JP5958896B2 - Information processing apparatus and program - Google Patents

Description

  The present invention relates to an information processing apparatus that performs processing for controlling execution of an application program interface (API) by an application. The present invention also relates to a program for causing a computer to function as the information processing apparatus.

  Portable information terminals called smartphones that use an open platform using a general-purpose OS (operating system) have become widespread. As a general-purpose OS installed in smartphones, Android (registered trademark), which has abundant APIs that are a set of instructions and functions for using information and functions managed by terminals, is attracting attention. . As an example, this specification describes a smartphone equipped with an Android (registered trademark) OS.

  A smartphone is a platform that allows anyone to freely develop and publish applications and allow users to freely install published applications. By introducing a published application to a smartphone, various functions of the smartphone can be expanded flexibly and easily.

  In Android (registered trademark), function groups and information groups used by applications are defined as permissions. The permission is an authority relating to use of functions / information in the terminal capable of executing the application and change of settings. When installing an application, the user is notified (declared) of the permissions used by the application, and the user determines whether or not the application can be installed. After the application is installed, the application operates within the range permitted by the permissions declared at the time of installation. As described above, there is a mechanism for restricting the operation of the application based on the permission.

  However, all applications can easily acquire information that exists in the terminal once the permission regarding the acquisition of information is declared and the permission is approved by the user. According to a report on the usage status of application permissions published on a given website, the usage rate of permissions to read the contents of the phone book is 11%, the usage rate of permissions to read location information is 27%, and the phone number of the smartphone And the usage rate of permission to read SIM (Subscriber Identity Module) information is 58% (see Non-Patent Document 1). In other words, many applications published on a given website may leak confidential information such as location information and telephone numbers.

  In order to combat unauthorized applications, vendors have released anti-virus software that supports Android (registered trademark). However, it is actually difficult to detect unauthorized applications with such software, and there are many false negatives at present. Non-Patent Document 2 describes a technique for detecting an illegal operation of an application.

Eiyuki Sugawara, ITmedia, “Restrictions on Security Measured Software as Seen from Android OS”, [online], December 26, 2011, ITmedia, [March 27, 2012 search], Internet <URL: http: / /www.itmedia.co.jp/enterprise/articles/1112/26/news015.html> Harunobu Uematsu, Junya Kagi, Kohei Nasaka, Hideaki Kawabata, Takamasa Sugawara, Keisuke Takemori, Masakatsu Nishigaki, “Proposal of ADMS to develop and manage secure Android apps”, Computer Security Symposium 2011, Session 3D3- 4, October 2011

  As described above, the application can easily acquire information existing in the terminal by declaring the permission regarding the acquisition of information. Hereinafter, with reference to FIG. 19, the flow of processing when the application acquires and displays the confidential information of the terminal will be described.

  The application calls an information acquisition API, which is an API for acquiring confidential information stored in the terminal (step S900). The called information acquisition API acquires confidential information from a predetermined location in the terminal (step S905). The information acquisition API that acquired the confidential information returns the acquired confidential information to the application (step S910). The application that has received the confidential information calls a display API that is an API for displaying the information (step S915). The called display API displays confidential information (step S920) and returns the processing result to the application (step S925).

  In the above processing, confidential information is notified to the application in step S910. As described above, in the current specification, since an application can easily acquire confidential information, an immediate countermeasure is desired.

  The present invention has been made in view of the above-described problems, and an object thereof is to provide an information processing apparatus and a program that can restrict use of information by an application.

The present invention has been made to solve the above-described problems, and includes a storage unit and a control unit, and the control unit is a first API for acquiring first information stored in a terminal by an application. When executing (Application Program Interface) at a first time point, an information acquisition step of acquiring the first information, the acquired first information, and a second different from the first information An information storage step of storing information in the storage unit, a reply step of returning the second information to the application, and a second time point after the first time point, the application An information reading step of reading the first information associated with the specified second information from the storage unit when specifying information and executing a second API different from the first API When Information processing and executes and a processing step of returning to said application processing result does not include the have line processing of the second API, the first information using the first information read Device.

  In the information processing apparatus of the present invention, the control unit executes a first control unit that executes the information acquisition step, the reply step, and the processing step, and the information storage step and the information reading step. And a second control unit.

