JP2018133092A - Control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a control program capable of use restriction on an information apparatus depending on conditions even on assumed travel rout.SOLUTION: The control program causes a computer to execute a series of processing to acquire a piece of position information of an information processing terminal from the information processing terminal and to control the use of the application in the information processing terminal based on the acquired position of the information processing terminal and the access restriction of the application associated with the position stored in a storage part.SELECTED DRAWING: Figure 5

Description

  The present invention relates to a technology for controlling information equipment.

  Due to the widespread use of information devices, there are increasing opportunities for information devices such as laptop computers, pad-type information devices, and smart devices to be taken out when traveling on a business trip.

  For example, when an information device is taken out of the company and used outside, the information device is lost, the information device is stolen by a third party, or the information displayed on the information device is The risk of snooping by three parties increases.

  Currently, in general, risks are allowed by taking some measures against loss of information equipment, and the current situation is that information equipment is taken out and used outside the company. For example, when an information device is taken out of the company, encryption of the information stored in the information device is obligatory, and at the time of taking out, an application such as take-out date, take-out person, take-out destination is required. It is.

  However, it is a well-known fact that information leakage cases frequently occur, and more effective countermeasures are desired.

  On the other hand, Patent Document 1 discloses a technique for determining whether an information device has been left behind based on the current position of the information device, and for restricting the use of the information device that has been left behind (security measures).

  Patent Document 2 discloses a technique for comparing a movement route to a destination with a current position and determining whether or not the current position matches the movement route.

JP 2007-257066 A JP-A-8-50027

  The use restriction based only on the position information of the information device as disclosed in the above-mentioned Patent Document 1 and the like is because it is difficult to accurately determine whether or not the person actually owns the information device. May not be an effective measure. For example, even if the current location of the information device is on the expected (planned) location or route, there may be a third party that is different from the person, and in that case the risk of information leakage is high. Become. However, if the location information is normal, no usage restrictions are imposed, which is not an effective measure.

  Even if the person owns the information device, the risk of information leakage increases if the person performs an action different from the schedule. However, even if the action is different from the schedule, the route itself is not necessarily changed. Therefore, the use restriction based only on the position information of the information device is not an appropriate measure corresponding to the case where the user takes an action different from the schedule.

  In view of this, an object of one aspect is to provide a mechanism that can apply a usage restriction corresponding to a situation to an information device even on an assumed movement route.

  In one proposal, the location information of the information processing terminal is acquired from the information processing terminal, and based on the acquired location of the information processing terminal and the access restriction of the application associated with the location stored in the storage unit, Causes a computer to execute processing for controlling use of an application in the information processing terminal.

  According to one aspect, it is possible to apply a usage restriction corresponding to a situation to an information device even on an assumed movement route.

It is a figure which shows the example of assumption action and unexpected action. It is a figure which shows the example of the case assumed by the combination of the propriety of a movement path | route, and the propriety of passage timing. It is a figure which shows the example of the relationship between an assumption case and the level of risk. It is a figure which shows the example of the access restriction for every information division according to the condition and level of information equipment. It is a figure which shows the structural example of an information device. It is a figure which shows the structural example of a system. It is a figure which shows the example of the information used for a process. It is a flowchart (the 1) which shows the process example of embodiment. It is a flowchart (the 2) which shows the process example of embodiment.

  Hereinafter, preferred embodiments of the present invention will be described.

<Overview>
FIG. 1 is a diagram illustrating examples of assumed behavior and unexpected behavior.

  In FIG. 1, from the departure point, go to station A by walking as shown by a straight line, go to station B by a train (conventional line) from station A, and go to station C by train (super express) from station B Suppose that the planned route is to go from station C to the destination on foot. And when it moves at the passage timing (elapsed time etc. from the time of departure) which planned the route, it is an assumed action (scheduled action).

  What deviates from the assumed behavior is an unexpected behavior, and there are several cases. For example, if you shop at a store in station A or use a toilet in the station, you will not be off the planned route, but the delay will occur and the passing timing will be different. Become.

  In addition, if there is a train operation restraint due to a safety check or a personal accident at station A, a delay occurs and the passage timing is different, which is an unexpected behavior.

  Also, if you get on the express at the station B by mistake, it will be an unexpected behavior because a delay will occur and the passage timing will be different.

  Also, if the information device is misplaced at station A, even if the taker gets on the train as scheduled, the information device will not move, and a delay will occur and the passing timing will be different. Become.

  Further, if another route is moved from the departure point on foot to the station A, even if the passage timing of the station A is the same, the route that has moved is different and the behavior is unexpected.

  In addition, it is necessary to make a detour due to a train accident at station A, move to station E, use airplanes (airports F and G), use buses (bus stops H and I), and walk to your destination. If you go to, it will be unexpected behavior because the route you traveled and the passage timing will be different.

