JP6919212B2 - Controls, control methods, and systems - Google Patents

Description

The present invention relates to control devices, control methods, and systems, and particularly to prevention of information leakage in smart devices.

When using a smart device for business, information leakage due to extraction of business data, files, cache information, etc. stored inside the smart device due to unauthorized access or theft becomes a problem. Business data, files, cache information, etc. stored inside the smart device are hereinafter referred to as contents.

Normally, content (business data, etc.) that is taken out of the office by a smart device is installed in the smart device's encryption area (or content encryption) in the preparatory stage (download from the server) before taking out, and the content The server keeps track of the status of taking out.

In addition, when an event such as unauthorized access or theft occurs, the smart device and contents taken out of the company are invalidated (certificate deletion or terminal lock) on the terminal side by control from the server (remote control), and the contents are deleted. -The mechanism of invalidation (remote wipe) and the mechanism of deleting all the data area inside the smart device (excluding the Operating System) by local wipe are common.

Patent Document 1 relates to data sharing between a plurality of mobile terminals, and when a disconnection of a shared session with another mobile terminal in a shared network is detected, the electronic data stored in the mobile terminal can be deleted. Proposed. In Patent Document 1, data leakage is suppressed by such monitoring control.

JP-A-2015-49572

However, the prevention of information leakage of the background technology described above has the following problems.

The first issue is that when using a smart device for business, unauthorized access, theft or loss occurs, and the communication is disabled or the communication environment is not good (offline state) without the SIM (Subscriber Identify Module). If so, you have no control over the content inside your smart device.

The second issue is that encryption alone cannot dispel customer anxiety. When the smart device usage environment goes offline (communication disabled state), it is not possible to confirm the presence or absence of data leakage, and even if the data is encrypted, if it leaks, the customer's anxiety cannot be dispelled. Content encryption is an effective mechanism as a preventive measure against information leakage against unauthorized access (rooting, etc.) and theft / loss, but if the smart device usage environment transitions to offline (communication disabled state), data leakage will occur. I can't confirm the existence.

Content such as remote wipe, remote lock, and terminal use invalidation by deleting the certificate on the server side in the background technology such as MDM (Mobile Device Management) / MAM (Mobile Application Management) / MCM (Mobile Contents Management) functions. The mechanism of erasing / invalidating (collecting contents) is common. However, all of these mechanisms assume that the smart device will be used in a communicable state (online environment), so if the communication is disabled or the communication environment is not good (offline state), it will be smart remotely. This is because there is no way to control access to the device and content.

The third issue is that when the smart device detects the timing when the content needs to be erased (excluding rooting) due to the user's own erroneous operation, the entire data area inside the smart device is deleted and the use of the smart device is resumed by recovery or the like. It is very troublesome (inconvenient).

There is a mechanism to delete all the internal data area of the smart device (excluding the Operating System) by local wipe, which is the background technology, but this mechanism exceeds the "number of times of incorrect ID / password input" set in advance on the terminal. It works for. Therefore, even if the user makes an erroneous operation, if the same conditions are exceeded, all the data will be deleted, so it will take a lot of time to resume the use of the smart device after recovery, such as recovery and resetting.

An object of the present invention is to provide a control device, a control method, and a system capable of enhancing security regarding information leakage of data held by a smart device.

In order to achieve the above object, the control device according to the present invention uses a smart device holding data between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage. It is a control device that makes a state transition with
Monitoring means for monitoring the occurrence of events that require erasure or invalidation of the above data,
When the occurrence of an event that requires erasure or invalidation of the data is detected, the control means for shifting the state of the smart device from the normal use state to the leakage prevention state, and
including.

The control method according to the present invention is a control method for transitioning a state of a smart device holding data between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage. There,
Monitor the occurrence of events that require erasure or invalidation of the above data,
When the occurrence of an event that requires erasure or invalidation of the data is detected, the state transition of the smart device from the normal use state to the leakage prevention state is performed.

The system according to the present invention includes a server and a smart device that communicates with the server and holds data.
The above smart device
A control device that transitions the state of the smart device between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage, and the data can be erased or invalidated. A monitoring means for monitoring the occurrence of a necessary event, and a control means for shifting the state of the smart device from the normal use state to the leakage prevention state when the occurrence of an event requiring deletion or invalidation of the data is detected. Including a control device having.

INDUSTRIAL APPLICABILITY The present invention can enhance security regarding information leakage of data held by a smart device.

(A) is a block diagram for explaining the information processing apparatus for the embodiment according to the superordinate concept of the present invention, and (b) is a block diagram for explaining the control device for the embodiment according to the superordinate concept of the present invention. Is. It is a block diagram for demonstrating an example of the system by Embodiment of this invention. It is a block diagram which shows the configuration example of the smart device of FIG. It is a functional block diagram which shows the configuration example of the CPU and the memory of the smart device of FIG. It is a state transition schematic diagram which shows an example of the control state of the smart device of FIG. It is a flowchart for demonstrating the synchronous operation of the smart device of FIG. 2 and a server. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating the control process of secondary data leakage prevention by the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating the control process of the tertiary data leakage prevention by the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating the control process of the 4th data leakage prevention by the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating operation of the control apparatus of 1st Embodiment of this invention. It is a flowchart for demonstrating the control process of secondary data leakage prevention by the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating the control process of tertiary data leakage prevention by the control apparatus of 2nd Embodiment of this invention. It is a flowchart for demonstrating the control process of the 4th data leakage prevention by the control apparatus of 2nd Embodiment of this invention.

Before describing preferred embodiments of the present invention, terms used herein will be described.

(Content multi-stage defense)
"Content multi-step protection" means step-by-step information leakage prevention control according to the urgency (security level) of security measures (data leakage prevention measures) (considering the convenience of recovery work due to user erroneous operation, etc.) It means going to (considering both security and convenience). For example, "rooting operation" is a condition in which the security level that requires urgent security measures is extremely high in "conditions for determining the deletion / invalidation of contents in a smart device". ..

(Access outside usage authority)
"Access outside the usage authority" means the creator and creation of content in the attribute information (hereinafter referred to as content attribute, synonymous with metadata) used when operating business data (hereinafter referred to as content) in a company. Information such as the date and time, content identifier, and range of use is provided, and the information on the range of use includes "users", "range of use (user or group)", and "authority granted to the user". , "Expiration date", "Available applications" and so on. The case where the content is used (accessed) other than the setting information of the usage range is defined as "access without usage authority (to the content)".

(Normal usage status)
The "normal usage state" is a state in which a user who has been granted usage authority is using a smart device in accordance with a management / operation policy set by a company. The main controls in the normal usage state are monitoring of "content erasure / invalidation timing" and detection of the same timing. When the "content deletion / invalidation timing" is detected, the smart device or content is controlled according to the content multi-stage protection policy table, and the state transitions to the corresponding next data leakage protection state.

(Primary data leakage protection status)
The "primary data leakage prevention state" is, for example, when an offline state (a state in which communication is not possible or a state in which the communication environment is not good), which is the "content deletion / invalidation timing", is detected in the normal usage state, the user enters the smart device. It means a state such as waiting for input of authentication information for offline authentication when accessing the content list and contents stored in the area where unauthorized login operation monitoring and security are ensured.

