JP2014044686A - Information processing device and information processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique capable of appropriately setting access policy even when a device for executing an application is shared among a plurality of users.SOLUTION: Processing is executed using a resource permitted to be used among resources of an information processing device. As intensity of a signal transmitted from a terminal held by a user or a distance between the information processing device and the terminal calculated in accordance with the intensity is more different from a reference value, the resource permitted to be used is more restricted.

Description

  The present invention relates to an access policy control technique.

  In recent years, user devices equipped with application execution environments such as smartphones and digital cameras have become widespread. Such user devices not only store confidential data such as personal information such as an address book, but also store personal photo data and the like. Normally, an access policy corresponding to a user who uses a user device is set for confidential data and photo data that can be accessed by an application, and it is possible to access only data permitted by this policy.

  On the other hand, a technique is known in which such an access policy is applied not only to a fixed access policy for a user but also according to operating conditions such as date and place of use. There exists patent document 1 as such a technique. In Patent Document 1, an access policy is automatically assigned according to the position (location) of the user device, and access control to content such as a document is performed according to the access policy.

JP 2005-267353 A

  A user device such as a digital camera is often shared with others, and there is an application in which a user uses a viewing application to display an image stored in the camera and allows a friend to view the image. In this case, there is a possibility that a friend to be browsed illegally operates the camera and accesses an address book or application that is not intended by the user. In such a case, the access policy is usually switched by inputting user authentication information or the like. However, this method requires the user to perform a complicated operation of inputting authentication information and switching an access policy every time the camera is delivered. That is, even when the user device is shared with a friend, a function for easily switching access policies and preventing unauthorized use is desired.

  In addition, it is difficult for a user device such as a digital camera to specify a use place in advance, and when access control is performed according to a position as in Patent Document 1, an appropriate access policy may not be set in the user device. In this case, there is a possibility that a legitimate user cannot access data or an unauthorized user can access confidential data.

  The present invention has been made in view of such a problem, and provides a technique capable of appropriately setting an access policy even when a device that executes an application is shared by a plurality of users. With the goal.

  In order to achieve an object of the present invention, for example, an information processing apparatus of the present invention is an information processing apparatus, and executes processing using resources that are permitted to be used among resources of the information processing apparatus. The greater the difference between the processing means and the signal transmitted from the terminal held by the user or the distance between the information processing apparatus and the terminal determined according to the intensity, and the reference value, And a control unit that further restricts resources permitted to be used by the processing unit.

  According to the configuration of the present invention, it is possible to appropriately set an access policy even when a device that executes an application is shared by a plurality of users.

The block diagram which shows the function structural example of a system. The figure which shows the example of an external appearance of a digital camera. The figure which shows the structural example of the information registered into the user authority memory | storage part 301. FIG. The figure which shows the example of the indicator 403. The flowchart of the process which the application execution terminal 102 performs. The figure which shows the combination of the distance information 1 and the distance information 2. FIG. The figure which shows an example of the script of a contribution application. The flowchart of the process which the application execution terminal 102 performs. The figure which shows the structural example of a table. The block diagram which shows the function structural example of the application execution terminal 1901. FIG. The flowchart of the process which the application execution terminal 1901 performs.

  Preferred embodiments of the present invention will be described below with reference to the accompanying drawings. The embodiment described below shows an example when the present invention is specifically implemented, and is one of the specific examples of the configurations described in the claims.

[First Embodiment]
<About the system>
First, a functional configuration example of a system according to the present embodiment will be described with reference to the block diagram of FIG. As shown in FIG. 1, the system according to the present embodiment includes a user holding terminal 101 held by each user and an application execution terminal 102 shared by each user.

  The purpose of this system is to change the access policy used for resource use control of the application execution terminal 102 in accordance with the relative positional relationship with the user holding terminal 101. Thereby, it is detected whether the user operating the application execution terminal 102 has changed to another user, and resource use control in the application execution terminal 102 is appropriately performed.

  FIG. 1 shows a system including one application execution terminal 102 and one user holding terminal 101 for convenience in order to facilitate the explanation of the system configuration. However, as described above, since the user holding terminal 101 is held by each user, the system can include one application execution terminal 102 and a plurality of user holding terminals 101.

  In this embodiment, it is assumed that there are two users who operate the application execution terminal 102 (hereinafter referred to as user A (first user) and user B (second user), respectively). When it is necessary to distinguish between the user holding terminal 101 (first terminal) held by the user A and the user holding terminal 101 (second terminal) held by the user B, the user holding terminal 101A, This will be referred to as user holding terminal 101B. However, when a description common to the user holding terminal 101A and the user holding terminal 101B is given, these are collectively referred to as the user holding terminal 101.

  In addition, the essence of the following description is not limited to the number of users being two, and it may be N (N is a natural number of 1 or more). It will be clear.