  Also, if you get on the train in the opposite direction to station B at station A, the route you traveled and the passage timing will be different, which is an unexpected behavior.

  Also, if you forget to get off at station C, the route you traveled and the timing of passage will be different, which is an unexpected behavior.

  Further, when the information device is stolen on the way from the departure point to the station A, and the criminal moves to the station D on foot, the moving route and the passage timing are different, which is an unexpected behavior.

  Further, when going from the station E to the station J by train, the route traveled and the passage timing are different, which is an unexpected behavior.

  In addition, if a route different from the schedule is moved due to a skipping, the moved route and the passage timing are different, which is an unexpected behavior.

  FIG. 2 is a diagram illustrating an example of a case assumed based on a combination of appropriateness of a movement route and appropriateness of passage timing, and representative cases are shown as an to n.

  Case a is included when the movement route and the passage timing are normal.

  Cases b to e are included when the movement path is normal but the passage timing is not normal. Case b is an unexpected behavior caused by shopping at a store in the station or using a toilet in the station. Case c is a case where train operation is suppressed in which the train stops due to safety confirmation or personal injury. Case d is a case of wrong boarding in the same direction, where different train types are boarded on the same route. Case e is a case where the information device is left behind.

  Case f is included when the movement path is not normal but the passage timing is normal. This is a case where another route having the same required time is used.

  Cases g to n are included when neither the movement route nor the passage timing is normal. Case g is a detour boarding accompanying the occurrence of a train accident, but cannot be determined as a detour boarding at the present time. Case h is a state in which it is determined that the boarding is appropriate. Case i is a case of a mistake in getting on a train in another direction. Case j is a case of getting over at a scheduled station. Case k is a state in which the taker's mobile phone or the like has been automatically contacted but is not corrected and the possibility of theft is high. Case l is a state in which the information device has been misplaced and delivered to a safe public place by a bona fide third party. Case m is in a state that is almost certain to be stolen. Case n is another unexpected behavior.

  FIG. 3 is a diagram illustrating an example of a relationship between an assumed case and a risk level. Assumed cases a to n in FIG. 3 correspond to the assumed cases a to n in FIG. 2.

  The level increases in the order of “normal level” → “caution level” → “warning level” → “warning level” as the risk increases. Note that if the warning level continues for a predetermined time, the warning level is raised, and if the warning level continues for a predetermined time, the data of the information device is erased.

  FIG. 4 is a diagram illustrating an example of access restriction (use restriction) for each information category according to the status and level of the information device.

  In FIG. 4, reference (Read) and write (Write) are permitted regardless of take-out information classification in the stage before take-out control preparation in the office before take-out, but movement after the start of take-out control quasi In some cases, reference and writing are restricted depending on the level of the information device 1 according to the information taken out. In addition, the contents of the access restriction are changed between the destination customer and the company business trip destination.

  It should be noted that the content of access restriction may be changed depending on the difference in the means of transportation (walking, train, bus, airplane, etc.) and the time zone. Furthermore, the contents of access restriction may be defined by designating a specific position or time zone. If you are walking, you may hit a snatch, and you might see it on the train. In some cases, safety is ensured in a specific place.

  Moreover, although the access restriction for the information in the information device has been illustrated, the access restriction for the application (application program) may be defined. Furthermore, the accessible file size may be limited according to the network speed during movement.

<Equipment configuration / system configuration>
FIG. 5 is a diagram showing a configuration example of the information device 1, and the information device 1 is controlled alone on the premise of the existence of an external environment for acquiring external information.

  In FIG. 5, the information device 1 includes a general function unit 11 and a take-out control unit 12. The general function unit 11 is a part that provides basic functions for browsing and updating information as an information device. The take-out control unit 12 is a part that performs control when the information device 1 is taken outside due to a business trip or the like.

  The take-out control unit 12 includes a take-out setting unit 120, a take-out control start / end control unit 121, a position information acquisition unit 122, an external information acquisition unit 123, a moving means determination unit 124, an unexpected behavior monitoring unit 125, and mobile communication A unit 126, an access control application unit 127, a data erasure unit 128, and a log acquisition / storage unit 129.

  The takeout setting unit 120 has a function of setting movement route information (position information, passage timing information) and the like scheduled for carrying out takeout control.

  The take-out control start / end control unit 121 has a function of controlling the start and end of take-out of the information device 1 based on a predetermined operation being performed at a predetermined position.

  The position information acquisition unit 122 has a function of acquiring current position (latitude / longitude) information of the information device 1 by GPS (Global Positioning System) or the like.

  The external information acquisition unit 123 has a function of acquiring traffic area information and safety area information such as police / station lost / lost items from an external network service.