In addition, the information processing apparatus of the present invention further includes a notification unit that notifies the user, and the information reading step is performed by the application at the second time point after the first time point. A step of reading out the first information associated with the specified second information from the storage unit when trying to execute a second API different from the first API by designating A notification step for notifying the user via the notification unit, and in the processing step, the first information that has been read out is obtained only when the user's permission is obtained after notifying the user. There line processing of the second API used, and wherein the returning the processing result not including the first information to the application.

In the present invention, the first information stored in the terminal and the second information different from the first information are associated with each other and stored in a storage area prepared corresponding to the first information. A storage unit, and a control unit, wherein the control unit is configured to execute a first API (Application Program Interface) for acquiring the first information at a first time point when the application acquires the first information. A first information reading step of reading the second information from a storage area corresponding to the first information of the storage unit; a replying step of returning the read second information to the application; and the first information The second information specified when the application specifies the second information and executes a second API different from the first API at a second time after the time Associated with A second information read step of reading information from the storage unit, read the first information have line processing of the second API with the first information does not include the processing result the application An information processing apparatus characterized by executing the processing steps returned to

  In the information processing apparatus of the present invention, the control unit executes a first control unit that executes the reply step and the processing step, and executes the first information reading step and the second information reading step. And a second control unit.

In addition, the information processing apparatus of the present invention further includes a notification unit that notifies the user, and the first information reading step includes the first information reading step at a second time point after the first time point. Reading out the first information associated with the specified second information from the storage unit when the second API different from the first API is specified by specifying the information of 2 And a notification step for notifying the user via the notification unit. In the processing step, the first read-out is performed only when the user's permission is obtained after notifying the user. There line processing of the second API with the information, and wherein the returning the processing result not including the first information to the application.

  In the information processing apparatus according to the present invention, different UIDs (User IDs) are given to the application and the second control unit.

  In the information processing apparatus according to the present invention, the notifying step notifies the user of the read first information.

Further, according to the present invention, when an application tries to execute a first API (Application Program Interface) for acquiring first information stored in a terminal at a first time point, the first API An information acquisition step of performing processing to acquire the first information, an information storage step of storing the acquired first information and second information different from the first information in association with each other in a storage unit; A second step of returning the second information to the application and a second time point after the first time point, wherein the application designates the second information and differs from the first API. When trying to execute the API of 2, the information reading step of reading the first information associated with the specified second information from the storage unit, and using the read first information First There line processing of API in a program for executing the processing result does not include the first information and the processing steps return to the application, to the computer.

Also, the present invention provides the first information when the application tries to execute a first API (Application Program Interface) for acquiring the first information stored in the terminal at a first time point. From the storage area corresponding to the first information of the storage unit associated with the second information different from the first information and stored in the storage area prepared corresponding to the first information In a first information reading step for reading the second information, a reply step for returning the read second information to the application, and a second time point after the first time point, the application When specifying second information and executing a second API different from the first API, the first information associated with the specified second information is read from the storage unit. Second information And step out look to execute the process steps returning read had row processing of the first information the second API with the processing result does not include the first information to the application, to a computer It is a program for.

  According to the present invention, the application does not directly refer to the first information stored in the terminal, but refers to the second information different from the first information, thereby limiting the use of the information by the application. can do.

It is a block diagram which shows the structure of the information processing apparatus by the 1st Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 1st Embodiment of this invention. It is a reference diagram which shows the information preserve | saved at the memory | storage part of the information processing apparatus by the 1st Embodiment of this invention. It is a reference figure which shows the information displayed on the display part of the information processing apparatus by the 1st Embodiment of this invention. FIG. 3 is a reference diagram illustrating an OS code in the first embodiment of the present invention. FIG. 3 is a reference diagram illustrating an OS code in the first embodiment of the present invention. FIG. 3 is a reference diagram illustrating an OS code in the first embodiment of the present invention. It is a block diagram which shows the structure of the information processing apparatus by the 2nd Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 2nd Embodiment of this invention. It is a reference figure which shows the information displayed on the display part of the information processing apparatus by the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the information processing apparatus by the 3rd Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 3rd Embodiment of this invention. It is a block diagram which shows the structure of the information processing apparatus by the 4th Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 4th Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 5th Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 6th Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 7th Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the information processing apparatus by the 8th Embodiment of this invention. It is a flowchart which shows the flow of a process when an application acquires and displays confidential information.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In this specification and drawings, for convenience, the character string “android (registered trademark)” is substituted with the character string “* andrd *” and the character string “java (registered trademark)” is substituted with the character string “* jv *” as necessary. ing. That is, the character string * andrd * is equivalent to the character string android (registered trademark), and the character string * jv * is equivalent to the character string java (registered trademark).

