the access folder). It is necessary to replace the data file accommodated in the folder F1. In the embodiment described in §7-6, a method of batch replacement that takes one of the two setting states shown in FIG. 18 is adopted. However, in the embodiment shown here, the minimum necessary data file is used. Only replacement for is performed.

  For example, when the activation processing unit 40 starts the activation process of the application program AP1 having the first attribute, or thereafter executes the AP1 in a state where the program execution unit 70 is activated, the data file The management unit 120 changes the access environment (file movement) to the data file storage unit 30 so that the AP 1 activation detection state shown in the lower part of FIG. 19 is changed from the default setting state shown in the upper part of FIG. .

  The difference between the default setting state shown in the upper part of FIG. 19 and the activation detection state of AP1 shown in the lower part of FIG. 19 is that the program AP1 among the regular data files D1, D2, and D4 designated as the protection target files. The only difference is that the regular data file D1 to be used and the camouflaged data file D1 ′ corresponding thereto are interchanged. That is, in the default setting state, the regular data file D1 is accommodated in the subfolder F2, and the fake data file D1 ′ is accommodated in the main folder F1, whereas in the activation detection state of AP1, The accommodation states of these two files D1 and D1 ′ are reversed.

  Therefore, in the activation detection state of AP1, if the application program AP1 requests the usage data files D1 and D3 by specifying the original file names “File D1.txt” and “File D3.txt”, Data files D1 and D3 are read out. The activation detection state of AP1 is a state that is temporarily maintained until the application program AP1 is activated and then terminated. If the application program AP1 is not activated, the data file D1, Since D1 ′ is replaced again, for example, even if there is a read request with the file name “File D1.txt” from the application program AP5, for example, the forged data file D1 ′ is read.

  Although the case where the application program AP1 is activated has been described above, the same applies to the case where another application program having the first attribute is activated. For example, when the telephone call program AP2 shown in FIG. 2 is activated, the usage data files D1 and D2 of the program AP2 are exchanged to be “File D1.txt” and “File D2.csv”. When the original data file name is specified and the usage data files D1 and D2 are requested, the regular data files D1 and D2 are read out.

  Of course, in the case of an information processing apparatus having a multitask function, as described above, both the application program having the first attribute and the application program having the second attribute are simultaneously activated in the activation processing unit 40. If there is a function to limit activation so that it does not become a state, there will be no discrepancy in the necessary file name switching processing.

  In order for the data file management unit 120 to perform individual replacement for each file, it is necessary to perform replacement processing on a necessary data file after recognizing which data file is used by each application program. Therefore, when implementing the embodiment shown here, the attribute list LL as illustrated in FIG. 14 may be stored in the attribute list storage unit 80.

  Eventually, the data file management unit 120 refers to the attribute list LL in the attribute list storage unit 80, thereby recognizing the attribute of the application program to be activated or in the activated state. In the case of the attribute 1, the regular data file is stored in the main folder F1 and the impersonation data file is stored in the subfolder at least as far as the data file used by the application program to be activated or in the activated state is concerned. When the setting state stored in the folder F2 is set (the lower part of FIG. 19) and the recognized attribute is the second attribute, at least the application program that is the activation target or is activated is used. As far as data files are concerned, specify them as protected files The registered regular data file is stored in the subfolder F2, and the corresponding data file is set so that the regular data file and the camouflaged data file not designated as the protection target file are stored in the main folder F1. Replace.

<7-8: Extension to general storage location>
The methods described so far in §7-5, §7-6, and §7-7 are examples in which the main folder F1 and the subfolder F2 are provided in the data file storage unit 30, but as described in §5 as well. The method of switching the data file to be accessed in the data file storage unit 30 is not necessarily limited to the method using a folder. The data file storage unit 30 in the present application does not need to be physically one storage device. For example, the data file storage unit 30 may be an aggregate of a plurality of drive devices or distributed in a state accessible via a network. It may be a collection of storage locations in the arranged server device.

  Therefore, if a folder in the method described in §7-5, §7-6, and §7-7 described above is regarded as a data file storage location in a high-level concept, the data file storage unit 30 stores the main storage location F1 and the secondary storage location. It is possible to expand to an example in which the storage location F2 is provided. In the above-mentioned examples of §7-5, §7-6, and §7-7, the main folder F1 and the subfolder F2 are used as the main storage location F1 and the substorage location F2 in the expanded concept, respectively. It can be said that the access folder name “DATA” and the non-access folder name “X” are used as the location name and the non-access storage location name, respectively.

<<< §8. Specific application method to conventional information processing apparatus >>
Here, a specific method of applying the present invention to a conventional information processing apparatus will be considered. More specifically, consider a method of applying the first embodiment and the second embodiment of the present invention to a conventional general smartphone in which an OS program is incorporated, such as an Android OS or iOS.

  As described above, the difference between the first embodiment illustrated in FIG. 1 and FIG. 5 and the second embodiment illustrated in FIG. 10 and FIG. The file management unit 120 is replaced. As a result, in the former, the activation processing unit 40 and the program execution unit 70 indirectly access the data file storage unit 30 via the data file mediation unit 50, whereas in the latter, the activation processing unit 40 and the program The execution unit 70 directly accesses the data file storage unit 30. Therefore, here, let us consider how the difference between the two affects when the present invention is applied to a conventional smartphone.

