JP5572573B2 - Mobile terminal, program, and communication system - Google Patents

Description

  The present invention relates to a mobile terminal and a communication system that manage applications based on a white list including information on trusted applications. The present invention also relates to a program for causing a computer to function as the portable terminal.

  In recent years, mobile terminals such as smartphones that realize high functions close to PCs (Personal Computers) are becoming popular. In addition, mobile terminals such as smartphones adopt an OS (Operating System) such as Android (registered trademark), and have specifications that allow applications to be developed on an open platform. Many applications that run on the OS for mobile devices are published on the Internet marketplace, and users of mobile devices can freely select the required applications and install them on the mobile devices. is there.

  In the marketplace, many malicious applications (malware) that perform information leakage and terminal attacks are disclosed, and there is a possibility that the user may unintentionally be damaged by installing the malicious application. As described above, it is easy to select a required application from various applications and implement it on a mobile terminal. Therefore, from the viewpoint of safety, each mobile terminal that has only required applications for each organization such as a corporation is installed. Services provided to members of the organization are expected.

  On the other hand, anti-malware software for mobile terminals has been released to stop the damage caused by malware. Many anti-malware software adopts a black list method for detecting malware by comparing a behavior pattern of malware detected in advance with a behavior pattern of an application. However, it is necessary to frequently update the black list that is a list of malware behavior patterns detected in advance, and it is difficult to update the black list by verifying all of the applications that are released one after another.

  On the other hand, there is white list type anti-malware software that prohibits activation of applications other than those registered in the white list, which is a list of trusted applications (see Non-Patent Document 1, for example). As mentioned above, it is difficult to update the black list so that it corresponds to all published applications. Therefore, the black list method can be used only for limited applications. The white list method is more effective than the white list method.

Yoshifumi Satoshi, “H2soft Application Control”, Security Software Employing White List Method, [online], May 18, 2006, [Search February 21, 2010], Internet <http: //japan.zdnet .com / news / sec / story / 0,2000056194,20115887,00.htm>

  The existing white list method is used for PC applications, and the name of an application and an electronic signature are used as information to be registered in the white list. For applications for mobile devices, it is easy to misrepresent the name of the application or give an electronic signature. Therefore, in order to prevent damage caused by malware, it is necessary to manage other information as well. . When an application for a mobile terminal is installed, the user can check attribute information such as the permission of the application before installation. However, when the application is upgraded, the user It is a specification that can not know the permission and improved code of, and there is a problem that overlooks the application that mutates to malware during the version upgrade.

  This invention is made | formed in view of the subject mentioned above, Comprising: It aims at providing the portable terminal, program, and communication system which can remove malware more effectively.

  The present invention has been made to solve the above problem, and includes first name information indicating a name of a trusted application, first version information indicating a version of the trusted application, and the trust. A white list including first public key information indicating a public key of a developer of the installed application, a storage unit storing a file including a program of the installed application, and the storage unit From the installation execution unit for installing the program, the application installed in the storage unit, second name information indicating the name of the application, second version information indicating the version of the application, and development of the application Second to show the public key Public key information is acquired, the first name information and the second name information, the first version information and the second version information, the first public key information and the second public key. An erasure unit that compares three sets of information, and erases a program of the application related to the comparison from the storage unit when at least one set of information does not match, Mobile terminal.

  In the mobile terminal of the present invention, the first public key information and the second public key information are information obtained by hashing the developer public key.

  In the portable terminal of the present invention, the installation execution unit outputs end information notifying the end of the installation at a timing when the installation of the application program is ended, and the erasing unit detects the end information. The comparison is performed at the same timing.

  In the mobile terminal of the present invention, the white list further includes area information indicating a storage area of the storage unit in which the program of the trusted application is installed, and the erasing unit is indicated by the area information. An application installed in an area other than the area is the comparison target.

  Moreover, this invention is a program for functioning a computer as said portable terminal.

  The present invention is also a communication system including a mobile terminal and a server, wherein the mobile terminal includes first name information indicating a name of a trusted application, and a first name indicating a version of the trusted application. A first communication unit that receives, from the server, a white list that includes version information and first public key information indicating a public key of the developer of the trusted application, and stores the received white list And a first storage unit that stores a file including the installed application program, an installation execution unit that installs the application program in the first storage unit, and an installation program installed in the first storage unit. Second name indicating the name of the application Information, second version information indicating the version of the application, and second public key information indicating the public key of the developer of the application, and obtaining the first name information and the second name information. The three versions of the first version information and the second version information, the first public key information and the second public key information are compared, and at least one set of information does not match. A deletion unit that deletes the program of the application related to the comparison from the first storage unit, and the server stores a second storage unit that stores the white list, and the white list. And a second communication unit that transmits to the portable terminal.

