JP6102093B2 - Information processing apparatus, security method thereof, and security program thereof. - Google Patents

Description

The present invention relates to an information processing apparatus usage restriction, for example, an information processing apparatus that performs lock control using a communication function, a security method thereof, and a security program thereof.

  The portable information processing apparatus is provided with various security in order to prevent the stored information from being leaked due to, for example, theft or loss at the time of carrying. As this security means, for example, there is one in which a user individually sets a combination of a specific ID (Identification) and a password (Pass Word). Such an ID or password needs to be set by the user himself / herself.

  For example, a lost information processing apparatus is registered in a dedicated security server, and remote lock (remote lock) or remote wipe (remote deletion) is set by wireless communication via this server.

  Regarding security using such a server, the mobile terminal sends an SSID (Service Set Identification) received from the base station to the server, and this server is known to refuse connection unless it is a registered SSID. (For example, Patent Document 1).

JP 2004-274602 A

  By the way, in the security method by ID and password input, it is necessary to set information in advance and store the information, and an input operation is required every time the information processing apparatus is used. Therefore, a complicated operation is required to start using the information processing apparatus, and there is a problem that the convenience of the information processing apparatus is impaired. In addition, when ID or password information is overlooked by another person, for example, when the ID or password is stolen or lost in the state authenticated by the ID or the like, it cannot be dealt with thereafter, and the security function is insufficient. There is.

  In addition, the remote lock function and the remote wipe function require that a new dedicated server system be constructed in order to perform services. The lost or stolen information processing apparatus needs to exist in an area that can communicate with the server system, and there is a problem that it takes a great deal of cost to realize the security function for the entire range. .

  Furthermore, the remote lock function and the remote wipe function have a problem that the security function is not executed unless a setting operation is performed after the user knows that the user has lost or stolen.

  Therefore, in view of the above problems, a first object of the present invention is to improve the security function of an information processing apparatus by automatically shifting to a security state without performing a setting operation on the user side.

In addition, the second object of the present invention is to immediately perform lock control when located outside the set usable authentication area, thereby improving the speed of dealing with theft or loss, and the security function. It is to improve the reliability.

In order to achieve the above object, the configuration of the present disclosure is an information processing apparatus having a wireless communication function, and includes a wireless communication unit, a storage unit, a determination unit, and a control unit. The wireless communication means acquires first communication information from a plurality of access points within a wireless communicable range. The storage means stores second communication information of a plurality of authentication access points that can identify the authentication area. The determination means includes the number of the first communication information that matches one of the plurality of second communication information stored in the storage means among the plurality of first communication information, and a position with respect to the authentication area. It is determined whether or not it is within the authentication area by comparing with a predetermined threshold indicating the relationship . Then, when the control means determines that it is within the authentication area based on this determination result performed at the start of use or during use, it releases part or all of the operation function restriction, and if it is determined that it is outside the authentication area, Lock control is prohibited .

  According to the information processing apparatus, the security method, or the security program of the present disclosure, any of the following effects can be obtained.

  (1) Using the received communication information, it is estimated whether the information processing apparatus is in an available authentication area, and the authentication operation during use can be omitted, so that the convenience of the apparatus is improved.

  (2) Based on the reception information of the communication information, it is possible to prevent the state in which the security function is not set from occurring by releasing the lock only when it is estimated that the communication area is within the authentication area.

  (3) When the information processing apparatus is taken out of the authentication area, the lock function is immediately executed, thereby improving the reliability of the security function.

  (4) By performing lock control based on receivable communication information at the current position of the information processing apparatus, it is not necessary to construct a new security server, and a security function can be realized at low cost.

Other objects, features, and advantages of the present invention will become clearer with reference to the accompanying drawings and each embodiment.

It is a figure which shows the structural example of the information processing apparatus which concerns on 1st Embodiment. It is a flowchart which shows an example of a security process. It is a figure which shows the specific state example of the use position of the portable terminal device which concerns on 2nd Embodiment. It is a figure which shows the structural example of a portable terminal device. It is a figure which shows the usage condition example of a portable terminal device. It is a figure which shows the comparison of the SSID information in an authentication area. It is a figure which shows the comparison of the SSID information outside an authentication area. It is a figure which shows the example of authentication by GPS information. It is a figure which shows the example of authentication by GPS information. It is a figure which shows the other example of the use condition of a portable terminal device. It is a figure which shows the comparison of the SSID information in an authentication area. It is a figure which shows the comparison of the SSID information outside an authentication area. It is a figure which shows the example of authentication by GPS information. It is a figure which shows the example of authentication by GPS information. It is a figure which shows the structural example of a computer. It is a sequence diagram which shows the example of a registration process of SSID information in a registration mode. It is a sequence diagram which shows the example of a registration process of the positional information in registration mode. It is a flowchart which shows an example of a registration process. It is a sequence diagram which shows the process example in determination mode. It is a figure which shows an example of a GPS measurement process. It is a flowchart which shows an example of a determination process. It is a flowchart which shows an example of a lock release process. It is a figure which shows the example of a display screen. It is a flowchart which shows the process example in the registration mode of the portable terminal device which concerns on 3rd Embodiment. It is a flowchart which shows the process example in determination mode. It is a figure which shows the structural example of the portable terminal device which concerns on 4th Embodiment. It is a figure which shows an example of a registration data table. It is a flowchart which shows an example of the security process in the case of using a connection history.

  [First Embodiment]

  FIG. 1 shows a configuration example of the information processing apparatus according to the first embodiment. The configuration shown in FIG. 1 is an example.

  An information processing device 2 illustrated in FIG. 1 is, for example, a portable PC (Personal Computer), a mobile terminal device, a mobile phone, or the like, and is an example of the information processing device of the present disclosure. The information processing apparatus 2 receives communication information 6 from an access point 4 that is a base station of a LAN (Local Area Network). Around the information processing apparatus 2, a plurality of access points 4-1, 4-2, 4-3... 4-N are installed. Then, the information processing apparatus 2 transmits the communication information 6-1, 6-2, 6-3,..., 6-N from the access points 4-1, 4-2, 4-3,. Is receiving.

  The information processing apparatus 2 includes a security function that performs lock control when the information processing apparatus 2 is located outside the set range, and includes a wireless communication unit 8, a storage unit 10, a determination unit 12, and a control unit 16.

  The wireless communication unit 8 is an example of a communication connection unit for a wireless LAN. The wireless communication means 8 performs a connection process according to, for example, the WiFi (Wireless Fidelity) standard with each access point 4 arranged. The wireless communication means 8 takes in the communication information 6 output from each access point 4 within the wireless communicable range. The communication information 6 includes, for example, an SSID (Service Set Identification) for specifying a WiFi wireless LAN relayed or transmitted by each access point 4.

  The storage means 10 is means for storing the communication information 6 acquired by the wireless communication means 8. The storage means 10 stores communication information 6 acquired during use by the user, for example, when the information processing apparatus 2 is activated. The storage means 10 stores registered communication information 14 as information for specifying a specific wireless LAN in advance. The registered communication information 14 is communication information that can be received in, for example, a specific building, room, or area as an authentication area where use of the information processing apparatus 2 is permitted. In the storage means 10, a plurality of registered communication information 14-1 sent from a plurality of access points 4-1, 4-2, 4-3... 4-N arranged in or around the authentication area, 14-2, 14-3,... 14-X are registered.

  The registered communication information 14 is registered in the storage unit 10 by, for example, a setting operation of the user himself or someone who has the user setting authority.

  The determination unit 12 is a unit that determines the degree of coincidence between the registered communication information 14 stored in the storage unit 10 and the communication information 6 acquired by the wireless communication unit 8. In this determination, for example, the number of matching communication information 6 and registered communication information 14 is determined.

  The control unit 16 performs lock control of the information processing device 2 based on the determination result of the determination unit 12. This lock control prohibits an operation on the information processing apparatus 2 when the degree of coincidence does not reach a predetermined reference or higher in the determination result.

