JP2014178737A - Information processing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify user authentication processing, and also enhance security of the user authentication processing by presetting a permitted position for using an application.SOLUTION: An information processing device comprises: an input unit; a position information acquisition unit which acquires information about a current position; a storage unit which prestores a user ID; a user authentication unit which performs user authentication; a use permission determination unit which acquires, from a server, use permission information associating in advance an application that can be used by a user identified by the user ID with position information indicating an area permitting use of the application, and when input of a start request for the application is received, determines whether to permit execution of the application specified by the start request on the basis of the acquired use permission information; and a function execution unit which executes the application which is permitted to be executed. The use permission determination unit permits execution of the application specified by the start request only when the application specified by the start request is a use permitted application included in the use permission information and also the current position is included in the position information indicating an area permitting the use of application.

Description

  The present invention relates to an information processing apparatus, and more particularly to an information processing apparatus having a function of determining whether or not an application program can be activated in an information processing apparatus having portability.

Today, portable information processing apparatuses (hereinafter also referred to as mobile terminals) such as mobile phones, smartphones, and tablet terminals are used.
Since such a portable terminal has a wireless communication function, a function requiring communication can be used anytime and anywhere as long as the use area is a place where radio waves reach.
In addition, functions that do not involve communication can of course be executed at any time and at any place.

Therefore, it is possible to execute various functions even at a station where a large number of unspecified persons are nearby, and there is a risk that secret information may be leaked by viewing the screen of the mobile terminal by a third party. .
Also, in certain facilities such as hospitals, the use of functions such as wireless communication and cameras is prohibited in order to prevent adverse effects on medical devices and the like.

  For example, in Patent Document 1, in order to effectively restrict the use of a specific function in a specific facility, area information including location information of the facility and information indicating a function to be prohibited in the facility is acquired. If the current position of the portable terminal is compared with the position information in the acquired area information and the current position is determined to be within the restricted area, the terminal use restriction system restricts the corresponding function. Has been proposed.

JP 2011-228882 A

  Generally, in a portable terminal or other information processing apparatus, in order to prevent terminal use restrictions or information leakage, a user logs on to a terminal by inputting the user's unique ID and password. Or, when a dedicated application program for business use is started, execution of the application program is permitted by inputting a dedicated ID or password.

  However, to ensure security, even if the above input operation is required, in the case of a mobile terminal, a logon operation can be performed at any location. If you log on and start an application program where you can peep, there is a high risk of information leakage.

  In addition, in the system described in Patent Document 1, the use of functions in a specific facility can be restricted, but the use in other places cannot be restricted, so that it is sufficient to prevent information leakage and the like. Security may not be ensured.

On the other hand, it is possible to prevent a certain amount of information leakage by repeating logon and logoff frequently by avoiding use in places where the user himself / herself has high security awareness and can be seen by a third party. is there.
However, in order to log on, as described above, it is necessary to input characters and symbols for the normal ID and password, which is very troublesome and time consuming, and the operation burden on the user is large.
That is, it is considered practically difficult to perform the logon operation repeatedly to ensure sufficient security because it imposes a heavy burden on the user and impairs good operability.

  Therefore, the present invention has been made in consideration of the above circumstances, and by reducing the user's operation burden by setting in advance a position for starting an application program that executes a specific function. An object of the present invention is to provide an information processing apparatus capable of ensuring sufficient security.

The present invention relates to an input unit that inputs an application program activation request, a position information acquisition unit that acquires information on a current position, a storage unit that stores a user ID that identifies a user in advance, and a user using the user ID. A user authentication unit that performs authentication, an application program that can be used by the user specified by the user ID that has succeeded in the user authentication, and position information that indicates a range in which use of the application program is permitted are associated in advance. When usage permission information is acquired from a server and a startup request for a predetermined application program is input by the input unit, execution of the application program requested to start is permitted based on the acquired usage permission information. A use permission determination unit that determines whether or not the A function execution unit that executes the application program, and the use permission determination unit includes the current position acquired by the position information acquisition unit in position information indicating a range in which use of the application program is permitted In this case, an information processing apparatus is provided that permits execution of the application program requested to be started.
According to this, since the application program permitted to be used is executed when the user is at a predetermined position set in advance, information leakage to a third party can be prevented and security can be improved.

In addition, an IC card reading unit that receives a user ID stored in advance in the IC card by wireless communication is further provided, and the user authentication unit stores the user ID stored in the storage unit in advance and the received user ID. And when both user IDs match, it is determined that the user authentication is successful.
According to this, since user authentication is performed by wireless communication using an IC card, it is not necessary for the user to directly input information necessary for authentication, and the operation burden on the user for authentication can be reduced, and the authentication time can be reduced. Can be shortened.

  The wireless communication between the IC card and the IC card reading unit is short-range wireless communication that is established when the distance from the IC card approaches within a predetermined value.

