WO2009157493A1 - 情報処理システム、サーバ装置、個人用情報機器及びアクセス管理方法 - Google Patents
情報処理システム、サーバ装置、個人用情報機器及びアクセス管理方法 Download PDFInfo
- Publication number
- WO2009157493A1 WO2009157493A1 PCT/JP2009/061538 JP2009061538W WO2009157493A1 WO 2009157493 A1 WO2009157493 A1 WO 2009157493A1 JP 2009061538 W JP2009061538 W JP 2009061538W WO 2009157493 A1 WO2009157493 A1 WO 2009157493A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- personal information
- information device
- data
- permitted
- server
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
Definitions
- the present invention relates to an information processing system, a server device, a personal information device, and an access management method, and more particularly to data and function access management in a mobile phone terminal.
- a company may contract a mobile phone terminal and allow the employee to use the mobile phone terminal for business purposes.
- the company administrator must establish a policy on how to use the mobile phone terminal, and the employee must follow this policy.
- Patent Document 1 When using a mobile phone terminal for business use, there is a need for both convenience in accessing business data inside the company and security measures to prevent data leakage outside the company. This type of system is described in Patent Document 1 below.
- the server In the system described in Patent Document 1, the server generates a web page including data corresponding to the data designation condition in accordance with the data designation condition designated and transmitted from the mobile phone terminal, and the web page is carried by the mobile phone. It is shown on the phone terminal display.
- a mobile phone terminal When a mobile phone terminal has a function for processing data such as documents, the user may store data in the mobile phone terminal for processing. Alternatively, the user may acquire and process data on an in-house server using the communication function of the mobile phone terminal. In addition, when the mobile phone terminal has a browser function, the user may connect to an in-house system and browse information on the server.
- Patent Document 1 Japanese Patent Laid-Open No. 2002-024740
- Patent Document 2 Japanese Patent Laid-Open No. 2005-064560
- Patent Document 3 Japanese Unexamined Patent Publication No. 2006-31 3484
- Patent Document 4 Japanese Unexamined Patent Application Publication No. 2007-097023 Disclosure of the invention
- the information processing system related to the present invention has a high risk of leakage due to snooping, loss or theft of mobile phone terminals, etc. when the above-mentioned internal business data is used outside the company. For this reason, users are limited to access to business data when they are in the company. Alternatively, it is necessary to observe the same policy that confidential data is stored outside the mobile phone terminal and not taken outside the company.
- the object of the present invention is to solve the above-mentioned problems and prevent information leakage from business data in personal information devices such as mobile phones and unauthorized access to in-house systems, server devices, and personal information.
- personal information devices such as mobile phones and unauthorized access to in-house systems, server devices, and personal information.
- Means for solving the problem are to solve the above-mentioned problems and prevent information leakage from business data in personal information devices such as mobile phones and unauthorized access to in-house systems, server devices, and personal information.
- An information processing system includes:
- a personal information device having a control means
- Individual data holding means for holding individual data transferred to the personal information device and accessible from the personal information device, the state of the personal information device at the time of access request for each individual data and the individual data at that time
- a server device including relational data holding means for holding relational data with respect to operations permitted for
- the personal information device sends the status of the personal information device to the server,
- the server forwards the individual data to the personal information device if permitted
- the control means controls not to execute an operation other than the operation described and permitted in the relational data.
- Another information processing system includes:
- a personal information device having a control means; Function holding means for holding functions that can be transferred to personal information devices and executed by the personal information devices, the status of personal information devices at the time of execution requests for each function, and the functions that are permitted to be executed at that time Including a relational data holding means for holding the relational data of
- the personal information device transfers the status of the personal information device to the server.
- the server forwards the function to the personal information device, if permitted,
- the control means controls to execute the permitted function.
- the server device includes:
- Individual data holding means for holding individual data transferred to the personal information device and accessible from the personal information device, the state of the personal information device at the time of access request for each individual data, and the individual data at that time
- Related data holding means for holding related data with respect to permitted operations, and when permitted, transfer individual data to a personal information device.
- the personal information device according to the present invention is a smartphone.
- Individual data holding means for holding individual data transferred to the personal information device and accessible from the personal information device, the state of the personal information device at the time of access request for each individual data, and the individual data at that time Connected to a server device including relational data holding means for holding relational data with respect to permitted operations with respect to
- Control means for controlling not to perform operations other than those described and permitted in the relational data.
- An access management method includes:
- the server device is permitted for the individual data transferred to the personal information device and accessible from the personal information device, the status of the personal information device at the time of access request for each individual data, and the individual data at that time. Data related to the movement
- the personal information device performs processing to control it so that it does not perform operations other than those described and permitted in the related data.
- Another access management method according to the present invention is as follows:
- the personal information device executes a process of controlling to execute a permitted function.
- the present invention can prevent leakage of business data and unauthorized access to in-house systems in personal information devices such as mobile phones.
- FIG. 1 is a block diagram showing a configuration example of an information processing system according to a first embodiment of the present invention.
- FIG. 2 is a diagram showing a table configuration example of the server data storage unit in FIG. 1.
- FIG. 2 is a diagram showing a table configuration example of the server data storage unit in FIG. 1.
