JP2008077548A - Mobile communication terminal, mobile communication method, mobile communication program, mobile communication system - Google Patents

Abstract

A mobile communication terminal has a problem that it is difficult to implement a security system that requires a large amount of computation due to problems such as low processing capability and limited power supply.
A receiver that receives predetermined data, a data identifier that identifies whether the predetermined data is valid, a function identifier that indicates whether the reference function is valid, and a predetermined data that is valid. A data identification determination unit that determines whether the data is data, and a function identifier that determines whether the reference function is valid when the data identification determination unit determines that the predetermined data is not valid data The internal data of the mobile communication terminal may be referred to from the outside of the mobile communication terminal based on the determination result of the function identification determination unit, the internal data storage unit in which internal data is stored, and the function identification determination unit A mobile communication terminal comprising: a setting unit configured to set the data as data information.
[Selection] Figure 1

Description

  The present invention relates to a mobile communication terminal that receives software data.

  Currently, in a service of a mobile communication terminal, the mobile communication terminal can download application software described in Java (registered trademark) language from a server. On the other hand, various software other than Java (registered trademark) language such as middleware is not prepared for download. However, it is conceivable that the user of the mobile communication terminal executes various software on the mobile communication terminal by downloading the native software described in the native code from various download sites.

  Although the mechanism to execute the downloaded native software can be realized in a mobile phone corresponding to a wireless application platform for a specific CDMA (Code Division Multiple Access) mobile phone, it must be executed on this platform. There is a limit. Furthermore, the current situation is that it does not support various native software.

  For this reason, there is a demand for a mechanism capable of executing a variety of native software without any restrictions. However, in this case, the mobile communication terminal does not have an execution environment equivalent to a Java (registered trademark) VM (Virtual Machine) having a check function such as security in Java (registered trademark). The security check of the native software downloaded from the site is not performed. For this reason, there is a risk that personal information is leaked when the downloaded native software is executed.

Therefore, it is disclosed that a security check system provided with a security recognition information database is used as a security system for native software (Patent Document 1).
JP 2004-139372 A

  Analysis for security checking of downloaded software is relatively easy for source code written in the Java (registered trademark) language, while this binary code is used for native code written in binary code. It is difficult to detect a dangerous code from the code. In this case, the amount of calculation required for code analysis is remarkably larger in the case of binary code than in the case of Java (registered trademark) language. Furthermore, it is not practical for a mobile communication terminal to have a security system that requires a large amount of computation due to low computing capability and limited power consumption for battery operation.

  Therefore, the present invention solves the above-described problems, and the amount of calculation required for the security check can be reduced by detecting and managing the danger of the native software by a simple method.

  The present invention solves the above problem, and in a mobile communication terminal capable of referring to the other data when a reference function for referring to the other data which is a function of the predetermined data is valid, A receiving unit that receives the predetermined data, a data identifier that identifies whether the predetermined data is valid data, and a function identifier that indicates whether the reference function is valid; and data for which the predetermined data is valid Whether the reference function is valid or not when the data identification determination unit determines that the predetermined data is not valid data. Based on the determination results of the function identification determination unit determined by the function identifier, the internal data storage unit in which internal data is stored, and the function identification determination unit, the outside of the mobile communication terminal A mobile communication terminal, characterized in that it comprises a setting unit that sets a possibility that the internal data is referenced as the data information from.

  Thereby, the possibility that the internal data is referred to from the outside of the mobile communication terminal can be set as data information.

  The mobile communication terminal of the present invention can reduce the amount of calculation required for the security check.

  From Embodiment 1 to Embodiment 4, the mobile communication terminal of the present invention and the mobile communication system of the present invention will be described.

  The present invention relates to a mobile communication terminal capable of reducing the amount of security check operations required at the time of downloading and at the time of starting the native software, and a mobile body by determining the danger by a simple method when the native software is downloaded. It is a communication terminal system.

  In the mobile communication terminal described in the first embodiment, when the downloaded software is activated, the risk level of the downloaded software is determined based on a flag indicating whether or not a function for referring to other data is valid. . As a result, the amount of security check operations can be reduced even in mobile communication terminals with limited resources such as low processing capacity and limited power supply capacity.

  In the mobile communication terminal described in the second embodiment, the degree of risk of the downloaded software is further determined based on whether or not a function that refers to other data operates when the downloaded software is activated. Thereby, the reliability with respect to the danger level of the downloaded software can be improved more.

  In the mobile communication terminal described in the third embodiment, whether to start the downloaded software is determined based on conditions set in the system in advance or conditions set by the user. As a result, it is possible to reliably prohibit the execution of dangerous software.

  In the mobile communication terminal system described in the fourth embodiment, the risk level of software downloaded by an external database is managed, and the risk level stored in this external database is transmitted to the mobile communication terminal upon request from the mobile communication terminal. Notice. As a result, the amount of security check operations can be reduced even in mobile communication terminals with limited resources such as low processing capacity and limited power supply capacity.

  The above first to fourth embodiments will be described in detail in the following embodiments.

(Embodiment 1)
The first embodiment will be described in detail below. The first embodiment described with reference to FIGS. 1 to 4 is based on a flag indicating whether or not a function for referring to other data is valid when the downloaded software is activated. The present invention relates to a mobile communication terminal that determines the risk level of a mobile phone.

  Here, the native software described in each embodiment in the present application is a program (native code) that can be directly executed by hardware (CPU (Central Processing Unit) or the like). The feature of this native software is that the processing speed is faster when compared with non-native software such as Java (registered trademark) language.

  FIG. 1 is a configuration diagram of a mobile communication terminal 1 according to the present embodiment. Examples of the mobile communication terminal 1 include an in-vehicle communication device, a PDA, a mobile phone, and the like, which correspond to an electronic device having a function capable of receiving software from a server.

