JP4840169B2 - Information terminal and function restriction method - Google Patents

Description

  The present invention relates to an information terminal, a key device, a function restriction method, and a program for improving a security level in an information terminal such as a mobile phone.

  In order to improve the security level of an information terminal such as a mobile phone, there is a technology for limiting the function of the mobile phone when the user leaves the mobile phone. As a conventional configuration of this technique, a configuration as in Patent Document 1 is common. A schematic configuration of Patent Document 1 is shown in FIG.

  The system in FIG. 7 includes a mobile phone 100 and an identification signal transmission unit 102 (key device). The mobile phone 100 includes a use restriction unit 101. The identification signal transmission unit 102 is always carried by the user. In this system, the use of the mobile phone 100 is restricted when the distance from the mobile phone 100 to the user is a predetermined value or more. This is a function that prevents unauthorized use when a mobile phone is misplaced or stolen.

Specifically, the identification signal transmission unit 102 periodically wirelessly transmits the identification code with a constant strength. The use restriction unit 101 in the mobile phone 100 receives the identification code and performs authentication. When the authentication is successful, the use restriction unit 101 determines whether or not the reception level (electric field strength) of the identification code is larger than a predetermined value, and if it is smaller than the predetermined value, the mobile phone 100 and the user (identification signal transmission unit) 102) is determined to be more than a predetermined distance, and the use of the mobile phone 100 is restricted.
Japanese Patent Laid-Open No. 11-88499

  However, in the above-described conventional configuration, since the mobile phone can communicate with only one identification signal transmission unit 102 (key device), when the mobile phone leaves the “one user”, such as when the mobile phone is misplaced or stolen. It was available only for use restrictions.

  For example, for a child's mobile phone use, in a conventional configuration, the child and the parent each have a key device, and the child can access the Internet from the mobile phone only when the parent is near the child. There wasn't.

  Conventionally, the mobile phone and the key device often perform synchronous communication that synchronizes the timing of transmission and reception of a wireless message. In order to match the timing, the accuracy of the clock that generates the timing becomes an issue.

  In this case, in order to correct a subtle error between both clocks, the information terminal side is adjusted to the clock of the identification signal transmission unit 102 (key device) (this subtle error is caused by variations in crystal oscillators that generate clocks, Due to temperature etc.).

  However, when the information terminal communicates with a plurality of key devices, the conventional method has a problem that the clock correction of the information terminal is required for each key device, and the processing becomes complicated.

In order to solve the conventional problems, in the present invention, in an information terminal that performs authentication communication by radio signals with a plurality of key devices and restricts its function according to the authentication result, An arbitrary one of them as a personal key device, a personal key ID storage unit for storing the ID, and a master key ID storage unit for storing IDs of at least one key device other than the personal key device; A synchronous communication unit that authenticates the key device for personal use by synchronous communication with a radio signal, and a radio signal for at least one of the key devices having an ID stored in the master key ID storage unit An asynchronous communication unit that performs authentication by asynchronous communication at the same time, and a function restriction unit that restricts the function of the information terminal according to an authentication result of at least one of the synchronous communication unit and the asynchronous communication unit; Provided. Thereby, the function limitation according to the authentication result with a some key apparatus can be performed.

  By using the information terminal, the key device, the function restriction method and the program of the present invention, in addition to the function restriction of the information terminal at the time of conventional theft or misplacement, only when the authentication with a plurality of key devices is successful, the telephone call or the Internet access New functions can be restricted so that other functions can be used.

  In addition, the use of asynchronous communication eliminates the need for synchronization timing correction processing except for the key device for the user, so that the processing is simpler than performing synchronous communication with all key devices. There is also.

  A first invention is an information terminal that performs authentication communication by radio signals with a plurality of key devices and restricts its function according to the authentication result. As a key device, a personal key ID storage unit that stores the ID, a master key ID storage unit that stores an ID of at least one key device other than the personal key device, and the personal key device Authentication is performed by asynchronous communication using a wireless signal to a synchronous communication unit that performs authentication using synchronous communication using a wireless signal and at least one or more of the key devices having IDs stored in the master key ID storage unit. An information terminal comprising: an asynchronous communication unit; and a function restriction unit that restricts a function of the information terminal according to an authentication result of at least one of the synchronous communication unit and the asynchronous communication unit.

  Accordingly, authentication communication can be performed not only with one personal key device but also with a plurality of master key devices, and as a result, the security level of the information terminal is improved.

