JP2018097898A - Information processing apparatus, information processing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing apparatus capable of suppressing consumption of a storage area of an application program without urging an operation of a user.SOLUTION: An information processing apparatus includes: a storage part for storing an application resource and runtime of an application program; a memory management part for generating a process space in a memory for every start instruction of the application program; a runtime reading part for reading the runtime in the process space; an application resource reading part for reading the application resource in the process space in which the runtime is read; a process generation part for generating a process of the application program on the basis of the application resource and the runtime read in the process space; and a process execution part for executing the process of the application program.SELECTED DRAWING: Figure 5

Description

  The disclosed technology relates to an information processing apparatus, an information processing method, and a program.

  In recent years, with the enhancement of 3G / LTE (Long Term Evolution) / hotspots, an environment in which an information processing apparatus such as a smartphone can be always connected to a network has been established.

  Taking advantage of such an environment, an information processing system has been developed in which an application program is distributed from an application server (application store) to an information processing apparatus at a necessary timing and executed by the information processing apparatus. An information processing system has also been developed that provides an application program registered in an application server to an information processing apparatus in response to a request from a user. In the system, the information processing apparatus downloads an application program distributed from the application server and installs it in, for example, a flash memory.

JP 2010-182309 A

  By the way, the application program includes a format that can be directly interpreted / executed by the OS (Operating System) (called a native application), a runtime that can be directly interpreted / executed by the OS, and a resource that can be interpreted by the runtime. There is something (called a hybrid app) that consists of The resource referred to here is a program described in, for example, HTML or Java (registered trademark) script. An example of a hybrid application is PhoneGap. Since the hybrid application does not depend on the OS for the resource part, there is an advantage that a developer can easily create an application program that operates on different OSs by replacing only the runtime depending on the OS.

  When such a hybrid application is distributed to an information processing apparatus that operates a specific OS, the runtime and resources corresponding to the target OS are usually compiled and converted into the native application format of the target OS. Distribute things.

  However, when a plurality of types of hybrid apps are installed in the same information processing apparatus, the same runtime is included in all hybrid apps, so that a large amount of storage space is consumed. Also, depending on the OS, when installing a native application, a screen that prompts the user for consent is displayed, and a user operation is required. For example, in Android, when an application is installed, a screen asking whether to allow use of a device (GPS, acceleration sensor, etc.) used by the application is displayed, and the application program is installed only after the user presses the consent button. Can do. This is a meaningful method in terms of security in order to prevent malicious application programs from being installed, but it requires user operations, so there is a problem in that it is difficult to use in a system that performs many installation operations. is there. Since a general hybrid application is distributed after being converted into a native application format, it has the same problem.

  Therefore, when considering a system that automatically installs and executes many hybrid applications, there are problems in terms of inefficient consumption of storage areas and usability due to an increase in user operations.

  The disclosed technology provides an information processing apparatus capable of suppressing consumption of an application program storage area without prompting a user operation.

  According to one aspect of the disclosed technology, a storage unit that stores a plurality of application resources for a plurality of different application programs and a runtime used for each of the plurality of application resources, and each application included in the plurality of different application programs For each program start instruction, a memory management unit that generates a plurality of process spaces corresponding to each of the application programs in a memory, a runtime reading unit that reads the runtime into each of the plurality of process spaces, Each application resource corresponding to an application program is read into the corresponding process space among the plurality of process spaces loaded with the runtime, and loaded into each of the plurality of process spaces. A process generation unit that generates the process of each application program from the application resource and the runtime, and a process execution unit that executes the process of each application program generated on the plurality of process spaces, the runtime Is a native application program that can be interpreted and executed by an operating system, and each of the plurality of application programs is a hybrid application program that includes the runtime and resources that the runtime can interpret. An information process that generates a confirmation display to the user when downloading the application, and does not execute the generation process of the confirmation display when downloading the plurality of application resources. Apparatus is provided.

  According to the disclosed technology, it is possible to suppress consumption of the storage area of the application program without prompting the user to operate.

1 is a schematic diagram of an information processing system according to an embodiment. It is the schematic of the hardware constitutions of the portable terminal concerning one Embodiment. It is the schematic of the hardware constitutions of the application server concerning one Embodiment. It is a schematic diagram of the application program concerning one Embodiment. It is the schematic of the functional block of the portable terminal concerning one Embodiment. It is a schematic diagram of the access right table concerning one Embodiment. It is the schematic of the functional block of the application server concerning one Embodiment. It is a flowchart of the download of the application resource by CPU of the portable terminal concerning one Embodiment. It is a flowchart of execution of the application by CPU of the portable terminal concerning one Embodiment. It is a schematic diagram for demonstrating the access restriction to the file stored in the storage part concerning one Embodiment. It is a schematic diagram for demonstrating the access restriction to the file stored in the storage part concerning one Embodiment. It is the schematic of the information processing system concerning the modification of one Embodiment.

