JP4718151B2 - Information processing apparatus, information processing method, and program - Google Patents

Description

  The present invention relates to an information processing apparatus, an information processing method, and a program for performing data access control.

In recent years, mobile phones that allow mobile phone users to download, install, and execute programs created by other than mobile phone manufacturers and mobile phone carriers have become widespread.
Some of these programs take the form of an object code program (hereinafter referred to as a native program), or the form of a program (hereinafter referred to as a Jv program) written in a Java (registered trademark) (hereinafter referred to as Jv) programming language. Some take
Here, the Jv program is used not by a program that can be directly executed on a mobile phone, but by a software on the mobile phone called a Jv execution environment, and the Jv language has memory corruption. The reason is that it is not possible to create a program to do the above. In other words, the reason is that security measures are taken against unauthorized operation by downloading and executing a program developed by a third party.
On the other hand, in a native program that does not have such a function, there are cases where measures are taken by checking the source code manually.

However, even if the risk of executing a program that causes memory destruction on the mobile phone can be avoided by using the Jv program, there is another risk.
For example, it is assumed that the Jv execution environment provides a function capable of accessing phone book data in a mobile phone from a Jv program. A mobile phone user may download and execute a phone book Jv program that provides a better function than a phone book built in a mobile phone or a phone book Jv program with a good user interface design. However, the phone book Jv program accessing the phone book data leaks data such as names and phone numbers in the phone book to a server on the network in the form of e-mail etc. without the user's knowledge. It may be.

In Patent Document 1, a data object called a completely encapsulated object is introduced for the above problem.
Thereby, according to the reliability of the Jv program to be executed, the normal data object is distinguished from the data to be improved in security such as the phone book data in the above example, and the phone book data used for the Jv program with low reliability. Is a fully encapsulated object. The fully encapsulated object is restricted in its use, for example, transmission to the network, so that data leakage can be prevented.
JP 2004-152022 A

Most external devices are not connected to the current mobile phone except for a storage device.
However, mobile phones have become more sophisticated so as to follow personal computers. Personal computers, particularly notebook personal computers, have PCMCIA (Personal Computer Memory Card International Association) cards, card bus cards, USB (Universal Serial Bus). It can be connected to various devices, and the range of use is expanding. Considering this, it is expected that various devices will be connected in the future, and the use of controlling the devices, acquiring and displaying data from the devices, and managing and editing the acquired data will become widespread. The
Therefore, it is necessary not only to determine whether data can be used in the mobile phone, but also to be able to deal with external device, its control program, or user availability determination.
In consideration of the above problems, the present invention can perform data access control not only for determining whether data can be used in a mobile phone, but also for external devices, their control programs, or whether a user can use data. The purpose is to do.

  An information processing apparatus according to the present invention includes a data storage unit that stores data and data attributes associated with the data, a program storage unit that stores a program including an instruction code, an instruction code that accesses data, and data An access control information storage unit that stores data attributes that are access conditions in association with each other, a program execution unit that executes a program stored in the program storage unit, and an instruction code included in a program executed by the program execution unit Access to determine whether the instruction code can access the data based on the correspondence between the instruction code stored in the access control information storage unit and the data attribute. And a determination unit.

  According to the present invention, data access control can be performed based on data attributes. For example, different data access control can be performed for each instruction code of each program, and user convenience such as program creation and data management is improved.

  Embodiment 1 FIG.

FIG. 1 is a hardware configuration diagram of the information processing apparatus according to the first embodiment.
In FIG. 1, the information processing apparatus includes a CPU (Central Processing Unit) 911 that executes a program. The CPU 911 includes a ROM 913, a RAM 914, a communication board 915, a display device 901 such as a CRT (Cathode Ray Tube) and a liquid crystal screen, an input device 902 such as a keyboard (K / B), a touch panel, a push button, and a mouse via a bus 912. It is connected to a medium connection device 904 such as an FDD (Flexible Disk Drive), a compact disk device (CDD), a PC card connection device, and a memory card connection device, and a magnetic disk device 920.
The RAM 914 is an example of a volatile memory. The ROM 913, FDD, CDD, magnetic disk device 920, optical disk device, and memory card are examples of nonvolatile memory. These are examples of a storage device or a storage unit.
The communication board 915 is connected to a LAN, the Internet, or the like.
For example, the communication board 915, the input device 902, the medium connection device 904, and the like are examples of the information input unit.
For example, the communication board 915, the display device 901, and the like are examples of an output unit.