  Furthermore, the present invention is an application use permission determination system in which one or a plurality of information processing devices and a server are connected via a network, wherein the information processing device includes an input unit that inputs an application program activation request; A location information acquisition unit that acquires information on the current location, a storage unit that stores a user ID that identifies a user in advance, a user authentication unit that performs user authentication using the user ID, and the application program requested to start A use permission determination unit that determines whether or not the execution of the application program may be permitted, and a function execution unit that executes an application program that is permitted to be executed. The server is identified by the user ID and the user ID. Application programs that can be used by And a search unit, the use permission determination unit including a user ID that has succeeded in the user authentication. The confirmation request is transmitted to the server, and the search unit of the server acquires the use permission information corresponding to the user ID included in the received use permission confirmation request from the information database, and transmits the use permission confirmation request. When the application program activation request is input by the input unit, the usage permission determining unit includes the application program that is included in the received usage permission information. The current position acquired by the position information acquisition unit is the received use If it belongs to a range indicated by the position information included in the variable information, and is characterized in allowing execution of the activation requested application program.

  In addition, the server further includes an activation determination unit that determines whether to permit activation of an application program requested to be activated, and the information processing apparatus includes a user ID and a current information acquired by the position information acquisition unit. Determination request information including location information and the name of the application program requested to start is transmitted to the server, and the start determination unit includes the received determination request information in the use permission information of the information database. If there is use permission information that matches the user ID and the name of the application program and the information on the current position included in the determination request information belongs to the position information indicating the range in which use of the application program is permitted, It is determined that the activation of the requested application program is permitted, and the determination request information And it sends the determination result to the information processing apparatus that has transmitted the said function execution unit, based on the received determination result, characterized in that to execute the application program activation request.

  According to the present invention, the application program requested to be activated is an application program that can be used by the user included in the use permission information acquired from the server, and the current position where the information processing apparatus exists is determined to use the application program. When it is included in the permitted range, execution of the application program requested to start is permitted, so that information leakage to a third party can be prevented and security can be improved.

1 is a configuration block diagram of an embodiment of an information processing apparatus and a server according to the present invention. It is explanatory drawing of one Example of the user use permission list | wrist of this invention. It is explanatory drawing of one Example of the message displayed on the display part of this invention. It is explanatory drawing of one Example of the message displayed on the display part of this invention. It is a flowchart of one Example of the authentication process and the starting permission determination process in the portable terminal of this invention. It is a flowchart of one Example of the search process of the use permission list in the server of this invention.

Hereinafter, the present invention will be described based on the embodiments shown in the drawings.
However, this does not limit the present invention.

<Configuration of app use permission judgment system>
FIG. 1 shows a configuration block diagram of an embodiment of an information processing apparatus and a server according to the present invention.
FIG. 1 shows an application use permission determination system in which an information processing apparatus 1 and a server 5 are connected via a network 4.
Here, one or a plurality of information processing apparatuses 1 connected to the server 5 may be provided, and use permission determination of the application program requested to be activated is performed for each information processing apparatus.

The information processing apparatus 1 of the present invention is used as a small and light portable terminal (for example, a mobile phone, a smart phone, a tablet terminal, a handy terminal) in addition to a desktop personal computer and a notebook personal computer.
In the following embodiment, a case where the information processing apparatus is the mobile terminal TE1 will be described.

In FIG. 1, a portable terminal TE1 and a server SV5 are connected via a network 4, and information (user ID, user ID, etc.) for determining use permission of an application program between the portable terminal TE1 and the server SV5, for example. Position information) is transmitted and received.
The mobile terminal TE1 (hereinafter also simply referred to as a terminal or TE) is a terminal owned by a user, and has a wireless communication function for transmitting and receiving data to and from the network 4 by wireless communication in order to be carried around. To do.
The server SV5 mainly includes an information database 55 and a search unit 53, and gives usage permission information to the terminal TE1 in response to a request from the terminal TE1, as will be described later.
Further, it is assumed that the user has an IC card 3 in which a user ID for specifying the user is stored in order to authenticate the use of the mobile terminal.

<Configuration of IC card>
As the IC card 3, for example, a card-type electronic storage medium such as an employee ID card of a company to which a user belongs or a student ID card is used.
The IC card 3 is preferably a non-contact type IC card capable of wireless communication with the terminal TE for the convenience of the user.

The IC card 3 is mainly composed of a communication unit 31 and an ID storage unit 32.
The communication unit 31 is a part that performs data communication with the IC card reading unit 17 of the mobile terminal 1 and has, for example, an NFC (Near Field Communication) function that is a wireless communication standard approved by an international standard organization. It is preferable.
NFC is communication using a 13.56 MHz carrier wave. NFC has several communication methods, but the communication method is not limited to one, and any communication method may be used.
That is, the wireless communication between the IC card 3 and the IC card reading unit 17 is short-range wireless communication that is established when the distance between the terminal 1 and the IC card 3 approaches within a predetermined value. For example, it is assumed that communication between the IC card 3 and the portable terminal 1 is established when the distance between the IC card 3 and the portable terminal 1 is less than about 10 cm.

