JP2014186585A - Content providing method, server and program of terminal - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a content providing method, a server and a program of a terminal which can provide content for the terminal of a general user from the server, under the condition that a screenshot function of the terminal is prohibited.SOLUTION: Content including link information of second servers 16 and 17 is transmitted to a terminal 12 from a first server 14. When the link information is selected in the terminal 12, a first configuration profile enclosing an electronic certificate is transmitted to the terminal 12 from the first server 14, and a screenshot function is prohibited in the terminal 12. When the electronic certificate is stored in the terminal 12, URLs of the second servers 16 and 17 are transmitted to the terminal 12 from the first server 14. When the URLs are accessed and content acquired from the second servers 16 and 17 is displayed on a display 12a, the screenshot function is prohibited in the terminal 12.

Description

  The present invention relates to a content providing method, a server, and a terminal program. More specifically, the present invention relates to a technique for prohibiting storage, copying, and the like on a terminal for content distributed on the Internet.

  Conventionally, various methods for prohibiting storage, copying, and the like of content displayed on a terminal display have been proposed. For example, when an MDM (Mobile Device Managements) server is used, the state of the terminal can be managed from the MDM server, and operations of the terminal such as access to and storage of data can be prohibited by operations from the MDM server (for example, Patent Document 1).

JP 2011-145772 A

  The terminal is equipped with a screen shot function for saving the screen display displayed on the terminal display as image data.

  The function of the terminal can be set by installing a configuration profile on the terminal. When a company centrally manages business terminals, the functions of the terminals can be freely set from the MDM server. However, a terminal used by a general user cannot manage terminal functions with the MDM server.

  In order to prohibit the screen shot function in a terminal used by a general user, it is necessary for the user of the terminal to operate and install a configuration profile in the terminal. However, it is not easy for a general user to perform the operation of installing the configuration profile on the terminal.

  Since the screen shot function is convenient, the OS (basic software) of the terminal is designed so that the screen shot function is not easily prohibited. Therefore, it is considered impossible to prohibit the screen shot function of the terminal by an application installed on the terminal. For example, an application installed on a terminal can detect a normal button operation, but cannot detect simultaneous operation of a plurality of buttons when executing the screen shot function. Also, image data saved by the screen shot function cannot be accessed or rewritten from the application.

  Therefore, it is difficult to provide content such as content including personal information and content requiring copyright protection to the general user terminal from the server on the condition that the screen shot function of the terminal is prohibited.

  In view of such circumstances, the present invention provides a content providing method, a server, and a terminal program capable of providing content from a server to a general user terminal on the condition that the screen shot function of the terminal is prohibited. It is something to try.

  In order to solve the above problems, the present invention provides a content providing method configured as follows.

  The content providing method includes: (i) a first step in which content including link information to the second server is transmitted from the first server to the terminal, and the link information is displayed on the display of the terminal; ii) When the terminal is operated to select the link information displayed on the display, an electronic certificate is bundled with the terminal from the first server and the screen shot function of the terminal is prohibited. A first configuration profile including first information for setting is transmitted, and based on the first configuration profile, the screech function of the terminal is set to be prohibited and the first configuration profile is A second step stored in the terminal as function setting information of the terminal; and (iii) when the electronic certificate is stored in the terminal, A third step in which the URL of the second server is transmitted from the first server to the terminal; and (iv) the terminal accesses the URL and acquires content from the second server. And a fourth step of displaying the content on the display. In the fourth step, the scree shot function of the terminal is prohibited.

  In the above method, since the electronic certificate is bundled with the first configuration profile, when the first configuration profile is deleted at the terminal, the electronic certificate is also deleted. Therefore, the presence or absence of the first configuration profile can be determined based on the presence or absence of the electronic certificate.

  Regarding the configuration profile stored in the terminal, the settings of the terminal function included in the configuration profile cannot be referred to unless special authority is given, but the electronic certificate stored in the terminal You can refer to it without authorization. Therefore, by referring to the electronic certificate stored in the terminal, it can be easily determined whether or not the function of the terminal is set based on the first configuration profile.