  The magnetic disk device 920 stores an operating system (OS) 921, a program group 923, and a file group 924. The program group 923 is executed by the CPU 911 and the OS 921.

The program group 923 stores programs that execute functions described as “˜units” in the description of the embodiments described below. The program is read and executed by the CPU 911.
In the file group 924, what is described as “determination result of”, “determination result of”, “calculation result of”, and “processing result of” in the description of the embodiment described below is “ ~ "File" is stored.
In addition, the arrow portion of the flowchart described in the description of the embodiment described below mainly indicates input / output of data, and for the input / output of the data, the data is the magnetic disk device 920, FD (Flexible Disk cartridge), It is recorded on other recording media such as an optical disc, CD (compact disc), MD (mini disc), and DVD (Digital Versatile Disk). Alternatively, it is transmitted through a signal line or other transmission medium.

  In addition, what is described as “unit” in the description of the embodiment described below may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented by software alone, hardware alone, a combination of software and hardware, or a combination of firmware.

  In addition, a program that implements the embodiment described below may be stored using a recording device using another recording medium such as a magnetic disk device 920, FD, optical disk, CD, MD, or DVD.

  In the following embodiments, a mode in which a mobile phone is an information processing apparatus will be described. However, the information processing apparatus is not limited to a mobile phone. For example, an information processing apparatus such as a desktop PC (Personal Computer), a notebook PC, or a PDA (Personal Digital Assistance) may be used.

FIG. 2 is a system configuration diagram according to the first embodiment.
The system configuration of the first embodiment will be described with reference to FIG.
The mobile phone 100 can connect and communicate with the external device 200 via the in-device connection unit 120. Here, as a connection method with the external device 200, it is conceivable to use an interface such as serial connection, USB, SD card, memory stick, or Bluetooth.
The external device 200 includes an in-device connection unit 210 having the same interface as the in-device connection unit 120 of the mobile phone 100, is connected to the mobile phone 100, and communicates data and programs stored in the external device storage unit 290.

The mobile phone 100 includes a Jv environment execution unit 110 and operates the Jv program 192 stored in the program storage unit 191 on the Jv execution environment executed by the Jv environment execution unit 110.
The Jv environment execution unit 110 includes a data object generation unit 113. The Jv environment execution unit 110 includes a data object 195 that can be handled by the Jv program for data acquired from the external device 200 or data stored in advance in the data storage unit 194 of the mobile phone 100. It is generated and stored in the data storage unit 194.
The data object 195 may be an object that includes data and the data attribute of the data, or the data object 195 includes only the data and its ID, and the data attribute is a correspondence between the ID of the data object 195 and the data attribute. May be managed by a list for recording. In addition, there may be an embodiment in which the data object 195 is a completely encapsulated object in Patent Document 1.
The mobile phone 100 includes a storage information acquisition unit 130 that acquires data and data attributes that are information necessary for generating a data object.
The Jv environment execution unit 110 further executes a Jv program 192 and includes a data object utilization unit 111 that performs data object utilization such as display of the data object 195 on the screen, storage in each storage unit, and transmission to the network. Prepare.
The Jv environment execution unit 110 also includes a data object access control unit 112 that performs access control based on access determination to data. The data object access control unit 112 performs access control based on the access control table 196 stored in the access control information storage unit 193.