(First embodiment)
First, a first embodiment of the present invention will be described. FIG. 1 shows the configuration of the information processing apparatus according to the present embodiment. The information processing apparatus of the present embodiment is configured as a device such as a smartphone in which Android (registered trademark) is mounted on the OS. As illustrated in FIG. 1, the information processing apparatus includes an application 10, a control unit 11, a storage unit 12, and a display unit 13.

  The application 10 is an SMS client application or the like, and performs various processes defined as application processes. The control unit 11 controls API execution in response to a request from the application 10. The control unit 11 includes an information acquisition API execution unit 11a and a display API execution unit 11b. The information acquisition API execution unit 11a executes an information acquisition API that is an API for acquiring confidential information stored in the information processing apparatus (terminal). The display API execution unit 11b executes a display API that is an API for displaying information. The information acquisition API is getLine1Number of the TelephonyManager class. The display API is setText of the TextView class. The API is a method, but the method noted in this embodiment is described as an API in order to distinguish it from other methods.

  The storage unit 12 is configured by a volatile or non-volatile memory, and stores an OS program, an application program, various data used by the information processing apparatus, and the like. The storage unit 12 may be a combination of a volatile memory and a nonvolatile memory. The display unit 13 displays various information.

  In the OS program of this embodiment, new code necessary for the operation of the control unit 11 is added to the code defining the existing class provided by the application framework. That is, the OS program of the present embodiment includes a code that defines the operation of the control unit 11.

  The code that defines the operation of the control unit 11 is added to the existing OS source program, the OS source program is modified, and the modified source program is assembled (compiled) to modify The executed OS execution program (execution file) is generated. The OS execution program generated in this way is installed in the information processing apparatus. The control unit 11 is activated when the OS is activated in the information processing apparatus.

  The control unit 11 records the OS program of the present embodiment on a computer-readable recording medium, causes the computer (information processing apparatus of the present embodiment) to read and execute the program recorded on the recording medium. Performs the process specified by the program.

  Here, the “computer” includes a homepage providing environment (or display environment) if the WWW system is used. The “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, a DVD-ROM, and a flash memory, and a storage device such as a hard disk built in the computer. Say. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included.

  The program described above may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the above-described program may be for realizing a part of the above-described function. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  Next, the operation of the information processing apparatus of this embodiment will be described. FIG. 2 shows the flow of processing when the information processing apparatus displays confidential information.

  At a certain first time, the application 10 calls an information acquisition API (step S100). The information acquisition API execution unit 11a detects that the information acquisition API has been called, and acquires confidential information from a predetermined location in the information processing apparatus (step S105). The confidential information includes a telephone number, a terminal identification number, a SIM number, country information, call history, telephone book data, location information, received mail content, calendar information, and the like. Further, the information acquisition API execution unit 11a acquires dummy information (step S110). The dummy information is not confidential information to be concealed but information that may be notified to the application 10 (for example, a random number). The acquisition of the dummy information in step S110 may be either reading out the dummy information generated in advance and stored in a predetermined location in the information processing apparatus, or newly generating dummy information.

  The information acquisition API execution unit 11a that has acquired the dummy information and the confidential information associates the acquired information with each other and stores them in the storage unit 12 (step S115). FIG. 3 shows an example of information stored in the storage unit 12. One dummy information (key0, etc.) and one confidential information (telephone number, etc.) are associated in pairs, and combinations of the dummy information and confidential information are stored as a table.

  After storing the dummy information and the confidential information, the information acquisition API execution unit 11a returns the dummy information to the application 10 (step S120). In FIG. 19, confidential information is returned to the application, but in FIG. 2, dummy information is returned to the application 10 instead of confidential information. Subsequently, at a second time, the application 10 calls the display API by specifying dummy information as an argument (step S125). One or a plurality of dummy information may be designated. At this time, the dummy information is notified from the application 10 to the display API execution unit 11b.