The main controls in the primary data leakage prevention state are monitoring of conditions for transitioning to the "next data leakage prevention state" or the normal use state (monitoring of "content deletion / invalidation timing") and offline authentication. When the content deletion / invalidation timing is detected, the smart device or content is controlled according to the content multi-stage protection policy table, and the state transitions to the corresponding next data leakage protection state. When the online status is detected, the offline authentication is canceled and the normal usage status is entered.

(Secondary data leakage protection status)
The "secondary data leakage protection state" means, for example, that the smart device cannot operate or the content cannot be accessed by the control after the detection of the "content erasure / invalidation timing" in the normal usage state or the primary data leakage prevention state. Means the state. This state is assumed to be an application locked state, a terminal locked state, or the like.

The main control in the secondary data leakage prevention state is monitoring of conditions for transitioning to the "next data leakage prevention state" ("content deletion / invalidation timing", expiration of timer value, etc.). When content deletion / invalidation timing detection or state transition condition expiration is detected, the smart device or content is controlled according to the content multi-stage protection policy table, and the state transitions to the corresponding next data leakage protection state. When the defense state release is received from the server, the state transition condition set in this defense state is reset and the state transitions to the normal use state.

(3rd data leakage protection status)
The "tertiary data leakage protection state" is defined as when the content deletion / invalidation timing is detected in the normal usage state or the primary data leakage prevention state, or by control after the detection of, for example, the "expiration of the secondary data leakage prevention condition". It means that the contents inside the smart device have been erased. The content erasure assumed here may be content unit erasure, user area erasure, business area erasure when using BYOD (Bring Your Own Device), or the like.

The main control in the tertiary data leakage prevention state is monitoring of conditions for transitioning to the "next data leakage prevention state" ("content deletion / invalidation timing", expiration of timer value, etc.). When content deletion / invalidation timing detection or state transition condition expiration is detected, the smart device or content is controlled according to the content multi-stage protection policy table, and the state transitions to the corresponding next data leakage protection state. When the defense state release is received from the server, the state transition condition set in this defense state is reset and the state transitions to the normal use state.

(4th data leakage protection status)
The "fourth data leakage protection state" is defined when the content deletion / invalidation timing is detected in the normal usage state or the primary data leakage protection state, or by control after the detection of, for example, the "third data leakage protection state condition expiration". , Means that the content inside the smart device has been completely erased irretrievably.

The main control in the 4th data leakage protection state is to the 4th data leakage protection state when the rooting operation is detected in the normal use state or the primary data leakage protection state, or when the transition condition expiration of the 3rd data leakage protection state is detected. Transition and irrecoverable erasure of all data inside the smart device. Note that all the data inside the smart device to be deleted here refers to all the data (applications, policy data, etc.) excluding the OS (Operating System) inside the smart device. Then, after the erasing process is completed, the state of the smart device is changed to the smart device initialization state.

(Smart device initialization state)
The "smart device initialization state" refers to a state in which the irrecoverable erasure process of all data except the OS inside the smart device is completed in the "fourth data leakage prevention state". This state refers to the pre-factory state of the smart device, that is, the pre-kitting state at the factory. There is no particular control in the smart device initialization state, but there is a policy, application or content reinstallation to reuse the smart device in the smart device initialization state, specifically to restore it to the normal usage state described above. is necessary.

(Content multi-stage defense policy table)
Conditions for determining erasure / invalidation of content in a smart device, and erasure / invalidation range for controlling content in multiple stages (content unit erasure, user area erasure, and business area erasure (when using BYOD) ) And other definition information is registered in this table. For smart devices, first register the content multi-step defense policy table after startup. The conditions in this table differ depending on the operational policy such as IT (Information Technology) usage rules in the company, but as an example of this explanation, the following conditions are defined here.
● Unauthorized access:
Number of incorrect ID / password entries (illegal login operation)
Number of offline authentication failures (unauthorized access operation)
Rooting operation, etc. ● Theft / Loss:
SIM card removal (SIM card removal operation)
Bluetooth (registered trademark) / WiFi disconnection (Bluetooth (registered trademark) / WiFi disconnection operation)
* In the above operation detection, theft / loss is a combination of conditions such as inputting the allowable time required for recovery (SIM card insertion) in accordance with the operation policy such as the location information of the smart device (use) and the IT usage policy in the company. Make a decision.
● Normal access / Semi-normal access:
<The following conditions include server access>
Excessive access to content (violation of operational policy)
Content attribute change (operation policy violation)
Access operation without usage authority (violation of operation policy)
In addition, this table shall be registered at the time of initial setting and at the time of setting change due to the change of operation method (condition).

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings.

[First Embodiment]
First, a control device, a control method, and a system according to the first embodiment of the present invention will be described. The present embodiment relates to a control that performs multi-step protection when a smart device to which a control device is applied moves from an online environment to an offline environment. Here, the online environment of the smart device refers to a state in which communication is possible between the smart device and the server. The offline environment of a smart device refers to a state in which communication between the smart device and the server is impossible or a state in which the communication environment between the smart device and the server is not good. In the offline environment of the smart device, it is assumed that remote control from the server to the smart device is impossible.

(composition)
Referring to FIG. 2, the system of the first embodiment of the present invention includes a smart device 1, a Radio Access Network (RAN) or WiFi access point (AP) 10, lines 11 and 12, and an Internet or Intra Network (IN). ) 100 and the server 20.

Here, the server 20 is a general term for cloud services contracted by a company, an in-house server, and the like.

It is assumed that the smart device 1 has an MDM (Mobile Device Management) / MAM (Mobile Application Management) / MCM (Mobile Contents Management) function. As shown in FIG. 3, the smart device 1 includes a User Equipment (UE) 2, a User Identity Module (UIM) 3, and an antenna 7. The UE 2 of the smart device 1 includes a radio unit / control unit 4, a CPU (central processing unit; processor; data processing unit) 5 operated by program control, and a memory 6.

The smart device 1 in FIG. 2 shows the case of a mobile communication model such as 3G / LTE (3rd Generation / Long Term Evolution). If the smart device is a WiFi model, the UIM3 in FIG. 2 may not be available.

As shown in FIG. 4, the CPU 5 of the smart device 1 includes a UI control processing unit 502, a policy setting control unit 503, a content erasure timing monitoring / detection processing unit 504, a state transition condition monitoring processing unit 505 using a timer, and offline. Includes authentication processing unit 506. Further, the CPU 5 of the smart device 1 includes a terminal lock / application lock control processing unit 507, a content erasure control processing unit 508, a content erasing tool control / processing unit 509, a data leakage protection release processing unit 510, a data synchronization processing unit 511, and data transmission / reception. It includes a processing unit 512 and a functional state management unit / functional control unit 501.

The offline authentication processing unit 506 is used for primary data leakage prevention, which will be described later. The terminal lock / application lock control processing unit 507 is used for secondary data leakage prevention, which will be described later. The content erasure control processing unit 508 is used for tertiary data leakage prevention, which will be described later. The content erasing tool control / processing unit 509 is used for the fourth-order data leakage prevention described later. In the content erasure by the content erasure tool control / processing unit 509, irrecoverable erasure is performed, which will be described later.