  Hereinafter, the mobile communication terminal 1 according to FIG. 1 will be described.

  The mobile communication terminal 1 includes a receiving unit 2 that receives (downloads) software data, and a separating unit 3 that separates profile information associated with the downloaded software data. The separation unit 3 corresponds to separating the profile information and the software main body by a developing program corresponding to the archiver when the software is downloaded in a format in which the profile information and the software main body are combined into one file by the archiver. . However, in addition to this archiver, it is only necessary to separate data and profile information from downloaded software.

  FIG. 20 is a diagram showing an example of the profile information. Here, the profile information may not be attached to the software data. Specifically, only profile information may be received as data. In this case, the separation unit 3 performs processing for sending the profile information or software received by the reception unit 2 to any of the data identification determination unit 4, the function identification determination unit 5, and the data storage unit 7.

  After separation by the separation unit 3, the extracted software is stored in the data storage unit 7 together with the ID of the software. Here, the information stored in the data storage unit 7 is not limited to the software ID, and information that can identify each software may be added to the data and stored.

  In addition, the mobile communication terminal 1 uses the determination results of the data identification determination unit 4 and the function identification determination unit 5 that perform determination based on the profile information extracted by the separation unit 3, and the data identification determination unit 4 and the function identification determination unit 5. A setting unit 9 that determines and sets the risk level of software based on the risk level, a risk level management unit 6 that manages the risk level, and an execution that presents the risk level stored in the risk level management unit 6 on a display unit (not shown) Part 8.

  Here, the risk described in the present embodiment and the other embodiments of the present application refers to the device (or connection) that manages the other external data when the software to be executed refers to the other external data. This corresponds to the possibility of referring to the information stored in the mobile communication terminal that is executing the software by the device (destination) or other device (or connection destination), and is stored as data information.

  The information stored in the mobile communication terminal is, for example, user personal information such as a telephone book and a schedule book. Data such as personal information is stored as internal data in the internal data storage unit 10 of the mobile communication terminal 1.

  The data identification determination unit 4 determines whether the received software data is data downloaded from a reliable download site. This determination is performed by the data identification determination unit 4 based on the management site information of the profile information in FIG. 20 among the profile information extracted by the separation unit 3.

  When the data identification determination unit 4 determines that the software data received is not software downloaded from a reliable download site, the function identification determination unit 5 determines that the downloaded software has data other than this software. It is determined whether or not it has a function to be referred. At this time, the function identification determination unit 5 determines whether or not the value of the user data access function and the value of the network function in the profile information of FIG. 20 are ON. Here, the condition determined by the function identification determination unit 5 may be not only the presence / absence of the user data access function and the network function but also the presence / absence of a function that refers to other external data.

  The risk level management unit 6 stores the software and the risk level of the software in association with each other. When executing the software, the execution unit 8 refers to the risk level corresponding to the software to be executed from the risk level management unit 6 and presents the risk level of the software to be executed to a display unit (not shown). Further, when the user instructs execution of the software, the software is executed. Each component included in the mobile communication terminal 1 is optimally controlled by a control unit (not shown).

  Next, the operation of the mobile communication terminal 1 of FIG. 1 will be described using FIG. 2 and FIG.

  FIG. 2 and FIG. 3 are flowcharts of processing for executing the downloaded software after downloading the software. The operation of the mobile communication terminal 1 when downloading software will be described below.

  The user of the mobile communication terminal 1 has downloaded the application software from the download site with the management site value A shown in FIG.

  In step 20, the separation unit 3 extracts profile information indicating the profile of the downloaded application software from the downloaded application software.

  In step 21, the data identification determination unit 4 determines whether or not the management site value A in the profile information extracted by the separation unit 3 in step 20 is a reliable site value.

  In step 22, the setting unit 9 determines that the data identification determination unit 4 is a site that can trust the value A of the management site (in the case of YES in step 21), and sets the risk level to 0. The risk value shown here is an example. In addition, when safety is completely guaranteed, the risk level may be set to a negative value, or only when the risk is clearly dangerous. You may set the degree.

  The determination as to whether or not the download site is reliable may be made based on whether or not the URL matches the management site URL of the download official site stored in advance, or the download site that has been used in the past can be determined. You may carry out by memorize | storing URL and determining whether it corresponds with this URL. Furthermore, if the mobile communication terminal can receive an authentication method that is prevalent on the Internet, that is, a certificate issued by a trusted certificate authority, the site that sent the certificate is a download site that can be trusted. You may judge.

  In step 23, if the data identification determination unit 4 determines that the value A of the management site is not a reliable site (NO in step 21), the function identification determination unit 5 determines whether the user data access function and the network in the profile information It is determined whether or not the function is valid. Specifically, the function identification determination unit 5 determines whether the flag indicating the user data access function and the flag indicating the network function in the profile information shown in FIG. 20 are ON or OFF. In the present embodiment, the function identification determination unit 5 makes a determination based on a flag indicating the user data access function and a flag indicating the network function. However, the downloaded software is other than this software. The determination may be made based on whether or not it has a function of referring to the external data.

  In the present embodiment, the setting unit 9 makes a determination based on whether or not the flag indicating the user data access function and the flag indicating the network function are ON. The level of risk may be changed by determining whether the flag indicating the network function is ON or OFF. For example, the setting unit 9 may set the risk level to 1 when both of the above functions are OFF, and may set the risk level to 1.5 when only one of the functions is ON.

  In step 24, the setting unit 9 sets the risk level to 2 when both the flag indicating the user data access function and the flag indicating the network function are ON (YES in step 23).

  In step 25, the setting unit 9 sets the risk level to 1 when either the flag indicating the user data access function or the flag indicating the network function is OFF (NO in step 23). Thereafter, the download process ends.

  Here, as shown in FIG. 20, the setting unit 9 is in danger because the network function is OFF and the user data access function is ON as shown in step 25 for the risk level of the application software whose management site value is A. Set the degree to 1.