  According to a second invention, in the first invention, the information terminal is configured such that the authentication result in the synchronous communication unit and the authentication result for each key device in the asynchronous communication unit, and the restriction content implemented in the function restriction unit And a restriction content setting unit that stores a restriction rule that associates with the restriction content, and the function restriction unit restricts the function of the information terminal based on the restriction rule stored in the restriction content setting unit.

  As a result, it is possible to restrict functions by combining authentication results for a plurality of key devices, and various types of function restrictions are possible.

  According to a third aspect, in the first aspect, the information terminal includes a browser unit that communicates with a device on a communication line to provide an information service to a user. The function restriction unit includes the synchronous communication unit and the synchronous communication unit. The content filter function is applied to or released from the information service in the browser unit according to the authentication result of at least one of the asynchronous communication units.

  Thus, for example, in the case of using a child's information terminal (mobile phone), the parent is near the child by setting the key device possessed by the child as the key device for the person and the key device possessed by the parent as the master key device. It is possible to cancel the content filter function (a function that prohibits access to a site harmful to children) only when it is.

  According to a fourth invention, in the first or second invention, the information terminal communicates with a device on a communication line to provide an information service to a user, and authentication in the synchronous communication unit An authentication result communication unit that transmits a result and an authentication result for each key device in the asynchronous communication unit to at least one of the carrier, ISP, and the device of the communication line using the communication line, and the authentication Depending on the result, at least one of the carrier, ISP, and device restricts communication to the browser unit.

  Thus, even when the information terminal provides the user with an information communication service using a communication line such as the Internet, the authentication result with the key device can be transmitted to the carrier, ISP, and server. Similarly, the function can be limited.

  A fifth aspect of the invention is a key-side synchronous communication unit that transmits / receives authentication information to / from any one of information terminals by wireless synchronous communication, and transmits / receives authentication information to / from at least one information terminal by wireless asynchronous communication. A key-side asynchronous communication unit that performs the reception, and the key-side synchronous communication unit and the key-side asynchronous communication unit intermittently wait for reception at predetermined intervals.

  As a result, the key device can cope with both synchronous communication and asynchronous communication from the information terminal, and can further reduce power consumption by performing an intermittent operation.

  According to a sixth aspect of the present invention, there is provided a function restriction method for a system that performs authentication communication by radio signals between an information terminal and a plurality of key devices and restricts the function of the information terminal according to the authentication result. Authenticating an arbitrary personal key device by synchronous communication with a radio signal, and authenticating at least one key device other than the personal key device by asynchronous communication by a radio signal And a step of limiting the function of the information terminal according to the authentication result of at least one of the synchronous communication unit and the asynchronous communication unit.

  By this method, authentication communication can be performed with a plurality of key devices, and the security level of the information terminal can be increased.

  A seventh invention is a program for causing a computer to realize at least a part of the information terminal according to any one of the first to fourth inventions. Since it is a program, some or all of the functions of the present invention can be easily realized by using hardware resources such as electric / information equipment and a computer in cooperation. Also, program distribution and installation can be simplified by recording on a recording medium or distributing a program using a communication line.

  An eighth invention is a program for causing a computer to realize at least a part of the key device according to the fifth invention. Since it is a program, some or all of the functions of the present invention can be easily realized by using hardware resources such as electric / information equipment and a computer in cooperation. Also, program distribution and installation can be simplified by recording on a recording medium or distributing a program using a communication line.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Note that the present invention is not limited to the present embodiment.

(Embodiment 1)
FIG. 1 is a diagram showing an outline of a system configuration in an embodiment of the present invention. The present invention is roughly composed of an information terminal 1 and a key device 2.

  The information terminal 1 is assumed to be a mobile phone, but may be a smartphone, a PDA (Personal Digital Assistant), a portable personal computer, or the like. The information terminal 1 performs authentication processing by wireless communication with a plurality of key devices 2 and restricts its function according to the success or failure of the authentication.

  The key device 2 is divided into two types according to the registration setting in the information terminal 1. One is a personal key device, and the other is a master key device. Both have the same function and configuration, but their roles differ depending on how they are registered and set in the information terminal 1.

