JP6532851B2 - Communication apparatus, DNS processing method, and program - Google Patents

Description

  The present invention relates to a communication apparatus, a DNS processing method, and a program.

  BACKGROUND Conventionally, communication devices such as portable terminals capable of data communication are known (see, for example, Patent Document 1). In the communication device, a configuration may be adopted in which data communication by an application operating on the communication device is permitted by default, while only data communication by an application selected by the user is prohibited. In this case, the user can suppress the data communication by the application as long as the user can understand.

JP, 2015-162701, A

  However, the user can not always completely understand what application is operating in the communication device. In particular, applications running in the background of the communication device system are likely not to be grasped by the user. Therefore, even if the user selects the prohibition of data communication if the user recognizes the operation, the user may not select the prohibition of data communication of the application because the user does not grasp the operation. In addition, with regard to data communication performed by the system of the communication apparatus, there are cases where the user can not select it as the system specification of the communication apparatus. In these cases, data communication unintended by the user may be performed, and the amount of data communicated may increase unintentionally.

  An object of the present invention is to provide a communication device, a DNS processing method, and a program capable of reducing the occurrence of communication unintended by a user.

A communication device according to an embodiment of the present invention is
A communication device capable of data communication,
When acquiring a connection request to the network from the application, it is determined whether the ID of the application of the connection request source is a specific ID for which data communication is permitted,
If the ID of the application is determined not to be a particular ID, the suppress DNS data communication based on the connection request.

In addition, a DNS processing method according to an embodiment of the present invention is
A DNS processing method executed by a communication device capable of data communication,
Obtaining a connection request from the application to the network;
Determining whether the ID of the application of the connection request source is a specific ID for which data communication is permitted;
If the ID of the application is determined not to be a particular ID, including the steps of suppressing the DNS data communication based on the connection request.

In addition, a program according to an embodiment of the present invention is
In the communication device capable of data communication,
Obtaining a connection request from the application to the network;
Determining whether the ID of the application of the connection request source is a specific ID for which data communication is permitted;
If the ID of the application is determined not to be a particular ID, to execute the steps of suppressing the DNS data communication based on the connection request.

  According to the communication device, the DNS processing method, and the program according to the embodiment of the present invention, it is possible to reduce the occurrence of communication that is not intended by the user.

It is a functional block diagram showing an example of outline composition of a communication apparatus concerning a 1st embodiment. It is a figure which shows the external appearance of an example of the communication apparatus which concerns on 1st Embodiment. It is a block diagram showing an example of the flow of data concerning a 1st embodiment. It is a figure explaining the sequence of the filtering process concerning 1st Embodiment. It is a figure explaining an example of the sequence which transmits data from application. It is a figure explaining the sequence of the filtering process concerning the comparative example of 1st Embodiment. It is a figure explaining the sequence of the DNS process which concerns on 2nd Embodiment. It is a figure explaining the sequence of the DNS process which concerns on the comparative example of 2nd Embodiment. It is a figure explaining the sequence of the DNS process which concerns on 3rd Embodiment.

First Embodiment
Hereinafter, a communication apparatus according to an embodiment will be described in detail with reference to the drawings. The communication device according to the present embodiment can be a mobile device such as a mobile phone or a smartphone. However, the communication device according to the present embodiment is not limited to the portable device, and performs data communication such as desktop PC, notebook PC, tablet PC, home appliance, industrial device (FA device), dedicated terminal, etc. Various electronic devices can be used.

[Device configuration]
FIG. 1 is a functional block diagram showing a schematic configuration example of the communication device 1 according to the present embodiment. As shown in FIG. 1, the communication device 1 includes a control unit 10, a communication unit 11, a storage unit 12, a display unit 13, and an operation unit 14. The control unit 10 is connected to the communication unit 11, the storage unit 12, the display unit 13, and the operation unit 14 and controls them.

  The control unit 10 can be configured by an operating system (hereinafter, also referred to as an OS) and a processor or microcomputer capable of executing application software (hereinafter, also referred to as an application). The OS is, for example, Android (registered trademark). The application will be described later.

  The communication unit 11 includes an I / F (interface) device 111 as a communication interface for performing cellular communication or wireless LAN communication. The I / F device 111 includes a modem 112 and a wireless LAN device 113. The communication unit 11 is connected to a network side such as the Internet using the I / F device 111, and performs data communication with the network side. Thus, the communication device 1 can perform data communication with the network side. The communication unit 11 is connected to the control unit 10, and acquires data to be output to the network side from the control unit 10. The control unit 10 selects data to be output to the communication unit 11 by filtering processing. The filtering process will be described later. The control unit 10 also acquires data received from the network side from the communication unit 11.

  When the cellular communication system is connected to the network side, a pay-as-you-go system is generally adopted in which the communication charge increases with the increase in the amount of data (packets) to be communicated. On the other hand, when connected to the network side by a method such as wireless LAN communication, it is generally not such a charge system.