  As described above, the user holding terminal 101 is held by the user A or the user B. For example, a communication device such as a smartphone or a mobile phone, a wireless LAN, Bluetooth (registered trademark), near field radio (NFC), or the like. It is a device equipped with a communication function. The user holding terminal 101 may be equipped with one of these communication functions or a plurality of communication functions. In addition, one user may hold one user holding terminal 101, or a plurality of users may be held.

  The application execution terminal 102 executes processing using its own resource in response to an operation input from the user of this apparatus, and the use of the resource is controlled according to the access policy. For example, the application execution terminal 102 is a user device such as a digital camera, and executes an image browsing application or a photography application specified by the user. The access policy is set according to an operation mode such as an access right and a parental mode set for each user, and controls access to the resource of the application execution terminal 102. Here, the resources are data and device functions that are accessed by calling an application API, and include image data such as photographs, address book data, application data (EXE data), GPS functions, and communication functions. Furthermore, when the application execution terminal 102 detects that the user of this apparatus has been changed by another user, the application execution terminal 102 changes the access policy accordingly.

<User holding terminal 101>
The terminal identifier storage unit 201 stores an identifier as information unique to the user holding terminal 101. Various kinds of information can be used for the identifier, such as an ID of the user holding terminal 101 and information (name or the like) related to the user of the user holding terminal 101. However, the identifier as information unique to the user holding terminal 101A is stored in the terminal identifier storage unit 201 of the user holding terminal 101A. The terminal identifier storage unit 201 of the user holding terminal 101B stores an identifier as information unique to the user holding terminal 101B.

  The signal transmission unit 202 transmits the identifier stored in the terminal identifier storage unit 201 as a radio signal. For example, the signal transmission unit 202 transmits a wireless signal conforming to a standard such as a wireless communication signal of a mobile phone, wireless LAN, Bluetooth (registered trademark), or near field wireless (NFC). Alternatively, the signal transmission unit 202 may transmit sound waves as signals.

<About the application execution terminal 102>
FIG. 2 shows an appearance example of the digital camera when the application execution terminal 102 is a digital camera. In FIG. 2, each part described below is provided on the back surface of the main body 401 (the surface opposite to the surface on which an optical system such as a lens is provided).

  The display screen 402 is for displaying an external image or captured image acquired via the CCD, a GUI for performing various settings, and the like. An indicator 403 is displayed on the display screen 402, and display control of the indicator 403 is performed by a distance display unit 307 described later.

  The imaging lens 404 is an imaging lens such as a rear camera that images the operator of the digital camera. A button 405 is a button operated by the user of the apparatus to input various instructions. A button may be provided for each function.

  The back side configuration of the digital camera shown in FIG. 2 is merely an example, and any configuration may be adopted as long as it is a configuration for achieving each process described later. Further, the application execution terminal 102 is not limited to a digital camera, and may be another device as long as each process described below can be realized.

  Next, a functional configuration example of the application execution terminal 102 will be described using the block diagram of FIG. The user distance acquisition unit 303 receives a signal transmitted from the signal transmission unit 202 of the user holding terminal 101. Then, the user distance acquisition unit 303 obtains the strength (radio wave strength) of the received signal, or the distance between the application execution terminal 102 and the user holding terminal 101 based on the strength (the partner is the user holding terminal 101 From the identifier in the signal). Regardless of the signal strength obtained or the distance between the application execution terminal 102 and the user holding terminal 101, the information is the distance between the application execution terminal 102 and the user holding terminal 101. It is related. However, in the following, regardless of which information is obtained by the user distance acquisition unit 303, the obtained information is referred to as distance information. Then, the user distance acquisition unit 303 sends the obtained distance information to the distance storage unit 304.

  When the user holding terminal 101 supports a plurality of communication methods, the distance can be measured from the connectable communication methods. For example, it is estimated that the distance is 1 m when communication by NFC is possible and 10 m when communication by wireless LAN is possible, and the estimated distance information is sent to the distance storage unit 304.

  The distance storage unit 304 stores at least two pieces of distance information sent from the user distance acquisition unit 303. For example, a user who is using the application execution terminal 102 operates an operation unit (for example, the button 405 in FIG. 2) of the application execution terminal 102 for the purpose of passing the application execution terminal 102 to another user. Assume that a distance storage instruction is input. At this time, the distance storage unit 304 detects this input, and stores the distance information input from the user distance acquisition unit 303 at this time as the distance information 1. The distance storage unit 304 stores the distance information acquired from the user distance acquisition unit 303 after a certain period of time after storing the distance information 1 as the distance information 2. Thus, the distance storage unit 304 stores two pieces of distance information. Then, the distance storage unit 304 sends the two distance information to the operating user determination unit 305 at an appropriate timing when the two pieces of distance information are matched.

  The distance information 1 may be distance information acquired from the user distance acquisition unit 303 before a certain period of time, or may be predetermined distance information. In any case, the distance information 1 is used as a reference in the following processing.

