KR20130117552A - Mobile terminal and method for providing security thereto - Google Patents

Abstract

PURPOSE: A mobile terminal and a method for providing security thereof are provided to provide more improved security function. CONSTITUTION: A wireless communication unit (110) transmits and receives data wirelessly with an external device. A user input unit (130) is inputted with a command from a user. A control unit (180) receives a first signal from a mobile communication network through the wireless communication unit. The control unit controls a display unit to display a first replacement screen including a password input window on the display unit when the display unit is activated. [Reference numerals] (110) Wireless communication unit; (111) Broadcast reception unit; (112) Mobile communication module; (113) Wireless internet module; (114) NFC module; (115) Location information module; (120) A/V input unit; (121) Camera; (122) Microphone; (130) User input unit; (140) Sensing unit; (141) Proximity sensor; (150) Output unit; (151) Display unit; (152) Sound output module; (153) Alarm module; (154) Haptic module; (155) Projector module; (160) Memory; (170) Interface unit; (180) Control unit; (181) Multimedia module; (190) Power supply unit

Description

MOBILE TERMINAL AND METHOD FOR PROVIDING SECURITY THERETO}

The present invention relates to a method for providing security of a mobile terminal through various methods and an apparatus for performing the same.

The terminal can move And can be divided into a mobile / portable terminal and a stationary terminal depending on whether the mobile terminal is a mobile terminal or a mobile terminal. The mobile terminal can be divided into a handheld terminal and a vehicle mount terminal according to whether the user can directly carry the mobile terminal.

Such a terminal has various functions, for example, in the form of a multimedia device having multiple functions such as photographing and photographing of a moving picture, reproduction of a music or video file, reception of a game and broadcasting, etc. .

In order to support and enhance the functionality of such terminals, it may be considered to improve the structural and / or software parts of the terminal.

Recently, high performance / expensive mobile terminals such as smart phones and smart tablets have become popular, and as users use them for more various purposes, various information has been stored in the mobile terminals. Accordingly, when the mobile terminal is lost, there is a great concern about the leakage of personal data, and thus, there is a demand for a method that can provide security to the mobile terminal more effectively when the mobile terminal is lost.

The present invention is to provide a mobile terminal and a control method thereof that can provide a more advanced security function.

In addition, the present invention is to limit the function of the user's mobile terminal when the mobile terminal is lost, a service that can protect and recover the internal data through the function of erasing the data stored in the mobile terminal or tracking the location, etc. To provide.

In addition, the present invention is to provide a security method of a mobile terminal that can remotely set the lock function to the mobile terminal, and do not store the password in the mobile terminal itself to reduce the possibility of password leakage.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, unless further departing from the spirit and scope of the invention as defined by the appended claims. It will be possible.

Mobile terminal according to an embodiment of the present invention for realizing the above object, a wireless communication unit for transmitting and receiving data wirelessly with an external device; A user input unit for receiving a command from a user; A display unit; And a controller configured to control to display a first substitute screen including a password input window on the display when the first signal is received from the mobile communication network through the wireless communication unit.

In addition, a control method of a mobile terminal according to an embodiment of the present invention for realizing the above object comprises the steps of: receiving a first signal from a mobile communication network through a wireless communication unit; Displaying a first substitute screen including a password input window on the display unit when the display unit is activated; Receiving a password through a user input unit in a password input window; Transmitting the input password to the mobile communication network through the wireless communication unit; And when the second signal indicating that the password is valid is received from the mobile communication network in response to the transmission, canceling the first substitute screen, and when the third signal indicating that the password is invalid is received. And maintaining the first replacement screen.

In addition, the security providing method of the mobile terminal according to an embodiment of the present invention for realizing the above object, a web server, a web terminal for accessing the web server, a push server, a database server for storing the first password Selecting a security function executed in the mobile terminal through the web terminal in a mobile communication system including a relay server; Transmitting the execution command of the selected security function from the web terminal to the push server and the database server via the web server; Transmitting an execution command of the selected security function from the push server to the mobile terminal; And executing a security function corresponding to the execution command in the mobile terminal.

An improved security function may be provided through a mobile terminal related to at least one embodiment of the present invention configured as described above.

In addition, when the mobile terminal is lost, the internal data may be protected and recovered through functions such as limiting the function of the mobile terminal of the user and erasing or storing the data stored in the mobile terminal.

In addition, the present invention can reduce the possibility of password leakage by remotely setting a lock function in the mobile terminal, and adopting a method of comparing with the password stored in the external server without storing the password in the mobile terminal itself.

The effects obtained by the present invention are not limited to the above-mentioned effects, and other effects not mentioned can be clearly understood by those skilled in the art from the following description will be.

1 is a block diagram of a mobile terminal according to an embodiment of the present invention.
2 is a front perspective view of a mobile terminal according to an embodiment of the present invention.
3 shows an example of a mobile communication system configuration for carrying out the embodiments of the present invention.
4 is a block diagram illustrating a security function that can be performed in a mobile terminal according to an embodiment of the present invention.
5 is a flowchart illustrating a procedure of releasing after the web lock function is executed in a mobile terminal according to an embodiment of the present invention.
6 illustrates an example of a web lock replacement screen and a web lock release screen according to an embodiment of the present invention.
7 is a flowchart illustrating a procedure of executing a USB lock function in a mobile terminal according to an embodiment of the present invention.
8 illustrates an example of a form in which an ADB function and a UMS function, which are subject to a USB lock, are set on a mobile terminal according to an embodiment of the present invention.
9 illustrates a result screen output on a display of a computer which attempts to connect a USB device after the USB lock function is executed in the mobile terminal according to one embodiment of the present invention.
10 is a flowchart illustrating a procedure of executing a sync off function in a mobile terminal according to an embodiment of the present invention.
11 illustrates an example in which a sync off function is set on a mobile terminal according to an embodiment of the present invention.
12 illustrates an example of a procedure of executing a SIM data tracking function according to an embodiment of the present invention.
13 shows an example of a process of executing the call termination tracking function according to an embodiment of the present invention.
14 illustrates an example in which an alternative phone screen is displayed on a mobile terminal according to an embodiment of the present invention.
15 illustrates an example of a process of executing the forced web lock function according to an embodiment of the present invention.
16 illustrates an example of a form in which a web lock function forced on a mobile terminal is executed according to an embodiment of the present invention.
17 is a flowchart illustrating an example of a location tracking method in consideration of a tracking method and an acquisition order according to an embodiment of the present invention.
18 is a flowchart illustrating an example of a location tracking method for reducing server load according to an embodiment of the present invention.
19 is a flowchart illustrating an example of a location tracking method in consideration of an effective time of location information according to an embodiment of the present invention.

Hereinafter, a mobile terminal related to the present invention will be described in detail with reference to the drawings. The suffix "module" and " part "for the components used in the following description are given or mixed in consideration of ease of specification, and do not have their own meaning or role.

The mobile terminal described in this specification includes a mobile phone, a smart phone, a laptop computer, a digital broadcasting terminal, a PDA (Personal Digital Assistants), a PMP (Portable Multimedia Player), a navigation system, . However, it will be readily apparent to those skilled in the art that the configuration according to the embodiments described herein may also be applied to fixed terminals such as digital TVs, desktop computers, etc., except when applicable only to mobile terminals.

Overall configuration

1 is a block diagram of a mobile terminal according to an embodiment of the present invention.

The mobile terminal 100 includes a wireless communication unit 110, an audio / video input unit 120, a user input unit 130, a sensing unit 140, an output unit 150, a memory 160, A controller 170, a controller 180, a power supply 190, and the like. The components shown in FIG. 1 are not essential, and a mobile terminal having more or fewer components may be implemented.

Hereinafter, the components will be described in order.

The wireless communication unit 110 may include one or more modules for enabling wireless communication between the mobile terminal 100 and the wireless communication system or between the mobile terminal 100 and the network in which the mobile terminal 100 is located. For example, the wireless communication unit 110 may include a broadcast receiving module 111, a mobile communication module 112, a wireless Internet module 113, a short range communication module 114, and a location information module 115 .

The broadcast receiving module 111 receives a broadcast signal and / or broadcast related information from an external broadcast management server through a broadcast channel.

The broadcast channel may include a satellite channel and a terrestrial channel. The broadcast management server may refer to a server for generating and transmitting broadcast signals and / or broadcast related information, or a server for receiving broadcast signals and / or broadcast related information generated by the broadcast management server and transmitting the generated broadcast signals and / or broadcast related information. The broadcast signal may include a TV broadcast signal, a radio broadcast signal, a data broadcast signal, and a broadcast signal in which a data broadcast signal is combined with a TV broadcast signal or a radio broadcast signal.