- FIG. 3 is a sequence chart showing the operation of the information processing system according to the first embodiment of the present invention. '
- FIG. 4 is a sequence chart showing the operation of the information processing system according to the first embodiment of the present invention.
- FIG. 5 is a diagram showing a configuration example of a table of a server data storage unit according to the second embodiment of the present invention.
- FIG. 6 is a flowchart showing an operation of the mobile phone terminal according to the second exemplary embodiment of the present invention.
- FIG. 7 is a flowchart showing an operation of the mobile phone terminal according to the second exemplary embodiment of the present invention.
- FIG. 8 is a block diagram showing a configuration example of an information processing system according to a third embodiment of the present invention. '
- FIG. 9 is a block diagram showing a configuration example of an information processing system according to a fourth embodiment of the present invention. Explanation of symbols
- the information processing system according to the first embodiment of the present invention provides a function for preventing leakage of business data and unauthorized access to an in-house system in a personal information device such as a mobile phone.
- the information processing system according to the first embodiment of the present invention determines whether data and functions can be accessed and executed in the company or outside the company for each data or for each function. It is characterized in that it can be set individually by the administrator.
- the information processing system includes a personal information device held and used by a user and a server that holds an entity of data to be accessed and managed.
- a user accesses (reads / writes) data from a personal information device, the user basically accesses the data stored in the server.
- FIG. 1 is a block diagram showing a configuration example of an information processing system according to the first embodiment of the present invention.
- the information processing system according to the first embodiment of the present invention has a mobile phone terminal (personal information device) 1 used by a user such as an employee and managed by a company, for example, and business data. It consists of a server 2 that stores and processes the data.
- the mobile phone 1 is purchased by a company, for example, by a company and lent to a user.
- Server 2 is connected to mobile phone terminal 1 via a public wireless network.
- the connection means may be anything as long as it enables data communication.
- the mobile phone terminal 1 includes a user interface unit 1 1, a terminal data storage unit 1 2, a terminal data processing unit 1 3, a terminal processing management unit 1 4, a communication unit 1 5, and a usage status management unit. It consists of 1-6. Although not shown, the mobile phone terminal 1 includes a CPU (Central Processing Unit) that controls the entire terminal and the like, and a storage unit that stores a program executed by the CP! .
- a CPU Central Processing Unit
- the user interface unit 11 of the cellular phone terminal 1 accepts an input from a user via a key input unit (not shown) such as a numeric keypad.
- the user interface unit 11 displays the output to the user on the display unit A such as a screen.
- the terminal data processing unit 13 processes data stored in accordance with a user instruction from the mobile phone terminal 1.
- the terminal data processing unit 13 (1) accesses (views, edits, etc.) the data on the server 2 via the communication function provided by the communication unit 15 (2) is placed in the terminal data storage unit 12.
- Execute the functions of the mobile phone terminal 1 such as camera operation, etc., and review and save the data related to the functions (for example, images taken with the camera) (Save)
- Download a dedicated small-scale program [in this example, DL Down Load application] from the server 2 and execute it.
- the server 2 is requested to transmit data via the communication unit 15.
- the data sent from the server 2 is output from the terminal data processing unit 13 to the user interface I-unit 11 and displayed on the display unit A.
- a copy of this data is stored in the terminal data so that the data can be used continuously even if communication is cut off. It may be temporarily stored in the storage unit 1 2.
- the usage state management unit 16 performs management to determine whether or not the mobile phone terminal 1 is currently used in the in-house mode or in the outside mode.
- the usage status management unit 16 enters the internal mode when the user performs a login operation by password authentication through the user interface unit 11 1 and enters the external mode when the logout operation is performed.
- the terminal processing management unit 14 manages the operation of the terminal data processing unit 13 so as to perform the operation according to the current mode inside and outside the company, which is output from the usage state management unit 16.
- the server 2 is placed in the company, and the communication provider prepares only the communication unit 21.
- Server 2 is also operated by a service provider and may maintain and manage data for contractors and their users and provide communications.
- the server 2 includes a communication unit 21, a server processing management unit 22, a server data processing unit 23, and a server data storage unit 24.
- the server 2 includes a CPU that controls the entire apparatus and the like, and a storage unit that stores a program executed by the CPU.
- Server data processing unit 23 of server 2 shares data with mobile phone terminal 1 by sending data necessary for processing operation of mobile phone terminal 1 or a function execution command of mobile phone terminal 1 to mobile phone terminal 1. Support the processing of the mobile phone terminal 1 in cooperation.
- the server processing management unit 22 manages the operation of the server data processing unit 23 to perform the operation according to the current mode inside and outside the company, which is output from the usage state management unit 16.
- the server data storage unit 24 stores, on the server 2, processing data for each mobile phone terminal 1, processing application code, and management policy for data processing and function execution.
- FIG. 2 is a diagram showing a configuration example of the table of the server data storage unit 24 of FIG.
- the table holds data in the server data storage unit 24 and its management policy.
- Each row in this table corresponds to an individual piece of data to be managed, such as an entry in the phone book or an electronic file.