  The storage unit 12 can be configured by, for example, a semiconductor memory. The storage unit 12 stores various information and data, and programs such as an OS and an application executed by the control unit 10. The control unit 10 executes a program stored in the storage unit 12. The control unit 10 stores data generated by the execution of the program in the storage unit 12. The storage unit 12 can also function as a work memory.

  The display unit 13 displays characters, images, operation objects, pointers, and the like based on the information acquired from the control unit 10. Although the display part 13 is display devices, such as a liquid crystal display, an organic electroluminescent display, an inorganic electroluminescent display, for example, it is not restricted to these.

  The operation unit 14 is configured by physical keys such as ten keys, a touch pad, or a touch panel. The control unit 10 moves a pointer or the like displayed on the display unit 13 or selects an operation object according to the input content acquired from the operation unit 14.

  FIG. 2 is a view showing an appearance of an example of the communication device 1 according to the present embodiment. As shown in FIG. 2, the communication device 1 according to the present embodiment is a so-called foldable (flip or clamshell or the like) feature phone. In the communication device 1, the upper case 2 and the lower case 3 are rotatably connected by the hinge unit 4. The upper housing 2 includes the display unit 13, and the lower housing 3 includes the operation unit 14. The operation unit 14 includes a touch pad 141 at a portion where no physical key is provided, in addition to a physical key such as a ten key. The communication device 1 receives, for example, a selection operation of an operation object by a physical key, and receives a movement operation such as a pointer by the touch pad 141.

[application]
The application is installed in the communication device 1 so as to be executable by the control unit 10 and stored in the storage unit 12. When an application is installed in the communication device 1, a unique user identifier (hereinafter also referred to as a UID) is assigned to each application. The application is executed by the control unit 10 as a process associated with the UID on the OS.

  When executed by the control unit 10, the application accesses resources such as a file system. When each application accesses a resource without restriction, the use area of the resource by each application may overlap, and in this case, the application may not be executed normally. Therefore, the access to the resource is restricted by the UID associated with the process executed on the OS, so that the resource use by the applications does not affect each other. That is, the resources accessible from each process are limited to the resources of the process associated with the same UID.

  Each application may be further assigned a group identifier (hereinafter, also referred to as a GID or a group ID). The GID identifies a group to which a unique UID assigned to each application belongs. Only one UID may belong to one group, or multiple UIDs may belong to one group. When an application is executed as a process associated with UID, this process may be associated with GID. Also, resources accessible from each process may be extended and limited to resources of processes associated with the same GID as well as the same UID.

  The application is executed in the foreground (hereinafter also referred to as FG) or in the background (hereinafter also referred to as BG). The state in which the application is being executed by the FG is, for example, a state in which the execution status is displayed on the display unit 13 so that the user can check, or a user can operate using the operation unit 14. The state in which the application is being executed in BG is, for example, a state in which the execution status is not displayed on the display unit 13 and is not operable by the user, or a state in which the user operates unintentionally.

[Control of data communication]
The application executed by the control unit 10 performs data communication with a network side such as the Internet using the communication unit 11. As described above, the application is executed as a process that is mapped to the UID on the OS. Then, UID is associated with data transmitted from the application. The control unit 10 permits or prohibits data communication relating to data transmitted from each application by determining whether to permit or prohibit (restrict) transmission of data based on the UID associated with the data. Can control. Hereinafter, in the description according to the present embodiment, the data communication basically refers to data communication performed by the communication unit 11 with the network side.

  FIG. 3 is a block diagram showing an example of the flow of data according to the present embodiment. In FIG. 3, the control unit 10 and the communication unit 11 are provided on the terminal side. Then, the communication unit 11 is connected to the network side, and performs data communication with the network side.

  In FIG. 3, the control unit 10 executes the application A 16a and the application B 16b as processes on the OS. The application executed by the control unit 10 requests data communication with the network side as needed. For example, the application A 16a requests transmission of data toward the network side. In this case, data transmitted from the application A 16 a to the network side is input to the packet filter 15 operated by the control unit 10. Similarly, data to be transmitted from the application B 16 b to the network side is also input to the packet filter 15 from the application B 16 b.

  The packet filter 15 performs filtering processing of data from the control unit 10 toward the network side. The filtering process is a process of determining whether transmission of data requested by the application is permitted or prohibited based on the set filtering condition. The filtering conditions include, for example, ip_rule or ip_route. These filtering conditions are stored in the storage unit 12 and referred to by the packet filter 15. Hereinafter, the operation of setting the filtering condition includes an operation of storing the filtering condition in the storage unit 12. The filtering conditions may be stored in the control unit 10 without being stored in the storage unit 12.

  ip_rule includes, for example, a condition for determining whether data whose transmission source is X may be transmitted to the network side. The ip_route includes, for example, a condition for determining a route (such as a relay router) for transmitting data for which Y is designated as a transmission destination to the network side.