The broadcast-related information may refer to a broadcast channel, a broadcast program, or information related to a broadcast service provider. The broadcast related information may also be provided through a mobile communication network. In this case, it may be received by the mobile communication module 112.

The broadcast related information may exist in various forms. For example, it may exist in the form of Electronic Program Guide (EPG) of Digital Multimedia Broadcasting (DMB) or Electronic Service Guide (ESG) of Digital Video Broadcast-Handheld (DVB-H).

For example, the broadcast receiving module 111 may be a Digital Multimedia Broadcasting-Terrestrial (DMB-T), a Digital Multimedia Broadcasting-Satellite (DMB-S), a Media Forward Link Only And a Digital Broadcasting System (ISDB-T) (Integrated Services Digital Broadcast-Terrestrial). Of course, the broadcast receiving module 111 may be adapted to other broadcasting systems as well as the digital broadcasting system described above.

The broadcast signal and / or broadcast related information received through the broadcast receiving module 111 may be stored in the memory 160.

The mobile communication module 112 transmits and receives radio signals to at least one of a base station, an external terminal, and a server on a mobile communication network. The wireless signal may include various types of data depending on a voice call signal, a video call signal or a text / multimedia message transmission / reception.

The wireless Internet module 113 is a module for wireless Internet access, and may be built in or externally attached to the mobile terminal 100. Wireless Internet technologies include Wireless LAN (Wi-Fi), Wireless Broadband (Wibro), World Interoperability for Microwave Access (Wimax), High Speed Downlink Packet Access (HSDPA), Long Term Evolution (LTE), or higher Technique may be used.

The short range communication module 114 refers to a module for short range communication. Bluetooth, Radio Frequency Identification (RFID), infrared data association (IrDA), Ultra Wideband (UWB), ZigBee, and the like can be used as a short range communication technology.

The position information module 115 is a module for obtaining the position of the mobile terminal, and a representative example thereof is a Global Position System (GPS) module.

Referring to FIG. 1, an A / V (Audio / Video) input unit 120 is for inputting an audio signal or a video signal, and may include a camera 121 and a microphone 122. The camera 121 processes image frames such as still images or moving images obtained by the image sensor in the video call mode or the photographing mode. The processed image frame can be displayed on the display unit 151. [

The image frame processed by the camera 121 may be stored in the memory 160 or transmitted to the outside through the wireless communication unit 110. [ Two or more cameras 121 may be provided depending on the use environment.

The microphone 122 receives an external sound signal through a microphone in a communication mode, a recording mode, a voice recognition mode, or the like, and processes it as electrical voice data. The processed voice data can be converted into a form that can be transmitted to the mobile communication base station through the mobile communication module 112 when the voice data is in the call mode, and output. Various noise reduction algorithms may be implemented in the microphone 122 to remove noise generated in receiving an external sound signal.

The user input unit 130 generates input data for a user to control the operation of the terminal. The user input unit 130 may include a key pad dome switch, a touch pad (static pressure / capacitance), a jog wheel, a jog switch, and the like.

The sensing unit 140 senses the current state of the mobile terminal 100 such as the open / close state of the mobile terminal 100, the position of the mobile terminal 100, the presence or absence of user contact, the orientation of the mobile terminal, And generates a sensing signal for controlling the operation of the mobile terminal 100. For example, when the mobile terminal 100 is in the form of a slide phone, it may sense whether the slide phone is opened or closed. In addition, whether the power supply unit 190 is supplied with power, whether the interface unit 170 is coupled to the external device may be sensed. Meanwhile, the sensing unit 140 may include a proximity sensor 141.

The output unit 150 is for generating an output relating to visual, auditory or tactile sense and includes a display unit 151, an acoustic output module 152, an alarm unit 153, a haptic module 154, 155, and the like.

The display unit 151 displays (outputs) information processed by the mobile terminal 100. For example, when the mobile terminal is in the call mode, a UI (User Interface) or a GUI (Graphic User Interface) associated with a call is displayed. When the mobile terminal 100 is in the video communication mode or the photographing mode, the photographed and / or received video or UI and GUI are displayed.

The display unit 151 may be a liquid crystal display (LCD), a thin film transistor-liquid crystal display (TFT LCD), an organic light-emitting diode (OLED), a flexible display display, and a 3D display.

Some of these displays may be transparent or light transmissive so that they can be seen through. This can be referred to as a transparent display, and a typical example of the transparent display is TOLED (Transparent OLED) and the like. The rear structure of the display unit 151 may also be of a light transmission type. With this structure, the user can see an object located behind the terminal body through the area occupied by the display unit 151 of the terminal body.

There may be two or more display units 151 according to the embodiment of the mobile terminal 100. For example, in the mobile terminal 100, a plurality of display portions may be spaced apart from one another, or may be disposed integrally with one another, and may be disposed on different surfaces, respectively.

When the display unit 151 and a sensor for detecting a touch operation (hereinafter, referred to as a touch sensor) form a mutual layer structure (hereinafter referred to as a touch screen), the display unit 151 may be configured in addition to an output device. Can also be used as an input device. The touch sensor may have the form of, for example, a touch film, a touch sheet, a touch pad, or the like.

The touch sensor may be configured to convert a change in a pressure applied to a specific portion of the display unit 151 or a capacitance generated in a specific portion of the display unit 151 into an electrical input signal. The touch sensor can be configured to detect not only the position and area to be touched but also the pressure at the time of touch.

If there is a touch input to the touch sensor, the corresponding signal (s) is sent to the touch controller. The touch controller processes the signal (s) and transmits the corresponding data to the controller 180. As a result, the controller 180 can know which area of the display unit 151 is touched.

The proximity sensor 141 may be disposed in an inner region of the mobile terminal or in the vicinity of the touch screen, which is enclosed by the touch screen. The proximity sensor refers to a sensor that detects the presence or absence of an object approaching a predetermined detection surface or a nearby object without mechanical contact using the force of an electromagnetic field or infrared rays. The proximity sensor has a longer life span than the contact sensor and its utilization is also high.

Examples of the proximity sensor include a transmission photoelectric sensor, a direct reflection photoelectric sensor, a mirror reflection photoelectric sensor, a high frequency oscillation proximity sensor, a capacitive proximity sensor, a magnetic proximity sensor, and an infrared proximity sensor. And to detect the proximity of the pointer by the change of the electric field along the proximity of the pointer when the touch screen is electrostatic. In this case, the touch screen (touch sensor) may be classified as a proximity sensor.

Hereinafter, for convenience of explanation, the act of allowing the pointer to be recognized without being in contact with the touch screen so that the pointer is located on the touch screen is referred to as a "proximity touch", and the touch The act of actually touching the pointer on the screen is called "contact touch." The position where the pointer is proximately touched on the touch screen means a position where the pointer is vertically corresponding to the touch screen when the pointer is touched.

The proximity sensor detects a proximity touch and a proximity touch pattern (e.g., a proximity touch distance, a proximity touch direction, a proximity touch speed, a proximity touch time, a proximity touch position, a proximity touch movement state, and the like). Information corresponding to the detected proximity touch operation and the proximity touch pattern may be output on the touch screen.

The sound output module 152 may output audio data received from the wireless communication unit 110 or stored in the memory 160 in a call signal reception, a call mode or a recording mode, a voice recognition mode, a broadcast reception mode, and the like. The sound output module 152 also outputs sound signals related to functions (e.g., call signal reception sound, message reception sound, etc.) performed in the mobile terminal 100. [ The audio output module 152 may include a receiver, a speaker, a buzzer, and the like.

The alarm unit 153 outputs a signal for notifying the occurrence of an event of the mobile terminal 100. Examples of events that occur in the mobile terminal include call signal reception, message reception, key signal input, touch input, and the like. The alarm unit 153 may output a signal for notifying the occurrence of an event in a form other than the video signal or the audio signal, for example, vibration. The video signal or the audio signal may be output through the display unit 151 or the audio output module 152 so that they may be classified as a part of the alarm unit 153.

The haptic module 154 generates various tactile effects that the user can feel. A typical example of the haptic effect generated by the haptic module 154 is vibration. The intensity and pattern of vibration generated by the haptic module 154 can be controlled. For example, different vibrations may be synthesized and output or sequentially output.