  The display API execution unit 11b detects that the display API has been called, and reads confidential information corresponding to the same dummy information as the dummy information notified from the application 10 from the storage unit 12 (step S130). For example, in the example of FIG. 3, when key 0 is notified from the application 10, the telephone number is read from the table, and when key 1 is notified from the application 10, the terminal identification number is read from the table.

  The display API execution unit 11b that has read the confidential information displays the read confidential information on the display unit 13 (step S135). FIG. 4 shows an example of confidential information displayed on the display unit 13. Confidential information 400 such as a telephone number is displayed on the screen of the display unit 13. After displaying the confidential information, the display API execution unit 11b returns the processing result to the application 10 (step S140).

  In the above processing, dummy information is notified to the application 10 and confidential information is not notified. Therefore, it is possible to prevent the application 10 from directly using confidential information.

  Next, an example of code (source code) for realizing the operation of the control unit 11 in the present embodiment will be described. FIG. 5 shows an example of a class code to be added to an existing application framework of the OS. Code 500 describes a table for managing dummy information and confidential information. Code 510 describes a method (secretinsert) for storing dummy information and confidential information in a table. Code 520 describes a method (secretsearch) for searching confidential information from a table using dummy information as a search key.

  FIG. 6 shows an example in which the code of getLine1Number that is the information acquisition API of the existing TelephonyManager class is changed in the existing application framework of the OS. Code 600 describes that dummy information and confidential information are acquired, dummy information and confidential information are stored in a table by the method (secretinsert) shown in FIG. 5, and dummy information (key0) is returned.

  FIG. 7 shows an example in which the code of setText which is the display API of the existing TextView class is changed in the existing application framework of the OS. In FIG. 7, a part of the code is omitted. The contents described in the code 700 will be described below. The variable text is an argument of setText and indicates the character string to be displayed. indexOf ("key0") is a method that returns the position where the character key0 first appears in the string as the number of characters (starting from 0), and returns -1 if the character key0 does not appear in the string is there. The condition “indexOf (“ key0 ”)!” = − 1 ”indicates that the character key0 appears in the variable text. Therefore, when the dummy information key0 exists in the variable text, that is, the character string to be displayed, the secret information corresponding to the dummy information key0 is retrieved from the table by the method (secretsearch) shown in FIG. The dummy information in the column is replaced with confidential information.

  As described above, according to the present embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information. Therefore, information leakage can be prevented.

(Second Embodiment)
Next, a second embodiment of the present invention will be described. In the first embodiment, an example is shown in which confidential information is displayed. In the second embodiment, an example in which confidential information is written to a memory card is shown. FIG. 8 shows the configuration of the information processing apparatus according to the present embodiment. In this embodiment, the control unit 11 has a write API execution unit 11c instead of the display API execution unit 11b, and an input unit 14 and a memory card 15 are provided. About another structure, it is the same as that of the structure of 1st Embodiment.

  The write API execution unit 11c executes a write API that is an API for writing a file. The write API is BufferedWriter class write, and you can write to the memory card by specifying the memory card as the storage location. The input unit 14 includes keys and buttons operated by the user, and notifies the control unit 11 of information input by the user. The memory card 15 is a portable storage medium that can be attached to and detached from the information processing apparatus, for example.

  Next, the operation of the information processing apparatus of this embodiment will be described. FIG. 9 shows a processing flow when the information processing apparatus stores confidential information in the memory card. Since the process of steps S200 to S220 is the same as the process of steps S100 to S120 in FIG. 2, the description of steps S200 to S220 is omitted.

  At a certain second time point, the application 10 calls the write API by specifying dummy information as an argument (step S225). One or a plurality of dummy information may be designated. At this time, the dummy information is notified from the application 10 to the write API execution unit 11c.

  When the write API is called, the write API execution unit 11c detects that the write API is called, and reads from the storage unit 12 confidential information corresponding to the same dummy information as the dummy information notified from the application 10 ( Step S230). Thereafter, a process for causing the user to confirm whether or not the confidential information may be stored in the memory card 15 is performed. The writing API execution unit 11c displays a message including the read confidential information on the display unit 13 and prompts the user to confirm (step S235).

  FIG. 10 shows an example of a message displayed on the display unit 13. A message 1010 that prompts the user to confirm is displayed on the screen of the display unit 13 together with confidential information 1000 such as a telephone number. Furthermore, a button 1020 for allowing the user to save the confidential information and a button 1030 for rejecting the user to save the confidential information are displayed on the screen of the display unit 13. The user operates the button 1020 or the button 1030 via the input unit 14 and inputs information indicating whether or not to permit storing of confidential information.