- the body of data that is the contents of a telephone directory or file is held in the data entity area.
- the internal reference column is “1” if the data can be referenced in the internal mode, and “0” if it cannot.
- the external reference column is “1” if the data can be referred to in the external mode, and “0” if the data cannot be referenced.
- the in-house storage trap is “1” if the data can be stored in the mobile phone terminal 1 in the in-house mode, and “0” otherwise.
- the external storage column is “1” if the data can be stored in the mobile phone terminal 1 in the external mode, and “0” if it cannot be stored. If the data can be stored in the mobile phone terminal 1 in the external mode, the external life column shows how much data has been stored in the mobile phone terminal 1 when the mobile phone terminal 1 is in the external mode. It shows whether it can be held for a while. For example, “3m” means 3 minutes, “30d” means 30 days, and “99” means that it can be held without any particular limitation. When this time limit is exceeded, the data in the terminal data storage unit 12 is deleted according to the management instruction from the terminal processing management unit 14. The owner column shows who has the authority to set and change this management policy.
- FIGS. 3 and 4 are sequence charts showing the operation of the information processing system according to the first embodiment of the present invention.
- the operation of the information processing system according to the first embodiment of the present invention will be described with reference to FIGS.
- the processing operation of the mobile phone terminal 1 in FIGS. 3 and 4 is realized by the CPU of the mobile phone terminal 1 executing a program stored in the storage unit.
- the processing operation of the server 2 in FIGS. 3 and 4 is realized by the CPU of the server 2 executing a program stored in the storage unit.
- the user When using data or functions in the company using the internal mode, the user uses his / her user name and password (or personal identification number) in the in-house information system as the user interface of the mobile phone terminal 1. Log-in action is performed by inputting from part 1 1. When the correctness of the log-in action is confirmed on the mobile phone terminal 1, the mobile phone terminal 1 stores the fact that it has entered the in-house mode in the usage status management part 16 . Conversely, when the user takes the mobile phone terminal 1 out of the office, the user performs a logout process and shifts the mobile phone terminal 1 to the outside mode.
- the usage status management unit 16 determines that the current operation mode of the mobile phone 1 is the internal mode if the last login operation was performed, and the external mode if the logout process was last performed. To do.
- Fig. 3 shows the mobile phone terminal 1 when access to the data in the server 2 is performed by a user request from a mobile phone terminal 1 that exists in the company and is logged in. And operation on server 2.
- the use state management unit 16 determines whether the current mode is the internal mode or the external mode (step 3 in FIG. S2). Subsequently, the cellular phone terminal 1 makes an inquiry about the management policy of the data to the server 2 via the communication unit 15 (step S3 in FIG. 3).
- the server processing management unit 22 enters the entry of the data in the management table in the server data storage unit 24. Check the management policy for the data. If the reference in the current mode is permitted, the server 2 sends the entire entry including the data entity and the management policy to the mobile phone terminal 1 (step S 11 in FIG. 3).
- the cellular phone terminal 1 When the cellular phone terminal 1 receives data (entire entry) from the server 2, the cellular phone terminal 1 stores the data in the terminal data storage unit 12. Then, the cellular phone terminal 1 uses the data entity for the user (step S4 in FIG. 3).
- step S5 in FIG. 3 the mobile phone terminal 1 shifts to the external mode. Furthermore, if the mobile phone terminal 1 cannot be stored outside the company according to the management policy of the data (step S6 in FIG. 3), the data is immediately deleted from the terminal data storage unit 12 according to the instruction of the terminal processing management unit 14 (Step S7 in Fig. 3).
- the mobile phone terminal 1 can be referenced outside or stored outside, logout After that, until the time specified in the “External Lifetime” of the data has passed, it can continue to be referenced and saved (Steps S8 and S9 in Fig. 3).
- the mobile phone terminal 1 deletes the immediate data from the terminal data storage unit 12 according to the instruction from the terminal processing management unit 14 (step 3 in FIG. 3). S 1 0).
- the data number “3” in FIG. 2 and “Proposal for Company C” are stored in the mobile phone 1 while in the office, and are used for explanation by visiting Company C. This is the case of automatic deletion.
- FIG. 4 shows a mobile phone terminal 1 when data is accessed from the server 2 in response to a user request from a mobile phone terminal 1 that exists outside the company and is in a logout state. The operation is shown.
- the cellular phone terminal 1 determines whether or not this data can be stored in the terminal data storage unit 12 (step S25 in FIG. 4). If the data cannot be stored in the cellular phone terminal 1 according to the policy of the data, this data can be browsed on the spot for a certain period of time, but cannot be stored in the terminal data storage unit 12 (step in FIG. 4). S26).
- the mobile phone terminal 1 can store this data. This data continues to be accessible as data in the terminal until the time specified by the “External Life” of the data has elapsed after the save operation (step S27 in FIG. 4). , S28). When the designated time has elapsed, the mobile phone terminal 1 deletes the data from the terminal data storage part 12 (step S29 in FIG. 4).
- FIG. 5 is a diagram showing a table configuration example of the server data storage unit according to the second embodiment of the present invention.
- a table holds a management policy for functions in the server data storage unit according to the second embodiment of the present invention.