In addition to vibration, the haptic module 154 may be configured to provide a pin array that vertically moves with respect to the contact skin surface, a jetting force or suction force of air through an injection or inlet port, grazing to the skin surface, contact of an electrode, electrostatic force, and the like. Various tactile effects can be generated, such as effects by the endothermic and the reproduction of a sense of cold using the elements capable of endotherm or heat generation.

The haptic module 154 can be implemented not only to transmit the tactile effect through the direct contact but also to allow the user to feel the tactile effect through the muscular sensation of the finger or arm. The haptic module 154 may include two or more haptic modules 154 according to the configuration of the portable terminal 100.

The projector module 155 is a component for performing an image project function using the mobile terminal 100 and is similar to the image displayed on the display unit 151 in accordance with a control signal of the controller 180 Or at least partly display another image on an external screen or wall.

Specifically, the projector module 155 includes a light source (not shown) that generates light (for example, laser light) for outputting an image to the outside, a light source And a lens (not shown) for enlarging and outputting the image at a predetermined focal distance to the outside. Further, the projector module 155 may include a device (not shown) capable of mechanically moving the lens or the entire module to adjust the image projection direction.

The projector module 155 can be divided into a CRT (Cathode Ray Tube) module, an LCD (Liquid Crystal Display) module and a DLP (Digital Light Processing) module according to the type of the display means. In particular, the DLP module may be advantageous for miniaturization of the projector module 151 by enlarging and projecting an image generated by reflecting light generated from a light source on a DMD (Digital Micromirror Device) chip.

Preferably, the projector module 155 may be provided longitudinally on the side, front or back side of the mobile terminal 100. It goes without saying that the projector module 155 may be provided at any position of the mobile terminal 100 as occasion demands.

The memory unit 160 may store a program for processing and controlling the control unit 180 and temporarily store the input / output data (e.g., telephone directory, message, audio, For example. The memory unit 160 may also store the frequency of use of each of the data (for example, each telephone number, each message, and frequency of use for each multimedia). In addition, the memory unit 160 may store data on vibration and sound of various patterns output when the touch is input on the touch screen.

The memory 160 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, SD or XD memory), a RAM (Random Access Memory), SRAM (Static Random Access Memory), ROM (Read Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), PROM A disk, and / or an optical disk. The mobile terminal 100 may operate in association with a web storage that performs a storage function of the memory 160 on the Internet.

The interface unit 170 serves as a path for communication with all external devices connected to the mobile terminal 100. The interface unit 170 receives data from an external device or supplies power to each component in the mobile terminal 100 or transmits data to the external device. For example, a wired / wireless headset port, an external charger port, a wired / wireless data port, a memory card port, a port for connecting a device having an identification module, an audio I / O port, A video input / output (I / O) port, an earphone port, and the like may be included in the interface unit 170.

The identification module is a chip for storing various information for authenticating the use right of the mobile terminal 100 and includes a user identification module (UIM), a subscriber identity module (SIM), a general user authentication module A Universal Subscriber Identity Module (USIM), and the like. Devices with identification modules (hereinafter referred to as "identification devices") can be manufactured in a smart card format. Accordingly, the identification device can be connected to the terminal 100 through the port.

When the mobile terminal 100 is connected to an external cradle, the interface unit may be a path through which power from the cradle is supplied to the mobile terminal 100, or various command signals input by the user to the cradle may be transmitted It can be a passage to be transmitted to the terminal. The various command signals or the power source input from the cradle may be operated as a signal for recognizing that the mobile terminal is correctly mounted on the cradle.

The controller 180 typically controls the overall operation of the mobile terminal. For example, voice communication, data communication, video communication, and the like. The control unit 180 may include a multimedia module 181 for multimedia playback. The multimedia module 181 may be implemented in the control unit 180 or may be implemented separately from the control unit 180. [

The controller 180 may perform a pattern recognition process for recognizing handwriting input or drawing input performed on the touch screen as characters and images, respectively.

The power supply unit 190 receives an external power source and an internal power source under the control of the controller 180 to supply power for operation of each component.

The various embodiments described herein may be embodied in a recording medium readable by a computer or similar device using, for example, software, hardware, or a combination thereof.

According to a hardware implementation, the embodiments described herein include application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), and the like. It may be implemented using at least one of processors, controllers, micro-controllers, microprocessors, and electrical units for performing other functions. The described embodiments may be implemented by the controller 180 itself.

According to the software implementation, embodiments such as the procedures and functions described herein may be implemented as separate software modules. Each of the software modules may perform one or more of the functions and operations described herein. Software code can be implemented in a software application written in a suitable programming language. The software code is stored in the memory 160 and can be executed by the control unit 180. [

Organization description

FIG. 2 is a perspective view of a mobile terminal or a portable terminal according to the present invention, as viewed from the front.

The disclosed mobile terminal 100 has a bar-shaped terminal body. However, the present invention is not limited thereto, and can be applied to various structures such as a slide type, a folder type, a swing type, and a swivel type in which two or more bodies are relatively movably coupled.

The body includes a case (a casing, a housing, a cover, and the like) which forms an appearance. In this embodiment, the case may be divided into a front case 101 and a rear case 102. [ A variety of electronic components are embedded in the space formed between the front case 101 and the rear case 102. At least one intermediate case may be additionally disposed between the front case 101 and the rear case 102. [

The cases may be formed by injecting synthetic resin or may be formed of a metal material, for example, a metal material such as stainless steel (STS) or titanium (Ti).

The display unit 151, the sound output unit 152, the camera 121, the user input units 130/131 and 132, the microphone 122, the interface 170, and the like may be disposed in the front body 101 have.

The display unit 151 occupies most of the main surface of the front case 101. A sound output unit 151 and a camera 121 are disposed in an area adjacent to one end of both ends of the display unit 151 and a user input unit 131 and a microphone 122 are disposed in an area adjacent to the other end. The user input unit 132 and the interface 170 may be disposed on the side surfaces of the front case 101 and the rear case 102. [

The user input unit 130 is operated to receive a command for controlling the operation of the portable terminal 100 and may include a plurality of operation units 131 and 132. The operation units 131 and 132 may be collectively referred to as a manipulating portion and may be employed in any manner as long as the user operates in a tactile manner.

The contents inputted by the first or second operation unit 131 or 132 may be variously set. For example, the first operation unit 131 receives commands such as start, end, scroll, and the like, and the second operation unit 132 controls the size of the sound output from the sound output unit 152 or the size of the sound output from the display unit 151 To the touch recognition mode of the touch screen.

On the other hand, the display unit 151 may be operated in the entire area or divided into a plurality of areas. In the latter case, the plurality of areas can be configured to operate in association with each other. In addition, the display unit 151 may display various types of visual information. These pieces of information can be displayed in the form of letters, numbers, symbols, graphics, or icons.

At least one of the letters, numbers, symbols, graphics, or icons may be displayed in a predetermined arrangement for inputting such information, thereby being implemented as a keypad. Such a keypad may be referred to as a so-called " virtual keypad ".

The display unit 151 or the touch pad 135 may be configured to receive a touch input by scrolling, as well as the input method described in the above embodiments. The user can move a cursor or a pointer located on an object displayed on the display unit 151, for example, an icon or the like, by scrolling the display unit 151 or the touch pad 135. [ Further, when the finger is moved on the display portion 151 or the touch pad 135, the path along which the finger moves may be visually displayed on the display portion 151. [ This will be useful for editing the image displayed on the display unit 151. [

On the other hand, an arrow or finger-shaped graphic for pointing a specific object or selecting a menu in the display unit is called a pointer or a cursor. However, in the case of a pointer, it often means a finger or a stylus pen for a touch operation or the like. Therefore, in this specification, a graphic displayed on the display unit is referred to as a cursor, and a physical means for performing a touch, a proximity touch, and a gesture, such as a finger or a stylus pen, is referred to as a pointer.

The mobile terminal according to the present invention described below includes at least one of the components described above with reference to FIG. 1, but is not necessarily limited thereto, and may include more components than those of FIG. 1 or fewer components. It may also include. However, for convenience, it is assumed that the display unit 151 of the mobile terminal 100 according to the present invention is a touch screen.

Mobile communication system configuration

The mobile terminal according to the present invention may activate or release various security functions in association with a mobile communication system for providing security, and inquire the mobile communication system whether to execute the operation of the operation, or perform the mobile communication again. Report to the system. The user can prevent unauthorized use of the lost mobile terminal (e.g., unwanted calls or information stored inside the mobile terminal), and activate various functions through a web page or an application to obtain the location of the current mobile terminal. You can. Access to a web page or operation of an application may be a computer or other mobile terminal having a general internet connection, and a security function selected through the web page or application may be transmitted to the mobile terminal through a mobile communication network. A detailed configuration of a mobile communication system for ensuring the performance of such an operation will be described with reference to FIG. 3.