  That is, the communication information 6 is used as information indicating the reception environment of the wireless LAN that represents the use authentication area of the information processing apparatus 2. In the determination process, whether or not the information processing apparatus 2 exists in the authentication area permitted to be used by using the received communication information 6-1, 6-2, 6-3,. Is estimated. When the information processing device 2 is not in the authentication area, use of the information processing device 2 is restricted.

<Security function processing procedure>

  FIG. 2 shows a processing example of the security function of the information processing apparatus 2. The processing procedure and processing content shown in FIG. 2 are examples, and the present invention is not limited to such a configuration. The processing procedure illustrated in FIG. 2 is an example of the security method or security program of the present disclosure.

  The information processing apparatus 2 fetches the receivable communication information 6 in response to, for example, pressing of a start switch or an input operation on the operation means (S1). For example, the wireless communication unit 8 notifies the determination unit 12 of the received communication information 6. At this time, the captured communication information 6 may be stored in the storage unit 10.

  The determination unit 12 performs a process of reading the stored registered communication information 14 from the storage unit 10 (S2). Then, the determination unit 12 determines the degree of coincidence between the captured communication information 6 and the registered communication information 14 (S3). In the determination process, for example, the SSID included in the communication information 6 and the SSID included in the registered communication information 14 are compared to determine the number of matches.

  Further, for example, a threshold for the degree of coincidence is set in the determination unit 12. In the determination process, for example, it is determined whether or not four or more pieces of communication information 6 match the registered communication information 14 as the threshold value.

  If the degree of coincidence is greater than or equal to the threshold value in the determination process (YES in S4), the control unit 16 releases the lock so as to enable an operation on the information processing apparatus 2 (S5). That is, it is estimated that the information processing apparatus 2 is within a specific range in which the registered communication information 14 can be received, and the use permission is authenticated. If the degree of coincidence is less than the threshold (NO in S4), it is estimated that the information processing apparatus 2 may have been taken out of the permitted range, and the control means 16 sets the lock function and performs the operation. It is prohibited (S6).

  It should be noted that the capture of the communication information 6 is not limited to when the information processing apparatus 2 is activated, but may be always executed while the information processing apparatus 2 is being used, for example. And the control means 16 may restrict | limit the function of the information processing apparatus 2, or may prohibit use, when a coincidence degree has reached the threshold value or less.

  According to such a configuration, it is possible to estimate whether the information processing apparatus is within an available authentication area using the received communication information, and to omit an authentication operation or the like at the time of use. Further, by releasing the lock only when it is estimated that the communication area is within the authentication area based on the received information of the communication information, it is possible to prevent the security function from being set. Further, when the information processing apparatus is taken out of the authentication area, lock control is immediately executed. The information processing apparatus performs lock control based on receivable communication information at the current position, so that it is not necessary to construct a new security server and the cost can be reduced.

  [Second Embodiment]

  FIG. 3 shows a specific state of the use position of the mobile terminal device according to the second embodiment. The configuration shown in FIG. 3 is an example.

  A mobile terminal device 20 illustrated in FIG. 3 is an example of an information processing device according to the present disclosure, and the access points 4 (4-1, 4-2, 4-3,..., 4- N) with a communication function capable of transmitting and receiving information with WiFi, for example. The mobile terminal device 20 receives WiFi SSID information 24 (24-1, 24-2, 24-3,..., 24-N) as communication information 6 from each access point 4.

  Further, the mobile terminal device 20 has a function capable of communicating with a GPS (Global Positioning System) satellite 22 or a server as a position specifying unit, and receives GPS positioning information 26 that is position information of the current position. The position information by GPS is used as information supplementing the position specification by the reception state of WiFi.

<Configuration of mobile terminal device 20>

  FIG. 4 shows a configuration example of the mobile terminal device 20. The mobile terminal device 20 includes a WiFi-SSID reception function unit 30 that receives the SSID information 24 from the access point 4. A WiFi-SSID data registration unit 32, a WiFi-SSID data holding unit 34, and a WiFi-SSID determination unit 36 are provided. The mobile terminal device 20 includes a GPS reception function unit 40, a position data registration unit 42, a position data holding unit 44, and a position determination unit 46. The mobile terminal device 20 includes a lock control unit 50 and a user setting unit 52.

  The WiFi-SSID reception function unit 30 is an example of the wireless communication unit 8 described above. The WiFi-SSID reception function unit 30 receives surrounding SSID information 24 at regular time intervals while the mobile terminal device 20 is activated. The received SSID information 24 is transmitted to the WiFi-SSID data registration unit 32 when the mobile terminal device 20 is in the registration mode, for example. Further, when the mobile terminal device 20 is in the authentication mode, the received SSID information 24 is transmitted to the WiFi-SSID determination unit 36.

  The WiFi-SSID data registration unit 32 is an example of a registration control unit that causes the WiFi-SSID data holding unit 34 to register the SSID information 24 acquired when the mobile terminal device 20 is in the registration mode. The mobile terminal device 20 includes a registration mode function for setting an authentication area based on, for example, a user setting operation. In this registration mode, the WiFi-SSID data registration unit 32 registers the SSID information 24 received at the position and location to be set as the authentication area as the registered SSID information 25. The registered SSID information 25 is used as the registered communication information 14 described above. The WiFi-SSID data registration unit 32 takes in the SSID information 24 based on, for example, the repetition interval information set in the user setting unit 52.

The WiFi-SSID data holding unit 34 is an example of a unit that stores the registered SSID information 25 registered by the WiFi-SSID data registration unit 32 and includes the storage unit 10 described above.
The registered SSID information 25 stored in the WiFi-SSID data holding unit 34 is transmitted to the WiFi-SSID determination unit 36 and used as the registered communication information 14 described above in the determination mode.

  The WiFi-SSID determination unit 36 is a means for comparing the SSID information 24 acquired during execution of the position determination mode with the registered SSID information 25 registered in the WiFi-SSID data holding unit 32 and determining whether or not they match. is there. For the determination of the match of the SSID information, for example, a threshold set in the user setting unit 52 is used, and it is determined whether or not the matching degree is equal to or greater than the threshold. The WiFi-SSID determination unit 36 notifies the lock control unit 50 of the determination result.

  The GPS reception function unit 40 constitutes a communication unit that requests and receives position information of the mobile terminal device 20 between the GPS satellites 22 or a relay server. For example, when the mobile terminal device 20 is in the registration mode, the GPS reception function unit 40 notifies the position data registration unit 42 of the received GPS positioning information 26. The GPS reception function unit 40 notifies the position determination unit 46 of the received GPS positioning information 26 as registered GPS positioning information 27 in a mode other than the registration mode.

  The position data registration unit 42 is an example of a registration control unit that causes the position data holding unit 44 to register the GPS positioning information 26 acquired during the registration mode of the mobile terminal device 20. The position data registration unit 42 takes in the GPS positioning information 26 based on, for example, repetition interval information set in the user setting unit 52.

  The position data holding unit 44 is an example of a unit that stores the registered GPS positioning information 27 registered by the position data registration unit 42, and includes the storage unit 10 described above. The registered GPS positioning information 27 stored here is position information for specifying the authentication area, and is used as a comparison target in the determination mode.

  The position determination unit 46 is a unit that compares the GPS positioning information 26 received during execution of the determination mode with the registered GPS positioning information 27 stored in the position data holding unit 44 and determines whether or not they match. For the coincidence determination of the GPS positioning information 26, for example, a threshold set in the user setting unit 52 is used, and it is determined whether or not the coincidence is equal to or greater than the threshold. The position determination unit 46 notifies the lock control unit 50 of the determination result.

  The lock control unit 50 is an example of a unit that performs lock control on the mobile terminal device 20 according to the determination results of the WiFi-SSID determination unit 36 and the position determination unit 46.