  Hereinafter, an embodiment will be described with reference to the drawings.

  FIG. 1 is a schematic diagram of an information processing system according to an embodiment.

  As shown in FIG. 1, the information processing system according to the present embodiment includes a mobile terminal 100 and an application server 200. The mobile terminal 100 and the application server 200 are connected to each other via a network 300. The mobile terminal 100 implements an application (application) by executing an application resource using the runtime as an execution environment. Hereinafter, “application (application)” will be described as a function realized by the CPU 101 executing an application program.

(Hardware configuration of portable terminal 100)
FIG. 2 is a schematic diagram of a hardware configuration of the mobile terminal 100 according to the embodiment.

  In the present embodiment, as the mobile terminal 100, for example, a smartphone or a tablet PC (Personal Computer) is assumed.

  As shown in FIG. 2, a mobile terminal 100 according to the present embodiment includes a CPU (Central Processing Unit) 101, a main memory 102, an auxiliary memory 103, an RF (Radio Frequency) circuit 104, an antenna 105, an LCD (Liquid Crystal Display). 106, a touch screen 107, and various sensors 108.

  The CPU 101, the main memory 102, the auxiliary memory 103, the RF circuit 104, the LCD 106, the touch screen 107, and various sensors 107 are connected to each other by a bus B1, for example.

  The CPU 101 controls various hardware of the mobile terminal 100. Further, the CPU 101 implements various functions by reading various programs stored in the auxiliary memory 103 into the main memory 102 and executing the various programs loaded into the main memory 102. Details of the various functions will be described later.

  The main memory 102 stores various programs executed by the CPU 101. Further, the main memory 102 is used as a work area for the CPU 101 and stores various data necessary for processing by the CPU 101. As the main memory 102, for example, a RAM (Random Access Memory) may be used.

  The auxiliary memory 103 stores various programs for operating the mobile terminal 100. As various programs, for example, an application program 1000 executed by the CPU 101, an application manager 1500, a key manager 1600, an OS 1100 as an execution environment thereof, application resources 1200a and 1200b downloaded from the application server 200, a runtime 1300, and the like are stored. The Furthermore, application programs downloaded from the application server 200 may be stored as various programs.

  The type of the OS 1100 is not particularly limited, but Android (registered trademark) is used in the present embodiment. The OS 1100 is executed by the CPU 101 to realize a memory management unit 112, a runtime reading unit 113, a process execution unit 117, and an access management unit 118, which will be described later.

  The runtime 1300 is a so-called native app that can be directly interpreted and executed by the OS 1100 and is compiled with the app resources 1200a and 1200b to constitute a so-called hybrid app. The runtime 1300 is executed by the CPU 101 to realize an application resource reading unit 114 and a process generation unit 116 described later. Furthermore, the runtime 1300 includes an I / O driver 1300D. The I / O driver 1300D is executed by the CPU 101 to realize a decryption unit 115 described later. In this embodiment, the I / O driver 1300D is included in the runtime 1300, but the present invention is not limited to this.

  The application manager 1500 includes a launcher 1500a and a downloader 1500b (not shown in FIG. 2). The launcher 1500a is executed by the CPU 101 to realize an application activation instruction receiving unit 110 and a launcher unit 111, which will be described later. The downloader 1500b is executed by the CPU 101 to realize a download unit 121 described later. The key manager 1600 implements the key management unit 120 by being executed by the CPU 101.

  As the auxiliary memory 203, for example, a nonvolatile memory such as a hard disk or a flash memory may be used. Details of the application resources 1200a and 1200b and the runtime 1300 will be described later.

  The RF circuit 104 is controlled by the CPU 101 and transmits a high-frequency signal from the antenna 105 to another wireless communication device. Further, the RF circuit 104 converts the high frequency signal received by the antenna 105 into a baseband signal, and outputs the baseband signal to the CPU 101.

  The LCD 106 is controlled by the CPU 101 and displays image information to the user. The touch screen 107 is pasted on the display screen of the LCD 106, and detects a contact position by a user's fingertip, for example. The touch screen 107 is sometimes called a touch panel.

  The various sensors 108 are controlled by the CPU 101 and acquire state information of the mobile terminal 100. As the sensor 108, for example, an acceleration sensor, a gyro sensor, an illuminance sensor, a geomagnetic sensor, a tilt sensor, a pressure sensor, a proximity sensor, a temperature sensor, 3G, a wireless LAN, a GPS module, or the like may be used.

(Hardware configuration of application server 200)
FIG. 3 is a schematic diagram of a hardware configuration of the application server 200 according to the embodiment.

  As shown in FIG. 3, the application server 200 according to the present embodiment includes a CPU 201, a main storage device 202, a system controller 203, a network controller 204, a disk controller 205, and an auxiliary storage device 206.