3 shows an example of a mobile communication system configuration for carrying out the embodiments of the present invention.

Referring to FIG. 3, a mobile communication system for performing embodiments of the present invention includes a mobile terminal 100, a web terminal 200, a web server 310, a push server 320, and a connection management server ( CMS includes a Connection Management Server (330), a Database Server (DB server, 340) and the relay server 350. Hereinafter, each component will be described in more detail.

The mobile terminal 100 is as described above with reference to FIGS. 1 and 2, the web terminal 200 can be connected to the web server 310 via a web browser or an application via a web browser or an application, and inputs a display means and a command. It is not limited to any type of computer and terminal as long as it has a means. The web server 310 may provide a web page API (Application Programming Interface) for securing the mobile terminal to the web terminal 200, and may query the address of the push server 320 from the connection management server 330, and the data Information may be read or recorded from the base server 340. Here, the webpage API for mobile terminal security refers to an interface made to control the mobile terminal security function according to the present invention on a web browser driven by the web terminal 200 or an application corresponding thereto. An interface for allowing a user to select various security functions that can be activated or released in the lost mobile terminal 100 may be provided.

The push server 320 transmits a security function related command requested from the web server 310 to the mobile terminal 100. The command related to the security function requested from the web server 310 is preferably a command corresponding to a function selected by the user of the mobile terminal 100 through an API provided by the web terminal 200. In addition, a plurality of push servers 320 may be geographically distributed.

The connection management server 330 obtains and manages a server address of the push server 320 and / or a list of mobile terminals in charge of the push server 320 from the push server 320. In addition, since the web server 310 needs to transmit a command to a specific mobile terminal, when the server address of the push server 320 in charge of the mobile terminal is inquired, the web server 310 may inform the web server 310 of the request.

The database server 340 provides a command for a security function requested by the user through the web terminal 200 to the web server 310, a result of performing the command, and security related information of the mobile terminal (for example, SIM card information and a password). , Synchronization information, etc.) may be stored.

When the relay server 350 requests a command confirmation before the mobile terminal 100 executes the command transmitted from the push server 320, the relay server 350 inquires the corresponding command from the database server 340 and returns it to the mobile terminal 100. Alternatively, the mobile terminal may receive information about a command execution result from the mobile terminal and transmit the information to the database server 340.

Meanwhile, the communication between the web server 310 and the web terminal 200 may comply with the HTTP standard, and data exchange may be performed for communication between other servers according to the MQ Telemetry Transport (MQTT) protocol. . In addition, since the servers 310 to 350 are classified based on a function to be performed, the present invention is not limited thereto, and two or more functions may be performed through one server, and one function may include two or more servers. It can be carried out by those skilled in the art will be appreciated.

Hereinafter, a description will be given of the order in which the security-related functions of the mobile terminal is performed through the above-described components.

The mobile terminal 100 is provided with a program code for performing a security function according to the present invention in the form of an application and / or operating system (OS), a wireless communication unit for communicating with the push server 320 and the relay server 350 It is assumed that 110 is necessarily provided. In addition, the database server 340 includes information for identifying a mobile terminal and a user (for example, an ID and password (that is, web account information) for accessing a web server, SIM card information, and information for mobile terminal security). It is assumed that is stored in advance.

First, when a security function of the mobile terminal according to the present invention is required (for example, the mobile terminal is lost), the user accesses the web server 310 through the web terminal 200. In this case, a login procedure may be required for user confirmation / authentication, and the web server 310 is a database server 340 for checking login information.

When activation of a specific security function is selected from the user through an API provided by the web server 310, the web server 310 transmits an execution command of the selected function to the mobile terminal 100 to the connection management server 330. Inquire the address of the push server 320 in charge of the mobile terminal 100. When the address of the push server 320 is obtained, the web server 310 requests the push server to transmit the execution command to the mobile terminal, and requests the database server 340 to store the execution command.

The push server 320 transmits the execution command to the mobile terminal 100 at the request of the web server. The mobile terminal 100 may immediately perform an operation according to a corresponding execution command or may go through a confirmation procedure. In case of undergoing the verification procedure, the mobile terminal 100 inquires of the validity of the execution command to the relay server 350. The relay server 350 may have the same execution command that the mobile terminal inquires of the database server 340 and the execution command that the web server 310 requests to store (ie, a command selected by the user through a web page) according to a request of the mobile terminal. Ask for confirmation. The relay server 350, which has been confirmed to have the same command, notifies the mobile terminal 100 of the command, and the mobile terminal performs an operation according to the corresponding execution command. Thereafter, the mobile terminal transmits the result of performing the operation to the relay server 350 immediately or based on event triggered. The relay server 350 transmits the execution result to the database server 340 again, and the database server 340 pushes the execution result to the web server 310 in real time or periodically, or polling from the web server 310 is performed. If there is, delivers the execution result to the web server 310. The execution result delivered to the web server 310 may be displayed on the web terminal 200 through the API.

Except in special cases, the above-described command execution process may be universally applied to the embodiments of the present invention.

Features to Provide Security

Hereinafter, with reference to Figure 4 will be described a specific function provided with security to the mobile terminal according to the present invention.

4 is a block diagram illustrating step by step a security function that can be performed in a mobile terminal according to an embodiment of the present invention.

Referring to FIG. 4, a security function according to an embodiment of the present invention may be largely divided into a lost phase on the left side, a function execution stage on the left side, and an end stage on the right side.

The loss step refers to a process until the user recognizes a loss and receives an API for controlling a security function by accessing a web server through a web terminal.

The function execution step is a process that can be performed before the termination step of executing a kill function that finally disables the security function executed in the mobile terminal or makes the boot itself impossible. Each function constituting the function execution step is performed. May be executed alone or two or more functions may be performed together.

Hereinafter, each function constituting the function execution step will be described in detail. As described above, the functions to be described below may be executed when an execution command corresponding to each function is received from the push server. That is, when the user selects an execution command for the corresponding function from the web server 310 through the web terminal 200, the corresponding function may be executed in the mobile terminal.

First, the remote alert refers to a function of forcibly outputting the sound through the sound output unit 152 or the vibration through the haptic module 154 from the mobile terminal 100 under a specific condition. This is for stimulating the sense of touch using vibration, or for stimulating the hearing with the sound generated by the vibration or output through the sound output unit to recognize the location of the lost mobile terminal 100 to the user. The vibration or sound may be continuously generated for a predetermined time immediately or periodically. Such an output pattern may be preset in the mobile terminal itself or may be directly selected by the user in an API provided through the web server 310. have. When the user directly selects the data, the execution command transmitted from the push server 320 may be transmitted to the mobile terminal 100 in a form in which output pattern information is included. In addition, the specific condition may be location information or time information. The location information may be executed when the current location of the mobile terminal 100 obtained from the location information module 115 corresponds to a preset point. If this function is executed based on the location, if the remote alert function is set to operate in the location where the user of the lost mobile terminal resides, the sound or vibration is generated when the learner passes the corresponding location, so that the user has lost the mobile terminal. You can increase your chances of finding it.

Next, the Web-Lock function will be described. When the web lock function is set, use of at least some functions of the mobile terminal 100 may be restricted. For example, only the function of not being able to view a file inside the mobile terminal 100 or receiving an incoming call (including rejection of reception) may be performed, and a preset alternative screen may be displayed instead of the home screen of the mobile terminal. . The replacement screen may only display functions that can be executed with the web lock function activated. In order to release it when the web lock function is activated, the user inputs a preset password in a password password input window displayed on a replacement screen or the like, or inputs the password to the input means of the web terminal 200 through an API provided from the web server 310. A method of inputting may be used. In this case, the password for releasing the web lock function may be stored encrypted in the database server 340, and preferably different from the password for releasing the lock screen of the mobile terminal itself. When a password for releasing the web lock function is input through the user input unit 130 of the mobile terminal (for example, the virtual keypad displayed on the touch screen), the input password is transmitted to the relay server 350, and the relay server Queries the database server 340 for verification of identity and pre-stored passwords. If it is confirmed from the database server 340 that the two passwords are the same, the relay server 350 may release the web lock set in the mobile terminal according to the notification to the mobile terminal again.