The user setting unit 52 is an example of a unit that holds setting information for the security function of the mobile terminal device 20. The user setting unit 52 holds, for example, threshold information and process execution timing information input and set by the user. In the user setting unit 52, for example, the following information is set.
(1) Time interval information for registering WiFi-SSID information (SSID information 24) in the registration mode: “WiFi-SSSID registration repetition interval” information
(2) Time interval information for registering GPS positioning information (position information) 26 in the registration mode: “GPS registration repetition interval” information
(3) Information on the number of matches between the received WiFi-SSID information 24 and the retained WiFi-SSID information in the position determination mode: “position determination WiFi threshold” information
(4) Error information of GPS positioning information (reception position) 26 in the position determination mode: “position determination GPS threshold” information
(5) Registration mode and position determination mode information

  <When a specific location is set as an authentication area>

  FIG. 5 shows an example of the usage state of the mobile terminal device. 6 and 7 show an example of WiFi SSID information. 8 and 9 show an example of GPS information. The configurations shown in FIGS. 5 to 9 are examples.

  In the mobile terminal device 20 shown in FIG. 5, for example, registered SSID information 25 and registered GPS positioning information 27 of WiFi that can be received in an office room or the like are registered. The registration process is executed when the user starts the registration mode function with respect to the mobile terminal device 20. As a result, a range in which the registered SSID information 25 can be received is set as the authentication area 60 in the mobile terminal device 20. For example, the authentication area 60 may be equal to or approximate to a range set with a certain radius around the registered GPS positioning position. Further, the authentication area 60 based on the registered SSID information 25 and the range based on the registered GPS positioning information 27 may be set so that the other range exists within one of the ranges.

  The WiFi-SSID data holding unit 34 stores the SSID information 24 acquired in the registration mode, and a registration data table 64 shown in A of FIG. 6 is generated. In the registration data table 64, for example, a WiFi SSID information section 68 in which the registered SSID information 25 is tabulated for each registered registration number section 66 is set.

  The registered SSID information 25 is composed of a combination of numbers and characters in a text format, for example. The order of registration in the SSID information section 68 of the registration data table 64 may be any. This registration order may be set based on, for example, the order received by the mobile terminal device 20 in the registration mode, the intensity of received radio waves, or the like.

  For example, when a use start operation or the like is performed, the mobile terminal device 20 starts a determination mode, and receives communication information such as SSID transmitted on a wireless LAN such as WiFi that can be received.

  <Determination process in authentication area 60>

  For example, the mobile terminal device 20 executes a position determination mode in response to the start of use, for example, fetches the surrounding SSID information 24 and requests positioning data from the GPS satellite 22. The SSID information 24 acquired at this time is taken into, for example, the WiFi-SSID determination unit 36. The mobile terminal device 20 is used in the authentication area 60, for example. At this time, the WiFi-SSID determination unit 36 stores an acquired SSID information table 70 for registering the received SSID information 24 as shown in FIG. 6B, for example.

  In the acquired SSID information table 70, the WiFi SSID information part 74 received for each registration number part 72 is set. The portable terminal device 20 receives a plurality of WiFi SSID information 24 and registers it in the acquired SSID information table 70 when the use starts at a seat in the office or the like, for example. The WiFi-SSID determination unit 36 performs a comparison determination between the information in the SSID information unit 74 of the acquired SSID information table 70 and the registration data table 64. This comparison determination is performed, for example, based on whether the written name of the registered SSID information or other data contents match. As a result of the comparison, for example, four or more matching SSID information 76 and non-matching SSID information 78 are extracted.

  Then, the WiFi-SSID determination unit 36 estimates that the mobile terminal device 20 exists in the authentication area 60 because the matching SSID information 76 has, for example, four or more matching degrees as threshold values. Based on the determination result, the lock control unit 50 releases the function lock of the mobile terminal device 20 and enters a state where the user can perform an operation.

  In the security process using the SSID information, when the mobile terminal device 20 starts to be used, an input operation by the user is not necessary. Further, the portable terminal device 20 may shift to an authentication process by inputting ID information or a password after unlocking by the security process.

  <Determination Processing Outside Authentication Area 60>

  When the mobile terminal device 20 starts to be used while being taken out of the authentication area 60, the mobile terminal device 20 obtains the SSID information 24 that can be received at the position and requests the GPS positioning information 26 from the GPS satellite 22. . The acquired SSID information 24 is stored in an acquired SSID information table 80 configured in the WiFi-SSID determination unit 36 as shown in FIG. 7B, for example. In the acquired SSID information table 80, for example, the SSID information portion 84 of WiFi received for each registration number portion 82 is set. As shown in FIG. 5, the presence area 62 of the mobile terminal device 20 is set by the acquired SSID information 24 and GPS positioning information 26.

  The WiFi-SSID determination unit 36 performs a comparison determination between the information in the SSID information unit 84 of the acquired SSID information table 80 and the registration data table 64. As a result of the comparison, it is determined that there is no matching SSID information or that the set threshold value is not reached, and it is estimated that the mobile terminal device 20 does not exist in the authentication area 60. Based on the determination result, the lock control unit 50 sets the function lock of the mobile terminal device 20 and prohibits the operation by the user.

  As a result, even when the mobile terminal device 20 is taken out of the authentication area 60 by a user having usage authority other than the loss or theft, the security function is not started and the use can be restricted.

  <Unlocking by authentication using GPS information>

  The position (GPS) information of the mobile terminal device 20 acquired in the registration mode is registered in the position data holding unit 44 by the position data registration unit 42 as shown in FIG. In the position data holding unit 44, a registration data table 90 in which such position information is registered is generated. The registration data table 90 is stored in the position data holding unit 44. In the registration data table 90, for example, a latitude information part 94 and a longitude information part 96 are set for each registration number part 92.

  The position information based on the GPS positioning information 26 is used for supplementary authentication processing in the determination mode of the mobile terminal device 20, for example. The authentication based on the location information is executed, for example, when it is estimated that the mobile terminal device 20 does not exist in the authentication area 60 in the authentication based on the SSID information of WiFi.

  The mobile terminal device 20 receives the GPS positioning information 26 when the determination mode is started, for example, triggered by a use operation. The received GPS positioning information 26 is notified to the position determination unit 46. In the position determination unit 46, an acquired GPS information table 100 shown in FIG. 8B is generated based on the notified GPS positioning information 26.

  In the acquired GPS information table 100, for example, a registration number part 102, a latitude information part 104, and a longitude information part 106 are set.

  The position determination unit 46 determines whether or not the GPS positioning information 26 registered in the acquired GPS information table 100 has a predetermined degree of coincidence with the registered GPS positioning information 27 registered in the registration data table 90. The GPS registration positioning information is determined by determining whether the acquired information of the latitude information unit 104 and the longitude information unit 106 is within a certain range with respect to the registration information of the latitude information unit 94 and the longitude information unit 96, for example. The acquired GPS information table 100 stores matching position information 108. The fixed range may be determined by using the coordinates of the GPS positioning information 26 and determining whether the actual distance is within a few meters with respect to the registered position information.

  If the measurement position of the mobile terminal device 20 is within the threshold with respect to the registered position information, authentication is performed and the function lock is released. In this case, for example, since authentication using the WiFi SSID information 24 cannot be obtained, the operation on a part of the functions of the mobile terminal device 20 may be restricted and unlocked.

  The authentication based on the GPS positioning information may be used when the WiFi SSID cannot be received in the authentication area 60 due to, for example, an access point environment change or power-off state. In this case, since the mobile terminal device 20 can be used, for example, the registration mode can be executed again to set a new WiFi usage environment.

  In addition, for example, when there is a difference between the authentication area 60 by WiFi and the error range by GPS, if the error range by GPS registration and a part of the authentication area overlap, the function of the mobile terminal device 20 is restricted to allow use. It may be.