  The CPU 201, the main storage device 202, the system controller 203, the network controller 204, and the disk controller 205 are connected to each other by, for example, a bus B2.

  The CPU 201 controls various hardware of the application server 200. Further, the CPU 201 implements various functions by reading various programs stored in the auxiliary storage device 206 into the main storage device 202 and executing the various programs read into the main storage device 202. Details of the various functions will be described later.

  The main storage device 202 stores various programs executed by the CPU 201. Further, the main storage device 202 is used as a work area for the CPU 201 and stores various data necessary for processing by the CPU 201. For example, a RAM may be used as the main storage device 202.

  The system controller 203 is connected to both the CPU 201 and the main storage device 202. The system controller 203 controls data transmission between the CPU 201 and the main storage device 202 and data transmission between the CPU 201 and the bus 208. Further, the system controller 203 is connected to the network controller 204 and the disk controller 205 via the bus 208.

  The network controller 204 is connected to the mobile terminal 100 via the network 300 and executes transmission / reception of various data with the mobile terminal 100.

  The auxiliary storage device 206 is connected to the disk controller 205. The auxiliary storage device 206 stores various programs. As the various programs, for example, an application program 2000 executed by the CPU 201, an OS 2100 that is an execution environment of the application program 2000, application resources 1200a and 1200b downloaded to the mobile terminal 100, a runtime 1300, and the like are stored. When an application program (native application) in a format that can be directly interpreted / executed by the OS 2100 is downloaded to the mobile terminal 100, the application program (native application) may be stored. For example, a hard disk may be used as the auxiliary storage device 206.

(Configuration of application programs 1400a and 1400b)
Here, the configuration of application programs 1400a and 1400b as so-called hybrid applications will be described.

  FIG. 4 is a schematic diagram of the application programs 1400a and 1400b according to the embodiment. (A) and (b) show application programs 1400a and 1400b for different applications.

  As shown in FIGS. 4A and 4B, application programs 1400a and 1400b executed by the mobile terminal 100 are so-called hybrid applications, and application resources 1200a and 1200b created for each application, A common runtime 1300.

  The application resources 1200a and 1200b are program files developed by an application developer, for example. Since these application resources 1200a and 1200b are not executable formats interpretable by the OS 1100, the OS 1100 recognizes them as simple data files. The application resources 1200a and 1200b are described in, for example, HTML or Java (registered trademark) script.

  The runtime 1300 provides the mobile terminal 100 with an execution environment for executing the application resources 1200a and 1200b as application programs. The runtime 1300 is a so-called native application, and is an execution format that can be interpreted by the OS 1100, so that the OS 1100 recognizes it as an application program.

(Functional block of mobile terminal 100)
FIG. 5 is a schematic diagram of functional blocks of the mobile terminal 100 according to the embodiment.

  As illustrated in FIG. 5, the mobile terminal 100 according to the present embodiment includes an application activation instruction reception unit 110, a launcher unit 111, a memory management unit 112, a runtime reading unit 113, an application resource reading unit 114, a decryption unit 115, and a process. A generation unit 116, a process execution unit 117, an access management unit 118, a key management unit 120, a download unit 121, a storage unit 123, and a key store 124 are provided.

  Application start instruction reception unit 110, launcher unit 111, memory management unit 112, runtime reading unit 113, application resource reading unit 114, decryption unit 115, process generation unit 116, process execution unit 117, access management unit 118, key management unit The CPU 120, the download unit 121, the storage unit 123, and the key store 124 are all realized by the CPU 101 executing various programs read into the main memory 102.

  The application activation instruction receiving unit 110 receives an application activation instruction from the application server 200 and notifies the launcher unit 111 of the application activation instruction. The application activation instruction designates application resources 1200a and 1200b and instructs activation of the application resources 1200a and 1200b.

  Based on the application activation instruction from the application activation instruction receiving unit 110, the launcher unit 111 outputs the activation instruction of the runtime 1300 using the designated application resource 1200a or 1200b as an argument. Further, the launcher unit 111 requests the key management unit 120 for a key for decrypting the designated application resources 1200a and 1200b. However, the present embodiment is not limited to this. For example, the launcher unit 111 uses the application resources 1200a and 1200b corresponding to the icon as arguments when the user taps the icon. An activation instruction may be output.

  The memory management unit 112 generates a process space in the main memory 102 for executing the designated application resource 1200 a or 1200 b based on the activation instruction of the runtime 1300. The process space is a secure memory space isolated for each process of the program executed by the CPU 101.

  The runtime reading unit 113 reads the runtime 1300 stored in the storage unit 123 into the process space generated by the memory management unit 112.

  Based on an instruction from the runtime reading unit 113, the application resource reading unit 114 reads the designated application resource 1200a or 1200b into the process space into which the runtime 1300 has been read. Further, the application resource reading unit 114 may read resources into the process space in which the runtime 1300 has been read based on an instruction from the process execution unit 117.