  In the user authority storage unit 301, an access policy for each user who uses the application execution terminal 102 is registered. A configuration example of information registered in the user authority storage unit 301 will be described with reference to FIG. In FIG. 3, various types of information including access policies for user A, user B, and general users (Guest) who are not specific users are registered.

  Information for user A, user B, and general user is registered in each of the rows 501, 502, and 503. In column 504, identification information of each user (each user name in FIG. 3) is registered, and in column 505, a password that each user should input to the application execution terminal 102 at the time of authentication is registered. The column 506 registers the identifier of the user holding terminal 101 held by each user, and the column 507 registers the face image of each user. In column 508, the identifier (path name, file name, etc.) of each user's address book is registered, and in column 509, the identifier (path name, file name, etc.) of each user's photo book is registered. Has been.

  In column 510, setting target / non-target of whether to set parental mode (On) or not (Off) for each user is registered. The parental mode is a mode when the guardian causes the youth to use the terminal. It is in a mode where access is restricted more than usual. In FIG. 3, when the user A operates the application execution terminal 102, the parental mode is not set, and when the user B operates the application execution terminal 102, the parental mode is set. The parental mode is also set when a general user operates the application execution terminal 102.

  In the column 511, whether or not to allow (On) the use of the GPS function of the application execution terminal 102 for each user is registered. In FIG. 3, the use of the GPS function is permitted regardless of whether the user A operates the application execution terminal 102 or the user B operates the application execution terminal 102. When a general user operates the application execution terminal 102, the use of the GPS function is prohibited.

  In column 512, whether or not to permit (On) the use of the communication function of the application execution terminal 102 for each user is registered. In FIG. 3, the use of the communication function is permitted regardless of whether the user A operates the application execution terminal 102 or the user B operates the application execution terminal 102. Further, when a general user operates the application execution terminal 102, use of the communication function is prohibited.

  As described above, in FIG. 3, the availability of use of the three resources of the parental mode, the GPS function, and the communication function is registered for each user. Of course, the number of resources that are subject to availability control (access policy setting items) is not limited to these three.

  When the distance information 1 and the distance information 2 are sent from the distance storage unit 304, the operation user determination unit 305 obtains a difference between the distance information 1 and the distance information 2, and the obtained difference is equal to or greater than a specified amount. Whether or not the distance information 2 has changed significantly from the distance information 1.

  When the obtained difference is equal to or greater than the prescribed amount (when the distance information 2 has changed significantly from the distance information 1), the user of the application execution terminal 102 at the time of acquiring the distance information 1 moves far away, and other users The user may have become a user of the application execution terminal 102. In such a case, the operating user determination unit 305 determines that the user of the application execution terminal 102 has been switched, and notifies the policy control unit 302 to that effect.

  On the other hand, when the obtained difference is less than the prescribed amount (when the distance information 2 has not changed significantly from the distance information 1), the operation user determination unit 305 determines that the user of the application execution terminal 102 has not been switched, This is notified to the policy control unit 302. In addition, the operating user determination unit 305 sends the obtained difference (difference between the distance information 1 and the distance information 2) to the distance display unit 307.

  The policy control unit 302 switches the access policy provided to the application execution unit 306 according to the notification content from the operation user determination unit 305. For example, it is assumed that there is a user A who is currently using the application execution terminal 102. At this time, when the notification content from the operation user determination unit 305 indicates that the user has not been switched, the policy control unit 302 acquires the access policy of the user A from the user authority storage unit 301 and executes this application To the unit 306. Instead of the user A access policy, a default access policy may be supplied. Upon receiving a notification that the user has been switched from the operating user determination unit 305, the policy control unit 302 supplies an access policy that restricts the use of resources to the application execution unit 306 rather than the access policy of the user A. When the “user A access policy” is as illustrated in FIG. 3, the “access policy that restricts the use of resources more than the user A access policy” is, for example, the use of the GPS function or the communication function. Prohibited access policy. The access policy prohibits access to the address book and photo book. Further, an access policy of a general user (access policy common to all users) may be used as the “access policy that restricts the use of resources rather than the access policy of user A”.

  As described above, the policy control unit 302 can control the resource use restriction in the application execution unit 306 by switching the access policy provided to the application execution unit 306 according to the notification content from the operation user determination unit 305. .

  The application execution unit 306 executes an application for which an execution instruction (application execution instruction) has been received from the user via the operation unit, using resources of the application execution terminal 102. At that time, the application execution unit 306 executes processing using a resource permitted to be used by the access policy provided from the policy control unit 302, but executes processing using a resource prohibited from use. do not do. For example, the execution of the application may be interrupted, or the execution instruction may be ignored.

  The distance display unit 307 displays the indicator 403 indicating the magnitude of the difference received from the operation user determination unit 305 on the display screen 402. Various icons that can be applied to the indicator 403 can be considered.