FIG. 3 is a diagram showing data attributes in the first embodiment.
FIG. 4 is a diagram showing the access control table 196 in the first embodiment.
The data attributes and the access control table 196 will be described with reference to FIGS.
In the data attributes shown in FIG. 3, “1” indicates that the printable (printable), screen display (displayable), storable (stable), and transmission to the Internet (Internet Exportable) can be used. This is indicated by “0”.
An access control table 196 shown in FIG. 4 is an example of a control table used by the data object access control unit 112 for its control. In order to use a Jv API (Application Program Interface) and a data object, the API is used. Necessary attributes are associated with each other. The API is an instruction code that executes an instruction when specified.
In the example of FIG. 4, the Object # toString () API that converts the content of the object into a character string does not have “1” for all attributes that can be printed, displayed on the screen, stored, and transmitted to the Internet It means that it cannot be used.

The data attribute may be in a format different from the format indicating whether or not each function can be executed as shown in FIG. For example, a security level represented by a numerical value may be used. Here, the security level indicates, for example, that the larger the numerical value, the more attention should be paid to data leakage.
FIG. 5 shows an access control table 196 when the security level is a data attribute.
Similar to the example of the access control table 196 shown in FIG. 4, the API and the security level for making it usable are described in association with each other.
Hereinafter, description will be made using the data attributes shown in FIG. 3 and the example of the access control table 196 shown in FIG.

FIG. 6 shows an example of data and data attributes.
In this example, data and data attributes are shown as integrated information. The data and data attributes are acquired by the stored information acquisition unit 130 including the case where they are integrated in this way.
In this integrated information example, it is expressed by an HTML-like expression method. The entire information is enclosed in <DATA> and </ DATA>, the data body is enclosed in <BODY> and </ BODY>, and the data attribute is enclosed in <ATTRIBUTE> and </ ATTRIBUTE>.
That is, this information indicates that the data is 01-2345-6789, and that the data attribute is printable, screen displayable, not storable, and cannot be transmitted to the Internet.
However, the data and the data attributes may or may not be HTML-like regardless of whether they are integrated or not.

As shown in FIG. 6, by integrating the data and the data attribute, the mobile phone 100 can always acquire the data attribute together with the data.
As another method for acquiring data attributes, a command for acquiring data and a command for acquiring data attributes are defined for the external device 200 and executed separately. However, in this case, data attributes may not be acquired even if data is acquired. Therefore, the mobile phone 100 or the external device 200 is configured so that the data attribute to be acquired is specified, the data attribute is acquired first, the data is acquired, and the data for which the data attribute is not acquired cannot be acquired. By controlling it, you can definitely get data attributes.

  However, data and data attributes may be acquired at different timings, may be acquired from different external devices 200, or only data attributes for data stored in advance in the data storage unit 194 may be acquired. It may be.

Next, a method for generating the data object 195 in Embodiment 1 will be described.
Here, it is assumed that data and data attributes are acquired from the external device 200.
Examples of the external device 200 include a GPS (Global Positioning System) device and an IC (Integrated Circuit) card device. In the case of a GPS device, the position information will not be leaked so much, and the IC card device has an employee card function, for example, and it is necessary to pay attention to information leakage. . In other words, it is effective as a data utilization method to provide a difference in data attribute of each data depending on each external device and perform data access control based on the data attribute.

Hereinafter, description will be given based on the flowchart of FIG.
When the Jv program 192 is executed and the acquisition of data information from the external device 200 is requested, the Jv environment execution unit 110 first sends the data information from the external device 200 to the storage information acquisition unit 130 via the in-device connection unit 120. Instruct to get
The stored information acquisition unit 130 acquires data information in which data and data attributes as in the example illustrated in FIG. 6 are integrated from the external device 200 (S101).
Next, the storage information acquisition unit 130 extracts a data body portion from the acquired data information and stores it in the data storage unit 194 (S102).
Next, the storage information acquisition unit 130 extracts a data attribute portion from the acquired data information and stores it in the data storage unit 194 (S103).
Thereby, since the data and the data attribute can be acquired from the external device 200, the Jv environment execution unit 110 activates the data object generation unit 113 and generates a data object 195 including the data and the data attribute as a Jv object. (S104).

  In the above description, the mobile phone 100 acquires data and data attributes from the external device 200. However, the data object generation unit 113 generates data objects for data and data attributes stored in advance in each storage unit of the mobile phone 100. It may be generated. Even in this case, data access control can be performed on each data according to the data attribute.