  The information terminal 1 can register one personal key device. In FIG. 1, the personal key device for the information terminal 1- (1) is the key device 2- (1), and the personal key device for the information terminal 1- (2) is the key device 2- (2). There is a one-to-one correspondence between the information terminal 1 and the personal key device. The information terminal 1 performs an authentication process by wireless synchronous communication with the personal key device, and restricts the function of the information terminal 1 when the personal key device is separated by a predetermined distance or more.

  The key device 2- (2) and key device 2- (3) in FIG. 1 are registered as master key devices with respect to the information terminal 1- (1). In the present invention, the information terminal 1 performs authentication by wireless communication with a plurality of master key devices other than the personal key device, and restricts the function of the information terminal 1 based on the result.

  The master key device may be a key device for another user's own person like the key device 2- (2) in FIG. 1, or may exist alone like the key device 2- (3).

  With this configuration, for example, the following (A) and (B) are possible.

  (A) When a child uses his / her mobile phone: The child has the key device 2 and registers it as a personal key device in the child's own information terminal 1 (mobile phone). Then, the personal key device registered in the parent's information terminal 1 (mobile phone) is registered as a master key device in the child's own information terminal 1 (mobile phone).

  By registering in this way, when both the parent key device 2 and the child key device 2 are close to the information terminal 1, that is, the parent is near the child and the child uses the information terminal 1 (mobile phone). Only when trying to do so, the function restriction of the information terminal 1 is released.

  This makes it possible for a child to access the Internet from a mobile phone only when the parent is near the child, or when the parent is near the child, the content filtering function in the Internet access (access to sites harmful to the child). New usage such as canceling prohibited functions) can be realized.

  In addition, as before, the function limitation when the personal key device is separated from the information terminal 1 can be performed at the same time. For example, when the child personal information terminal 1 (mobile phone) is stolen, the personal key device can be used. Since the distance between the device and the information terminal 1 is increased, the function of the information terminal 1 is limited.

  (B) When the user A browses the secret information of the user B via the Internet using the browser function of the information terminal 1: register the user's own key device 2 as the personal key device in the information terminal 1 of the user A; The key device 2 possessed by the user B is registered as a master key device. User B registers in advance an ID (for example, a telephone number) for identifying user A's information terminal 1 in a server containing secret information.

In this case, when the information terminal 1 of the user A starts access to the server in which the secret information of the user B is entered, the information terminal 1 determines that the authentication result of the personal key device and the master key device possessed by the user B As an authentication result, an ID for identifying the information terminal 1 is transmitted to the connection destination server.

  Thereby, access control to the secret information becomes possible on the connection destination server side, and the secret information can be transmitted to the browser of the information terminal 1 only when the authentication is successful.

  Therefore, only when the user A is near the user B, the secret information of the user B can be browsed. Also, when the information terminal 1 of the user A is stolen and cannot communicate with the personal key device, or when the user B is not nearby and the information terminal 1 cannot communicate with the master key device, the information is confidential information. Can be restricted.

  Next, detailed configurations of the information terminal 1 and the key device 2 that realize the above-described functions will be described with reference to FIGS.

  FIG. 2 shows a detailed configuration of the information terminal 1. As shown in the figure, the information terminal 1 is composed of the following functional blocks.

  (1-0) The user interface unit 10 that receives a display for the user and an input from the user. The user interface unit 18 includes a push button (including a keyboard and a numeric keypad) that receives an input from the user, a display device (such as a liquid crystal display and an LED) that performs display to the user, and a control device therefor.

  (1-1) A personal key ID storage unit 11 that stores the ID of the key device 2 to be registered as the personal key device. Only one ID can be registered in the personal key ID storage unit 11. The ID here is a unique code for uniquely identifying the key device 2.

  (1-2) A master key ID storage unit 12 that stores the ID of the key device 2 registered as a master key device. Here, the IDs of a plurality of key devices 2 other than the personal key device can be stored.

  (1-3) The synchronous communication part 13 which performs an authentication process by the key apparatus 2 with ID memorize | stored in the key ID memory | storage part 11 for principals, and the radio | wireless communication (wireless synchronous communication) which the timing of transmission and reception synchronized. Note that the synchronization communication unit 13 needs to accurately match the communication timing between the transmission side and the reception side, and thus performs processing (synchronization correction) for correcting the communication timing of the information terminal 1 according to the clock of the key device 2.

  (1-4) Asynchronous communication unit 14 that performs authentication processing by asynchronous wireless communication on the key device 2 having the ID stored in the master key ID storage unit 12.