  For example, as indicated by 601 in FIG. 4, if the difference is greater than or equal to the threshold θ1, the icon 605 is displayed as the indicator 403. If the difference is less than the threshold θ1 and greater than or equal to the threshold θ2 (θ1> θ2), the icon 604 is displayed as the indicator. It is displayed as 403. If the difference is less than θ2, the icon 603 is displayed as the indicator 403.

  Further, for example, as indicated by 602 in FIG. 4, when the difference is equal to or larger than the threshold θ1, the icon 608 is displayed as the indicator 403, and when the difference is less than the threshold θ1 and equal to or larger than the threshold θ2, the icon 607 is displayed as the indicator 403. . If the difference is less than θ2, the icon 606 is displayed as the indicator 403.

  As described above, the display method of the indicator 403 is not limited to a specific display method, and any method can be adopted as long as the difference between the distance information 1 and the distance information 2 can be visually notified to the user. good.

  Next, processing performed by the application execution terminal 102 for controlling the access policy will be described with reference to FIG. 5 showing a flowchart of the processing. In order to operate the application execution terminal 102, the user must first input his / her identification information and password to the application execution terminal 102. Therefore, the user inputs his / her identification information and password using an operation unit (not shown) of the application execution terminal 102.

  In step S701, when the user authority storage unit 301 receives the identification information and the password input from the user as described above as user authentication information, the user authority storage unit 301 stores the input identification information and password from the table illustrated in FIG. Search for combinations. If the combination is found by this search, it is determined that the user authentication is successful, and if the combination is not found, it is determined that the user authentication has failed. Various authentication processes for operating the application execution terminal 102 are conceivable, but this is not the essence here, so further explanation is omitted. In the following description, it is assumed that the user A is authenticated as the operation user of the application execution terminal 102.

  In step S702, the policy control unit 302 reads the access policy of the user A from the user authority storage unit 301, and holds the read access policy as an initial value.

  In step S <b> 703, the application execution unit 306 activates an application designated by the user A using an operation unit (not shown) and starts execution. Here, the application is, for example, a computer program for causing the application execution unit 306 to execute image browsing, photography, and communication processing. Execution of the application is performed according to the access policy held by the policy control unit 302. Be controlled.

  Then, when the user A passes the application execution terminal 102 to a third party, such as when an image is viewed by another person other than the user A, or when the image execution using the application execution terminal 102 is requested, the user A presses the button 405 By instructing the rental mode. However, in step S704, the distance storage unit 304 detects this instruction as a distance storage instruction.

  In step S705, the distance storage unit 304 stores the distance information input from the user distance acquisition unit 303 at this time as the distance information 1. Then, the distance storage unit 304 stores the distance information acquired from the user distance acquisition unit 303 as the distance information 2 in step S <b> 706 after a predetermined period from storing the distance information 1. Then, the distance storage unit 304 sends the two distance information to the operation user determination unit 305 at an appropriate timing.

  In step S707, the operation user determination unit 305 determines a difference between the distance information 1 and the distance information 2, and determines whether the calculated difference is equal to or greater than a specified amount. If the obtained difference is equal to or greater than the prescribed amount as a result of this determination, it is determined that the user of the application execution terminal 102 has switched from the user A to another user, and the process proceeds to step S709. On the other hand, if the obtained difference is less than the prescribed amount, it is determined that the user of the application execution terminal 102 has not changed from the user A, and the process proceeds to step S708. This “specified amount” may be a fixed value or a relative ratio to the distance information 1.

  In step S <b> 708, the policy control unit 302 supplies the access policy of user A to the application execution unit 306.

  In step S <b> 709, the policy control unit 302 supplies the application execution unit 306 with an access policy that restricts the use of resources rather than the user A access policy. When the “user A access policy” is as illustrated in FIG. 3, the “access policy that restricts the use of resources rather than the user A access policy” includes the following. That is, for example, prohibition of access to personal information data such as user A's address book, prohibition of starting a new application, and the like. As a result, access to unauthorized user data by a third party (for example, user B) who is handed over to the application execution terminal 102 for the purpose of browsing images is prevented.

  Alternatively, switching of the user A based on the difference between the distance information 1 and the distance information 2 for the user holding terminal 101 corresponding to the identifier registered in the column 506 of the table illustrated in FIG. You may judge.

  In another determination method, the determination is performed based on a change in distance information between a plurality of user holding terminals. For example, distance information 1 is acquired for each of the user holding terminal 101A and the user holding terminal 101B in step S705, and distance information 2 is acquired for each of the user holding terminal 101A and user holding terminal 101B in step S706.

  Then, the user holding terminal that has acquired the distance information 1 corresponding to the smaller distance among the distance information 1 acquired in step S705 acquires the distance information 2 corresponding to the larger distance among the distance information 2 acquired in step S706. It is assumed that this is a user holding terminal. In this case, in step S707, it is determined that the user has been switched. That is, the switching of the user is detected based on the change in the order of the user holding terminal and its distance.