  In FIG. 3, the flow of data transmitted from the application A 16 a is indicated by a solid arrow, and the flow of data transmitted from the application B 16 b is indicated by a dashed arrow. Among these, the data transmitted from the application A 16 a is sent to the communication unit 11 without being prohibited from being transmitted by the filtering process in the packet filter 15. On the other hand, the data transmitted from the application B 16 b is prohibited from being transmitted by the filtering process in the packet filter 15 and is not sent to the communication unit 11. This operation is shown in FIG. 3 by the dashed arrow pointing to the description of reject.

  The data that has passed through the packet filter 15 (data transmitted from the application A 16 a indicated by a solid arrow in the case of FIG. 3) is input to the communication unit 11. The communication unit 11 transmits data to the network side using the I / F device 111. When transmitting data to the network side, the communication unit 11 can appropriately determine whether to use cellular communication with the modem 112, use wireless LAN communication with the wireless LAN device 113, or use another communication method.

[Filtering process]
Whether to permit or prohibit data communication of data transmitted from an application is determined based on the UID assigned to the application of the data transmission source. Hereinafter, data transmitted from an application to which X is assigned as a UID (hereinafter, also referred to as an application with a UID of X) is also referred to as data with a UID of X. Further, the filtering condition used to perform the filtering process of the data of UID X is also referred to as the filtering condition of data of UID X.

  The packet filter 15 has, for example, a filtering condition that only data communication related to data transmitted from an application having a UID of 1 is permitted. The filtering condition may be a combination of a plurality of conditions.

  Here, a sequence of data communication in the case where the filtering process according to the present embodiment is performed will be described. The filtering process according to the present embodiment is premised on determining permission or prohibition of data communication related to data to be transmitted by an application operating in BG. The following description of the filtering process according to the present embodiment is based on the above premise.

  In the filtering process according to the present embodiment, a filtering condition (hereinafter, also referred to as a default communication prohibition condition) that prohibits data communication by default is set. By setting the default communication prohibition condition, all data communication is prohibited unless another filtering condition is further set. The default communication prohibition condition is set when the communication device 1 is shipped, or set when the communication device 1 is initialized. That is, in the present embodiment, “default” means that it is preset as a standard operation at a predetermined timing (for example, at the time of shipment of the communication device 1 or at the time of initialization of the communication device 1). It shall be.

  In this embodiment, in order to execute necessary data communication, filtering conditions in which conditions for permitting data communication (hereinafter also referred to as communication permission conditions) are set in addition to the default communication prohibition conditions are used. . In this case, the communication permission condition takes precedence over the default communication prohibition condition.

  FIG. 4 is a diagram for explaining the sequence of the filtering process according to the present embodiment. FIG. 4 shows the sequence of the application A 16a, the application B 16b, the framework, the communication control unit, the kernel, and the modem 112.

  The modem 112 is hardware that functions as a communication interface for performing cellular communication, as described above. Although FIG. 4 describes data communication by cellular communication using the modem 112, data is replaced by another I / F device 111 such as the wireless LAN device 113 instead of the modem 112, and data by another communication method is used. Communication may be performed.

  The kernel, the communication control unit, and the framework are software and are executed by the control unit 10. In FIG. 4, 0 is assigned to the communication control unit as a UID.

  The framework is software including a group of functions for operating an application on the OS. Generally, the functions of each application are realized by combining the functions prepared by the framework.

  The kernel is software that is the core of the OS, and manages processing in hardware such as the communication unit 11 based on processing by software such as an application so that hardware functions can be used.

  The communication control unit is a daemon program that performs network related processing, and performs processing to connect the framework and the kernel. The communication control unit particularly processes data for enabling the kernel to use the function of the communication unit 11. In the present embodiment, the communication control unit outputs, to the kernel, a condition for determining whether the kernel permits or prohibits data output to the communication unit 11.

  In the present embodiment, the filtering process will be described as being performed by the packet filter 15. Here, the packet filter 15 is a virtual processing unit, and the actual filtering process is performed by the communication control unit and the kernel.

  The application A 16 a and the application B 16 b are processes that operate on the OS. In FIG. 4, 1 is assigned to the application A 16 a as UID, and 2 is assigned to the application B 16 b as UID.

  Hereinafter, the sequence shown in FIG. 4 will be described. When an application operating in BG transmits data, data communication by cellular communication is inhibited by default (step S1). That is, as the filtering condition, the default communication prohibition condition relating to the data transmitted from the application operating in BG is set. In FIG. 4, the kernel, the communication control unit, and the framework recognize that the default communication prohibition condition is set. In particular, the kernel does not transmit data to the modem 112 if it recognizes that the default communication prohibition condition is set.

  Subsequently, the framework acquires a permission request for data communication (hereinafter, also referred to as a communication permission request for data with a UID of 1) related to data with a UID of 1 when the application operates with BG (step S2). Subsequently, the framework outputs a communication permission request for data having a UID of 1 to the communication control unit (step S3).

  The communication control unit acquires a communication permission request for data having a UID of 1 (step S4). Subsequently, the communication control unit outputs a communication permission request for data having a UID of 1 to the kernel (step S5).

  The kernel acquires a communication permission request for data whose UID is 1 (step S6). A communication permission request for data with a UID of 1 is transmitted to the kernel by the operations of steps S3 to S6 described above. That is, as the filtering condition, the communication permission condition related to the data whose UID is 1 is set.

  Subsequently, when the application A 16 a requests data communication in the BG operation (step S 7), the kernel recognizes that the communication permission condition related to the data with UID 1 is set, and thus the data communication is permitted. (Step S8). Then, the modem 112 performs data communication to transmit data having a UID of 1 to the network side (step S9).

  On the other hand, when the application B 16b to which 2 is allocated as UID requests data communication in the BG operation (step S10), the kernel recognizes that the communication permission condition related to the data of UID 2 is not set. Therefore, the kernel prohibits data communication based on the default communication prohibition condition (step S11).

<Data transmission sequence from application>
In steps S7 to S9 in FIG. 4, it has been described that the application requests data communication and the modem 112 performs data communication. Hereinafter, these sequences will be more specifically described with reference to FIG. FIG. 5 shows the sequence of the application A 16a, the framework, the kernel, and the modem 112. The application A 16a, the framework, the kernel, and the modem 112 are the same as those in FIG.

  The application A16a is also referred to as a data communication request (hereinafter, referred to as a data communication request with a UID of 1) related to data (data with a UID of 1) transmitted from the application A16a, regardless of whether it is operated by FG or BG ) Is output to the framework on the OS where the application A 16a is operating (step S101).

  The framework acquires a data communication request with a UID of 1 (step S102). Subsequently, the framework outputs a data communication request with a UID of 1 to the kernel (step S103).

  The kernel acquires a data communication request with a UID of 1 (step S104). Subsequently, the kernel outputs data to the modem 112 based on the data communication request with a UID of 1 (step S105). Then, the modem 112 performs data communication to transmit data having a UID of 1 to the network side (step S106).

  By the operation of the sequence shown in FIG. 5 described above, data transmitted from the application is output to the communication unit 11 and transmitted to the network side.

Comparative Example
According to the filtering process according to the present embodiment described above, in addition to the default communication prohibition condition, the communication permission condition is explicitly added by the user, so that data communication unintended by the user may be prohibited. Get higher. Hereinafter, the filtering process according to the comparative example of the present embodiment will be described. As the filtering condition used in the filtering process according to the comparative example, a condition (hereinafter also referred to as a default communication permission condition) of permitting data communication related to all data by default is set. As described above, after the data communication relating to all the data is permitted, a condition (hereinafter also referred to as a communication prohibition condition) for prohibiting the data communication relating to the data of the UID designated by the user is further set.

  FIG. 6 is a diagram for explaining the sequence of the filtering process according to the comparative example. The application A 16a, the application B 16b, the framework, the communication control unit, the kernel, and the modem 112 are the same as in FIG. 4 and FIG.

  In FIG. 6, even when the application operating in BG transmits data, data communication by cellular communication is permitted by default (step S201). That is, as the filtering condition, the default communication permission condition relating to the data transmitted from the application performing BG operation is set.

  Subsequently, the framework acquires a data communication prohibition request (hereinafter also referred to as a communication prohibition request for data with a UID of 1) related to data with a UID of 1 when the application A 16a performs a BG operation (step S202). At this time, since the application A 16a is not performing BG operation, the communication prohibition condition related to the data of UID 1 is not set.

  Subsequently, the framework acquires a notification that the application A 16a has shifted to the BG operation (hereinafter, also referred to as a BG transition notification) (step S203). The framework that has received the notification outputs a communication prohibition request for data with a UID of 1 to the communication control unit (step S204).

  The communication control unit acquires a communication prohibition request for data whose UID is 1 (step S205). Subsequently, the communication control unit outputs a communication prohibition request for data whose UID is 1 to the kernel (step S206).

  The kernel acquires a communication prohibition request for data with a UID of 1 (step S207). Through the above-described operations of steps S202 to S207, the kernel is notified of a request to prohibit communication with data having a UID of 1. That is, as the filtering condition, the communication prohibition condition related to the data of UID 1 is set.

  Subsequently, when the application A 16 a requests data communication in the BG operation (step S 208), the kernel recognizes that the communication prohibition condition related to the data of UID 1 is set, and thus the data communication is prohibited. (Step S209).

  On the other hand, when the application B 16b to which 2 is allocated as UID requests data communication in the BG operation (step S210), the kernel recognizes that the communication prohibition condition related to the data of UID 2 is not set. Therefore, the kernel permits data communication based on the default communication permission condition (step S211). Then, the modem 112 performs data communication to transmit data of UID 2 to the network side (step S212).

  The filtering process according to the comparative example has been described above. In the comparative example, since the default communication permission condition is set, the data communication in the BG operation of the application B 16b in which the additional filtering condition is not explicitly set by the user is permitted. Therefore, when the user does not recognize the operation of the application B 16 b, data communication that the user does not intend may be performed.