The ID storage unit 32 is a memory that stores a unique identification number (user ID 33) for specifying a user.
For example, a ROM or a flash memory is preferably used as the ID storage unit 32 so that the user ID 33 cannot be easily rewritten without disappearing.
When the user brings the IC card 3 close to the terminal TE and communication is established between the communication unit 31 and the IC card reading unit 17 of the terminal TE, the user ID 33 is read from the IC card 3 and wirelessly communicated with the terminal The data is transmitted to the TE, and an authentication process is performed by the user authentication unit 14 of the terminal TE.

<Configuration of information processing apparatus (mobile terminal)>
The portable terminal TE1 mainly includes a control unit 11, a display unit 12, an input unit 13, a user authentication unit 14, a use permission determination unit 15, a function execution unit 16, an IC card reading unit 17, a position information acquisition unit 18, and a communication unit 19. , Storage unit 20.

The control unit 11 is a part that executes the function of each functional block of the present invention, and is mainly realized by a microcomputer including a CPU, a ROM, a RAM, an I / O controller, a timer, and the like.
In addition, by operating each hardware organically based on a control program stored in a ROM or the like, the TE communication function, authentication function, application program use permission determination function, execution of an application program, etc. of the present invention I do.

The display unit 12 is a part for displaying information necessary for executing a function, and for example, an LCD, an organic EL display, or the like is used.
On the display unit, an operation menu selection screen, a message display screen such as an error, a display screen when executing an application, and the like are displayed.

The input unit 13 is a part for a user to input various information or an application program activation request for executing a predetermined function.
As the input unit 13, for example, a touch panel, a keyboard, a mouse, or the like is used.
In the case of using a touch panel, the display unit and the input unit are formed by being overlapped or integrally formed.

The user authentication unit 14 is a part that authenticates a user who intends to use the terminal TE by using the user ID. For example, it is a part for confirming whether or not the user ID or password input by the input unit 13 matches the user ID or password stored in advance in the storage unit.
However, in the present invention, in order to authenticate the user, as will be described later, the IC card 3 is used and the user ID stored in the IC card 3 is read out by wireless communication.
As a result, it is not necessary for the user to directly input a user ID made up of characters or symbols, and the operation burden on the user for user authentication can be reduced and the time can be reduced.

  The use permission determination unit 15 is a part that determines whether or not the execution of the application program for which the user has input the activation request may be permitted. As will be described later, whether or not the application program can be used is determined based on the use permission information acquired from the server SV5, and the execution of the application program is permitted when a predetermined condition is satisfied.

  The use permission information used for this determination is associated in advance with an application program that can be used by the user specified by the user ID that has been successfully authenticated by the user, and position information that indicates a range in which use of the application program is permitted. Information.

  For example, when a start request for a predetermined application program is input by the input unit, the requested application program is a usable application program included in the use permission information acquired from the server, and the position information acquisition unit When the current position acquired by the above is included in the position information indicating the range in which use of the application program is permitted, the execution of the application program requested to start is permitted.

The function execution unit 16 is a part that executes an application program (hereinafter, also simply referred to as an application) for which an activation request is input by the user and is permitted to be executed, and is also referred to as an application execution unit.
As described above, only the application program permitted by the use permission determination unit 15 is executed.
Even if the user inputs an instruction (start request) that indicates the start of activation of a desired application program, if the use permission determination unit 15 does not permit the application program, the application program is not executed.

The IC card reading unit 17 is a part that receives a user ID 33 stored in advance in the IC card 3 from the IC card 3 by wireless communication when the IC card reading unit 17 is ready to communicate with the IC card 3.
The received user ID 33 is compared with the user ID 21 stored in advance in the storage unit 20, and user authentication is performed.

That is, the user authentication unit 14 compares the user ID 21 stored in advance in the storage unit 20 with the received user ID 33 and determines that the user authentication is successful when both user IDs match.
When user authentication is successful, a use permission confirmation request including a user ID that has been successfully authenticated is transmitted to the server 5.

  The location information acquisition unit 18 (hereinafter also referred to as a GPS unit) receives GPS signals transmitted from a plurality of GPS satellites, and based on the received GPS signals, information on the current location where the terminal TE is present (latitude, longitude) ) Is the part to get. The acquired current position information 23 is stored in the storage unit 20.

The communication unit 19 is a part that performs data communication with the server SV5 via the network 4.
For example, when the user authentication is successful, a use permission confirmation request including the user ID 21 and the information on the current position 23 is transmitted to the server 5, and the use permission information 24 is received from the server 5.
As described above, the communication unit 19 preferably has a wireless communication function, and performs communication based on various wireless communication standards such as a wireless LAN.