  (1-5) The terminal-side wireless communication unit 15 that performs wireless communication with the key device 2. The terminal-side wireless communication unit 15 is an electronic circuit that transmits and receives wireless signals. The terminal-side wireless communication unit 15 transmits a message input from another functional block in the information terminal 1 to the key device 2 as a wireless signal, It has a function of receiving a radio signal and outputting it to other functional blocks. In this embodiment, communication is performed by specific low power radio. However, other radio such as radio using a weak radio wave or a wireless LAN may be used.

  (1-6) A call / application unit 16 having a voice call function, an e-mail function, a phone book function, a settlement function, etc., which are basic functions of a mobile phone. Note that the call / application unit 16 may include a game, an Internet browser function, a function of executing an application downloaded by communication, and the like.

  (1-7) When the user activates the function in the call / application unit 16, the restriction setting of the restriction content setting unit 18 is read, and the asynchronous communication unit 14 is activated as needed to start the authentication process. In addition, a function restriction unit 17 that restricts functions in the call / application unit 16 in accordance with the authentication results in the synchronous communication unit 13 and the asynchronous communication unit 14. Further, as described in the above example, the function restriction unit 17 may cancel / set the content filter function for Internet access according to the authentication result.

  (1-8) Restriction content setting unit 18 for a user to set in advance a restriction rule that defines a correspondence relationship to restrict which function in the call / application unit 16 based on an authentication result with which key device 2 .

  FIG. 3 shows a detailed configuration of the key device 2. As shown in FIG. 3, the key device 2 includes the following functional blocks.

  (2-0) The key-side wireless communication unit 20 that performs wireless communication with the information terminal 1. The configuration is the same as that of the terminal-side wireless communication unit 15, and communication is performed using, for example, specific low-power wireless.

  (2-1) A key-side synchronous communication unit 21 that transmits and receives authentication information by synchronous communication using a wireless signal with the synchronous communication unit 13 in the information terminal 1 using the key-side wireless communication unit 20. In addition, in order to perform synchronization correction in the synchronous communication processing unit 13, a function of transmitting a wireless message at a predetermined time interval before starting synchronous communication is provided. The synchronous communication processing unit 13 measures this time interval and detects a clock shift in the key device 2.

  (2-2) A key-side asynchronous communication unit 21 that uses the key-side wireless communication unit 20 to transmit / receive authentication information to and from the asynchronous communication unit 14 in the information terminal 1 by asynchronous communication using a wireless signal.

  (2-3) A key ID storage unit 23 that stores an ID for uniquely identifying the key device 2. This ID information is a unique and unique value for each key device 2 and does not need to be changed. Therefore, the key ID storage unit 23 may be composed of a ROM.

  An example of the operation of the present system configured as described above will be described with reference to FIGS.

  FIG. 4 is a flowchart showing an outline of a procedure in which the information terminal 1 performs the authentication process.

  First, before entering the operation of the flowchart of FIG. 4, it is necessary to carry out the following contents as pre-processing.

  (A) Personal key ID setting: It is necessary to input the ID of the key device 2 used as the personal key device using the user interface unit 10.

  (B) Master key ID setting: It is necessary to register using the user interface unit 10 in the same manner as the personal key ID. However, although there is one personal key ID, a plurality of master key IDs are registered as necessary. Although not described in the present embodiment, after inputting these IDs, it is possible to communicate with each key device 2 and register ID information for uniquely specifying the information terminal 1 in the key device 2. good.

  (C) Setting of restriction rule in restriction content setting unit 18: It is set which function of the call / application unit 16 is restricted by the authentication result with which key device 2.

For example, “function restriction of all functions of the call / application unit 16 → when authentication with the personal key device fails”, “browser content filter function → authentication with the personal key device, and master key ID storage unit 12 The relationship between the function of the information terminal 1 and the key device 2 to be authenticated is set, such as “cancel if both authentications with the master key device having the first stored ID are successful”.

  The control rule may be as follows.

  (1) For example, in an office mobile phone or the like, a master key device is installed in the office, and the control rule is “function restriction of call function included in the call / application unit 16 → authentication with the master key device installed in the office If “cancel when successful” is set, only the area where authentication communication with the master key device in the office can be performed is allowed, and for example, calling outside the office can be prohibited.