The data transmission / reception processing unit 512 performs data transmission / reception including reception of a defense state release notification for recovering from the primary data leakage protection state or the tertiary data leakage protection state described later.

As shown in FIG. 4, the memory 6 of the smart device 1 includes a security ensuring area 61. As shown in FIG. 4, the security securing area 61 of the memory 6 includes the content multi-stage control policy 62, the content attribute / main body 63, and the content list 64.

The content multi-stage control policy 62 includes conditions for determining erasure / invalidation of content in a smart device and an erasure / invalidation range (content unit erasure, user area erasure, etc.) for controlling content in multiple stages. Definition information such as business area deletion (when using BYOD).

When the smart device usage environment is an online environment, the smart device 1 downloads contents (business data such as forms and customer information) taken out of the company after startup from the server 20, and has content attributes and contents in the memory 6. It is saved in the content attribute / main body 63 which is the main body. At this time, the smart device 1 creates the downloaded content list 64 and synchronizes the data with the server 20. As a result, the server 20 controls and manages the content take-out status, and the smart device 1 also manages the same information.

Further, in the online environment, data synchronization shall be performed between the smart device 1 and the server 20 when the content information is updated or periodically. The data synchronization operation between the smart device and the server will be described in more detail with reference to FIG. The smart device 1 downloads and saves the content when the smart device usage environment is an online environment (S1). Here, the attribute information is the same as that of the server 20 which is the download source. Confirm the completion of saving the content (S2), and generate a content list when the saving is completed (S3). It is confirmed that the content list has been generated (S4), and when the generation is completed, the content list is saved in the memory 6 (S5). The completion of saving the content list is confirmed (S6), and when the saving is completed, the smart device 1 synchronizes the data with the server 20 (S7). Regarding data synchronization, the completion of synchronization is confirmed (S8), and when the synchronization is completed, the data synchronization completion information is registered (S9). Next, the smart device user is notified by a method including the content list display (S10). Then, the smart device 1 is in a normal use state (S11).

(State transition control by control device)
The state transition control by the control device of the present embodiment will be outlined with reference to the state transition diagram of FIG.

When the satisfaction of the condition 1 is detected in the smart device 1 taken out of the company, the system state is changed to the "primary data leakage prevention state". Here, the condition 1 is the detection of a communication impossible state or a poor communication environment (offline state) in the "normal use state" and the detection of a communication channel disconnection operation. Communication path disconnection operations include setting operations to airplane mode. In this "primary data leakage prevention state", it is possible to monitor unauthorized login operations for logging in to a smart device, and to perform offline authentication when accessing a list of contents and contents stored in a secure area. Become.

In the "primary data leakage protection state", if the authentication result is OK in the offline authentication after successful login to the smart device, the state transitions to the normal usage state, and at the end of use, the smart device logs in / offline. Waiting for authentication input information. When it detects that the smart device usage environment returns to the online environment, it cancels the offline authentication (cancels the primary data leakage protection state) and shifts the system state to the "normal usage state".

Next, in the "primary data leakage prevention state", when login to the smart device fails and the satisfaction of condition 2 is detected, the system state is changed to the "secondary data leakage prevention state". Here, the condition 2 is an excess of the number of times of inputting an incorrect ID / password, an excess of offline authentication failure, SIM card removal, and the like. After transitioning to the "secondary data leakage protection state", the conditions for transitioning to the "tertiary data leakage protection state" are monitored ("content deletion / invalidation timing", timer value expiration, etc.). That is, it waits for the transition to the tertiary data leakage protection state.

Next, when the satisfaction of the condition 3 is detected in the "secondary data leakage prevention state", the system state is changed to the "tertiary data leakage prevention state". Here, the condition 3 is the expiration of the state transition condition such as the timer value, the removal of the SIM card, and the like. In the "tertiary data leakage prevention state", the erasure process is performed according to the erasure / invalidation range (content unit erasure, user area erasure, and business area erasure (when BYOD is used)) of the content multi-stage protection policy table. Furthermore, the conditions for transitioning to the "fourth data leakage prevention state" are monitored ("content deletion / invalidation timing", timer value expiration, etc.). That is, it waits for the transition to the fourth data leakage protection state.

Next, when the satisfaction of the condition 4 is detected in the "tertiary data leakage prevention state", the system state is changed to the "fourth data leakage prevention state". Here, the condition 4 is the expiration of the state transition condition such as the timer value, the rooting operation, and the like. In the "fourth data leakage protection state", a tool or the like that makes the erased data installed in the smart device in advance unrecoverable is controlled. By this control, all data (contents, applications, policy data, etc.) except the OS inside the smart device is irretrievably erased. After the erasure is completed, the system state is changed to the smart device initialization state. The smart device initialization state is the state before the factory shipment of the smart device.

When the smart device 1 taken out of the company detects that the condition 5 is satisfied, it is assumed that the system state is changed to the "tertiary data leakage prevention state". Here, the condition 5 is "SIM card removal operation". Here, considering the possibility of (non-malicious) "SIM card removal operation" by the user or a maintenance worker authorized by the user, if the "SIM card removal operation" is detected, the CPU 5 uses IT in the enterprise. If you are prompted to enter the allowable time required for recovery (SIM card insertion) in accordance with the operation policy such as regulations, and if the input of the time within the allowable range in the operation policy (time determined in advance by the operation policy etc.) is detected, Does not transition to "tertiary data leakage protection state".

When the satisfaction of the condition 6 is detected in the smart device 1 taken out of the company, the system state is changed to the "fourth data leakage prevention state". Here, condition 6 is a rooting operation. In the "fourth data leakage protection state", a tool or the like that makes the erased data installed in the smart device in advance unrecoverable is controlled. By this control, all data (contents, applications, policy data, etc.) except the OS inside the smart device is irretrievably erased. After the erasure is completed, the system state is changed to the smart device initialization state.

In the "tertiary data leakage prevention state", if the conditions are satisfied, the state can be changed to the "normal use state" or the "primary data leakage prevention state". As can be understood from FIG. 5, when the satisfaction of the condition 4 and the condition 6 is detected, the system state is changed to the "fourth data leakage prevention state", and the "fourth data leakage prevention state" is changed to the "normal use state". The state cannot be changed to.

(Operation when smart device 1 is taken out of the company)
Next, the operation of the smart device 1 and the server 20 when the smart device 1 is taken out of the company will be described with reference to the flowchart.

In the smart device 1 taken out of the company, after the normal usage state (S21), the content deletion / invalidation timing is monitored (S22). When the CPU 5 detects a state in which communication is not possible or a state in which the communication environment is not good (offline state) in the "normal use state" (YES in S23), "offline authentication" is activated (S24), and the state of waiting for authentication is entered. This offline authentication is an operation required when accessing the content list and the content stored in the secure area. Further, the system state is changed to the "primary data leakage prevention state" (S25), and the online detection is confirmed (S26). For example, if the smart device 1 succeeds in logging in by the operation of the user of the smart device 1 and the authentication result is OK in the subsequent offline authentication (YES in S26), the "offline authentication" is canceled (S27). Return to the normal usage state (S21).