  First, consider a case where the first embodiment is applied to a conventional smartphone. As already described, among the components of the information processing apparatus according to the first embodiment shown in FIG. 5, the application introduction processing unit 10, the program storage unit 20, the data file storage unit 30, the activation processing unit 40, the memory 60, The program execution unit 70 and the input / output interface 90 are basically components provided in a conventional smartphone. On the other hand, the data file mediation unit 50, the attribute list storage unit 80, the fake data file setting unit 100, and the attribute list update unit 110 are newly added components for implementing the present invention.

  However, the provision of the camouflaged data files D1 ′, D2 ′, D4 ′ in the data file storage unit 30 is a feature unique to the present invention, and the activation processing unit 40 and the program execution unit 70 store the data file. It is also a feature unique to the present invention that instead of directly accessing the unit 30, it is indirectly accessed via the data file mediating unit 50.

  Therefore, in order to apply the first embodiment shown in FIG. 5 to a conventional smartphone, it is necessary to add the above-described new constituent elements and characteristic portions unique to the present invention. In practice, such additions are made in the form of adding new programs or modifying existing programs. More specifically, in order to apply the first embodiment to a conventional smartphone, it is necessary to modify or add to the OS program portion. This is because the function of directly accessing the data file storage unit 30 by the activation processing unit 40 or the program execution unit 70 is a basic function provided by the OS program, and therefore indirectly through the data file mediation unit 50. This is because it is necessary to modify this basic function part in order to make access.

  After all, in order to apply the first embodiment shown in FIG. 5 to a conventional smartphone, it is necessary to modify the OS program itself such as the Android OS and iOS. In general, such modification of the OS program cannot be performed so easily. In other words, the OS program plays an important role in managing the execution of each application program, and even if the provider that provides the OS program modifies it, it must be designed to ensure that no problems occur. become.

  Therefore, it is easy for a person other than the provider to incorporate a program that arbitrarily changes the contents of the OS program. Also, many providers do not allow modifications to such OS programs. From such a point, applying the first embodiment of the present invention to an existing smartphone that is currently on the market leaves some problems from a practical point of view.

  On the other hand, such a problem does not occur in the second embodiment. For example, as shown in FIG. 11, in the second embodiment, the activation processing unit 40 and the program execution unit 70 directly access the data file storage unit 30 and read and store the data file, as in a conventional smartphone. There is no need to make any changes to the OS program that controls such basic functions. To add the functions of the embodiment shown in FIG. 11 to a conventional smartphone, add a program that functions as the data file management unit 120, the attribute list storage unit 80, the fake data file setting unit 100, and the attribute list update unit 110. That's fine. Since such a function does not interfere with the function of the OS program, it can be provided as a function of one application program.

  That is, in the information processing apparatus according to the embodiment shown in FIG. 11, the application introduction processing unit 10, the program storage unit 20, the data file storage unit 30, the activation processing unit 40, the memory 60, the program execution unit 70, and the input / output interface 90. The part can be configured by a computer (smart phone) and an OS program incorporated in the computer, and the data file management unit 120, the attribute list storage unit 80, the impersonation data file setting unit 100, and the attribute list update unit 110 Can be composed of the computer (smartphone), a specific application program incorporated in the computer, and a usage data file used by the specific application program (For information processing apparatus according to the embodiment shown in FIG. 10, impersonation data file setting section 100 and the attribute list updating section 110 may be omitted).

  FIG. 20 is a block diagram illustrating an example in which each of the above-described components 120, 80, 100, and 110 (in the figure, the block frame is indicated by a broken line) is realized by an application program in the embodiment illustrated in FIG. The program storage unit 20 shown in FIG. 20 shows a state in which the application program AP0 is stored. The program AP0 functions as the constituent elements 120, 80, 100, and 110 indicated by the broken-line blocks. It is a dedicated application program to fulfill. The data file D0 stored in the data file storage unit 30 is a data file used by the program AP0, and the attribute list L stored in the attribute list storage unit 80 is actually this data. It is stored in the data file storage unit 30 as data in the file D0.

  FIG. 20 shows a state in which application programs AP0 and AP1 and data files D0, D1, and D3 are expanded in the memory 60. When adopting a form in which the functions of the components 120, 80, 100, and 110 are provided by the application program AP0, the application program AP0 is different from a general application program. It will be a program. Therefore, when this information processing apparatus functions as the information processing apparatus according to the second embodiment of the present invention, the user first starts the management application program AP0 before starting the general application programs AP1 to AP5. It is necessary to perform an operation to start up. In other words, until the management application program AP0 is started, each component shown by the broken-line block in FIG. 20 does not function.

  When the user gives an instruction to activate the management application program AP0, the activation processor 40 reads the program AP0 and the data file D0 and develops them on the memory 60. At this point, each component indicated by the broken-line block is ready, and thereafter, the operation as described above is executed. For example, when the user subsequently gives an instruction to start the application program AP1, the start processing unit 40 executes a process for starting the program AP1.

  At this time, the data file management unit 120 detects the activation of the program AP1 and refers to the attribute list L to recognize that the attribute of the program AP1 is the first attribute. And the process which arranges the access environment in the data file storage part 30 is performed by the method described so far. As a result, the program AP1 and the regular data files D1 and D3 used by the program AP1 are expanded on the memory 60. The memory 60 shown in FIG. 20 shows such a state.