  <Lock setting by authentication using GPS information>

  As shown in FIG. 5, the GPS positioning information 26 received by the mobile terminal device 20 in the presence area 62 outside the authentication area 60 is registered in the position determination unit 46, and the acquired GPS information table 110 shown in FIG. 9B is generated. Is done. Similar to the acquired GPS information table 100 described above, a registration number portion 112, a latitude information portion 114, and a longitude information portion 116 are set in the acquired GPS information table 110.

  The position determination unit 46 performs a comparison determination between the position information of the acquired GPS information table 110 and the registration data table 90. Since there is no position information in the coincidence or similarity range, it is estimated that the mobile terminal device 20 does not exist in the authentication area 60. Based on the determination result, the lock control unit 50 sets the function lock of the mobile terminal device 20 and prohibits the operation by the user.

  As a result of this determination, the WiFi reception state and the GPS positioning information do not match, so the function of the mobile terminal device 20 may be completely locked. By combining the two conditions in this way, it is specified that a part of the presence area 62 of the mobile terminal device 20 and a part of the authentication area 60 do not overlap.

  The authentication using the GPS positioning information 26 is not limited to the case where the authentication using the SSID information 24 of WiFi cannot be received. For example, when the authentication by the GPS positioning information 26 is received together with the authentication by the SSID information 24, it may be determined that the mobile terminal device 20 is in the authentication area 60 and the lock may be released. The GPS positioning information 26 specifies the position on the ground regardless of the environment in which the mobile terminal device 20 is used. On the other hand, the SSID information 24 of the WiFi is specified by the output of the access point as a use environment condition such as a different floor of a hierarchical building to be used or a reception state due to a barrier such as a wall. Thus, the security function may be further enhanced by combining the two conditions.

  <When moving area is set as authentication area>

  FIG. 10 shows another example of the usage state of the mobile terminal device. 11 and 12 show an example of WiFi SSID information. 13 and 14 show an example of GPS information. The configurations shown in FIGS. 10 to 14 are examples.

  The mobile terminal device 20 illustrated in FIG. 10 registers, for example, WiFi SSID information 24 and GPS positioning information 26 that can be received within a range of movement while using the mobile terminal device 20. The mobile terminal device 20 sets a range in which the SSID information 24 can be received during movement as the authentication area 120. This authentication area 120 includes, for example, arbitrary A point 124, B point 126, C point 128, D point 130, and E point 132 within the movement range.

  In the registration data table 64 shown in A of FIG. 11, information received during movement in the registration mode, information received at the A point 124, the B point 126, the C point 128, the D point 130, and the E point 132 are registered. ing. This registration process is executed based on, for example, WiFi-SSID registration repetition interval information.

  <Determination process in authentication area 120>

  For example, when the position determination mode is executed in the authentication area 120, the mobile terminal device 20 takes in the surrounding SSID information 24 and stores this SSID information 24 as registered SSID information 25 in the WiFi-SSID determination unit 36. The WiFi-SSID determination unit 36 generates an acquired SSID information table 70 that stores the acquired SSID information 24 as shown in FIG. 11B, for example.

  For example, when the mobile terminal device 20 is used while moving in the authentication area 120, the mobile terminal device 20 receives a plurality of WiFi SSID information 24 and registers it in the acquired SSID information table 70. The WiFi-SSID determination unit 36 performs a comparison determination between the SSID information unit 74 of the acquired SSID information table 70 and the registered data table 64. As a result of the comparison, for example, four or more matching SSID information 140 and non-matching SSID information 142 are extracted.

  The WiFi-SSID determination unit 36 estimates that the mobile terminal device 20 exists in the authentication area 120 because the matching SSID information 140 has, for example, four or more matching degrees as threshold values. Based on the determination result, the lock control unit 50 releases the function lock of the mobile terminal device 20 and enters a state where the user can perform an operation.

  Also in the security processing using the SSID information, as described above, when the use of the mobile terminal device 20 is started, an input operation or the like by the user becomes unnecessary.

  <Determination Processing Outside Authentication Area 120>

  When used outside the authentication area 120, the mobile terminal device 20 executes the determination mode and acquires the SSID information 24 that can be received at the current position. The acquired SSID information 24 is registered in the WiFi-SSID determination unit 36 as shown in FIG. 12B, for example, and an acquired SSID information table 80 is generated.

  The WiFi-SSID determination unit 36 performs a comparison determination between the acquired SSID information table 80 and the registration data table 64. As shown in FIG. 12, as a result of the comparison, there is no matching SSID information or the set threshold value is not reached, so that it is estimated that the mobile terminal device 20 does not exist in the authentication area 120. Based on the determination result, the lock control unit 50 sets the function lock of the mobile terminal device 20 and prohibits the operation by the user.

  As a result, even when the mobile terminal device 20 is taken out of the authentication area 120 by a user who has the authority to use, such as loss or theft, the use of the security function can be restricted without being started.

  The execution of the determination mode is not limited to when the use of the mobile terminal device 20 is started, for example, and may be continuously executed while the mobile terminal device 20 is being used. Thereby, even if it is a case where use starts, for example in the authentication area 120, when the portable terminal device 20 goes out of the authentication area 120 during the movement, the security function is quickly executed.

  <Unlocking by authentication using GPS information>

  The location information of the mobile terminal device 20 acquired during movement in the registration mode is registered in the location data holding unit 44 by the location data registration unit 42. In the position data holding unit 44, for example, as shown in FIG. 13A, a registration data table 90 in which such position information is registered is generated.

  The mobile terminal device 20 receives the GPS positioning information 26 when the determination mode is started, for example, triggered by a use operation. The received GPS positioning information 26 is notified to the position determination unit 46, and an acquired GPS information table 100 shown in FIG. 13B is generated.

  The position determination unit 46 determines whether or not the GPS positioning information registered in the acquired GPS information table 100 has a predetermined degree of coincidence with respect to the GPS positioning information registered in the registration data table 90. In the acquired GPS information table 100, position information 144 measured within a certain range is registered as a threshold value.

  If the measurement position of the mobile terminal device 20 is within the threshold with respect to the registered position information, authentication is performed and the function lock is released. In this case, for example, since authentication using the WiFi SSID information 24 cannot be obtained, the operation on a part of the functions of the mobile terminal device 20 may be restricted and unlocked.

  <Lock setting by authentication using GPS information>

  As shown in FIG. 10, in the presence area 62 outside the authentication area 120, the GPS positioning information 26 acquired by the mobile terminal device 20 is stored in the position determination unit 46, and the acquired GPS information table 110 shown in FIG. Is done.

  The position determination unit 46 performs a comparison determination between the position information in the acquired GPS information table 110 and the position information in the registration data table 90. Since there is no position information indicating the coincidence or similar range, it is estimated that the mobile terminal device 20 does not exist in the authentication area 120. Based on the determination result, the lock control unit 50 sets the function lock of the mobile terminal device 20 and prohibits the operation by the user.

  As a result of this determination, the WiFi reception state and the GPS positioning information do not match, so the function of the mobile terminal device 20 may be completely locked. By combining the two conditions in this way, it is specified that a part of the presence area 62 of the mobile terminal device 20 and a part of the authentication area 120 do not overlap.

  <Computer configuration example>

  FIG. 15 shows a configuration example of a computer. The configuration shown in FIG. 15 is an example.

  The information processing apparatus 2 such as the portable terminal apparatus 20 is configured by a computer 190 shown in FIG. 15, for example. The computer 190 includes, for example, a CPU (Central Processing Unit) 192, a storage unit 194, a RAM (Random Access Memory) 196, a communication unit 198, a GPS 202, a display unit 206, an input operation unit 208, and the like.

  The CPU 192 is an example of a means for executing and calculating an OS (Operating System) 210 stored in the storage unit 194 and other programs for causing the information processing device 2 and the mobile terminal device 20 to function.