  The decryption unit 115 decrypts the key delivered from the key management unit 120. Furthermore, the decryption unit 115 operates as a part of the runtime 1300, and decrypts the application resource 1200a or 1200b read into the process space inside the process space using the decrypted key.

  The process generation unit 116 generates a process of the application program 1400a or 1400b by integrating and compiling the application resource 1200a or 1200b and the runtime 1300 read into the process space.

  The process execution unit 117 executes the process of the application program 1400a or 1400b generated in the process space. Further, the process execution unit 117 may instruct the application resource reading unit 114 to read resources necessary for executing the process during the process execution.

  The access management unit 118 permits or restricts file access by the process execution unit 117 or the application resource reading unit 114 based on the access right of the access right table T. The file access is any one of reading / writing / execution to the application resources 1200a and 1200b and various application programs stored in the storage unit 123.

  Based on the request from the launcher unit 111, the key management unit 120 acquires a key for decrypting the application resource 1200 a or 1200 b from the key store 124. The key acquired from the key store 124 is stored in the key management unit 120. Furthermore, the key management unit 120 encrypts the key acquired from the key store 124 using, for example, a key generated based on information unique to the mobile terminal 100 and passes it to the decryption unit 115. For the key delivery, for example, an inter-process communication function provided by the OS 1100 may be used. In the present embodiment, since Android is used as the OS 1100, for example, the Android Intent function may be used.

  The download unit 121 receives the application resource 1200 a or 1200 b transmitted from the application server 200 from the transmission / reception unit 122 and arranges it in the data area Rd of the storage unit 123. Further, in addition to the application resources 1200 a and 1200 b, the download unit 121 receives, for example, a runtime or application program as a native application stored in the application server 200 from the transmission / reception unit 122 and arranges it in the storage unit 123. good. However, a runtime, an application program, and the like as a native application are stored in an application area different from the data area Rd of the storage unit 123.

  Note that when the URL 1700 of the application resources 1200a and 1200b is transmitted from the application server 200, the download unit 121 may instruct the transmission / reception unit 122 to transmit a transmission request for the application resources 1200a and 1200b.

  The transmission / reception unit 122 receives the encrypted application resource 1200 a transmitted from the application server 200. When the URL 1700 of the application resources 1200a and 1200b is transmitted from the application server 200, the transmission / reception unit 122 sends a transmission request for the application resources 1200a and 1200b specified by the URL 1700 based on an instruction from the download unit 121. Send to. When there is a token, the transmission / reception unit 122 may transmit the token with additional information.

  The storage unit 123 is constructed in the auxiliary memory 103 of the mobile terminal 100, for example. The storage unit 123 stores, for example, the application program 1000, the OS 1100, the application resources 1200a and 1200b, the runtime 1300, and the like. Furthermore, an access right provided by the OS 1100 is set in the file stored in the storage unit 123.

  The key store 124 is constructed in the auxiliary memory 103 of the mobile terminal 100, for example. The key store 124 stores a key for decrypting the application resources 1200a and 1200b. It is desirable that the key stored in the key store 124 is protected more securely than other data using a hardware function or the like. For example, by using the TRUSTZONE function possessed by ARM, it is possible to prevent malicious software from extracting the key.

  In the present embodiment, the key store 124 is constructed in the auxiliary memory 103, but the present invention is not limited to this. For example, the key store 124 may be constructed in the memory chip by facilitating the memory chip separately from the auxiliary memory 103 in which the application resources 1200a or 1200b are stored.

(Access right table T)
Here, an access right set in the application program by the OS 1100 will be described.

  FIG. 6 is a schematic diagram of the access right table T according to the embodiment.

  As shown in FIG. 6, the access right table T according to the present embodiment associates the UserID of the application program with the access right (access control) to the application program. In this embodiment, since Android is used as the OS 1100, a unique name associated with the name of the application (such as “Runtime” or “App”) is assigned to UserID. For example, “App-12345” is assigned to “Runtime”, and “app-67890” is assigned to “App”. Note that “r”, “w”, and “x” in the figure indicate readable, writable, and executable, respectively.

  For example, paying attention to the frame W of the access right table T, the application program whose User ID is “app-12345”, that is, the runtime 1300 has “r”, “w”, “ x "is assigned. Therefore, if it is a user of the runtime 1300, that is, if it is a process of the runtime 1300, any read / write / execution access to the runtime 1300 stored in the storage unit 123 is permitted.

(Function block of application server 200)
FIG. 7 is a schematic diagram of functional blocks of the application server 200 according to an embodiment.

  As shown in FIG. 7, the application server 200 according to the present embodiment includes an application reception unit 211, an application key generation unit 212, an application encryption unit 213, an application placement unit 214, a key encryption unit 215, a push control unit 216, A transmission / reception unit 217 and a storage unit 218 are provided.