  FIG. 6 shows a combination of the distance information 1 and the distance information 2 that the operation user determination unit 305 determines that the user has been switched in step S707. In FIG. 6A, both the distance information 1 and 2 are distances calculated based on the signal strength from the user holding terminal 101A (identifier is terminal ID1). The case where switching is judged is shown. In FIG. 6A, the distance information 1 obtained based on the signal obtained from the user distance acquisition unit 303 at the time (time 1) when the distance storage instruction is received indicates “1 meter”. Further, the distance information 2 obtained based on the signal obtained from the user distance obtaining unit 303 at time t2 after a certain period from time 1 indicates “5 meters”. Here, when the “specified amount” is “3 meters”, the difference (4 meters) between the distance information 1 and the distance information 2 is equal to or more than the specified amount “3 meters”, so it is determined that the user has been switched. Is done.

  In FIG. 6B, both the distance information 1 and 2 are the signal strength (radio wave strength) from the user holding terminal 101A (identifier is the terminal ID1), and switching of the user is determined according to this strength change. Shows the case to be. In FIG. 6B, the distance information 1 obtained based on the signal obtained from the user distance obtaining unit 303 at the time (time 1) when the distance storage instruction is received indicates “20 db”. Further, the distance information 2 obtained based on the signal obtained from the user distance acquisition unit 303 at time t2 after a certain period from time 1 indicates “10 db”. In this case, switching between users is determined according to a change in radio field intensity.

  In FIG. 6C, both the distance information 1 and 2 are distances calculated based on the signal strength from the user holding terminal 101 (identifier is terminal ID1) closest to the application execution terminal 102. The case where switching of a user is judged according to a distance change is shown. In FIG. 6C, the user holding terminal 101 located closest to the distance information 1 is moved from a distance of 1 meter to a distance of 5 meters when the distance information 2 is measured. For this reason, when the user holding terminal 101 becomes farther than the prescribed amount, it is determined to switch the user.

  In FIG. 6D, both the distance information 1 and 2 are distances calculated based on the signal strength from the user holding terminal 101 (identifiers are terminal ID1 and terminal ID2). This shows a case in which switching between users is determined. When measuring the distance information 1, the user holding terminal 101A is at a position of 1 meter, and the user holding terminal 101B is at a position of 5 meters. At the time of measuring the distance information 2, the distance between the user holding terminal 101A and the user holding terminal 101B is measured as 5 meters and 1 meter, respectively, and the user holding terminal at a short distance is changed. For this reason, it is determined that the user has been switched.

  In step S <b> 710, the application execution unit 306 executes the application that has started execution using the resources of the application execution terminal 102. At this time, the process using the resource permitted to be used by the access policy provided from the policy control unit 302 is executed, but the process using the resource prohibited to use is not executed.

  If the execution of the application is completed, the process is completed via step S711. If not completed, the process returns to step S706 via step S711. Thereafter, the distance information 2 is periodically acquired, and user switching is determined according to the difference from the distance information 1 acquired in step S704.

  With the processing described above, when the operating user (user A) causes the third party (user B) to operate the application execution terminal 102, the application execution terminal 102 can appropriately limit the access right of the application. . In this embodiment, the level of access control in the application execution terminal 102 has been described by using two levels of the initial value and the restricted access policy. However, a plurality of levels may be used. is there. In this case, the level of access control is changed stepwise according to the distance between the application execution terminal 102 and the user holding terminal 101. As a result, more flexible policy control can be executed.

  The above-described configuration described as the configuration of the application execution terminal 102 is merely an example, and is merely an example of the configuration shown below. In other words, the application execution terminal 102 is an example of an information processing apparatus, and the information processing apparatus includes a processing unit that executes processing using resources that are permitted to be used among resources of the information processing apparatus. Further, this information processing apparatus has a large difference between the reference value and the strength of the signal transmitted from the terminal held by the user or the distance between the information processing apparatus and the terminal determined according to the strength. The control unit further restricts the resources permitted to be used by the processing unit.

  More specifically, the control unit determines that the difference between the strength at the first timing of the signal transmitted from the terminal and the strength at the second timing in the past from the first timing is equal to or greater than a specified amount. When it is detected, the resource permitted to be used by the processing unit is limited.

  Details of resource restrictions are as follows. That is, when it is detected that the difference is less than the specified amount, the first access policy is set as an access policy that specifies a resource permitted to be used among resources of the information processing apparatus. Further, when it is detected that the difference is equal to or greater than the prescribed amount, a second access policy that restricts resources permitted to be used by the processing unit is set rather than the first access policy. Then, the processing unit executes processing using the resources that are permitted to be used by the access policy set by the setting unit.