  The storage unit 194 is an example of a storage unit that stores an application program to be executed by the mobile terminal device 20 and stores acquired data and the like, and includes, for example, a ROM (Read Only Memory). The storage unit 194 configures the above-described WiFi-SSID data holding unit 34, the position data holding unit 44, and the like, for example. The storage unit 194 stores, for example, the OS 210 and the security program 212 of the present disclosure. In addition, the storage unit 194 has a data storage area 214 that stores registration data tables 64 and 90 in which, for example, SSID information and GPS positioning information are registered. In addition, WiFi-SSID information, GPS positioning information, and the like acquired in the determination mode may be stored.

  Note that the storage unit 194 is not limited to the ROM, and may be configured as, for example, an EEPROM (Electrically Erasable and Programmable Read Only Memory) capable of electrically rewriting the contents as a nonvolatile storage unit.

  The RAM 196 functions as a work area for executing a program. The RAM 196 functions as, for example, a registration unit or a determination unit related to the acquired WiFi-SSID or GPS data by the security program 212 calculated by the CPU 192.

  The communication unit 198 is an example of a wireless communication unit of the mobile terminal device 20 and is connected to the antenna 200. The communication unit 198 is connected to a wireless LAN such as WiFi and receives WiFi-SSID information and performs data communication with an access point.

  The GPS 202 is an example of a GPS communication unit of the mobile terminal device 20 and is connected to the GPS antenna 204. The GPS 202 communicates with the GPS satellite 22, a relay server, and the like, and transmits a request for the current position information of the mobile terminal device 20 and receives the GPS positioning information 26.

  The display unit 206 displays a standby screen of the mobile terminal device 20, a screen for prompting authentication, a notification screen for authentication success or authentication failure, and the like. The display unit 206 is composed of, for example, an LCD (Liquid Crystal Display) display element.

  The input operation unit 208 includes, for example, a keyboard, cursor keys, a mouse, and the like, and a setting operation and an authentication operation for the mobile terminal device 20 are input. Note that the mobile terminal device 20 may use, for example, a touch panel type display unit in which the display unit 206 and the input operation unit 208 are combined.

  <Registration mode processing>

  16 and 17 show a processing example in the registration mode. The processing procedures and processing contents shown in FIGS. 16 and 17 are examples.

  <Registration sequence of WiFi SSID information>

  In the registration process shown in FIG. 16, WiFi SSID information is registered. For example, when the portable terminal device 20 receives a registration mode ON operation from the user, the portable terminal device 20 executes the registration mode. The user's start operation is not limited to when the mobile terminal device 20 starts to be used. Further, in the mobile terminal device 20 that performs this start operation, for example, authentication with an ID or a password may be performed before shifting to the registration mode so that only a user having management authority can perform the registration operation.

  The registration mode execution operation is notified to the WiFi-SSID data registration unit 32 (S11). The WiFi-SSID data registration unit 32 requests registration information for the registration mode from the user setting unit 52 (S12), and receives, for example, WiFi-SSID registration repetition interval information as user setting value information from the user setting unit 52. (S13).

  The WiFi-SSID data registration unit 32 outputs an instruction to acquire SSID information 24 of peripheral access points to the WiFi-SSID reception function unit 30 (S14). When the WiFi-SSID data registration unit 32 receives the receivable SSID information 24 (S15), the WiFi-SSID data registration unit 32 stores this data in the WiFi-SSID data holding unit 34 (S16).

  The WiFi-SSID data registration unit 32 determines whether or not the registration mode execution instruction is continuing (S17). In this determination, for example, it is monitored whether or not the user has performed a setting mode OFF setting operation (S18). The registration of the SSID information in the registration mode is continuously performed when the registration mode is ON (YES in S17).

  The execution of the registration mode may be terminated based on, for example, a user setting value acquired from the user setting unit 52 in addition to a case where the user performs a setting operation for turning off the registration mode.

  <Location information registration sequence>

  In the registration process shown in FIG. 17, the positional information by GPS is registered. For example, when the portable terminal device 20 receives a registration mode ON operation from the user, the portable terminal device 20 executes the registration mode. In the mobile terminal device 20 that performs this start operation, in order to enable a registration operation only to a user having management authority, for example, authentication using an ID or a password may be performed before shifting to the registration mode.

  The registration mode execution operation is notified to the position data registration unit 42 (S21). The position data registration unit 42 requests the setting information of the registration mode from the user setting unit 52 (S22), and receives, for example, GPS registration repetition interval information as user setting value information from the user setting unit 52 (S23). .

  The position data registration unit 42 outputs an instruction to acquire the GPS positioning information 26 for the GPS satellite 22 or the relay server to the GPS reception function unit 40 (S24). Then, upon receiving the GPS positioning information 26 (S25), the position data registration unit 42 stores this data in the position data holding unit 44 (S26).

  The position data registration unit 42 determines whether or not the execution instruction for the registration mode is continuing (S27). In this determination, for example, it is monitored whether or not the user has performed an operation for setting the registration mode OFF (S28). The registration of the position information in the registration mode is continuously performed when the registration mode is ON (YES in S27).

  The execution of the registration mode may be terminated based on the user setting value acquired from the user setting unit 52 as described above, in addition to the case where the user performs a setting operation for turning off the registration mode, for example. Also, either the registration process of WiFi SSID information 24 and the registration process of GPS positioning information 26 may be performed in advance, or both may be performed independently and in parallel.

  <Registration process flowchart>

  FIG. 18 shows an example of the registration process. The registration process illustrated in FIG. 18 is an example of a security method and a security program for the information processing apparatus according to the present disclosure.

  The portable terminal device 20 determines whether or not the registration mode function has been executed by a user operation or the like (S31). In this determination, for example, it is determined whether an operation for instructing registration has been performed during the execution of the security program 212. When the registration mode is executed (YES in S31), an information acquisition instruction is output to the WiFi-SSID reception function unit 30 and the GPS reception function unit 40 (S32). When the registration mode function is not executed (NO in S31), for example, the standby state is continued.

  An instruction is output to store the received WiFi SSID information 24 and GPS positioning information 26 in the storage unit 194 (S33). At this time, the WiFi-SSID data registration unit 32 and the position data registration unit 42 generate registration data tables 64 and 90.

  In the registration process, for example, it is determined whether or not the registration instruction is continuing (S34). If there is a registration instruction, the process returns to S32 to further register information.

  <Judgment mode processing>

  FIG. 19 shows a processing example in the determination mode. The processing content and processing procedure shown in FIG. 19 are examples.

  <Determination processing sequence based on WiFi-SSID information>

  The sequence process in the determination mode shown in FIG. 19 is started when the user turns on the power to the mobile terminal device 20 or performs an unlock operation. For example, when detecting a user operation (S41), the WiFi-SSID determination unit 36 outputs an instruction to acquire the WiFi SSID information 24 to the WiFi-SSID reception function unit 30 (S42). Based on this acquisition instruction, the WiFi-SSID reception function unit 30 takes in the SSID information 24 that can be received at the current position, and notifies the WiFi-SSID determination unit 36 (S43).

  The WiFi-SSID determination unit 36 requests the user setting value of the determination mode from the user setting unit 52 (S44), and acquires, for example, threshold information used for the determination as the user setting value from the user setting unit 52 ( S45).

  The WiFi-SSID determination unit 36 determines whether the acquisition of the SSID information 24 has succeeded (S46). When the SSID information 24 can be acquired (YES in S46), the process proceeds to a determination process using the registered SSID information 25 of WiFi. The registered SSID information 25 is read from the WiFi-SSID data registration unit 34 (S47).

  The WiFi-SSID determination unit 36 determines whether or not the SSID information 24 that can be received at the acquired current position is greater than or equal to a threshold value in the read stored data (S48). When the acquired SSID information 24 exists in the accumulated data at a threshold value or more (YES in S48), it is determined that the login authentication is OK, and the user is notified (S49).