After the state transition (S25) to the "primary data leakage prevention state", the start of smart device use (login) is confirmed (S28). When the start of use of the smart device can be confirmed (YES in S28), the process proceeds to the process (1) specifically shown in FIG. When the start of using the smart device cannot be confirmed (NO in S28), the removal of the SIM card is detected (S29). When the SIM card removal is not detected (NO in S29), the process moves to confirmation (S28) of starting smart device use (login). When the removal of the SIM card is detected (YES in S29), the process proceeds to the process (2) specifically shown in FIG. 9A.

In the process (1) specifically shown in FIG. 8, it is confirmed whether there is a problem in the authentication by the ID or password input by the user (S101). It is confirmed whether there is a problem in authentication by the ID or password entered by the user and the number of times of authentication failure has been exceeded (S102). The authentication confirmation (S101) using the ID and password is repeated until the number of authentication failures occurs. When the number of authentication failures exceeds (YES in S102), the "secondary data leakage prevention" control process is performed (S103). After that, the process proceeds to the process (3) specifically shown in FIG. 9B.

In the confirmation of authentication by ID or password (S101), if there is no problem with the ID or password entered by the user (NO in S101) and the authentication is successful, the communication means disconnection operation is detected (S104). Here, the communication means disconnection operation may be, for example, a user's operation to set the airplane mode. When the communication means disconnection operation is detected, the "offline authentication" is continuously operated (S112). By the continuous operation of "offline authentication", the state of waiting for authentication continues. When the communication means disconnection operation is not detected, it is confirmed whether or not there is access to the secure area (S105). When there is no access to the secure area, the "primary data leakage protection state" is maintained (S113). Further, when the SIM card withdrawal is detected (S114) and the SIM card withdrawal is detected (YES in S114), the process proceeds to the process (2) specifically shown in FIG. 9A.

When the SIM card removal is not detected (NO in S114), the presence or absence of the rooting operation in the smart device 1 is detected (S115). When the rooting operation is not detected, the process proceeds to the detection of the communication means disconnection operation (S104). When the rooting operation to the smart device 1 is detected, the process proceeds to the process (5) specifically shown in FIG. 10B.

When the communication means disconnection operation is not detected (NO in S104) and the secure area is accessed (NO in S105), the "offline authentication" process is started (S106). The success or failure of the offline authentication is confirmed (S107), and when the offline authentication is successful (NO in S107), access to the "secure area" is permitted (S109). Allowing access to the "secure area" means that access to the "secure area" is available offline.

After that, the presence or absence of an operation policy violation is detected, and when an operation policy violation is detected (YES in S110), the process proceeds to the "secondary data leakage prevention" control process (S103). When the operation policy violation is not detected (NO in S110), the end of use of the smart device 1 is confirmed (S111). When the end of use of the smart device 1 is not confirmed, the access to the "secure area" is permitted (S109). When the end of use of the smart device 1 is confirmed, the process returns to the beginning of the flowchart of FIG. 8 in case the use of the smart device 1 is resumed.

Next, the process (2) performed after the SIM card withdrawal is detected will be described with reference to the flowchart of FIG. 9A. An input request is made for the "recovery time (time required for inserting the SIM card)", which is the time required to return to the state in which the removed SIM card is inserted (S201). Further, the validity of the input value of the recovery time input to the smart device 1 is confirmed (S202). When the input value of the input recovery time is valid, the "SIM removed" state is confirmed (S204). When the SIM card is restored to the inserted state and the "SIM removal" state is completed, the process returns to the process (1) specifically shown in FIG.

When the "SIM removal" state is confirmed (YES in S204), it is confirmed whether the input "recovery time" has expired (S205). While the input "recovery time" has not expired, the confirmation of the "SIM removal" status (S204) is repeated. When the "recovery time" has expired (YES in S205), the "secondary data leakage prevention" control process is performed (S203). A more specific content of the “secondary data leakage prevention” control process is shown in FIG. 11A, which will be described later.

The process (3) performed after the “secondary data leakage prevention” control process (S103) of FIG. 8 will be described with reference to the flowchart of FIG. 9B.

It is confirmed whether or not the secondary defense state needs to be released (S301). The user of the smart device 1 contacts the administrator by some means and moves the smart device 1 to the online environment (S302). Waiting for the defense state release notification from the server 20 (S303), and confirming the receipt of the release notification (S304). When the receipt of the cancellation notice can be confirmed, the defense state is canceled (S305). This defensive state release includes unlocking and offline authentication release. Then, the state transitions to the "normal use state" (S306).

When it is not necessary to release the secondary defense state (NO in S301), the transition condition to the "tertiary data leakage protection state" is monitored (S307). The transition condition to the "third data leakage protection state" depends on the timer value and the like. Confirm the expiration of the state transition condition to the "tertiary data leakage protection state", and repeat the expiration confirmation of the state transition condition to the "tertiary data leakage prevention state" while it has not expired. When it is confirmed that the state transition condition to the "tertiary data leakage prevention state" has expired (YES in S308), the "third data leakage prevention" control process is performed (S309). A more specific content of the “third data leakage prevention” control process is shown in FIG. 11B, which will be described later. After that, the process proceeds to the process (4) specifically shown in FIG. 10A.

The process (4) performed after the “third data leakage prevention” control process (S309) of FIG. 9B will be described with reference to the flowchart of FIG. 10A.

It is confirmed whether or not the tertiary defense state needs to be released (S401). The user of the smart device 1 contacts the administrator by some means and moves the smart device 1 to the online environment (S402). Waiting for the defense state release notification from the server 20 (S403), and confirming the receipt of the release notification (S404). When the receipt of the cancellation notice can be confirmed, the defense state is canceled (S405). This defensive state release includes unlocking and offline authentication release. Then, the state transitions to the "normal use state" (S406).

When it is not necessary to release the tertiary defense state (NO in S401), the transition condition to the "fourth data leakage protection state" is monitored (S407). The transition condition to the "fourth data leakage prevention state" depends on the timer value and the like. Confirm the expiration of the state transition condition to the "fourth data leakage protection state", and repeat the expiration confirmation of the state transition condition to the "fourth data leakage prevention state" while it has not expired. When it is confirmed that the state transition condition to the "fourth data leakage prevention state" has expired (YES in S408), the "fourth data leakage prevention" control process is performed (S409). A more specific content of the “fourth data leakage prevention” control process is shown in FIG. 11C, which will be described later.

The process (5) performed after the rooting operation of FIG. 8 is detected (YES in S115) will be described with reference to the flowchart of FIG. 10B. In this case, the "fourth data leakage prevention" control process is performed (S501).

FIG. 11A shows more specific processing contents of the “secondary data leakage prevention” control processing of S103 and S203. The "secondary data leakage prevention" control process is started, and the "lock control" is activated. This "lock control" is a terminal lock or an application lock. Next, the state transitions to the "secondary data leakage prevention state". Next, transition conditions to the "tertiary data leakage prevention state", such as timer values, are set and monitored.

FIG. 11B shows a more specific processing content of the “third data leakage prevention” control process of S309. The "tertiary data leakage prevention" control process is started, and the "content erasure" is activated based on the erasure range definition information. Next, the state transitions to the "tertiary data leakage prevention state". Next, transition conditions to the "fourth data leakage prevention state", such as a timer value, are set and monitored.