<Modification 1>
In the first embodiment, access control is performed for each application. However, in the first modification, access control is performed for each API constituting the application. For example, an application for posting to a photo posting site described in a script language, which is an application composed of the steps of photography, posting message creation, photo site login, and photo posting, is taken as an example. When it is desired to execute a posting application and request a third party to take a picture only, it is desirable that the third party cannot perform subsequent posting message creation or login processing. Therefore, in the first modification, the access policy is controlled for each API execution step.

  An example of the script of the posting application is shown in FIG. API calls 801 to 804 are API calls for the above-described photography, post message creation, photo site login, and photo posting, respectively.

  The CaptureImage () API 801 activates the camera function of the application execution terminal and captures a photographic image in accordance with a shutter instruction from the operating user. The CreateMessage () API 802 accepts text input from a user through a text input unit (not shown), and creates a post message to the photo posting site. LogInService () API 803 logs into the photo posting site using the photo posting site account (ID) and password (password). Finally, the PostMessage () API 804 uploads the photo image and post message acquired by the CaptureImage () API 801 and CreateMessage () API 802 to the photo posting site.

  The purpose of the first modification is to request only photography (API 801) from a third party and prevent subsequent processing (APIs 802 to 804) from being executed by the third party. The configuration of the system used in the first modification is the same as that of the first embodiment, and only the difference will be described below.

  The operation of the application execution terminal 102 in Modification 1 will be described with reference to the flowchart of FIG. In FIG. 8, steps S1001 to S1009 are the same as steps S701 to 709 in FIG. 5, respectively. However, in step S1003, only variable N used in the following is initialized to 1, which is different from step S703.

  In step S <b> 1010, the application execution unit 306 determines whether or not the Nth API can be executed using the access policy supplied from the policy control unit 302. Here, whether or not the API can be executed is defined by an API call 805 for confirming the execution authority as shown in FIG. In this case, the CheckUSer () API 805 verifies whether the processing can be continued after the processing of CaptureImage () for taking a picture. If the verification fails, the processes in steps S1006 to S1009 are repeated again after a predetermined time. Alternatively, whether or not an API can be executed may be determined using a table that defines whether or not each API can be executed as shown in FIG.

  In FIG. 9, information relating to each of the user A, the user B, and the general user is registered in each of the rows 901 to 903. In a column 904, identification information of each user is registered. In a column 905, whether or not the API 801 can be executed is registered for each user (“◯” indicates execution permission, “×” indicates execution prohibition). In a column 906, whether or not the API 802 can be executed is registered for each user. In a column 907, whether or not the API 803 can be executed is registered for each user. In column 908, whether or not the API 804 can be executed is registered for each user.

  That is, according to FIG. 9, the CaptureImage () API 801 can be executed as defined by the API 805 while the application execution terminal 102 passes to a third party (Guest user). However, other APIs such as CreateMessage () cannot be executed.

  As a result of the determination in step S1010, if the Nth API can be executed, the process proceeds to step S1011. The application execution unit 306 executes the Nth API and increments the value of the variable N by one. .

  If all APIs have been executed, the process ends via step S1012, and if there is still an API that has not been executed ((N + 1) th API), the process returns to step S1006.

  As described above, according to the first modification, it is possible to request processing of only a specific processing portion of an application while preventing unauthorized use of the application execution terminal 102.

<Modification 2>
A functional configuration example of the application execution terminal 1901 used in the second modification will be described with reference to the block diagram of FIG. Of the functional units illustrated in FIG. 10, the same functional units as those illustrated in FIG. 3 are denoted by the same reference numerals, and description thereof is omitted.

  The operator image acquisition unit 1902 acquires an image captured by the imaging lens 404 such as the rear camera. As described above, this image shows the face of the user who is currently operating the application execution terminal 1901.

  The operator image storage unit 1903 stores at least two images sent from the operator image acquisition unit 1902. The operator image storage unit 1903 stores the images sent from the operator image acquisition unit 1902 at each of the two timings as the user image 1 and the user image 2, respectively. For example, when it is detected that an instruction (operator image storage instruction) is input from the user, an image transmitted from the operator image acquisition unit 1902 is transmitted from the user image 1, and after a certain period, the image is transmitted from the operator image acquisition unit 1902. The recorded image may be stored as user image 2. The user image 1 may be an image acquired from the operator image acquisition unit 1902 before a certain period of time, or a user who has been successfully authenticated at the application execution terminal 1901 is registered in the column 507 of FIG. The face image may be the user image 1. Then, the operator image storage unit 1903 sends the two images to the operation user determination unit 1904 at an appropriate timing when the two images are aligned.

  The operation user determination unit 1904 obtains the degree of similarity between the two images (user image 1 and user image 2) received from the operator image storage unit 1903. The similarity may be obtained, for example, by performing face area extraction processing from each image and performing pattern matching between the extracted face areas, or the facial feature amount extracted from the face area extracted from each image. You may obtain | require by comparing the used recognition process result.