The storage unit 20 stores various information used in the terminal TE, and a semiconductor storage element such as a ROM, a RAM, and a flash memory, a storage device such as an HDD and an SSD, and other storage media are used.
The storage unit 20 stores, for example, a user ID 21, an application program 22, a current position 23, use permission information 24, and the like.

The user ID 21 is identification information that identifies the user, and is information that is compared with the user ID 33 acquired from the IC card 3 as described above.
For example, an employee ID is used as the user ID 21, and is fixedly stored in the storage unit 20 of the terminal TE in advance.

The application program 22 is software that can be used in the terminal TE, and is stored in advance in the terminal TE1, downloaded from a server or the like via the network 4, or an external storage in which the application program is stored in advance. Obtained by reading from the medium.
The application program 22 is activated mainly by selecting and inputting a predetermined icon portion among many icons included in the application selection screen displayed on the display unit 12.

The current position 23 is position information (longitude, latitude) acquired by the GPS unit 18 described above, and indicates the position where the terminal TE is currently located.
As the terminal TE moves, the information on the current position 23 also changes.

The usage permission information 24 is information acquired from the server, and is included in the transmission information 59 sent from the server 5, and is an application program that can be used by a user who has been successfully authenticated at the terminal TE1. Relevant information.
The use permission information 24 mainly includes position information and an application name that are associated in advance. However, the user ID may be included.

The application name is a name of an application program that can be used by the user.
The location information indicates a location where the application program specified by the associated application name is permitted to be used, and is indicated by, for example, a geographical town name or address, a building name, a company name, or a store name. .
Further, as the position information, a usable geographical range may be indicated using latitude and longitude.

The application program that can be used for each user is different, and the geographical range that permits the use of the application program is considered to be different.
Accordingly, for each user, use permission information including a user ID, an application program that can be used, and position information that can use the application program is preset, transmitted to the server 5, and stored in the information database 55. Keep it.

When there are a plurality of application programs used by the user, usable position information is set in advance for each application program.
The use permission information 24 is a preset geographical range in which the user can use the application program. When the terminal TE owned by the user moves within the set geographical range, the application program is displayed. Execution is allowed.
On the contrary, if the current position of the terminal TE does not belong to the set geographical range, even if the application program activation request associated with the geographical range is input by the user, the application program is Not executed.

<Server configuration>
As shown in FIG. 1, the server 5 mainly includes a control unit 51, a communication unit 52, a search unit 53, an activation determination unit 54, an information database 55, and a storage unit 57.
The control unit 51 executes various functions of the server 5 and is realized by a microcomputer, like the control unit 11 of the terminal TE.

The communication unit 52 is a part that performs data communication with the terminal TE1 via the network 4.
The server SV5 is installed in a company building, for example, and can communicate via various networks.
The server SV5 only needs to be able to perform data communication by either wired communication via a cable such as ISDN, ADSL, or FTTH, or wireless communication using a wireless LAN.

The search unit 53 is a part that searches the information database 55.
For example, as described later, when a use permission confirmation request is received from the terminal TE, the user use permission list 56 included in the information database 55 is searched, and the use corresponding to the user ID included in the received use permission confirmation request. Obtain permission information (also called application information).
The acquired use permission information is transmitted to the terminal 1 that has transmitted the confirmation request.

The activation determination unit 54 is a portion that determines whether to allow activation of an application program that the user is trying to activate.
However, in the embodiments shown in FIGS. 5 and 6 to be described later, since the use permission is determined by the terminal TE, the activation determination unit 54 is not necessary.
When the terminal TE1 does not determine whether or not the application can be used, the server SV5 may use the activation determination unit 54 to determine whether or not the application can be used.
That is, the determination of permission to use the application program may be performed by either the terminal TE1 or the server SV5.

The information database 55 is a storage device that collectively manages various information related to the terminal TE1.
In the present invention, in particular, an application program that can be used for each user and a user use permission list 56 showing the usable position information are stored in advance.

FIG. 2 shows an explanatory diagram of an embodiment of the user use permission list 56 of the present invention.
The user use permission list 56 stores use permission information of all the users who use the server 5.
One use permission information of one user is stored in advance by associating the user ID (a), usable position information (b), and usable application name (c) of the user.

Here, the usable application name means an application program that can be used by the user specified by the corresponding user ID.
Further, the usable position information means position information indicating a position or a geographical range where the use of the usable application program is permitted.

For example, in FIG. 2, for the user with user ID = 0001, six pieces of usage permission information are registered in advance, and the application named “inventory management application” is assigned to the terminal TE owned by the user with user ID = 0001. It means that it can be used when it exists in the store A.