  The data “LOG” in the memory 60 is an activation log created by the activation processing unit 40, and records the time when each application program was activated and the time when it was terminated as a history. The activation processing unit 40 realized by a general OS program function has a function of leaving such an activation log on the memory 60. For example, in the case of an Android OS, when a specific application program is started, a start history including information on the file name and start date / time of the application program is recorded, and a specific state of the start state is recorded. When the application program is terminated, a termination history including information on the file name of the application program and the date / time of termination is recorded.

  The data file management unit 120 monitors the start log LOG to thereby start specific application programs, end information about specific application programs, and information about application programs that are currently started. Can be obtained. In an information processing apparatus having a multitasking function, a plurality of application programs can be simultaneously set to an “activated state”. In this case, the program execution unit 70 (actually, the CPU) Application programs are executed alternately while switching in a time-sharing manner. Therefore, the management application program AP0 checks the contents of the startup log LOG when the order of execution comes, recognizes which application program is currently in the “started state”, and if necessary, Thus, the access environment change process for the data file storage unit 30 is performed.

  As described above, the attribute list L is actually prepared as data in the data file D0. Accordingly, the content of the attribute list L shown in FIG. 20 is actually the data in the data file D0 stored in the memory 60, and the list update processing by the attribute list update unit 110 is actually This is a data update process for the data file D0 developed in the memory 60. When the user finishes executing the general application program and finally finishes executing the management application program AP0, the data file D0 developed on the memory 60 is stored in the data file storage unit 30. become. At this point, the attribute list L is stored in the data file storage unit 30 as data in the data file D0.

<<< §9. Other variations >>
So far, the present invention has been described with respect to the first embodiment, the second embodiment, and some modifications thereof. Here, some further modifications to the various modes described so far are listed.

<9-1: Start restrictions in multitasking>
In the second embodiment, the data file management unit 120 needs to perform access environment switching processing for the data file storage unit 30 based on the attribute of the application program requesting the data file. In addition, in the case of an information processing apparatus having a multitask function, the activation processing unit 40 has a function of simultaneously activating a plurality of application programs, so that an application program having the first attribute has been activated. If the period in which the application program having the second attribute is activated and the period in which the application program having the second attribute is activated overlap, the data file management unit 120 sequentially monitors the access to the data file from each application program. It is necessary to perform processing to switch the access environment.

  In order to avoid such complicated processing, as described above, the activation processing unit 40 is in a state where both the application program having the first attribute and the application program having the second attribute are activated at the same time. It is sufficient to have a function to limit activation so that it does not become necessary. Here, some specific methods for performing such activation restrictions are described.

  In the first method, when the activation processing unit 40 is given an activation instruction for a new application program having the second attribute during a period in which the application program having the first attribute is activated, Alternatively, when an activation instruction for a new application program having the first attribute is given during a period in which the application program having the second attribute is activated, the activation of the new application program is rejected. Is the method.

  When this method is adopted, for example, in the example shown in FIG. 2, after starting the program AP1 (first attribute) for the Web browser, the program AP3 (first attribute) for browsing the map is started. Although it is possible, the activation processing unit 40 rejects the activation of the competition game program AP4 (second attribute) after that. In order to start the competitive game program AP4, it is necessary to end the Web browser program AP1 and the map browsing program AP3.

  In short, this first method adopts a method that prioritizes a program that has been activated first, and rejects the activation if the attribute of the program that is to be activated later is different. Therefore, when the competitive game program AP4 has been activated first, if an attempt is made to activate the Web browser program AP1 or the map browsing program AP3, the application program that is to be activated later is also displayed. Activation will be rejected.

  In the second method, when the activation processing unit 40 is given an activation instruction for a new application program having the second attribute during a period in which the application program having the first attribute is activated, Or, when an activation instruction is given to a new application program having the first attribute during a period in which the application program having the second attribute is activated, the application program in the activated state is forced This is a method of starting the new application program after completion.

  In short, the second method adopts a method in which a program to be started later is prioritized, and if the attribute of the program to be started later is different, the previously started program is forced. This is a method of ending and starting a program that is to be started later.

  In the third method, when the activation processing unit 40 is given an activation instruction for a new application program having the second attribute during a period in which the application program having the first attribute is activated, When the activation of the new application program having the first attribute is given during the period in which the activation of the new application program is rejected and the application program having the second attribute is activated This is a method of starting the new application program after forcibly terminating the application program in the set state.

  In short, the third method adopts a method in which the program having the first attribute is prioritized. When the attribute of the program to be started later is different, the program having the second attribute is always used. However, it takes the form of giving a concession to a program having the first attribute when activation is rejected or forcibly terminated.

  In addition to this, a method for exceptionally permitting both the application program having the first attribute and the application program having the second attribute to be activated simultaneously only in a specific case. Is also possible. For example, the activation processing unit 40 basically performs activation restrictions so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time. For an application program having the first attribute that does not use the same data file and an application program having the second attribute, a method may be adopted in which simultaneous activation is exceptionally permitted.

<9-2: Encryption of regular data file>
An object of the present invention is to prevent leakage of important information, and the object is not to use a regular data file designated as a protection target file for an application program having the second attribute. This is accomplished by using a fake data file as a substitute. In order to further prevent information leakage of the regular data file designated as the protection target file, the regular data file is encrypted in the data file storage unit 30 while not being used by the application program. It is preferable to adopt a method in which the data is stored in the application program and decrypted for use of the application program only when necessary.