FIG. 11C shows a more specific processing content of the “fourth data leakage prevention” control process of S409. The "fourth data leakage prevention" control process is started, and the state transitions to the "fourth data leakage prevention state". All data inside the smart device 1 except the OS is irreparably erased. Next, the state transitions to the "initialized state". This "initialized state" refers to the state before shipment from the factory.

(Effect of the first embodiment)
In the smart device 1 to which the control device of the present embodiment is applied, security enhancement (information leakage prevention) is possible.

The reason is that even in the case of unauthorized access (rooting, etc.) or remote controlless state of the smart device (communication impossible state without SIM etc. due to theft or loss, communication environment is not good (offline state), etc.) This is because the content inside the smart device can be controlled. Furthermore, by setting detailed conditions and protecting data, it is possible to provide (realize) services with further enhanced security (prevention of information leakage).

Further, in the smart device 1 to which the control device of the present embodiment is applied, it is possible to improve customer (smart device user) satisfaction by a safe and secure usage environment.

The reason is that even in the case of unauthorized access (rooting, etc.) or remote controlless state of the smart device (communication impossible state without SIM etc. due to theft or loss, communication environment is not good (offline state), etc.) This is because detailed condition setting and data protection are possible. Eventually, all data (contents, applications, policy data, etc.) except the OS inside the smart device will be irretrievably erased (completely erased), so (leakage of encrypted data by background technology). Dispel customer anxiety (for potential). It is possible to improve customer (smart device user) satisfaction by providing a safe and secure usage environment for this system.

Further, in the smart device 1 to which the control device of the present embodiment is applied, it is possible to improve the convenience of the smart device for business use while maintaining the security. In other words, both security and convenience can be achieved.

When some trouble occurs when using a smart device for business, even the user himself / herself may be upset and mistakenly operate the smart device, or a person who is unfamiliar with IT may make a mistake when using the smart device. In this embodiment, the recovery work time required for resuming the use of the smart device is minimized while maintaining the security of the internal data of the smart device by performing stepwise data protection according to the security level by setting detailed conditions. realizable. Here, the recovery work required for resuming the use of the smart device is the smart device usage environment setting such as the reinstallation of applications, contents, and policies. In this way, even if a problematic event occurs, it is possible to provide an optimal smart device usage environment that can achieve both security and convenience.

In the smart device 1 to which the control device of the present embodiment is applied, when an event that requires erasure or invalidation of confidential information is detected, control is performed from the normal usage state according to the content multi-step protection. As a result, data leakage can be suppressed.

Further, in the smart device 1 to which the control device of the present embodiment is applied, even when the smart device exists in the offline environment, when an event that requires erasure or invalidation of confidential information is detected, the content is changed from the normal usage state. Control according to multi-step defense. As a result, data leakage can be suppressed even for the smart device 1 in a state where remote control is not possible.

For example, when the rooting of the smart device 1 is detected, the state transitions to the "fourth data leakage prevention state", and all the data inside the smart device 1 except the OS is irreparably erased. As a result, it is possible to prevent leakage of confidential information to a malicious smart device 1 user.

For example, when the SIM card removal operation of the smart device 1 is detected, the allowable time required for recovery is input, and when the input of a reasonable time is detected, the leakage is more important during the input time. The recovery operation is monitored by deferring the state transition to the defensive state. As a result, it is possible to allow a non-malicious SIM removal by the user himself / herself or a maintenance worker authorized by the user himself / herself. Further, for the SIM card withdrawal operation by the user himself / herself or a user other than the maintenance worker authorized by the user himself / herself, the state transition to the leakage prevention state with higher importance can be performed. As a result, it is possible to prevent leakage of confidential information to a malicious smart device 1 user.

[Second Embodiment]
Next, the control device, the control method, and the system according to the second embodiment of the present invention will be described. The present embodiment relates to a control that performs multi-step protection assuming an environment (online environment) in which a communication path is secured in a smart device usage environment as an example of a control device, a control method, and a system.

The system of the present embodiment is the same as the first embodiment of the present invention described above, that is, the smart device 1, the Radio Access Network (RAN) or WiFi access point (AP) 10, the lines 11 and 12, and the Internet or Intra. Includes Network 100 and Server 20.

As shown in FIG. 3, the smart device 1 includes a User Equipment (UE) 2, a User Identity Module (UIM) 3, and an antenna 7. The UE 2 of the smart device 1 includes a radio unit / control unit 4, a CPU (central processing unit; processor; data processing unit) 5 operated by program control, and a memory 6.

The smart device 1 in FIG. 2 shows the case of a mobile communication model such as 3G / LTE. If the smart device is a WiFi model, the UIM3 in FIG. 2 may not be available.

As shown in FIG. 4, the CPU 5 of the smart device 1 includes a UI control processing unit 502, a policy setting control unit 503, a content erasure timing monitoring / detection processing unit 504, a state transition condition monitoring processing unit 505 using a timer, and offline. Includes authentication processing unit 506. Further, the CPU 5 of the smart device 1 includes a terminal lock / application lock control processing unit 507, a content erasure control processing unit 508, a content erasing tool control / processing unit 509, a data leakage protection release processing unit 510, a data synchronization processing unit 511, and data transmission / reception. It includes a processing unit 512 and a functional state management unit / functional control unit 501.

Next, the operation of the smart device 1 and the server 20 when the smart device 1 is taken out of the company will be described with reference to the flowchart of FIG. 12A. In this embodiment, the description will be made on the premise that the smart device 1 is taken out of the company but maintains an online environment.

In the smart device 1 taken out of the company, the content deletion / invalidation timing is monitored (S32) after the normal usage state (S31). Further, the start of using the smart device (login) is confirmed (S33). When the start of use of the smart device is confirmed (YES in S33), the process proceeds to the process (6) specifically shown in FIG. 12B. When the start of using the smart device cannot be confirmed (NO in S33), the removal of the SIM card is detected (S34). When the SIM card removal is not detected (NO in S34), the process returns to monitoring the content erasure / invalidation timing (S32). When the removal of the SIM card is detected (YES in S34), the process proceeds to the process (7) specifically shown in FIG.

In the process (6) specifically shown in FIG. 12B, it is confirmed whether there is a problem in the authentication by the ID or password input by the user (S601). When there is no problem in the authentication by the ID or password input by the user (NO in S601), the process proceeds to the process (8) specifically shown in FIG. If there is a problem in authentication using the ID or password entered by the user, check whether the number of authentication failures has exceeded (S602). The authentication confirmation (S601) using the ID and password is repeated until the number of authentication failures occurs. When the number of authentication failures exceeds (YES in S602), the "secondary data leakage prevention" control process is performed (S603). A more specific content of the “secondary data leakage prevention” control process is shown in FIG. 17A, which will be described later. After that, the process proceeds to the process (10) specifically shown in FIG. 16A.

Further, in the smart device 1 taken out of the company, the CPU 5 is in the "normal use state" and the server 20 is the content deletion / invalidation timing such as "content access count (access count exceeded)" or "access outside the usage authority". When it is detected that the smart device 1 user such as "operation" violates the operation policy, the server 20 sends a notification (notification that the number of accesses is exceeded or the access is outside the usage authority) to alert the smart device 1. ..