  (2) In addition, a master key device is installed in the classroom of the school, and the control rule is “restriction of mail function and game application function in the call / application unit 16 → authentication with the master key device installed in the classroom succeeded. If the function is restricted in some cases, inappropriate use of the mobile phone in the classroom can be restricted.

  In both cases (1) and (2), it is necessary to define the restriction / cancellation function and the ID of the master key device in the master key ID storage unit 12 to be authenticated by the restriction content setting unit 18. is there.

  After the above settings are made, the authentication communication process of FIG. 4 is performed. Hereinafter, it demonstrates in order for every step.

  (Step A1) First, in order to perform synchronous communication by the synchronous communication unit 13, the synchronous communication unit 13 of the information terminal 1 performs a process of synchronizing the synchronization timing with the personal key device.

  When the key device 2 is not in a mode for performing synchronous communication with the information terminal 1, the key device 2 repeatedly transmits a message at a predetermined time interval (T) from the key side synchronous communication unit 21 (in this wireless message, The ID stored in the key ID storage unit 23 is included). The synchronous communication unit 13 of the information terminal 1 receives the wireless message having the ID stored in the personal key ID storage unit 11 (that is, the wireless message transmitted from the personal key device) twice or more, and sets the reception interval. Measure and detect the clock deviation between the key device 2 and the information terminal 1 from the difference between the time interval (T) initially assumed on the information terminal 1 side and the actually measured time interval (T ′). Is reflected in the synchronous communication timing on the information terminal 1 side. After this timing correction, a wireless telegram for shifting to the synchronous communication mode from the information terminal 1 side is transmitted to the key device for personal use 2 to shift to the synchronous communication mode.

  Note that if this synchronization timing matching process is performed for a plurality of key devices 2, the clock shift differs for each key device 2, so that correction is required for each key device, and the processing becomes complicated. In the present invention, since this synchronous communication is limited to one personal key device, this processing is simplified.

  (Step A2) It is determined whether a predetermined time (T1 ') has elapsed since the previous synchronous communication timing. If the predetermined time has elapsed, the process proceeds to step A3, and if not, the process proceeds to step A4. In the case where there is no previous synchronous communication (first time), it is assumed that a predetermined time has elapsed. When the key device 2 shifts to the synchronous communication mode, it repeatedly transmits a wireless message for authentication at an interval of a predetermined time (T1). T1 ′ is a value in which the deviation is corrected in step A1 (for example, T1 ′ ← T1 × (T ′ ÷ T)).

(Step A3) The synchronous communication unit 13 of the information terminal 1 waits for reception for a predetermined time. If the wireless telegram transmitted from the key-side synchronous communication unit 21 in the personal key device can be received while waiting for reception, authentication processing is performed and a response is returned to the key device 2. In the authentication process, it is only necessary to confirm that the ID included in the received wireless electronic message is the same as that stored in the personal key ID storage unit 11, or another authentication method may be used.

  If the authentication by ID is successful and the electrolytic strength at the time of reception of this wireless message is equal to or greater than a predetermined value, it is assumed that the authentication is successful. If the IDs do not match, the electrolytic strength is smaller than a predetermined value, or if a message from the personal key device cannot be received within the reception waiting time, the authentication is considered to have failed. In this case, it is determined that the personal key device is separated from the information terminal 1 by a predetermined distance or more.

  The authentication result obtained by the synchronous communication unit 13 is output to the function restriction unit 17. The function restriction unit 17 restricts (stops) the function of the call / application unit 16 based on the restriction rule (correspondence between the function and the authentication result) set in the restriction content setting unit 18.

  An example of the synchronous communication here is shown in FIG.

  FIG. 5 shows that the information terminal 1 and the personal key device 2- (1) perform reception / transmission in synchronization with each other at a predetermined time interval T1 '(T1). Further, as shown in FIG. 5, the information terminal 1 does not always wait for reception from the personal key device. The reception is waited for a short time every predetermined time interval T1 ', and the other wireless communication is stopped. This is the same for the personal key device side, and wireless reception is performed only for a short time after transmitting the authentication information, and wireless communication is stopped for the others. With this method, power consumption as a system can be suppressed in synchronous communication.

  (Step A4) It is detected whether any function included in the communication / application unit 16 has received an activation instruction by a user operation. If an activation instruction has been received, the process proceeds to step A5. If not, the process returns to step A2, and the above-described synchronous communication is repeated.