Next, a method for using the data object 195 will be described with reference to FIG.
For example, it is assumed that the Jv program 192 instructs the Jv environment execution unit 110 to use the data object 195 for the screen output function (Graphics # drawString () API). The screen output function is one of the functions of the data object utilization unit 111.

The Jv environment execution unit 110 instructs the data object utilization unit 111 to perform a data object 195 and a data utilization method “screen output”.
The data object utilization unit 111 activates the data object access control unit 112 and makes an inquiry about availability (S201).
The data object access control unit 112 determines whether the data attribute of the inquired data object, the access control table 196, and the API that has received the availability determination are Graphics # drawString () (S202). .
Here, a description will be given using the data attributes shown in FIG. 3 and the example of the access control table 196 shown in FIG.
In FIG. 4, an attribute necessary for using the Graphics # drawString () API is a screen display attribute (Displayable). In FIG. 3, the data has a data attribute indicating that the screen can be displayed. Therefore, the data object access control unit 112 determines that the Graphics # drawString () API can be used to use the data included in the data object based on the data attribute and the access control table 196 (S202). .
When the data object access control unit 112 determines that the data can be used, the data object use unit 111 uses the data instructed from the Jv environment execution unit 110. In the above example, the data object utilization unit 111 performs screen display (S204).
When the data object access control unit 112 determines that the data cannot be used, the data object utilization unit 111 returns an error to the Jv environment execution unit 110, and the Jv environment execution unit 110 returns an error to the Jv program 192. In the above example, the display of the data attribute shown in FIG. 3 is 0, that is, the screen cannot be displayed, and the data object access control unit 112 determines that the data cannot be used (S205).

  As described above, the risk of data leakage etc. is avoided not only for data pre-recorded in the mobile phone 100, that is, pre-installed data, but also for data newly acquired from the external device 200. Can be processed.

Further, by acquiring not only data but also data attributes from the external device 200, it is possible to deal with various external devices 200 without being bound by a mobile phone manufacturer or a carrier.
Furthermore, the intention of the creator of data acquired from the external device 200 can be reflected in the data handling.
In addition, it is possible to always acquire data attributes for each data.

Embodiment 2. FIG.
In the first embodiment, the mechanism in which the Jv program 192 does not illegally use or leak the data in the telephone directory has been described. However, in principle, this trusts the Jv execution environment and the mobile phone in which the Jv execution environment is incorporated. It is based on the premise that
That is, the mobile phone and the Jv execution environment are considered to be in the same security domain as a security domain indicating a range that satisfies a certain security standard.
On the other hand, the Jv program does not exist in the same security domain and cannot be trusted.

However, even if the Jv program is downloaded and installed from the network, if the Jv program is a verified Jv program that has not been tampered with or a Jv program that is installed from the beginning of the mobile phone, the Jv program It is possible to include programs in the same security domain.
In other words, a method of accessing the data by trusting the Jv program can be considered. This will be described below as a second embodiment.

FIG. 9 is a system configuration diagram according to the second embodiment.
Here, a configuration different from the system configuration described in the first embodiment will be described, and the other configuration is assumed to be the same as the system configuration of the first embodiment.
The data object access control unit 112 includes a program attribute acquisition unit 114.
The program storage unit 191 stores the Jv program 192 and the program attributes of the Jv program 192 in association with each other. As a storage method, for example, a program attribute may be included in the Jv program 192, or a control table in which the Jv program 192 is associated with the program attribute may be stored.
The program attribute acquisition unit 114 acquires the program attribute of the Jv program 192 from the program storage unit 191.
Further, as shown in FIG. 10, the access control information storage unit 193 stores the API and the program attribute of the program executing the API in association with the data attribute necessary for executing the API.
The data object access control unit 112 determines whether or not the data in the data object 195 can be used by the API based on the program attribute acquired by the program attribute acquisition unit 114 and the access control table 196.
The mobile phone 100 can perform access control according to the attributes of the program according to each configuration.