  In the communication system of the present invention, the first communication unit further periodically transmits the whitelist acquisition request to the server, and the server further monitors the acquisition request from the portable terminal. A warning unit that generates warning information when the acquisition request is not received within a predetermined time since the acquisition request was last received, and the second communication unit acquires the acquisition from the portable terminal. When the request is received, the white list is transmitted to the portable terminal.

  ADVANTAGE OF THE INVENTION According to this invention, malware can be removed more effectively by employ | adopting the white list system using the application name, the application version, and the application developer's public key.

It is a block diagram which shows the structure of the application management system by one Embodiment of this invention. It is a block diagram which shows the structure of the portable terminal by one Embodiment of this invention. It is a block diagram which shows the structure of the management server by one Embodiment of this invention. It is a reference figure showing the contents of the white list in one embodiment of the present invention. It is a flowchart which shows the procedure of operation | movement of the portable terminal by one Embodiment of this invention. It is a reference figure showing the contents of the terminal list in one embodiment of the present invention. It is a flowchart which shows the procedure of operation | movement of the management server by one Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 shows the configuration of an application management system according to an embodiment of the present invention. The application management system shown in FIG. 1 includes a mobile terminal 1, an application sales server 2, a management terminal 3, and a management server 4.

  The mobile terminal 1 is a terminal such as a smartphone possessed by the user. The application sales server 2 is a server that sells various applications installed in the mobile terminal 1 through an Internet service. The management terminal 3 has a hardware configuration equivalent to that of the mobile terminal 1, collects applications sold by the application sales server 2, installs and executes the applications, and analyzes the behavior. The management server 4 is a server that manages a white list in which information on trusted applications that may be installed in the mobile terminal 1 is registered.

  The white list is generated by the management server 4. The management server 4 acquires information necessary for generating the white list from the management terminal 3. The management terminal 3 receives the application file from the application sales server 2 and stores it in its storage device. The management terminal 3 installs an application based on the application file, executes the installed application, and records and holds the behavior at the time of executing the application in an execution log. Furthermore, the management terminal 3 extracts information necessary for generating the white list from the execution file of the installed application.

  Extraction of information necessary for generating the white list is performed as follows. An executable file (package) for an application for a mobile terminal is assigned to an execution code (execution program) including an instruction sequence, a package name (name information) corresponding to the name of the application, version information indicating the version of the application, and the application. Digital signature, and the public key (public key information) of the developer who developed the application. The management terminal 3 extracts a package name composed of a character string, version information composed of a numerical string, and a public key composed of a character string from the application execution file.

  The management terminal 3 transmits information extracted from the application execution file and the held execution log to the management server 4. The management terminal 3 may transmit an application execution file to the management server 4 together with the execution log. The management server 4 receives the information extracted from the execution file of the application and the execution log, and verifies the reliability of the application based on the execution log. Any technique may be used for verifying the reliability of the application. As a result of verifying the reliability of the application, when it is determined that the application to be verified is reliable, the management server 4 registers the information extracted from the execution file of the application in the white list.

  FIG. 2 shows the configuration of the mobile terminal 1. The mobile terminal 1 includes a control unit 10, a communication unit 11, a display unit 12, an operation unit 13, and a storage unit 14. The control unit 10 controls each unit in the mobile terminal 1. The communication unit 11 communicates with the application sales server 2 and the management terminal 3. The display unit 12 displays various information. The operation unit 13 includes various buttons and keys operated by the user. The storage unit 14 stores application files, white lists, and the like. The mobile terminal 1 is implemented with Android (registered trademark) as an OS.

  The control unit 10 includes a white list acquisition unit 10a, an installation execution unit 10b, an application deletion unit 10c, and a device control unit 10d. The white list acquisition unit 10 a performs processing for acquiring a white list from the management server 4. The installation execution unit 10 b executes application installation using an application file stored in the storage unit 14. The application erasure unit 10c verifies (authenticates) an application installed in the mobile terminal 1, and executes erasure (uninstallation) of unnecessary applications. The white list acquisition unit 10a, the installation execution unit 10b, and the application deletion unit 10c are implemented as applications. The device control unit 10d has a function as a device driver and controls operations of devices (communication unit 11, display unit 12, operation unit 13, and storage unit 14) included in the mobile terminal 1.