  The moving means determination unit 124 determines whether the current movement is a walking or a train based on the change speed of the position information of the current information device 1 and the information of the acceleration sensor (further, distinguishing between each station stop, limited express, super express, etc. ), And has a function of determining moving means such as a bus or an airplane.

  The unexpected behavior monitoring unit 125 compares the movement route information with the position information and the passage timing information of the information device 1 acquired up to the present time, and determines the match between the position information and / or the passage timing information. It has a function of monitoring external behavior and changing the level of the information device 1. The level is an element that determines access restrictions on information in the information device 1.

  The mobile communication unit 126 has a function of notifying the taker's mobile phone or the like and instructing a countermeasure when the information device 1 may be misplaced or stolen.

  The access control application unit 127 has a function of performing access control according to the information classification according to the level of the information device 1 currently determined by the unexpected behavior monitoring unit 125, the current position of the information device 1, and the like. Yes.

  The data erasure unit 128 has a function of erasing data of predetermined information in the information device 1 when there is a high possibility of information leakage from the information device 1. For example, erasing data in the information device 1 is performed when the risk of leakage increases and the state of the information device 1 reaches the “warning level”. However, this implementation is not performed immediately, but is assumed to be still at the “warning level” even after a predetermined time has elapsed. Further, when the “warning level” has elapsed for a predetermined time, the “warning level” is automatically changed to “warning level”.

  The log acquisition / accumulation unit 129 has a function of acquiring and accumulating a log of processing contents of the carry-out control unit 12 for later verification, improvement of determination accuracy, and the like.

  FIG. 6 is a diagram showing a configuration example of the system, and the control is performed under the management apparatus (server) 3. Note that the information apparatus 1 can also have the functions shown in FIG. 5 in preparation for a case where communication with the management apparatus 3 cannot be performed.

  In FIG. 6, an information device 1, a management device 3, and an information device 4 are connected to a network 2 such as the Internet.

  In the information device 1, as compared with the configuration shown in FIG. 5, some functional units of the carry-out control unit 12 are omitted or changed. That is, the function of the takeout setting unit 120 (FIG. 5) is performed by the takeout setting unit 30 of the management device 3 by an operation from the setting information device 4. Also, the functions corresponding to the external information acquisition unit 123, the movement means determination unit 124, the unexpected behavior monitoring unit 125, the mobile communication unit 126, and the log acquisition / accumulation unit 129 (FIG. 5) are moved to the management device 3, and the external information The acquisition unit 33, the moving means determination unit 34, the unexpected behavior monitoring unit 35, the mobile communication unit 36, and the log acquisition / accumulation unit 39 are provided. Also, the take-out control start / end control unit 121 has a function of notifying the management device 3 of the start / end of take-out. The position information acquisition unit 122 has a function of notifying the management apparatus 3 of the acquired current position of the information device 1.

  The position information receiving unit 32 of the management device 3 has a function of receiving the current position from the position information acquiring unit 122 of the information device 1.

  The access control instruction unit 37 controls access to the information device 1 according to the information classification according to the level of the information device 1 currently determined by the unexpected behavior monitoring unit 35, the current position of the information device 1, and the like. It has a function to give an instruction to perform.

  The data erasure instruction unit 38 has a function of issuing an instruction to erase data of predetermined information in the information device 1 when there is a high possibility of information leakage from the information device 1.

  FIG. 7 is a diagram showing an example of information used for processing. In the configuration of FIG. 5, it is used on the information equipment 1 side, and in the configuration of FIG. 6, it is mainly used on the management device 3 side.

  In FIG. 7, take-out setting information is information set before take-out by the take-out setting unit 120 (FIG. 5) or the take-out setting unit 30 (FIG. 6). The take-out setting information includes “device ID”, “taker ID”, “take-out date / time”, “take-out destination (destination)”, “use time”, “use information”, “take-out information category”, “scheduled travel route information ( The position information of the moving means and the representative point and the passage timing information (including the elapsed time from the starting point) are included.

  The operation information is information that is set in advance for operation by the export control administrator, and includes “access control information”. The “access control information” is information that defines access permission conditions according to the status such as the level as shown in FIG.

  The current information is the latest information acquired at the present time, and includes “actual movement route information (including location information and passage timing information (elapsed time from the starting point, etc.) of moving means and representative points)” “traffic delay information “Detour route information” “Safe area information” “Current level”.

  The log information is information accumulated by the log acquisition / accumulation unit 129 (FIG. 5) or the log acquisition / accumulation unit 39.

<Operation>
FIG. 8 is a flowchart showing a processing example of the above embodiment.

  In FIG. 8, first, as a setting process by the carry-out setting unit 120 (FIG. 5) or the carry-out setting unit 30 (FIG. 6), a departure place setting (step S101) and a destination setting (step S102) are performed. It is desirable to select from candidates prepared in advance so that arbitrary setting is not performed.