  On the other hand, in the present embodiment, a default communication prohibition condition is set as the filtering condition. Then, the communication permission condition related to the data of the UID designated by the user is further set. In this case, by prohibiting data communication for all data by default, there is a high possibility that data communication not intended by the user can be prohibited.

  The filtering process according to the present embodiment and the comparative example has been described above. In the filtering process according to the present embodiment, unlike the filtering process according to the comparative example, data communication is prohibited for all data by default. Then, the communication permission condition related to the data of the UID specified by the user as the filtering condition is explicitly set by the user, thereby enabling the data communication intended by the user.

  According to the filtering process according to the present embodiment having the above-described configuration, it is possible to prohibit data communication related to data transmitted from the application B 16 b whose filtering condition is not explicitly set by the user. That is, data communication unintended by the user is likely to be prohibited.

  In the present embodiment, the method for prohibiting data communication by the cellular communication system using the modem 112 as the I / F device 111 has been mainly described. However, the I / F device 111 is not limited to the modem 112, and may be the wireless LAN device 113 or the like. That is, the control method of data communication of the communication apparatus 1 according to the present embodiment is not limited to data communication by the cellular communication method, and may be applied to data communication by other communication method such as wireless LAN communication method.

  Further, in the present embodiment, data communication may be permitted by default for a function required to transmit data for which data communication is permitted. The functions that are permitted to perform data communication by default are, for example, a tunneling function of a VPN (Vertual Private Network), a name resolution function of a DNS (Domain Name System), or a tethering function. Data communication relating to these functions may be permitted only as long as it operates when the user intends. The conditions for permitting data communication according to these functions may be set as filtering conditions prior to the default communication prohibition conditions.

  In addition, although the filtering process according to the present embodiment is performed for data communication of the application performing BG operation, the present invention is not limited thereto, and the data communication of the application performing FG operation may be performed. That is, in the filtering process according to the present embodiment, permission or prohibition of data communication related to data transmitted by an application operating in FG may be determined.

Second Embodiment
Next, a communication apparatus according to a second embodiment of the present invention will be described. In the above first embodiment, the configuration for controlling data communication based on the application ID and the filtering condition has been described. On the other hand, the communication apparatus according to the second embodiment is different from the first embodiment in that it controls DNS (Domain Name System) processing based on the application ID and the filtering condition.

  The communication apparatus 1 according to the second embodiment includes the control unit 10, the communication unit 11, the storage unit 12, the display unit 13, and the operation unit 14 as in the first embodiment (see FIG. 1). . In the following description, the same components as those of the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

  First, an outline of a general DNS process (name resolution process) will be described. For example, a communication device such as a smartphone having an OS (standard OS) installed by an OS provider installed first performs data communication in response to a request for connection from an application to a network (for example, a request for data communication). Perform DNS processing based on connection request. Specifically, when the communication device acquires a connection request from the application to the network, the communication device performs data processing for DNS processing, specifically, a packet (DNS request packet) including a domain related to the request from the application, for example. Send to an external DNS server. Subsequently, the communication device acquires, from the DNS server, response data, specifically, a packet (DNS response packet) including an IP address corresponding to the domain related to the request from the application. Thus, when the DNS process is completed, the communication device performs data communication based on the acquired IP address. Hereinafter, communication performed between the communication device and the DNS server in the DNS processing is called DNS data communication, and is distinguished from data communication performed between the communication device and the network after execution of the DNS processing.

<DNS Processing According to Second Embodiment>
Next, with reference to FIG. 7, the DNS process executed in the communication device 1 according to the present embodiment will be specifically described. Here, the OS (modified OS) installed in the communication apparatus 1 according to the present embodiment is a specification for controlling DNS processing in each of the communication control unit and the kernel included in the OS according to the first embodiment described above. The OS's code (specific code) is added. Alternatively, the change OS may be an OS in which a part of the code of the communication control unit included in the OS according to the first embodiment and a part of the code of the kernel are each modified to a specific code. Alternatively, the change OS may be an OS in which the above-described specific code is added or modified with respect to the standard OS.

  Also, in the following description, data communication by cellular communication of all applications (all UIDs and GIDs) is prohibited by default regardless of whether the application operates with FG or BG, and the exception is data An example of a configuration in which an ID (specific ID) for permitting communication is added and set individually is illustrated. For example, although all UIDs necessary for DNS processing including the UID (UID = 0) of the communication control unit are set in advance as the specific ID, another UID may be additionally set as the specific ID. For example, as in the first embodiment, the UID of the application identified based on the user input to the communication device 1 may be additionally set as the specific ID.

  First, the application A (UID = 1) outputs a connection request to the network to the framework (step S300). The connection request includes, for example, the UID of application A (UID = 1) and the domain of the data communication destination.

Next, when the framework acquires the connection request output from the application A in step S300 (step S301), the framework outputs a DNS processing request to the communication control unit (step S302). The UID of the DNS processing request output from the framework to the communication control unit is the same as the UID of application A (UID = 1 ).