If a password for releasing the web lock function is incorrectly entered a predetermined number of times, an advanced web lock function may be executed. When the enhanced web lock function is executed, the mobile terminal can no longer enter a password for releasing the web lock. For example, when the password password input window is displayed on the replacement screen as the web lock function is executed, the password password input window may disappear from the replacement screen when the enhanced web lock function is executed. Therefore, once the enhanced web lock function is executed, it can be released only by input through the web server 310.

Meanwhile, when the web lock (or enhanced web lock) function is executed, the sync-off function and the USB lock function may additionally be executed. The sync function is to synchronize data stored between the mobile terminal and the database server 340. When the sync off function is executed, new data is transmitted from the database server to the lost mobile terminal or lost. Any modified information in the mobile terminal can be prevented from updating the information stored in the database server. In addition, the USB lock function means a function that prevents a lost mobile terminal learner from accessing the file system of the mobile terminal by connecting a USB cable arbitrarily. For Android systems, you can prevent access through Android Data Bridge (ADB) or Ultra Mass Storage (UMS) connections. Therefore, the lost mobile terminal learner can prevent root access, reinstallation of the OS, or access to the internal memory through hacking through the ADB. Of course, this disables data input and output through the USB port in software, and does not prevent power supply through the USB port (ie, internal battery charging).

The above-described Sync-off function and the USB lock function may be executed together when the web lock function is executed, may be executed together when the enhanced web lock function is executed, or may be executed separately at different stages.

Next, the encryption function will be described. The encryption function encrypts data stored in the memory 160 of the mobile terminal to prevent leakage of internal data even when the learner releases a locking mechanism such as a web lock. The encryption may be performed according to a preset encryption algorithm. The entire file may be encrypted, or in the case of a large file, only the file header may be encrypted. The range of the file to be encrypted may be set through the web API or may be set in advance in the mobile terminal 100.

Next, the remote message function will be described. The remote message function refers to a function of displaying a message input by a user of a lost mobile terminal through a web API on a display unit of the lost mobile terminal 100. Through this, the user of the lost mobile terminal may transmit a message to the learner. In particular, when the function is used together with the web lock function, the function may be displayed on an alternative screen provided by the web lock function.

The memory wipe function refers to a function of deleting a specific range of memory storage. This function can be divided into two stages. In the first stage, user files can be deleted while the system setting or application is left intact. In the second stage, the system can be initialized such as Factory Reset. After that, a reboot may be performed in a web lock state. In other words, when the first stage wipe is executed, the system file area (for example, internal memory) in which system files such as the OS are stored is maintained, and the file area (for example, freely written and deleted by the user) is maintained. Only files stored on an SD memory card can be deleted.

Next, the location tracking function will be described. The location tracking function is obtained by the lost mobile terminal 100 using the wireless communication module 110 and transmits the location information to the relay server 350 through the web server 310 through the web terminal 200. It is a function to display the image. At this time, the mobile terminal activates the mobile communication module 112 or the wireless Internet module 113 to obtain identification information (eg, Cell ID, BSID, MAC address or IP of the AP) of the 3G network or the Wi-Fi network. Acquire and transmit it to the relay server 350. In addition, the mobile terminal may transmit the GPS coordinates obtained through the location information module 115 to the relay server 350. Of course, when the execution command for the location tracking function is received from the push server 320 and the GPS or the Wi-Fi module is in a deactivated state, the controller 180 may activate the module regardless of the setting (that is, setting override). Can be.

In addition, the mobile terminal 100 may activate the mobile communication module 112, the wireless Internet module 113 and the location information module 115 in parallel to transmit to the relay server 350 in the order of the information obtained first. In addition, each module may be activated in the order specified in the execution command received from the push server 320. In addition, the function may be configured to periodically acquire and transmit location information when an execution command for any one of the functions for providing security according to the present invention is received in addition to the trigger through the web.

Next, SIM data tracking will be described. The SIM card or USIM card includes information for subscriber identification and is generally connected to the mobile terminal through the interface unit 170. If the controller 180 detects that the SIM card is replaced after the execution command for any one of the functions for providing security according to the present invention is received, the controller 180 controls the information of the replaced SIM card (for example, For example, a phone number or a SIM card unique number, IMSI (International Mobile Subscriber Identity, etc.) may be transmitted to the relay server 350.

Next, end call tracking will be described. This function is used when the incoming call after the web lock function is executed is not terminated due to network conditions (i.e., the call attempt timeout, etc.) ), This is the function to send this to the relay server. Through this function, the lost user can indirectly determine the intention of the learner's return. In order to provide the present function more efficiently, it is preferable that an alternative screen is provided when the web lock is being executed, which also provides a limited function (for example, only receiving and rejecting calls). In addition, in the alternative screen, for the protection of personal information, even the number in the phone book may be displayed only by the number other than the name stored in the phone book, or even the caller number may not be displayed. Of course, the controller 180 may transmit not only the reception / rejection fact but also the reception history and / or the received text message to the relay server 350 after the web lock function is executed, and the transmission history may be deleted.

Finally, kill means the ability to disable boot itself by deleting boot-related files or overwriting them with invalid data. This can be used when the user wants to lure the learner to the service center if the user does not have a chance to retrieve the lost mobile terminal.

Hereinafter, a process of executing the functions described with reference to FIG. 4 and a form of executing the corresponding functions on the display unit of the mobile terminal will be described in more detail with reference to FIGS. 5 to 16.

Web rock

5 is a flowchart illustrating a procedure of releasing after the web lock function is executed in a mobile terminal according to an embodiment of the present invention.

In FIG. 5, it is assumed that the mobile terminal 100 receives a web lock function execution command, and accordingly, a substitute screen capable of inputting a password is displayed on the touch screen 151.

Referring to FIG. 5, first, a learner inputs a password for releasing a web lock through a touch screen of a mobile terminal 100 (S501).

The controller 180 requests the release of the web lock by transmitting the input password to the relay server 350 (S502). At this time, the password information may be encrypted and transmitted for security.

The relay server 350 transmits the received password information to the database server 340 and checks for validity, that is, whether the same as the password stored in the DB (S503).

The database server 340 transmits the password comparison result to the relay server 350 (S504), and the relay server 350 transmits these to the mobile terminal 100 again (S505).

When the controller 180 receives the response from the relay server 350 that the password is valid, the controller 180 releases the web lock function (S506).

6 illustrates an example of a web lock replacement screen and a web lock release screen according to an embodiment of the present invention.

In FIG. 6, it is assumed that the mobile terminal 100 receives a web lock function execution command, and accordingly, a substitute screen capable of inputting a password is displayed on the touch screen 151.

Referring to (a) of FIG. 6, a visual effect 610 indicating that the web lock function is executed on the replacement screen, a password password input window 620 for releasing the web lock, and a preset message 630, for example, The contact information is displayed. In this case, when the web lock release process described above with reference to FIG. 5 is completed, the web lock may be released while the phrase 640 indicating the web lock release is displayed as shown in FIG.

Meanwhile, when the mobile terminal has a preset default lock, the above-described replacement screen may be displayed immediately after ignoring the default lock function or may be displayed after the default lock is released. Here, the default lock refers to a password or a specific touch pattern set on the mobile terminal itself for the purpose of providing security or preventing a touch screen malfunction before the user enters the screen or the desktop (stand-by screen or home screen, etc.) last used by the user. Enter the security feature to turn off.

As described above with reference to FIG. 4, by using a web lock-only web password different from the security method of the mobile terminal itself (a password or a touch pattern set on the terminal itself), the password is not stored in the terminal but more secure because it is stored in the server. Sex can be improved. In addition, the password set in the mobile terminal itself can be found through the password search function provided through the web API even if the user does not remember it. Password change is possible. In addition, since the web lock release password is not stored in the mobile terminal but stored in the DB server 340, the password changed in the web is not only reflected in the terminal in real time, but also the password is not downloaded to the mobile terminal, rather than the comparison result. It only tells you that you can respond more effectively to hacking.

USB lock function

Hereinafter, the USB lock function will be described in more detail with reference to FIGS. 7 to 9.

7 is a flowchart illustrating a procedure of executing a USB lock function in a mobile terminal according to an embodiment of the present invention.

Referring to FIG. 7, when the user selects the USB lock execution through the web API, the USB lock execution command is transmitted from the push server 320 to the mobile terminal 100 (S710).

The mobile terminal 100 inquires the execution command confirmation to the relay server 350 for the validity of the command (S720), and thus the relay server 350 inquires the execution command validity to the database server 340 (S730). ).

As a result of the check, the relay server 350 informs the mobile terminal of this if it is valid (S740), and the mobile terminal executes the USB lock function accordingly (S750) and transmits the result back to the relay server 350 (S760).