  (Step A5) The call / application unit 16 inquires of the function restriction unit 17 whether the function designated by the user may be activated. The function restriction unit 17 acquires the authentication content (which key device 2 is required to be authenticated) corresponding to the function for which the activation instruction has been received from the user from the restriction content setting unit 18, and the asynchronous communication unit 14 as necessary. Start up.

  The asynchronous communication unit 14 acquires the ID for the master key device acquired by the function restriction unit 17 from the master key ID storage unit 12, and immediately transmits an authentication request to the master key device by a radio signal to perform a series of authentication processes. . As in step A3, the authentication result is output to the function restriction unit 17. If the required authentication communication is not successful, the function restriction unit 17 restricts (stops) the function of the call / application unit 16 that has detected activation in step A4.

  An example of the asynchronous communication here is shown in FIG. As shown in FIG. 5, when the user operates any of the functions of the call / application unit 16, the function restriction unit 17 uses the asynchronous communication unit 14 to set the master key set in the restriction content setting unit 18. Asynchronous communication is started for the device 2- (2).

The key side asynchronous communication unit 22 of the key device 2 periodically waits for reception in order to receive this asynchronous communication. The wireless message of the authentication processing request transmitted by the asynchronous communication unit 14 needs to be a sufficiently long wireless message so that it can be received by intermittent reception waiting in the key side asynchronous communication unit 22 of the key device 2. Yes (longer than the intermittent interval), for example, it is necessary to lengthen the message length by increasing the preamble length of the wireless message or repeatedly transmitting ID information continuously.

  If the timing of asynchronous communication and synchronous communication conflicts, priority is given to synchronous communication. Further, the frequency and channel of the radio signal may be set to different values in asynchronous communication and synchronous communication.

  When step A5 ends, the process returns to step A2 and repeats synchronous communication.

  Through the operations in steps A1 to A5 as described above, authentication processing can be performed on a plurality of key devices 2 using synchronous communication with the personal key device and asynchronous communication with the master key device.

  As a result, in addition to the conventional function restriction of the information terminal 1 in case of theft or misplacement, new function restriction is possible so that functions such as telephone calls and Internet access can be used only when authentication with a plurality of key devices is successful. become.

  In addition, by setting the relationship between the function of the information terminal 1 and the key device 2 to be authenticated by the restriction content setting unit 18, the user can set various restrictions.

  In addition, the use of asynchronous communication eliminates the need for synchronization timing correction processing except for the key device for personal use, so that the authentication processing is simpler than performing synchronous communication with all key devices. There is also.

  In the above-described embodiment, the authentication result information with the key device 2 is used only for the function restriction of the call / application unit 16, but may be transmitted to another using a communication line such as the Internet.

  An information terminal 1 such as a mobile phone can receive an information service linked to a server on the Internet. The restriction of the information service can be restricted based on the authentication result with the plurality of key devices 2. The configuration in this case is shown in FIG.

  6, in addition to the configuration of FIG. 2, the authentication result obtained by the function restriction unit 17 and information (telephone number, serial number, etc.) specifying the information terminal 1 are transmitted via a communication line such as the Internet. An authentication result communication unit 30 that transmits to at least one of a carrier, ISP, and a connection destination server, and a browser unit 31 that connects to the server via a communication line such as the Internet and receives an information service are added.

  The browser unit 31 provides various information services to the user by displaying HTML content / images acquired through communication with the server, executing script programs, and the like. Originally, the browser unit 31 can be considered to be included in the call / application unit 16, but here, the configuration is described independently for explanation.

  Using the configuration of FIG. 6, for example, when a child uses a mobile phone, the authentication results of both the child's key device 2 (personal key device) and the parent's key device 2 (master key device), The authentication result communication unit 30 can notify information specifying the information terminal 1 to the carrier or ISP.

  Mobile phone carriers and ISPs have content filtering functions that collect harmful site information and prevent users from accessing the site. The carrier or ISP can cancel or set the content filter function for the designated information terminal 1 according to the information transmitted from the authentication result communication unit 30 of the information terminal 1.

  In this case, if both the child and the parent key device 2 have been successfully authenticated, the content filter function is canceled, and the browser unit 31 in the information terminal 1 can be accessed to a harmful server. If is not successful, the content filtering feature can remain enabled.

  The same applies to the case where the content of a predetermined server is displayed on the browser unit 31. By transmitting the authentication information with the key device 2 and information specifying the information terminal 1 to the server, the information terminal 1 can be browsed. Whether it can be controlled on the server side.