  FIG. 3 shows the configuration of the management server 4. The management server 4 includes a control unit 40, a communication unit 41, a display unit 42, an operation unit 43, and a storage unit 44. The control unit 40 controls each unit in the management server 4. The communication unit 41 communicates with the mobile terminal 1 and the management terminal 3. The display unit 42 displays various information. The operation unit 43 includes various buttons and keys operated by the user. The storage unit 44 stores a white list and the like.

  The control unit 40 includes an application verification unit 40a, a white list management unit 40b, a terminal management unit 40c, and a device control unit 40d. The application verification unit 40a verifies the reliability of the application. The white list management unit 40b manages the white list. The terminal management unit 40c manages the state of the mobile terminal 1 that has acquired the white list. The application verification unit 40a, the white list management unit 40b, and the terminal management unit 40c are implemented as applications. The device control unit 40d has a function as a device driver and controls operations of devices (communication unit 11, display unit 12, operation unit 13, and storage unit 14) included in the management server 4.

  Registration of information to the white list is performed as follows. As described above, the information extracted from the application execution file and the execution log are transmitted from the management terminal 3. These are received by the communication unit 41 according to control by the device control unit 40 d and stored in the storage unit 44. The application verification unit 40a acquires an execution log from the storage unit 44 via the device control unit 40d, and verifies the reliability of the application based on the execution log.

  The result of verifying the reliability of the application by the application verification unit 40a is notified to the white list management unit 40b. When the application verification unit 40a determines that the application is reliable, the whitelist management unit 40b receives the package name, version information, and public key for the verification target application from the storage unit 44 via the device control unit 40d. Get each piece of information.

  If the white list is already stored in the storage unit 44, the white list management unit 40b acquires the white list from the storage unit 44 via the device control unit 40d, and adds the above information to the white list. The white list is updated, and the pre-update white list stored in the storage unit 44 is replaced with the updated white list via the device control unit 40d. If the white list is not stored in the storage unit 44, the white list management unit 40b newly generates a white list including the above-described information and stores the white list in the storage unit 44 via the device control unit 40d. Store.

  FIG. 4 shows an example of the contents of the white list. As shown in FIG. 4, in the white list, a package name (for example, P1), version information (for example, V1), and a developer's public key (for example, PK1) are registered for each application.

  Next, the operation of the mobile terminal 1 will be described. The portable terminal 1 periodically accesses the management server 4 and acquires a white list. Specifically, the white list acquisition unit 10 a of the mobile terminal 1 generates a white list acquisition request and outputs the request to the communication unit 11. The communication unit 11 communicates with the management server 4 according to control by the device control unit 40d, and transmits an acquisition request to the management server 4. The communication unit 41 of the management server 4 receives the acquisition request according to the control by the device control unit 40d and outputs it to the white list management unit 40b. The white list management unit 40b acquires the white list from the storage unit 44 via the device control unit 40d according to the acquisition request, and outputs the white list to the communication unit 41. The communication unit 41 communicates with the mobile terminal 1 that is the transmission source of the acquisition request according to control by the device control unit 40d, and transmits the white list to the mobile terminal 1.

  The communication unit 11 of the mobile terminal 1 receives the white list according to the control by the device control unit 10d and outputs the white list to the white list acquisition unit 10a. The white list acquisition unit 10a stores the white list in the storage unit 14 via the device control unit 10d. As described above, the mobile terminal 1 acquires the white list from the management server 4 and holds it.

  The portable terminal 1 operates as follows using the white list. When the user operates the operation unit 13 to input an application installation instruction, the device control unit 10d detects the installation instruction based on information output from the operation unit 13, and notifies the installation execution unit 10b of the installation instruction. . The installation execution unit 10b acquires an application file from the storage unit 14 via the device control unit 10d, expands the application file which is a compressed file, and stores the execution file of the decompressed application via the device control unit 10d. 14 and various settings for executing the application.

  When the installation is completed, the installation execution unit 10b broadcasts “Package Added” (end information), which is a type of intent indicating the completion of installation, into the mobile terminal 1. The intent is a function provided by the application framework of Android (registered trademark), and functions as a message for an activity that is an object constituting the application.