  According to the above method, the function of the terminal can be easily set by the first configuration profile, and the screen shot function of the terminal cannot be used while browsing the second server.

  Preferably, when the terminal is requested to end or pause the fourth step, the first server includes the second information for setting the screen shot function of the terminal to be permitted. The method further includes a fifth step in which a second configuration profile is transmitted and the screeshot function of the terminal is set to be permitted based on the second configuration profile.

  In this case, the setting of the screen shot function of the terminal can be easily returned from prohibition to permission.

  The present invention also provides a server configured as follows.

  The server includes: (a) a first configuration profile transmission unit that transmits a first configuration profile that includes first information that includes a digital certificate included in the terminal and sets the screen shot function of the terminal to be prohibited. And (b) a determination unit that determines the authenticity of an electronic certificate received from the terminal, and (c) when the determination unit determines that the electronic certificate received from the terminal is authentic, A URL transmission unit that transmits to the terminal a URL of a content server that transmits the content on the condition that the screen shot function of the terminal is prohibited.

  According to the above configuration, when content is transmitted from the content server to the terminal, the screen shot function of the terminal can be set to be prohibited.

  Preferably, the apparatus further includes a second configuration profile transmission unit configured to transmit a second configuration profile including second information for setting the screen shot function of the terminal to permission.

  In this case, the setting of the screen shot function of the terminal can be easily returned from prohibition to permission.

  The present invention also provides a terminal program configured as follows.

  The program of the terminal receives, on the terminal, (i) content including link information from the first server to the second server, and displays the link information on the display of the terminal; ii) When an operation for selecting the link information displayed on the display is performed, a first certificate is provided from the first server for enclosing an electronic certificate and prohibiting the screen shot function of the terminal. Receiving a first configuration profile including information, setting the screen shot function of the terminal to be prohibited based on the first configuration profile, and setting the first configuration profile to the terminal as function setting information of the terminal. A second step of storing, and (iii) when the electronic certificate is stored in the terminal, from the first server to the second server A terminal for executing a third step of receiving RL, and (iv) a fourth step of accessing the URL, acquiring content from the second server, and displaying the content on the display It is a program.

  The terminal program may be configured such that the terminal's screen shot function is disabled when the fourth step is executed.

  Preferably, the terminal program permits the terminal to allow the terminal server to perform the screen shot function of the terminal when (v) detecting an operation of ending or pausing the fourth step at the terminal. A second configuration profile including second information for setting is received, and a fifth step of setting the screen shot function of the terminal to permission based on the second configuration profile is further executed.

  In this case, when the browsing of the content from the second server is ended or paused at the terminal, the setting of the screen function of the terminal can be easily returned from prohibition to permission.

  According to the present invention, content can be provided from a server to a general user terminal on the condition that the screen shot function of the terminal is prohibited.

It is a block diagram which shows the whole structure of a content provision system. Example 1 It is a functional block diagram of a 1st server. Example 1 It is explanatory drawing which shows the structure of a structure profile. Example 1 It is explanatory drawing which shows the information of a structure profile. Example 1 It is a description example of a configuration profile. Example 1 It is a processing sequence diagram. Example 1 It is a processing sequence diagram. (Example 2) It is a functional block diagram of a 1st server. (Example 2)

  Hereinafter, embodiments of the present invention will be described with reference to FIGS.

  <Example 1> The content provision system 10 of Example 1 is demonstrated, referring FIGS.

  FIG. 1 is a block diagram showing the overall configuration of the content providing system 10. As shown in FIG. 1, a content providing system 10 includes a terminal 12 having a display 12a, a first server 14, and second servers 16 and 17 via a communication network 18 such as a mobile phone or the Internet. Connected. For simplicity, one terminal 12 and one first server 14 are illustrated, but a plurality of terminals may be provided. The number of the second servers 16 and 17 may be one or three or more. Further, the functions of the servers 14, 16, and 17 may be distributed to a plurality of servers.