  FIG. 3 is a flow of the software operation process when the user operates the software after the download process is completed.

  The user instructs to execute the application software whose management site value stored in the data storage unit 7 is A. Then, the execution unit 8 refers to 0000b, which is the ID of application software whose management site value is A.

  In step 30, the execution unit 8 refers to the risk level corresponding to the application software ID 0000b from the risk level management unit 6 using the correspondence shown in FIG.

  In step 31, the execution unit 8 presents the risk level 1 of the application software from the site A referred to in step 30 on a display unit (not shown). Then, the display unit presents the risk level 1 to the user.

  In step 32, after confirming the display of the risk level 1 presented by the display unit, the user determines whether to execute the application software downloaded from the site A.

  Whether or not to execute the application software may be determined by an input means (not shown) of the mobile communication terminal 1, for example, a numeric keypad or other determination buttons. Furthermore, after a predetermined time has elapsed without user input, a preset action (for example, if the user has left the user for a certain period of time after displaying a screen for prompting the user's input, NO is selected) may be performed.

  In step 33, the execution unit 8 presents the degree of risk to the user, and then determines that the user will execute the application software downloaded from the download site whose site management value is A, and executes the application software. (If YES at step 32).

  Thereafter, when the execution of the application software is ended, or when the user determines not to execute the application software (NO in step 32), the operation process of the application software is ended.

  FIG. 4 is a flow for executing the application software immediately after downloading.

  In the software operation process shown in FIG. 4, step 40 performs the download process shown in FIG. 2, and steps 41 to 44 perform the software operation process of FIG. Here, overlapping description is omitted.

  With the configuration of the mobile communication terminal 1 according to the first embodiment as described above, a large amount of computation is required even in a mobile communication terminal in which resource problems such as low processing capacity and limited power capacity occur. Security system that does not.

  Further, the mobile communication terminal 1 according to the first embodiment can notify the user of the degree of software risk without performing a large amount of calculation or analysis. Specifically, personal information of the user of the mobile communication terminal 1 such as a telephone book and a schedule book stored in the internal data storage unit 10 by referring to the execution of software is referred to from an external device or a connection destination. It is possible to determine the possibility of being a risk and notify the user of software with a high risk.

  In this embodiment, the case of downloading application software has been described. However, the present invention is not limited to the download format, and any form may be used as long as the mobile communication terminal can receive the application software.

  The information and data received by the mobile communication terminal are not limited to application software, and may be data such as still images (for example, still images such as jpeg and gif) and moving images (moving images compressed by MPEG4). Good. In particular, the mobile communication terminal of the present invention is effective when receiving software written in binary code.

  The environment for receiving current software is an environment for receiving software desired by a user only from a predetermined download site or performing data communication only with a predetermined site. Here, the designated site is a site provided by a mobile communication carrier company that operates a mobile communication business (hereinafter referred to as an official site). When receiving software and executing software, It is a site that is secured to prevent personal information leaks. When such an official site is used, the received software is written in Java (registered trademark) language. Therefore, the possibility of leakage of personal information, that is, the risk of software is low as long as Java (registered trademark) VM or the like is used.

  However, users who desire a wider variety of software also want an environment where software written in binary code can be downloaded. Depending on the received software, there may be software having a function of performing data communication with other sites. For example, when the received software is a battle game, it is conceivable to exchange data with other users via data communication. However, in the case of software acquired from an official site provided by such a mobile communication carrier company or the like, it is considered that problems such as leakage of personal information do not occur when data is exchanged via data communication.

  However, in an environment where software written in binary code is received and executed, the security of such software provided by such a mobile communication carrier company is not guaranteed. Therefore, if the received software has a function to access other sites, etc., and the access destination is a malicious site, problems such as leakage of user's personal information may occur. There is. Therefore, the present invention is particularly useful in an environment where software written in binary code is received and executed.

  An environment in which native software and Java (registered trademark) software are mixed is also assumed. Therefore, as a modification of the present embodiment, a mobile communication terminal having a determination unit that determines what kind of software the downloaded software is described in detail below.

  FIG. 5 is a diagram showing a mobile communication terminal in a modification of the present embodiment, and FIG. 6 is a diagram showing download processing of the mobile communication terminal shown in FIG.

  The difference from the mobile communication terminal 1 in FIG. 1 is that the software data received by the receiving unit is input to the separating unit 53 via the data determining unit 59.

  The data determination unit 59 determines whether the software data received by the reception unit 52 is native software. The specific determination of the native software is performed based on the ID included in the profile information of the native software.

  A specific download process will be described below with reference to FIG. Except for the download process, the operation is the same as that of the mobile communication terminal 1 shown in FIG.

  In step 60, the data determining unit 59 determines whether the software data received by the receiving unit 52 is native software.

  In step 61, if the software data is native software (YES in step 60), the separation unit 53 extracts profile information indicating the profile of the downloaded software from the downloaded software.

  If the software data received by the receiving unit 52 is not native software (NO in step 60), the process ends. This is because, for example, if the downloaded software is Java (registered trademark) software, there is no need to check security because there is a security system such as Java (registered trademark) VM.

  In step 62, the data identification determination unit 54 determines whether or not the management site information in the profile information extracted by the separation unit 53 in step 61 is a reliable site. An example of the management site information is as shown in FIG.

  In step 63, if the data identification determination unit 4 determines that the software download destination is a reliable site (YES in step 62), the setting unit 67 sets the degree of risk to zero. The risk value shown here is an example. For example, when safety is completely guaranteed, the risk level may be set to minus, or the risk level may be set only when it is clearly dangerous.