At this time, when the server 20 detects that the smart device 1 user ignores this notification and continues to access the server 20, the terminal lock or application which is a remote control such as the MDM function or the MAM function. Perform lock (remote lock).
At this time, the server 20 transmits a remote lock notification (notification that the smart device 1 has been remotely locked) to the smart device 1.

When the CPU 5 detects the "remote lock notification", it shifts the system state to the "secondary data leakage protection state" and monitors the conditions for transitioning to the "tertiary data leakage prevention state"("content deletion / invalidation"). "Timing" and expiration of timer value, etc.). (Waiting for transition to tertiary data leakage protection state)
Further, in the smart device 1 taken out of the company, when the CPU 5 detects the "normal use state" and the CPU 5 detects the "Bluetooth / WiFi connection disconnection operation" in the airplane mode or the like, which is the content deletion / invalidation timing, the smart device is used. Unauthorized login operation to the inside When accessing the content list and contents stored in the area where monitoring and security are secured, offline authentication is performed and the system state is changed to "primary data leakage prevention state". Transition.

Under the above situation, as in the offline environment description, when an event that fails in login or offline authentication occurs, the CPU 5 monitors the content deletion / invalidation timing (exceeding the number of failures), and the CPU 5 detects that the number of failures has exceeded. Then, control such as terminal lock / application lock is performed, the system state is changed to the "secondary data leakage prevention state", and the conditions for transitioning to the "tertiary data leakage prevention state" are monitored ("content erasure / content deletion /". "Invalidation timing", expiration of timer value, etc.). (Waiting for transition to tertiary data leakage protection state)
Under the above circumstances, when the CPU 5 detects "Bluetooth / WiFi connection operation" (returning to the online environment) due to airplane mode cancellation, etc., offline authentication is canceled (primary data leakage protection state is canceled) and the normal usage state is entered. do.

Next, the process (7) performed after the SIM card withdrawal is detected will be described with reference to the flowchart of FIG. An input request is made for the "recovery time (time required for inserting the SIM card)", which is the time required to return to the state in which the removed SIM card is inserted (S701). Further, the validity of the input value of the recovery time input to the smart device 1 is confirmed (S702). When the input value of the input recovery time is appropriate, the "SIM removed" state is confirmed (S704). When the state in which the SIM card is inserted is restored and the "SIM removal" state is completed, the process returns to the process (6) specifically shown in FIG. 12B.

When the "SIM removal" state is confirmed (YES in S704), it is confirmed whether the input "recovery time" has expired (S705). While the input "recovery time" has not expired, the confirmation of the "SIM removal" status (S704) is repeated. When the "recovery time" has expired (YES in S705), the "secondary data leakage prevention" control process is performed (S703). A more specific content of the “secondary data leakage prevention” control process is shown in FIG. 17A, which will be described later. After that, the process proceeds to the process (10) specifically shown in FIG. 16A.

The process (8) will be described with reference to the flowchart of FIG. Monitoring including operation policy monitoring is performed while the smart device 1 is logged in (S801). The presence or absence of an operation policy violation is monitored, and when a violation is detected (YES in S802), the process moves to the "secondary data leakage prevention" control process (S803). When the operation policy violation is not detected (NO in S802), it is confirmed whether or not the server 20 is accessed (S804). Monitoring including operation policy monitoring is performed while the smart device 1 is logged in (S805). The presence or absence of an operation policy violation is monitored, and when an operation policy violation is detected (YES in S806), the process moves to the "secondary data leakage prevention" control process (S803). When the operation policy violation is not detected (NO in S806), the presence / absence of the rooting operation in the smart device 1 is detected (S807). When the rooting operation is not detected, SIM card removal is detected (S808), and when SIM card removal is detected (YES in S808), the process proceeds to the process (7) specifically shown in FIG.

When the SIM card removal is not detected (NO in S809), the communication means disconnection operation is detected (S809). Here, the communication means disconnection operation may be, for example, a user's operation to set the airplane mode. When the communication means disconnection operation is not detected, the process returns to S801. When the communication means disconnection operation is detected, the process proceeds to the process (9) specifically shown in FIG.

In the process (9) specifically shown in FIG. 15, "offline authentication" is activated (S901), and the state of waiting for authentication is set. Further, the state transitions to the "primary data leakage protection state" (S902). When the presence or absence of the communication means connection operation is confirmed and the communication means connection operation is confirmed (YES in S903), the "offline authentication" is canceled (S904). Then, the process returns to the process (8) shown in FIG. When the communication means connection operation cannot be confirmed (NO in S903), the presence / absence of the rooting operation in the smart device 1 is detected (S905). When the rooting operation is not detected, SIM card removal is detected (S906), and when SIM card removal is detected (YES in S906), the process proceeds to the process (7) specifically shown in FIG.

When the SIM card removal is not detected (NO in S906), it is confirmed whether or not there is access to the secure area (S907). When there is no access to the secure area, the process returns to confirmation (S903) of the presence / absence of the communication means connection operation. When the secure area is accessed (YES in S907), the "offline authentication" process is started (S908). The success or failure of the offline authentication is confirmed (S909), and when the offline authentication is successful (NO in S909), access to the "secure area" is permitted (S912). Allowing access to the "secure area" means that access to the "secure area" is available offline. After that, the end of use of the smart device 1 is confirmed (S913). When the end of use of the smart device 1 is not confirmed, the process returns to the permission of access to the "secure area" (S912). When the end of use of the smart device 1 is confirmed, the process returns to the beginning of the flowchart of FIG. 12B in case the use of the smart device 1 is resumed.

When offline authentication fails (YES in S909), it is confirmed whether the number of times of authentication failure has been exceeded (S901). The offline authentication confirmation (S909) is repeated until the number of authentication failures occurs. When the number of authentication failures exceeds (YES in S910), the "secondary data leakage prevention" control process is performed (S911). The specific contents of the “secondary data leakage prevention” control process are shown in FIG. 17A, which will be described later. After that, the process proceeds to the process (10) specifically shown in FIG.

The process (10) performed after the “secondary data leakage prevention” control process (S911) of FIG. 15 will be described with reference to the flowchart of FIG. 16A.

It is confirmed whether or not the secondary defense state needs to be released (S1001). The user of the smart device 1 contacts the administrator by some means and moves the smart device 1 to the online environment (S1002). It waits for the defense state release notification from the server 20 (S1003), and confirms the receipt of the release notification (S1004). When the receipt of the cancellation notice can be confirmed, the defense state is canceled (S1005). This defensive state release includes unlocking and offline authentication release. Then, the state transitions to the "normal use state" (S1006).

When it is not necessary to release the secondary defense state (NO in S1001), the transition condition to the "tertiary data leakage protection state" is monitored (S1007). The transition condition to the "third data leakage protection state" depends on the timer value and the like. Confirm the expiration of the state transition condition to the "tertiary data leakage protection state", and repeat the expiration confirmation of the state transition condition to the "tertiary data leakage prevention state" while it has not expired. When it is confirmed that the state transition condition to the "tertiary data leakage prevention state" has expired (YES in S1008), the "third data leakage prevention" control process is performed (S1009). A more specific content of the “third data leakage prevention” control process is shown in FIG. 17B, which will be described later. After that, the process proceeds to the process (11) specifically shown in FIG. 16B.

The process (11) performed after the “third data leakage prevention” control process (S1009) of FIG. 16A will be described with reference to the flowchart of FIG. 16B.

It is confirmed whether or not the tertiary defense state needs to be released (S1101). The user of the smart device 1 contacts the administrator by some means and moves the smart device 1 to the online environment (S1102). It waits for the defense state release notification from the server 20 (S1103), and confirms the receipt of the release notification (S1104). When the receipt of the cancellation notice can be confirmed, the defense state is canceled (S1105). This defensive state release includes unlocking and offline authentication release. Then, the state transitions to the "normal use state" (S1106).

When it is not necessary to release the tertiary defense state (NO in S1101), the transition condition to the "fourth data leakage protection state" is monitored (S1107). The transition condition to the "fourth data leakage prevention state" depends on the timer value and the like. Confirm the expiration of the state transition condition to the "fourth data leakage protection state", and repeat the expiration confirmation of the state transition condition to the "fourth data leakage prevention state" while it has not expired. When it is confirmed that the state transition condition to the "fourth data leakage prevention state" has expired (YES in S1108), the "fourth data leakage prevention" control process is performed (S1109). A more specific content of the “fourth data leakage prevention” control process is shown in FIG. 17C, which will be described later.

The process (12) performed after the rooting operation of FIG. 14 is detected (YES in S807) will be described with reference to the flowchart of FIG. 16CB. In this case, the "fourth data leakage prevention" control process is performed (S1201).

FIG. 17A shows more specific processing contents of the “secondary data leakage prevention” control processing such as S603. The "secondary data leakage prevention" control process is started, and the "lock control" is activated. This "lock control" is a terminal lock or an application lock. Next, the state transitions to the "secondary data leakage prevention state". Next, transition conditions to the "tertiary data leakage prevention state", such as timer values, are set and monitored.

FIG. 17B shows a more specific processing content of the “third data leakage prevention” control process of S1009. The "tertiary data leakage prevention" control process is started, and the "content erasure" is activated based on the erasure range definition information. Next, the state transitions to the "tertiary data leakage prevention state". Next, transition conditions to the "fourth data leakage prevention state", such as a timer value, are set and monitored.

FIG. 17C shows a more specific processing content of the “fourth data leakage prevention” control process of S1109. The "fourth data leakage prevention" control process is started, and the state transitions to the "fourth data leakage prevention state". All data inside the smart device 1 except the OS is irreparably erased. Next, the state transitions to the "initialized state". This "initialized state" refers to the state before shipment from the factory.

(Effect of the second embodiment)
In the smart device 1 to which the control device of the present embodiment is applied, security enhancement (information leakage prevention) is possible as in the first embodiment.

The reason is that even in the case of unauthorized access (rooting, etc.) or remote controlless state of the smart device (communication impossible state without SIM etc. due to theft or loss, communication environment is not good (offline state), etc.) This is because the content inside the smart device can be controlled. Furthermore, by setting detailed conditions and protecting data, it is possible to provide (realize) services with further enhanced security (prevention of information leakage).

Further, in the smart device 1 to which the control device of the present embodiment is applied, it is possible to improve customer (smart device user) satisfaction by a safe and secure usage environment as in the first embodiment.

The reason is that even in the case of unauthorized access (rooting, etc.) or remote controlless state of the smart device (communication impossible state without SIM etc. due to theft or loss, communication environment is not good (offline state), etc.) This is because detailed condition setting and data protection are possible. Eventually, all data (contents, applications, policy data, etc.) except the OS inside the smart device will be irretrievably erased (completely erased), so (leakage of encrypted data by background technology). Dispel customer anxiety (for potential). It is possible to improve customer (smart device user) satisfaction by providing a safe and secure usage environment for this system.

Further, in the smart device 1 to which the control device of the present embodiment is applied, it is possible to improve the convenience for business use of the smart device that maintains the security as in the first embodiment. In other words, both security and convenience can be achieved.

When some trouble occurs when using a smart device for business, even the user himself / herself may be upset and mistakenly operate the smart device, or a person who is unfamiliar with IT may make a mistake when using the smart device. In this embodiment, the recovery work time required for resuming the use of the smart device is minimized while maintaining the security of the internal data of the smart device by performing stepwise data protection according to the security level by setting detailed conditions. realizable. Here, the recovery work required for resuming the use of the smart device is the smart device usage environment setting such as the reinstallation of applications, contents, and policies. In this way, even if a problematic event occurs, it is possible to provide an optimal smart device usage environment that can achieve both security and convenience.

In the smart device 1 to which the control device of the present embodiment is applied, when an event that requires erasure or invalidation of confidential information is detected, control is performed from the normal usage state according to the content multi-step protection. As a result, data leakage can be suppressed.

Further, in the smart device 1 to which the control device of the present embodiment is applied, even when the smart device exists in the offline environment, when an event that requires erasure or invalidation of confidential information is detected, the content is changed from the normal usage state. Control according to multi-step defense. As a result, data leakage can be suppressed even for the smart device 1 in a state where remote control is not possible.

For example, when the rooting of the smart device 1 is detected, the state transitions to the "fourth data leakage prevention state", and all the data inside the smart device 1 except the OS is irreparably erased. As a result, it is possible to prevent leakage of confidential information to a malicious smart device 1 user.

For example, when the SIM card removal operation of the smart device 1 is detected, the allowable time required for recovery is input, and when the input of a reasonable time is detected, the leakage is more important during the input time. The recovery operation is monitored by deferring the state transition to the defensive state. As a result, it is possible to allow a non-malicious SIM removal by the user himself / herself or a maintenance worker authorized by the user himself / herself. Further, for the SIM card withdrawal operation by the user himself / herself or a user other than the maintenance worker authorized by the user himself / herself, the state transition to the leakage prevention state with higher importance can be performed. As a result, it is possible to prevent leakage of confidential information to a malicious smart device 1 user.

[Other Embodiments]
Although the present invention has been described in specific embodiments, the present invention is not limited thereto. FIG. 1A is a block diagram of an information processing device that realizes a control device according to an embodiment of the superordinate concept of the present invention. FIG. 1B is a block diagram showing the configuration of the control device 30 according to the embodiment of the superordinate concept. The information processing device of FIG. 1A includes a CPU (Central Processing Unit) 31 and a memory 32. The control device 30 of FIG. 1B includes a monitoring means 35 and a control means 36.

The control device 30 of FIG. 1B may be configured by loading the monitoring means 35 and the program for realizing the control monitoring 36 into the information processing device of FIG. 1A and executing the program. This program may be distributed in the form of computer readable recording media. The function of the present embodiment may be realized by software by reading the program recorded on such a recording medium and executing it in the information processing apparatus.

That is, a program that causes the information processing device of FIG. 1A to function as the monitoring means 35 and the control means 36 is used. A program that realizes such a function can be distributed in the form of a recording medium on which the program is recorded. This program is a general-purpose semiconductor recording device such as CF (Compact Flash (registered trademark)) and SD (Secure Digital), a magnetic recording medium such as a flexible disk, or a CD-ROM (Compact Disc Read Only Memory). ), Etc., can be distributed in the form of an optical recording medium or the like.