- the configurations of the information processing system, the mobile phone terminal, and the server according to the second embodiment of the present invention are the same as those of the first embodiment of the present invention shown in FIG.
- Each row of the table of the server data storage unit 24 corresponds to an individual function of the mobile phone terminal 1 or an application to be downloaded.
- the description of the operation contents to be managed and the body of the DL copy code are held in the real area.
- the in-house execution column is “1 j” if the data can be executed in the company mode, and “0” if it cannot.
- the “External execution” column is “1” if the data can be executed in the external mode, and “0” otherwise.
- “executable” indicates whether it can be downloaded from the server 2 to the mobile phone terminal 1 and executed.
- the next three columns relate to DL apps.
- the internal storage column is “1” if the DL application can be stored in the mobile phone terminal 1 in the internal mode, and “0” otherwise.
- the external storage column is ⁇ J if the DL application can be stored in the mobile phone 1 in the external mode, and “0” otherwise. If the DL app can be saved in the mobile phone terminal 1 in the external mode when the DL app is stored in the external mode, the DL app is held in the mobile phone terminal 1 when the DL app is in the external mode. Indicates how long it can be retained. When this time limit is exceeded, the DL application is deleted by the management instruction of the terminal processing management unit 14. The owner column shows who has the authority to set and change this management policy.
- FIGS. 6 and 7 are flowcharts showing the operation of the cellular phone terminal 1 according to the second embodiment of the present invention.
- the operation of the information processing system according to the second embodiment of the present invention will be described with reference to FIG. 1 and FIGS.
- the operations shown in FIGS. 6 and 7 are realized by the CPU of the mobile phone terminal 1 executing a program stored in the storage unit.
- FIG. 6 shows the operation flow when reading an SD (Secure Digital) card borrowed from a person outside the company.
- SD Secure Digital
- the mobile phone terminal 1 refers to the management policy for the function, and if the execution in that mode is permitted, the mobile phone terminal 1 permits the execution on the mobile phone terminal 1.
- the mobile phone terminal 1 enters the in-house mode (step S43 in FIG. 6). If the mobile phone terminal 1 cannot be executed in-house (step S44 in FIG. 6), it cannot read the SD card (step S45 in FIG. 6). The mobile phone 1, if the company running variable ( Figure 6 step S44), it is possible to perform the reading of the SD card (FIG. 6 step S46) 0
- FIG. 7 shows an operation flow in the mobile phone terminal 1 that exists in the company and is in a login state.
- the mobile phone terminal 1 downloads and executes an execution code (DL application) such as a Java (registered commercial) application. Access, etc. This corresponds to, for example, the case of the function number “6” and the function number “7” in FIG.
- DL application execution code
- Java registered commercial
- the mobile phone terminal 1 determines whether the use mode management unit 16 is currently in-house mode or outside mode. Next, the cellular phone terminal 1 refers to the management policy for the function. If DL execution in the current mode is permitted, the DL application code is sent from the server 2 to the mobile phone terminal 1. Then, the mobile phone terminal 1 provides the DL application code for use by the user.
- step S53 in FIG. 7 the mobile phone terminal 1 enters the outside mode. If the DL application code policy does not allow external storage (step S54 in FIG. 7), the DL application code is immediately deleted from the mobile phone terminal 1 according to the instruction of the terminal processing management unit 14 (FIG. 7). Step S55). On the other hand, if the mobile phone 1 can be executed outside or stored outside (step S54 in FIG. 7), it continues until the time specified by the “External life” of the DL application code elapses. The code can be stored and the stored code can be executed (steps S 56 and S 57 in FIG. 7). When the specified time has elapsed, the mobile phone 1 deletes the DL application code (step S58 in FIG. 7).
- the administrator of the company's information system can individually set whether access or execution can be performed in-house or outside the company for each function.
- the information processing system according to the second embodiment of the present invention can prevent leakage of business data and unauthorized access to in-house systems in personal information devices such as mobile phones.
- FIG. 8 is a block diagram showing a configuration example of an information processing system according to the third exemplary embodiment of the present invention.
- FIG. 8 shows automatic mode determination in a WLAN (Wireless Local Area Network) dual device in the third embodiment of the present invention.
- WLAN Wireless Local Area Network
- a communication unit 31 having a communication function of a public wireless network and a wireless local area network (LAN) is used instead of the communication unit 15 in the mobile phone terminal 3, and the usage state management is performed.
- a connection state management unit 32 is provided instead of the unit 16.
- the server 4 is provided with a communication unit 41 having both public wireless network and wireless LAN communication functions instead of the communication unit 21.
- the third embodiment of the present invention has the same configuration as that of the first embodiment of the present invention shown in FIG. 1 except for the above, and the same components are denoted by the same reference numerals. .
- an explicit action of the user such as a login / logout operation, is required for switching between the in-house mode and the outside mode. For this reason, if the user forgets to log out while in the in-house mode, the mobile phone terminal 3 is subsequently taken out of the office and used against the policy, resulting in a security problem. Conversely, if the user does not log in even within the company, there is a problem that the convenience of the mobile phone terminal 3 is hindered.