In the access control table 196 shown in FIG. 10, the program attributes are installed from the beginning (pre-install), installed from the network (install from network), and installed from an external device as program attributes ( The installation source device (installation device), the installation source URL (Uniform Resource Locator) when installed from the network, and the device ID (IDentification) when installed from an external device are shown.
Each API has different required data attributes depending on the program attributes. However, the necessary data attributes may be the same.

When the data object access control unit 112 determines the availability, the program attribute acquisition unit 114 acquires the attribute of the program, and determines the availability according to the attribute according to the access control table 196 of FIG. I will give you.
This makes it possible to control access to the data object in accordance with not only the data attribute but also the attribute of the program to be used.

Next, different access control of the data object access control unit 112 will be described.
First, installation of the Jv program 192 from the external device 200 will be described.
For example, in a USB device or the like, there is an identifier composed of the manufacturer ID, product ID, and the like of the device. Assume that the external device 200 includes the external device storage unit 290 and stores the Jv program 192. When the Jv program 192 is downloaded and installed from an external device, if the Jv program 192 and the data used by the Jv program 192 are downloaded from the external device having the same ID, the Jv program 192 trusts the data used. It is possible to perform processing such as being deemed possible. Further, an embodiment is also conceivable in which the IDs are not necessarily the same, but may be the same manufacturer ID. This is because the external device 200 to be used and the Jv program 192 can be considered to be in the same security domain.

That is, the storage information acquisition unit 130 acquires an attribute including each ID indicating the download source external device 200 for each of the data and the program, stores the attribute in the storage unit, and the data object access control unit 112 executes the execution. Each ID included in the program attribute of the program to be executed is compared with each ID included in the data attribute of the data used by the program. As a result of comparison, all IDs match, manufacturer IDs match, etc. It may be determined whether or not data access is possible.
As a result, it is possible to control access to the data object in accordance with not only the data attribute but also the attribute of the program to be used.

Embodiment 3 FIG.
In the third embodiment, a case will be described in which access control is performed based on a difference in security level between an information processing apparatus and a program.
Here, it is assumed that the external device has an authentication processing unit that performs an authentication process using a password.
As a method of using the authentication processing by the authentication processing unit, a method of performing authentication when an external device is connected to a mobile phone, a method of performing authentication when a Jv program that uses the external device is started, Possible methods include authentication when the program uses an external device.
In addition, when the Jv program is activated and when the Jv program uses an external device, there is a method of authenticating only the use of the external device by the Jv program, or authentication between the mobile phone and the external device. Since it has been established, there is a method for authenticating the use of an external device from any Jv program.
In this way, a security level can be considered by performing authentication processing between the external device and the mobile phone or between the external device and the Jv program to establish a trust relationship.

Other trust relationships are also possible. In the case of a mobile phone, it is generally difficult to change the stored program by the hand of the mobile phone user. On the other hand, in the case of a personal computer, program change is relatively easy.
In this way, a security level can be considered as to whether a program can be easily modified by an information processing apparatus connected to an external device.

FIG. 11 is a system configuration diagram according to the third embodiment.
Here, a configuration different from the system configuration described in the first embodiment will be described, and the other configuration is assumed to be the same as the system configuration of the first embodiment.

  In the external device 200, the authentication processing unit 220 receives authentication request information via the in-device connection unit 210, performs authentication processing, and returns authentication information as an authentication processing result.

In the mobile phone 100, the authentication request unit 140 transmits authentication request information to the external device 200 via the in-device connection unit 120 to make an authentication request, and stores the acquired authentication information in the authentication information storage unit 198.
The authentication information includes, for example, information indicating when the authentication processing is performed, such as when the external device 200 is connected, when the Jv program is started, and when the external device is used. Is included. The timing of the authentication process may be other timing.
The device attribute storage unit 197 stores device attributes of the information processing device. In the device attribute, the type of the information processing device such as “mobile phone” or “personal computer” is stored as the program modification ease.
The program storage unit 191 stores a program and a program attribute of the program in association with each other. For example, the storage method may include a program attribute in the program, or may store a control table in which the program is associated with the program attribute. The program attribute stores, for example, a program type such as “Jv program” or “native program” as the program modification ease.
The storage information acquisition unit 130 includes a program attribute acquisition unit 131 that acquires program attributes from the program storage unit 191, a device attribute acquisition unit 132 that acquires device attributes from the device attribute storage unit 197, and authentication information from the authentication information storage unit 198. And an authentication information acquisition unit 133 for acquiring.