  Thereby, the take-out setting unit 120 or the take-out setting unit 30 displays the recommended route (including a plurality of candidates) by the route search application or the like (step S103), and sets the planned route by the setting person's selection (step S104). )I do. By setting the planned route, planned moving route information (FIG. 7) corresponding to the planned route is stored.

  Further, settings of the information device 1 such as a device ID, a taker ID, usage information and information classification, and usage time are performed (step S105).

  Thereafter, the take-out control start / end control unit 121 (FIGS. 5 and 6) performs a predetermined operation (for example, input of a predetermined approval code) on the information device 1, and a position information acquisition unit When the current position acquired by 122 coincides with the departure place, it is determined that take-out has started (Y in step S201). When the management apparatus 3 performs control (FIG. 6), the takeout control start / end control unit 121 notifies the management apparatus 3 of the start of takeout control.

  With the start of take-out, preparation for take-out control in the take-out control unit 12 (FIG. 5) or the management apparatus 3 (FIG. 6) is performed (step S202).

  Next, the take-out control unit 12 (FIG. 5) or the management device 3 (FIG. 6) includes the position information acquisition unit 122, the external information acquisition unit 123, the movement means determination unit 124 (FIG. 5) or the position information reception unit 32, the external The information acquisition unit 33 and the moving means determination unit 34 (FIG. 6) acquire the latest information that is currently required (step S203).

  Next, the unexpected behavior monitoring unit 125 (FIG. 5) or the unexpected behavior monitoring unit 35 (FIG. 6) monitors the unexpected behavior based on the planned travel route information, the actual travel route information, and other information. The level of the information device 1 is maintained / changed according to the assumed case of the unexpected behavior determined in (Step S204). The relationship between the assumed case and the level follows that shown in FIGS. 2 and 3, for example.

  Next, returning to FIG. 8, the take-out control start / end control unit 121 (FIGS. 5 and 6) performs a predetermined operation (for example, input of a predetermined approval code) on the information device 1, and The end of take-out is determined based on whether or not the current position acquired by the position information acquisition unit 122 matches the departure place (step S205).

  If it is not the end of taking out (N in step S205), the process is repeated from the acquisition of the latest information (step S203).

  In the case of the end of take-out (Y in step S205), preparation for take-out control in the take-out control unit 12 (FIG. 5) or the management apparatus 3 (FIG. 6) is canceled (step S206). When the management apparatus 3 performs control (FIG. 6), the take-out control start / end control unit 121 cancels the preparation for take-out control by notifying the management apparatus 3 of the end of take-out control.

  FIG. 9 is a flowchart showing a processing example of monitoring of unexpected behavior (step S204) in FIG.

  In FIG. 9, first, the planned travel route information and the actual travel route information are compared (step S301).

  When it is determined that the latest travel route matches and the passage timing also matches in the planned travel route information and the actual travel route information (the travel route in step S301: ○ timing: ○), the level is set to the normal level (already the normal level If this is the case, the setting is unnecessary (step S302) (corresponding to the assumed case a in FIGS. 2 and 3).

  If it is determined that the latest travel route matches and the passage timing does not match (movement route in step S301: ○ timing: x), it is determined whether or not train operation is inhibited based on traffic delay information acquired from the outside. (Step S303).

  If it is determined that the train operation is inhibited (Y in step S303), the level is set to the normal level (step S304), and the passage timing information of the scheduled travel route information is corrected by the delay time or is delayed in the subsequent comparison. Time is taken into consideration (step S305) (corresponding to the assumed case c in FIGS. 2 and 3).

  If it is determined that the train operation is not inhibited (N in Step S303), it is determined from the actual travel route information whether or not the residence time at one location exceeds a predetermined value (Step S306). If it is determined that the train operation is not restricted, it is determined that the train operation is not restricted at this time because the traffic delay information obtained from the outside has not been updated even if the train operation is actually restricted. Including cases where

  When it is determined that the residence time does not exceed the predetermined value (N in Step S306), the level is set to the caution level (Step S307) (corresponding to the assumed cases b and d in FIGS. 2 and 3).

  If it is determined that the residence time exceeds the predetermined value (Y in step S306), the level is set to a warning level (step S308) (corresponding to the assumed case e in FIGS. 2 and 3).

  When it is determined that the latest movement route does not match and the passage timing matches (movement route of step S301: x timing: ◯), the level is set to a caution level (step S309) (assumed case of FIGS. 2 and 3) corresponding to f).

  If it is determined that the most recent movement route does not match and the passage timing does not match (movement route in step S301: x timing: x), it is determined whether or not it is a warning level (step S310).

  If it is determined that the warning level is not reached (N in step S310), it is determined whether the detour boarding or erroneous boarding / overriding is resolved (step S311). Detour boarding is determined based on detour route information. Elimination / overriding is determined from the return of the travel route in the reverse direction.