  The application reception unit 211, application key generation unit 212, application encryption unit 213, application placement unit 214, key encryption unit 215, push control unit 216, and transmission / reception unit 217 are all read by the CPU 201 into the main storage device 202. This is realized by executing various programs.

  For example, the application reception unit 211 receives registration of application resources 1200a and 1200b developed by an application developer. The application reception unit 211 may receive registration of an application program as a native application in addition to application resources.

  The application key generation unit 212 generates a key for encrypting the specified application resources 1200a and 1200b. The key is generated based on information unique to the application resources 1200a and 1200b and the destination mobile terminal 100, and is a key unique to each application and the destination mobile terminal 100. The encryption method is not particularly limited.

  The application encryption unit 213 encrypts the application resources 1200a and 1200b using the key generated by the application key generation unit 212.

  The application placement unit 214 places the application resources 1200 a and 1200 b encrypted by the application encryption unit 213 in the storage unit 218.

  The key encryption unit 215 encrypts the key itself for encrypting the application resources 1200a and 1200b using a key generated based on information unique to the mobile terminal 100.

  The push control unit 216 uses the URL 1700 of the application resource 1200a, 1200b or the application resource 1200a, 1200b and the key generated by the application key generation unit 212 based on, for example, position information or context information acquired from the sensor of the mobile terminal 100. The transmission / reception unit 217 is instructed to transmit. Further, token information for acquiring a specified application may be added as additional information.

  For example, based on an instruction from the push control unit 216, the transmission / reception unit 217 transmits the URL 1700 or application resources 1200a and 1200b stored in the storage unit 218 and a key for decrypting them to the mobile terminal 100.

  The storage unit 218 is constructed in the auxiliary storage device 206 of the application server 200, for example. The storage unit 218 stores, for example, the application program 2000, the OS 2100, the application resources 1200a and 1200b, and the like. Further, the storage unit 218 may store the runtime 1300.

(Download application resources by CPU 101 of portable terminal 100)
FIG. 8 is a flowchart of downloading application resources 1200a and 1200b by the CPU 101 of the mobile terminal 100 according to the embodiment.

  As illustrated in FIG. 8, the transmission / reception unit 122 determines whether the application URL 1700 transmitted from the application server 200 has been received (step S <b> 121).

  If it is determined that the URL 1700 of the application has been received (Yes in step S121), the download unit 121 transmits a download request for the application resource (here, the application resource 1200a) specified by the URL 1700. The transmission / reception unit 122 is instructed (step S122).

  On the other hand, if it is not determined that the application URL 1700 has been received (No in step S121), the transmission / reception unit 122 continues to determine whether the application URL 1700 has been received (step S121).

  The application server 200 also transmits a key for decrypting the application resource 1200a simultaneously with the transmission of the URL 100 of the application. The transmission / reception unit 122 delivers the key transmitted from the application server 200 to the key management unit 120. Then, the key management unit 120 stores the key delivered from the transmission / reception unit 122 in the key store 124 (step S126). At this time, the key management unit 120 decrypts the key delivered from the application server 200 using a key unique to the mobile terminal 100 and stores the decrypted key in the key store 124.

  Next, based on the download request from the download unit 121, the transmission / reception unit 122 transmits a transmission request for the specified application resource 1200a to the application server 200 (step S123). When there is a token, the token may be attached as additional information and transmitted. Thereby, the application server 200 transmits the designated application resource 1200a to the mobile terminal 100.

  Note that the application resource 1200 a transmitted from the application server 200 is encrypted with a key unique to the application resource 1200 a and the mobile terminal 100. For this reason, the transmission / reception unit 122 of the portable terminal 100 receives the encrypted application resource 1200a (step S124). Then, the transmission / reception unit 122 delivers the application resource 1200 a to the download unit 121.

  Next, the download unit 121 stores the application resource 1200a delivered from the transmission / reception unit 122 in the storage unit 123 (step S125). At this time, since the mobile terminal 100 recognizes the application resource 1200a as a simple data file, it is arranged in the data area Rd of the storage unit 123.

  However, an access right with the runtime 1300 as the User (owner) is set for each data file. For this reason, a data file stored in the data area Rd of the storage unit 123 cannot be accessed unless it is a process of the runtime 1300. In other words, any process of the runtime 1300 can access the data file stored in the data area Rd of the storage unit 123.

  The application resource 1200a is thus downloaded.

  Downloading application resources is performed every time an application execution instruction is issued. For this reason, for example, when an instruction to execute another application (here, the application resource 1200b) is issued after the application resource 1200a is downloaded, the application resource 1200b is stored in the storage unit 123 through the same procedure. Stored. Also at this time, since the application resource 1200b is recognized as a simple data file, it is stored in the data area Rd in which the application resource 1200a is stored.