In FIG. 2, in the store A, a user with a user ID = 0001 can use three application programs (an inventory management application, a catalog application, and an ordering application).
Further, for example, for a user with user ID = 0002, when four pieces of use permission information are registered in advance and the terminal TE is in the store C, two application programs of “estimation application” and “catalog application” are stored. Indicates that it can be used.

  As will be described later, when a use permission confirmation request is received from a terminal TE owned by a user with user ID = 0001, the user use permission list 56 is searched using the user ID = 0001 as a key, and the user ID = 0001. The usage permission information including is extracted.

In the case of FIG. 2, six pieces of use permission information including the user ID = 0001 are extracted and acquired as application information that matches the user ID.
The acquired application information includes at least the location information (b) of the extracted use permission information and the application name (c).
The acquired application information is transmitted to the terminal TE1 that has transmitted the use permission confirmation request.

The storage unit 57 is a part that stores information necessary for executing the function of the server SV5, and is used by a semiconductor storage element such as a ROM, a RAM, or a flash memory, a storage device such as an HDD or an SSD, or other storage media. It is done.
In the storage unit 57, for example, reception information 58 and transmission information 59 are temporarily stored.

The reception information 58 is information transmitted from the terminal TE. For example, when the use permission confirmation request is received, the reception information 58 is information included in the request.
It is assumed that the use permission confirmation request includes at least the user ID and the current position.
Using the user ID of the received information 58 as a key, the user use permission list 56 is searched.
When the server 5 determines whether to start the application program, the use permission confirmation request includes the name of the application program requested to start in addition to the user ID and the current position.

The transmission information 59 is information transmitted to the terminal TE. For example, in response to the received use permission confirmation request, the transmission information 59 is information returned to the terminal TE that has transmitted the request.
In this case, the transmission information 59 to be returned corresponds to the application information (position information, application name) extracted from the user use permission list 56 as described above.
That is, application information including position information and an application name associated with a user ID in advance is generated as transmission information 59 and transmitted to a terminal owned by a user having the user ID.
In addition, when the activation determination is performed in the server, the activation determination result (usable or unusable) is transmitted.

<User authentication processing and application program activation determination processing>
The following describes a user authentication process using an IC card and a process for stopping the activation without executing the application program after determining whether to permit use of the application program for which the user has input the activation request. To do.
FIG. 5 shows a flowchart of an embodiment of processing executed by the portable terminal TE1.
FIG. 6 shows a flowchart of an embodiment of processing executed by the server SV5.

Assume that the power supply of the terminal TE is turned on (ON) in step S1 of FIG.
In step S2, the position information acquisition unit 18 acquires position information of the current position where the terminal TE is present using GPS.
The acquired position information is stored in the storage unit 20 as the current position 23.
Although acquisition of position information here is not essential, since the current position where the terminal TE exists may be a position where it is difficult to receive GPS signals, it takes a considerable amount of time to acquire position information using GPS. In some cases, this may occur.
Accordingly, it is preferable that the position information acquisition process is continuously performed in substantially real time from step 2 to the process of step S10 described later.

In step S3, the control unit 11 causes the display unit 12 to display a predetermined message in order to make an authentication request using an IC card.
FIG. 3 shows an explanatory diagram of an embodiment of a message displayed on the display unit.
In step S3, for example, a message as shown in FIG.
The user who sees this display brings the IC card 3 owned by the user closer to the terminal TE.
By bringing the IC card 3 close to the terminal TE to a distance of about several centimeters, for example, communication between the IC card reading unit 17 and the communication unit 31 of the IC card 3 is established and stored in the ID storage unit 32 of the IC card 3. The existing user ID 33 is read.

By using the IC card 3, the input of characters and the like is omitted, the time required for authentication is shortened, and input errors of characters and symbols are prevented, so that the burden of the user's input operation can be reduced.
However, when the IC card 3 is not brought or when the user ID of the IC card 3 cannot be read well, the user himself / herself may input the user ID using a keyboard or the like, as in the past.

In step S4, the IC card reading unit 17 checks whether or not the IC card 3 is detected.
The detection process of the IC card 3 may be performed depending on whether a signal such as a user ID is received from the IC card 3, for example.
If the IC card 3 is detected, the process proceeds to step S5. If not, step S4 is looped.

In step S5, the user ID 33 is acquired from the IC card 3.
That is, when the IC card 3 is detected, data transmission / reception is performed between the IC card reading unit 17 and the communication unit 31 of the IC card 3, and the user ID 33 is transmitted from the communication unit 31 to the IC card reading unit 17. Is done.
During the period from step S5 to step S9, a message as shown in FIG. 3B may be displayed on the display unit 12.

In step S6, the user authentication unit 14 performs an authentication process for the acquired user ID.
Here, the acquired user ID 33 is compared with the user ID 21 stored in advance in the storage unit 20.