8 illustrates an example of a form in which an ADB function and a UMS function, which are subject to a USB lock, are set on a mobile terminal according to an embodiment of the present invention.

8 is assumed to be a USB related menu in a configuration menu of a general Android OS. Referring to FIG. 8A, a check box 810 for selecting or releasing a USB debugging function through a predetermined menu depth is shown. In FIG. 8B, a mass storage is provided. The check boxes 820 for selecting or releasing the UMS function are displayed on the touch screen 151 of the mobile terminal 100, respectively. The USB lock function can be prevented from exchanging data through the USB port by disabling all of them regardless of the setting status when the function is lost.

In other words, by disabling ADB with USB lock execution, it is possible to prevent the extraction of files through rooting, and because the ADB command cannot be transmitted, the learner can attempt to hack the mobile terminal. You can block. In addition, by deactivating the UMS along with the USB lock, data in the memory for storing user data can be protected.

As described above, since this function is executed together with the web lock function, it is impossible to enter the configuration menu of FIG. 8 by the alternative screen displayed as the web lock function is executed, and thus randomization is impossible in the mobile terminal, thereby improving security. have.

This function may be released together when the web lock is released, or only this function may be released alone by the user's selection of function release through the web API.

9 illustrates a result screen output on a display of a computer which attempts to connect a USB device after the USB lock function is executed in the mobile terminal according to one embodiment of the present invention.

When the USB lock is not executed, after connecting to the mobile terminal through ADB and inputting an ADB command (adb devices) for displaying the recognized device to the computer, identification information of the mobile terminal (910) as shown in FIG. ) Is displayed. On the other hand, when the USB lock is executed, even though the computer and the mobile terminal are physically connected with the USB cable, since the ADB function is disabled, the mobile terminal is not recognized by the computer as shown in FIG. 9 (b) (920). .

In the case of UMS, if the USB lock is not executed, when the mobile terminal is connected to the computer through the USB cable, the internal data 940 is recognized on the computer as the removable disk 930 in the search window as shown in FIG. When the USB lock is executed, the disk is displayed as 950 without a disk as shown in FIG.

Sink off function

Next, the sink off function will be described in more detail with reference to FIGS. 10 to 11.

As described above, the sync off function inherently blocks personal information on the web from entering the lost phone by turning off the Auto Sync function with the execution of the web lock function, and the learner hacks the mobile terminal through hacking. Deleting or editing the data stored in the web can prevent personal information on the web from being reversed.

10 is a flowchart illustrating a procedure of executing a sync off function in a mobile terminal according to an embodiment of the present invention.

Referring to FIG. 10, when a user selects to execute a sync off lock through a web API, a sync off execution command is transmitted from the push server 320 to the mobile terminal 100 (S810).

The controller 180 of the mobile terminal executes the sync off function accordingly (S1020) and transmits the result back to the relay server 350 (S820).

Subsequently, even if an update of the user's personal information occurs in the mobile terminal or the database server, automatic synchronization is not executed (S830).

Of course, although not shown, the mobile terminal 100 inquires the execution command confirmation to the relay server 350 to validate the command before executing the sync off function, and thus the relay server 350 requests the database server 340. Of course, the process of querying the execution command validity and feeding back to the mobile terminal may be performed.

11 illustrates an example in which a sync off function is set on a mobile terminal according to an embodiment of the present invention.

Referring to FIG. 11A, a check box 1110 for selecting or canceling an automatic synchronization function through a predetermined menu depth, and an input box 1120 for inputting web account information to be synchronized are shown. Can be displayed. The sync off function can be prevented from being automatically performed by deactivating the automatic synchronization function regardless of the setting state at the time of loss.

As described above, since this function is executed together with the web lock function, it is impossible to enter the configuration menu as shown in FIG. 9 (a) by the alternative screen displayed as the web lock function is executed. Sex can be improved. In this case, when the sync off function is executed, as shown in FIG. 9B, the phrase 1130 indicating the state may be displayed on the replacement screen.

Since the above-described USB lock and sync off function is an additional function that can be executed simultaneously with the web lock function, even if a separate execution command is not transmitted, when the web lock execution command is received, the control unit 180 of the mobile terminal according to a setting may have at least one of them. You can run

SIM data tracking

Hereinafter, the SIM data tracking function will be described in detail with reference to FIG. 12.

12 illustrates an example of a procedure of executing a SIM data tracking function according to an embodiment of the present invention.

In FIG. 12, the execution command delivery process and the execution process are similar to the processes S710 to S750 described above, and thus redundant descriptions will be omitted for simplicity of the specification.

Referring to FIG. 12, when the control unit 180 of the mobile terminal recognizes that the SIM card is changed after the execution of the SIM data tracking function (S1210), the changed card information may be transmitted to the relay server 350 (S1220).

This allows the control unit 180 to continuously track the new number usage history of the lost terminal by transmitting the changed SIM card information, for example, a new phone number to the server when the learner changes the SIM card. That is, the user of the lost terminal can help to retrieve the mobile terminal by making a call by acquiring the changed number. If the phone number cannot be read from the changed SIM card, the controller 180 can read and transmit the IMSI value so that the user can estimate the number later.

End Call Tracking

Hereinafter, a call termination tracking function will be described in more detail with reference to FIGS. 13 and 14. The call termination tracking function may be executed together with or separately from the web lock, and when executed separately, the execution command delivery process and the execution process are similar to the above-described steps S710 to S750, and thus redundant descriptions will be omitted for clarity.

13 shows an example of a process of executing the call termination tracking function according to an embodiment of the present invention.

Referring to FIG. 13, when the controller 180 detects a call termination (that is, intentional rejection of the learner) that does not depend on the network after executing the call termination tracking function (S1310), the cause of the call termination, caller information, and incoming call. A call log including time information and the like is transmitted to the relay server 350 (S1320). When the transmission of the call record is completed, the controller 180 may delete the corresponding call record from the memory 160 in order to prevent information leakage later (S1330). In this way, if the learner intentionally rejects the call, the user can be notified of the fact so that the user can take the following action.

Meanwhile, as described above, when the web lock function is executed, a replacement screen may be provided and a call screen may be displayed when a call is received. This will be described with reference to FIG.

14 illustrates an example in which an alternative phone screen is displayed on a mobile terminal according to an embodiment of the present invention.

If a call is received after the call termination tracking function is executed, an alternative phone screen may be displayed on the touch screen 151 of the mobile terminal 100 as shown in FIG. In this case, a touch menu is provided on the alternative phone screen so that the learner has no choice but to accept or reject the call. In addition, even if the caller's phone number is stored in the phone book to protect the caller's information, only the number itself 1410 may be displayed without displaying the name on the phone book. Of course, the caller's phone number may not be displayed as shown in FIG.

Enhanced Web Lock

15 illustrates an example of a process of executing the forced web lock function according to an embodiment of the present invention.

Referring to FIG. 15, when the web lock function is already executed, the controller 180 detects that the password inputted in the password input window displayed on the replacement screen is incorrectly input for a preset number of times (for example, three times). In one case (S1510), it is possible to remove the password password input window of the replacement screen, and perform the encryption function (S1520). Thereafter, the controller 180 executes the enhanced web lock to the relay server 350 and transmits information indicating whether the encryption is successful (S1530).

16 illustrates an example of a form in which a web lock function forced on a mobile terminal is executed according to an embodiment of the present invention.

As the web lock function is executed, an alternative screen including the password password input window 1610 is displayed on the touch screen 151 of the mobile terminal 100 as shown in FIG. At this time, if the password is incorrectly input a predetermined number of times, the enhanced web lock function is executed as shown in FIG. 16 (b) and the password password input window 1610 disappears from the replacement screen.

Meanwhile, in order to prevent a malfunction of the touch screen as shown in FIG. 16 (c), the password password input window may be applied only when the slide bar 1630 is pushed to the other side by a touch-drag input in a predetermined area 1620 of the replacement screen. 1630 may be displayed. In this case, as the enhanced web lock function is executed, when the slide bar 1630 is moved through the touch-drag input to the opposite side 1640 as shown in FIG. 16D, the slide bar 1630 instead of the password password input window appears. ) Will return to its original position.

Meanwhile, as described above, the enhanced web lock function may be released by inputting a correct password through the web API, and the controller 180 may perform an automatic synchronization function when there is a file deleted by the learner or damaged during the decryption process. Data stored on the server can be downloaded and automatically restored.