  In §7-1 and §7-2, an example has been described in which the data file management unit 120 changes the access environment by changing the file name. For example, in the embodiment shown in FIG. 12, when switching from the first setting state to the second setting state, for the regular data files D1, D2, and D4 designated as the protection target files, the file names are requested. Processing to change the file name (file name without “!”) To the non-request target file name (file name with “!”) Is being performed. Therefore, when this file name change process is performed, an encryption process is performed on these regular data files D1, D2, and D4. That is, the regular data files D1, D2, and D4 to which the non-request target file names “File D1! .Txt”, “File D2! .Csv”, and “File D4! .Csv” are assigned are in an encrypted state. Become.

  In the second setting state, the regular data files D1, D2 and D4 are not originally used by the application program, so no problem occurs even if they are encrypted. Moreover, if it is encrypted, an illegal program is included in the application program being executed (a program having the second attribute), and the regular data files D1, D2, and D4 are leaked to the outside. Even if this process is executed, since it is encrypted, the risk of information leakage is reduced.

  On the other hand, when switching from the second setting state to the first setting state, the file names of the regular data files D1, D2, and D4 are requested from the non-request target file names (file names with “!”). The file name is changed to a file name (a file name without “!”). At this time, a decryption process for decrypting the encrypted regular data files D1, D2, and D4 is executed. If it does so, regular data file D1, D2, D4 can be utilized without trouble in the 1st setting state.

  Of course, in this encryption method, as described in §7-6 and §7-7, the data file management unit 120 performs a replacement process for moving a data file to a different storage location (for example, a folder). It is also applicable to. That is, the data file management unit 120 performs the encryption process when performing the replacement to move the regular data file designated as the protection target file from the main storage location (main folder) to the sub storage location (sub folder), and What is necessary is just to perform a decoding process at the time of exchanging which moves a regular data file from a secondary storage location (subfolder) to a main storage location (main folder).

  If such an encryption method is employed, the regular data folder saved in the secondary storage location (subfolder) is always in an encrypted state, so the risk of information leakage is also reduced. .

<9-3: Expansion of saved data file>
This modification is a unique technique for reducing the risk of information leakage by a technique that is completely different from the encryption technique described above, and its basic concept is that the protected file is not used by an application program. Is to adopt a paradoxical method of forcibly expanding in memory.

  In the present invention, the process of developing a data file on the memory 60 is generally called “opening” a data file by an application program. Although not particularly described in the embodiments so far, the process of “closing” the data file by the application program means that the data file developed on the memory 60 is discarded. In many OS programs, an operation in which “open processing” cannot be performed again on “opened files” has been attempted.

  The embodiment described here is premised on the OS program that employs such an operation. Since the application program having the second attribute is started, the file name is changed to a non-requested file name. The regular data file saved by moving the storage location to the secondary storage location (subfolder) or the like is forcibly expanded on the memory 60 to perform the processing of “already open file” It is. Of course, since the regular data file being saved is not used by the activated application program, even if it is forcibly expanded on the memory 60, access from the application program is not received. Nor is it useful. In other words, it's a uselessly opened file.

  In this way, although an operation to open a file in theory is performed, an OS program that operates such that “open processing” cannot be performed again for a “file that has already been opened”. Under such management, the useless operation is useful for protecting the protection target file from an unauthorized program. In other words, in the unlikely event that an executing application program (a program having the second attribute) includes an illegal program, the legitimate data file designated as the file to be protected is opened in an unauthorized manner, and any unauthorized Even if the process is to be executed, since the file is already in the “open state”, the “open process” is prohibited again by the OS program, and the illegal program cannot fulfill its purpose.

  When such saved data expansion processing is applied to an example (§7-1, §7-2) in which the access environment is changed by changing the file name, the data file management unit 120 uses the regular data file. When the process of changing the file name from the request target file name to the non-request target file name is performed, the process of expanding the regular data file into the memory 60 is performed, and the file name is changed from the non-request target file name to the request target file name. When the process to change to is performed, the process of closing the regular data file developed in the memory 60 may be performed.

  Similarly, when such a decompressed data expansion process is applied to an example (§7-6, §7-7) in which an access environment is changed by moving a data file, the data file management unit 120 When performing replacement to move the regular data file from the main storage location (main folder) to the secondary storage location (subfolder), the regular data file is expanded in the memory 60, and the regular data file is stored in the secondary storage location ( What is necessary is just to perform the process which closes the said regular data file expand | deployed to the memory 60, when performing the replacement which moves to a main storage location (main folder) from a subfolder.

<9-4: Example in which some components are provided in the server device>
Each of the various embodiments described so far is an example of an information processing apparatus configured by incorporating all components in the same portable terminal device, such as a single smartphone. The information processing apparatus does not necessarily need to be an apparatus in which all components are incorporated in the same portable terminal device.

  That is, in each information processing apparatus shown in FIGS. 1, 5, 10, and 11, some components are incorporated into the mobile terminal device, and some components are incorporated into the server device. A communication function may be provided between the server device.

  Specifically, for example, in the information processing apparatus shown in FIG. 11, the program storage unit 20 and the data file storage unit 30 may be provided in a server apparatus accessible via a network. In this case, the activation processing unit 40, the program execution unit 70, and the data file management unit 120 can access the program storage unit 20 and the data file storage unit 30 by accessing the server device via the network. become.

  Also in this case, since the file name change process and the storage location change process are executed for the regular data file designated as the protection target file in the server apparatus, It is possible to prevent leakage of important information. This is effective as a defense against a targeted attack on a server for which a threat has been pointed out recently.