FIG. 12 is a flowchart showing a method for generating the data object 195 in the third embodiment.
In FIG. 12, first, the storage information acquisition unit 130 activates the device attribute acquisition unit 132, the program attribute acquisition unit 131, and the authentication information acquisition unit 133, and acquires device attributes, program attributes, and authentication information (S301).
Next, the storage information acquisition unit 130 generates and outputs request information for requesting data and data attributes to the external device 200 via the in-device connection unit 120. The request information includes device attributes, program attributes, and authentication information (S302).
The external device 200 outputs the data indicated in the request information and the data attribute corresponding to the data attribute corresponding to the device attribute, the program attribute, and the authentication information to the mobile phone 100 (S303).

Here, the external device 200 stores, for example, a control table as shown in FIG. 13 for each data in the external device storage unit 290 in order to output data attributes corresponding to device attributes, program attributes, and authentication information. To do.
In FIG. 13, the control table has items of device attribute, program attribute, and authentication information as the security level, and the data attribute of the data is set for the security level.

Next, the storage information acquisition unit 130 stores data and data attributes acquired from the external device 200 in the data storage unit 194 (S304).
The data object generation unit 113 generates a data object in which the data stored in the data storage unit 194 is associated with the data attribute, and stores the data object in the data storage unit 194 (S305).

  As described above, by changing the data attribute according to the security level of the information processing apparatus, the program, and the authentication process, it is possible to control access to the data object as necessary.

  In the above description, the data attribute is changed with respect to the security level of the information processing apparatus, the security level of the program, and the security level of the authentication process. However, the data attribute may be changed according to any security level.

Embodiment 4 FIG.
Usually, the data attribute and the handling thereof are determined by the intention (setting) of the designer of the mobile phone 100 or the external device 200. However, it is a mobile phone user who owns and uses the mobile phone 100, and there may be a user who wants to handle data that is not restricted by the handling at his / her own risk. Or, conversely, it may be necessary to handle data more strictly than the data handling assumed by the mobile phone 100 or the external device 200 when used in a company.

  In view of this, a description will be given below of adding a changeable attribute to the data attribute so that the useable attribute can be changed for data having the changeable attribute.

FIG. 14 is a system configuration diagram according to the fourth embodiment.
Here, a configuration different from the system configuration described in the first embodiment will be described, and the other configuration is assumed to be the same as the system configuration of the first embodiment.
The Jv environment execution unit 110 includes a data attribute change unit 115 that changes a data attribute included in a data object stored in the data storage unit 194.

FIG. 15 is a diagram illustrating data attributes according to the fourth embodiment.
In FIG. 15, the data attribute includes an attribute about changeable.

  When change request data indicating a data attribute change request is input from the user, the Jv environment execution unit 110 activates the data attribute change unit 115. The data attribute change unit 115 refers to the changeable attribute of the data requested to be changed, and determines whether the data attribute can be changed. If the data attribute can be changed as a result of the determination, the data attribute changing unit 115 changes the data attribute according to the change request data.

  In the above description, the data attribute is changed by the data attribute changing unit 115 controlled by the Jv environment executing unit 110. However, the change method may be any method such as a method of changing in the Jv execution environment, a method of changing by an arbitrary user program other than the Jv execution environment. In addition to the changeable attribute, the changeable attribute also has an attribute such as whether it can be changed arbitrarily or can be changed only for stricter handling. Is it possible to change the data attribute based on this changeable attribute? You may judge.

  Thereby, the user can change the data attribute without losing the security of the data, and the convenience for the user is improved.