  If the acquired SSID information 24 is not greater than or equal to the threshold value in the accumulated data (NO in S48), it is determined as login authentication NG and notified to the user (S50).

  <Judgment processing sequence based on position information>

  When the SSID information 24 cannot be acquired (NO in S46), for example, the determination result is notified to the position determination unit 46, and the determination process based on the position information is executed. The position determination unit 46 outputs a position information acquisition instruction to the GPS reception function unit 40 (S51). The GPS reception function unit 40 acquires the GPS positioning information 26 of the current position of the mobile terminal device 20 based on this acquisition instruction, and notifies the position determination unit 46 (S52).

  The position determination unit 46 requests the user setting value of the determination mode from the user setting unit 52 (S53), and acquires, for example, threshold information used for the determination as the user setting value from the user setting unit 52 (S54). .

  The position determination unit 46 determines whether or not the GPS positioning information 26 that is position information has been successfully acquired (S55). When the GPS positioning information 26 can be acquired (YES in S55), the process proceeds to determination processing based on position information. The registered position information is read from the position data holding unit 44 (S56).

  The position determination unit 46 determines whether or not the acquired GPS positioning information 26 is present in the accumulated data read out or more than a threshold value (S57). If the acquired GPS positioning information 26 has a coincidence degree equal to or higher than the threshold in the accumulated data (YES in S57), it is determined that the login authentication is OK, and the user is notified (S58).

  When the acquired GPS positioning information 26 does not have a matching degree equal to or greater than the threshold value with respect to the position information in the accumulated data (NO in S57), it is determined as login authentication NG and notified to the user (S59).

斯かる重点測定エリア２２４は、セキュリティの管理権限を有するユーザが任意に設定してもよい。 For example, as shown in FIG. 20A, the authentication processing using the GPS positioning information 26 is performed by using the authentication area 222 as a security authentication range with the position information of the terminal positioning position 220 measured by the GPS satellite 22 as a central point. Calculate with the device 20. For example, the authentication area 222 is set in a range of a radius r with the terminal positioning position 220 as a center as a threshold value. Further, outside the authentication area 222, for example, a priority measurement area 224 may be set as a permissible authentication range within a predetermined range. This emphasis measurement area 224 may be set, for example, with the radius shown in the following expression centering on the terminal positioning position 220.
Radius of priority measurement area 224:

Such a priority measurement area 224 may be arbitrarily set by a user having security management authority.

  In the authentication process, the terminal positioning position 220 is set in the GPS positioning information 26 registered in the registration mode. Then, it is determined whether or not the position indicated by the GPS positioning information 26 acquired in the determination mode is within the authentication area 222. Further, when it is determined that the positioning position of the mobile terminal device 20 is within the priority measurement area 224, for example, GPS positioning may be repeated to re-examine the authentication.

  As a specific example of the authentication process, a case where the position of the mobile terminal device 20 varies with time is shown. As shown in A of FIG. 20, the position information of the mobile terminal devices 20-1, 20-2, and 20-6 based on the first, second, and sixth measurement results has a radius r with respect to the terminal positioning position 220. It is in the authentication area 222 and authentication OK is determined.

  Further, the position information of the portable terminal devices 20-3 and 20-5 based on the third and fifth measurement results is in the priority measurement area 224, and re-authentication processing by position positioning is performed. In the re-authentication process, as shown in FIG. 20B, for example, GPS positioning is performed three times in 10 seconds. In the re-authentication, for example, it is determined whether the second and third results indicate the inside of the authentication area 222. If the re-authentication is within the authentication area 222, the security is released. As a result, when the mobile terminal device 20 is present around the authentication area 222, GPS positioning errors can be absorbed, and authentication accuracy can be improved. Further, for example, the user can be authenticated by moving toward the authentication area 222, and the convenience is improved.

  Since the position information of the mobile terminal device 20-4 based on the fourth measurement result is outside the priority measurement area 224, the authentication cannot be received.

  As shown in FIG. 19, when the GPS positioning information 26 is not obtained (NO in S55), for example, the mode may be shifted to an authentication mode using ID information or a password indicating whether or not the user has administrator authority (S60). In this case, for example, neither authentication by WiFi SSID information nor authentication by GPS position information has received a determination that authentication is not possible, and thus operation of portable terminal device 20 may be enabled by authentication by input operation. .

  <Determination processing flowchart>

  FIG. 21 shows an example of determination processing. The determination process illustrated in FIG. 21 is an example of a security method and security program executed by the information processing apparatus according to the present disclosure.

  The portable terminal device 20 determines whether it is in the state which performs a determination process (S71). In this process, for example, it is determined whether the power state of the mobile terminal device 20, the execution state of the security program 212, the presence / absence of the unlocking operation, or the availability of the settings of the registration data tables 64 and 90. If the determination process is possible (YES in S71), the WiFi SSID information 24 and the GPS positioning information 26 are acquired (S72).

  The registered data tables 64 and 90 are read from the storage unit 194 (S73), and determination processing for determining the degree of coincidence with the acquired SSID information 24 and GPS positioning information 26 is executed (S74).

  In the determination result, it is determined whether or not the registration information of the registration data tables 64 and 90 matches or is similar to the acquired information acquired in the determination mode (S75). In this determination, it is determined whether or not the registered SSID information 25 that matches the acquired SSID information 24 is greater than or equal to the threshold value in the registration database 64. Further, it is determined whether the GPS positioning information 26 measured in the determination mode is within a certain range with respect to the registered GPS positioning information 27.

  If the degree of coincidence or position information equal to or greater than the threshold is within the similar range (YES in S75), it is determined that the mobile terminal device 20 is in the authentication area 222, and unlocking is performed (S76). In addition, the user is notified of the success of authentication through a display screen, voice, or the like on the display unit 206 (S77).

  If the degree of coincidence or position information equal to or greater than the threshold is not within the similar range (NO in S75), lock control is performed (S78), and external access is prohibited. Then, the user is informed that authentication cannot be performed (S79).

  <Lock release processing flowchart>

  FIG. 22 shows an example of the lock release process. The process shown in FIG. 22 is an example.

  The lock release process shown in FIG. 22 shows a case where functions are restricted and usable when authentication by WiFi is not received.

  In this process, the result of the determination process is referred to and it is monitored whether or not authentication by the WiFi SSID information 24 has been received (S81). When the authentication by the SSID information 24 is received (YES in S81), the lock function for all the functions of the mobile terminal device 20 is released (S82). Further, when the authentication by the SSID information 24 cannot be received (NO in S81), unlocking with limited functions is performed (S83).

  <Example of screen display>

  FIG. 23 shows an example of a screen displayed on the display unit 206 of the mobile terminal device 20. The password or ID information input screen 230 shown in FIG. 23A is displayed when, for example, the security function of the present disclosure is authenticated by SSID information or GPS positioning information. In this portable terminal device 20, for example, authentication by input information is combined with the security method of the present disclosure.

  When the authentication process is completed, the user may be directly logged in and the top screen or the standby screen of the mobile terminal device 20 may be displayed.

  A display screen 232 shown in FIG. 23B shows a display example when authentication by SSID information or authentication by GPS positioning information has not been received. In this case, for example, a screen informing that authentication is impossible such as “cannot be used because it is not in the authentication area” is generated and displayed in each of the determination units 36 and 46, for example.

  According to such a configuration, it is possible to estimate whether the information processing apparatus is within an available authentication area by using the received communication information, and an authentication operation at the time of use can be omitted, so that the convenience of the apparatus is improved. . By releasing the lock only when it is estimated that the communication area is within the authentication area based on the received information of the communication information, it is possible to prevent the security function from being set. When the information processing apparatus is taken out of the authentication area, the lock function is immediately executed to improve the reliability of the security function. By performing lock control based on communication information that can be received at the current position, it is not necessary to construct a new security server, and a security function can be realized at low cost.