Location tracking

Hereinafter, a location tracking function according to the present invention will be described. The location tracking technology proposed by the present invention can be classified into three types. The first is to show the result value according to the type and order of the location tracking method. The second method is to more efficiently handle the user's location tracking request through the web. The third and third method is to obtain a more accurate current position by validating the location tracking result over time.

First, the first method is explained.

In the location tracking method according to the present embodiment, a method using a mobile network and a coordinate acquisition method using a global positioning system (GPS) may be applied. However, in general, when the location tracking function is performed through the wireless network, this may be relatively less accurate than the method using GPS. On the contrary, the accuracy of GPS is high, but if the mobile terminal to be tracked is indoors and / or in a GPS shadowed area, it is highly likely to fail to obtain coordinate information. Thus, there is a need for a method that can provide higher success rates and accuracy in location quality of service.

To this end, the present embodiment proposes to request the terminal to simultaneously perform location tracking using both methods, and to display the result on the web according to the type and order of information received from the terminal. More specifically, once the location information using the wireless network is first obtained from the terminal, it is first outputted through the web and waits for reception of the location information using the GPS. Then, when location information using GPS is received, the location information of the terminal output on the web is updated. Conversely, if location information using GPS is first received, the present location tracking procedure may be terminated. This is because location information using a wireless network having less accuracy is unnecessary when the location information using GPS is obtained. Hereinafter, the above-described procedure will be described with reference to FIG. 17 from the perspective of a mobile terminal and a server.

17 is a flowchart illustrating an example of a location tracking method in consideration of a tracking method and an acquisition order according to an embodiment of the present invention.

17 to 17 (a) shows the operation of the mobile terminal, (b) shows the operation of the servers (push server, web server and relay server) except for the mobile terminal, respectively.

First, referring to FIG. 17A, as a user inputs a tracking request command through a web server, the terminal receives a location tracking command from the push server 320 (S1701). The controller 180 activates the location information module 115 to acquire location information through GPS according to the received command, and the associated wireless communication module to obtain location information through a wireless network (S1702). The wireless communication module 112 may include a mobile communication module 112, a wireless internet module 113, and a short range communication module 114 to acquire location information through a wireless network.

Thereafter, when the location information through each scheme is obtained, the controller 180 transmits each location information to the relay server sequentially in the obtained order (S1703 to S1706). In this case, the controller 180 may transmit identification information indicating whether the location information is acquired (GPS or wireless network) to the relay server together.

Next, referring to FIG. 17B, as the user inputs a tracking request command through the web server 310 (S1711), the push server 320 transmits a location tracking command to the mobile terminal (S1712). . Then, when the primary location information is received from the mobile terminal through the relay server 350 (S1713), the relay server 350 delivers it to the web server 310, and the web server transmits the primary location information to the user's web. The display is displayed on the terminal 200 (S1714).

In this case, when the primary location information is location information acquired through GPS, the location tracking procedure according to the present method may be terminated regardless of the result of receiving the secondary location information. If the primary location information is location information obtained through the wireless network, the servers wait to receive the secondary location information from the mobile terminal (S1715).

Then, when the secondary location information is received from the mobile terminal through the relay server 350 (1716), the relay server 350 delivers it to the web server 310 and the web server 200 as the secondary location information. ) Can update the current location of the mobile terminal.

Through the above-described method, it is possible to simultaneously start location tracking using GPS and wireless network, and provide the user with faster and more accurate location tracking results according to the method and order of the obtained information.

Next, the second method is described.

The second location tracking method according to the present embodiment is a method for more efficiently processing a location tracking request of a user through the web. If the location tracking command transmitted to the mobile terminal through the push server 320 is not received by the mobile terminal due to the situation in which the mobile terminal is located in a shadowed area or the like, the location tracking procedure fails. do. Users who fail to track the location frequently retry the location service. Of course, in case of failure due to network condition and packet loss, the probability of success can be increased when the command is retransmitted within a certain time.

However, when a user continuously and continuously issues a position tracking command for retrying, a heavy load may be applied to the server. Therefore, in the present embodiment, it is proposed to prevent the execution of a duplicate command by first checking whether the command is executed in the mobile terminal with respect to the location tracking requests that can be seen in one procedure. In other words, even if a user requests N position tracking through the web server continuously, the actual command delivery to the mobile terminal can be performed only once, thereby reducing the overall server load. This will be described with reference to FIG. 18.

18 is a flowchart illustrating an example of a location tracking method for reducing server load according to an embodiment of the present invention.

In FIG. 18, in response to one request input by a user, five location tracking commands are transmitted to the terminal at intervals of 10 seconds, 1) before five location tracking commands are completed, or 2) successfully from the terminal. It is assumed that a user request input again from the user before receiving the location information is set to be ignored by the web server or the push server. In addition, in FIG. 18, a web server 310, a push server 320, and a relay server 350 will be collectively referred to as a server for convenience. It is apparent to those skilled in the art that the functions performed by the server in each step may be appropriately distributed and processed according to the functions of the web server 310, the push server 320, and the relay server 350.

Referring to FIG. 18, first, a request for location tracking requested by a user through a web terminal 200 is received by a server (S1801).

In response to the user's request, the server transmits the first location tracking command to the terminal (S1802). In this case, the location tracking command may include an order identifier indicating which command is transmitted. If there is no response from the mobile terminal for 10 seconds after the transmission, the server considers that the first command transmission has failed and transmits a second location tracking command to the terminal (S1803). If there is no response from the mobile terminal for 10 seconds after the transmission, the server considers that the second command transmission has also failed and transmits a third position tracking command to the terminal (S1804). If the third location command is successfully received by the mobile terminal, the mobile terminal transmits a response indicating successful reception of the command to the server (S1805). In this case, the response may include an order identifier of the command. In addition, when valid location information is obtained in advance at the time of receiving the location tracking command, the response message may also include the location information of the mobile terminal. When the server receives a response from the mobile terminal, the server cancels the fourth and fifth command transmissions scheduled later (S1806 to S1807).

Through the above-described method, the service load of the server due to the user request can be reduced more efficiently than the method of transmitting the location tracking command as many times as the user requests.

The third method will be described below.

The third and third method is to obtain a more accurate current position by validating the location tracking result over time. In general, when location information is acquired due to an event (eg, execution of a map application, navigation application, etc.) requiring acquisition of location information according to characteristics of an operating system, the corresponding information is acquired for a predetermined time from the location information acquisition. Stored in memory 160. In this situation, when the location tracking command is received by the mobile terminal, the controller 180 may respond to the location tracking command with the previously stored location information instead of newly acquiring the current location information. That is, the information collected and provided by the Android API according to the location tracking command may be the location information collected at the previous time, not the location information at the time of the location tracking command.

Therefore, since all location information transmitted from the mobile terminal to the server in response is not valid information, the location tracking service according to the present invention proposes to perform the validation of the location information using time information and then provide it. That is, the controller 180 compares the generation time of the location information held in the mobile terminal with the current time. If the two differences are greater than or equal to a predetermined value, the controller 180 determines that the location information is invalid and collects the location information newly. have. This will be described with reference to FIG. 19.

19 is a flowchart illustrating an example of a location tracking method in consideration of an effective time of location information according to an embodiment of the present invention.

Referring to FIG. 19, a location tracking command is received by the mobile terminal (S1901).

Accordingly, the controller 180 checks whether there is position information acquired in advance (S1902). When there is the pre-stored location information, the controller 180 checks the generation time of the location information (1903), compares the difference between the current time and the generation time is lower than the preset value (for example, T minutes) In response to the location tracking command, previously stored location information is transmitted to the server (S1904).

On the contrary, when the difference between the current time point and the pre-generated position information generation time point is larger than the set value, the position information module 115 for acquiring the position information through the GPS, and the associated radio for acquiring the position information through the wireless network. By activating at least one of the communication module to obtain the position information of the current time (S1905). The wireless communication module 112 may include a mobile communication module 112, a wireless internet module 113, and a short range communication module 114 to acquire location information through a wireless network.

When the current location information is secured, the controller 180 transmits it to the server in response to the location tracking command (S1904).

If the previously generated location information is valid through the above-described method, it is possible to quickly respond to the location tracking command, and if it is not valid, accurate information of the current time can be provided to the user.

Record and record function

The following describes a recording and recording function that can be executed in addition to all the functions for providing security described above.

The recording and recording function may be performed alone or together with the above-described security provisions, and may provide a user with a sound or an image around the lost mobile terminal, thereby increasing the recovery rate of the lost terminal.