  Information is input via the input unit 14 by the user who has confirmed the message displayed on the display unit 13 (step S240). When information indicating that storage of confidential information is permitted is input, the writing API execution unit 11c writes the confidential information read from the storage unit 12 to the memory card 15 (step S245). When information indicating that the storage of confidential information is refused is input, the write API execution unit 11c may write the dummy information notified from the application 10 to the memory card 15, or the memory card 15 You may stop writing to. After writing the confidential information to the memory card 15, the write API execution unit 11c returns the processing result to the application 10 (step S250).

  In the above processing, dummy information is notified to the application 10 and confidential information is not notified. Further, even if the application 10 tries to store confidential information in the memory card 15 using a native method created independently without using the standard writing API of the OS, the application 10 uses the native information instead of the confidential information. Since the dummy information is notified, the dummy information is transferred from the application 10 to the native method, and the dummy information is stored in the memory card 15. Therefore, also in the present embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented.

  In a mechanism that restricts the operation of an application based on conventional permissions, the user cannot know when and how the permissions declared by the application are used by the application. Once the user grants permission to install the application, the user is not notified even if the application performs an operation that requires permission. Therefore, it is difficult for the user to notice damage such as information leakage.

  There is also a problem caused by a user's erroneous operation. For example, even if the user mistakenly presses a button for sending a message by SMS among the buttons displayed on the screen during the operation of the SMS client application, the message sending operation cannot be stopped. Therefore, from the viewpoint of usability, before the process using the API is performed, if the user can confirm the operation to be performed by the application and the user can select whether or not to execute the operation, there is a disadvantage caused by the user's erroneous operation. No longer occurs.

  In the present embodiment, when the confidential information is written to the memory card 15, the user can confirm whether or not the confidential information can be written. Furthermore, the user can determine whether to permit writing of confidential information after confirming the confidential information written in the memory card 15 on the display unit 13.

(Third embodiment)
Next, a third embodiment of the present invention will be described. In the present embodiment, an example of displaying confidential information is shown. FIG. 11 shows the configuration of the information processing apparatus according to the present embodiment. In the present embodiment, the control unit 11 includes an API execution control unit 11d in addition to the information acquisition API execution unit 11a and the display API execution unit 11b. The API execution control unit 11d controls the execution of the API when the information acquisition API and the display API are called. About another structure, it is the same as that of the structure of 1st Embodiment.

  In the present embodiment, a code that defines the processing executed by the information acquisition API execution unit 11a is added to the code of the TelephonyManager class that defines the information acquisition API, and the code of the TextView class that defines the display API is A code for defining a process executed by the display API execution unit 11b is added. Also, the process executed by the API execution control unit 11d for the code of the PackageManagerService class that manages the installation and uninstallation of the application and determines whether or not the appropriate permission is given to the application. Regulatory code has been added.

  The information acquisition API execution unit 11a and the display API execution unit 11b perform processing in the same process as the application 10 when the application 10 calls each of the information acquisition API execution unit 11a and the display API execution unit 11b. In Android (registered trademark), an ID that is different for each process, usually called UID (User ID), is given to the process, and resources cannot be shared between processes with different UIDs.

  In the present embodiment, in order to prevent the application 10 from directly accessing the table of the storage unit 12 to obtain confidential information, the process of the application 10 and the process of the API execution control unit 11d are given different UIDs, The API execution control unit 11d performs processing by a process different from that of the application 10. By the above, the security of confidential information can be improved.

  Next, the operation of the information processing apparatus of this embodiment will be described. FIG. 12 shows the flow of processing when the information processing apparatus displays confidential information.

  At a certain first time, the application 10 calls an information acquisition API (step S300). The information acquisition API execution unit 11a detects that the information acquisition API has been called, and acquires confidential information from a predetermined location in the information processing apparatus (step S305). Further, the information acquisition API execution unit 11a acquires dummy information (step S310).

  The information acquisition API execution unit 11a that has acquired the dummy information and the confidential information notifies the API execution control unit 11d of the acquired information and requests the API execution control unit 11d to store the information. Upon receiving the request, the API execution control unit 11d associates the dummy information and the confidential information notified from the information acquisition API execution unit 11a and stores them in the storage unit 12 (step S315).