  [Third Embodiment]

  24 and 25 show an example of security function execution processing of the mobile terminal device according to the third embodiment.

  In the registration mode process shown in FIG. 24, for example, when acquiring authentication information, information used for authentication can be selected on the user side.

  <Registration mode processing>

  When the security program 212 is executed by a user operation and the registration mode is started (S91), the registration target can be selected from 1) “WiFi only”, 2) “GPS only”, 3) “WiFi + GPS”. A state is entered (S92). For this selection operation, for example, a selection screen may be displayed on the display unit 206, and selection processing may be executed by an operation by the input operation unit 208. The information selected in this process may be stored in, for example, the storage unit 194 and read out in the determination mode.

  <Select WiFi registration mode>

  When “only WiFi” is selected in the selection process (“only WiFi” in S92), the WiFi registration mode is activated (S93), and the WiFi-SSID reception function unit 30 captures the SSID information 24 (S94). . The captured SSID information 24 is registered as registered SSID information 25 in the WiFi-SSID data holding unit 34 (S95). When registration information satisfying a certain condition set in the user setting unit 52 is stored, the user is notified that the registration mode is completed using, for example, the display unit 206 (S96).

  <GPS registration mode selection>

  When “GPS only” is selected in the selection process (“GPS only” in S92), a GPS-only registration mode is activated (S97), and the GPS reception function unit 40 captures the GPS positioning information 26 (S98). . The acquired GPS positioning information 26 is registered as registered GPS positioning information 27 in the position data holding unit 44 (S99). Then, the process proceeds to S96 where a registration mode completion notification is made.

  Note that setting GPS-only information in advance is not limited to the case where the SSID information 24 whose positioning position is WiFi can be received. In this case, for example, an authentication area by GPS may be set for position information different from the authentication area using WiFi.

  <Select WiFi + GPS registration mode>

  When “WiFi + GPS” is selected in the selection process (“WiFi + GPS” in S92), the WiFi + GPS registration mode is activated (S100). The WiFi-SSID reception function unit 30 captures WiFi SSID information 24, and the GPS reception function unit 40 captures GPS positioning information 26 (S101). The captured SSID information 24 is registered in the WiFi-SSID data holding unit 34 (S102), and the GPS positioning information 26 is registered in the position data holding unit 44 (S103). Then, the process proceeds to S96 where a registration mode completion notification is made.

  <Judgment mode processing>

  FIG. 25 shows a processing example in the determination mode. In this determination mode, for example, determination processing is executed based on information selected in the registration mode.

  When the power of the mobile terminal device 20 is turned on by a user operation, the security function system is activated (S111). The process proceeds to a selection process of which registration mode is set (S112). In this selection process, for example, whether or not “WiFi only”, “GPS only”, or “WiFi + GPS” is selected is displayed on the display unit 206 in the registration mode.

  <Selecting WiFi judgment mode>

  When “only WiFi” is selected in the selection process (“only WiFi” in S112), the WiFi-SSID reception function unit 30 captures the SSID information 24 (S113). The registered SSID information 25 is read from the WiFi-SSID data holding unit 34 (S114), and the registered SSID information 25 is compared with the acquired SSID information 24 (S115). Then, it is determined whether the degree of coincidence of the acquired SSID information 24 is greater than or equal to a threshold value (S116). In this determination, it is determined whether or not the registered SSID information 25 that matches the acquired SSID information 24 is greater than or equal to a threshold value in the WiFi-SSID data holding unit 34.

  If it is not equal to or greater than the threshold (NO in S116), lock control is performed (S117), and if it is equal to or greater than the threshold (YES in S116), the lock is released (S118).

  <GPS judgment mode selection>

  When “GPS only” is selected in the selection process (“GPS only” in S112), GPS positioning information is captured by the GPS reception function unit 40 (S119). The registered GPS positioning information is read from the position data holding unit 44 (S120), and the registered GPS positioning information is compared with the acquired GPS positioning information (S121). Then, it is determined whether the degree of coincidence of the acquired GPS positioning information is greater than or equal to a threshold value (S122). In this determination, as described above, it is determined whether or not the current position is within the error threshold indicating the authentication area with respect to the registered GPS positioning position.

  If the threshold value is not exceeded (NO in S122), lock control is performed (S123), and if the threshold value is exceeded (YES in S122), the lock is released (S124).

  <Selecting WiFi + GPS judgment mode>

  When “WiFi + GPS” is selected in the selection process (“WiFi + GPS” in S112), the GPS positioning information 26 is taken together with the SSID information 24 (S125). The registered SSID information 25 is read from the WiFi-SSID data holding unit 34, and the registered GPS positioning information 27 is read from the position data holding unit 44 (S126). The registered SSID information 25 and the acquired SSID information 24 and the registered GPS positioning information 27 are compared with the acquired GPS positioning information 26 (S127). Then, it is determined whether the degree of coincidence between the acquired SSID information 24 and GPS positioning information 26 is greater than or equal to a threshold value (S128).

  If the threshold value is not exceeded (NO in S128), lock control is performed (S129), and if the threshold value is exceeded (YES in S128), the lock is released (S130).

  According to such a configuration, the received communication information and GPS information are used to estimate whether the mobile terminal device is within an available authentication area, and the selection of information used for registration and authentication determination is performed as a security function. Available to departments. In addition, by making it possible to select only WiFi or GPS-only authentication, authentication can be performed and power saving can be realized.

  [Fourth Embodiment]

  FIG. 26 illustrates a configuration example of the mobile terminal device according to the fourth embodiment. The configuration shown in FIG. 26 is an example.

  For example, the mobile terminal device 20 illustrated in FIG. 26 performs security processing on the SSID information 24 of WiFi acquired in the registration mode by using connection history information. In the WiFi-SSID data holding unit 34, connection history information 240 indicating that the mobile terminal device 20 has been authenticated and connected to the wireless LAN indicated by the registered SSID information 25 is registered.

  In the registration data table 242 shown in FIG. 27, for example, a connection history section 248 is set together with a registration number section 244 and a WiFi SSID information section 246 in which SSID information receivable in the authentication area is tabulated. This connection history may be determined, for example, whether there is communication data transmitted / received to / from a wireless LAN access point, and whether a login password and ID information for a specific SSID are registered.

  The connection history to the wireless LAN indicates that the wireless LAN service has been authenticated by, for example, ID information or a password. As a result, the SSID information obtained by the authentication by connection is different in reliability from the estimation of the position of the mobile terminal device 20 with respect to the other SSID information that can be received in the reception area. Therefore, in the authentication process in this determination mode, weighting is set for other SSID information for SSID information having such a connection history. In the coincidence determination, for example, when highly reliable SSID information is included, a process of lowering the threshold value is performed.

  <Judgment mode processing>

  FIG. 28 shows an example of determination processing when a connection history is used. The processing content and processing procedure shown in FIG. 28 are examples.

  When the determination mode is executed, the WiFi SSID information 24 is taken in, for example, according to an instruction from the WiFi-SSID determination unit 36 (S141). Also, the registered SSID information 25 stored in the WiFi-SSID data holding unit 34 is read (S142), and the registered SSID information 25 that matches the captured SSID information 24 is extracted (S143).

  The WiFi-SSID determination unit 36 determines whether there is a connection history for the extracted registered SSID information 25 (S144). The determination of the connection history of the registered SSID information 25 may be performed with reference to the connection history section 248 of the registration data table 242.

  When there is a connection history to the wireless LAN indicated by the SSID information 24 (YES in S144), a new threshold is set (S145). The threshold value may be set, for example, in advance in the user setting unit 52, and a new threshold value may be set based on the number of SSID information 24 having a connection history with respect to the read threshold value. If the normal threshold value is set to 4, for example, the WiFi-SSID determination unit 36 determines that the threshold value is set to 3, for example, when one piece of SSID information having a connection history is included.

  When the SSID information 24 including the connection history is not extracted (NO in S144), for example, a normal threshold value read from the user setting unit 52 is set (S146).