  The terminal 12 is a smartphone (for example, iPhone 4s, iPhone 5) whose basic operation environment is managed by basic software (for example, iOS 4.0 or later). The first and second servers 14, 16, and 17 provide Web content (hereinafter also simply referred to as “content”) to the terminal 12.

  A dedicated application (for example, a calendar application that manages schedules and schedules) is installed in the terminal 12. The terminal 12 acquires content from the first and second servers 14, 16, and 17 via the dedicated application, and displays the acquired content on the display 12a.

  The second servers 16 and 17 are content servers that transmit content to the terminal 12 on the condition that content copying and storage are prohibited at the terminal, such as prohibition of the screen shot function of the terminal.

  That is, when the terminal 12 receives content from the second servers 16 and 17, the terminal 12 is prohibited from copying or storing content in the terminal 12 by the dedicated application installed in the terminal 12. Specifically, in the terminal 12, (a) a copy function for copying character information displayed on the display 12a of the terminal 12, and (b) a screen display displayed on the display 12a of the terminal 12 is saved as image data. (C) an external display function that displays the same screen as the display 12a of the terminal 12 on the external monitor is prohibited.

  When the dedicated application acquires content from the second servers 16 and 17 and displays the content on the display 12a, for example, the copy function of the terminal 12 is prohibited by the following processing. That is, when a character displayed on the display 12a of the terminal 12 is selected, a menu display for selecting a process (save, paste, etc.) for the selected data is usually displayed on the display 12a. The dedicated application prohibits the copy function of the terminal 12 by preventing this menu display from being displayed on the display 12 a of the terminal 12.

  In addition, when the dedicated application acquires content from the second servers 16 and 17 and displays the content on the display 12a, for example, the external display function of the terminal 12 is prohibited by the following processing. That is, when the same image data as the image displayed on the display 12a is transmitted from the terminal 12 to the external monitor via a cable connected to the connector of the terminal 12 or wireless communication with the terminal 12, the dedicated application is The external display function of the terminal 12 is prohibited by replacing the transmitted image data with another image data (for example, image data corresponding to a white screen).

  Further, when the dedicated application acquires content from the second servers 16 and 17 and displays the content on the display 12a, for example, the screen shot function of the terminal 12 is prohibited by the following processing. That is, before the content is acquired from the second servers 16 and 17 and displayed on the display 12a, the dedicated application downloads the configuration profile prohibiting the screen shot function from the first server 14 and installs it in the terminal 12 in advance. As a result, the screen shot function of the terminal 12 is prohibited.

  FIG. 2 is a functional block of the first server 14. As shown in FIG. 2, the first server 14 includes a first configuration profile transmission unit 14a, a determination unit 14b, and a URL transmission unit 14c. The first configuration profile transmission unit 14a transmits, to the terminal, a first configuration profile that includes first information for enclosing an electronic certificate and setting the screen shot function of the terminal to be prohibited. The determination unit 14b determines the authenticity of the electronic certificate received from the terminal. The URL transmitting unit 14c transmits the URL of the second server to the terminal when the determining unit 14c determines that the electronic certificate received from the terminal is authentic.

  Next, the operation of the content providing system 10 will be further described with reference to FIGS.

(1) First Step When a dedicated application is activated on a terminal and a predetermined operation is performed on the terminal, the terminal requests content from the first server, and the first server sends the terminal to the second server. Content including the link information (a banner with a link to the second server, a pop-up, etc.) is transmitted. The terminal displays the received content on the display of the terminal.

(2) Second Step Next, when the dedicated application detects that an operation for selecting link information displayed on the display is performed on the terminal, the terminal communicates with the first server, and the first server A first configuration profile including first information for setting the terminal screen shot function to be prohibited is transmitted to the terminal. The first configuration profile includes an electronic certificate. The dedicated application sets the terminal's screen shot function to be prohibited based on the first configuration profile, and stores the first configuration profile in the terminal as function setting information of the terminal.