  Of course, the camouflaged data file setting unit 100 and the attribute list update unit 110 can be provided in a server device accessible via a network, and the attribute list storage unit 80 is provided in the server device, Information may be acquired by access via a network. In short, each component of the information processing apparatus according to the present invention does not necessarily have to be housed in the same casing, and can be communicated with each other by a plurality of physical devices distributed via a network. You can configure it.

10: Application introduction processing unit 20: Program storage unit 30: Data file storage unit 40: Startup processing unit 50: Data file mediation unit 60: Memory 70: Program execution unit 80: Attribute list storage unit 90: Input / output interface 100: Impersonation Data file setting unit 110: Attribute list update unit AP0 to AP5: Application program D0 to D6: Regular data file D1 ′, D2 ′, D4 ′: Disguised data file F1: Main folder F2: Subfolder L, LL: Attribute list LOG : Startup logs S11 to S27: Steps α of the flowchart: File storage unit β, β ′: Deployment execution unit

Claims (49)

An information processing apparatus that executes an application program using a data file,
A file storage for storing application programs and data files;
Memory for deploying application programs and data files;
An attribute list storage unit that stores an attribute list indicating whether each application program stored in the file storage unit is a first attribute or a second attribute;
An application program to be executed and a data file requested by the program are read from the file storage unit, expanded in the memory, and an expanded execution unit that executes the expanded application program using the expanded data file;
With
A plurality of n regular data files are stored in the file storage unit, and some or all of the n regular data files are designated as protection target files. , Data files with the same data format are stored in correspondence as fake data files,
The expansion execution unit recognizes the attribute of the application program to be executed by referring to the attribute list, and if the recognized attribute is the first attribute, selects the regular data file and recognizes it. If the attribute is the second attribute, select a camouflaged data file (or a regular data file if no camouflaged data file exists), and execute the selected data file after expanding it in the memory. An information processing apparatus characterized by the above. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file used by the specific application program is expanded in the memory. A startup processor;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
Data file intermediary unit that reads out the data file to be requested from the data file storage unit and delivers it to the activation processing unit when there is a request from the activation processing unit for the data file used by the application program to be activated When,
With
A plurality of n regular data files are stored in the data file storage unit, and some or all of the n regular data files are designated as protection target files. Is stored as a data file with the same data format as an impersonation data file,
The data mediation unit recognizes the attribute of the application program to be activated by referring to the attribute list, and selects the regular data file when the recognized attribute is the first attribute, An information processing apparatus that selects a camouflaged data file (however, if a camouflaged data file does not exist) when the attribute is the second attribute, and delivers the selected data file. The information processing apparatus according to claim 2,
The program execution unit has a function of reading out a data file used by the application program based on an instruction of the application program being executed via the data file mediation unit and expanding the data file in the memory,
Based on the file read request from the program execution unit, the data file mediation unit has a function of reading out the data file to be requested from the data file storage unit and delivering it to the program execution unit. By referring to the attribute list, the attribute of the application program making the file read request is recognized, and if the recognized attribute is the first attribute, the regular data file is selected, and the recognized attribute is An information processing apparatus that selects a camouflaged data file (provided that if the camouflaged data file does not exist) if it is the second attribute, and delivers the selected data file. The information processing apparatus according to claim 3.
The program execution unit has a function of transferring the data file being used by the application program to the data file intermediary unit and storing it in the data file storage unit based on the instruction of the application program being executed. And
The data file intermediary unit has a function of saving the transferred data file in the data file storage unit based on the file save request from the program execution unit. If it is a request, a save process for rewriting the old file is executed, and if the file save request is a new save request, a save process for a new file is executed as a regular data file. Information processing apparatus. In the information processing apparatus according to any one of claims 2 to 4,
The corresponding regular data file and fake data file are stored in the data file storage unit as data files having different file names,
An information processing apparatus, wherein a data file mediating unit distinguishes and handles a regular data file and a camouflaged data file based on a file name. In the information processing apparatus according to any one of claims 2 to 4,
The data file storage unit has a main storage location for storing the regular data file and a secondary storage location for storing the camouflaged data file (however, if the corresponding camouflaged data file does not exist, the regular data file). And
An information processing apparatus, wherein a data file mediation unit distinguishes between files to be handled by distinguishing between the main storage location and the sub storage location. In the information processing apparatus according to any one of claims 2 to 4,
A data file storage unit has a main folder storing a regular data file and a subfolder storing a camouflaged data file (however, if the corresponding camouflaged data file does not exist, the regular data file); The corresponding regular data file and fake data file have the same file name,
An information processing apparatus, wherein a data file mediation unit distinguishes between files to be handled by distinguishing between the main folder and the subfolder. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file requested by the specific application program is stored in the data file storage unit An activation processing unit that performs an activation process of reading from and expanding in the memory;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit for changing an access environment for the data file stored in the data file storage unit;
With
A plurality of n regular data files are stored in the data file storage unit, and some or all of the n regular data files are designated as protection target files. Is stored as a data file with the same data format as an impersonation data file,
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and when the recognized attribute is the first attribute, the regular data file is read out. If the recognized attribute is the second attribute, the access environment is changed so that a camouflaged data file (or a regular data file if no camouflaged data file exists) is read. Processing equipment. The information processing apparatus according to claim 8,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The program execution unit has a function of accessing a data file in the data file storage unit,
The regular data file is accessed during a period in which the application program having the first attribute is activated, and the data file management unit is impersonated during the period in which the application program having the second attribute is activated. An information processing apparatus, wherein an access environment is changed so that a data file (however, a regular data file when a camouflaged data file does not exist) is accessed. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name requested by the specific application program An activation processing unit that performs an activation process that is read from the data file storage unit and expanded in the memory;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