  In these cases, the restriction content setting unit 18 needs to store the correspondence between the type of information service and the authentication content necessary to execute the information service. In addition, the carrier, ISP, and server are required to have a function of receiving authentication information from the information terminal 1 and restricting information services or changing settings.

  In this embodiment, the server has been described as an example. However, the present invention is not limited to the server, and any device capable of communication on a communication line may be used.

  Note that the means described in this embodiment causes hardware resources such as a CPU (or microcomputer), a RAM, a ROM, a storage / recording device, an electrical / information device including an I / O, a computer, a server, and the like to cooperate. You may implement with the form of a program. In the form of a program, new functions can be easily distributed / updated and installed by recording them on a recording medium such as magnetic media or optical media or distributing them via a communication line such as the Internet.

  As described above, in the present invention, when an information terminal such as a mobile phone performs authentication with a plurality of key devices, various functions can be restricted, and as a result, the security level can be improved. This can be applied not only to the mobile phone described in the embodiment but also to a smartphone, a PDA, a personal computer, and the like.

The figure which shows schematic structure of Embodiment 1 of this invention. Configuration diagram of information terminal 1 in Embodiment 1 of the present invention Configuration diagram of key device 2 in Embodiment 1 of the present invention Flowchart of authentication processing in Embodiment 1 of the present invention The figure explaining the communication timing in Embodiment 1 of this invention Configuration diagram when adding authentication result communication unit 30 to Embodiment 1 of the present invention Diagram showing conventional configuration

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information terminal 2 Key apparatus 10 User interface part 11 Personal key ID memory | storage part 12 Master key ID memory | storage part 13 Synchronous communication part 14 Asynchronous communication part 15 Terminal side radio | wireless communication part 16 Call / application part 17 Function restriction part 18 Restriction content setting 18 20 Key side wireless communication unit 21 Key side synchronous communication unit 22 Key side asynchronous communication unit 23 Key ID storage unit 30 Authentication result communication unit 31 Browser unit

Claims (5)

In an information terminal that performs authentication communication by radio signal with a plurality of key devices and restricts its function according to the authentication result,
An arbitrary one of the key devices as a personal key device, and a personal key ID storage unit for storing the ID;
A master key ID storage unit for storing IDs of at least one or more key devices other than the personal key device;
A synchronous communication unit that authenticates the key device for personal use by synchronous communication with a radio signal;
An asynchronous communication unit that starts authentication by asynchronous communication with a radio signal for at least one of the key devices having an ID stored in the master key ID storage unit when a call or an application is activated ; ,
An information terminal comprising: a function restriction unit that restricts a function of the information terminal when authentication of both the synchronous communication unit and the asynchronous communication unit is not successful when the asynchronous communication unit starts authentication . The information terminal is configured to store a restriction rule for associating an authentication result in the synchronous communication unit and an authentication result for each key device in the asynchronous communication unit with restriction contents implemented in the function restriction unit. The information terminal according to claim 1, further comprising a content setting unit, wherein the function restriction unit restricts the function of the information terminal based on a restriction rule stored in the restriction content setting unit. The information terminal includes a browser unit that communicates with a device on a communication line and provides an information service to a user.
The information terminal according to claim 1, wherein the function restriction unit applies or cancels a content filter function to an information service in the browser unit when authentication of both the synchronous communication unit and the asynchronous communication unit is not successful. . The information terminal
A browser unit that communicates with devices on a communication line to provide information services to users;
An authentication result communication unit that transmits an authentication result in the synchronous communication unit and an authentication result for each key device in the asynchronous communication unit to at least one of the carrier, ISP, and device of the communication line using the communication line. And comprising
The information terminal according to claim 1, wherein at least one of the carrier, ISP, and device restricts communication to the browser unit when all of the authentication results are not successful . In the function restriction method of the system that performs authentication communication by radio signal between the information terminal and the plurality of key devices, and restricts the function of the information terminal according to the authentication result,
Performing authentication by synchronous communication with a radio signal with respect to an arbitrary personal key device among the key devices;
Authenticating at least one key device other than the personal key device by asynchronous communication with a radio signal when a call or an application is activated ; and
A function restriction method comprising: restricting the function of the information terminal when authentication of both the synchronous communication unit and the asynchronous communication unit is not successful when authentication is started by the asynchronous communication.

Images