- the wireless LAN communication function installed in the mobile phone terminal 3 is used. .
- the communication unit 31 of the mobile phone terminal 3 establishes a wireless LAN connection with the in-house wireless LAN equipment.
- the wireless LAN facility may also be called a wireless communication device.
- the connection state management unit 32 determines whether or not the mobile phone terminal 3 is currently performing a wireless LAN connection.
- the cellular phone terminal 3 operates in the in-house mode when in the office and is in a wireless LAN connection state, and operates in the outside mode when not.
- Other Configurations ⁇ The operation is basically the same as that of the first embodiment of the present invention.
- the use state management unit 16 determines whether the mode is the in-house mode or the outside mode, whereas in this embodiment, the connection state is The management unit 32 determines whether the mode is in-house or outside.
- the information management system according to the third embodiment of the present invention has a problem that the user forgets the logout operation in the in-house mode and takes it out of the office and uses it against the policy. To solve.
- the information processing system according to the third embodiment of the present invention solves problems such as inconveniences without logging in even within the company, and further improves the effectiveness of safety and convenience. Can be improved.
- FIG. 9 is a block diagram showing a configuration example of an information processing system according to the fourth exemplary embodiment of the present invention.
- the information processing system according to the fourth embodiment of the present invention includes a mobile phone terminal 5 and a server 6.
- the server 6 is connected to the mobile phone terminal 5 via a public wireless network. Any connection means may be used as long as it enables data communication.
- the server 6 holds individual data 61 that can be accessed from the mobile phone terminal 5. Further, the server 6 holds, for each individual data 61, relation data 62 that represents the relation between the state of the mobile phone terminal 5 and the permitted operation at that time. The permitted operations are, for example, access to the individual data 61 from the mobile phone terminal 5, permanent storage in the mobile phone terminal 5, or temporary storage in the mobile phone terminal 5. Etc.
- the relationship data 62 may be stored in the storage means provided in the server 6 in the form of, for example, a management table, a file, or a database. Further, the individual data 61 may also be stored in a storage means provided in the server 6. Alternatively, the server 6 may be provided with a means for storing the individual data 61 and the related data 62 outside.
- the mobile phone terminal 5 manages and holds the state of the mobile phone terminal 5.
- Mobile phone terminals 5 includes a control unit 51 that controls the operation of the mobile phone terminal 5. Management / maintenance of the state of the mobile phone terminal 5 may be performed by the control unit 51.
- the state of the mobile phone terminal 5 includes a state in which the mobile phone terminal 5 is in the office (in-house mode) and a state in which the mobile phone terminal 5 is outside (external mode). Further, the control unit 51 controls the cellular phone terminal 5 so that the data received from the server 6 is not subjected to any operation other than the operation permitted in accordance with the state of the cellular phone terminal 5.
- the mobile phone terminal 5 accesses the server 6 for data access such as a file list
- the mobile phone terminal 5 requests the server 6 to transmit the individual data 61.
- the mobile phone terminal 5 may transmit the status of the mobile phone terminal 5 to the server 6.
- the server 6 refers to the related data 62 based on the requested individual data 61 and the state of the mobile phone terminal 5, and obtains the permitted operation. If the transmission of the individual data 61 is permitted, the server 6 transmits the requested individual data 61 to the mobile phone terminal 5. At this time, data indicating permitted operations may be transmitted together with the individual data 61.
- the control unit 51 controls the mobile phone terminal 5 so as not to execute an operation other than the permitted operation among those described in the relational data 62.
- the relational data 62 describes access to the personal data 61 from the mobile phone terminal 5, permanent storage in the mobile phone terminal 5, and temporary storage in the mobile phone terminal 5.
- control is performed.
- Unit 61 prohibits the saving of individual data 61 to mobile phone terminal 5.
- the administrator of the information system of the conference can individually set whether data can be accessed and stored in the company or outside for each data.
- the information processing system according to the fourth embodiment of the present invention can prevent leakage of business data and unauthorized access to in-house systems in personal information devices such as mobile phones.
- the management table is placed on the server 2, but a copy of the management table is carried in case the mobile phone terminal 1 and the server 2 are disconnected. May be placed on phone terminal 1.
- the copy of the management table may be synchronized with the management table on the server 2 as appropriate.
- the substance of the data can be prevented from being placed on the mobile phone terminal 1, or the data can be encrypted and decrypted only when the management policy permits.
- the login operations of the first and second embodiments of the present invention login is actually possible even when the cellular phone terminal 1 is outside the company. In order to prevent this, it may be confirmed by some means whether the mobile phone 1 is in the office or outside the company. Examples of the confirmation method include the following methods. (1) If the mobile phone terminal 1 has a built-in contactless IC (Integrated Circuit) card function, connect the mobile phone terminal 1 to the IC card read / write unit at the gate at the company entrance / exit flapper gate. The contact of the mobile phone terminal 1 is confirmed by touching. The mobile phone terminal 1 can log in when entering the company, and is logged out when leaving. (2.) If the mobile phone terminal 1 is equipped with GPS (Global Position!