The file name of the data file stored in the data file storage unit is changed by switching between a request target file name requested by the application program and a non-request target file name different from the request target file name. A data file manager,
With
A plurality of n regular data files are stored in the data file storage unit, and some or all of the n regular data files are designated as protection target files. Is stored as a data file with the same data format as an impersonation data file,
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and recognizes at least the period until the reading of the data file in the activation process for the activation object is completed. If the attribute is the first attribute, the request target file name is assigned to the regular data file, and the non-request target file name is assigned to the fake data file. If the recognized attribute is the second attribute in the set state, the non-request target file name for the regular data file (however, for a regular data file for which no corresponding camouflaged data file exists) The request target file name) is assigned, and the request target file is assigned to the fake data file. As file name becomes the second setting state granted, the information processing apparatus, characterized in that to change the file name. The information processing apparatus according to claim 10,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The data file management unit is in the first setting state during a period in which the application program having the first attribute is activated, and in the period in which the application program having the second attribute is activated. An information processing apparatus that changes a file name so as to be in a setting state of 2. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name requested by the specific application program An activation processing unit that performs an activation process that is read from the data file storage unit and expanded in the memory;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
The file name of the data file stored in the data file storage unit is changed by switching between a request target file name requested by the application program and a non-request target file name different from the request target file name. A data file manager,
With
A plurality of n regular data files are stored in the data file storage unit, and some or all of the n regular data files are designated as protection target files. Is stored as a data file with the same data format as an impersonation data file,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated simultaneously,
In the attribute list storage unit, information indicating a usage data file used by each application program is stored,
The data file management unit recognizes an attribute of an application program to be activated or in an activated state by referring to the attribute list, and when the recognized attribute is the first attribute As long as it relates to at least the data file used by the application program that is the activation target or in the activated state, the request target file name is given to the regular data file, and the non-request target file is specified to the fake data file When the name is given and the recognized attribute is the second attribute, at least as far as the data file used by the application program to be activated or activated is concerned, In contrast, the non-requested file name ( The request target file name is assigned to a regular data file for which no corresponding impersonation data file exists, and the request target file name is assigned to the impersonation data file. An information processing apparatus characterized by making a change. The information processing apparatus according to any one of claims 10 to 12,
When the data file management unit is not in a state where any application program is activated, the non-request target file name for the regular data file (however, the request target for the regular data file for which there is no corresponding impersonation data file) An information processing apparatus that changes a file name so that a request target file name is assigned to a camouflaged data file. The information processing apparatus according to any one of claims 10 to 13,
When the data file management unit performs processing to change the file name from the request target file name to the non-request target file name for the regular data file, the file name is changed from the non-request target file name to the request target file. An information processing apparatus that performs a decryption process when performing a process of changing to a name. The information processing apparatus according to any one of claims 10 to 13,
When the data file management unit performs processing to change the file name from the request target file name to the non-request target file name for the regular data file, the processing is performed to expand the regular data file in the memory, and the file name is not requested. An information processing apparatus that performs a process of closing a regular data file developed in a memory when performing a process of changing a target file name to a request target file name. The information processing apparatus according to any one of claims 10 to 13,
An information processing apparatus, wherein a data file management unit uses a file name in which an extension portion is changed as a corresponding request target file name and non-request target file name. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage unit having a main storage location and a secondary storage location for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name requested by the specific application program An activation processing unit that reads from a storage location having a storage location name for access in the data file storage unit and expands the memory;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit that changes a storage location name for the main storage location and the secondary storage location by switching between the access storage location name and a non-access storage location name different from the access storage location name When,
With
A plurality of n regular data files are stored in the main storage location, and some or all of the n regular data files are designated as protection target files. A spoofed data file having the same data format as the regular data file designated as the protection target file, and a regular data file not designated as the protection target file are stored,
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and recognizes at least the period until the reading of the data file in the activation process for the activation object is completed. If the attribute is the first attribute, the access storage location name is assigned to the main storage location, and the non-access storage location name is assigned to the secondary storage location. If the recognized attribute is the second attribute, the access storage location name is assigned to the secondary storage location, and the non-access storage is assigned to the main storage location. An information processing apparatus that changes a storage location name so as to be in a second setting state to which a location name is assigned. The information processing apparatus according to claim 17,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The data file management unit is in the first setting state during a period in which the application program having the first attribute is activated, and in the period in which the application program having the second attribute is activated. An information processing apparatus that changes a storage location name so as to be in a setting state of 2. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage unit having a main storage location and a secondary storage location for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name requested by the specific application program An activation processing unit that reads out from the main storage location in the data file storage unit and expands the memory;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit for switching the data file in the main storage location and the data file in the sub storage location;
With
A plurality of n regular data files are stored in the entire storage location including the main storage location and the secondary storage location, and some or all of the n regular data files are protected files. And the entire storage location further stores a camouflaged data file having the same data format as the regular data file specified as the file to be protected,