  If it is determined that the boarding is a detour (the detour boarding in step S311), the scheduled travel route information is reset in response to the detour route (step S312), and the level is set to the normal level (step S313) (FIG. 2). , Corresponding to the assumed case h in FIG. 3).

  If it is determined that the erroneous boarding / override is resolved (step S311: erroneous boarding / overriding is resolved), the travel route and the passage timing are corrected (step S314), and the level is set to the normal level (step S315).

  If it is determined that it is not a detour or erroneous boarding / overriding cancellation (N in step S311), it is determined from the actual travel route information whether or not the residence time at one point in time exceeds a predetermined value (step S316). ).

  When it is determined that the residence time does not exceed the predetermined value (N in step S316), the level is set to the caution level (step S317) (corresponding to the assumed cases g, i, and j in FIGS. 2 and 3).

  When it is determined that the residence time exceeds the predetermined value (Y in step S316), or when it is determined that the staying level is a warning level (Y in step S310), the information device 1 is in the safety area based on the safety area information. (Step S318).

  If it is determined that it exists in the safety area (Y in step S318), the level is set to a warning level (step S319) (corresponding to the assumed case 1 in FIGS. 2 and 3).

  If it is determined that it does not exist in the safe area (N in Step S318), it is determined whether or not correction has been made after contacting the taker's mobile phone or the like (Step S320).

  If it is determined that correction has been made (N in step S320), the level is set to a caution level (step S321).

  If it is determined that correction has not been made (Y in step S320), the level is set to a warning level (step S322) (corresponding to the assumed case k in FIGS. 2 and 3).

  Although not shown in the flow, according to the level set by the above processing, the access control application unit 127 waits for an instruction from the access control instruction unit 37 in the case of FIG. Access control is performed according to the information category.

  Further, when the warning level lasts for a predetermined time, the data level is automatically shifted to the warning level, and when the warning level lasts for the predetermined time, the data erasure unit 128 erases the data.

  Further, when the take-out person of the information device 1 performs a predetermined operation or when the administrator of the management device 3 performs the predetermined operation, the level of the information device 1 is returned to the normal level, The take-out control can be reset and a new take-out control can be started.

  Further, it is possible to determine whether or not the current movement is properly performed by referring to the past actual movement route information using the log information (FIG. 7). For example, when there is no train accident or the like, and the route and required time are significantly different when going to the same business trip destination, there is a possibility that a detour is made on the way. Depending on the security level of the information asset to be taken out, it may be necessary to change the level of the information device 1 at the detour stage.

  In addition, when carrying-out control is performed by the management device 3 (FIG. 6), if the take-out is notified of theft or if the take-out of the take-out is found out, it is forcibly shifted to the warning level. Can do.

<Specific example 1>
It is assumed that the taker of the information device 1 stops by a toilet installed at a station on the way during a business trip. Although it is on the planned route (on the premises of the station), the passage timing is delayed more than expected and the residence time in one place also occurs, so “movement route: ○ timing: ×” in step S301 in FIG. It is judged.

  Next, in step S303, it is determined whether or not the train operation is inhibited, but it is determined that the train operation is not inhibited because the toilet is stopped.

  Next, in step S306, it is determined whether or not the residence time in one place exceeds a predetermined value, but it is determined that the toilet has stopped by and the predetermined value has not been exceeded.

  In this case, even if it is just a drop-in of the toilet and it is not staying for a long time, it is out of schedule and the security risk increases, so in step S307, the information device 1 is shifted to the “attention level” (FIG. 2, (Corresponding to the assumed case b in FIG. 3). This prohibits access to information other than general information in the information device 1 (attention level during movement in FIG. 4).

  Next, the taker stops at the toilet and then moves to the home to get on the train on the planned route. However, if the taker leaves the information device 1 in the toilet, the security risk increases. In this case, the residence time at one place exceeds a predetermined value, and after going through step S301 → step S303 → step S306, the transition is made to “warning level” in step S308 (corresponding to the assumed case e in FIGS. 2 and 3). ). As a result, writing other than general information in the information device 1 is prohibited (warning level during movement in FIG. 4).

  Thereafter, it is assumed that a bona fide third party or a cleaning staff discovers and secures the information device 1. In this case, the forgotten items are generally transported to a safe place (forgotten items, police station, etc.).

  In this case, since it deviates from the scheduled route and the passage timing is also delayed, it is determined as “movement route: x timing: x” in step S301.

  Next, in step S310, it is determined whether or not it is a warning level, it is determined that it is a warning level, and in step S318, it is determined whether or not the information device 1 exists in the safety area.