Embodiment 5. FIG.
In the case where the user changes the handling of data, a mode different from the fourth embodiment will be described below.
In the fifth embodiment, the data handling is changed by changing the access control table 196.
In this case, as illustrated in FIG. 16, the Jv environment execution unit 110 includes an access condition change unit 116. The access condition changing unit 116 changes data attributes necessary for executing the API indicated by the access control table 196 stored in the access control information storage unit 193.
As in the fourth embodiment, the access control table 196 may be changed by any method such as a method for changing on the Jv execution environment and a method for changing by an arbitrary user program other than the Jv execution environment.

  The change of the access control table 196 includes, for example, deleting InternetExptable from the data attribute necessary for executing Object # to String () in FIG. 4 or adding Printable to the data attribute required for executing Graphics # DrawString () That is.

  Since the access control table 196 can be changed, user convenience is improved.

In each of the above embodiments, the information processing apparatus that executes the Java (registered trademark) program has been described.
However, the information processing apparatus is not limited to Java (registered trademark) and may execute other object-oriented programs.
In addition, the program may be written in any language such as C language or Perl (Practical Extraction and Report Language), and the data and data attributes may not be stored as data objects. Data and data attributes may be associated with each other. In this case, for example, a storage unit that stores a control table in which data and data attributes are associated may be provided.

  In addition, each component and each process described in each embodiment may be used in combination.

2 is a hardware configuration diagram of the information processing apparatus according to Embodiment 1. FIG. 1 is a system configuration diagram according to Embodiment 1. FIG. FIG. 4 shows data attributes in the first embodiment. [Fig. 10] is a diagram showing an access control table 196 in the first embodiment. [Fig. 10] is a diagram showing an access control table 196 in the first embodiment. FIG. 5 shows data and data attributes in the first embodiment. 5 is a flowchart showing a method for generating a data object 195 in the first embodiment. 5 is a flowchart showing a method for using a data object 195 in the first embodiment. The system block diagram in Embodiment 2. FIG. FIG. 10 shows an access control table 196 in the second embodiment. FIG. 9 is a system configuration diagram according to Embodiment 3. 10 is a flowchart showing a method for generating a data object 195 in the third embodiment. The figure which shows the control table which matches the security level and data attribute in Embodiment 3. FIG. FIG. 9 is a system configuration diagram according to the fourth embodiment. FIG. 10 shows data attributes in the fourth embodiment. FIG. 10 is a system configuration diagram in the fifth embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 100 Mobile phone, 110 Jv environment execution part, 111 Data object utilization part, 112 Data object access control part, 113 Data object generation part, 114 Program attribute acquisition part, 115 Data attribute change part, 116 Access condition change part, 120 In apparatus Connection unit, 130 Storage information acquisition unit, 131 Program attribute acquisition unit, 132 Device attribute acquisition unit, 133 Authentication information acquisition unit, 140 Authentication request unit, 191 Program storage unit, 192 Jv program, 193 Access control information storage unit, 194 Data Storage unit, 195 Data object, 196 Access control table, 197 Device attribute storage unit, 198 Authentication information storage unit, 200 External device, 210 In-device connection unit, 220 Authentication processing unit, 290 External device storage unit, 901 Display device , 902 input unit, 904 medium attachment unit, 911 CPU, 912 Bus, 913 ROM, 914 RAM, 915 communication board, 920 a magnetic disk device, 921 OS, 923 programs, 924 files.

Claims (11)