Although preferred embodiments and examples of the present invention have been described above, the present invention is not limited thereto. It goes without saying that various modifications are possible within the scope of the invention described in the claims, and these are also included in the scope of the present invention.

Some or all of the above embodiments may also be described, but not limited to:
(Appendix 1) A control device for transitioning a state of a smart device holding data between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage.
A monitoring means for monitoring the occurrence of an event that requires erasure or invalidation of the data,
When the occurrence of an event that requires erasure or invalidation of the data is detected, the control means for shifting the state of the smart device from the normal use state to the leakage prevention state, and
Control device including.
(Appendix 2) When an event that requires deletion or invalidation of the data occurs in the smart device in the offline environment, it is confirmed that the smart device contacts the administrator or moves the smart device to the online environment. In that case, the state is changed from the leakage prevention state to the normal use state.
The control device according to Appendix 1.
(Appendix 3) When the occurrence of an event that requires erasure or invalidation of the data is detected, the permissible time required for recovery is input, and if the input of a reasonable time is detected, during the input time Monitor recovery operations without transitioning to the more important leak protection state,
The control device according to Appendix 1.
(Appendix 4) The event that requires erasure or invalidation of the data is the removal of the SIM (Subscriber Identify Module) card inserted in the smart device, and the recovery is the reinsertion of the SIM card. Appendix 3 The control device described in.
(Appendix 5) When the control means detects rooting of the smart device, it controls to perform irrecoverable erasure of the data inside the smart device.
The control device according to any one of Supplementary note 1 to Supplementary note 4.
(Appendix 6) Server and
A system including a smart device including the control device according to any one of Supplementary note 1 to Supplementary note 5, which communicates with the server and holds the data.
(Appendix 7) A control method for transitioning a state of a smart device holding data between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage.
Monitor the occurrence of events that require erasure or invalidation of the data,
When the occurrence of an event that requires erasure or invalidation of the data is detected, the state transition of the smart device from the normal use state to the leakage prevention state is performed.
Control method.
(Appendix 8) When an event that requires deletion or invalidation of the data occurs in the smart device in the offline environment, it is confirmed that the smart device contacts the administrator or moves the smart device to the online environment. In that case, the state is changed from the leakage prevention state to the normal use state.
The control method according to Appendix 7.
(Appendix 9) When the occurrence of an event requiring deletion or invalidation of the data is detected, the permissible time required for recovery is input, and when an input of a reasonable time is detected, during the input time Monitor recovery operations without transitioning to the more important leak protection state,
The control method according to Appendix 7.
(Appendix 10) The event that requires erasure or invalidation of the data is the removal of the SIM (Subscriber Identify Module) card inserted in the smart device, and the recovery is the reinsertion of the SIM card. The control method described in.
(Appendix 11) When the rooting of the smart device is detected, the data inside the smart device is controlled to be irreparably erased.
The control method according to any one of Supplementary note 7 to Supplementary note 10.
(Appendix 12) A control program for transitioning a state of a smart device holding data between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage.
Computer,
A monitoring means for monitoring the occurrence of an event that requires erasure or invalidation of the data,
When the occurrence of an event that requires erasure or invalidation of the data is detected, the control means for shifting the state of the smart device from the normal use state to the leakage prevention state, and
A control program that works.
(Appendix 13) When an event that requires erasure or invalidation of the data occurs in the smart device in the offline environment, it is confirmed that the smart device contacts the administrator or moves the smart device to the online environment. In that case, the state is changed from the leakage prevention state to the normal use state.
The control program according to Appendix 12.
(Appendix 14) When the occurrence of an event requiring deletion or invalidation of the data is detected, the permissible time required for recovery is input, and when an input of a reasonable time is detected, during the input time Monitor recovery operations without transitioning to the more important leak protection state,
The control program according to Appendix 12.
(Appendix 15) The event that requires erasure or invalidation of the data is the removal of the SIM (Subscriber Identify Module) card inserted in the smart device, and the recovery is the reinsertion of the SIM card. The control program described in.
(Appendix 16) When the control means detects rooting of the smart device, it controls to perform irrecoverable erasure of the data inside the smart device.
The control program according to any one of Supplementary note 12 to Supplementary note 15.

1 smart device 2 User Equipment (UE)
3 User Identity Module (UIM)
4 Wireless unit / control unit 5 CPU
6 Memory 7 Antenna 10 Radio Access Network (RAN) or WiFi Access Point (AP)
11, 12 lines 20 servers 100 Internet or Intra Network (IN)

Claims (10)

A control device that transitions a state of a smart device that holds data between a normal usage state and a plurality of leakage prevention states having different importance for preventing data leakage.
A monitoring means for monitoring the occurrence of an event that requires erasure or invalidation of the data,
Upon detecting an occurrence of erasing and invalidation must event of said data from said smart device the normal use state, of the plurality of leakage defensive state, erasing and invalidation of the data to which the generated necessary A control device including a control means for transitioning to a leakage prevention state according to the degree of importance corresponding to an event. When an event that requires erasure or invalidation of the data occurs in the smart device in the offline environment, or when it is confirmed that the smart device contacts the administrator or the smart device is moved to the online environment. The control device according to claim 1, wherein the state transitions from the leakage prevention state to the normal use state. When the occurrence of an event that requires erasure or invalidation of the data is detected, the permissible time required for recovery is input, and if an input of a reasonable time is detected, the importance is higher during the input time. The control device according to claim 1, wherein the recovery operation is monitored without making a transition to a high leakage protection state. The event that requires erasure or invalidation of the data is the removal of the SIM (Subscriber Identify Module) card inserted in the smart device, and the recovery is the reinsertion of the SIM card, according to claim 3. Control device. The control device according to any one of claims 1 to 4, wherein when the control means detects rooting of the smart device, the data inside the smart device is controlled to be irrecoverably erased. .. With the server
A system including a smart device including the control device according to any one of claims 1 to 5, which communicates with the server and holds the data. A control method for transitioning a state of a smart device that holds data between a normal use state and a plurality of leakage prevention states having different importance for preventing data leakage.
The monitoring means monitors the occurrence of an event that requires erasure or invalidation of the data, and
Upon detecting an occurrence of erasing and invalidation must event of said data from said smart device the normal use state, of the plurality of leakage defensive state, erasing and invalidation of the data to which the generated necessary A control method in which a control means makes a state transition to a leak prevention state according to the importance corresponding to a certain event. When an event that requires erasure or invalidation of the data occurs in the smart device in the offline environment, or when it is confirmed that the smart device contacts the administrator or the smart device is moved to the online environment. The control method according to claim 7, wherein the state transitions from the leakage prevention state to the normal use state. When the occurrence of an event that requires erasure or invalidation of the data is detected, the permissible time required for recovery is input, and if an input of a reasonable time is detected, the importance is higher during the input time. The control method according to claim 7, wherein the recovery operation is monitored without transitioning to a high leakage protection state. The event that requires erasure or invalidation of the data is the removal of the SIM (Subscriber Identify Module) card inserted in the smart device, and the recovery is the reinsertion of the SIM card, according to claim 9. Control method.

Images