- the mobile phone terminal 1 can be logged in if it is confirmed that it is located at the company's location at the time of login. (3)
- the terminal mobile phone terminal 1 is connected to a personal computer, etc., such as a company's own seat, and a cable or Bluetooth (registered trademark). If you can communicate with each other, you can log in.
- the present invention is applicable to a cellular phone having a data browsing / saving function, an operation execution function such as a program, and a communication function, or a portable information communication device in general.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/999,970 US8990348B2 (en) | 2008-06-25 | 2009-06-18 | Information processing system, server device, information device for personal use, and access management method |
CN200980124544.6A CN102077212B (zh) | 2008-06-25 | 2009-06-18 | 信息处理系统、服务器装置、个人用信息装置和访问管理方法 |
JP2010518043A JP5577527B2 (ja) | 2008-06-25 | 2009-06-18 | 情報処理システム、個人用情報機器及びアクセス管理方法 |
EP09770203.9A EP2293217A4 (en) | 2008-06-25 | 2009-06-18 | Information processing system, server device, information device for personal use, and access managing method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008-165197 | 2008-06-25 | ||
JP2008165197 | 2008-06-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009157493A1 true WO2009157493A1 (ja) | 2009-12-30 |
Family
ID=41444557
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2009/061538 WO2009157493A1 (ja) | 2008-06-25 | 2009-06-18 | 情報処理システム、サーバ装置、個人用情報機器及びアクセス管理方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US8990348B2 (ja) |
EP (1) | EP2293217A4 (ja) |
JP (1) | JP5577527B2 (ja) |
CN (1) | CN102077212B (ja) |
WO (1) | WO2009157493A1 (ja) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014532952A (ja) * | 2011-11-09 | 2014-12-08 | マイクロソフト コーポレーション | モバイルデバイス上でリモートポリシーを適用し、共有する技法 |
JP2015038667A (ja) * | 2011-10-18 | 2015-02-26 | 株式会社ベーシック | アプリケーションマネージャ及びネットワークアクセス制御システム |
WO2015093221A1 (ja) * | 2013-12-20 | 2015-06-25 | 株式会社ニコン | 電子機器及びプログラム |
JP2015534690A (ja) * | 2012-10-19 | 2015-12-03 | マカフィー, インコーポレイテッド | モバイル・アプリケーション管理 |
JP2016519818A (ja) * | 2013-03-29 | 2016-07-07 | サイトリックス システムズ,インコーポレイテッド | モバイルデバイス管理機能の提供 |
JP2016526223A (ja) * | 2013-05-20 | 2016-09-01 | サイトリックス システムズ,インコーポレイテッド | モバイルアプリケーション管理のためのモバイルアプリケーションのアイデンティティの検証 |
JP2017168111A (ja) * | 2013-03-29 | 2017-09-21 | サイトリックス システムズ,インコーポレイテッド | 管理されたブラウザの提供 |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US10402546B1 (en) | 2011-10-11 | 2019-09-03 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
US10476885B2 (en) | 2013-03-29 | 2019-11-12 | Citrix Systems, Inc. | Application with multiple operation modes |
US10545748B2 (en) | 2012-10-16 | 2020-01-28 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
US10908896B2 (en) | 2012-10-16 | 2021-02-02 | Citrix Systems, Inc. | Application wrapping for application management framework |
JP2021140333A (ja) * | 2020-03-03 | 2021-09-16 | 株式会社日立製作所 | モード切替端末およびシステム |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4922443B2 (ja) * | 2010-08-26 | 2012-04-25 | 株式会社東芝 | コンピュータシステム、情報処理装置およびセキュリティ保護方法 |
EP2743859A4 (en) * | 2011-08-10 | 2014-12-24 | Mizuho Information & Res Inst | INFORMATION MANAGEMENT SYSTEM AND INFORMATION MANAGEMENT PROCESS |
US9094822B2 (en) * | 2012-10-18 | 2015-07-28 | Futurewei Technologies, Inc. | Seamless telephone login |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002024740A (ja) | 2000-07-07 | 2002-01-25 | Business Brain Showa Ota Inc | 携帯電話を利用した業務データ処理システムおよび業務データ処理方法 |
JP2005064560A (ja) | 2003-08-11 | 2005-03-10 | Hitachi Ltd | 位置検出を用いたデータ管理システムおよびデータ管理方法 |
JP2005301891A (ja) * | 2004-04-15 | 2005-10-27 | Ntt Docomo Inc | アクセス制御装置、情報提供システム及びアクセス制御方法 |
JP2006092170A (ja) * | 2004-09-22 | 2006-04-06 | Fuji Xerox Co Ltd | リソースアクセス管理システムおよびリソースアクセス管理方法 |
JP2006197517A (ja) * | 2005-01-17 | 2006-07-27 | Junko Suginaka | 携帯パネルシステム |