  FIG. 5 shows the operation of the mobile terminal 1 when the application is confirmed (authenticated) using the white list. The application erasure unit 10c stands by until the intent “Package Added” is output from the installation execution unit 10b (step S100). If the intent “Package Added” is detected, the application erasure unit 10c acquires the white list stored in the storage unit 14 via the device control unit 10d (step S105). Subsequently, the application erasure unit 10c acquires the package name, version information, and the developer public key from the execution file of the application installed in the storage unit 14 via the device control unit 10d (step S110).

  The application erasure unit 10c compares each of the package name, version information, and developer public key acquired from the application execution file with each information registered in the white list (step S115). As shown in FIG. 4, each piece of information is registered in the white list in units of applications, and in step S115, comparison is performed for combinations of information in units of applications. For example, each piece of information acquired from the application execution file is compared with the package name P1, the version information V1, and the developer's public key PK1 in the white list, followed by the package name P2, the version information V2, and the developer's public key. It is compared with PK2, followed by the package name P3, version information V3, and the developer's public key PK3.

  When the combination of each information acquired from the application execution file completely matches any one of the application unit information registered in the white list (step S120), the combination of the regular application registered in the white list and The same application is installed. In this case, the process returns to step S100.

  When the combination of information acquired from the application execution file does not match any combination of information registered in the white list (step S120), the application erasure unit 10c Via 10d, the program and various setting information of the application whose installation is detected in step S100 are deleted (uninstalled) from the storage unit 14 (step S125). Subsequently, the process returns to step S100.

  Through the above processing, an application having information that does not match information registered in the white list is deleted from the mobile terminal 1. Therefore, the portable terminal 1 can be kept in a state where only a trusted application is installed. The process shown in FIG. 5 is linked to the installation operation of the application, and it is difficult for the user to start the application immediately after the installation before the application is erased. Until the process of step S115 ends and the process returns to step S100, or until the process of step S125 ends, the activation of the application by the user may not be accepted.

  When comparing each information in step S115, if the comparison is performed using the developer public key as a character string as it is, it is necessary to compare a 1024-bit or 2048-bit character string. The processing load required is large. Since the CPU load and power consumption are limited in the portable terminal, it is not preferable to compare the character strings in the portable terminal. Therefore, as the developer public key, a public key subjected to hash calculation (hash processing) may be used. Specifically, the management server 4 performs a hash calculation on the developer's public key, and the calculation result is registered in the white list as the developer's public key. Further, in the portable terminal 1, when the application erasure unit 10c acquires the developer's public key from the application in step S110, the application erasure unit 10c performs hash calculation on the public key and compresses it to a character string of about 160 bits, for example. The processing load required for the hash calculation is smaller than the processing load required for the comparison of the character strings.

  In the above, package name, version information, and developer's public key are used, but considering the safety by restricting application installation and the convenience by allowing application installation. Thus, the combination of the above information may be changed. For example, prepare three patterns: a pattern that uses only the developer's public key, a pattern that uses the developer's public key and package name, and a pattern that uses the developer's public key, package name, and version information. The mobile terminal 1 may operate with only one of the patterns. The pattern is determined for each group to which the user of the mobile terminal 1 belongs, for example. In order to change the above pattern, for example, it is necessary to change an application that implements the functions of the whitelist acquisition unit 10a, the installation execution unit 10b, and the application deletion unit 10c, which are implemented in the mobile terminal 1.

  In the above, confirmation of an application using a white list is performed at the timing when the application is installed. However, this confirmation may be performed periodically for an already installed application. For example, the application erasure unit 10c periodically executes the processes of steps S105 to S125 for the execution file of the application installed in the storage unit 14.

  In this case, an application that is installed (preinstalled) in advance in the manufacturing stage of the mobile terminal 1 may be regarded as a reliable application, and the application may be excluded from processing targets. For example, since many preinstalled applications are stored in the system area, an application stored in a storage area other than the system area in the storage unit 14 may be the target of processing.

  Specifically, when a condition such as a predetermined time has elapsed since the previous process was performed, the application erasure unit 10c acquires the white list stored in the storage unit 14 via the device control unit 10d. To do. Area information indicating a storage area (for example, a system area) in which an executable file of a reliable application is stored is added to the white list. The application erasure unit 10c excludes the application stored in the storage area indicated by the area information in the storage unit 14 from the subsequent processes, and performs the same processes as steps S110 to S125.