  Next, the communication control unit acquires the DNS processing request (UID = 1) output from the framework in step S302 (step S303). When the DNS process request is acquired, the communication control unit determines the UID of the DNS process request to be output to the kernel as the UID (UID = 0) of the communication control unit. After that, the specific code (first specific code) added to the communication control unit as described above is executed.

  By executing the first specific code, the communication control unit changes the UID of the DNS processing request for output to the kernel from the UID of the communication control unit (UID = 0) to the UID of the application (UID = 1) ( Step S304). That is, by executing the first specific code added to the communication control unit, the UID of the DNS processing request for output to the kernel is not the UID of the communication control unit (UID = 0) but the UID of application A (UID = It is defined in 1). Then, the communication control unit outputs, to the kernel, the DNS processing request (UID = 1) whose UID has been changed (determined) by the execution of the first specific code (step S305).

  Next, the kernel acquires the DNS processing request (UID = 1) output from the communication control unit in step S305 (step S306). Thereafter, the specific code (second specific code) added to the kernel as described above is executed.

  Execution of the second specific code causes the kernel to perform the following operations. First, the kernel determines whether the UID (UID = 1) of the DNS processing request acquired from the communication control unit is a specific ID (step S307). If it is determined that the UID is not the specific ID (step S307-No), the kernel suppresses (ends) the DNS process (step S308) and returns, for example, an error. On the other hand, when it is determined that the UID is the specific ID (Yes in step S307), the kernel outputs a DNS processing request to the modem 112 (step S309).

  When the modem 112 acquires the DNS processing request output from the kernel in step S309 (step S310), the modem 112 performs DNS data communication (step S311). Specifically, the modem 112 outputs the DNS request packet to the DNS server, and acquires the DNS response packet from the DNS server. Thus, when the DNS process (name resolution) is completed, the communication device 1 starts data communication according to the request from the application.

  As described above, according to the communication device 1 according to the second embodiment, DNS data communication (and data communication) is permitted for the application matching the specific ID. On the other hand, DNS processing is suppressed for applications that do not match the specific ID. Since the DNS data communication (and data communication) does not occur by suppressing the DNS processing, for example, as compared with the first embodiment described above, the occurrence of the communication not intended by the user because the DNS data communication does not occur. It can be further reduced. In addition, the DNS processing request is not output from the kernel to the modem 112 for the application that does not match the specific ID. Therefore, for example, when the modem 112 is in the dormant state, it can be suppressed that the power for activating the modem 112 is consumed.

<DNS process according to comparative example>
Next, with reference to FIG. 8, DNS processing according to a comparative example of the second embodiment will be described. In the DNS process performed by the communication device 1 according to the comparative example, the execution of the first specific code of the above-described change OS is suppressed.

  First, the application A (UID = 1) outputs a connection request to the network to the framework (step S400). The connection request includes, for example, the UID of application A (UID = 1) and the domain of the data communication destination.

  Next, when the framework acquires the connection request output from the application A in step S400 (step S401), the framework outputs a DNS processing request to the communication control unit (step S402). The UID of the DNS processing request output from the framework to the communication control unit is the same as the UID (UID = 0) of the application A.

  Next, the communication control unit acquires the DNS processing request (UID = 1) output from the framework in step S402 (step S403). When the DNS process request is acquired, the communication control unit determines the UID of the DNS process request to be output to the kernel as the UID (UID = 0) of the communication control unit.

  Steps S400 to S403 described above are respectively the same as steps S300 to S303 in the DNS process according to the second embodiment.

  Subsequently, the communication control unit outputs the DNS processing request (UID = 0) to the kernel without executing the first specific code, that is, without changing the UID of the DNS processing request for output to the kernel. (Step S404).

  Next, the kernel acquires the DNS processing request (UID = 0) output from the communication control unit in step S404 (step S405). Thereafter, the specific code (second specific code) added to the kernel as described above is executed. Here, the communication control unit determines that the UID (UID = 0) of the acquired DNS processing request is the specific ID (step S406). Then, the kernel outputs a DNS processing request to the modem 112 (step S407).

  When the modem 112 acquires the DNS processing request output from the kernel in step S407 (step S408), the modem 112 performs DNS data communication (step S409).

  As described above, in the DNS process according to the comparative example, the above-described first specific code is not executed, and therefore, even if the request is from the application for which data communication should be prohibited, DNS data communication occurs. That is, in the comparative example, since the UID of the DNS processing request output from the communication control unit to the kernel is the same as the UID (UID = 0) of the communication control unit, the kernel receives the DNS processing request acquired from the communication control unit Can not identify the UID of the application based on and can not control the DNS process according to the UID of the application.

  However, according to the communication apparatus 1 according to the comparative example, although the DNS data communication occurs as described above according to the request from the application that prohibits the data communication, the data communication after the completion of the DNS processing is , The same as in the first embodiment. Therefore, as in the first embodiment, the occurrence of communication not intended by the user can be reduced.

  As described above, when the communication device 1 according to the second embodiment acquires a connection request from the application to the network, the communication device 1 controls the DNS process based on the connection request according to the ID of the application (for example, UID). Do. With this configuration, for example, in addition to data communication, DNS data communication can also be prohibited in response to a request from an application that prohibits data communication. Therefore, both the data communication and the DNS data communication do not occur in response to the request from the application that prohibits the data communication, so that the occurrence of the communication not intended by the user can be further reduced compared to, for example, the first embodiment. is there. In addition, for the application that prohibits data communication, the kernel suppresses the DNS process by the execution of the second specific code, so the kernel does not output the DNS process request to the modem 112. Therefore, for example, when the modem 112 is in the dormant state (dormant state), it can be suppressed that the power for recovering the modem 112 from the dormant state is consumed.

Third Embodiment
Next, a communication apparatus 1 according to a third embodiment of the present invention will be described. In the second embodiment described above, the configuration has been described in which the DNS processing is controlled by execution of the specific code added to the communication control unit and the kernel. On the other hand, the communication device 1 according to the third embodiment is different from the second embodiment in that the DNS process is controlled by executing a specific code added to the framework.

  The communication device 1 according to the third embodiment includes the control unit 10, the communication unit 11, the storage unit 12, the display unit 13, and the operation unit 14 as in the first and second embodiments. (See Figure 1). In the following description, the same components as those in the first embodiment and the second embodiment are denoted by the same reference numerals, and descriptions thereof will be omitted.

<DNS processing according to the third embodiment>
The DNS process executed in the communication device 1 according to the present embodiment will be specifically described with reference to FIG. Here, the OS (modified OS) installed in the communication apparatus 1 according to the present embodiment is a specific code (third code) for controlling the DNS processing in the framework included in the OS according to the first embodiment described above. OS) is added with a specific code). Alternatively, the change OS may be an OS in which a part of code of the framework included in the OS according to the first embodiment is modified to the third specific code. Alternatively, the change OS may be an OS in which the addition or modification of the third specific code described above is performed on the standard OS.

  Also, in the following description, data communication by cellular communication of all applications (all UIDs and GIDs) is prohibited by default regardless of whether the application operates with FG or BG, and the exception is data An example of a configuration in which an ID (specific ID) for permitting communication is added and set individually is illustrated. For example, although the UID (UID = 0) of the communication control unit is set in advance as the specific ID, another UID may be additionally set as the specific ID. For example, the UID of the application identified based on the user input to the communication device 1 may be additionally set as the specific ID.

  First, the application A (UID = 1) outputs a connection request to the network to the framework (step S500). The connection request includes, for example, the UID of application A (UID = 1) and the domain of the data communication destination.

  Next, the framework acquires a connection request from the application A in step S500 (step S501). Thereafter, the third specific code added to the framework as described above is executed.

  By executing the third specific code, the framework determines whether the UID of the connection request acquired from the application A is a specific ID (step S502). If it is determined that the UID is not the specific ID (Step S502-No), the framework suppresses (ends) the DNS process (Step S503) and returns, for example, an error. On the other hand, when it is determined that the UID is the specific ID (Yes in step S502), the framework outputs a DNS processing request (UID = 1) to the modem 112 (step S504).

  When the DNS processing request (UID = 1) is output from the framework in step S504, the communication control unit acquires the DNS processing request (step S505). When the DNS process request is acquired, the communication control unit determines the UID of the DNS process request to be output to the kernel as the UID (UID = 0) of the communication control unit. Subsequently, the communication control unit outputs a DNS processing request (UID = 0) to the kernel (step S506).

  Next, when the kernel acquires the DNS processing request (UID = 0) output from the communication control unit in step S506 (step S507), the kernel outputs the DNS processing request to the modem 112 (step S508).

  When the modem 112 acquires the DNS processing request output from the kernel in step S508 (step S509), the modem 112 performs DNS data communication (step S510).

  As described above, according to the communication device 1 according to the third embodiment, DNS data communication (and data communication) is permitted for an application that matches the specific ID. On the other hand, DNS processing is suppressed for applications that do not match the specific ID. Since the DNS data communication and the data communication do not occur by suppressing the DNS process, the occurrence of the communication not intended by the user can be further reduced as in the second embodiment described above. In addition, the DNS processing request is not output from the kernel to the modem 112 for the application that does not match the specific ID. Therefore, as in the second embodiment, for example, when the modem 112 is in the dormant state, it can be suppressed that the power for activating the modem 112 is consumed.

  Although the present invention has been described based on the drawings and examples, it should be noted that those skilled in the art can easily make various changes and modifications based on the present disclosure. Therefore, it should be noted that these variations and modifications are included in the scope of the present invention. For example, the components included in each component, each step, and the like can be rearranged so as not to be logically inconsistent, and a plurality of components, steps, and the like can be combined or divided into one. It is. Furthermore, although the present invention has been described focusing on the device, the present invention can also be realized as a method including the steps performed by each component of the device. Furthermore, although the present invention has been described focusing on the apparatus, the present invention can also be realized as a method, a program, or a storage medium storing a program, which is executed by a processor included in the apparatus. It should be understood that these are also included.