  After the dummy information and the confidential information are stored, the information acquisition API execution unit 11a returns the dummy information to the application 10 (step S320). Subsequently, at a second time point, the application 10 calls the display API by specifying dummy information as an argument (step S325). At this time, the dummy information is notified from the application 10 to the display API execution unit 11b.

  The display API execution unit 11b detects that the display API has been called, notifies the API execution control unit 11d of the dummy information notified from the application 10, and requests the API execution control unit 11d to read the confidential information ( Step S330). Receiving the request, the API execution control unit 11d reads out confidential information corresponding to the same dummy information as the dummy information notified from the display API execution unit 11b from the storage unit 12 (step S335).

  The API execution control unit 11d that has read the confidential information notifies the display API execution unit 11b of the read confidential information. The display API execution unit 11b displays the notified confidential information on the display unit 13 (step S340). After displaying the confidential information, the display API execution unit 11b returns the processing result to the application 10 (step S345).

  In the above processing, dummy information is notified to the application 10 and confidential information is not notified. Therefore, also in the present embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented. Further, by allowing only the API execution control unit 11d that performs processing in a process different from the application 10 to access the table of the storage unit 12 in which the confidential information is stored, the security of the confidential information can be improved.

(Fourth embodiment)
Next, a fourth embodiment of the present invention will be described. In the present embodiment, an example in which confidential information is written to a memory card is shown. FIG. 13 shows the configuration of the information processing apparatus according to the present embodiment. In the present embodiment, the control unit 11 includes an API execution control unit 11e in addition to the information acquisition API execution unit 11a and the write API execution unit 11c. The API execution control unit 11e controls the execution of the API when the information acquisition API and the display API are called. About another structure, it is the same as that of the structure of 2nd Embodiment.

  In the present embodiment, a code that defines the processing executed by the information acquisition API execution unit 11a is added to the code of the TelephonyManager class that defines the information acquisition API, and the code of the BufferedWriter class that defines the write API is A code defining a process executed by the write API execution unit 11c is added. In addition, a code that defines a process executed by the API execution control unit 11e is added to the code of the PackageManagerService class.

  The information acquisition API execution unit 11a and the write API execution unit 11c perform processing in the same process as the application 10 when the application 10 calls each of the information acquisition API execution unit 11a and the write API execution unit 11c. Also in this embodiment, in order to prevent the application 10 from directly accessing the table of the storage unit 12 to acquire confidential information, the process of the application 10 and the process of the API execution control unit 11e are given different UIDs. The API execution control unit 11e performs processing by a process different from that of the application 10. By the above, the security of confidential information can be improved.

  Next, the operation of the information processing apparatus of this embodiment will be described. FIG. 14 shows the flow of processing when the information processing apparatus displays confidential information. Since the process of steps S400 to S420 is the same as the process of steps S300 to S320 of FIG. 12, the description of steps S400 to S420 is omitted.

  At a certain second time point, the application 10 calls the write API by specifying dummy information as an argument (step S425). At this time, the dummy information is notified from the application 10 to the write API execution unit 11c.

  When the write API is called, the write API execution unit 11c detects that the write API has been called, notifies the API execution control unit 11e of the dummy information notified from the application 10, and executes the API for reading confidential information. The control unit 11e is requested (step S430). Receiving the request, the API execution control unit 11e reads confidential information corresponding to the same dummy information as the dummy information notified from the write API execution unit 11c from the storage unit 12 (step S435).

  Thereafter, a process for causing the user to confirm whether or not the confidential information may be stored in the memory card 15 is performed. The writing API execution unit 11c displays a message including the read confidential information on the display unit 13 and prompts the user to confirm (step S440).

  Information is input via the input unit 14 by the user who has confirmed the message displayed on the display unit 13 (step S445). The API execution control unit 11e notifies the write API execution unit 11c of the input information. When information indicating that storage of confidential information is permitted is input, the writing API execution unit 11c writes the confidential information read from the storage unit 12 to the memory card 15 (step S450). When information indicating that the storage of confidential information is refused is input, the write API execution unit 11c may write the dummy information notified from the application 10 to the memory card 15, or the memory card 15 You may stop writing to. After writing the confidential information to the memory card 15, the write API execution unit 11c returns the processing result to the application 10 (step S455).