The data file management unit recognizes the attribute of the application program to be activated by referring to the attribute list, and recognizes at least the period until the reading of the data file in the activation process for the activation object is completed. If the attribute is the first attribute, the regular data file is stored in the main storage location, and the fake data file is stored in the secondary storage location in the first setting state. Is the second attribute, the regular data file designated as the protection target file is stored in the secondary storage location, and the regular data file not designated as the protection target file and the impersonation data file are The corresponding data is set so as to be in the second setting state stored in the main storage location. The information processing apparatus which is characterized in that the replacement file. The information processing apparatus according to claim 19,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated at the same time.
The data file management unit is in the first setting state during the period in which the application program having the first attribute is activated, and in the period in which the application program having the second attribute is activated. 2. An information processing apparatus, wherein data files are exchanged so as to be in a setting state of 2. An information processing apparatus that executes an application program using a data file,
A program storage unit for storing application programs;
A data file storage unit having a main storage location and a secondary storage location for storing data files used by the application program;
An input / output interface for inputting instructions from the user and presenting information to the user;
Based on an instruction from the user, a new application program and, if necessary, a data file used by the application program are introduced from the outside, the introduced application program is stored in the program storage unit, and introduced as necessary An application introduction processing unit for storing a data file in the data file storage unit;
A memory for developing an application program to be executed and a data file used by the program;
When an activation instruction for a specific application program is given, the application program to be activated is read from the program storage unit and expanded in the memory, and a data file having a file name requested by the specific application program An activation processing unit that reads out from the main storage location in the data file storage unit and expands the memory;
A program execution unit for executing an application program expanded in the memory based on an instruction from a user using a data file expanded in the memory, and presenting information obtained as an execution result to the user; ,
An attribute list storage unit for storing an attribute list indicating whether each application program stored in the program storage unit is a first attribute or a second attribute;
A data file management unit for switching the data file in the main storage location and the data file in the sub storage location;
With
A plurality of n regular data files are stored in the entire storage location including the main storage location and the secondary storage location, and some or all of the n regular data files are protected files. And the entire storage location further stores a camouflaged data file having the same data format as the regular data file specified as the file to be protected,
The activation processing unit performs activation restriction so that both the application program having the first attribute and the application program having the second attribute are not activated simultaneously,
In the attribute list storage unit, information indicating a usage data file used by each application program is stored,
The data file management unit recognizes an attribute of an application program to be activated or in an activated state by referring to the attribute list, and when the recognized attribute is the first attribute The regular data file is stored in the main storage location, and the impersonation data file is stored in the secondary storage location, at least as far as the data file used by the application program to be activated or in the activated state is concerned. If it is in the setting state and the recognized attribute is the second attribute, at least as far as the data file used by the application program to be activated or in the activated state is designated as the protected file Regular data file is the secondary storage location Information that replaces the corresponding data file so that the stored regular data file that is not designated as the protection target file and the camouflaged data file are in the setting state stored in the main storage location. Processing equipment. The information processing apparatus according to any one of claims 17 to 21,
When the data file management unit is not running any application program, the storage location name is changed or the corresponding data file is replaced so that the setting state is obtained when the second attribute is recognized. A characteristic information processing apparatus. The information processing apparatus according to any one of claims 17 to 22,
The data file management unit performs encryption processing when performing a replacement for transferring a regular data file from the main storage location to the secondary storage location, and performs a decryption process when performing a replacement for moving from the secondary storage location to the primary storage location. An information processing apparatus characterized by performing. The information processing apparatus according to any one of claims 17 to 22,
When the data file management unit performs replacement to move the regular data file from the main storage location to the secondary storage location, the data file management unit performs processing to expand the regular data file into the memory, and changes the regular data file from the secondary storage location to the main storage location. An information processing apparatus that performs a process of closing the regular data file that has been expanded in a memory at the time of replacement to move. The information processing apparatus according to any one of claims 17 to 24,
A primary folder and a secondary folder are used as the main storage location and a secondary storage location, respectively, and an access folder name and a non-access folder name are used as the access storage location name and the non-access storage location name, respectively. Information processing device. In the information processing apparatus according to any one of claims 2 to 25,
As a fake data file, a fake data file in which fake information is recorded, a meaningless data file in which meaningless character strings are recorded, or an empty data file in which no substantial data is recorded are stored. A characteristic information processing apparatus. In the information processing apparatus according to any one of claims 2 to 25,
An information processing apparatus further comprising a camouflaged data file setting unit that stores a camouflaged data file corresponding to a new regular data file designated as a protection target file in a data file storage unit. The information processing apparatus according to claim 27,
An information processing apparatus in which a camouflaged data file setting unit creates a camouflaged data file by copying a regular data file. The information processing apparatus according to claim 28,
The fake data file setting unit creates a copy data file by copying the regular data file, and then executes the modification to the copy data file based on a user modification instruction given from the input / output interface. An information processing apparatus that sets a file as a camouflaged data file. The information processing apparatus according to claim 27,
An information processing apparatus in which a camouflaged data file setting unit introduces and sets a camouflaged data file corresponding to a regular data file from outside. The information processing apparatus according to claim 27,
When the impersonation data file setting unit introduces a new application program and a regular data file used by the application program by the application installation processing unit, the regular data file is specified as a protection target file. An information processing apparatus that performs a process of setting a camouflaged data file for the regular data file. The information processing apparatus according to claim 27,
When the impersonation data file setting unit creates and saves a new regular data file by the application program, the impersonation data file setting section impersonates the regular data file on the condition that the regular data file is designated as a protection target file. An information processing apparatus that performs processing for setting a data file. The information processing apparatus according to claim 31 or 32,