JP2006251856A (ja) * | 2005-03-08 | 2006-09-21 | Internatl Business Mach Corp <Ibm> | ファイルの使用を制限する方法、情報処理装置、プログラム |
JP2006313484A (ja) | 2005-05-09 | 2006-11-16 | Ricoh Co Ltd | 文書管理システム、文書管理方法、情報処理装置、プログラム、および記憶媒体 |
JP2007097023A (ja) | 2005-09-30 | 2007-04-12 | Fujitsu Ltd | データ消去機能を有する携帯端末 |
JP2007199981A (ja) * | 2006-01-26 | 2007-08-09 | Quality Kk | 個人情報管理システム、個人情報管理サーバ、および個人情報管理サーバ用プログラム |
JP2008165197A (ja) | 2006-12-27 | 2008-07-17 | Samsung Sdi Co Ltd | プラズマ表示装置及びその駆動方法 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2532198B2 (ja) * | 1993-05-10 | 1996-09-11 | レーム プロパティズ ビーブイ | コミュニケ―タ及び該コミュニケ―タを用いたソフト配信システム |
JP4126717B2 (ja) | 2000-10-04 | 2008-07-30 | 富士フイルム株式会社 | 記録機器、通信機器、記録システム及びその方法 |
WO2004080064A1 (ja) * | 2003-03-06 | 2004-09-16 | Fujitsu Limited | 情報処理装置、情報処理方法及び情報処理プログラム |
US20060168259A1 (en) * | 2005-01-27 | 2006-07-27 | Iknowware, Lp | System and method for accessing data via Internet, wireless PDA, smartphone, text to voice and voice to text |
US7716240B2 (en) * | 2005-12-29 | 2010-05-11 | Nextlabs, Inc. | Techniques and system to deploy policies intelligently |
US7877781B2 (en) * | 2005-12-29 | 2011-01-25 | Nextlabs, Inc. | Enforcing universal access control in an information management system |
JP4684905B2 (ja) | 2006-02-08 | 2011-05-18 | キヤノン株式会社 | カメラ制御システム |
JP4593492B2 (ja) * | 2006-02-16 | 2010-12-08 | Necカシオモバイルコミュニケーションズ株式会社 | 携帯端末、動作制御プログラムおよびデータアクセス制御プログラム |
US7917963B2 (en) * | 2006-08-09 | 2011-03-29 | Antenna Vaultus, Inc. | System for providing mobile data security |
JP2008041046A (ja) | 2006-08-10 | 2008-02-21 | Fujifilm Corp | 記憶媒体、書き込み制御システム |
JP2009016254A (ja) | 2007-07-06 | 2009-01-22 | Tamura Seisakusho Co Ltd | 不正撮影防止装置および不正撮影防止システム |
US8185959B2 (en) * | 2008-02-26 | 2012-05-22 | International Business Machines Corporation | Digital rights management of captured content based on capture associated locations |
-
2009
- 2009-06-18 JP JP2010518043A patent/JP5577527B2/ja not_active Expired - Fee Related
- 2009-06-18 CN CN200980124544.6A patent/CN102077212B/zh not_active Expired - Fee Related
- 2009-06-18 WO PCT/JP2009/061538 patent/WO2009157493A1/ja active Application Filing
- 2009-06-18 EP EP09770203.9A patent/EP2293217A4/en not_active Withdrawn
- 2009-06-18 US US12/999,970 patent/US8990348B2/en not_active Expired - Fee Related
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002024740A (ja) | 2000-07-07 | 2002-01-25 | Business Brain Showa Ota Inc | 携帯電話を利用した業務データ処理システムおよび業務データ処理方法 |
JP2005064560A (ja) | 2003-08-11 | 2005-03-10 | Hitachi Ltd | 位置検出を用いたデータ管理システムおよびデータ管理方法 |
JP2005301891A (ja) * | 2004-04-15 | 2005-10-27 | Ntt Docomo Inc | アクセス制御装置、情報提供システム及びアクセス制御方法 |
JP2006092170A (ja) * | 2004-09-22 | 2006-04-06 | Fuji Xerox Co Ltd | リソースアクセス管理システムおよびリソースアクセス管理方法 |
JP2006197517A (ja) * | 2005-01-17 | 2006-07-27 | Junko Suginaka | 携帯パネルシステム |
JP2006251856A (ja) * | 2005-03-08 | 2006-09-21 | Internatl Business Mach Corp <Ibm> | ファイルの使用を制限する方法、情報処理装置、プログラム |
JP2006313484A (ja) | 2005-05-09 | 2006-11-16 | Ricoh Co Ltd | 文書管理システム、文書管理方法、情報処理装置、プログラム、および記憶媒体 |
JP2007097023A (ja) | 2005-09-30 | 2007-04-12 | Fujitsu Ltd | データ消去機能を有する携帯端末 |
JP2007199981A (ja) * | 2006-01-26 | 2007-08-09 | Quality Kk | 個人情報管理システム、個人情報管理サーバ、および個人情報管理サーバ用プログラム |
JP2008165197A (ja) | 2006-12-27 | 2008-07-17 | Samsung Sdi Co Ltd | プラズマ表示装置及びその駆動方法 |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11134104B2 (en) | 2011-10-11 | 2021-09-28 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
US10469534B2 (en) | 2011-10-11 | 2019-11-05 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
US10402546B1 (en) | 2011-10-11 | 2019-09-03 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
JP2015038667A (ja) * | 2011-10-18 | 2015-02-26 | 株式会社ベーシック | アプリケーションマネージャ及びネットワークアクセス制御システム |
US10291658B2 (en) | 2011-11-09 | 2019-05-14 | Microsoft Technology Licensing, Llc | Techniques to apply and share remote policies on mobile devices |