  As described above, in the mobile terminal 100 according to the present embodiment, when a plurality of application resources 1200a and 1200b are downloaded from the application server 200, all the application resources 1200a and 1200b are stored in the common data area Rd as data files. Thus, an access right that sets the runtime 1300 as a User (owner) is set for each data file.

  Here, based on the URL 1700 of the application transmitted from the application server 200, the mobile terminal 100 transmits a download request to the application server 200, but the present invention is not limited to this. For example, the application resources 1200a and 1200b determined to be necessary by the application server 200 may be transmitted to the mobile terminal 100 based on position information and context information acquired from the sensor of the mobile terminal 100. That is, when necessary application resources 1200a and 1200b are transmitted to the mobile terminal 100 based on the determination of the application server 200, the above-described steps S121 to 124 are omitted.

(Execution of application by CPU 101 of portable terminal 100)
FIG. 9 is a flowchart of application execution by the CPU 101 of the mobile terminal 100 according to the embodiment. FIG. 10 is a schematic diagram for explaining access restriction on a file stored in the storage unit 123 according to the embodiment. FIG. 11 is a schematic diagram for explaining access restriction on a file stored in the storage unit 123 according to the embodiment.

  In the following description, it is assumed that the application resources 1200 a and 1200 b and the runtime 1300 are stored in the storage unit 123 of the mobile terminal 100.

  As illustrated in FIG. 9, first, the application activation instruction reception unit 110 determines whether an activation instruction for an application (here, the application of the application resource 1200a) transmitted from the application server 200 has been received (step S101). ). When the application resource 1200a is transmitted from the application server 200, it may be determined that an application activation instruction has been received.

  If it is determined that an application activation instruction has been received (Yes in step S101), the application activation instruction reception unit 110 outputs an application execution instruction to the launcher unit 111 (step S102).

  On the other hand, if it is not determined that an application activation instruction has been received (No in step S101), the application activation instruction reception unit 110 continues to determine whether an application activation instruction has been received (step S101).

  Next, the launcher unit 111 outputs an activation instruction for the runtime 1300 based on the application execution instruction from the application activation instruction receiving unit 110, with the file name of the designated application resource 1200a as an argument (step S103).

  Further, the launcher unit 111 requests the key management unit 120 for a key for decrypting the designated application resource 1200a (step S107).

  Next, the memory management unit 112 generates a process space M1 for executing the runtime 1300 and the application resource 1200a in the main memory 102 (step S104).

  Next, the runtime reading unit 113 reads the runtime 1300 stored in the storage unit 123 into the process space M1 generated by the memory management unit 112 (step S105). As a result, a process of the runtime 1300 is generated in the process space M1.

  Next, the application resource reading unit 114 further reads the application resource 1200a into the process space M1 in which the runtime 1300 has been read (step S106).

  In parallel with these, the key management unit 120 acquires a key for decrypting the application resource 1200a from the key store 124 based on the request from the launcher unit 111 (step S108). Further, the key management unit 120 encrypts the key acquired from the key store 124. The encrypted key is delivered to the decryption unit 115 using the inter-process communication function of the OS 1100, for example. The encryption method is not particularly limited.

  Next, the decryption unit 115 decrypts the key delivered from the key management unit 120 (step S109), and decrypts the application resource 1200a read into the process space M1 using the decrypted key. (Step S110). That is, the application resource 1200a is decrypted (plain culture) after being read into the process space M1.

  Next, the process generation unit 116 generates the process P1 of the application program 1400a in the process space M1 by integrating and compiling the application resource 1200a and the runtime 1300 decrypted by the decryption unit 115 (step S111). ).

  The process P1 is a process of the application program 1400a as a hybrid application configured by the application resource 1200a and the runtime 1300. However, since the OS 1100 recognizes the application resource 1200a as simple data, the OS 1100 recognizes the process P1 as a process of the runtime 1300.

  Next, the process execution unit 117 executes the process P1 of the application program 1400a (step S112).

  Next, the access management unit 118 determines whether the process P1 executed by the process execution unit 117 accompanies access to the file stored in the storage unit 123 (step S113).

  Here, if it is determined that the process P1 involves access to an application resource (for example, an icon image) (Yes in step S113), the access management unit 118 refers to the access right in the access right table T. Whether to permit access to the file is determined (step S114).

  On the other hand, if it is not determined that the process P1 accompanies access to the application resource (No in step S113), the process execution unit 117 continues to execute the process P1 of the application program 1400a (step S112).

  If it is determined that the process P1 involves access to the application resource (Yes in step S113) and it is determined that access to the application resource is permitted (Yes in step S114), the process execution unit 117 Access to the application resource, for example, reading / writing / execution of the application resource stored in the storage unit 123 is executed (step S115).