An information processing apparatus characterized in that a regular data file used by an application program having a first attribute is a file to be protected. The information processing apparatus according to claim 31 or 32,
An information processing apparatus characterized in that a regular data file specified by a user instruction given from an input / output interface is a file to be protected. The information processing apparatus according to any one of claims 2 to 34,
When a new application program is introduced by the application introduction processing unit, an update process for adding information indicating the attribute of the new application program to the attribute list in the attribute list storage unit, or an attribute based on a user instruction An information processing apparatus, further comprising: an attribute list update unit that performs an update process for changing the contents of the attribute list in the list storage unit. 36. The information processing apparatus according to claim 35,
The attribute list storage unit stores an attribute list indicating the first attribute of the application program stored in advance in the program storage unit,
When a new application program is introduced by the application introduction processing unit, the attribute list update unit performs an update process for adding information indicating that the new application program is the second attribute to the attribute list. A characteristic information processing apparatus. 36. The information processing apparatus according to claim 35,
When the attribute list update unit stores a predetermined certification standard to be an application program to which the first attribute is to be given and a new application program is introduced by the application introduction processing unit, the new application program Update processing for determining whether or not the certification standard is satisfied, and adding information indicating that the attribute is a first attribute if the certification standard is satisfied and a second attribute if the certification standard is not satisfied. An information processing apparatus characterized by performing. 36. The information processing apparatus according to claim 35,
When a new application program is introduced by the application introduction processing unit, the attribute list update unit causes the user to specify an attribute for the new application program via the input / output interface, and for the new application program, An information processing apparatus that performs update processing for adding information indicating an attribute designated by a user to an attribute list. The information processing apparatus according to any one of claims 2 to 34,
The attribute list storage unit stores a list for identifying an application program having the first attribute as an attribute list,
An information processing apparatus in which the data file mediation unit or the data file management unit recognizes an application program listed in the attribute list as a first attribute and an application program not listed as a second attribute. . The information processing apparatus according to any one of claims 2 to 39,
The activation processing unit has a function of simultaneously activating a plurality of application programs. During a period in which the application program having the first attribute is activated, a new application program having the second attribute is processed. When an activation instruction is given, or when an activation instruction for a new application program having the first attribute is given during a period in which the application program having the second attribute is activated, the new An information processing apparatus that refuses to start a simple application program. The information processing apparatus according to any one of claims 2 to 39,
The activation processing unit has a function of simultaneously activating a plurality of application programs. During a period in which the application program having the first attribute is activated, a new application program having the second attribute is processed. Activated when an activation instruction is given, or when an activation instruction for a new application program having the first attribute is given during a period in which the application program having the second attribute is activated An information processing apparatus characterized by starting a new application program after forcibly ending an application program in a state in which the application program is in progress. The information processing apparatus according to any one of claims 2 to 39,
The activation processing unit has a function of simultaneously activating a plurality of application programs. During a period in which the application program having the first attribute is activated, a new application program having the second attribute is processed. When the activation instruction is given, activation of the new application program is rejected, and activation of the new application program having the first attribute is performed during a period in which the application program having the second attribute is activated. An information processing apparatus that, when given an instruction, forcibly terminates an activated application program and then activates the new application program. The information processing apparatus according to claim 12 or 21,
The start processing unit performs the start restriction in principle so that both the application program having the first attribute and the application program having the second attribute are not started at the same time, and the same data mutually An information processing apparatus characterized by exceptionally permitting simultaneous activation of an application program having a first attribute that does not use a file and an application program having a second attribute.   44. A cellular phone configured by incorporating an application program that performs at least a telephone function into the information processing apparatus according to claim 1. In the information processing apparatus according to any one of claims 1 to 43,
An information processing apparatus comprising a part of components incorporated in a portable terminal device, a part of components incorporated in a server device, and a communication function provided between the portable terminal device and the server device.   The program for functioning a computer as an information processing apparatus in any one of Claims 1-43. The information processing apparatus according to any one of claims 8 to 25,
An application introduction processing unit, a program storage unit, a data file storage unit, a startup processing unit, a memory, a program execution unit, and an input / output interface are configured by a computer and an OS program incorporated in the computer,
A data file management unit, an attribute list storage unit, and, if necessary, an impersonation data file setting unit, an attribute list update unit, the computer, a specific application program incorporated in the computer, and the specific application; An information processing apparatus characterized by comprising a use data file used by a program.   The specific application program according to claim 47. An application program execution method in which a computer executes an application program using a data file,
An application introduction stage and an application execution stage, each of which is executed by a computer,
The application introduction stage includes:
An application storage step of storing an application program and a regular data file used by the application program in a predetermined storage location;
A camouflaged data file storage step of storing a camouflaged data file having the same data format as the regular data file in the storage location;
An attribute list storage step of storing an attribute list indicating whether the application program stored in the storage location is a first attribute or a second attribute in the storage location;
Have
The application execution stage includes:
A program expansion step of reading an application program to be executed from the storage location and expanding it on a memory;
Referring to the attribute list, an attribute recognition step for recognizing the attribute of the application program to be executed;
When the attribute recognized in the attribute recognition step is the first attribute, the regular data file requested by the application program to be executed is read from the storage location and expanded on a memory, If it is the second attribute, instead of the regular data file requested by the application program to be executed, a data development step of reading the corresponding disguised data file from the storage location and developing it on the memory When,
An execution step of executing an application program expanded on the memory using a data file expanded on the memory;
A method for executing an application program, comprising:

Images