  FIG. 3 is an explanatory diagram showing the configuration of the configuration profile 20. As shown in FIG. 3, an electronic certificate 26 is included in the configuration profile 20. That is, the configuration profile 20 includes a description 22 for setting the function of the terminal 12 and an electronic certificate 26 necessary for authentication with the first server 14. The description 22 for setting the function of the terminal 12 includes a description 24 for prohibiting the screen shot function. The dedicated application is detected based on the presence or absence of the electronic certificate 26 stored in the terminal 12.

  FIG. 4 is an explanatory diagram showing information on the configuration profile. As shown in FIG. 4, the configuration profile includes records # 1 to # 4 in which items and their contents are paired. Items include payload identification name, screen shot permission, password, and payload certification file name.

  FIG. 5 shows a description example of the configuration profile. As shown in FIG. 5, the configuration profile is XML-formatted data, and electronic certificate data 27 is included as one of the keys of the payload.

  A specific operation in the second step will be described with reference to FIG. FIG. 6 is a processing sequence diagram.

  As shown in FIG. 6, when an operation for selecting link information displayed on the display is performed on the terminal, the dedicated application 11 installed on the terminal communicates with the first server 14 via SSL. , The standard browser 13 included in the OS (basic software) of the terminal is activated, and the standard browser 13 appears on the front and the dedicated application 11 is hidden in the background on the display of the terminal.

  When the dedicated application 11 cannot detect that the electronic certificate is stored in the terminal, the dedicated application 11 displays a download screen for requesting permission to download the configuration profile on the terminal display. Next, when the dedicated application 11 detects that an operation for permitting downloading of the configuration profile (for example, tapping a permission icon on the download screen) has been performed on the terminal, the first server 14 is connected via the standard browser 13 in S102. Request transmission of the first configuration profile. At the same time, information for identifying the terminal and information for identifying the second server for which the link information is selected may be transmitted to the first server 14. Next, in S104, the first server 14 transmits to the standard browser 13 the first configuration profile including the first information bundled with the electronic certificate and including the first information for setting the screen shot function of the terminal to be prohibited. . Next, in S106, the standard browser 13 saves the first configuration profile in the terminal and starts the installer included in the OS of the terminal to start the terminal based on the first information included in the first configuration profile. Set the function. Note that the first configuration profile may be stored in the terminal in an encrypted state and decrypted by the dedicated application 11.

  The first configuration profile is automatically installed in the terminal only once the operation for permitting download is performed. Since the operation of the terminal by the user can be reduced, the usability is excellent.

(3) Third Step Next, the dedicated application receives a URL with a password for accessing the second server from the first server 14 when the electronic certificate is stored in the terminal.

  Specifically, as shown in FIG. 6, in S108, the standard browser 13 transmits request data attached with electronic certificate data bundled with the configuration profile to the first server 14 for authentication. Request. Next, when the first server 14 confirms that the data of the received electronic certificate is authentic, the first server 14 sets a URL scheme with a password for accessing the second server 16 in S110. To the standard browser 13. Next, in S112, the standard browser 13 hands over the password-added URL scheme to the dedicated application 11, stops the activation, and the dedicated application 11 appears on the front of the terminal display.

(4) Fourth Step Next, the terminal accesses the URL, acquires content from the second server, and displays the acquired content on the display. At this time, the screen shot function of the terminal is set to be prohibited.

  Specifically, as illustrated in FIG. 6, in S <b> 114, the dedicated application 11 accesses the delivered URL-added URL scheme and transmits a web content request to the second server 16. Next, the second server 16 determines the received request, and transmits the WEB content corresponding to the request to the terminal 12 in S116. Thereafter, the processes of S114 and S116 are repeated according to the operation at the terminal.

  In the fourth step, if the login process is first performed, the security is improved. For example, when S114 is executed for the first time and the dedicated application 11 transmits the first request, in S116, the second server 16 sends content for login (for example, a member number and password input screen) to the dedicated application 11. Send.

  In the fourth step, the dedicated application 11 prohibits the copy function and the external display function of the terminal.

  If the electronic certificate is already stored in the terminal 12, after the standard browser is started in S100, the processing for installing the configuration profile (S102, S104, S106) is skipped, and the processing after S108 is executed. To do.