  If the information device 1 has not been brought into the safety area at this time, it is determined whether or not correction has been made after contacting the taker's mobile phone in step S320, and it has not been corrected. Since the movement of the information device 1 by a person other than the taker is suspected and the security risk increases, the state is shifted to the “warning level” in step S322 (corresponding to the assumed case k in FIGS. 2 and 3). Thereby, access to all information in the information device 1 is prohibited (warning level during movement in FIG. 4).

  Further, when a predetermined time elapses without being transported to a public and safe place in this state, data erasure of the information device 1 is executed. That is, when the movement is stopped outside the public place, the movement for the escape of the theft is lost, the unauthorized access to the information device 1 is attempted, and data is illegally acquired from the information device 1. It is determined that there is a high possibility that an illegal act has been attempted, and data of the information device 1 is erased after a predetermined time has elapsed.

  Also, if the information device 1 is transported to a staff member by a bona fide third party and transferred to a staff member and stored in a public and safe place by the staff member, the security risk is reduced, and the “warning level” in step S319. Transition to. When the alert level is reached, data erasure is avoided (corresponding to the assumed case 1 in FIGS. 2 and 3). In this case, the data is erased from the information device 1 and then the data is not erased at the “warning level” and is at the “warning level” in view of the balance between the trouble of recovery work after that and the risk of information leakage. Sometimes data is erased after a predetermined time.

  Further, when the taker himself / herself collects the stored information device 1, the security risk is lowered, so that a predetermined operation is performed to shift to the “attention level”.

  Furthermore, in a public and safe place, the take-out person confirms that there is no security problem (problems such as information leakage or falsification) in the misplaced information device 1, and the procedure according to the export procedure is performed. , Security risk is reduced and transitioned to “normal level”. The risk that has occurred due to misplacement is initialized, and a new application for taking out the information device 1 from the point where the information device 1 is collected to the business trip destination is performed. If you have anxiety, you may return to the office. At this time, the system control is under the circumstances of returning from a public and safe place to the office. However, a user who has caused this situation multiple times will need a penalty for security operations, such as staying at the “attention level” outside the office for a while.

  In addition, security risk increases if it is left in a public and safe place for a certain period of time, and the security risk increases. Therefore, it automatically shifts from the “warning level” to the “warning level”, and then no measures are taken. Data erasure is executed when a predetermined time elapses without being taken.

<Specific example 2>
When the taker of the information device 1 gets on the train from the station and gets on the down train, if the rider accidentally gets on the up train, the passing timing is different, not the planned route, In step S301 of FIG. 9, it is determined that “movement route: x timing: x”.

  Next, it is determined whether or not it is a detour boarding in step S311, but since it cannot be determined whether this place is a detour boarding or wrong boarding, it is subsequently determined in step S316 whether or not the residence time exceeds a predetermined value. Is done.

  In this case, the dwell time does not exceed the predetermined value because it is moving, but the route is wrong and the security risk increases, so that the transition is made to “attention level” in step S317 (FIGS. 2 and 3). Corresponding to assumed cases g and i). It should be noted that, from the viewpoint of security control, the security risk can be determined to be the same and the state of the information device 1 is also the same “attention level”. I think there is no difference in security.

  Also, if it is determined in step S311 that the vehicle is a detour ride toward the destination as viewed from the travel route, the planned travel route information is reset in step S312 corresponding to the detour route, and the level is set to “normal level” in step S313. (Corresponding to the assumed case h in FIGS. 2 and 3).

  In addition, if the taker notices that he / she got on the wrong board and turned back halfway, the security risk will be reduced if it is determined that the wrong boarding will be resolved at step S311 when returning to the originally planned route. In step S314, the movement error is reset, and in step S315, a transition is made to the “normal level”. The same applies when the overpass (corresponding to the assumed case j in FIGS. 2 and 3) is resolved.

<Specific example 3>
If the trainer of the information device 1 gets on the scheduled train according to the planned route and the train stops halfway along with the train, the route is normal, but only the time has passed. Therefore, it is determined as “movement route: ○ timing: x” in step S301 of FIG.

  Next, it is determined whether or not the train operation is inhibited in step S303, but if it is determined that the train operation is inhibited based on the traffic delay information, the security level does not change, so that the “normal level” remains in step S304. (Corresponding to the assumed case c in FIGS. 2 and 3).

  After restarting the operation, only the time is delayed, but after starting operation at the normal table speed, it is considered that the normal state has been restored. Do not consider it as a criterion for judgment.

<Specific Example 4>
If the taker of the information device 1 is on a planned route, but takes a different type of train instead of the planned train (for example, the train stops at each station, but does not stop at the destination) When the train is on an express train), the route is normal, but the passage timing is different, so it is determined as “movement route: ○ timing: x” in step S301 in FIG.

  In this case, since there is a high possibility of getting over due to boarding different train types on the same route, the risk increases, and the state is shifted to the “attention level” in step S307 (to the assumed case d in FIGS. 2 and 3). Correspondence).