  For example, although the configuration in which the DNS process is controlled based on the UID has been described in the above-described embodiment, the present invention is not limited to the UID. For example, the DNS process may be controlled based on the GID.

  Also, in the second and third embodiments described above, data communication by cellular communication of all applications (all UIDs and GIDs) is prohibited by default regardless of whether the application operates with FG or BG. Although an exception has been described in which the ID (specific ID) for permitting data communication is added and set individually, the configuration for prohibiting data communication of an application using UID or GID is not limited to this. For example, by default, data communication by cellular communication of all applications is permitted, and as an exception, an ID for prohibiting data communication may be additionally set individually. Further, for example, the configuration may be configured to prohibit or permit the cellular communication of the application as described above only when the application operates with FG (or BG). Specifically, the configuration may be configured to prohibit (or permit) cellular communication of all applications operating on BG (or FG) by default.

  Further, in the third embodiment described above, the configuration in which the third identification code is added to the framework has been described, but the configuration in which the identification code (fourth identification code) is added to the communication control unit may be employed. In such a configuration, the communication control unit acquires the DNS process request (UID = n) output from the framework in response to the connection request from the application (UID = n). Thereafter, the fourth specific code is executed. By executing the fourth specific code, the communication control unit determines whether the UID of the acquired DNS processing request is a specific ID. Then, the communication control unit suppresses the DNS process when it is determined that the UID is not the specific ID, and outputs the DNS process request to the kernel when it is determined that the UID is the specific ID. Also with this configuration, as in the third embodiment, the occurrence of communication not intended by the user can be further reduced. Further, as in the third embodiment, when the modem 112 is in the dormant state, it can be suppressed that power for activating the modem 112 is consumed.

  In the above embodiment, the wireless LAN is exemplified as a method of data communication by a method that is not a pay-as-you-go system, but it is not limited to this. The methods that are not a pay-as-you-go system are Bluetooth (registered trademark) and Ethernet (registered trademark) Or the like may be used.

DESCRIPTION OF SYMBOLS 1 communication apparatus 10 control part 11 communication part 111 I / F device 112 modem 113 wireless LAN device 12 storage part 13 display part 14 operation part 141 touch pad 15 packet filter 16a, 16b application 17 connection function part 18 VPN device

Claims (4)

When a connection request to a network is acquired from an application, DNS processing including DNS data communication for transmitting a packet including a domain related to the connection request to a DNS server is performed, and after the DNS processing is completed, the DNS processing is acquired by the DNS processing A communication apparatus for performing data communication with the network based on an IP address, the communication apparatus comprising:
When an application that runs in the background to get the connection request, ID of the connection request source of the application, it is determined whether the predetermined specific ID to the ID of the data communication are permitted,
When it is determined that the ID of the application is a specific ID, the DNS data communication is permitted by outputting a DNS processing request, which is an execution request of the DNS processing, to a modem, which is a communication interface connecting to the network, ID is determined to be if not the specific ID of the application, to suppress the DNS data communication the DNS processing request by not output to the modem, the communication device. The communication device according to claim 1,
The ID of the DNS processing request based on the connection request from the application running in the background set to the ID of the application, outputs the DNS processing request to the kernel,
A communication apparatus, which determines whether the ID of the application is a specific ID, based on the ID of the DNS processing request output to the kernel. When a connection request to a network is acquired from an application, DNS processing including DNS data communication for transmitting a packet including a domain related to the connection request to a DNS server is performed, and after the DNS processing is completed, the DNS processing is acquired by the DNS processing A DNS processing method executed by a communication device that performs data communication with the network based on an IP address ,
A step of acquiring the connection request from the application running in the background,
ID of the connection request source of the application, determining whether or not a predetermined specific ID to the ID of the data communication are permitted,
When it is determined that the ID of the application is a specific ID, the DNS data communication is permitted by outputting a DNS processing request, which is an execution request of the DNS processing, to a modem, which is a communication interface connecting to the network, and step of suppressing the DNS data communication by ID of the application does not output the determined if not the particular ID, the DNS processing request to said modem,
DNS processing method, including: When a connection request to a network is acquired from an application, DNS processing including DNS data communication for transmitting a packet including a domain related to the connection request to a DNS server is performed, and after the DNS processing is completed, the DNS processing is acquired by the DNS processing A communication device that performs data communication with the network based on an IP address ;
A step of acquiring the connection request from the application running in the background,
ID of the connection request source of the application, determining whether or not a predetermined specific ID to the ID of the data communication are permitted,
When it is determined that the ID of the application is a specific ID, the DNS data communication is permitted by outputting a DNS processing request, which is an execution request of the DNS processing, to a modem, which is a communication interface connecting to the network, and step of suppressing the DNS data communication by ID of the application does not output the determined if not the particular ID, the DNS processing request to said modem,
To run the program.

Images