  In step 64, it is a case where it is determined by the determination of the data identification determination unit 54 that the software download destination is not a reliable site (NO in step 62), and the function identification determination unit 55 accesses the user data in the profile information. It is determined whether the function and the network function are valid. Specifically, the function identification determination unit 55 determines whether the flag indicating the user data access function and the flag indicating the network function in the profile information shown in FIG. 20 are ON or OFF. In the present embodiment, the function identification determination unit 55 determines the flag indicating the user data access function and the flag indicating the network function, but the downloaded software has a function of referring to the external data of the software. What is necessary is just to be able to determine whether it has.

  In this embodiment, the function identification determination unit 55 determines whether or not the flag indicating the user data access function and the flag indicating the network function are ON. The degree of risk may be varied by determining whether the flag indicating the data access function and the flag indicating the network function are ON or OFF. For example, the setting unit 67 sets the risk level to 1 when both of the above functions are OFF, and sets the risk level to 1.5 when only one of the functions is ON.

  In step 65, when both the flag indicating the user data access function and the flag indicating the network function are ON (YES in step 64), the setting unit 67 sets the degree of risk to 2.

  In step 66, when at least one of the flag indicating the user data access function and the flag indicating the network function is OFF (NO in step 64), the setting unit 67 sets the risk level to 1. Thereafter, the download process ends.

  As a result, even in an environment where native software and software coded in a high-level language such as Java (registered trademark) software are mixed, by identifying the native software, operations required for extra security checks can be performed. It can be reduced and a more efficient security system can be provided.

  Although the mobile communication terminal has been exemplarily described in the present embodiment, it may be an integrated circuit such as an LSI (Large Scale Integration) that controls the operation of each component of the mobile communication terminal. I do not care. In this case, as illustrated in FIG. 25, the integrated circuit 261 controls at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259. Also, the other components shown in FIG. 25 are controlled by, for example, a control unit (not shown) or another integrated circuit. Thereby, the mobile communication terminal 251 having the integrated circuit 261 can perform the operation as described in the above embodiment, and can achieve the effects described in the above embodiment.

  The program is the same as that of the integrated circuit 261, and is described so as to control at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259. The mobile communication terminal 251 having this program can perform the operation as described in the above embodiment, and can achieve the effects described in the above embodiment.

  In the present embodiment, the mobile communication terminal is described. However, a mobile communication method based on operations performed by components of the mobile communication terminal may be used. In this case, any mobile communication method based on operations of at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 256 may be used. Thereby, the operation described in the above embodiment can be performed, and the effects described in the above embodiment can be obtained.

(Embodiment 2)
The second embodiment described with reference to FIGS. 7 to 9 is based on the result of whether or not a function that refers to other data operates when the downloaded software is activated. The present invention relates to a mobile communication terminal that determines a degree.

  FIG. 7 is a configuration diagram of the mobile communication terminal 71 according to the present embodiment. Examples of the mobile communication terminal 71 include an in-vehicle communication device, a PDA, a mobile phone, and the like, and an electronic device having a function capable of receiving software data is applicable.

  Hereinafter, mobile communication terminal 71 in the present embodiment of FIG. 7 will be described.

  The basic configuration of FIG. 7 is the same as that of the mobile communication terminal 1 of FIG. 1, and thus redundant description is omitted, and different configurations will be described in detail below. The configuration that is different between the configuration of the mobile communication terminal 71 in FIG. 7 and the configuration of the mobile communication terminal 1 in FIG.

  The function identification determination unit 75 has already determined that the user data access function and the network function do not function. On the other hand, the function operation determination unit 79 does not actually perform the user data access function and the network function. Determine whether or not to start. Specifically, the user data access function and the network function use a specific I / F (interface) when operating. These I / Fs are provided by a specific library and are determined singly. Therefore, the functional operation determination unit 79 determines whether or not the user data access function and the network function are actually activated by detecting whether or not the specific library is actually used. Moreover, you may detect by methods other than this. Here, the I / F (interface) defines a procedure and format for exchanging data between programs. In particular, a protocol for calling and using functions of an OS (Operating System) and components (partial software) from the outside is called an API (Application Program Interface).

  The risk level is calculated based on the determination result of the functional operation determination unit 79, and the risk level management unit 76 stores the correspondence between the software and the risk level of the software. When executing the software, the execution unit 78 refers to the risk level corresponding to the software to be executed from the risk level management unit 76 and presents the risk level of the software to be executed to a display unit (not shown). Each component included in the mobile communication terminal 71 is optimally controlled by a control unit (not shown).

  Next, FIG. 8 and FIG. 9 are flowcharts of operations for setting the risk level of the mobile communication terminal described in the present embodiment. Since the process for executing the software is the same as that in FIG. 3, the redundant description is omitted, and here, the download process that is a feature of the present embodiment will be described. The download process described here is merely an example, and an alternative method as described in the download process of the first embodiment may be used.

  The user of the mobile communication terminal downloads the application software from the download site whose management site value is O shown in FIG.

  In step 80, the separation unit 73 extracts profile information indicating the profile of the downloaded software from the downloaded software.

  In step 81, the data identification determination unit 74 determines whether or not the management site value O in the profile information extracted by the separation unit 73 in step 80 is a reliable site.

  In step 82, the data identification determination unit 74 determines that the management site value O is a reliable site (YES in step 81), and the setting unit 86 sets the risk level to zero.

  In step 83, the data identification determination unit 74 determines that the site O is not a reliable site (NO in step 81), and the function identification determination unit 75 includes the user data access function and the network function in the profile information. Are determined to be valid. Specifically, the function identification determination unit 75 determines whether the flag indicating the user data access function and the flag indicating the network function in the profile information shown in FIG. 20 are ON or OFF.

  In step 84, the setting unit 86 sets the risk level to 2 when the flag indicating the user data access function and the flag indicating the network function are ON (in the case of YES in step 83).

  In step 85, when at least one of the flag indicating the user data access function and the flag indicating the network function is OFF (NO in step 83), the functional operation determination unit 79 determines whether the user data access function and the network function are It is determined whether or not it is actually operating.

  This function check will be described with reference to FIG.

  In step 90, the functional operation determination unit 79 determines whether or not the user data access function and the network function operate.

  In step 91, when it is determined that the user data access function and the network function do not operate (NO in step 90), the setting unit 86 sets the risk level to 1.

  In step 92, when it is determined that the user data access function and the network function operate (YES in step 90), the setting unit 86 sets the degree of risk to 3.

  As shown in FIG. 20, since the network function and the user data access function are OFF for the application software at site O, the setting unit 86 performs a function check in step 85, and further, the user data access function and the network function. When it is determined that and do not operate, the risk level is set to 1. The setting unit 86 sets the degree of risk to 3 when it is determined that the user data access function and the network function operate.

  The risk level used in the present embodiment is merely an example, and is not limited to this risk level value. For example, in the profile information, these functions may actually operate regardless of whether both the flag indicating the user data access function and the flag indicating the network function are OFF. As described above, when the profile information is different from the actual operation of the software, it can be considered that the software provider has considerable malicious intent. Therefore, in such a case, the degree of danger may be set to 100.

  As described above, in the mobile communication terminal described in the second embodiment, the degree of risk of the downloaded software is based on whether or not a function that refers to other data operates when the downloaded software is activated. It is determined. Thereby, in addition to reducing the calculation amount of the security check, it is possible to increase the reliability of the risk level of the downloaded software.

  Although the mobile communication terminal has been described in the present embodiment, it may be an integrated circuit such as an LSI (Large Scale Integration) that controls the operation of each component of the mobile communication terminal. good. In this case, the integrated circuit controls the functional operation determination unit 79 illustrated in FIG. 7 in addition to at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259 illustrated in FIG. With respect to the other components shown in FIG. 25, for example, a control unit (not shown) or another integrated circuit performs control. Thereby, the mobile communication terminal can perform the operation as described in the above embodiment, and can achieve the effects described in the above embodiment.

  The program is the same as in the case of the integrated circuit, and at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259, as well as the functional operation determination unit 79 shown in FIG. Described. The mobile communication terminal 251 having this program can perform the operation as described in the above embodiment, and can achieve the effects described in the above embodiment.

  In the present embodiment, the mobile communication terminal is described. However, a mobile communication method based on operations performed by components of the mobile communication terminal may be used. In this case, any mobile communication method based on the operation of the functional operation determination unit 79 shown in FIG. 7 in addition to at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259 may be used. Thereby, the operation described in the above embodiment can be performed, and the effects described in the above embodiment can be obtained.

(Embodiment 3)
In the third embodiment, which will be described with reference to FIGS. 10 to 12, when the downloaded software is activated, the determination unit determines whether to activate the software based on a predetermined condition. The present invention relates to a mobile communication terminal.

  FIG. 10 is a configuration diagram of mobile communication terminal 101 according to the present embodiment. The mobile communication terminal 101 includes an in-vehicle communication device, a PDA, a mobile phone, and the like, and corresponds to an electronic device having a function capable of receiving software data from a server. Hereinafter, the mobile communication terminal 101 according to FIG. 10 will be described. Since the basic configuration is the same as that of the mobile communication terminal 1 of FIG. 1, redundant description will be omitted, and only the configuration that is different will be described in detail below.

  The mobile communication terminal 101 includes a determination unit 110 that determines whether to execute software. The determination unit 110 determines whether to execute the software based on the risk stored in the risk management unit 106. Thereby, the determination unit 110 prohibits the user from executing software having a certain risk level.

  Next, the software operation process of the mobile communication terminal described in this embodiment will be described with reference to FIG. Since the processing such as downloading is the same as the processing in the first embodiment or the second embodiment, the redundant description will be omitted, and only the software operation processing will be described here.

  Hereinafter, the software operation process will be described with reference to FIG. FIG. 12 is a flow of the software operation process when the user operates the software after the download process is completed. When the user tries to execute the application software of the download site whose management site value is A stored in the data storage unit 107, the execution unit 108 is the ID of the application software whose management site value is A 0000b. Refer to

  In step 120, the execution unit 108 refers to the risk level corresponding to the ID 0000b of the application software from the risk level management unit 106 as shown in FIG.

  In step 121, the execution unit 108 displays the risk level value (in this case, risk level 1) of the application software from the download site whose management site value referred to in step 120 is A on the display unit (not shown). The display unit presents the risk level 1 to the user.

  In step 122, the determination unit 110 determines whether to execute the application software from the download site whose management site value is A based on the risk level value (risk level 1 in this case) presented by the display unit. decide. Regarding the determination method, if the risk is 3, the software may not be executed, and if the risk is a little, the software may not be executed.

  In step 123, if the user decides to execute the application software from the download site where the value of the management site where the degree of risk is presented is A (YES in step 122), The unit 108 executes this application software. Thereafter, when the software execution is ended, or when the determination unit 110 determines that the user does not execute the software (NO in step 122), the software operation process is ended.

  As described above, in the mobile communication terminal described in the third embodiment, the determination unit determines whether to start the downloaded software based on the degree of risk. Thus, it is possible to reliably prevent the user from executing dangerous software.

  Moreover, in the mobile communication terminal 111 shown in FIG. 11, the user can determine the threshold of the degree of risk for causing the operating unit (not shown) to execute the software. Hereinafter, a description will be given with reference to FIG. Here, the description of the common parts in the configuration, operation processing, and the like shown in the first to third embodiments is omitted to avoid duplication, and only the different parts will be described.

  The threshold value of the risk level input in advance by the user is stored in the storage unit 120. The user inputs 1 as the threshold value of the risk level. Thereafter, when the software is activated, the determination unit 121 determines whether or not the execution unit 118 executes the software based on the information in the storage unit 120. Since the threshold value of the risk level is set to 1 by the user, if the risk level of the software to be executed is 1 or more, the software is not executed. The software operation process at this time is the same as the flow of FIG.

  With the above configuration, a flexible software execution process that allows the user to determine a certain degree of safety and a certain degree of software executability can be performed.

  Although the mobile communication terminal has been described in the present embodiment, it may be an integrated circuit such as an LSI (Large Scale Integration) that controls the operation of each component of the mobile communication terminal. good. In this case, the integrated circuit controls the functional operation determination unit 79 illustrated in FIG. 7 in addition to at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259 illustrated in FIG. With respect to the other components shown in FIG. 25, for example, a control unit (not shown) or another integrated circuit performs control. Thereby, the mobile communication terminal can perform the operation as described in the above embodiment, and can achieve the effects described in the above embodiment.

  The program is the same as in the case of the integrated circuit, and at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259, as well as the functional operation determination unit 79 shown in FIG. Described. The mobile communication terminal 251 having this program can perform the operation as described in the above embodiment, and can achieve the effects described in the above embodiment.

  In the present embodiment, the mobile communication terminal is described. However, a mobile communication method based on operations performed by components of the mobile communication terminal may be used. In this case, any mobile communication method based on the operation of the functional operation determination unit 79 shown in FIG. 7 in addition to at least the data identification determination unit 254, the function identification determination unit 255, and the setting unit 259 may be used. Thereby, the operation described in the above embodiment can be performed, and the effects described in the above embodiment can be obtained.

(Embodiment 4)
The fourth embodiment, which will be described with reference to FIGS. 13 to 19, manages the risk level of software downloaded by the risk level management server, and assigns a risk level to the mobile communication terminal in response to a request from the mobile communication terminal. The present invention relates to a mobile communication system to be notified. A mobile communication system according to the present embodiment will be described with reference to FIG. As shown in FIG. 13, the mobile communication system shown in the present embodiment includes a mobile communication terminal 131 and a risk management server 130.

  When the mobile communication terminal 131 downloads software from the download server 132, the mobile communication terminal 131 can perform security checks on the software to be downloaded by exchanging information with the risk management server 130.

  Hereinafter, each component will be specifically described. First, the risk management server 130 will be described with reference to FIG.

  The risk management server 130 includes a reception unit 141 that receives software usage information from the mobile communication terminal 131, a determination unit 142 that determines whether the software usage information includes defect information, and a determination result of the determination unit 142. A risk update unit 143 that updates the risk level, a setting unit 147 that sets the risk level, a risk level management unit 144 that manages the risk level, an information generation unit 145 that generates information based on the risk level, and information And a transmission unit 146 that transmits the information generated by the generation unit 145 to the mobile communication terminal 131.

  Next, the mobile communication terminal 131 will be described with reference to FIG. The mobile communication terminal 131 separates a receiving unit 151 that receives software to be downloaded from the download server 132, a data storage unit 155 that stores the received software, software data, and profile information associated with the data. Unit 152, a risk information transmission / reception unit 153 that transmits software usage information or receives risk information from the risk management server, and a risk management unit 154 that manages the risk received by the risk information transmission / reception unit 153 And an execution unit 156 for displaying the degree of danger of the software to be executed on a display unit (not shown).

  The operation of the mobile communication terminal having the above configuration will be described with reference to FIGS. FIG. 16 is a flow when the user a operates the downloaded software.

  First, in step 160, the user a downloads the ID0000x Middleware shown in FIG.

  Thereafter, in step 161, the downloaded middleware is executed.

  In step 162, it is checked whether or not there is a defect in the middleware executed by the user a. Here, the failure means that when the software is executed, the data of the mobile communication terminal is broken, the personal information is transmitted to another site, or the mobile communication terminal is in a freeze state that does not accept the operation. This is a disadvantage for the user. Also, software defect information indicating that the software has failed is stored in the data storage unit 155 together with the software data. However, the present invention is not limited to this, and another storage unit may be provided and stored therein.

  In step 163, if a problem occurs in the execution software, software defect information is transmitted to the risk management server 130 (in the case of YES in step 162). Thereafter, the software operation process is terminated. Further, in step 163 in FIG. 16, when the risk management server 130 receives software defect information sent from the mobile communication terminal 131, the risk of software having the defect information sent from the mobile communication terminal 131 is detected. Update the degree.

  Software risk update processing by the risk management server 130 will be described with reference to FIG. FIG. 17 is a flowchart of risk update processing by the risk management server 130.

  In step 170, the receiving unit 141 receives software usage information from the mobile communication terminal 131. Here, as the software usage information, for example, “−1” is set when there is a defect in the software, and “1” is set when there is no defect in the software. In addition to the above format, the risk management server may process the defect information transmitted from the mobile communication terminal 131 in a text format into a format suitable for storage. Further, the software usage information may be transmitted after the user a executes the software once. Further, in order to further improve the determination accuracy of the risk level, the software usage information may be transmitted after execution for a predetermined period.

  In step 171, if there is software usage information (YES in step 170), the determination unit 142 determines whether the software usage information includes defect information.

  In step 172, if there is no defect information in the software usage information (NO in step 171), the setting unit 147 sets the value to be added to the risk level to -1. For example, if the failure information is not included in the software usage information of the middleware downloaded from the site whose management site value is C, the value added to the risk is set to -1.

  In step 173, the setting unit 147 sets a value to be added to the risk level to 1 when the software usage information includes defect information (YES in step 171). For example, if the failure information is included in the software usage information of the middleware downloaded from the site having the management site value C, the setting unit 147 sets the value to be added to the risk level to 1.

  In step 174, the risk level to be added is incremented by the added value. For example, if the risk level of the middleware downloaded from a site whose management site value is C is 5, and the software usage information does not include defect information, the setting unit 147 sets a value to be added to the risk level. Set to 1 and set the risk level to 4. Thereafter, when another user b downloads the Middleware from the site C, the user b can inquire the risk management server 130 about the risk of the downloaded software. As a result, the user b can know the danger level of the middleware downloaded from the site whose management site value is C.

  Hereinafter, a flow in which the user b inquires the risk management server 130 about the risk will be described with reference to FIG. FIG. 18 is a flowchart of the risk presentation process by the risk management server 130.

  In step 180, the reception unit 141 receives an inquiry about the risk information from the mobile communication terminal of the user b.

  In step 181, if the reception unit 141 has received an inquiry about the degree of risk information from the mobile communication terminal (YES in step 180), the degree of risk of the software inquired from the user b is the risk management. It is checked whether it is stored in the unit 144.

  In step 182, if there is no risk level of the inquired software in the risk level management unit 144 (NO in step 181), the fact is transmitted to the user b.

  In step 183, when the risk level of the inquired software is in the risk level management unit 144 (YES in step 181), the risk level table stored in the risk level management unit 144 is referred to. An example of the risk level table is as shown in FIG.

  In step 184, the value of the risk level of the middleware downloaded from the site whose management site value referred to in step 183 is C (in this case, risk level 1) is transmitted from the transmission unit 146 to the user b. Thereby, the user b can know the danger level of the middleware downloaded from the site whose management site value is C.

  As described above, the risk of the software to be downloaded can be managed by exchanging data between the mobile communication terminal 131 and the risk management server 130.

  A series of operations until the user b downloads Middleware from a site whose management site value is C and executes it based on the degree of risk managed by the mobile communication system will be described with reference to FIG.

  In step 190, the user b downloads Middleware from a site whose management site value is C.

  In step 191, the user b inquires of the risk management server 130 whether there is risk level information regarding the middleware of the site whose management site value is C.

  In step 192, the risk information transmitting / receiving unit 153 receives the inquiry result.

  In step 193, if there is risk level information as a result of the inquiry, the risk level is displayed on a display unit (not shown). If there is no risk level information as a result of the inquiry, a message to that effect is displayed.

  In step 194, as a result of the display of the risk level, the user b determines whether to execute the software.

  In step 195, when the user b executes the software (YES in step 194), the control unit (not shown) executes the software.

  With the above configuration, the risk level of the software to be downloaded is managed by the external database, and the risk level is notified to the mobile communication terminal at the request of the mobile communication terminal.

  As a result, the amount of security check operations can be reduced even in mobile communication terminals with limited resources such as low processing capacity and limited power supply capacity.

  In the inventions described in the first to fourth embodiments, it is possible to notify the user of the degree of danger by light as shown in FIG. For example, when the risk level of the currently executed software is high, a red LED can be turned on, and when the risk level is low, a blue light LED can be turned on. The higher the degree of danger, the stronger the red color can be lit, and the lower the degree of danger, the more blue the color can be lit.

  Further, as shown in FIG. 23, a danger meter may be provided to display the danger degree of the currently executed software so that it can be visually recognized. As a result, even if the risk is high, even if the user executes it by mistake, the user can know the risk level of the software currently being executed, and can make a re-determination as to whether or not the software can be executed. it can.

  Further, as shown in FIG. 24, the risk level table stored in the risk level management unit 246 can be stored in an external storage means such as a removable external memory card.

  This makes it easy to update the degree of risk, reduces the load caused by the security check calculation even in mobile communication terminals with limited resources such as low processing capacity and limited power supply capacity.

  The configuration of the mobile communication terminal of the present invention shown in the first to fourth embodiments is merely an example, and the present invention is not limited to the above-described embodiments, and the scope of the present invention. Various modifications are possible without departing from the above.

  According to the present invention, it is possible to provide a communication terminal capable of reducing the amount of security check calculation.

Configuration diagram of mobile communication terminal according to Embodiment 1 of the present invention Fig. 5 is a flowchart of download processing of the mobile communication terminal according to the first embodiment of the present invention. FIG. (1) of the flow of software operation processing of the mobile communication terminal in Embodiment 1 of the present invention FIG. (2) of the flow of the software operation process of the mobile communication terminal in Embodiment 1 of this invention Configuration diagram of mobile communication terminal according to Embodiment 2 of the present invention The figure of the flow of the download process of the mobile communication terminal in Embodiment 2 of this invention Configuration diagram of mobile communication terminal according to Embodiment 3 of the present invention The figure of the flow of the download process of the mobile communication terminal in Embodiment 3 of this invention The figure of the flow of the function check process of the mobile communication terminal in Embodiment 3 of this invention Configuration diagram (1) of mobile communication terminal in a modification of the third embodiment of the present invention Configuration diagram of mobile communication terminal in modification of embodiment 3 of the present invention (2) The figure of the flow of the software operation | movement process of the mobile communication terminal in the modification of Embodiment 3 of this invention. Configuration diagram of mobile communication system according to Embodiment 4 of the present invention Configuration diagram of risk management server in Embodiment 4 of the present invention Configuration diagram of mobile communication terminal according to Embodiment 4 of the present invention FIG. (1) of the flow of the software operation process of the mobile communication terminal in Embodiment 4 of this invention FIG. 10 is a flowchart of the risk update of the risk management server according to the fourth embodiment of the present invention. The flowchart of the danger information presentation process of the risk management server in Embodiment 4 of this invention FIG. (2) of the flow of the software operation process of the mobile communication terminal in Embodiment 4 of this invention Figure of profile information of the present invention Diagram of risk management table of the present invention Presentation of the degree of danger in the mobile communication terminal of the present invention (1) Presentation of the degree of risk in the mobile communication terminal of the present invention (2) Configuration diagram of a mobile communication terminal that updates the degree of danger using a recording medium Configuration diagram of mobile communication terminal