  The first configuration profile includes an electronic certificate. When the configuration profile is deleted, the electronic certificate bundled with the configuration profile is also deleted. When the configuration profile is deleted, the terminal screenshot is not disabled. At this time, since the electronic certificate is also deleted, the terminal cannot receive the URL for accessing the second server from the first server. Therefore, the terminal cannot acquire content from the second server.

  Therefore, the terminal can acquire content from the second server only when the configuration profile is installed in the terminal and the screen shot function of the terminal is limited.

  When a dedicated application is used, functions such as storage and copying of content acquired from the second server can be restricted in a terminal in which the dedicated application is installed. The dedicated application can be installed on a terminal used by general users.

  During the process of displaying the content transmitted from the second server on the display of the terminal (S114 and S116 in FIG. 6), the terminal performs a sleep operation for hiding the dedicated application in the background or stops the dedicated application. When it is detected that the shutdown operation to be performed is performed, it is preferable that the dedicated application performs a process of erasing all data in the terminal cookie and the cache before entering the sleep state or before being shut down. The dedicated application preferably executes the processing from S100 of FIG. 6 when returning after sleep or when restarting after shutdown. By these processes, the content provided from the second server can be prevented from flowing out after the sleep operation or the shutdown operation.

  The same processing is performed when the terminal 12 is operated to access a link to another second server 17. In this case, it is preferable that the electronic certificate included in the configuration profile is different for each of the second servers 16 and 17 in order to ensure security.

  The OS of the terminal does not allow reference to the setting contents of the terminal function included in the configuration profile unless a special authority is given to the configuration profile stored in the terminal. However, the electronic certificate stored in the terminal can be referenced without special authority. Therefore, by referring to the electronic certificate stored in the terminal, it can be easily determined whether or not the function of the terminal is set based on the first configuration profile.

  If a dedicated application is installed on the terminal of a general user, the terminal function can be easily set so that the terminal screen shot function cannot be used while browsing the second server.

  <Example 2> The content provision system of Example 2 is demonstrated referring FIG.7 and FIG.8.

  The content providing system according to the second embodiment is configured in substantially the same manner as the content providing system according to the first embodiment. In the following, the same reference numerals are used for the same components as in the first embodiment, and differences from the first embodiment will be mainly described.

  As in the first embodiment, when the content providing system according to the second embodiment browses the second server with the dedicated application, the terminal is prohibited from using the screen shot function by the first configuration profile. If the first configuration profile is stored in the terminal as it is, the terminal remains in a state where the screen shot function is prohibited even after the dedicated application is terminated.

  In this case, if the user of the terminal operates the terminal and deletes the configuration profile from the setting screen, the prohibition of the screen shot function can be canceled. However, if it is necessary for the user of the terminal to delete the configuration profile, the usability is not good.

  Therefore, in the second embodiment, when the terminal is requested to end or pause the fourth step, the second configuration profile is transmitted from the first server to the terminal, and the terminal is configured based on the second configuration profile. A fifth step is executed in which the scree shot function is set to enable.

  Specifically, as illustrated in the sequence diagram of FIG. 7, when the dedicated application 11 detects that an operation for ending or pausing the browsing of the second server is performed on the terminal, the standard application is started in S200, A reset screen for requesting permission to download the second configuration profile is displayed on the display of the terminal. Next, when the dedicated application 11 detects that an operation for permitting the download of the second configuration profile is performed on the terminal (for example, tapping the permission icon on the reset screen), the first application 11 is connected via the standard browser 13 in S202. The second request is transmitted to the server 14. Next, in S <b> 204, the first server 14 transmits a second configuration profile including second information for setting the screen shot function to permission, to the standard browser 13. Next, in S206, the dedicated application 11 overwrites and saves the downloaded configuration profile in the terminal, starts an installer included in the OS of the terminal, and based on the second information included in the second configuration profile , Set the screen shot function of the device to allow.

  In S200 to S206, the user of the terminal can cancel the prohibition of the screen shot function by operating the terminal only once. In this case, it is easier to use than when the user himself / herself operates the terminal to delete the first configuration profile.