  If the obtained similarity is less than the specified amount, the operating user determination unit 1904 determines that the user has switched, and sends a message to that effect to the policy control unit 302. On the other hand, if the obtained similarity is equal to or greater than the specified amount, the operating user determination unit 1904 determines that the user has not switched, and sends a message to that effect to the policy control unit 302. In addition, the operating user determination unit 1904 sends the obtained similarity to the similarity display unit 1905.

  The similarity display unit 1905 displays an indicator 403 indicating the degree of similarity on the display screen 402. As described in the first embodiment, various icons that can be applied to the indicator 403 can be considered.

  For example, as shown by 601 in FIG. 4, if the similarity is greater than or equal to the threshold θ1, the icon 603 is displayed as the indicator 403. If the similarity is less than the threshold θ1 and greater than or equal to the threshold θ2 (θ1> θ2), the icon 604 is displayed. Is displayed as an indicator 403. If the similarity is less than θ2, the icon 605 is displayed as the indicator 403.

  Further, for example, as shown by 602 in FIG. 4, when the similarity is equal to or greater than the threshold θ1, the icon 606 is displayed as the indicator 403, and when the similarity is less than the threshold θ1 and equal to or greater than the threshold θ2, the icon 607 is displayed as the indicator 403. indicate. If the similarity is less than θ2, the icon 608 is displayed as the indicator 403.

  As described above, the display method of the indicator 403 is not limited to a specific display method, and any method can be adopted as long as the similarity between the user image 1 and the user image 2 can be visually notified to the user. Also good.

  Next, processing performed by the application execution terminal 1901 for controlling the access policy will be described with reference to FIG. 11 showing a flowchart of the processing. In FIG. 11, the same processing steps as those in FIG. 5 are denoted by the same step numbers, and description of these steps is omitted. In the following description, it is assumed that the operation user of the application execution terminal 1901 is authenticated as the user A.

  When user A passes the application execution terminal 1901 to a third party, such as when someone other than user A browses the image or requests image shooting using the application execution terminal 1901, the user A presses the button 405. Instruct the rental mode with. However, in step S704, the operator image storage unit 1903 detects this instruction as an operator image storage instruction.

  In step S1101, the operator image storage unit 1903 stores the image input from the operator image acquisition unit 1902 at this time as the user image 1. Then, the operator image storage unit 1903 stores the image acquired from the operator image acquisition unit 1902 as the user image 2 in step S1102 after a predetermined period of time from storing the user image 1. Then, the operator image storage unit 1903 sends the two images to the operation user determination unit 1904 at an appropriate timing.

  In step S <b> 1103, the operation user determination unit 1904 obtains a similarity between two images (user image 1 and user image 2) received from the operator image storage unit 1903. If the obtained similarity is less than the specified amount, it is determined that the user has switched, and the process proceeds to step S709. On the other hand, if the obtained similarity is equal to or greater than the specified amount, it is determined that the user has not switched, and the process proceeds to step S708.

  As described above, according to the second modification, the application execution terminal 1901 detects a change in the operating user without communicating with an external device such as the user holding terminal 101, and appropriately executes an access policy restriction. Is possible.

[Second Embodiment]
Each unit constituting the application execution terminal 102 shown in FIG. 1 and each part constituting the application execution terminal 1901 shown in FIG. 10 may be configured by hardware. However, what operates as a storage unit (distance storage unit 304, user authority storage unit 301, operator image storage unit 1903) may be configured by a memory, and other units may be configured by a computer program. In this case, if the device has a CPU or memory, such as a general PC, the hard disk is used as the distance storage unit 304, the user authority storage unit 301, and the operator image storage unit 1903, and the computer program can be executed by the CPU. . Therefore, such a device can be applied to the application execution terminal 102 (901).

  Note that the above-described configuration described as the configuration of the application execution terminal 1901 is merely an example, and is merely an example of the configuration shown below. In other words, the application execution terminal 1901 is an example of an information processing apparatus, and the information processing apparatus is an information processing apparatus having an imaging unit capable of imaging a user of the information processing apparatus. The information processing apparatus includes a processing unit that executes processing using resources that are permitted to be used among resources included in the information processing apparatus. Further, the information processing apparatus controls the resource that is allowed to be used by the processing unit when the similarity between the image captured by the imaging unit and the image prepared as a reference for comparison with the image is less than a predetermined amount. Have

  If the similarity between images captured by the image capturing unit at each of the two timings is less than a predetermined amount, the control unit restricts resources that are allowed to be used by the processing unit. Alternatively, if the degree of similarity between the image registered in advance as the face image of the user who has logged in to the information processing apparatus and the image captured by the imaging unit after the login is less than the prescribed amount, the processing unit is permitted to use the image. Limit resources.