Recording may be performed through the microphone 122, and acquisition of an image may be performed through the camera 121. When the recording / image acquisition function is executed alone, the recording / image acquisition function may be executed in the mobile terminal according to the above-described execution procedure of the execution command, and may be automatically executed together when another security function such as a web lock is executed. Recording may be performed periodically or may be performed in real time when a user's instruction is given through a web API, or may be performed on an event basis. Event-based performance means that recording is performed when the lost mobile terminal is in a specific state. This is a method for efficiently obtaining a sound or an image. For example, when a learner inputs a password on an alternative screen after the web lock is executed, the controller 180 controls the mobile terminal 100 as shown in FIG. ) If an image is acquired through the camera 121 provided in the front portion of the main body, the acquirer's face is more likely to be photographed. As another example, when the remote alarm function is executed, the learner has a high probability of seeing the mobile terminal in order to respond to the noise generated by the mobile terminal, so even in this case, the controller 180 may allow the camera 121 to perform shooting through the camera 121. . As another example, the controller 180 may allow the camera 121 to perform recording while the call is in progress.

In addition, recording may be performed even when the location information module 115 enters a predetermined location when the location information module 115 is activated or when the location is moved by a predetermined range or more. The recorded data may be transmitted to the relay server 350 so that the user may check the data through the web terminal 200.

Identification information for security

Hereinafter, identification information that may increase security in the process of performing all the functions for providing security described above will be described.

The present invention proposes to use International Mobile Equipment Identity (IMEI) as information for identifying a mobile terminal in the course of performing the above functions. IMEI is the only internationally unique number currently assigned to all mobile terminals using GSM / WCDMA networks, and equipment of that specification is required to be equipped with IMEI. Therefore, the IMEI can be used to identify / block relevant devices when an abnormal situation such as theft / lost occurs. This is because the information uniquely identifies the hardware, so unlike the SIM card, the information cannot be arbitrarily replaced. Of course, IMEI is not impossible to check / change / replicate, but there is considerable security as an identifier that can be given to a terminal because legal restrictions apply.

Therefore, it is possible to perform a function as an identifier for identifying the mobile terminal in the information exchanged with the above-described mobile terminal and servers, and the key value protected using the IMEI, not directly using the IMEI. The encryption method may be used to generate a unique identifier by encrypting. More specifically, the unique identifier described above is provided to provide a lock function when lost, a protection function of a mobile terminal in a 3G, Wi-Fi environment, a pre-loaded cached identifier, and protection of account information. Can be used.

In addition, if the service using an identifier using a telephone number through the application of IMEI can be free from the impact of the removal / modification of the SIM, and compared to the MAC address that is relatively easy to change / modify, there is an advantage in security. In addition, by sharing the black list consisting of the IMEI of the reported mobile terminal among related agencies, IMEI is operated as a key even when the terminal distribution and IMEI information distribution increases in a legal / illegal route. The part about illegal use can be recognized.

In the above-described embodiments, the execution command transmitted from the web server 310 to the mobile terminal 100 via the push server 320 may be different in form or content depending on the function to be executed in the mobile terminal. In addition, a plurality of functions may be executed by one execution command. In addition, the program code for performing the above-described functions may be installed in the mobile terminal in the form of a download through the web, or may be basically mounted in the memory 160 of the mobile terminal. The memory 160 may be a storage medium that is generally used to store the OS or application data of a mobile terminal, such as a memory card, or may be a special memory for storing a BIOS or firmware.

Although there are some differences depending on the operating system, the above functions for providing security often require the highest level of access to system files (for example, Root permission in the case of Android OS), and the highest level of authority for general users is required. It is not granted. In this case, since the highest authority is not granted even to an application installed through download, some functions may be limited when the program code is installed through download, so it may be desirable for the mobile terminal factory to be loaded by default.

Further, according to an embodiment of the present invention, the above-described method can be implemented as a code that can be read by a processor on a medium on which the program is recorded. Examples of the medium that can be read by the processor include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, etc., and may be implemented in the form of a carrier wave (e.g., transmission over the Internet) .

The above-described mobile terminal and its control method are not limited to the configuration and method of the above-described embodiments, but the embodiments may be modified such that all or some of the embodiments are selectively And may be configured in combination.

Claims (20)

A wireless communication unit for wirelessly transmitting and receiving data with an external device;
A user input unit for receiving a command from a user;
A display unit; And
And a controller configured to control to display a first substitute screen including a password input window on the display when the first signal is received from the mobile communication network through the wireless communication unit. The method of claim 1,
If a password through the user input unit is input to the password input window,
The control unit,
Transmitting the inputted password to the mobile communication network through the wireless communication unit, canceling the first replacement screen when a second signal indicating that the password is valid is received from the mobile communication network in response to the transmission; And when the third signal indicating that the password is invalid is maintained, maintaining the first replacement screen. The method of claim 2,
The control unit,
And when the third signal is received a predetermined number of times, controlling the password input window to disappear from the first substitute screen. The method of claim 3, wherein
The control unit,
And when the second signal is received even after the password input window disappears, controlling to release the first replacement screen. The method of claim 3, wherein
Further comprising a memory for storing user data,
The control unit,
And when the third signal is received a predetermined number of times, encrypting at least a portion of the user data according to a predetermined encryption algorithm. 6. The method of claim 5,
The control unit,
And when the second signal is received after the encryption is performed, canceling the encryption. The method of claim 2,
The mobile communication network,
A first server for transmitting a command transmitted from a web server to the mobile terminal, and a second server connected to a database in which a valid password is stored;
The first signal is received from the first server,
The input password is transmitted to the second server. 8. The method of claim 7,
The control unit,
When the first signal is received,
Request validation of the first signal to the second server,
And a first substitute screen is displayed when a fourth signal indicating that the first signal is valid is received from the second server. The method of claim 2,
The control unit,
And displaying only an input through the first replacement screen after the replacement screen is displayed and before the second signal is received. The method of claim 1,
The control unit,
If a call is received after the first signal is received,
And a second replacement screen providing only a predetermined call related function is displayed. The method of claim 10,
The control unit,
And controlling the caller information not to be displayed on the second replacement screen. The method of claim 1,
Further comprising a memory including a boot area, an operating system area and a user data area,
The control unit,
When a fourth signal is received from the mobile communication network through the wireless communication unit,
And delete the boot area so that booting cannot be performed. The method of claim 1,
The first alternative screen,
And a screen or a standby screen displayed on the display unit lastly before the first signal is received. The method of claim 13,
The control unit,
And when the lock function is set in advance before the first signal is received, controlling the first replacement screen to be displayed after the lock function is released. Receiving a first signal from a mobile communication network through a wireless communication unit;
Displaying a first substitute screen including a password input window on the display unit when the display unit is activated;
Receiving a password through a user input unit in a password input window;
Transmitting the input password to the mobile communication network through the wireless communication unit; And
In response to the transmission, when the second signal indicating that the password is valid is received from the mobile communication network, the first replacement screen is released; when the third signal indicating that the password is invalid is received, the first signal is received. 1. The method of controlling a mobile terminal, the method comprising: maintaining a replacement screen. 16. The method of claim 15,
Receiving the third signal a predetermined number of times;
The password input window further comprises the step of disappearing from the first replacement screen, the control method of the mobile terminal. 16. The method of claim 15,
Receiving a call attempt signal after the first signal is received; And
And displaying a second substitute screen on the display unit that provides only a predetermined call related function. A method for providing security to a mobile terminal in a mobile communication system including a web server, a web terminal for accessing the web server, a push server, a database server storing a first password, and a relay server,
Selecting a security function executed in the mobile terminal through the web terminal;
Transmitting the execution command of the selected security function from the web terminal to the push server and the database server via the web server;
Transmitting an execution command of the selected security function from the push server to the mobile terminal; And
And providing a security function corresponding to the execution command in the mobile terminal. 19. The method of claim 18,
Receiving a second password at the mobile terminal after executing the security function;
Transmitting the second password to the relay server;
Transferring the second password from the relay server to the database server;
Comparing, by the database server, the identity of the second password and the first password;
Transmitting the result of the comparison to the mobile terminal via the relay server; And
And disabling the executed security function according to a result of the comparison. 19. The method of claim 18,
Transmitting the execution command from the mobile terminal to the relay server before the executing step;
Transmitting the execution command from the relay server to the database server;
Comparing, by the database server, the identity of the execution command transmitted from the relay server and the execution command transmitted from the web server;
Transmitting the result of the comparison to the mobile terminal via the relay server; And
And determining, by the mobile terminal, whether to execute the security function according to the result of the comparison.

Images