  In addition, as a method of adding the area information indicating the storage area where the executable file of the trusted application is stored to the white list, the package name of the corresponding application is expressed as an absolute path in the white list, and the absolute path character string A method may be used in which a part of the region information is used.

  Next, an operation in which the management server 4 manages the state of the mobile terminal 1 will be described. An application in which the functions of the white list acquisition unit 10a, the installation execution unit 10b, and the application deletion unit 10c are mounted may be deleted from the portable terminal 1 by a malicious user. For this reason, the management server 4 checks whether or not the mobile terminal 1 regularly acquires a white list, and issues a warning when there is a mobile terminal 1 that has not regularly acquired a white list.

  The storage unit 44 of the management server 4 stores a terminal list for managing the state of the mobile terminal 1. FIG. 6 shows an example of the contents of the terminal list. As shown in FIG. 6, in the terminal list, a corporate name (for example, C1), a terminal identifier (for example, N1), and an acquisition time (for example, T1) are registered. The corporation name is the name of the corporation to which the user of the mobile terminal 1 belongs. The terminal identifier is information for identifying the individual mobile terminal 1 and is, for example, a telephone number. The acquisition time is the time when the mobile terminal 1 last acquired the white list.

  FIG. 7 shows the operation of the management server 4. The terminal management unit 40c monitors information output from the communication unit 41 to the control unit 40 via the device control unit 40d, and determines whether a whitelist acquisition request is received from the mobile terminal 1 (step S200). ). When the acquisition request is received, the terminal management unit 40c confirms the terminal identifier of the mobile terminal 1 included in the acquisition request (step S205).

  Subsequently, the terminal management unit 40c acquires the terminal list from the storage unit 44 via the device control unit 40d, and sets the acquisition time combined with the same terminal identifier as the terminal identifier included in the acquisition request in the terminal list. The terminal list is updated by replacing with the current time, and the pre-update terminal list stored in the storage unit 44 is replaced with the updated terminal list via the device control unit 40d (step S210).

  Subsequently, the white list management unit 40b acquires the white list from the storage unit 44 via the device control unit 40d according to the acquisition request, and outputs the white list to the communication unit 41. The communication unit 41 communicates with the mobile terminal 1 that is the transmission source of the acquisition request according to the control by the device control unit 40d, and transmits the white list to the mobile terminal 1 (step S215). Subsequently, the process returns to step S200.

  In step S200, when the acquisition request is not received, the terminal management unit 40c acquires the terminal list from the storage unit 44 via the device control unit 40d, and sequentially confirms the acquisition times of the respective mobile terminals 1 in the terminal list. (Step S220). Based on the result of confirming the acquisition time in step S220, the terminal management unit 40c determines whether there is a mobile terminal 1 in which the difference between the acquisition time recorded in the terminal list and the current time exceeds a predetermined time. That is, it is determined (whether there is a mobile terminal 1 that has not acquired the white list for a predetermined time or more since the white list was last acquired) (step S225).

  When there is a mobile terminal 1 in which the difference between the acquisition time recorded in the terminal list and the current time exceeds a predetermined time, the terminal management unit 40c has a mobile terminal 1 that is not safe. Warning information (for example, a warning e-mail) for warning the administrator of the portable terminal 1 that the device is informed is output to the communication unit 41 via the device control unit 40d. The communication unit 41 communicates with the administrator's terminal according to the control by the device control unit 40d, and transmits warning information to the terminal (step S230). Subsequently, the process returns to step S200. If there is no mobile terminal 1 in which the difference between the acquisition time recorded in the terminal list and the current time exceeds the predetermined time, the process returns to step S200.

  Through the above processing, it is detected that the application having the functions of the white list acquisition unit 10a, the installation execution unit 10b, and the application deletion unit 10c has been deleted from the mobile terminal 1, and a warning is issued to the administrator to take countermeasures. be able to.

  Regarding the portable terminal 1 and the management server 4 of the present embodiment, a program for realizing the operation and function of the portable terminal 1 and the management server 4 is recorded on a computer-readable recording medium, and recorded on the recording medium. The portable terminal 1 and the management server 4 can be configured by causing the computer to read and execute the program.