  Then, as a process for determining the degree of coincidence of SSID information, the number of SSID information that matches the registered SSID information is determined (S147). It is determined whether the number of matching SSID information is equal to or greater than a set threshold value (S148). If it is equal to or greater than the threshold value (YES in S148), the lock is released (S149). If the threshold is not reached (NO in S148), lock control is performed to prohibit access to the operation function for the mobile terminal device 20 (S150).

  According to such a configuration, it is possible to authenticate whether or not the position where the SSID information can be received is the authentication area, based on the connection result to the wireless LAN indicated by the SSID, so that the security function can be further enhanced. In addition, since the reception position of the SSID can be specified with high accuracy by the information on the authentication success to the wireless LAN, the authentication accuracy can be maintained even if the threshold value is lowered. By lowering the threshold value, the possibility of authentication is increased even when there is a reduction in the load of closeness matching in the determination mode and there is a change in the environment of the access point, and the convenience of the mobile terminal device is improved.

  [Other Embodiments]

  (1) In the above-described embodiment, the portable terminal device 20 that can be taken out of the authentication area and started up is shown as an example of the information processing device, but is not limited thereto. Any information processing apparatus having a wireless communication function connectable to a wireless LAN such as WiFi may be used. For example, it may be a large computer installed and used, a desktop PC, or the like. In addition, it may be a television or game machine capable of wireless communication.

  (2) In the above embodiment, SSID information for specifying a wireless LAN such as WiFi is used as communication information. However, the present invention is not limited to this. As information that can specify the usage environment of the information processing apparatus 2 from the state of wireless communication, for example, the MAC address or IP address of an access point may be used.

  (3) In the above embodiment, the SSID information and the GPS positioning information for wireless communication are stored independently and used for the determination process. However, the present invention is not limited to this. For example, GPS positioning information and SSID information may be stored in conjunction with each other. Even if it is determined that the SSID information of WiFi and the GPS positioning information are related, and the degree of coincidence in the determination of the SSID information is equal to or greater than a threshold, and the GPS positioning information is also within the threshold, it is determined to be within the authentication area. Good. For example, when a person who does not have a malicious use authority intentionally creates the same WiFi usage environment, impersonation authentication can be prevented by determining the location information together. In addition, when the registered SSID information is only large-scale public wireless LAN information, there is a possibility that there are many areas that can be authenticated only by the received information of WiFi. Even in such a case, if the GPS registration information does not match, the use is not permitted or the use is restricted, so that the security is further improved.

  (4) In the above embodiment, the authentication area is estimated based on the number of matches with the SSID information acquired in the determination mode regardless of the number of registered SSID information, but the present invention is not limited to this. For example, regarding the determination of the degree of coincidence, authentication may be performed based on a ratio that matches the registered SSID information, instead of the absolute number of matching SSID information.

  (5) In the above embodiment, the number of threshold values is not limited to the number of registered SSID information, but is set to 4, for example, but is not limited thereto. The threshold used for authentication may be changeable according to the number of registered SSID information, for example. That is, when a place with a small amount of receivable SSID information is set as the authentication area, the threshold value may be set low.

  Also, in places where there are a large number of receivable WiFi such as in metropolitan areas, around stations, and in downtown areas, the number of SSID information registered in the authentication area is large. That is, in a place where the number of WiFi access points is large, there is a high possibility that the registered SSID information is included. Therefore, the reliability of the security function can be improved by increasing the threshold value of the matching SSID information and estimating that there is an information processing device in the authentication area when the ratio of the matching degree is a certain value or more.

As described above, preferred embodiments of the present invention have been described, but the present invention is not limited to the above description. It goes without saying that various modifications and changes can be made by those skilled in the art based on the gist of the invention described in the claims or disclosed in the specification. It goes without saying that such modifications and changes are included in the scope of the present invention.

2 Information processing device 4, 4-1, 4-2, 4-3, ... 4-N Access point 6, 6-1, 6-2, 6-3 ... 6-N Communication information 8 Wireless communication Means 10 Storage means 12 Determination means 14, 14-1, 14-2, 14-3, ... 14-X Registered communication information 16 Control means 20 Portable terminal device 22 GPS satellites 24, 24-1, 24-2, 24-4, ... 24-N SSID information 26 GPS positioning information 30 WiFi-SSID reception function part 32 WiFi-SSID data registration part 34 WiFi-SSID data holding part 36 WiFi-SSID determination part 40 GPS reception function part 42 Position Data registration unit 44 Position data holding unit 46 Position determination unit 50 Lock control unit 52 User setting unit 60, 120 Authentication area 62 Existing area 64 Registration data table 7 Acquired SSID information table 80 acquired SSID information table 90 registered data table 100 obtains GPS information table 110 obtains GPS information table 190 computer 192 CPU
194 storage unit 196 RAM
198 Communication unit 202 GPS
206 Display section 212 Security program 214 Data storage area 240 Connection history information 242 Registration data table 248 Connection history section

Claims (6)

An information processing apparatus having a wireless communication function,
Wireless communication means for acquiring first communication information from a plurality of access points in a wireless communicable range;
Storage means for storing second communication information of a plurality of authentication access points capable of identifying the authentication area;
A predetermined number indicating the number of the first communication information that matches one of the plurality of the second communication information stored in the storage unit among the plurality of the first communication information, and a positional relationship with the authentication area Determining means for comparing the threshold value and determining whether it is within the authentication area;
A lock that prohibits the operation when it is determined that it is within the authentication area based on the result of the determination performed at the start of use or during use, when part or all of the operation function restrictions are removed, and when it is determined that it is outside the authentication area Control means for controlling;
An information processing apparatus comprising: The determination means sets at least two or more as the predetermined threshold, and the authentication means when the number of the first communication information that matches a plurality of the second communication information is equal to or more than the predetermined threshold. Output the judgment result within the area,
The control means releases the lock based on a determination result indicating that it is in the authentication area.
The information processing apparatus according to claim 1. Furthermore, it comprises a location information acquisition means for acquiring the first location information,
The storage means stores second position information indicating the authentication area,
The determination means determines whether or not it is within the authentication area from the acquired first position information and the second position information,
The control means performs lock control based on a determination result using the first communication information and a determination result based on the first position information.
The information processing apparatus according to claim 1, wherein the information processing apparatus is an information processing apparatus.   The said determination means performs lock control only by the determination result of whether it is in the said authentication area by said 1st position information based on the acquisition state of said 1st communication information, It is characterized by the above-mentioned. The information processing apparatus described. A security method for an information processing apparatus having a wireless communication function,
Storing second communication information of a plurality of authentication access points capable of identifying the authentication area;
The first communication information is acquired by wireless communication means from a plurality of access points in a wireless communicable range,
The number of the first communication information that matches the plurality of the second communication information among the plurality of the first communication information is compared with a predetermined threshold value indicating a positional relationship with the authentication area to compare the authentication area. To determine whether or not
A lock that prohibits the operation when it is determined that it is within the authentication area based on the result of the determination performed at the start of use or during use, when part or all of the operation function restrictions are removed, and when it is determined that it is outside the authentication area Do control,
A security method for an information processing apparatus including processing. A security program to be executed by a computer mounted on an information processing apparatus having a wireless communication function,
A function of acquiring first communication information by a wireless communication means from a plurality of authentication access points in a wireless communicable range;
The number of the first communication information that matches the second communication information that is a plurality of authentication access points capable of identifying the stored authentication area in the first communication information, and the authentication area A function of comparing a predetermined threshold value indicating a positional relationship with respect to and determining whether or not it is within the authentication area;
A lock that prohibits the operation when it is determined that it is within the authentication area based on the result of the determination performed at the start of use or during use, when part or all of the operation function restrictions are removed, and when it is determined that it is outside the authentication area A control function for controlling,
A security program for an information processing apparatus including:

Images