(Other examples)
The present invention can also be realized by executing the following processing. That is, software (program) that realizes the functions of the above-described embodiments is supplied to a system or apparatus via a network or various storage media, and a computer (or CPU, MPU, or the like) of the system or apparatus reads the program. It is a process to be executed.

Claims (15)

An information processing apparatus,
Processing means for executing processing using a resource permitted to be used among resources of the information processing apparatus;
The larger the difference between the strength of the signal transmitted from the terminal held by the user or the distance between the information processing apparatus and the terminal determined in accordance with the strength and the reference value, the greater the difference is used for the processing means. An information processing apparatus comprising: a control unit that further restricts a resource for which permission is permitted. The control means includes
When it is detected that the difference is less than a specified amount, a first access policy is set as an access policy that specifies a resource permitted to be used among resources of the information processing apparatus, and the difference is equal to or greater than a specified amount. If this is detected, a setting unit that sets a second access policy that restricts the resource permitted to be used by the processing unit rather than the first access policy is provided.
The information processing apparatus according to claim 1, wherein the processing unit performs processing using a resource permitted to be used by an access policy set by the setting unit. The setting means includes
As the first access policy, an access policy unique to the user is set,
The information according to claim 2, wherein the second access policy is set to an access policy in which use of a resource defined as the first access policy is permitted to be used is prohibited. Processing equipment. The setting means includes
As the first access policy, an access policy unique to the user is set,
The information processing apparatus according to claim 2, wherein an access policy common to all users is set as the second access policy.   The control means detects that a difference between a strength at a first timing of a signal transmitted from the terminal and a strength at a second timing in the past of the first timing is equal to or greater than a predetermined amount. Then, the information processing apparatus according to any one of claims 1 to 4, wherein a resource permitted to be used by the processing unit is limited.   The control means includes a distance between the information processing apparatus and the terminal determined according to a strength at a first timing of a signal transmitted from the terminal, and a second past than the first timing. When the difference between the distance between the information processing device and the terminal determined according to the strength at the timing of the timing is more than a specified amount, the resource permitted to be used by the processing means is limited. The information processing apparatus according to any one of claims 1 to 4, wherein the information processing apparatus is characterized in that:   The second timing is a timing when it is detected that an instruction has been input to the information processing apparatus, and the first timing is a timing after a certain period from the second timing. The information processing apparatus according to claim 5 or 6. The control means includes
The distance between the information processing apparatus and the first terminal obtained according to the intensity at the second timing of the signal transmitted from the first terminal held by the first user, and the second user Of the distance between the information processing device and the second terminal obtained according to the intensity at the second timing of the signal transmitted from the second terminal to be held, between the information processing device The device with the smaller distance
The distance between the information processing apparatus and the first terminal obtained according to the intensity at the first timing of the signal transmitted from the first terminal, the signal transmitted from the second terminal Of the distance between the information processing apparatus and the second terminal determined according to the strength at the first timing, the terminal having the larger distance between the information processing apparatus,
2. The information processing apparatus according to claim 1, further restricting resources permitted to be used by the processing unit. Furthermore,
9. The information processing apparatus according to claim 1, further comprising means for displaying an indicator indicating the magnitude of the difference. An information processing apparatus having an imaging unit capable of imaging a user of the information processing apparatus,
Processing means for executing processing using a resource permitted to be used among resources of the information processing apparatus;
Control means for restricting resources permitted to be used by the processing means if the similarity between the image picked up by the image pickup section and an image prepared as a reference for comparison with the image is less than a predetermined amount; An information processing apparatus characterized by the above.   The control unit limits resources permitted to be used by the processing unit when the similarity between images captured by the imaging unit at each of two timings is less than a predetermined amount. The information processing apparatus described in 1.   If the degree of similarity between an image registered in advance as a face image of a user who has logged into the information processing apparatus and an image captured by the imaging unit after the login is less than a predetermined amount, the control unit performs the processing The information processing apparatus according to claim 10, wherein resources permitted to be used by the means are limited. An information processing method performed by an information processing apparatus,
A processing step in which processing means of the information processing device executes processing using a resource that is permitted to be used among resources of the information processing device;
A difference between a reference value and a signal intensity transmitted from a terminal held by a user or a distance between the information processing apparatus and the terminal determined according to the intensity, by the control unit of the information processing apparatus And a control step of restricting resources that are permitted to be used for the processing step as the value of the information processing method increases. An information processing method performed by the information processing apparatus having an imaging unit capable of imaging a user of the information processing apparatus,
A processing step in which processing means of the information processing device executes processing using a resource that is permitted to be used among resources of the information processing device;
If the degree of similarity between the image captured by the image capturing unit and the image prepared as a reference for comparison with the image is less than a predetermined amount, the control unit of the information processing apparatus allows the processing unit to use the resource An information processing method comprising: a control step for restricting.   A computer program for causing a computer to function as each unit of the information processing apparatus according to any one of claims 1 to 12.

Images