First data attribute indicating whether data can be printed, second data attribute indicating whether data can be displayed on the screen, and third data indicating whether data can be saved A data storage unit that stores at least one data attribute and data of the fourth data attribute indicating whether or not the attribute and the data can be transmitted ;
A program storage unit for storing a program including an instruction code;
An access that associates and stores an instruction code for accessing data and at least one of the first data attribute to the fourth data attribute as an access condition for allowing the instruction code to access the data A control information storage unit;
A program execution unit for executing a program stored in the program storage unit;
The data attribute associated with the data accessed by the instruction code included in the program executed by the program execution unit is acquired from the data storage unit, and the instruction code stored in the access control information storage unit is associated with the data attribute. And an access determination unit that determines whether the instruction code can access the data based on the information processing apparatus. The program storage unit is
A first program attribute indicating that the program is installed in advance, a second program attribute indicating that the program is installed from an external device, and a third program attribute indicating that the program is installed from the network Is stored in association with one of the program attributes and
The access control information storage unit
In the instruction code and the data attribute, any one of the first program attribute, the second program attribute, and the third program attribute is set as an access condition for allowing the instruction code to access the data. Memorize it,
The access determination unit
A program attribute associated with a program executed by the program execution unit is acquired from the program storage unit , and a data attribute associated with data accessed by an instruction code included in the program executed by the program execution unit is obtained. Determining whether the instruction code can access the data based on the association between the instruction code, the data attribute, and the program attribute acquired from the data storage unit and stored in the access control information storage unit The information processing apparatus according to claim 1. The information processing apparatus further includes:
Data attribute is acquired from the external device via the in-device connection unit and the in-device connection unit connected to the external device that stores the data attribute, and the acquired data attribute is stored in the data storage unit in association with the data attribute data The information processing apparatus according to claim 1, further comprising a storage information acquisition unit configured to perform storage information acquisition. The stored information acquisition unit
The data and the data attribute of the data are acquired from the external device via the in-device connection unit, and the acquired data and the data attribute are associated with each other and stored in the data storage unit. Information processing device. The information processing apparatus further includes:
An external device that stores data, an external device that stores data attributes, an external device that stores programs, an in-device connection unit that communicates with external devices that store program attributes, and an external device that is identification information of external devices that store data Data attribute including identifier, program attribute including external device identifier that is identification information of external device storing program, data and program are acquired from external device via in-device connection unit, and acquired data and data attribute A storage information acquisition unit that stores the acquired program and program attributes in association with each other and stores them in the program storage unit,
The access determination unit
The program attribute of the program executed by the program execution unit is acquired from the program storage unit, and the data attribute of the data accessed by the instruction code included in the program executed by the program execution unit is acquired from the data storage unit. The external device identifier included in the program attribute is compared with the external device identifier included in the data attribute, and it is determined whether the instruction code can access the data based on the comparison result. The information processing apparatus described. The data storage unit is
Stores data attributes including changeable information indicating whether data attributes can be changed,
The information processing apparatus further includes:
Data attribute change request information is input, the data attribute indicated by the input data attribute change request information is acquired from the data storage unit, changeable information included in the acquired data attribute is determined, and changeable information can be changed the information processing apparatus according to any one of claims 1 to claim 5, characterized in that a data attribute change unit for changing the data attribute based on the data attribute change request information to indicate. The information processing apparatus further includes:
An access condition change unit that inputs access condition change request information and changes an access condition stored in the access control information storage unit based on the input access condition change request information is provided. The information processing apparatus according to claim 6 . The information processing apparatus information processing apparatus according to any claims 1 to 7, characterized in that a mobile telephone. The program storage unit is a Java (registered trademark) The information processing apparatus according to any one claims 1 to 8, characterized in that for storing programs written in a programming language. First data attribute indicating whether data can be printed, second data attribute indicating whether data can be displayed on the screen, and third data indicating whether data can be stored A data storage step of storing in the storage unit the data attribute and the data in association with at least one of the fourth data attribute indicating whether the attribute and the data can be transmitted ;
A program storage step of storing a program including an instruction code in a storage unit;
An instruction code for accessing data is associated with at least one data attribute from the first data attribute to the fourth data attribute as an access condition for allowing the instruction code to access the data in the storage unit. An access control information storage step for storing;
A program execution step for executing the program stored in the program storage step;
The data attribute associated with the data accessed by the instruction code included in the program executed in the program execution step is acquired from the storage unit, and the instruction code stored in the access control information storage step is associated with the data attribute. An information processing method for an information processing apparatus, comprising: an access determination step of determining whether or not an instruction code can access data based on the result and storing the determination result in a storage unit. A program for causing a computer to execute the information processing method according to claim 10 .

Images