  The mobile terminal 100 according to the present embodiment performs the series of processes described above every time the application is executed. For this reason, for example, when another application (here, an application of the application resource 1200b) is executed after the generation of the process P1 of the application program 1400a, a process P2 of the application program 1400b is further generated. Moreover, the processes P1 and P2 of the application programs 1400a and 1400b are all recognized as processes of the runtime 1300.

  Therefore, the process P1 and the process P2 are permitted to access both the application resources 1200a and 1200b stored in the data area Rd of the storage unit 123, as indicated by an arrow A in FIG. If this is left as it is, for example, if the process P1 is a malicious process, the process P1 may illegally access the application resource 1200b stored in the storage unit 123 and falsify the application resource 1200b. obtain.

  Therefore, in the present embodiment, the application resources 1200a and 1200b stored in the data area Rd of the storage unit 123 are separately encrypted with different keys. Moreover, the process P1 has only a key for decrypting its own application resource 1200a, and the process P2 has only a key for decrypting its own application resource 1200b.

  For this reason, the process P1 cannot perform any of reading / writing / execution to the application resource 1200b stored in the data area Rd of the storage unit 123. Similarly, the process 2 cannot perform any of reading / writing / execution to the application resource 1200a stored in the data area Rd of the storage unit 123.

  As a result, even if the application resource downloaded to the mobile terminal 100 performs a malicious operation within the mobile terminal 100, the application resources 1200a and 1200b stored in the data area Rd of the storage unit 123 are illegally accessed, for example. Can protect against such threats.

  Further, the application resource reading unit 114 executes reading of the application resources 1200a and 1200b as a process of the runtime 1300. Therefore, the process of the runtime 1300 is permitted to access both of the application resources 1200a and 1200b stored in the data area Rd of the storage unit 123 as indicated by an arrow B in FIG.

  However, in the present embodiment, as described above, the application resources 1200a and 1200b stored in the data area Rd of the storage unit 123 are separately encrypted with different keys. Moreover, the process of the runtime 1300 has only a key for decrypting the designated application resource 1200a or 1200b.

  For this reason, the process of the runtime 1300 activated with the application resource 1200 a as an argument cannot read into the application resource 1200 b stored in the data area Rd of the storage unit 123. Similarly, the process of the runtime 1300 activated with the application resource 1200b as an argument cannot read the application resource 1200a stored in the data area Rd of the storage unit 123.

  Thereby, when the mobile terminal 100 tries to execute the application program 1400a, the process of the runtime 1300 does not read the application resource 1200b stored in the data area Rd of the storage unit 123. Conversely, when the mobile terminal 100 tries to execute the application program 1400b, the process of the runtime 1300 does not read the application resource 1200a stored in the data area Rd of the storage unit 123. That is, the mobile terminal 100 according to the present embodiment can reliably execute the designated application.

  According to the present embodiment, the application resources 1200a and 1200b are downloaded from the application server 200 and executed on the runtime 1300 preinstalled in the mobile terminal 100, thereby generating the processes P1 and P2 of the application programs 1400a and 1400b. doing.

  Therefore, the amount of data downloaded from the application server 200 can be reduced by the amount of the runtime 1300. Moreover, since the mobile terminal 100 does not recognize the application resources 1200a and 1200b as application programs, when the application resources 1200a and 1200b are downloaded, a confirmation display (such as an agreement button) to the user of the mobile terminal 100 occurs. There is no. Therefore, it is possible to realize a reduction in annoyance to the user of the mobile terminal 100 and inefficient consumption of the storage area of the mobile terminal 100.

  Furthermore, according to the present embodiment, each time the application resources 1200a and 1200b are executed, the process spaces M1 and M2 that are isolated from each other are generated, and the runtime 1300 and the application resources 1200a and 1200b are generated in the process spaces M1 and M2, respectively. Are read one by one. That is, a plurality of application resources 1200a and 1200b are not read into the process spaces M1 and M2. For this reason, a plurality of application resources 1200a and 1200b do not interfere with each other in the process spaces M1 and M2.

  Further, according to the present embodiment, the application resources 1200a and 1200b stored in the data area Rd of the storage unit 123 are separately encrypted with different keys. Moreover, each process P1, P2 is only given a key for decrypting its own application resources 1200a, 1200b. For this reason, the processes P1 and P2 can access only their own application resources among the application resources stored in the data area Rd of the storage unit 123. Thereby, the application resources 1200a and 1200b stored in the storage unit 123 of the mobile terminal 100 can be protected from threats such as unauthorized access due to malicious application resources, for example.

  Moreover, the application resource reading unit 114, the decryption unit 115, the process generation unit 116 realized by the runtime 1300, the launcher unit 111 and the download unit 121 realized by the application manager 1500, and the key management realized by the key manager 1600. The above-described functions can be obtained only by adding the unit 120 (that is, while using the existing OS 1100).

(Modification)
FIG. 12 is a schematic diagram of an information processing system according to a modification of the embodiment.