In step S7, if both user IDs match, the process proceeds to step S9, and if they do not match, the process proceeds to step S8.
In step S <b> 8, since the user IDs do not match, a message indicating that user authentication could not be performed is displayed on the display unit 12.
Thereafter, the process returns to step S2.
Alternatively, even if the user ID match check is repeatedly executed several times, if authentication continues to fail, the process proceeds to step S22 instead of step S8, and the power may be automatically turned off (OFF). .

In step S9, since the user IDs match and the user authentication is successful, a login process is performed.
In the login processing, for example, processing such as terminal activation and wireless communication setting is performed.
When the login process is completed, a display as shown in FIG. 3C may be displayed to indicate to the user that the authentication has been successful.

In step S <b> 10, the use permission determination unit 15 generates a use permission confirmation request and transmits it to the server SV <b> 5 via the communication unit 19.
Here, the use permission confirmation request is for inquiring of the server 5 about application programs that are permitted to be used by the user of the terminal TE.

This use permission confirmation request includes at least the user ID 21 and the current position 23.
When performing the processing from step S10 to step S12, for example, a message as shown in FIG.
The server 5 that has received the use permission confirmation request searches the information database 55 to obtain application information corresponding to the user ID, and transmits it to the terminal that has transmitted the confirmation request, as will be described later.

In step S11, it is checked whether application information (hereinafter also referred to as application information) sent from the server 5 has been received.
In step S12, when application information is received, it progresses to step S13, and when that is not right, step S11 is looped.

In step S <b> 13, information in the received application information is acquired and stored in the storage unit 20 as use permission information 24 corresponding to the user ID 21.
Here, since the received application information includes the paired position information and application name, this information is stored as use permission information 24.
When the application information is acquired, for example, a message as shown in FIG. 3 (e) may be displayed.

In step S <b> 14, the control unit 11 checks whether or not the user has input a request for starting a desired application program using the input unit 13.
For example, when a touch panel is used as the input unit 13, it is checked whether or not an icon corresponding to an application desired by the user is selected and input in a state where an application selection screen on which icons of a plurality of application programs are displayed is displayed. .

In step S15, if an activation request is input, the process proceeds to step 16, and if not, step 14 is looped.
In step S16, as in step S2, position information on the current position of the terminal TE is acquired. Since the user having the terminal TE may move, it is preferable to acquire the current position again.
The acquired position information is updated and stored as the current position 23.

In step S17, a start permission determination process for the application program requested to start is performed.
Here, the acquired current position 23 is compared with the position information in the use permission information 24 received and stored from the server, and the application name corresponding to the matched position information is the application program requested to start. Check whether or not.
That is, whether or not the application program requested to be activated is permitted for use by the user having the user ID 21, and the current position is within the range permitted to use the requested application program (usage permitted range). It is determined whether or not it is included.

  In step S18, if the application requested to be activated is an application that can be used by the user and the current position is within the use permission range, the process proceeds to step S19. Otherwise, the process proceeds to step S23.

In step S19, a message (use permission display) indicating that the application requested to start by the user can be used is displayed on the display unit 12.
FIG. 4 shows an example of a message displayed after an application program activation request.
In step S19, for example, a message as shown in FIG.

In step S20, the function execution unit 16 activates the application program requested to be activated by the user, and executes the application while displaying necessary information and the like.
If there is an input requesting that all applications be terminated in step S21, the process proceeds to step S22, and the terminal TE is turned off (OFF) when the application program is terminated.
On the other hand, if the application program is not terminated or another application program is started in step S21, the process returns to step S14.

If the current position is not within the permitted use range of the application program requested to be activated in step S18, or if the application program requested to be activated is not an application that can be used by the user, display is performed in step S23. Unusable display is performed on the unit 12. For example, a message as shown in FIG. 4B is displayed.
As a result, the user knows that the application program requested to start cannot be started at the current position.
In addition, in order to confirm the position where the user can use in FIG. 4B, the display portion “confirm use permission range” at the bottom of the screen is selected and input.
In step S24, it is checked whether or not a use confirmation input has been made by the input unit 13.
If the use confirmation input is made, the process proceeds to step 25, and if not, the process returns to step S14.

In step 25, if an input for confirming the use permission range is made, for example, a use permission range list as shown in FIG.
Here, a user ID (employee ID), an application name permitted for the user, and position information indicating a position where the application can be activated are displayed.
In the case of FIG. 4C, a user having a user ID of “0001” can use three application programs such as an inventory management application when in “Store A”, and is in “XXX Trading”. Indicates that it is possible to use three application programs such as an estimate application.

The user can know the usable position of the application that could not be activated by viewing the display as shown in FIG. 4C, and if the user wants to use it, the user can move to the displayed position.
After step S25, the process returns to step S14.