  Here, the “computer” includes a homepage providing environment (or display environment) if the WWW system is used. The “computer-readable recording medium” refers to a storage device such as a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a hard disk built in the computer. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included.

  The program described above may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the above-described program may be for realizing a part of the above-described function. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  As described above, in this embodiment, the white list method using the package name, version information, and the developer's public key is adopted. By including version information in the white list, it is possible to remove applications that have been mutated into malware due to version upgrades. Also, by including the developer's public key in the whitelist, it is possible to authenticate the developer as well, and it is possible to remove malware pretending to be a legitimate application using the legitimate application package name. it can. Therefore, malware can be removed more effectively. This embodiment is suitable for services for corporations where security management is important.

  Also, by using a public key that has been subjected to hash calculation, it is possible to reduce the CPU load and power consumption of the mobile terminal. In addition, by verifying the application installed on the mobile device at the timing immediately after the installation of the application is completed or at the regular visit timing, the period during which the malware is introduced to the mobile device may be shortened as much as possible. it can.

  Further, by considering the preinstalled application as a reliable application and excluding the application from the verification target of the application in the portable terminal 1, the CPU load and power consumption of the portable terminal can be suppressed. Furthermore, by checking whether or not the mobile terminal regularly acquires the white list, the state of the mobile terminal can be kept safer.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the above-described embodiments, and includes design changes and the like without departing from the gist of the present invention. .

  DESCRIPTION OF SYMBOLS 1 ... Portable terminal, 2 ... Application sales server, 3 ... Management terminal, 4 ... Management server, 10, 40 ... Control part, 10a ... White list acquisition part, 10b. ..Installation execution unit, 10c... Application deletion unit, 10d, 40d... Device control unit, 11, 41... Communication unit, 12, 42. 14, 44 ... storage unit, 40a ... application verification unit, 40b ... white list management unit, 40c ... terminal management unit

Claims (7)

First name information indicating the name of the trusted application, first version information indicating the version of the trusted application, and first public key information indicating the public key of the developer of the trusted application And a storage unit for storing a file including a program of the installed application,
An installation execution unit that installs the application program in the storage unit;
From the application installed in the storage unit, second name information indicating the name of the application, second version information indicating the version of the application, and second indicating the public key of the developer of the application Public key information is acquired, the first name information and the second name information, the first version information and the second version information, the first public key information and the second public key. Each of the three sets of information is compared, and if at least one set of information does not match, an erasure unit that erases the program of the application related to the comparison from the storage unit;
A portable terminal characterized by comprising:   The mobile terminal according to claim 1, wherein the first public key information and the second public key information are information obtained by hashing the developer public key. The installation execution unit outputs the end information for notifying the end of the installation at the timing when the installation of the application program ends.
The mobile terminal according to claim 1, wherein the erasing unit performs the comparison at a timing when the end information is detected. The white list further includes area information indicating a storage area of the storage unit in which the program of the trusted application is installed,
The portable terminal according to any one of claims 1 to 3, wherein the erasing unit uses an application installed in an area other than the area indicated by the area information as the comparison target.   The program for functioning a computer as a portable terminal as described in any one of Claims 1-4. A communication system including a mobile terminal and a server,
The portable terminal is
First name information indicating the name of the trusted application, first version information indicating the version of the trusted application, and first public key information indicating the public key of the developer of the trusted application A first communication unit that receives from the server a white list including:
A first storage unit for storing the received whitelist and storing a file including a program of an installed application;
An installation execution unit for installing the program of the application in the first storage unit;
From the application installed in the first storage unit, second name information indicating the name of the application, second version information indicating the version of the application, and a public key of the developer of the application Second public key information is acquired, and the first name information and the second name information, the first version information and the second version information, the first public key information and the second Each of the three sets of public key information, and if at least one set of information does not match, an erasure unit that erases the program of the application related to the comparison from the first storage unit,
Have
The server
A second storage unit for storing the white list;
A second communication unit for transmitting the white list to the mobile terminal;
A communication system comprising: The first communication unit further periodically transmits an acquisition request for the white list to the server,
The server further includes a warning unit that monitors the acquisition request from the portable terminal, and generates warning information when the acquisition request is not received within a predetermined time since the acquisition request was last received. And
The communication system according to claim 6, wherein the second communication unit transmits the white list to the mobile terminal when the acquisition request is received from the mobile terminal.

Images