JP2014532952A (ja) * | 2011-11-09 | 2014-12-08 | マイクロソフト コーポレーション | モバイルデバイス上でリモートポリシーを適用し、共有する技法 |
US10908896B2 (en) | 2012-10-16 | 2021-02-02 | Citrix Systems, Inc. | Application wrapping for application management framework |
US10545748B2 (en) | 2012-10-16 | 2020-01-28 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
JP2015534690A (ja) * | 2012-10-19 | 2015-12-03 | マカフィー, インコーポレイテッド | モバイル・アプリケーション管理 |
US10701082B2 (en) | 2013-03-29 | 2020-06-30 | Citrix Systems, Inc. | Application with multiple operation modes |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US9838398B2 (en) | 2013-03-29 | 2017-12-05 | Citrix Systems, Inc. | Validating the identity of an application for application management |
JP2017168111A (ja) * | 2013-03-29 | 2017-09-21 | サイトリックス システムズ,インコーポレイテッド | 管理されたブラウザの提供 |
US10476885B2 (en) | 2013-03-29 | 2019-11-12 | Citrix Systems, Inc. | Application with multiple operation modes |
JP2017142849A (ja) * | 2013-03-29 | 2017-08-17 | サイトリックス システムズ,インコーポレイテッド | モバイルデバイス管理機能の提供 |
JP2016519818A (ja) * | 2013-03-29 | 2016-07-07 | サイトリックス システムズ,インコーポレイテッド | モバイルデバイス管理機能の提供 |
US10965734B2 (en) | 2013-03-29 | 2021-03-30 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
JP2016526223A (ja) * | 2013-05-20 | 2016-09-01 | サイトリックス システムズ,インコーポレイテッド | モバイルアプリケーション管理のためのモバイルアプリケーションのアイデンティティの検証 |
WO2015093221A1 (ja) * | 2013-12-20 | 2015-06-25 | 株式会社ニコン | 電子機器及びプログラム |
JP2021140333A (ja) * | 2020-03-03 | 2021-09-16 | 株式会社日立製作所 | モード切替端末およびシステム |
JP7291652B2 (ja) | 2020-03-03 | 2023-06-15 | 株式会社日立製作所 | モード切替端末およびシステム |
Also Published As
Publication number | Publication date |
---|---|
EP2293217A4 (en) | 2017-05-03 |
US20110099248A1 (en) | 2011-04-28 |
JPWO2009157493A1 (ja) | 2011-12-15 |
JP5577527B2 (ja) | 2014-08-27 |
CN102077212B (zh) | 2015-06-10 |
EP2293217A1 (en) | 2011-03-09 |
US8990348B2 (en) | 2015-03-24 |
CN102077212A (zh) | 2011-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5577527B2 (ja) | 情報処理システム、個人用情報機器及びアクセス管理方法 | |
US10528770B2 (en) | System and method for remotely initiating lost mode on a computing device | |
US8195153B1 (en) | Mobile access to backup and recovery services | |
US8984592B1 (en) | Enablement of a trusted security zone authentication for remote mobile device management systems and methods | |
US8630747B2 (en) | Alternative authorization for telematics | |
US9408075B2 (en) | Systems, methods, and computer program products for processing a request relating to a mobile communication device | |
US20110145932A1 (en) | System and Method for Remote Management of Applications Downloaded to a Personal Portable Wireless Appliance | |
JP4604736B2 (ja) | 情報取得制御システム,携帯端末およびプログラム | |
JP5378084B2 (ja) | 典型的でないユーザの挙動に基づくデバイスの安全確認 | |
WO2005073843A1 (ja) | セキュアデバイス、端末装置、ゲート機器、機器 | |
KR101732019B1 (ko) | 내방객 출입시 보안 통제 시스템 및 그 방법 | |
US9756173B2 (en) | Leveraging mobile devices to enforce restricted area security | |
CN101197874A (zh) | 移动终端设备 | |
CA2811332C (en) | Storage of applications and associated digital goods for use in wireless communication devices and systems | |
JP2006319432A (ja) | 携帯端末と情報管理システム | |
CN103023943A (zh) | 任务处理方法及其装置、终端设备 | |
WO2012095918A1 (ja) | 遠隔操作システム、中継装置、通信装置及び遠隔操作方法 | |
KR20070117767A (ko) | 이동통신 단말기에 대한 원격 제어 서비스 시스템 및 방법 | |
JP2009230625A (ja) | 端末認証システム | |
KR20080024932A (ko) | 통신 단말기의 데이터 백업 서비스를 제공하는 백업 서버및 상기 서버의 동작 방법 | |
JP2007058551A (ja) | 通信システム | |
KR20170057732A (ko) | 원격으로 제어되는 잠금 서비스를 제공하는 사용자 단말, 컴퓨터 프로그램 및 시스템 | |
JP2010178096A (ja) | 携帯端末の使用制限システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200980124544.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09770203 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009770203 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010518043 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12999970 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |