JP4102639B2 - Communication terminal, program and recording medium - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a technique for controlling execution of an application program that can use data unique to an individual.
[0002]
[Prior art]
In recent years, Java (registered trademark) application software that can be executed by a mobile phone is widely distributed from a WWW (World Wide Web) server connected to the Internet. The Java application software includes a JAR (Java Archive) file including a program created using the Java programming language, and an ADF (Application Descriptor File) describing data related to the JAR file. When a user of a mobile phone downloads the above file to the mobile phone and instructs the mobile phone to execute Java application software, a Java application (hereinafter referred to as Java-AP) is realized on the mobile phone. Various functions are added to the mobile phone.
[0003]
A user of a mobile phone can download desired software from a large number of WWW servers connected to the Internet and add a desired function to the mobile phone. However, if any function can be added, for example, data stored in the mobile phone is destroyed by malicious software, or data specific to an individual stored in the mobile phone (hereinafter referred to as an individual). Data) may be leaked outside the mobile phone against the user's intention.
[0004]
Therefore, a mobile phone capable of executing the Java-AP software is designed to limit the behavior of the Java-AP realized by executing the Java-AP software. For example, the storage area that can be used by Java-AP is limited to a specific storage area different from the storage area in which personal data is stored. Further, the Java-AP that performs communication can communicate only with the server that has distributed the Java-AP software. Furthermore, in the mobile phone, when the Java-AP communicates with the server that provides the Java-AP software, the user is inquired about whether or not the communication is permitted, and the communication is performed only when the communication is permitted. Only Java-AP is allowed.
[0005]
A technique for limiting the execution of Java-AP software is known (for example, see Patent Document 1). Japanese Patent Application Laid-Open No. 2004-133867 inquires of the user as to whether or not to permit execution of the program, and describes that the program is executed only when the user has permission.
[0006]
[Patent Document 1]
JP 2001-117769 A
[0007]
[Problems to be solved by the invention]
By the way, as a provider that provides Java-AP software that communicates with a distribution-source WWW server, it may be desired to identify a Java-AP user that is communicating with the server. However, since the conventional Java-AP can use only a specific storage area, personal data such as identification data for identifying the user of the Java-AP is notified from the user to the Java-AP, The identification data notified is transmitted to the server of the Java-AP software provider. However, it is troublesome for the user that the user notifies the Java-AP of the identification data every time the Java-AP transmits the identification data.
[0008]
In order to avoid the trouble of the user, it may be possible to use a specification that allows the identification data notified by the user to be written in a specific storage area for Java-AP. In this case, however, the identification data notified by the user is specified. After that, the Java-AP can transmit data for identifying the user to the server without requiring the user's notification. If the user wishes to always transmit data for identifying the user, such a specification is not a problem. However, in the case of a user who does not, data such as a result contrary to the user's intention can be obtained. turn into.
[0009]
The present invention has been made in view of the above-described circumstances, and prevents a communication terminal user's personal data from being transmitted from the communication terminal without the user's permission. , It is an object to provide a program and a recording medium.
[0010]
[Means for Solving the Problems]
In order to solve the above-described problems, the present invention provides a first storage unit that stores a program, an execution unit that executes a program stored in the first storage unit, and the execution unit executes the program. Second storage means for storing data read and written by an application realized by Descriptor that can include transmission function information indicating information indicating the characteristics of the program and indicating that the program has a function of transmitting the data An instruction input means for inputting a user's instruction in a communication terminal having a third storage means for storing information and a transmitting means for transmitting the data to an external device by the application, and executing the program When an instruction to do so is input by the instruction input unit, the third storage unit stores the Existence of transmission function information in descriptor information Based on the above, it is determined whether or not the program instructed to execute is a program that can acquire the data and transmit it to an external device, and if it is determined that the program can be transmitted, the execution of the program is permitted Execution of the program by the execution means only when the first confirmation means for prompting the user to input an instruction indicating whether or not to execute and an instruction to permit execution are input by the instruction input means And a communication terminal characterized by having an execution permission means for permitting the above.
The present invention also provides a download unit that downloads data from a server device, a first storage unit that stores a program, an execution unit that executes a program stored in the first storage unit, and the execution unit that is a program. In a communication terminal having a second storage means for storing data read / written by an application realized by executing and a transmission means for the application to transmit data to an external device, a user instruction When the instruction input means for inputting the instruction and the instruction to download the program are input by the instruction input means, Descriptor that can include transmission function information indicating information indicating the characteristics of the program and indicating that the program has a function of transmitting the data The information was downloaded by the download means and downloaded Presence / absence of transmission function information in the descriptor information Based on the above, it is determined whether the program instructed to download is a program that can acquire the data and transmit it to an external device. If it is determined that the program can be transmitted, the program is permitted to be downloaded. Download confirmation means that prompts the user to input an instruction indicating whether or not to download, and the download of the program by the download means is permitted only when an instruction to permit download is input by the instruction input means There is provided a communication terminal characterized by having download permission means.
[0011]
The present invention also includes a first storage unit that stores a program, an execution unit that executes a program stored in the first storage unit, and an application that is realized by executing the program by the execution unit. Second storage means for storing data to be read and written; Descriptor that can include transmission function information indicating information indicating the characteristics of the program and indicating that the program has a function of transmitting the data An instruction input means for inputting a user's instruction, and a computer program having a third storage means for storing information and a transmission means for transmitting the data by the application to an external device, and executing the program When an instruction to do so is input by the instruction input unit, the third storage unit stores the Existence of transmission function information in descriptor information Based on the above, it is determined whether or not the program instructed to execute is a program that can acquire the data and transmit it to an external device, and if it is determined that the program can be transmitted, the execution of the program is permitted Execution of the program by the execution means only when the first confirmation means for prompting the user to input an instruction indicating whether or not to execute and an instruction to permit execution are input by the instruction input means And a computer-readable recording medium on which the program is recorded are provided.
[0013]
According to the present invention, the communication terminal is configured such that when an instruction to execute a program for realizing an application that can acquire and transmit personal data of the user to an external device is input from the user, The user is prompted to input an instruction indicating whether or not execution of the program is permitted, and the execution of the program is permitted only when an instruction to permit the execution of the program is input by the user.
[0014]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments according to the present invention will be described below with reference to the drawings.
[0015]
[1. Configuration of Embodiment]
[1-1. overall structure]
FIG. 1 is a diagram illustrating the overall configuration of a communication system 10 according to the present invention. The communication system 10 includes a large number of mobile phones and Java-AP software distribution servers, but only one mobile phone 400 and one Java-AP software distribution server 100 are shown to prevent the drawing from becoming complicated. ing.
[0016]
The Java-AP software distribution server 100 is a server that is operated by an operator that distributes the Java-AP software to the mobile phone 400. The Java-AP software distribution server 100 can perform packet communication and is connected to the Internet 200. The Java-AP software distribution server 100 has the same function as that of a general WWW server, such as communication according to HTTP (HyperText Transfer Protocol), and the domain name is “www.abc.co”. .jp ". The Java-AP software distribution server 100 distributes software for realizing Java-AP that displays stock price information, and provides a service for providing stock price information to the mobile phone 400 that has downloaded the software.
[0017]
The mobile packet communication network 300 is a communication network that provides a mobile data communication service. The mobile packet communication network 300 is connected to a radio base station that performs radio communication with a mobile phone 400 owned by a person who has made a subscriber contract with a communication carrier that operates the mobile packet communication network 300, and to the radio base station. And a gateway exchange connected to the exchange. The mobile packet communication network 300 includes a gateway server for relaying communication performed between the gateway exchange and the Internet 200 (all not shown). The mobile packet communication network 300 is a Java-AP software connected to the mobile phone 400 accommodated in the mobile packet communication network 300 and the Internet 200 using the above-described apparatus installed in the mobile packet communication network 300. The packet communication performed with a WWW server such as the distribution server 100 is relayed.
[0018]
The mobile phone 400 is a mobile phone owned by a user (not shown) and can receive a mobile data communication service provided by the mobile packet communication network 300. The cellular phone 400 has a packet communication function, and performs packet communication with a WWW server such as the Java-AP software distribution server 100 connected to the Internet 200 via the mobile packet communication network 300 and the Internet 200. It can be performed.
[0019]
[1-2. Configuration of Java-AP software distribution server]
[1-2-1. Hardware configuration]
FIG. 2 is a block diagram illustrating a hardware configuration of the Java-AP software distribution server 100. As shown in FIG. 2, each part of the Java-AP software distribution server 100 is connected to a bus 101, and data is exchanged between each part via the bus 101.
[0020]
The communication unit 102 is a communication interface for performing communication using the Internet 200, and is connected to the Internet 200. The operation unit 103 is used to input an instruction for operating the Java-AP software distribution server 100, and includes a keyboard and a mouse (not shown). When the operation unit 103 is operated by the user of the Java-AP software distribution server 100, the operation unit 103 outputs a signal indicating the operation content of the user to the CPU. The display unit 104 includes a liquid crystal display panel (not shown) and a control circuit that performs display control of the liquid crystal display panel, and operates characters, graphic screens, and the Java-AP software distribution server 100 under the control of the CPU 108. Display a menu screen or the like.
[0021]
The storage unit 105 includes a device (not shown) that permanently stores data, such as a hard disk device. The storage unit 105 stores a server program for causing the Java-AP software distribution server 100 to function as a general WWW server, such as a data transmission / reception function based on HTTP. Further, the storage unit 105 includes a JAR (Java Archive) file 105C containing a program created using the Java programming language, an ADF (Application Descriptor File) 105B describing data related to the JAR file, and the JAR file 105C. And an explanation file 105A for explaining the contents of the Java-AP software comprising the ADF 105B to the user of the mobile phone as the client. Further, the storage unit 105 includes a Java-AP user table 105D for providing a service for providing stock price information to a device that has downloaded the Java-AP software distributed by the Java-AP software distribution server 100. The stock price information table 105E is stored. The stock price information table 105E is a table in which the stock prices of listed companies are stored. As illustrated in FIG. 3, the stock name of each stock and the stock price of each brand are stored in association with each other. The Java-AP user table 105D will be described later.
[0022]
A ROM (Read Only Memory) 106 stores an IPL (Initial Program Loader). When the user of the Java-AP software distribution server 100 turns on the power of the Java-AP software distribution server 100, the CPU 108 uses the RAM (Random Access Memory) 107 as a work area, reads the IPL from the ROM 106, and the CPU 108 and Java -Initialize each part of the AP software distribution server 100. When the initialization is completed, the CPU 108 reads the server program from the storage unit 105 and executes it.
[0023]
[1-2-2. Explanation file, ADF, JAR file]
As illustrated in FIG. 4, the explanation file 105A is described in CTMML (Compact HyperText Markup Language), which is one of the markup languages, and the URL is “http://www.abc.co.jp/java”. /kabuka.html ". When the explanation file 105A is interpreted by a WWW browser capable of interpreting CHTML, a page P01 introducing Java-AP software provided by the Java-AP software distribution server 100 is displayed as shown in FIG. On this page P01, a hyperlink P01A for downloading Java-AP software provided by the Java-AP software distribution server 100 is displayed.
[0024]
In the explanation file 105A, an A tag and an OBJECT tag are used to download Java-AP software to a mobile phone serving as a client. The A tag is a tag for displaying a hyperlink on the page. When the explanation file 105A shown in FIG. 4 is interpreted by the WWW browser, the description between “<A” and “/ A>” is displayed on the page P01 as a hyperlink P01A. The ijam attribute described in the A tag is an attribute for referring to the OBJECT tag when the hyperlink displayed by the A tag is clicked. The OBJECT tag is a tag used to specify the ADF of the Java-AP software. The data attribute is for designating a URL indicating the storage location of the ADF of the Java-AP software. In the explanation file 105A, the URL “http://www.abc.co.jp/java/kabuka. jam "is described.
[0025]
From the Java-AP software distribution server 100, software for realizing Java-AP with the name "stock price information" (hereinafter referred to as stock price information AP) is distributed. When this stock price information AP software is executed by a mobile phone as a client, stock price information of a brand designated by the user of the stock price information AP is acquired from the Java-AP software distribution server 100 that has distributed the stock price information AP software. It has a function to display.
[0026]
The JAR file 105C is a file in which class files and resource files necessary for realizing Java-AP are combined into one, and is used when distributing software created using the Java language. In the JAR file 105C, class files and resource files necessary for realizing the stock price information AP described above are stored.
[0027]
The ADF 105B is a text file in which data related to the Java-AP realized by the JAR file 105C paired with the ADF 105B and the class file and resource file stored in the JAR file 105C are described. As data related to Java-AP, for example, as shown in FIG. 6, a PackageURL (http://www.abc) indicating the file size of the JAR file 105C paired with the ADF 105B and the location where the JAR file 105C is stored. .co.jp / java / kabuka.jar). When the Java-AP is a Java-AP having a function of transmitting a terminal identifier, which is one of personal data stored in the mobile phone serving as a client, to the outside of the mobile phone, the ADF 105B Describes “UsePersonal = utn”, which is an attribute indicating the fact. When the stock price information AP realized by the stock price information AP software distributed by the Java-AP software distribution server 100 is executed by the mobile phone serving as the client, a terminal identifier that is personal data of the mobile phone serving as the client is transmitted from the mobile phone. Therefore, “UsePersonal = utn” is described in the ADF 105B.
[0028]
[1-2-3. File distribution]
The Java-AP software distribution server 100 transmits the explanation file 105A, the ADF 105B, and the JAR file 105C to the mobile phone serving as the client in response to the HTTP request from the mobile phone serving as the client.
[0029]
When the Java-AP software distribution server 100 receives an HTTP request using the GET method using the URL of the description file 105A as a parameter, the Java-AP software distribution server 100 reads the description file 105A from the storage unit 105. When the Java-AP software distribution server 100 reads the explanation file 105A, the Java-AP software distribution server 100 generates an HTTP response that includes the read explanation file 105A, and transmits this HTTP response to the mobile phone that is the client that has transmitted the HTTP request.
[0030]
When the URL that is the parameter of the GET method is the URL of the ADF 105B, the read ADF 105B is read from the storage unit 105 and the read ADF 105B is transmitted to the mobile phone 400 as in the case of the explanation file 105A. When the URL that is the parameter of the GET method is the URL of the JAR file 105C, the JAR file 105C is read from the storage unit 105 and read to the mobile phone as the client, as in the case of the explanation file 105A. 105C is transmitted.
[0031]
[1-2-4. Distribution of stock price information]
The server program stored in the ROM 106 has a function of communicating with a mobile phone serving as a client executing the stock price information AP and transmitting stock price information to the mobile phone serving as a client.
[0032]
When the stock price information AP is executed by the mobile phone serving as the client and the user of the stock price information AP performs an operation of registering the stock price information desired by the user, the name of the brand that the user wishes to register from the mobile phone serving as the client And the terminal identifier of the mobile phone serving as the client are transmitted to the Java-AP software distribution server 100.
[0033]
When the CPU 108 of the Java-AP software distribution server 100 receives a registration request that includes the brand name of the stock price information desired by the user and the terminal identifier transmitted from the mobile phone 400 executing the stock price information AP, the CPU 108 receives the registration request. The associated terminal identifier and company name are stored in the Java-AP user table 105D in association with each other. The Java-AP user table 105D is a table for managing the users of the stock price information AP. As illustrated in FIG. 7, the terminal identifier of the mobile phone transmitted from the mobile phone 400 and the user's desired The brand name of the stock price information is associated with the company name.
[0034]
When the stock price information AP is executed by the mobile phone serving as the client and an operation for obtaining stock price information of the brand registered by the user of the stock price information AP is performed, the terminal identifier of the mobile phone serving as the client is transmitted from the mobile phone serving as the client. Is transmitted to the Java-AP software distribution server 100.
[0035]
When the CPU 108 of the Java-AP software distribution server 100 receives a stock price information acquisition request including a terminal identifier, transmitted from a mobile phone serving as a client on which the stock price information AP is executed, the CPU 108 includes the stock price information acquisition request. The Java-AP user table 105D stored in the storage unit 105 is searched using the terminal identifier as a key. When the CPU 108 finds the corresponding terminal identifier from the Java-AP user table 105D, it reads the brand name stored in association with the terminal identifier. Next, the CPU 108 searches the stock price information table 105E using the read brand name as a key, and reads the stock price information stored in association with the brand name from the stock price information table 105E. Next, the CPU 108 generates a stock price information response including the read stock price information, and transmits the generated response to the mobile phone serving as the client identified by the terminal identifier.
[0036]
[1-3. Configuration of mobile phone]
FIG. 8 is a block diagram illustrating a hardware configuration of the mobile phone 400. As shown in FIG. 8, each unit of the mobile phone 400 except the antenna 403 is connected to a bus 401, and data is exchanged between the units via the bus 401.
[0037]
The communication unit 402 includes an antenna 403 and performs wireless communication with a wireless base station installed in the mobile packet communication network 300 under the control of the CPU 409. The operation unit 404 has a plurality of keys for inputting a numeric keypad (not shown) and operation instructions. When the user of the mobile phone 400 operates the operation unit 404, a signal indicating the operation content is output from the operation unit 404 to the CPU 409 according to the user's operation. The display unit 405 includes, for example, a liquid crystal display panel (not shown) and a control circuit that performs display control of the liquid crystal display panel. Under the control of the CPU 409, a menu for operating characters and graphic screens and the mobile phone 400 is displayed. Display the screen on the LCD. The non-volatile memory 406 stores data for controlling the mobile phone 400 and ADF and JAR files downloaded from a server that distributes Java-AP software.
[0038]
Various programs executed by the CPU 409 are stored in the ROM 407. For example, the OS (Operating System) software for controlling the entire IPL and the mobile phone 400, WWW browser software capable of interpreting CHTML, and the mobile phone 400 are used. Java execution environment software for executing Java-AP software is stored. The ROM 407 stores a terminal identifier “MS0001” that is an identifier for uniquely identifying the mobile phone 400. The RAM 408 is used as a work area for the CPU 409, and temporarily stores data used by a program executed by the CPU 409.
[0039]
When the mobile phone 400 is turned on, the CPU 409 reads and executes the IPL from the ROM 407 when the power is turned on, and initializes each part of the CPU 409 and the mobile phone 400. When the initialization is completed, the CPU 409 reads the OS software from the ROM 407 and executes it. When the user of the mobile phone 400 operates the operation unit 404, the CPU 409 executing the OS software displays a signal output from the operation unit 404 and a screen displayed on the display unit 404 according to the user's operation. Based on the user's instruction, a process corresponding to the user's instruction is performed.
[0040]
[1-3-1. Description of Java execution environment]
FIG. 9 is a diagram illustrating a configuration of a Java-AP execution environment in the mobile phone 400.
[0041]
The JAR storage is a storage area for storing the JAR file 105C, and is secured in the nonvolatile memory 406 by a JAM (Java Application Manager). The scratch pad is a storage area for storing persistent data (data that is retained even after the application ends), and is secured in the nonvolatile memory 406. The scratch pad is secured in the non-volatile memory 406 for each Java-AP by JAM.
[0042]
JAM manages Java-AP software. JAM displays the list of Java-AP software that is stored in the JAR storage and can be executed, Java-AP software execution management (startup / forced termination of Java-AP software), installation and deletion of Java-AP software It has a function to perform.
[0043]
The JAM also reads data written in a storage area other than the scratch pad used by the Java-AP and writes it to the scratch pad used by the Java-AP. It has a function of monitoring transmission from the telephone 400.
[0044]
When the JAM reads the terminal identifier stored in the ROM 407 and receives an instruction from the Java-AP to write the read terminal identifier to the scratch pad, the JAM reads the terminal identifier from the ROM 407 and reads it to the scratch pad used by the Java-AP. Write the terminal identifier. In addition, when “UsePersonal = utn” is described in the referenced ADF, JAM reads the terminal identifier written in the scratch pad when receiving an instruction from Java-AP to transmit the terminal identifier to the outside of the mobile phone. And send it to the outside of the mobile phone.
[0045]
If “UsePersonal = utn” is not described in the referenced ADF, the JAM reads the terminal identifier even if it receives an instruction from the Java-AP to read the terminal identifier stored in the ROM 407 and write it to the scratchpad. And the terminal identifier is not written to the scratchpad. In addition, when “UsePersonal = utn” is not described in the referenced ADF, JAM can receive an instruction from Java-AP to read the terminal identifier written in the scratchpad and transmit it to the outside of the mobile phone. The terminal identifier is not transmitted from the mobile phone.
[0046]
KVM (K Virtual Machine) is a redesigned Java Virtual Machine (JVM) that executes Java bytecode by converting it to native code, and is limited in memory, CPU capacity, and battery consumption. Designed to be used on some devices.
[0047]
[1-3-2. Processing when obtaining Java-AP software]
Next, processing performed when the mobile phone 400 downloads Java-AP software will be described.
[0048]
[1-3-2-1. Execution of browser and Java execution environment]
When the user of the mobile phone 400 operates the operation unit 404 to instruct execution of WWW browser software, the CPU 409 reads out the WWW browser software and the Java execution environment software from the ROM 407 and executes them. When the WWW browser software is executed, the display unit 405 is controlled by the CPU 409, and a browser screen serving as a user interface illustrated in FIG. 10 is displayed. Thereafter, the CPU 409 specifies a user instruction based on the state of the browser screen serving as a user interface and a signal supplied from the operation unit 404, and performs processing according to the instruction. In addition, Java execution environment software is executed to realize a Java-AP execution environment.
[0049]
[1-3-2-2. WWW page acquisition]
The user of the mobile phone 400 uses the operation unit 404 to input the URL of a file for displaying a page provided by the WWW server on the mobile phone 400 on which the browser screen shown in FIG. 10 is displayed. Then, the CPU 409 controls the display unit 405 to display the input URL on the browser screen. When the user performs an operation for instructing display of the page specified by the input URL, that is, an operation for clicking the “display” button on the browser screen shown in FIG. The communication unit 402 is controlled to establish a TCP connection with the WWW server apparatus that provides the file specified by the URL. The CPU 409 transmits an HTTP request using a GET method using the input URL as a parameter to the WWW server device via the established TCP connection, and requests a file specified by the URL. Further, the CPU 409 receives an HTTP response including a file transmitted from the WWW server device as a response to the HTTP request, and disconnects the connection.
[0050]
[1-3-2-2-3. Downloading Java-AP software]
When the user of the mobile phone 400 performs an operation for instructing download of the Java-AP software on the operation unit 404 after the page for downloading the Java-AP software is acquired in the mobile phone 400, the user's instruction Is notified to the running JAM.
[0051]
Specifically, an instruction from the user of the mobile phone 400 is notified to the JAM as follows. When the user performs an operation of clicking the hyperlink portion of the page displayed on the mobile phone 400, the ijam attribute is described in the A tag for displaying the hyperlink in the file for the WWW browser to display the page. Judge whether or not. When the WWW browser determines that the ijam attribute is described in the A tag, the WWW browser extracts the URL described in the data attribute of the OBJECT tag. When the URL specifies ADF, that is, when the extension of the file specified by the URL is “jar” indicating ADF, the WWW browser instructs the user to download the Java-AP software. JAM is notified that Java-AP software download is requested.
[0052]
When JAM is notified of a request to download Java-AP software, the JAM extracts the URL of the ADF described in the data attribute of the OBJECT tag. JAM establishes a TCP connection with a server specified by a URL, and generates an HTTP request using a GET method using the extracted URL as a parameter. The JAM transmits the generated HTTP request to the WWW server specified by the URL via the established TCP connection.
[0053]
JAM receives an HTTP response containing ADF, which is transmitted from the WWW server as a response to the HTTP request. When the JAM receives an HTTP response including ADF, JAM refers to the included ADF and determines whether the Java-AP software can be stored in the nonvolatile memory 406. Specifically, the JAM refers to an “AppSize” key indicating the size of the JAR file and an “SPsize” key indicating the size of the scratch pad used by the Java-AP described in the ADF. JAM compares the size of the Java-AP software described in the ADF and the size of the scratchpad to be used with the free space of the JAR storage and scratchpad, and whether or not the JAR file can be stored in the JAR storage. After downloading, it is determined whether the capacity of the scratch pad used by the Java-AP can be secured.
[0054]
When the JAM determines that it is possible to download the Java-AP software anew, the JAM refers to the ADF and determines whether “UsePersonal = utn” is described in the ADF. When JAM finds that “UsePersonal = utn” is described in the ADF, the Java-AP realized by executing the Java-AP software to be downloaded is stored in the mobile phone 400. It is determined that the terminal identifier, which is personal data, is a Java-AP transmitted from the mobile phone 400, and the screen illustrated in FIG. The JAM is a Java-AP in which the Java-AP realized by the Java-AP software to be downloaded by displaying the screen illustrated in FIG. 11 transmits a terminal identifier, that is, personal data from the mobile phone 400. Let the user know.
[0055]
The user who viewed the screen illustrated in FIG. 11 inputs an instruction to stop downloading the Java-AP software by operating the operation unit 404 because the personal data may be used outside the mobile phone 400. In this case, JAM stops downloading the Java-AP software.
[0056]
The user who viewed the screen illustrated in FIG. 11 acknowledges that the personal data is used outside the mobile phone 400 and operates the operation unit 404 to input an instruction to download the Java-AP software. In some cases, the JAM continues to download Java-AP software. Specifically, the JAM refers to the “PackageURL” key described in the ADF, and extracts a URL indicating the location where the JAR file is stored. When the JAM extracts the URL, it establishes a TCP connection with the WWW server specified by the URL, and generates an HTTP request using a GET method using the URL as a parameter. The JAM transmits the generated HTTP request to the server via the established TCP connection. The JAM receives an HTTP response containing a JAR file that is transmitted from the server as a response to the HTTP request. When the JAM receives an HTTP response including the JAR file, the JAM extracts the JAR file from the HTTP response and stores the extracted JAR file in the JAR storage. The JAM refers to the “SPsize” key indicating the size of the scratch pad described in the ADF, and the capacity specified in the “SPsize” key is scratched for the Java-AP realized by the downloaded Java-AP software. Secure on the pad.
[0057]
[1-3-3. Processing at the time of Java-AP software execution]
Next, processing performed when the mobile phone 400 is instructed to execute Java-AP software will be described with reference to the flowchart shown in FIG.
[0058]
When the user performs an operation to display a list of Java-AP software stored in the nonvolatile memory 406 and executable, the CPU 409 reads out the Java execution environment software from the ROM 407. Execute (Step SA1). By executing the Java execution environment software, a Java-AP execution environment is realized in the mobile phone 400. When the Java-AP execution environment is realized, the CPU 409 is provided with JAM and KVM functions. The CPU 409 having the JAM function refers to the nonvolatile memory 406 and generates a list of Java-AP software stored in the nonvolatile memory 406 and executable. When generating the list, the CPU 409 controls the display unit 405 to display the generated list on the display unit 405 (step SA2).
[0059]
After displaying the list of Java-AP software, the CPU 409 waits for an instruction to execute the Java-AP software from the user (step SA3). When the user selects the Java-AP software displayed on the display unit 405 and performs an operation on the operation unit 404 to instruct execution of the selected Java-AP software (step SA3: YES), the CPU 409 Based on the signal output from the operation unit 404 and the screen displayed on the display unit 405, the Java-AP software instructed to be executed by the user is specified. The CPU 409 reads out the specified Java-AP software ADF from the nonvolatile memory 406 (step SA4).
[0060]
The CPU 409 refers to the read ADF and determines whether or not the “UsePersonal = utn” attribute is described in the ADF, so that the Java-AP realized by the Java-AP software instructed by the user is executed. Then, it is determined whether the terminal identifier stored in the mobile phone 400 is a Java-AP that transmits from the mobile phone 400 (step SA5).
[0061]
When the CPU 409 determines that the Java-AP realized by the Java-AP software that the user has instructed to execute is a Java-AP that does not transmit the terminal identifier stored in the mobile phone 400 from the mobile phone 400. (Step SA5: NO), the CPU 409 reads the JAR file from the nonvolatile memory 406 (Step SA9) and executes it (Step SA10).
[0062]
When the CPU 409 determines that the Java-AP realized by the Java-AP software that the user has instructed to execute is a Java-AP that transmits the terminal identifier stored in the mobile phone 400 from the mobile phone 400. (Step SA5: YES), the display unit 405 is displayed with a screen prompting the user to input an instruction for permission of execution (Step SA6), and the user is asked whether the Java-AP software can be executed. Let The CPU 409 displays a screen that prompts the user to input an instruction for permission to execute, and then waits for an instruction from the user to be input (step SA7).
[0063]
When the operation unit 404 is operated by the user and a signal indicating the operation content of the user is input to the CPU 409, the CPU 409 determines whether or not the operation performed by the user instructs execution of the Java-AP software. (Step SA8). When the user instruction is an instruction to stop execution of the Java-AP software (step SA8: NO), the CPU 409 does not execute the Java-AP software.
[0064]
If the user instruction is to instruct execution of the Java-AP software (step SA8: YES), the CPU 409 reads the JAR file from the nonvolatile memory 406 (step SA9). By executing the Java execution environment software, the CPU 409 provided with the KVM function converts the Java bytecode included in the read JAR file into a native code, and executes the Java-AP software (step). SA10).
[0065]
After executing the Java-AP software, the CPU 409 waits for an instruction to end the Java-AP software being executed (step SA11). When the user operates the operation unit 404 and inputs an instruction to terminate the Java-AP software being executed, a signal indicating the user's operation content is input to the CPU 409, and the CPU 409 receives the Java-AP being executed. Exit the software.
[0066]
[2. Example of operation]
[2-1. Example of operation when downloading Java-AP software]
Next, an operation example when the Java-AP software is downloaded from the Java-AP software distribution server 100 will be described with reference to the sequence diagram shown in FIG. It is assumed that the mobile phone 400 is turned on by a user operation and a WWW browser has already been executed. Note that the operations performed by the aforementioned OS, WWW browser, JAM, KVM, and Java-AP stored in the mobile phone 400 are the operations of the mobile phone 400. Therefore, in the following description, the subject of the operation is the mobile phone. The telephone 400 is assumed.
[0067]
The operation of installing the Java-AP software provided by the Java-AP software distribution server 100 in the mobile phone 400 is stored in the Java-AP software distribution server 100 by the user of the mobile phone 400 operating the mobile phone 400. The process starts by trying to acquire the explanation file 105A.
[0068]
After the user of the mobile phone 400 operates the operation unit 404 of the mobile phone 400 and inputs the URL (“http://www.abc.co.jp/java/kabuka.html”) of the explanation file 105A, When an operation of clicking the “display” button shown in the screen example shown in FIG. 10 is performed (step S101), the mobile phone 400 receives an HTTP request using a GET method using the URL of the description file 105A as a parameter. It is generated (step S102). This HTTP request is transmitted from the cellular phone 400, and is transmitted to the Java-AP software distribution server 100 via the mobile packet communication network 300 and the Internet 200 (step S103).
[0069]
When the HTTP request is received by the Java-AP software distribution server 100, the explanation file 105A is read from the storage unit 105 (step S104), and an HTTP response containing the read explanation file 105A is generated ( Step S105). This HTTP response is transmitted from the Java-AP software distribution server 100 and transmitted to the mobile phone 400 via the Internet 200 and the mobile packet communication network 300 (step S106).
[0070]
When the cellular phone 400 receives the HTTP response, the explanation file 105A included in the HTTP response is interpreted by the WWW browser, and a user interface corresponding to the contents of the explanation file 105A is provided. As a result, the page P01 shown in FIG. 5 is displayed on the display unit 405 of the mobile phone 400 (step S107).
[0071]
When the user who has viewed this page P01 performs an operation of clicking the hyperlink P01A portion of the page P01 (step S108), the mobile phone 400 uses the anchor tag (“<A”) described in the explanation file 105A. The tag's ijam attribute is referenced. In the mobile phone 400, since the ijam attribute is described, the URL for acquiring the ADF 105B described in the data attribute of the OBJECT tag is referred to (“http://www.abc.co .jp / java / kabuka.jam ”) is extracted. Next, in the mobile phone 400, an HTTP request using a GET method using the extracted URL as a parameter is generated (step S109) and transmitted to the Java-AP software distribution server 100 (step S110).
[0072]
When the HTTP request is received by the Java-AP software distribution server 100, the ADF 105B is read from the storage unit 105 in response to the HTTP request (step S111). In the Java-AP software distribution server 100, an HTTP response including the read ADF 105B is generated (step S112), and the generated HTTP response is transmitted to the mobile phone 400 (step S113).
[0073]
When the mobile phone 400 receives an HTTP response including the ADF 105B, the ADF 105B included in the HTTP response is referred to. In mobile phone 400, since “UsePersonal = utn” is described in ADF 105B, in order to inquire the user whether to download the terminal identifier, that is, Java-AP software that transmits personal data, display unit 405 is displayed. The screen shown in FIG. 11 is displayed (step S114). As a result, the mobile phone 400 informs the user that the Java-AP realized by executing the downloaded Java-AP software is the terminal identifier, that is, the Java-AP that transmits personal data, and downloads. Ask them to do it.
[0074]
When the user of the mobile phone 400 viewing the screen shown in FIG. 11 performs an operation of clicking the “OK” button shown on the screen (step S115), the mobile phone 400 uses the PackageURL (“http: //www.abc.co.jp/java/kabuka.jar ") is extracted, and an HTTP request using a GET method using the extracted PackageURL as a parameter is generated (step S116). The generated HTTP request is transmitted from the mobile phone 400 to the Java-AP software distribution server 100 (step S117).
[0075]
When the HTTP request including the PackageURL is received by the Java-AP software distribution server 100, the JAR file 105C corresponding to the HTTP request is read from the storage unit 105 (step S118). In the Java-AP software distribution server 100, when the JAR file 105C is read, an HTTP response including the JAR file 105C is generated (step S119). This HTTP response is transmitted from the Java-AP software distribution server 100 (step S120), and is received by the mobile phone 400. When the mobile phone 400 receives the HTTP response, the JAR file 105C included in the HTTP response and the already downloaded ADF 105B are stored in the nonvolatile memory 406 (step S121).
[0076]
[2-2. Example of operation when downloading stock price information AP software]
Next, an operation when the user of the mobile phone 400 stops downloading the Java-AP software will be described. Note that the operations from step S101 to step S114 are the same as the operations for downloading the Java-AP software described above, and thus the description thereof is omitted.
[0077]
The user of the mobile phone 400 does not want to use the Java-AP in which personal data is transmitted after viewing the screen for inquiring of the user as to whether or not to perform the download shown in FIG. When the user clicks the “Cancel” button shown in the screen shown in FIG. 11, the mobile phone 400 causes the display unit 405 to display the screen illustrated in FIG. 14 and cancels the download of the Java-AP software. To do.
[0078]
[2-3. Example of operation when stock price information AP is executed]
Next, an operation example when the stock price information AP is executed by the mobile phone 400 will be described. In the description of the operation example described below, it is assumed that the stock price information AP software has already been downloaded to the mobile phone 400 by the above-described operation.
[0079]
When the user of the mobile phone 400 inputs an instruction to display a list of Java-AP software stored in the JAR storage and executable, the Java-AP execution environment is realized in the mobile phone 400. The In the mobile phone 400, when the Java-AP execution environment is realized, the Java-AP software stored in the nonvolatile memory 406 is referred to, and a list of executable Java-AP software is generated. In the mobile phone 400, the generated list is displayed on the display unit 405.
[0080]
When the user who has viewed the list of Java-AP software selects stock price information AP software that has already been downloaded and can be executed, and performs an operation to instruct execution of the selected stock price information AP software, the cellular phone 400 The ADF 105B of the selected stock price information AP is referred to. Since “UsePersonal = utn” is described in the ADF 105B referred to by the mobile phone 400, in the mobile phone 400, the stock price information AP is a Java-AP that transmits a terminal identifier that is personal data from the mobile phone 400. A screen for confirming execution of the Java-AP software illustrated in FIG. 15 is displayed.
[0081]
The user who viewed the screen illustrated in FIG. 15 acknowledges that the terminal identifier stored in the mobile phone 400, that is, personal data is transmitted from the mobile phone 400, and performs an operation to instruct execution of the Java-AP software. When done, stock price information AP is executed.
[0082]
When the stock price information AP is executed, the screen illustrated in FIG. 16 is displayed on the display unit 405 of the mobile phone 400. When the user of the mobile phone 400 performs an operation of clicking “designation / deletion of brand” in order to register a brand for which stock price information is desired, the screen illustrated in FIG. Is displayed. When the user of the cellular phone 400 operates the cellular phone 400, designates “ABC company” as a brand for which information is desired, and clicks “Register”, the terminal identifier “MS0001” stored in the ROM 407 is performed. Is read out and stored in the scratch pad for the stock price information AP. When the terminal identifier is stored in the scratch pad, a brand registration request including the brand name “ABC company” specified by the user and the terminal identifier “MS0001” of the mobile phone 400 is generated, and the generated brand registration request is generated by Java. -It is transmitted to the AP software distribution server 100.
[0083]
In the Java-AP software distribution server 100 that has received the brand registration request, the brand name “ABC company” included in the received brand registration request and the terminal identifier “MS0001” are associated with each other, and the Java− It is stored in the AP user table 105E as shown in FIG.
[0084]
Next, an operation in which the user of the mobile phone 400 clicks on “obtain stock price information” on the screen shown in FIG. 16 displayed on the display unit 405 in order to view the stock price information of the specified brand. If it performs in 404, terminal identifier "MS0001" memorize | stored in the scratch pad for stock price information AP will be read, and the stock price information acquisition request which contains the read terminal identifier will be produced | generated. The generated stock price information acquisition request is transmitted from the mobile phone 400 and transmitted to the Java-AP software distribution server 100 via the mobile packet communication network 300 and the Internet 200.
[0085]
When the Java-AP software distribution server 100 receives the stock price information acquisition request, the Java-AP software distribution server 100 stores the stock identifier in the storage unit 105 using the terminal identifier “MS0001” included in the stock price acquisition request as a key. The stored Java-AP user table 105D is searched. In the Java-AP software distribution server 100, when the corresponding terminal identifier is found in the Java-AP user table 105D, the user of the mobile phone 400 registered in association with the terminal identifier “MS0001” is registered. The brand name “ABC company” is read out. Next, the Java-AP software distribution server 100 searches the stock price information table 105E shown in FIG. 3 stored in the storage unit 105 using the read brand name “ABC company” as a key, and searches for “ABC company”. Stock price information “100 yen” is read out. In the Java-AP software distribution server 100, a stock price information response including the read stock price information “100 yen” of “ABC company” is generated and generated to the mobile phone 400 identified by the terminal identifier “MS0001”. Stock price information response is sent.
[0086]
In the mobile phone 400 that has received the stock price information response, the stock price information of “ABC company” included in the response is extracted. The extracted stock price information is displayed on the display unit 405 as illustrated in FIG.
[0087]
As described above, according to the present embodiment, a person who intends to download Java-AP software is a Java-AP in which the Java-AP transmits personal data inside the mobile phone 400 from the mobile phone 400. Download after confirming. Therefore, a user who does not want the personal data in the mobile phone 400 to be transmitted from the mobile phone 400 may download the Java-AP software that transmits the personal data in the mobile phone 400 from the mobile phone 400. It can be lost. In addition, when Java-AP software is executed on the mobile phone 400, Java-AP realized by executing the Java-AP software transmits personal data inside the mobile phone 400 from the mobile phone 400. -Java-AP software is executed after the user of the mobile phone 400 confirms that it is an AP. Therefore, a user who does not want the personal data in the mobile phone 400 to be transmitted from the mobile phone 400 can be used to implement Java-AP for transmitting the personal data in the mobile phone 400 to the outside of the mobile phone 400. -The possibility of executing the AP software can be eliminated.
[0088]
[3. Modified example]
In the embodiment described above, the Java-AP software distribution server 100 is connected to the mobile packet communication network 300 via the Internet 200. However, the Java-AP software distribution server 100 is connected to the mobile packet communication network 300 via a dedicated line. You may make it connect.
[0089]
In the above-described embodiment, the mobile phone 400 communicates with the server from which the Java-AP software is distributed when the Java-AP is realized. However, the mobile phone 400 is realized with the Java-AP. The communication performed by the 400 is not limited to the server from which the Java-AP software is distributed. For example, in the above-described embodiment, by separately providing a WWW server that distributes stock price information, and the mobile phone 400 that is executing the stock price information AP software communicates with a newly provided server for stock price information distribution Stock price information may be obtained.
[0090]
In the above-described embodiment, a terminal identifier for uniquely identifying a mobile phone is used as personal data transmitted from the mobile phone 400 in which Java-AP is implemented to the Java-AP software distribution server 100. The personal data transmitted from the mobile phone 400 in which Java-AP is realized is not limited to the terminal identifier. The personal data transmitted from the mobile phone 400 in which Java-AP is realized may be other personal data such as the telephone number of the user who owns the mobile phone 400.
[0091]
Further, the mobile phone 400 and the mobile packet communication network 300 described above may be compliant with IMT-2000 (International Mobile Telecommunication 2000). An IC card called UIM (User Identity Module) in which subscriber data of a user of the mobile phone is recorded is used for the mobile phone conforming to IMT-2000. When the mobile phone in which Java-AP is realized is an IMT-2000 compliant mobile phone, the personal data transmitted from the mobile phone to the Java-AP software distribution server 100 is the identification of the UIM stored in the UIM. A number or a UIM identification number and a terminal identifier of a mobile phone may be combined.
[0092]
In the embodiment described above, the personal data sent from the mobile phone 400 to the Java-AP software distribution server 100 is transmitted in plain text. However, the personal data is converted by an arbitrary algorithm, and the data obtained by this conversion is transmitted. You may do it.
[0093]
In the embodiment described above, HTTP is used for communication performed between the mobile phone 400 and the Java-AP software distribution server 100, but the protocol used for communication is not limited to this, and HTTPS ( Communication may be performed using a protocol with an encryption function such as Hypertext Transfer Protocol Security.
[0094]
In the embodiment described above, when the mobile phone 400 transmits personal data to the Java-AP software distribution server 100, it may be inquired to the user of the mobile phone 400 whether or not the personal data may be transmitted. .
[0095]
In the embodiment described above, after downloading of the Java-AP software, the setting screen regarding the details of the Java-AP illustrated in FIG. 19 is displayed on the display unit 405 of the mobile phone 400 and is realized by the downloaded Java-AP software. The user may confirm again that the Java-AP is a Java-AP that transmits personal data.
[0096]
In the embodiment described above, the mobile phone 400 has downloaded the stock price information AP software from the Java-AP software distribution server 100. However, the mobile phone 400 stores the stock price information AP software in the storage unit of the mobile phone 400 in advance when the mobile phone 400 is shipped. You may make it ship.
[0097]
The timing at which the terminal identifier is written to the scratch pad is not limited to the timing shown in the above embodiment. The terminal identifier may be read from the ROM 407 at the start of execution of the stock price information AP and stored in the scratch pad.
[0098]
Various software stored in the ROM 407 of the mobile phone 400 described above may be rewritable. Examples of the method for rewriting various software include the following methods. For example, a recording medium such as a CD-ROM (Compact Disc Read Only Memory) in which various kinds of software are recorded is inserted into a CD-ROM drive of a personal computer, and the personal computer and a mobile phone using a flash ROM in place of the ROM 407. Connect the phone to the cable. The personal computer reads various software recorded on the CD-ROM, and transmits the read software to a mobile phone connected by a cable. Then, the mobile phone that has received the software writes the received software in the flash ROM, so that various software stored in the mobile phone can be upgraded.
[0099]
In the above-described modification example, a CD-ROM is used as a recording medium on which various types of software are recorded. However, the recording medium is not limited to this. Other recording media such as a DVD-ROM, an IC card with a built-in flash ROM, and a floppy disk may be used.
[0100]
In the above-described embodiment, the terminal identifier stored in the ROM 407 of the mobile phone is read from the ROM 407 and transmitted as personal data, that is, the personal data stored in the mobile phone is read and personal. Although transmitted as data, personal data input by the user of the mobile phone 400 using the operation unit 404 may be transmitted to the Java-AP software distribution server 100.
[0101]
In the above-described embodiment, the Java execution environment and Java-AP are used. However, personal data stored in the mobile phone is not transmitted unless the user of the mobile phone permits. For example, the execution environment of application software is not limited to the Java execution environment. Also, the application software is not limited to that created using the Java programming language, and may be created using another programming language.
[0102]
In the above-described embodiment, the personal data is transmitted from the mobile phone 400 as a trigger when the user of the mobile phone 400 operates the mobile phone 400 that is executing the Java-AP software. -It may be transmitted from the cellular phone 400 triggered by a request for personal data from the AP software distribution server 100.
[0103]
【The invention's effect】
As described above, according to the present invention, when application software is executed on a communication terminal, personal data of the user of the communication terminal can be prevented from being transmitted from the communication terminal without the user's permission. .
[Brief description of the drawings]
FIG. 1 is a diagram illustrating an overall configuration of a communication system according to an embodiment of the present invention.
FIG. 2 is a block diagram illustrating a hardware configuration of a Java-AP software distribution server 100 according to the embodiment of the present invention.
FIG. 3 is a diagram showing the contents of a stock price information table 105E.
FIG. 4 is a diagram showing the contents of an explanation file 105A.
FIG. 5 is a diagram showing pages distributed by the Java-AP software distribution server 100;
FIG. 6 is a diagram showing the contents of ADF 105B.
FIG. 7 is a diagram showing the contents of a Java-AP user table 105D.
FIG. 8 is a diagram illustrating a hardware configuration of a mobile phone 400 according to an embodiment of the present invention.
FIG. 9 is a diagram illustrating a configuration of a Java-AP execution environment.
FIG. 10 is a diagram exemplifying a browser screen displayed when a WWW browser is executed on the mobile phone 400;
FIG. 11 is a diagram showing a message displayed when downloading Java-AP software for transmitting personal data.
FIG. 12 is a flowchart illustrating the flow of processing when the mobile phone 400 according to the embodiment of the present invention executes Java-AP software.
FIG. 13 is a sequence diagram showing an operation example when the mobile phone 400 downloads Java-AP software.
FIG. 14 is a diagram illustrating an example of a screen displayed when downloading of Java-AP software is stopped.
15 is a diagram showing a warning message displayed when executing Java-AP software for transmitting personal data to the outside of the mobile phone 400. FIG.
FIG. 16 is a diagram illustrating a screen displayed at the start of execution of stock price information AP.
FIG. 17 is a diagram exemplifying a screen displayed after clicking “brand registration / deletion” shown on the screen displayed at the start of execution of stock price information AP;
FIG. 18 is a diagram illustrating an example of a screen displaying stock price information acquired from the Java-AP software distribution server 100.
FIG. 19 is a diagram exemplifying a setting screen related to the details of Java-AP displayed on the display unit 405 of the mobile phone 400 in a modification of the embodiment;
[Explanation of symbols]
DESCRIPTION OF SYMBOLS 100 ... Java-AP software distribution server, 101 ... Bus, 102 ... Communication part, 103 ... Operation part, 104 ... Display part, 105 ... Storage part, 105A ... Explanation File, 105B ... ADF, 105C ... JAR file, 105D ... Java-AP user table, 105E ... Stock price information table, 106 ... ROM, 107 ... RAM, 108 ... CPU
200 ... Internet
300 ... Mobile packet communication network
400 ... mobile phone 401 ... bus 402 ... communication unit 403 ... antenna 404 ... operation unit 405 ... display unit 406 ... nonvolatile memory 407 ..ROM, 408 ... RAM, 409 ... CPU

Claims (11)

First storage means for storing a program, execution means for executing a program stored in the first storage means, and data read / written by an application realized by executing the program by the execution means And second storage means for storing descriptor information that is information indicating characteristics of the program and that may include transmission function information indicating that the program has a function of transmitting the data. In the communication terminal having the transmission means for the application to transmit the data to an external device,
Instruction input means for inputting user instructions;
The program instructed to be executed based on the presence or absence of transmission function information in the descriptor information stored by the third storage means when an instruction to execute the program is input by the instruction input means Determines whether the program is a program that can acquire the data and transmit it to an external device, and if it is determined that the program is a program that can be transmitted, input an instruction indicating whether to allow the execution of the program A first confirmation means to prompt the user;
A communication terminal, comprising: an execution permission unit that permits execution of the program by the execution unit only when an instruction to permit execution is input by the instruction input unit. The first confirmation unit is a program that can acquire the personal data and transmit it to an external device based on the presence / absence of transmission function information in the descriptor information stored in the third storage unit. If the program is determined to be a program that can be transmitted, the program further notifies the user that the program is a program that can acquire personal data and transmit it to an external device. The communication terminal according to claim 1. The first confirmation unit is a program that allows the program to acquire the data and transmit it to an external device based on the presence / absence of transmission function information in the descriptor information stored by the third storage unit. 2. The communication terminal according to claim 1, wherein, when it is determined that the program cannot be transmitted, execution of the program by the execution unit is permitted. First acquisition means for acquiring the descriptor information via a communication network from a server device that distributes the program and the descriptor information ;
Second confirmation means for urging the user to input an instruction indicating whether or not to permit the acquisition of the program based on the presence or absence of transmission function information in the descriptor information acquired by the first acquisition means; ,
2. A second acquisition unit that acquires the program from the server via a communication network only when an instruction to permit acquisition of the program is input by the instruction input unit. The communication terminal according to claim 2 or claim 3.   The communication terminal according to claim 4, wherein the communication network is a mobile communication network, and the communication terminal is a mobile phone.   The communication terminal according to claim 1, wherein the personal data is data that can uniquely identify the user.   The communication terminal according to claim 1, wherein the program is a program written in a Java programming language. First storage means for storing a program, execution means for executing a program stored in the first storage means, and data read / written by an application realized by executing the program by the execution means And second storage means for storing descriptor information that is information indicating characteristics of the program and that may include transmission function information indicating that the program has a function of transmitting the data. A computer device having transmission means for the application to transmit the data to an external device;
Instruction input means for inputting user instructions;
The program instructed to be executed based on the presence or absence of transmission function information in the descriptor information stored by the third storage means when an instruction to execute the program is input by the instruction input means Determines whether the program is a program that can acquire the data and transmit it to an external device, and if it is determined that the program is a program that can be transmitted, input an instruction indicating whether to allow the execution of the program A first confirmation means to prompt the user;
A program for functioning as an execution permission unit that permits execution of the program by the execution unit only when an instruction to permit execution is input by the instruction input unit.   A computer-readable recording medium on which the program according to claim 8 is recorded. Download means for downloading from a server device, first storage means for storing a program, execution means for executing a program stored in the first storage means, and execution by the execution means executing the program In a communication terminal having second storage means for storing data read and written by the application to be executed, and transmission means for transmitting data to an external device by the application,
Instruction input means for inputting user instructions;
Information indicating the characteristics of the program when an instruction to download the program is input by the instruction input means , including transmission function information indicating that the program has a function of transmitting the data Whether or not the program instructed to download the acquired descriptor information is downloaded by the download means, and the download instruction is acquired and transmitted to an external device based on the presence or absence of transmission function information in the downloaded descriptor information Download confirmation means for prompting the user to input an instruction indicating whether or not to permit downloading of the program when it is determined that the program can be transmitted;
A communication terminal comprising: a download permission unit that permits the download unit to download the program only when an instruction for permitting download is input by the instruction input unit. When an instruction to execute the program is input by the instruction input means, the program instructed to execute is based on the presence or absence of transmission function information in the descriptor information downloaded by the download means. To determine whether the program is a program that can be transmitted to an external device, and when it is determined that the program is a program that can be transmitted, an instruction indicating whether to allow the execution of the program is input to the user A first confirmation means for prompting;
The communication terminal according to claim 10, further comprising: an execution permission unit that permits execution of the program by the execution unit only when an instruction to permit execution is input by the instruction input unit. .

Images