Explanation of symbols

1, 51, 71 Mobile communication terminal 2, 52, 72 Receiver 3, 53, 73 Separating unit 4, 54, 74 Data identification determination unit 5, 55, 75 Function identification determination unit 6, 56, 76 Risk management unit 7, 57, 77 Data storage unit 8, 58, 78 Execution unit 10, 68, 87 Internal data storage unit

Claims (18)

In a communication terminal that can refer to the other data by a reference function that refers to other data that is a function of the predetermined data,
A receiving unit that receives the predetermined data, a data identifier that identifies whether the predetermined data is valid data, and a function identifier that indicates whether the reference function is valid;
A data identification determination unit for determining whether or not the predetermined data is valid data by the data identifier;
When the data identification determination unit determines that the predetermined data is not valid data, a function identification determination unit that determines whether or not the reference function is valid based on the function identifier;
An internal data storage unit for storing internal data;
Based on the determination result of the function identification determination unit, a setting unit that sets the possibility that the internal data is referred to from the outside of the communication terminal as data information;
A mobile communication terminal comprising: The said setting part is provided with setting the possibility that the said internal data will be referred from the place which has the said other data as data information based on the determination result of the said function identification determination part. The mobile communication terminal described. The mobile communication terminal according to claim 1 or 2, wherein the internal data is personal data of a user. 4. The method according to claim 1, wherein when the function identification determination unit determines that the reference function is valid, the setting unit sets the data information as first data information. The mobile communication terminal according to the above. The mobile communication terminal according to claim 4, wherein when the function identification determination unit determines that the reference function is not valid, the setting unit sets the data information as second data information. The second data information is set by the setting unit as data information indicating that the internal data is less likely to be referred to from outside the mobile communication terminal than the first data information. The mobile communication terminal according to claim 5, wherein the mobile communication terminal is characterized. Further, when the function identification determination unit determines that the reference function is not valid, whether or not library data describing a predetermined interface function used when operating the reference function is referred to by the predetermined data 5. The mobile communication terminal according to claim 1, further comprising: a functional operation determination unit configured to determine whether the data information is set based on a determination result by the functional operation determination unit. When the function operation determining unit determines that the library data describing the predetermined interface function is referred to, the setting unit sets the data information to third data information,
8. The setting unit sets the data information to fourth data information when the functional operation determination unit determines that the library data describing the predetermined interface function is not referred to. The mobile communication terminal described. The third data information is set by the setting unit as data information indicating that the internal data is less likely to be referred to from outside the mobile communication terminal than the fourth data information. The mobile communication terminal according to claim 8, wherein the mobile communication terminal is characterized. The mobile communication according to any one of claims 7 to 9, wherein the predetermined interface function is a function for exchanging data between the mobile communication terminal and the outside of the mobile communication terminal. Terminal. The mobile communication terminal according to any one of claims 7 to 9, wherein the predetermined interface function is a function for calling a function used for the predetermined data from outside the mobile communication terminal. Furthermore, a data determination unit that determines whether the predetermined data is binary data;
A presentation unit that presents the data information when the data determination unit determines that the predetermined data is binary data;
The mobile communication terminal according to any one of claims 1 to 11, further comprising: An execution unit for executing the predetermined data;
A determination unit that determines whether to execute the execution unit based on whether the data information satisfies a predetermined value;
The mobile communication terminal according to any one of claims 1 to 12, further comprising: A storage unit for storing a signal for determining the predetermined value;
The mobile communication according to claim 13, wherein the determination unit determines whether to execute the execution unit based on whether the data information satisfies a predetermined value based on the signal. Terminal. In the mobile communication method capable of referring to the other data by a reference function that refers to other data that is a function of the predetermined data,
Based on the predetermined data, a data identifier that identifies whether the predetermined data is valid data, and a function identifier that indicates whether the reference function is valid,
A data identification determination step for determining by the data identifier whether the predetermined data is valid data;
A function identification determination step for determining whether or not the reference function is valid by the function identifier when the data identification determination unit determines that the predetermined data is not valid data;
A setting step for setting, as data information, the possibility of referring to internal data stored in internal data from the outside of the communication terminal based on the determination result of the function identification determination unit;
A mobile communication method comprising: In a communication terminal program that executes referring to the other data by a reference function that refers to other data that is a function of the predetermined data,
Whether the predetermined data is valid data based on the predetermined data, a data identifier that identifies whether the predetermined data is valid data, and a function identifier that indicates whether the reference function is valid A data identification determination step for determining whether or not by the data identifier;
A function identification determination step for determining whether or not the reference function is valid by the function identifier when the data identification determination unit determines that the predetermined data is not valid data;
A setting step for setting, as data information, the possibility of referring to internal data stored in internal data from the outside of the communication terminal based on the determination result of the function identification determination unit;
A mobile communication program characterized in that the program is executed. In a semiconductor element that performs an operation of referring to the other data by a reference function that refers to other data that is a function of the predetermined data,
Based on the predetermined data, a data identifier that identifies whether the predetermined data is valid data, and a function identifier that indicates whether the reference function is valid,
A data identification determination operation for determining whether or not the predetermined data is valid data by the data identifier;
When the data identification determination unit determines that the predetermined data is not valid data, a function identification determination operation for determining whether or not the reference function is valid based on the function identifier;
Based on the determination result of the function identification determination unit, a setting operation for setting, as data information, the possibility of referring to internal data stored in an internal data storage unit from the outside of the communication terminal;
An integrated circuit characterized in that A receiving unit that receives predetermined data information that is information related to predetermined data from the first communication terminal;
A risk storage unit storing a correspondence between the risk based on the predetermined data information and the predetermined data;
A transmission unit that transmits the degree of risk of the predetermined data requested by the second communication terminal to the second communication terminal;
A mobile communication system comprising:

Images