FIG. 6 shows a flowchart of an embodiment of search processing for a use permission list in the server.
In step S31, the control unit 51 of the server 5 checks whether or not the use permission confirmation request is received from the terminal TE by the communication unit 52.

If this request is received in step S32, the process proceeds to step S33, and if not, step S31 is looped.
In step S <b> 33, the user ID and the current position included in the received use permission confirmation request are acquired and temporarily stored in the storage unit 57 as reception information 58.

In step S <b> 34, the search unit 53 searches the user usage permission list 56 included in the information database 55.
Here, use permission information including a user ID that matches the received user ID is found.
The use permission information associated with the user ID that matches the received user ID is extracted from the user use permission list 56 as shown in FIG. 2, and the application includes the position information and the application name corresponding to the user ID. Get information.

If there are a plurality of pieces of use permission information with matching user IDs, all may be extracted.
Alternatively, when there are a plurality of extracted use permission information, only use permission information having position information indicating a position including the received current position may be acquired as application information.

In step S35, the control unit 51 generates transmission information 59 including the acquired application information, and transmits it to the mobile terminal TE that has transmitted the use permission confirmation request.
Then, it returns to step S31.

  With the above processing, since the authentication process is automatically performed only by the user performing an operation for bringing the IC card 3 close to the terminal TE, the burden on the user for authentication can be reduced and the authentication time can be shortened. it can.

  In addition, when the user makes a request to start an application program, it is determined whether or not the current position is a position where the application program can be used by using use permission information preset in the server, and the use is permitted. Since the application program is not executed at a position where the information is not displayed, information leakage due to peeping at the screen by an unspecified number of third parties can be prevented, and security can be improved.

As described above, in the embodiment shown in FIGS. 5 and 6, the case where the activation permission determination of the application program requested to be activated is performed by the terminal TE1 has been described.
However, this activation permission determination may be performed in the server SV5.
For example, when an application program is requested to start, determination request information including the name of the application program requested to start, the current position, and the user ID is transmitted to the server 5, and the activation determination unit 54 of the server 5 Using the received information, the user use permission list 56 in the information database 55 may be searched to determine whether or not the application program requested to be activated can be used at the current position.

  Here, the activation determination unit 54 matches the user ID included in the received determination request information with the name of the application program in each use permission information of the user use permission list 56 and is included in the determination request information. When there is use permission information belonging to the position information indicating the range in which the position information permits use of the application program, it is determined that the activation of the requested application program is permitted.

  In the case of determination by the server SV5, the determination result on whether or not the application program can be used is transmitted to the terminal TE1 that has transmitted the determination request information from the server SV5, and the function execution unit 16 of the terminal TE1 receives the determination Based on the result, the application program requested to be activated may be executed or prohibited.

<Appendix>
Additional notes are shown below.
(Additional remark 1) The input part which inputs the starting request | requirement of an application program, the positional information acquisition part which acquires the information of present position, the memory | storage part which memorize | stored previously the user ID which identifies a user, and a user using the said user ID A user authentication unit that performs authentication, an application program that can be used by the user specified by the user ID that has succeeded in the user authentication, and position information that indicates a range in which use of the application program is permitted are associated in advance. When usage permission information is acquired from a server and a startup request for a predetermined application program is input by the input unit, execution of the application program requested to start is permitted based on the acquired usage permission information. A use permission determination unit that determines whether or not the above may be permitted, and the execution is permitted A function execution unit that executes the received application program, wherein the use permission determination unit is a usable application program in which the activation requested application program is included in the use permission information, and the position information acquisition unit An information processing apparatus that permits execution of the application program requested to be started when the current position acquired by the step is included in position information indicating a range in which use of the application program is permitted.
(Additional remark 2) The IC card reading part which receives the user ID previously stored in the IC card by wireless communication is further provided, and the user authentication part receives the user ID stored in the storage part in advance and the received The information processing apparatus according to appendix 1, wherein when the user IDs are compared with each other and the user IDs match, the user authentication is determined to be successful.
(Supplementary Note 3) The wireless communication between the IC card and the IC card reading unit is short-range wireless communication established when the distance from the IC card approaches within a predetermined value. The information processing apparatus described in 1.
(Appendix 4) An application use permission determination system in which one or a plurality of information processing devices and a server are connected via a network, wherein the information processing device inputs an application program activation request, A location information acquisition unit that acquires location information, a storage unit that stores a user ID that identifies a user in advance, a user authentication unit that performs user authentication using the user ID, and execution of the application program requested to start And a function execution unit that executes an application program that is permitted to be executed. The server is specified by a user ID and the user ID. Allow the user to use application programs that can be used An information database storing use permission information in advance associated with position information indicating a range; and a search unit, wherein the use permission determination unit issues a use permission confirmation request including a user ID that has succeeded in the user authentication. Information processing that has been transmitted to the server, and the search unit of the server has acquired the use permission information corresponding to the user ID included in the received use permission confirmation request from the information database, and has transmitted the use permission confirmation request When a request for starting an application program is input by the input unit, the use permission determining unit is an application program included in the received use permission information. The current position acquired by the position information acquisition unit is included in the received use permission information. If it belongs to a range indicated by Murrell position information, application use permission determination system and permits the execution of the activation requested application program.
(Additional remark 5) The said server is further provided with the starting determination part which determines whether the starting of the application program requested | required starting is permitted, The said information processing apparatus is acquired by the user ID and the said positional information acquisition part. The determination request information including the current position information and the name of the application program requested to be activated is transmitted to the server, and the activation determination unit receives the determination request information received in the use permission information of the information database. When there is use permission information that matches the user ID included in the name of the application program and the current position information included in the determination request information belongs to position information indicating a range in which the application program is permitted to be used. Determining that the activation of the requested application program is permitted, and determining The determination result is transmitted to the information processing apparatus that has transmitted the information, and the function execution unit causes the application program requested to start to be executed based on the received determination result. App use permission judgment system.