  When the taker notices on the way, gets off at the express stop station before passing the planned stop station, and changes to the subsequent stop at each station stop, the “travel route: ○ in step S301 in FIG. Timing is determined as “◯”, and the process returns to “normal level” in step S302.

  In the case of overpassing or erroneous boarding, the possibility of an error may be automatically notified to the taker's mobile phone or the like. In this case, even if there is a notification of communication, if the taker is left without noticing the notification, the assumed security risk increases, so from the viewpoint of avoiding an information leakage crisis, the information device 1 It is also necessary to raise the level.

<Specific Example 5>
When the take-out person of the information device 1 moves through another route having the same required time, the route is not normal, but the passage timing is normal, so the “movement route: × Timing: ○ ”is determined. In this case, since the planned route has been deviated, transition to the “attention level” is made in step S309 (corresponding to the assumed case f in FIGS. 2 and 3).

<Summary>
As described above, according to the present embodiment, it is possible to appropriately control the risk of the information device against unexpected behaviors in various cases. In particular, appropriate usage restrictions can be applied to information devices even on an assumed movement route.

  The unexpected behavior monitoring unit 125 is an example of an evaluation unit. The access control application unit 127 is an example of a usage restriction application unit.

  In the above, it demonstrated by preferred embodiment. While specific embodiments have been illustrated and described herein, it will be apparent that various modifications and changes may be made thereto without departing from the broad spirit and scope as defined in the claims. . That is, it should not be construed as being limited by the details of the specific examples and the accompanying drawings.

Regarding the above description, the following items are further disclosed.
(Supplementary note 1)
Evaluating the degree of divergence between the position of the information device sequentially acquired from the information device and the movement schedule including the movement route of the information device stored in association with the information device;
Applying a usage restriction at a level corresponding to the degree of divergence to the information device,
A control program characterized by causing a process to be executed.
(Appendix 2) In the control program described in Appendix 1,
The process to evaluate is to calculate the residence time in one place from the position and time passage of the information equipment sequentially obtained from the information equipment, and to perform evaluation subdivision according to the length of the residence time,
A control program characterized by that.
(Supplementary note 3) In the control program according to any one of supplementary notes 1 or 2,
The evaluation process refers to traffic delay information, and if a delay has occurred in the moving means, the delay of the movement schedule is corrected and evaluated.
A control program characterized by that.
(Supplementary note 4) In the control program according to any one of supplementary notes 1 to 3,
When the process to evaluate is determined to be a detour boarding from the position and time of the information devices sequentially acquired from the information device, the travel route after the detour is reset in the travel schedule,
A control program characterized by that.
(Supplementary Note 5) In the control program according to any one of Supplementary Notes 1 to 4,
The process of evaluating reduces the level when it is determined that the information device is present in a safe area from the position of the information device sequentially acquired from the information device.
A control program characterized by that.
(Supplementary note 6) In the control program according to any one of supplementary notes 1 to 5,
On the computer,
If there is a possibility that the information device has been stolen, contact the information device taker for correction.
A control program characterized by causing a process to be executed.
(Appendix 7) Evaluation means for evaluating the degree of deviation between the position of the information device sequentially acquired from the information device and the movement schedule including the movement route of the information device stored in association with the information device;
Usage restriction applying means for applying a usage restriction at a level corresponding to the degree of divergence to the information device;
An information device comprising:
(Appendix 8) In the information equipment described in Appendix 7,
The evaluation means calculates the residence time in one place from the position and time passage of the information equipment sequentially acquired from the information equipment, and performs evaluation subdivision according to the length of the residence time,
Information equipment characterized by that.
(Supplementary note 9) In the information device according to any one of supplementary note 7 or 8,
The evaluation means refers to the traffic delay information, and if the movement means has a delay, corrects and evaluates the delay of the movement schedule,
Information equipment characterized by that.
(Supplementary note 10) In the information device according to any one of supplementary notes 7 to 9,
The evaluation means resets the travel route after detouring to the travel schedule when it is determined that the boarding is a detour boarding from the position and time passage of the information device sequentially acquired from the information device,
Information equipment characterized by that.
(Supplementary Note 11) In the information device according to any one of Supplementary Notes 7 to 10,
The evaluation means reduces the level when it is determined that the information device is present in a safe area from the position of the information device sequentially acquired from the information device.
Information equipment characterized by that.
(Supplementary Note 12) In the information device according to any one of Supplementary Notes 7 to 11,
When there is a possibility that the information device has been stolen, a contact means for contacting the take-out person of the information device for correction;
An information device comprising:
(Supplementary note 13) The control unit of the information device
Evaluating the degree of divergence between the position of the information device sequentially acquired from the information device and the movement schedule including the movement route of the information device stored in association with the information device;
Applying a usage restriction at a level corresponding to the degree of divergence to the information device,
A control method characterized by that.
(Supplementary note 14) In the control method according to supplementary note 13,
The process to evaluate is to calculate the residence time in one place from the position and time passage of the information equipment sequentially obtained from the information equipment, and to perform evaluation subdivision according to the length of the residence time,
A control method characterized by that.
(Supplementary note 15) In the control method according to any one of Supplementary note 13 or 14,
The evaluation process refers to traffic delay information, and if a delay has occurred in the moving means, the delay of the movement schedule is corrected and evaluated.
A control method characterized by that.
(Supplementary Note 16) In the control method according to any one of Supplementary Notes 13 to 15,
When the process to evaluate is determined to be a detour boarding from the position and time of the information devices sequentially acquired from the information device, the travel route after the detour is reset in the travel schedule,
A control method characterized by that.
(Supplementary note 17) In the control method according to any one of supplementary notes 13 to 16,
The process of evaluating reduces the level when it is determined that the information device is present in a safe area from the position of the information device sequentially acquired from the information device.
A control method characterized by that.
(Supplementary note 18) In the control method according to any one of supplementary notes 13 to 17,
If there is a possibility that the information device has been stolen, contact the information device taker for correction.
A control method characterized by that.
(Supplementary note 19) Evaluation means for evaluating the degree of divergence between the position of the information device sequentially acquired from the information device and the movement schedule including the movement route of the information device stored in association with the information device;
Usage restriction applying means for applying a usage restriction at a level corresponding to the degree of divergence to the information device;
A control system comprising:
(Supplementary note 20) In the control system according to supplementary note 19,
The evaluation means calculates the residence time in one place from the position and time passage of the information equipment sequentially acquired from the information equipment, and performs evaluation subdivision according to the length of the residence time,
A control system characterized by that.
(Supplementary note 21) In the control system according to any one of supplementary notes 19 and 20,
The evaluation means refers to the traffic delay information, and if the movement means has a delay, corrects and evaluates the delay of the movement schedule,
A control system characterized by that.
(Supplementary note 22) In the control system according to any one of supplementary notes 19 to 21,
The evaluation means resets the travel route after detouring to the travel schedule when it is determined that the boarding is a detour boarding from the position and time passage of the information device sequentially acquired from the information device,
A control system characterized by that.
(Supplementary note 23) In the control system according to any one of supplementary notes 19 to 22,
The evaluation means reduces the level when it is determined that the information device is present in a safe area from the position of the information device sequentially acquired from the information device.
A control system characterized by that.
(Supplementary Note 24) In the control system according to any one of Supplementary Notes 19 to 23,
When there is a possibility that the information device has been stolen, a contact means for contacting the take-out person of the information device for correction;
A control system comprising:

DESCRIPTION OF SYMBOLS 1 Information apparatus 11 General function part 12 Carry-out control part 120 Carry-out setting part 121 Carry-out control start / end control part 122 Position information acquisition part 123 External information acquisition part 124 Moving means determination part 125 Unexpected behavior monitoring part 126 Mobile communication Unit 127 Access control application unit 128 Data erasure unit 129 Log acquisition / accumulation unit 2 Network 3 Management device 30 Export setting unit 32 Location information reception unit 33 External information acquisition unit 34 Moving means determination unit 35 Unexpected behavior monitoring unit 36 Mobile communication Section 37 Access control instruction section 38 Data erasure instruction section 39 Log acquisition / accumulation section 4 Information equipment

Claims (6)

Obtaining location information of the information processing terminal from the information processing terminal;
And causing the computer to execute processing for controlling use of the application in the information processing terminal based on the acquired position of the information processing terminal and access restriction of the application associated with the position stored in the storage unit. Control program.   When controlling the use of the application, in addition to the access restriction of the application associated with the location, the computer performs a process of controlling based on the access restriction of the application associated with the time zone using the information processing terminal. The control program according to claim 1, wherein the control program is executed.   When controlling the use of the application, in addition to restricting access to the application associated with the position, causing the computer to execute a process of controlling according to a network communication speed in a place where the information processing terminal is used. The control program according to claim 1 or 2, characterized in that On the computer,
Based on the position of the information device sequentially acquired from the information device, the travel route including the transit point selected by the route search to the destination of the information device stored in association with the information device and the travel route Evaluate the degree of deviation from the movement schedule including the passage timing in
Applying a usage restriction associated with each of a plurality of levels according to the degree of deviation to the information device,
A control program characterized by causing a process to be executed.   The control program according to claim 4, wherein the use restriction associated with each of the plurality of levels includes a data reference restriction and a data writing restriction.   6. The control program according to claim 4, further comprising access restriction of an application associated with each of the plurality of levels.

Images