  FIG. 8 is a functional block diagram of the first server 14x according to the second embodiment. As shown in FIG. 8, the first server 14x further includes a second configuration profile transmission unit 14d. The second configuration profile transmission unit 14d transmits to the terminal a second configuration profile including second information for setting the screen shot function of the terminal to be permitted.

  <Summary> As described above, if the dedicated application is installed in the terminal, the second server can use the personal information on the condition that the screen shot function of the terminal is prohibited on the terminal of the general user. Content such as content including content or content requiring copyright protection can be provided.

  In addition, the load on the second server is reduced by the first server. That is, the prohibition of the screen shot function of the terminal is realized by the processing of the first server, and no special processing is required in the second server. Further, when the dedicated application of the terminal is upgraded, only the first server needs to be maintained, and the maintenance of the second server can be made unnecessary.

  The present invention is not limited to the above embodiment, and can be implemented with various modifications.

DESCRIPTION OF SYMBOLS 10 Content provision system 11 Dedicated application 12 Terminal 12a Display 13 Standard browser 14, 14x 1st server 14a 1st structure pre-file transmission part 14b Judgment part 14c URL transmission part 14d 2nd structure profile transmission part 16, 17 2nd Server (content server)
18 Communication Network 20 Configuration Profile 22, 24 Description 26 Electronic Certificate 27 Data

Claims (6)

A first step in which content including link information to the second server is transmitted from the first server to the terminal, and the link information is displayed on the display of the terminal;
In the terminal, when an operation for selecting the link information displayed on the display is performed, an electronic certificate is bundled from the first server to the terminal, and the screen shot function of the terminal is prohibited. A first configuration profile including first information for the terminal is transmitted, and based on the first configuration profile, the screen shot function of the terminal is set to be prohibited, and the first configuration profile is A second step stored in the terminal as function setting information;
A third step in which the URL of the second server is transmitted from the first server to the terminal when the electronic certificate is stored in the terminal;
A fourth step in which the terminal accesses the URL, acquires content from the second server, and displays the content on the display;
With
The content providing method according to the fourth step, wherein in the terminal, the screen shot function is set to be prohibited.   When the terminal is requested to end or pause the fourth step, the second server includes the second information for setting the terminal screen shot function to permission from the first server to the terminal. The content provision according to claim 1, further comprising a fifth step in which a configuration profile is transmitted and a screeshot function of the terminal is set to be permitted based on the second configuration profile. Method. A first configuration profile transmission unit that transmits a first configuration profile that includes first information that is bundled with an electronic certificate and that disables the screen shot function of the terminal;
A determination unit for determining the authenticity of the electronic certificate received from the terminal;
URL of a content server that transmits content to the terminal when the determination unit determines that the electronic certificate received from the terminal is authentic, on condition that the screen shot function of the terminal is prohibited A transmission unit;
A server comprising:   The apparatus further comprises a second configuration profile transmission unit configured to transmit a second configuration profile including second information for setting the screen shot function of the terminal to permission, to the terminal. Item 4. The server according to item 3. On your device,
A first step of receiving content including link information to the second server from the first server and displaying the link information on the display of the terminal;
When an operation for selecting the link information displayed on the display is performed, the first information from the first server is bundled with an electronic certificate and the screen shot function of the terminal is prohibited. Receiving the first configuration profile including the terminal, setting the screen shot function of the terminal to be prohibited based on the first configuration profile, and storing the first configuration profile in the terminal as function setting information of the terminal A second step;
A third step of receiving a URL of the second server from the first server when the electronic certificate is stored in the terminal;
A fourth step of accessing the URL, acquiring content from the second server, and displaying the content on the display;
Terminal program to execute In the terminal,
A second configuration profile including second information for setting the screen shot function of the terminal to be permitted from the first server when an operation to end or pause the fourth step is detected in the terminal; The terminal software according to claim 5, further comprising: executing a fifth step of setting the screen shot function of the terminal to permission based on the second configuration profile. .

Images