1 Mobile terminal TE
3 IC card 4 Network 5 Server SV
11 Control unit 12 Display unit 13 Input unit (touch panel)
14 User Authentication Unit 15 Use Permission Determination Unit 16 Function Execution Unit 17 IC Card Reading Unit 18 Location Information Acquisition Unit 19 Communication Unit 20 Storage Unit 21 User ID
22 Application 23 Current position 24 Use permission information 31 Communication unit 32 ID storage unit 33 User ID
51 Control Unit 52 Communication Unit 53 Search Unit 54 Activation Determination Unit 55 Information Database 56 User Use Permission List 57 Storage Unit 58 Reception Information 59 Transmission Information

Claims (5)

An input unit for inputting an application program start request;
A location information acquisition unit for acquiring current location information;
A storage unit that stores in advance a user ID for identifying a user;
A user authentication unit that performs user authentication using the user ID;
Use permission information in which an application program that can be used by a user specified by the user ID that has been successfully authenticated by the user and location information that indicates a range in which the use of the application program is permitted is associated in advance is acquired from the server. When a predetermined application program activation request is input by the input unit, it is determined based on the obtained use permission information whether or not execution of the requested application program may be permitted. A permission determination unit to perform,
A function execution unit that executes the application program permitted to execute,
The use permission determination unit executes the application program requested to be activated when the current position acquired by the position information acquisition unit is included in position information indicating a range in which use of the application program is permitted. An information processing apparatus characterized by permitting. An IC card reader that receives a user ID stored in advance in the IC card by wireless communication;
The user authentication unit compares the user ID stored in advance in the storage unit with the received user ID and determines that the user authentication is successful when both user IDs match. The information processing apparatus according to claim 1.   The wireless communication between the IC card and the IC card reader is short-range wireless communication that is established when the distance from the IC card approaches within a predetermined value. Information processing device. An application use permission determination system in which one or a plurality of information processing devices and a server are connected via a network,
The information processing apparatus, an input unit for inputting an application program activation request;
A location information acquisition unit for acquiring current location information;
A storage unit that stores in advance a user ID for identifying a user;
A user authentication unit that performs user authentication using the user ID;
A use permission determination unit that determines whether or not the execution of the requested application program may be permitted;
A function execution unit that executes an application program permitted to be executed,
The server stores use permission information in which a user ID, an application program that can be used by a user specified by the user ID, and position information indicating a range in which the use of the application program is permitted are associated in advance. An information database and a search unit;
The use permission determination unit transmits a use permission confirmation request including a user ID that has succeeded in the user authentication to a server,
The search unit of the server acquires the use permission information corresponding to the user ID included in the received use permission confirmation request from the information database, and transmits the information to the information processing apparatus that has transmitted the use permission confirmation request.
When a request for starting an application program is input by the input unit, the use permission determining unit is an application program included in the received use permission information for the application program requested to start, and the position information acquisition is performed. When the current position acquired by the unit belongs to the range indicated by the position information included in the received use permission information, the application use permission determination is permitted to execute the application program requested to start system. The server further includes a start determination unit that determines whether to allow start of the application program requested to start;
The information processing apparatus transmits determination request information including a user ID, information on a current position acquired by the position information acquisition unit, and a name of an application program requested to be activated to a server,
In the use permission information of the information database, the activation determination unit matches the user ID included in the received determination request information and the name of the application program, and the current position information included in the determination request information includes the application. When there is use permission information belonging to the position information indicating a range in which the use of the program is permitted, it is determined that the activation of the requested application program is permitted,
Send the determination result to the information processing apparatus that has transmitted the determination request information,
The application use permission determination system according to claim 4, wherein the function execution unit causes an application program requested to be activated to be executed based on the received determination result.