  In the above-described embodiment, the application server 200 has a function of storing application resources and a function of pushing application resources. However, the present invention is not limited to this.

  For example, as shown in FIG. 12, instead of the application server 200, an application server 200A that does not have a function for storing application resources and a function for pushing application resources may be used. In this case, if an application store 400 including a storage unit 218 for storing application resources and a push server 500 including a push control unit 216 for controlling the push of application resources are separately prepared and connected via the network 300, respectively. good.

100: Mobile terminal (information processing device)
102: Main memory (memory)
112: Memory management unit 113: Runtime reading unit 114: Application resource reading unit 115: Decryption unit 116: Process generation unit 117: Process execution unit 120: Key management unit 123: Storage unit 124: Key store 200: Application server 200A: Application server 300: Network 400: App store 500: Push server M1: Process space M2: Process space P1: Process P2: Process 1200a: Application resource 1200b: Application resource 1300: Runtime

Claims (8)

A storage unit for storing a plurality of application resources for a plurality of different application programs and a runtime used for each of the plurality of application resources;
A memory management unit that generates a plurality of process spaces corresponding to each of the application programs in a memory for each start instruction of each application program included in the plurality of different application programs;
A runtime loading unit for loading the runtime into each of the plurality of process spaces;
An application resource reading unit that reads each application resource corresponding to each application program into a corresponding process space among a plurality of process spaces loaded with the runtime;
A process generation unit for generating a process of each application program from an application resource and a runtime read in each of the plurality of process spaces;
A process execution unit for executing processes of the application programs generated on the plurality of process spaces;
The runtime is a native application program that can be interpreted and executed by an operating system, and each of the plurality of application programs is a hybrid application program that includes the runtime and resources that the runtime can interpret. An information processing apparatus that executes a generation process of confirmation display to a user when downloading the application program and does not execute the generation process of the confirmation display when downloading the plurality of application resources. In the information processing apparatus according to claim 1,
The storage unit stores encrypted application resources,
The app resource reading unit reads the encrypted app resource into the process space in which the runtime is read,
The information processing apparatus further includes:
A key management unit for managing a key for decrypting the encrypted application resource;
An information processing apparatus comprising: a decryption unit that decrypts the encrypted application resource read into the process space using the key. In the information processing apparatus according to claim 2,
The key management unit encrypts the key and passes it to the decryption unit,
The decryption unit decrypts the key delivered from the key management unit, and decrypts the encrypted application resource read into the process space using the decrypted key. Processing equipment. The information processing apparatus according to claim 3, further comprising:
A key request unit that requests the key to the key management unit based on an activation instruction of each application program,
The key management unit is an information processing apparatus that delivers the key to the decryption unit when the key request unit requests the key. In the information processing apparatus according to any one of claims 2 to 4,
The storage unit is an information processing apparatus that stores a plurality of application resources encrypted using different keys. In an information processing method executed by a computer,
Generating a plurality of process spaces corresponding to each application program in a memory for each start instruction of each application program included in a plurality of different application programs;
Loading the runtime into each of the plurality of process spaces from a storage unit storing a plurality of application resources for the plurality of different application programs and a runtime used for each of the plurality of application resources;
Loading each application resource corresponding to each application program into a corresponding process space among the plurality of process spaces loaded with the runtime;
Generating a process for each application program from an application resource and a runtime read into each of the plurality of process spaces;
Executing the process of each application program generated on the plurality of process spaces;
The runtime is a native application program that can be interpreted and executed by an operating system, and each of the plurality of application programs is a hybrid application program that includes the runtime and resources that the runtime can interpret. An information processing method that executes a generation process of confirmation display to a user when downloading the application program and does not execute the generation process of the confirmation display when downloading the plurality of application resources. In the information processing method according to claim 6,
In the step of reading the application resource, the encrypted application resource is read into the process space,
The information processing method further includes:
An information processing method comprising a step of decrypting an application resource read into the process space. In a program to be executed by a processor of an information processing apparatus that executes a generation process of confirmation display to a user when an application program is downloaded,
In the processor,
For each start instruction of each application program included in a plurality of different application programs, generate a plurality of process spaces corresponding to each application program in the memory,
A plurality of application resources for the plurality of different application programs and a storage unit storing a runtime used for each of the plurality of application resources, the runtime is read into each of the plurality of process spaces;
Each application resource corresponding to each application program is loaded into a corresponding process space among the plurality of process spaces loaded with the runtime,
From the application resource and runtime loaded in each of the plurality of process spaces, the process of each application program is generated,
A process of each of the application programs generated on the plurality of process spaces is executed, and the runtime is a native application program that can be interpreted and executed by an operating system, and each of the plurality of application programs includes the runtime and A hybrid application program configured with resources that can be interpreted by the runtime, and the generation process of the confirmation display to the user is not executed when an application resource for the application program is downloaded.

Images