JP2008130051A - Function lock control device and function lock control method - Google Patents

Abstract

[PROBLEMS] To solve a problem relating to safety in the case of realizing a scenario of locking a peripheral device connected to a specific terminal from a remote server or an external device.
A function lock control device 20 according to the present invention includes a function management unit 21 that hierarchically manages function types that specify functions available in a terminal A, a lock control request for a specific function, and the lock control. A session management unit 22 that manages the request source in association with each other, and a lock state management unit 23 that manages the lock state of the function specified by the function type in each layer. When the lock control request for the function specified by the function type of the first layer is received, the lock state of the function specified by the function type of the first layer is updated, and the function specified by the function type of the second layer is updated. Update the lock status.
[Selection] Figure 1

Description

  The present invention is provided in a terminal having a secure domain and a non-secure domain, such as a mobile phone, a PDA (Personal Digital Assistant), and a PC (Personal Computer), and a function lock for controlling functions usable in the terminal. The present invention relates to a control device and a function lock control method for controlling functions available in such a terminal.

  Conventionally, a hardware-based access control technology for peripheral devices connected to a terminal having two domains, a secure domain and a non-secure domain, is known (see Patent Document 1).

  As shown in FIG. 14, according to the above-described access control technique, the peripheral device control apparatus 20 in the secure domain (domain 1) performs access restriction from the non-secure domain (domain 2) to the peripheral device 12. The setting of the peripheral device access control apparatus 11A can be changed, and the use of the peripheral device 12 from the domain 2 can be locked.

  The locked peripheral device 12 can be used from the domain 1 while refusing access from the domain 2 by the access control technique described above.

  By applying such an access control technique, it is possible to lock a peripheral device connected to a specific terminal, such as a camera function or an IC card function, from a remote server or an external device.

  Specifically, a lock request message including a camera function lock request is transmitted from the server managing the specific terminal to the specific terminal, and the peripheral device control device 20 in the domain 1 transmits the lock request message. Upon receipt, the setting of the peripheral device access control apparatus 11A can be changed to make it impossible to access the camera function from the domain 2.

According to the above access control technology, since it uses a hardware access control mechanism, it is resistant to attacks that attempt to invalidate or bypass locks by malicious software such as viruses, and is highly secure. Can be realized.
US20050114616

  However, when the above-described access control technology is applied to realize a scenario in which a peripheral device connected to a specific terminal is locked from a remote server or an external device, there are the following safety problems.

  First, according to the above-described access control technology, there is a problem that there is a high possibility that lock leakage occurs in various and dynamic terminal configurations.

  Here, the configuration of various terminals refers to whether each terminal has one or two cameras (such as a main camera and a sub-camera) or no camera, 3G cellular or wireless LAN ( This means that which of the plurality of communication devices such as WiFi, Bluetooth (registered trademark), IrDA, etc. is mounted depends on the model of each terminal and the state of customization.

  Furthermore, the various terminal configurations mean that not only the peripheral devices but also the software installed in each terminal differs depending on the model of each terminal and the state of customization.

  For example, as for the positioning function for acquiring position information, there are terminals equipped with a GPS positioning function, terminals equipped with a cellular-based positioning function and a WiFi-based positioning function, and no positioning function at all. Various configurations such as a terminal, a terminal having any of these positioning functions, and a terminal having a plurality of positioning functions are conceivable.

  Here, if you want to lock a peripheral device such as a camera or communication device, simply locking only the main camera or cellular phone is equipped with a sub-camera or wireless LAN depending on the terminal configuration. appear.

  Similarly, when the positioning function is locked, if not only the GPS but also the cellular-based positioning function is not locked, the locking is not complete, and there is a problem of lock leakage due to various terminal configurations.

  On the other hand, the dynamic terminal configuration refers to a case where peripheral devices are attached to a general-purpose external interface such as SDIO (Secure Digital Input / Output Card) or USB (Universal Serial Bus) at any time.

  Further, not only the hardware configuration change as in the peripheral device but also a case where new software is incorporated in the terminal by adding an application, middleware, or OS function is included.

  For example, by newly installing WiFI-based positioning software on the terminal, the software configuration of the terminal changes.

  Here, when the camera built in the terminal is locked including the main camera and the sub camera, when a digital camera card based on the SDIO interface is newly installed, the lock is not applied to the peripheral device. There is a problem that a lock leak occurs.

  Similarly, when the WiFi-based positioning software is installed in a state where the positioning function is locked, it is necessary to lock the positioning function, but there is a problem that such a lock leaks.

  Secondly, according to the above-described access control technique, there is a problem that there is a possibility of unauthorized unlocking due to lack of a function for associating lock control requests from a plurality of request sources.

  That is, according to the above-described access control technique, there is a problem that a lock request from one request source may be invalidated by a lock release request from another request source.

  As a plurality of request sources, in the case of a terminal connected to a company system, a server of a company server or a communication operator is assumed, or a server provided by a public institution is assumed.

  On the other hand, if the lock is not correctly released due to a failure of the request source, there is a safety problem that the software built in the peripheral device or the terminal cannot be used forever and the convenience and availability are impaired.

  Thirdly, according to the above-described access control technology, there is a problem in that there is a drawback in measures against initialization by restarting the terminal.

  That is, according to the above-described access control technique, there is a problem that, when the setting of the function lock is erased by the restart, the lock may be invalidated.

  Fourthly, according to the above-described access control technique, there is a problem that there is a possibility of failure due to function lock.

  That is, according to the above-described access control technology, if an application or the like locks the function of the peripheral device or the software while the function of the peripheral device or the software is being used, the application is abnormally terminated or malfunctioned. There was a problem that there was a possibility of causing a malfunction such as.

  Therefore, the present invention has been made in view of the above-described problems, and a scenario for locking functions such as peripheral devices connected to a specific terminal and software incorporated in the specific terminal from a remote server or an external device. An object of the present invention is to provide a function lock control device and a function lock control method capable of solving the problems related to safety when realizing the above.

  A first feature of the present invention is a function lock control device that is provided in a terminal having a secure domain and a non-secure domain, and that controls a function that can be used in the terminal, the function specifying the function A type, a function management unit configured to manage hierarchically, a lock control request for updating a lock state indicating whether access to the function from the non-secure domain is restricted, and The session management unit is configured to manage the lock control request in association with the request source, and is configured to manage the lock state of the function specified by the function type in each layer. A lock state management unit, and a function access control device that restricts access to the function according to the lock state. A control command output unit configured to generate a command, and an access control device management configured to transmit the control command generated by the control command output unit to the functional access control device And when the lock state management unit receives the lock control request for the function specified by the function type of the first layer, the lock state management unit displays the lock state of the function specified by the function type of the first layer. The gist is that the lock state of the function specified by the function type of the second hierarchy belonging to the function class of the first hierarchy is updated while being updated.

  According to this invention, since the function types that specify functions of peripheral devices, applications, middleware, etc. are managed hierarchically, when a lock control request (lock request or unlock request) for a specific function is received. The lock control request can be applied to the functions specified by the same function type at the same time.

  For example, according to this invention, when a lock control request for a peripheral device (function) specified by the group type “camera group” is received, the individual types “rear camera” and “ The lock control request is applied to a plurality of cameras (camera main camera, sub camera, etc.) specified by “front camera” without omission, and individual types “cellular” and “wireless LAN” belonging to group type “communication group” And the lock control request can be applied to a plurality of communication devices specified by “Bluetooth (registered trademark)” or the like without omission.

  Furthermore, according to this invention, when a lock control request for software specified by the group type “location information acquisition function group” is received, the individual type “GPS” belonging to the group type “position information acquisition function group” The lock control request can be applied to a plurality of positioning functions specified by the “NW base positioning function” and the “WiFI base positioning function” without omission.

  Further, according to the invention, even when a lock control request for a specific function from a plurality of request sources is received, the request source of the lock control request can be managed, so that the lock state of the function Can be set correctly.

  In the first feature of the present invention, the lock state management unit is configured to hold the lock state in a permanent storage, and the control command output unit is configured to output the lock state management unit when the terminal is activated. The control command may be generated according to a lock state of the function managed by the control function.

  According to this invention, even when the terminal is restarted, the lock state of each function can be correctly reflected.

  In the first feature of the present invention, a state notification unit configured to notify the outside that the lock state of the function is to be updated before the control command is transmitted by the access control device management unit. You may have.

  According to this invention, the operating system (OS) or middleware that has received the notification from the status notification unit terminates the application using the function such as a specific peripheral device or software, thereby preventing the occurrence of abnormal operation. can do.

  In the first aspect of the present invention, a state response unit configured to respond to an inquiry about the lock state of the function from the outside may be provided.

  According to this invention, whether an application, middleware, or OS has a function of a specific peripheral device, software, or the like locked (not available), or can a function of the peripheral device, software, etc. be used? And whether the functions of the peripheral device and software are locked, or whether the functions of the peripheral device and software are in an abnormal state.

  In the first aspect of the present invention, the device includes a function monitoring unit configured to detect that the function is available in the terminal, and the control command output unit includes the function in the terminal. When it is detected that the function is available, the control command may be generated according to the lock state of the function managed by the lock state management unit.

  According to this invention, at the timing when a specific peripheral device is mounted on the terminal (or when a specific application, middleware, or device driver is incorporated in the terminal), the peripheral device (or application or middleware is instantly). And device driver) can be reflected.

  In the first aspect of the present invention, when a forced lock release request for forcibly requesting release of access restriction to the function from the non-secure domain is received, the function managed by the session management unit A forced lock control unit configured to delete the association between the lock control request and the request source of the lock control request for the function may be provided.

  According to this invention, even when the request source cannot correctly release the locked state of a specific function due to a failure or the like, the lock on the function can be released.

  In the first feature of the present invention, when the time limit included in the received lock control request for the function has elapsed, the session management unit requests the lock control request for the function and the request for the lock control request for the function. It may be configured to delete the association with the original.

  According to this invention, even when the terminal is out of the communication service range or when the request source has failed, even when the lock release request from the request source cannot be received, the lock for the specific function is performed. It can be released safely, and convenience and availability can be provided to the user.

  In the first aspect of the present invention, the function may be a peripheral device connected to the terminal, or software embedded in the terminal.

  A second feature of the present invention is a function control method for controlling a function that can be used in a terminal having a secure domain and a non-secure domain, wherein the function type specifying the function In order to update the function lock state indicating whether or not access to the function from the non-secure domain is restricted, and a process of managing for each function type of the second hierarchy belonging to the function classification of the first hierarchy A lock control request for the function and a lock control request request source for the function in association with each other, a lock state of the function specified by the function type of the first hierarchy and the function type of the second hierarchy And a control command for a function access control device that restricts access to the function according to the lock state. And a step of transmitting the control command generated by the control command output unit to the function access control device, and in the step of managing the lock state, according to the function type of the first hierarchy When the lock control request for the specified function is received, the lock state of the function specified by the function type of the first layer is updated, and the function type of the second layer belonging to the function type of the first layer The gist is to update the lock state of the function specified by.

  As described above, according to the present invention, safety can be achieved when a scenario for locking a peripheral device connected to a specific terminal or a software function incorporated in the specific terminal from a remote server or external device is realized. It is possible to provide a function lock control device and a function lock control method capable of solving the problem relating to the reliability.

(Configuration of Function Lock Control Device According to First Embodiment of the Present Invention)
With reference to FIG.1 and FIG.2, the structure of the function lock control apparatus 20 which concerns on the 1st Embodiment of this invention is demonstrated. In this embodiment, a scenario for locking a peripheral device is handled.

  In the present embodiment, the terminal A is configured to include a hardware-based peripheral device access control apparatus 11A. The peripheral device access control apparatus 11A is a type of function access control apparatus, and in the second embodiment to be described later, handles a software-based access control apparatus.

  As shown in FIG. 1, the terminal A including the function lock control device 20 according to the present embodiment has a secure domain (domain 1) and a non-secure domain (domain 2) in the same manner as the configuration of Patent Document 1 described above. Has two domains.

  Specifically, the function lock control device 20 is arranged in the domain 1 of the terminal A, receives a lock control request from an external server, a lock request source B such as the domain 2, and the like, and is a hardware-based peripheral device access control device By controlling 11A, the use of the peripheral device 12 with respect to the domain 2 is locked and unlocked.

  As shown in FIG. 1, the function lock control device 20 includes a function management unit 21, a session management unit 22, a lock state management unit 23, a control command output unit 24, an access control management unit 25, and a function monitoring unit. 26, a status notification unit 28, a status response unit 29, and a forced lock control unit 30.

  Communication means for receiving a lock control request from an external server that is the lock request source B includes cellular communication, wireless LAN, Bluetooth (registered trademark), infrared light, non-contact IC card (such as Felica), and the like. Regardless of the communication method or communication medium.

  The function management unit 21 is configured to hierarchically manage function types that specify functions available in the terminal A. In the present embodiment, the function management unit 21 hierarchically manages peripheral device types (a type of function type) that specify the peripheral devices 12 (a type of function) connected to the terminal A. It is configured.

  For example, in this embodiment, the function management unit 21 uses the lock state management table shown in FIG. 2 as the peripheral device type “group type (such as“ camera group ”,“ display group ”,“ communication group ”). “Peripheral device type of the first layer, higher-level peripheral device type)” and “individual type (second layer belonging to the peripheral device type of the first layer) such as“ rear camera ”,“ wireless LAN ”,“ front display ”, etc. Two peripheral device types and lower-level peripheral device types).

  Note that the function management unit 21 may manage information about the connection form for the terminal A such as a built-in wireless LAN or external Bluetooth (registered trademark) as the peripheral device type.

  In the example of FIG. 2, two levels of “group type” and “individual type” are illustrated as a hierarchical structure, but the function management unit 21 manages peripheral device types by a more detailed hierarchical structure. It may be configured to. Further, one peripheral device type may be configured to belong to a plurality of higher-level peripheral device types.

  The session management unit 22 updates “lock state” indicating whether or not access from the domain 2 (non-secure domain) to a specific function (peripheral device 12 in this embodiment) is restricted. The control request "and the request source (lock request source B) of the lock control request are associated with each other and managed.

  Specifically, the session management unit 22 accepts a lock control request (lock request or unlock request) including designation of the peripheral device type from the external lock request source B using the lock state management table shown in FIG. The lock control request and the lock request source B are managed in association with each other.

Specifically, when the session management unit 22 receives a lock request from the lock request source B, the session management unit 22 selects the peripheral device type (“group type” or “individual type”) specified by the lock request. The identifier of the lock request source B is added to the lock state management table. The identifier of the lock request source B is, for example, a host name, an IP address, a random value generated by the lock request source B, or a combination thereof.
On the other hand, when the session management unit 22 receives an unlock request from the lock request source B, the session management unit 22 assigns the identifier of the lock request source B to the peripheral device type specified by the unlock request. Delete from.

  The lock state management table shown in FIG. 2 includes “camera group”, “display group”, and “communication group” as “group type”, and “rear camera” and “front camera” as “individual type”. And the type of the individual peripheral device 12 is included.

  Here, in the lock state management table shown in FIG. 2, “request source 1” is registered as the lock request source B for the group type “camera group”, and for the individual type “cellular”. “Request source 2” and “Request source 4” are registered as the lock request source B, and “Request source 3” is registered as the lock request source B for the individual type “wireless LAN”.

  For example, the session management unit 22 can identify the lock request source B by using the identifier specified in the lock control request transmitted by the lock request source B as a key.

  Here, such an identifier may be determined by the lock request source B or may be determined by the session management unit 22.

  In addition, the session management unit 22 may authenticate the lock request source B, or may reject a lock control request from an unregistered lock request source B.

  Furthermore, the session management unit 22 may reject the lock control request from the lock request source B that does not have the authority to control the lock state of the peripheral device type specified in the lock control request.

  For example, the presence or absence of authority may be determined by holding a list of lock request sources having authority for each peripheral device type in the lock state management table.

  The message format of the lock control request can be represented by a set of (identifier, lock control request type (lock request or unlock request), peripheral device type), for example, (123, lock request, “camera group”). Or (456, unlock request, “wireless LAN”).

  Furthermore, the message format of the lock control request may include lock requests for a plurality of peripheral devices at the same time, such as (124, lock request, “camera group, main speaker”).

  The lock control request may be given a time restriction specification such as “time interval” or “time range”.

  For example, when (123, lock request, “camera group”, “120 minutes”) is specified in the lock control request, a time limit for “time interval” of “120 minutes (2 hours)” is required. It is given to the lock control request.

  In the lock control request, (123, lock request, “camera group”, “12: 0 to 13:00”) or (123, lock request, “camera group”, “until 13:00”) is designated. In this case, a time limit for the “time range” of “12:00 to 13:00” or “until 13:00” is given to the lock control request.

  In such a case, when the time limit included in the received lock control request for the peripheral device 12 has elapsed, the session management unit 22 determines that the lock control request for the peripheral device 12 and the lock control request from the lock state management table shown in FIG. The association with the request source (lock request source B) of the lock control request for the peripheral device 12 is deleted.

  The lock state management unit 23 is configured to manage the lock state of the function specified by the function type in each layer. In the present embodiment, the lock state management unit 23 is configured to manage the lock state of the peripheral device 12 specified by the peripheral device type (“group type” or “individual type”) in each layer.

  For example, the lock state management unit 23 has received a lock request from at least one lock request source B for a certain peripheral device type in the lock state management table shown in FIG. When “request source” is registered in the list), it is set that the peripheral device 12 specified by the peripheral device type is in a locked state (in FIG. 2, “Set” in the locked state column is set). Corresponding to this).

  On the other hand, when the lock request from the lock request source B has not been transmitted to a certain peripheral device type in the lock state management table shown in FIG. If the peripheral device is not registered in the list), the peripheral device specified by the peripheral device type is set to be unlocked.

  Further, the lock state management unit 23 is a permanent storage (external storage such as a flash ROM, a hard disk, or a memory card) that retains recorded data (for example, information related to the lock state) even when the terminal A is turned off. It may be constituted by.

  Further, when the lock state management unit 23 receives a lock control request for the function (peripheral device 12) specified by the function type of the first layer (the “group type” that is the peripheral device type of the first layer), the lock state management unit 23 Update the lock state of the function (peripheral device 12) specified by the function type (“group type”) of the first layer, and the functions of the second layer belonging to the function type (“group type”) of the first layer The lock state of the function (peripheral device 12) specified by the type (“individual type” which is the peripheral device type of the second hierarchy) is updated.

  Specifically, when a lock request for each group type is received, the lock state management unit 23 sets the lock state corresponding to the group type to “Set” and then sets the lock type to the individual type belonging to the group type. The corresponding lock state is set to “Set”.

  In the example of FIG. 2, since the lock request for “camera group” is received, the lock state corresponding to “rear camera” and “front camera” is also set to “Set”.

  The control command output unit 24 is in a locked state (locked state or unlocked state) for each function (peripheral device 12 in this embodiment) managed by the lock state management unit 23. Accordingly, a control command for a function access control device (peripheral device access control device 11A in this embodiment) that restricts access to each function (peripheral device 12 in this embodiment) is generated. .

  The control command output unit 24 may output a control command for setting all of the lock states for each peripheral device 12 or change only the difference from the current state of the peripheral device access control apparatus 11A. A control command may be output.

  The control command output unit 24 controls the peripheral device access control apparatus 11A according to the lock state of the peripheral device 12 managed by the lock state management unit 23 when the terminal A is started (including restart by reset). It may be configured to generate a command.

  In addition, when the control command output unit 24 detects that a specific function is available in the terminal A (specifically, when the connection of the peripheral device 12 is detected), the control command output unit 24 performs lock state management. The control command of the peripheral device access control apparatus 11A may be generated according to the lock state of the peripheral device 12 managed by the unit 23.

  Note that the connection of the peripheral device 12 may be detected by a notification from the OS or an interrupt from hardware (for example, a controller of the peripheral device), or a notification from the function monitoring unit 26 ( The connection of the peripheral device 12 may be detected based on an on-demand or fixed period).

  The access control device management unit 25 is configured to transmit the control command generated by the control command output unit 24 to the function access control device (peripheral device access control device 11A in this embodiment).

  Note that the access control device management unit 25 may be configured to confirm that the control command is correctly executed by the peripheral device access control device 11A, or when the execution of the control command fails. Alternatively, the control command may be retransmitted.

  The function monitoring unit 26 is configured to detect that a specific function is available in the terminal A. In the present embodiment, the function monitoring unit 26 is configured to detect the connection of the peripheral device 12 to the terminal A.

  The function monitoring unit 26 may be configured to periodically notify the control command output unit 24 of the detection result.

  The state notification unit 28 is configured to lock the peripheral device 12 before the above-described control command is transmitted by the access control device management unit 25 (that is, before performing a lock on the peripheral device 12 specified by a certain type). Is updated (scheduled to execute lock) to the outside (OS 70, middleware 60, application 50, etc. in domain 2).

  The state response unit 29 is configured to respond to an inquiry about a lock state of a specific function (in the present embodiment, the peripheral device 12) from the outside (OS, middleware, application, etc.).

  When the compulsory lock control unit 30 receives a compulsory lock release request that compulsorily requests the release of an access restriction to a specific function (peripheral device 12 in this embodiment) for the non-secure domain (domain 2), A lock control request for a specific function (peripheral device 12 in this embodiment) managed by the session management unit 22 and a request source (lock request) for a lock function request for a specific function (peripheral device 12 in this embodiment) It is configured to delete (initialize) the association with the original B).

  The forced lock control unit 30 may be configured to authenticate the lock request source that has transmitted the forced lock release request.

  In such a case, the forced lock control unit 30 may be configured to accept only a forced lock release request from a specific lock request source B, for example, according to the authentication result.

  For example, the forced lock control unit 30 may be configured to accept only a forced lock release request from a communication operator.

  The forced lock control unit 30 may be configured to accept only a forced lock release request transmitted by a specific communication unit.

  For example, the forced lock control unit 30 is configured to accept only a forced lock release request transmitted by a specific communication means such as a serial interface of the terminal A, a forced lock release request input by a specific key operation, or the like. It may be.

(Operation of the function lock control device according to the first embodiment of the present invention)
With reference to FIGS. 3 to 8, the operation of the function control apparatus 20 according to the first embodiment of the present invention will be described.

  First, with reference to FIG. 3 and FIG. 4, an operation in which the function lock control device 20 according to the present embodiment performs locking on the peripheral device 12 in response to a lock control request received from an external server will be described. .

  As shown in FIG. 3, in step S1001, the session management unit 22 determines whether the received lock control request is a lock request or a lock release request.

  If the request is a lock request, in step S1002, the session management unit 22 associates the received lock request with the request source (lock request source B) of the lock request, and holds it in the lock state management table shown in FIG. .

  In such a case, the session management unit 22 specifically, in the lock state management table shown in FIG. 2, the peripheral device type specified in the received lock request (in the case of the peripheral device type of the first hierarchy, The lock state of the two-layer peripheral device type is set to “Set”, and the identifier of the request source specified in the lock request is added to the “request source list” corresponding to the peripheral device type. .

  On the other hand, if it is a lock release request, in step S1002, the session management unit 22 in the lock state management table shown in FIG. 2 specifies the peripheral device type (peripheral device type of the first layer) specified by the received lock release request. In this case, the association between the related second layer peripheral device type) and the request source of the lock release request (lock request source B) is deleted.

  In this case, the session management unit 22 specifically relates to the peripheral device type specified in the received unlock request in the lock state management table shown in FIG. The lock state of the second layer peripheral device type) is set to “No”, and the “request source list” corresponding to the peripheral device type is deleted.

  In step S1004, the function lock control device 20 performs a lock update procedure. Here, the lock update procedure will be described with reference to FIG.

  As shown in FIG. 4, when the lock update procedure is started, in step S2001, the lock state management unit 23 determines the peripherals specified by all “group types” and “individual types” on the lock state management table. The lock state of the device 12 is cleared.

  In step S2002, the lock state management unit 23 checks whether there is a lock request for the peripheral device 12 specified by the “group type”.

  If there is a lock request for the peripheral device 12 specified by the “group type” (step S2003), the operation proceeds to step S2004, and if there is no lock request for the peripheral device 12 specified by the “group type” (step S2003). In step S2003), the operation proceeds to step S2006.

  The lock state management unit 23 sets the lock state of the peripheral device 12 specified by the “group type” determined to have a lock request in step S2004 to “Set”, and then in step S2005, the “group” The lock state of the peripheral device 12 specified by “individual type” belonging to “type” is set to “Set”.

  In step S2006, the lock state management unit 23 checks whether there is a lock request for the peripheral device 12 specified by “individual type”.

  When there is a lock request for the peripheral device 12 specified by at least one “individual type” (step S2007), the operation proceeds to step S2008, and the lock request for the peripheral device 12 specified by “individual type” is 1. If not found (step S2007), the operation proceeds to step S2009.

  In step S2008, the lock state management unit 23 sets the lock state of the peripheral device 12 specified by the “individual type” determined to have a lock request to “Set”.

  On the other hand, for the lock state of the peripheral device 12 specified by the “individual type” determined to have no lock request, “Set” is not set and remains cleared, and the lock is released Set as

  In the example of FIG. 2, since there is a lock request for the group type “camera group”, the lock status of the individual types “rear camera” and “front camera” belonging to the group type “camera group” is also set to “Set”. Has been.

  In step S2009, the state notification unit 28 sets the peripheral device type that identifies the peripheral device 12 and the execution schedule of the lock to the domain 2 before executing the lock on the peripheral device 12 that is determined to have a lock request. To the OS 70, middleware 60, and application 50.

  The OS 70, the middleware 60, and the application 50 use these notifications to suppress the occurrence of abnormal processing by terminating or unloading the application 50, the middleware 60, and the device driver that use the peripheral device 12. To do.

  The status notification unit 28 proceeds to step 2010 after receiving a confirmation response from the domain 2 or after a predetermined set time has elapsed.

  In step S2010, the control command output unit 24 generates a control command for the peripheral device access control apparatus 11A according to the lock state management table.

  In step S2011, the peripheral device access control management unit 25 issues such a control command to the peripheral device access control apparatus 11A. As a result, the peripheral device 12 from which the lock request is issued cannot be accessed from the domain 2.

  Second, referring to FIG. 5, the function lock control device 20 according to the present embodiment corresponds to the peripheral device type that identifies the peripheral device 12 when the removable peripheral device 12 is attached to the terminal A. An operation for locking the peripheral device 12 in accordance with the setting of the lock state to be performed will be described.

  As shown in FIG. 5, in step S3001, the function monitoring unit 26 detects that the detachable peripheral device 12 is attached.

  Here, the function monitoring unit 26 may detect the attachment of the peripheral device 12 based on the notification from the OS 40 of the domain 1, the OS 70 of the domain 2, the device drivers 41 and 71 of the peripheral device 12, Periodically, the mounting state of the peripheral device 12 may be monitored.

  In step S3002, the function management unit 21 adds a peripheral device type that identifies the peripheral device 12 attached to the terminal A to the lock state management table. For example, when a USB wireless LAN adapter is connected, the function management unit 21 adds the individual type “wireless LAN” to the group type “communication group”.

  In step S3003, the lock state management unit 23 sets the lock state corresponding to the individual type specifying the peripheral device 12 according to the lock state corresponding to the group type to which the individual type belongs.

  If the lock is released for the group type that identifies the attached peripheral device 12 (step S3004), this operation ends and the group type that identifies the attached peripheral device 12 is determined. On the other hand, if the lock is being performed (step S3004), the operation proceeds to step S3005.

  The operations in steps S3005 to S3008 are the same as the operations in steps S2009 to S2011 in FIG. 4 described above.

  Thirdly, with reference to FIG. 6, an operation of locking the peripheral device 12 when the terminal A including the function lock control device 20 according to the present embodiment is started will be described.

  As shown in FIG. 6, terminal A is activated in step S4001. Here, it is assumed that the function lock control device 20 is activated in the initialization sequence on the terminal A side when the terminal A is activated, such as when the terminal A is activated from the power-off state or when the terminal A is restarted by resetting the terminal A. To do.

  When activated, the function lock control device 20 performs the lock update procedure shown in FIG. 4 in step S4002.

  Fourthly, with reference to FIG. 7, an operation in which the function lock control device 20 according to the present embodiment performs unlocking on the peripheral device 12 when receiving a forced unlocking request will be described.

  As shown in FIG. 7, in step S5001, the compulsory lock control unit 30 receives a compulsory unlock request for requesting compulsory unlock, and whether the compulsory unlock request has been transmitted from the correct request source. Inspect for no.

  If the forced unlock request has been transmitted from the correct request source, the operation proceeds to step S5002. If the forced unlock request has not been transmitted from the correct request source, the operation ends. To do.

  In step S5002, the forced lock control unit 30 clears the request source list and the lock state corresponding to the peripheral device type specified by the forced lock release request on the lock state management table.

  In step S5003, the compulsory lock control unit 30 resets the lock states corresponding to the “group type” and “individual type” that specify the peripheral device 12 specified by the compulsory lock release request on the lock state management table ( To release.

  In step S <b> 5004, the state notification unit 28 determines the peripheral device type that identifies the peripheral device 12 and the execution schedule of the lock release, the OS 70 of the domain 2, and the middleware 60 before executing the unlocking of the peripheral device 12. Or the application 50 is notified.

  The OS 70, middleware 60, and application 50 use these notifications, and the application 50, middleware 60, and driver prepare to use the peripheral device 12.

  The status notification unit 28 proceeds to Step 5005 after receiving a confirmation response from the domain 2 or after a predetermined set time has elapsed.

  In step S5005, the control command output unit 24 generates a control command for the peripheral device access control apparatus 11A according to the lock state management table.

  In step S5006, the peripheral device access control management unit 25 issues such a control command to the peripheral device access control apparatus 11A. As a result, the peripheral device 12 for which the forced lock release request has been issued can be accessed from the domain 2.

  Fifth, with reference to FIG. 8, an operation when the function lock control device 20 according to the present embodiment receives a lock request with a time limit will be described.

  As shown in FIG. 8, in step S6001, the session management unit 22 is periodically activated, scans the request source list of the lock state management table, and determines whether there is a lock request whose time limit has passed. Inspect for.

  If there is a lock request for which the time limit has elapsed (step S6002), the operation proceeds to step S6003. If there is no lock request for which the time limit has elapsed (step S6002), the operation ends. To do.

  In step S6003, when there is a lock request for which the time limit has passed, the session management unit 22 deletes the identifier of the request source corresponding to the lock request from the request source list.

  Thereafter, in step S6004, the function lock control device 20 according to the present embodiment executes a lock update procedure shown in FIG.

(Operation and effect of the function lock control device according to the first embodiment of the present invention)
According to the function lock control device 20 according to the first embodiment of the present invention, since the function types that specify the functions of peripheral devices, applications, middleware, and the like are managed hierarchically, a specific peripheral device 12 (function When the lock control request (lock request or unlock request) is received, the lock control request can be applied to the peripheral devices 12 specified by the same peripheral device type at the same time.

  For example, according to the function lock control device 20 according to the first embodiment of the present invention, as shown in FIG. 2, when a lock control request for the peripheral device 12 specified by the group type “camera group” is received. Applies the lock control request without omission to a plurality of cameras (camera main camera, sub camera, etc.) specified by the individual types “rear camera” and “front camera” belonging to the group type “camera group” The lock control request can be applied without omission to a plurality of communication devices specified by the individual types “cellular”, “wireless LAN”, “Bluetooth (registered trademark)”, etc. belonging to the group type “communication group”. .

  Furthermore, according to the function lock control device 20 according to the first embodiment of the present invention, when the lock control request for the software specified by the group type “position information acquisition function group” is received, the group type “position” The lock control request can be applied without omission to a plurality of positioning functions specified by the individual types “GPS”, “NW base positioning function”, and “WiFI base positioning function” belonging to the “information acquisition function group”.

  Furthermore, according to the function lock control device 20 according to the first embodiment of the present invention, even when a lock control request for a specific function from a plurality of lock request sources B is received, Since the lock request source B that is the request source can be managed, the lock state of the peripheral device 12 can be set correctly.

  According to the function lock control device 20 according to the first embodiment of the present invention, even when the terminal A is restarted, the lock state of each peripheral device 12 can be correctly reflected.

  According to the function lock control device 20 according to the first embodiment of the present invention, the operating system (OS) 70 or the middleware 60 that has received the notification from the state notification unit 28 has functions such as a specific peripheral device 12 and software. It is possible to prevent the abnormal operation from occurring by terminating the application 50 that uses.

  According to the function lock control device 20 according to the first embodiment of the present invention, whether the application 50, the middleware 60, and the OS 70 have the functions of the specific peripheral device 12 and software locked (not available), Alternatively, it is possible to know whether the function of a specific peripheral device 12 or software is available, and whether the function of the peripheral device 12 or software is locked, or the peripheral device 12 or software, etc. It is possible to identify whether the function is abnormal.

  According to the function lock control device 20 according to the first embodiment of the present invention, the timing at which the peripheral device 12 is attached to the terminal A (or software such as a specific application, middleware, or device driver is incorporated in the terminal. At the timing, the lock state of the peripheral device 12 (or the software such as the application, middleware, or device driver) can be reflected immediately.

  According to the function lock control device 20 according to the first embodiment of the present invention, even if the lock request source B cannot correctly release the locked state due to a failure or the like, The lock on the function can be released.

  According to the function lock control device 20 according to the first embodiment of the present invention, the lock from the lock request source B such as when the terminal A is out of the communication service range or when a failure occurs in the lock request source B. Even when the release request cannot be accepted, the lock on the specific function can be safely released, and convenience and availability can be provided to the user.

(Second Embodiment)
A function lock control device 20 according to a second embodiment of the present invention will be described with reference to FIGS. Hereinafter, the function lock control device 20 according to the second embodiment of the present invention will be described by paying attention to differences from the function lock control device 20 according to the first embodiment described above.

  In the present embodiment, the terminal A includes only one domain (domain 1), and includes a software-based access control device 11B.

  The access control device 11B accepts an API (Application Programming Interface) or system call that is called by an application or middleware, determines whether the access is possible, accepts the call if it is accessible, and accepts the call if it is not accessible. It is a device to refuse. An example of such an access control device 11B is a Java (registered trademark) sandbox.

  The access control device 11B may determine whether or not access is possible according to the type of the caller application or middleware in determining whether or not access is possible.

  For example, the access control device 11B is configured to allow access to “trusted applications” that have been digitally signed or installed, and to block other applications. It may be.

  In FIG. 9, the access control apparatus 11B is arranged outside the OS 40, but may be incorporated in the OS 40, or may be implemented as the device driver 41, middleware 60A, or application 50A. The form does not matter.

  As shown in FIG. 9, the function lock control device 20 according to the present embodiment is arranged in the same domain (domain 1) as the application and middleware.

  The function lock control device 20 according to the present embodiment receives a lock control request from an external server, an application in the domain 1, middleware, or an OS, and controls the access control device 11B according to the received lock control request. Thus, it is configured to lock or unlock functions such as the peripheral device 12, the application, middleware, and software provided by the OS.

  For example, in the present embodiment, the function management unit 21 uses the lock state management table shown in FIG. 12 as a software type for identifying software, such as “media player group” and “position information acquisition function group”. "Type (first-layer software type, higher-level software type)", "music player", "video player", "image viewer", "GPS", "NW-based positioning function", and "WiFi-based positioning function" And so on, “individual types (second layer software type belonging to first layer software type, lower level software type) are managed.

  Note that the status notification unit 28 in the function lock control device 20 according to the present embodiment has the peripheral device 12 specified by a certain peripheral device type before the access control device management unit 25 transmits the control command described above. Before the lock for the software specified by a certain software type is executed), the fact that the lock state of the functions of the peripheral device 12 and the software etc. is updated (the lock is scheduled to be executed) is indicated externally (the OS 40 and middleware 60A of the domain 1). And the application 50A, etc.).

  As a result, the OS 40, the middleware 60A, the application 50A, etc. of the domain 1 use these notifications to suppress the occurrence of abnormal processing by stopping the use of the functions of the peripheral device 12, software, etc. Can do.

  In addition, after the access control device management unit 25 issues the above-described control command to the peripheral device access control device 11B, the access control device 11B is not responsible for the functions of the peripheral device 12 and software for which the lock request has been issued. The domain 1 middleware 60A and application 50A are inaccessible except the domain 1 application 50A and middleware 60A.

(Third embodiment)
A function lock control device 20 according to a third embodiment of the present invention will be described with reference to FIG. Hereinafter, the function lock control device 20 according to the third embodiment of the present invention will be described by paying attention to differences from the function lock control device 20 according to the first embodiment described above.

  In the present embodiment, the terminal A includes two domains, and includes a software-based peripheral device access control apparatus 11C.

  As shown in FIG. 10, in this embodiment, the peripheral device 12 can be directly accessed only from the back-end device driver 41 </ b> A in the domain 1.

  Further, when accessing the peripheral device 12 from the domain 2, it is assumed that the back-end device driver 41 </ b> A in the domain 1 is accessed indirectly through the front-end device driver 71 </ b> A in the domain 2.

  The function lock control device 20 according to the present embodiment is arranged in the domain 1, receives a lock control request from an external server (lock request source B), the application 50, the middleware 60, and the OS 70 in the domain 2, and receives the received lock. The peripheral device 12 is locked to the domain 2 by controlling the peripheral device access control apparatus 11C in response to the control request.

  In FIG. 10, the peripheral device access control apparatus 11C is arranged inside the OS 40, but it may be mounted as a device driver, middleware, or application, and the mounting form is not limited.

  The peripheral device access control apparatus 11C controls whether or not the application 50 or middleware 60 in the domain 2 can access the peripheral device 12 by controlling whether or not the access request from the front end device 71A in the domain 2 can be accepted. To do.

(Fourth embodiment)
With reference to FIG.11 and FIG.12, the function lock control apparatus 20 which concerns on the 4th Embodiment of this invention is demonstrated. Hereinafter, the function lock control device 20 according to the fourth embodiment of the present invention will be described by focusing on differences from the function lock control device 20 according to the first embodiment described above.

  As shown in FIG. 11, the terminal A having the function lock control device 20 according to the present embodiment includes a secure domain (domain 1) and a non-secure domain (domain 2) as in the first embodiment. These two domains are provided.

  Further, the terminal A is provided with a software-based access control device 40C (a kind of function access control device) instead of the hardware-based peripheral device access control device 11A in the first embodiment. .

  The access control device 40C is an apparatus that accepts an API or a system call that is called by an application or middleware, determines whether the access is possible, accepts the call if the access is possible, and rejects the call if the access is not possible. . An example of such an access control device 40C is a Java (registered trademark) sandbox.

  Specifically, the function lock control device 20 is disposed in the domain 1 of the terminal A, receives a lock control request from an external server, a lock request source B such as the domain 2, and controls the access control device 40C. The application 40A and the middleware 40B for the domain 2 are configured to lock and unlock the use of software provided by the middleware 40B.

  In the example of FIG. 11, the access control device 40C is arranged outside the OS 40, but may be incorporated in the OS 40, or may be implemented as software such as middleware or an application. It doesn't matter.

  In the present embodiment, the function management unit 21 hierarchically classifies software types that specify software such as the application 40A and middleware 40B incorporated in the terminal A as function types that specify functions that can be used in the terminal A. Is configured to manage.

  In the present embodiment, a lock scenario when using the domain 1 application 40A and middleware 40B from the domain 2 application 50, middleware 60, and OS 70 will be described.

  For example, in the present embodiment, the function management unit 21 uses the lock state management table shown in FIG. 12 as the software type, such as “media player group” and “location information acquisition function group”, such as “group type (first Layered software type, higher-level software type) and “individual” such as “music player”, “video player”, “image viewer”, “GPS”, “NW base positioning function”, “WiFi base positioning function”, etc. It is configured to manage two types (second layer software type belonging to first layer software type, lower level software type).

  In the example of FIG. 12, two levels of “group type” and “individual type” are illustrated as the hierarchical structure, but the function management unit 21 manages the software type by a more detailed hierarchical structure. It may be configured as follows. One software type may be configured to belong to a plurality of higher-level software types.

  Note that the state notification unit 28 in the function lock control device 20 according to the present embodiment is configured so that the access control device management unit 25 transmits the above-described control command (that is, software (application 40A specified by a certain software type). Or before executing the lock on the middleware 40B), the fact that the lock state of the software is to be updated (scheduled to be executed) is externally (the OS 40 or middleware 40B or application 40A of the domain 1 or the OS 70 or application of the domain 2). 50, middleware 60, etc.).

  As a result, the OS 40, middleware 40B, application 40A of the domain 1 and the OS 70, middleware 60, application 50, etc. of the domain 2 use these notifications to stop using the software. Occurrence can be suppressed.

  In addition, after the access control device management unit 25 issues the above-described control command to the access control device 40C, the software for which the lock request is issued becomes inaccessible from the OS 70, middleware 60, and application 50 in the domain 2. .

  Further, after the access control device management unit 25 issues the above-described control command to the access control device 40C, the software for which the lock request has been issued cannot be accessed from the OS 40, middleware 40B, or application 40A in the domain 1. Good.

(Fifth embodiment)
With reference to FIG.12 and FIG.13, the function lock control apparatus 20 which concerns on the 5th Embodiment of this invention is demonstrated. Hereinafter, the function lock control device 20 according to the fifth embodiment of the present invention will be described by paying attention to differences from the function lock control device 20 according to the above-described first embodiment.

  As shown in FIG. 13, the terminal A having the function lock control device 20 according to the present embodiment includes a secure domain (domain 1) and a non-secure domain (domain 2), as in the first embodiment. These two domains are provided.

  In addition, the terminal A is provided with a software-based access control device 80 (a kind of function access control device) instead of the hardware-based peripheral device access control device 11A in the first embodiment. .

  The access control apparatus 80 is an apparatus that accepts an API or system call that is called by an application or middleware, determines whether or not the access is possible, accepts the call if the access is possible, and rejects the call if the access is not possible. . An example of such an access control device 80 is a Java (registered trademark) sandbox.

  Specifically, the function lock control device 20 is arranged in the domain 1 of the terminal A, receives a lock control request from the lock request source B such as an external server or the domain 2, and controls the access control device 80. The domain 50 application 50 and middleware 60 are configured to lock and unlock the use of software provided by the domain 2 application 50, middleware 60, and OS 70.

  In the example of FIG. 13, the access control device 80 is disposed outside the OS 70, but may be incorporated in the OS 70 or may be implemented as software such as the middleware 60 or the application 50. The form does not matter.

  In the present embodiment, the function management unit 21 determines the hierarchy of software types that specify software such as the application 50, middleware 60, and OS 70 incorporated in the terminal A as function types that specify functions that can be used in the terminal A. Is configured to manage automatically.

  For example, in the present embodiment, the function management unit 21 uses the lock state management table shown in FIG. 12 as the software type, such as “media player group” and “location information acquisition function group”, such as “group type (first Layered software type, higher-level software type) and “individual” such as “music player”, “video player”, “image viewer”, “GPS”, “NW base positioning function”, “WiFi base positioning function”, etc. It is configured to manage two types (second layer software type belonging to first layer software type, lower level software type).

  In the example of FIG. 12, two levels of “group type” and “individual type” are illustrated as the hierarchical structure, but the function management unit 21 manages the software type by a more detailed hierarchical structure. It may be configured as follows. One software type may be configured to belong to a plurality of higher-level software types.

  It should be noted that the status notification unit 28 in the function lock control device 20 according to the present embodiment is the software (application 50 specified by a certain software type) before the above-described control command is transmitted by the access control device management unit 25. Alternatively, before the lock on the middleware 60) is executed, the fact that the lock state of the software is to be updated (lock execution schedule) is notified to the outside (the OS 70 of the domain 2, the middleware 60, the application 50, etc.). Has been.

  As a result, the OS 2, middleware 60, application 50, etc. of the domain 2 can suppress the occurrence of abnormal processing by using these notifications and canceling the use of the software.

  In addition, after the access control device management unit 25 issues the above-described control command to the access control device 80, the software for which the lock request is issued is the domain 2 application 50 or middleware that the access control device 80 makes an exception. With the exception of 60, access from the middleware 60 and the application 50 in the domain 2 becomes impossible.

  Although the present invention has been described in detail using the above-described embodiments, it is obvious to those skilled in the art that the present invention is not limited to the embodiments described in this specification. The present invention can be implemented as modified and changed modes without departing from the spirit and scope of the present invention defined by the description of the scope of claims. Accordingly, the description of the present specification is for illustrative purposes and does not have any limiting meaning to the present invention.

It is a functional block diagram of the function lock control device concerning a 1st embodiment of the present invention. It is a figure which shows an example of the lock state management table used with the function lock control apparatus which concerns on the 1st Embodiment of this invention. It is a flowchart which shows operation | movement when the function lock control apparatus which concerns on the 1st Embodiment of this invention receives a lock control request | requirement. It is a flowchart which shows the lock update procedure in the function lock control apparatus which concerns on the 1st Embodiment of this invention. It is a flowchart which shows operation | movement when the function lock control apparatus which concerns on the 1st Embodiment of this invention detects mounting | wearing of a peripheral device. It is a flowchart which shows the operation | movement at the time of starting of the terminal which comprises the function lock control apparatus which concerns on the 1st Embodiment of this invention. It is a flowchart which shows operation | movement at the time of the function lock control apparatus which concerns on the 1st Embodiment of this invention receiving a forced lock release request | requirement. It is a flowchart which shows operation | movement when the function lock control apparatus which concerns on the 1st Embodiment of this invention receives the lock request | requirement with a time limit. It is a functional block diagram of the function lock control apparatus which concerns on the 2nd Embodiment of this invention. It is a functional block diagram of the function lock control apparatus which concerns on the 3rd Embodiment of this invention. It is a functional block diagram of the function lock control apparatus which concerns on the 4th Embodiment of this invention. It is a figure which shows an example of the lock state management table used with the function lock control apparatus which concerns on the 4th Embodiment of this invention. It is a functional block diagram of the function lock control apparatus which concerns on the 5th Embodiment of this invention. It is a figure for demonstrating the terminal which comprises the conventional peripheral device control apparatus.

Explanation of symbols

A ... Terminal B ... Lock request source 10 ... Hardware 11A, 11C ... Peripheral device access control device 11B, 40B, 80 ... Access control device 12 ... Peripheral device 20 ... Function lock control device 21 ... Function management unit 22 ... Session management unit 23 ... Lock state management unit 24 ... Control command output unit 25 ... Access control device management unit 26 ... Function monitoring unit 28 ... State notification unit 29 ... State response unit 30 ... Forced lock control unit 40, 40C, 70 ... OS
41, 71 ... Device driver 41A ... Back-end device driver 40A, 50, 50A ... Application 40B, 60, 60A ... Middleware 71A ... Front-end device driver

Claims (9)

A function lock control device that is provided in a terminal having a secure domain and a non-secure domain, and that controls functions available in the terminal,
A function management unit configured to hierarchically manage the function type that identifies the function; and
A lock control request for updating a lock state indicating whether or not access to the function from the non-secure domain is restricted and a request source of the lock control request are associated with each other and managed. A session manager,
A lock state management unit configured to manage a lock state of the function specified by the function type in each layer;
A control command output unit configured to generate a control command for a function access control device that restricts access to the function according to the lock state;
An access control device management unit configured to transmit the control command generated by the control command output unit to the functional access control device;
When the lock state management unit receives the lock control request for the function specified by the function type of the first layer, the lock state management unit updates the lock state of the function specified by the function type of the first layer, and A function lock control device configured to update a lock state of a function specified by a function type of the second hierarchy belonging to the function class of the first hierarchy. The lock state management unit is configured to hold the lock state in a permanent storage,
The control command output unit is configured to generate the control command according to a lock state of the function managed by the lock state management unit when the terminal is activated. Item 4. The function lock control device according to Item 1.   The system according to claim 1, further comprising a state notification unit configured to notify the outside that the lock state of the function is to be updated before the control command is transmitted by the access control device management unit. 3. The function lock control device according to 1 or 2.   4. The function lock control device according to claim 1, further comprising a state response unit configured to respond to an inquiry about the lock state of the function from the outside. 5. Comprising a function monitoring unit configured to detect that the function is available in the terminal;
When the control command output unit detects that the function is available in the terminal, the control command output unit generates the control command according to the lock state of the function managed by the lock state management unit. The function lock control device according to claim 1, wherein the function lock control device is configured as described above.   When a forcible lock release request for forcibly requesting the release of the access restriction to the function from the non-secure domain is received, a lock control request for the function managed by the session management unit and a lock control for the function 6. The function lock control device according to claim 1, further comprising a compulsory lock control unit configured to delete the association of the request with the request source.   When the time limit included in the received lock control request for the function has elapsed, the session management unit deletes the association between the lock control request for the function and the request source of the lock control request for the function The function lock control device according to claim 1, wherein the function lock control device is configured.   The function lock control apparatus according to claim 1, wherein the function is a peripheral device connected to the terminal or software embedded in the terminal. A function lock control method for controlling functions available in a terminal having a secure domain and a non-secure domain,
Steps for hierarchical management of the function types that identify the functions;
A process of associating and managing a lock control request for updating a lock state indicating whether or not access to the function from the non-secure domain is restricted, and a request source of the lock control request;
Managing the lock state of the function specified by the function type in each layer;
Generating a control command for a function access control device that restricts access to the function according to the lock state;
A step of transmitting the control command generated by the control command output unit to the function access control device;
In the step of managing the lock state, when the lock control request for the function specified by the function type of the first layer is received, the lock state of the function specified by the function type of the first layer is updated, A function lock control method, comprising: updating a lock state of a function specified by a function type of a second layer belonging to the function type of the first layer.

Images