  In the above processing, dummy information is notified to the application 10 and confidential information is not notified. Therefore, also in the present embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented. Further, by allowing only the API execution control unit 11e that performs processing by a process different from the application 10 to access the table of the storage unit 12 in which the confidential information is stored, the security of the confidential information can be improved.

  Further, when the confidential information is written to the memory card 15, it is possible to make the user confirm whether or not the confidential information may be written. Furthermore, the user can confirm the confidential information written in the memory card 15 on the display unit 13 and decide whether to permit writing of the confidential information.

(Fifth embodiment)
Next, a fifth embodiment of the present invention will be described.

  In the first to fourth embodiments, a method may be adopted in which different dummy information is acquired each time the application accesses the confidential information for the first time after activation. For example, a random number is generated when the application A accesses the confidential information α, and thereafter, the application A temporarily uses the random number as the dummy information β. In this case, the dummy information β acquired when the application A accesses the confidential information α may be different from the dummy information γ acquired when the application B accesses the confidential information α. When the application is terminated, the dummy information acquired by the application is released from the memory. For this reason, the dummy information δ acquired when the application A is restarted after being temporarily terminated and the confidential information α is accessed again can be different from the dummy information β and γ.

  When the information processing apparatus is turned off, all applications are terminated, and the dummy information acquired by each application is released from the memory. Therefore, it is possible to use a volatile storage device for managing dummy information used by each application, and for example, it can be realized by coding using an array.

  On the other hand, a method in which the application acquires dummy information fixed for each confidential information is also possible, and this method will be described in the fifth embodiment. In this method, when the application accesses the same confidential information, the same dummy information is always notified to the application. Even when the information processing apparatus is turned off, dummy information corresponding to each confidential information is stored in the information processing apparatus. In this method, it is possible to use a nonvolatile storage device for managing dummy information used by each application. For example, it can be realized by modifying an existing content provider.

  The present embodiment is a modification of the first embodiment, and the configuration of the present embodiment is the same as the configuration of the first embodiment (FIG. 1). In this embodiment, it is assumed that a table in which dummy information and confidential information are associated with each other is stored in advance in the storage unit 12 when a predetermined application executes the information acquisition API. For example, when a certain application acquires confidential information for the first time, a table in which dummy information and confidential information are associated is stored in the storage unit 12 by the processing of steps S100 to S115 in FIG. The dummy information and the confidential information are stored in a storage area prepared for each confidential information (or for each information acquisition API) in the storage unit 12. In the processing described later, when the information acquisition API is called, the information acquisition API is identified, and the storage area corresponding to the information acquisition API, that is, the storage area corresponding to the confidential information acquired by the information acquisition API is referred to. Is done.

  Next, the operation of the information processing apparatus of this embodiment will be described. FIG. 15 shows the flow of processing when the information processing apparatus displays confidential information.

  At a certain first time, the application 10 calls an information acquisition API (step S500). The information acquisition API execution unit 11a detects that the information acquisition API has been called, and reads dummy information from the storage area of the storage unit 12 corresponding to the confidential information acquired by the information acquisition API (step S505). The information acquisition API execution unit 11a returns the read dummy information to the application 10 (step S510). Since the subsequent processing in steps S515 to S530 is the same as the processing in steps S125 to S140 in FIG. 2, description of steps S515 to S530 is omitted.

  Also in this embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented.

(Sixth embodiment)
Next, a sixth embodiment of the present invention will be described. In the present embodiment, a method in which an application acquires dummy information fixed for each confidential information will be described. The present embodiment is a modification of the second embodiment, and the configuration of the present embodiment is the same as the configuration of the second embodiment (FIG. 8). In this embodiment, as in the fifth embodiment, a table in which dummy information and confidential information are associated with each other is stored in advance in the storage unit 12 when a predetermined application executes the information acquisition API. . The dummy information and the confidential information are stored in a storage area prepared for each confidential information (or for each information acquisition API) in the storage unit 12.

  FIG. 16 shows the flow of processing when the information processing apparatus stores confidential information in a memory card. Since the process of steps S600 to S610 is the same as the process of steps S500 to S510 of FIG. 15, the description of steps S600 to S610 is omitted. Moreover, since the process of step S615-S640 is the same as the process of step S225-S250 of FIG. 9, description is abbreviate | omitted about step S615-S640.

  Also in this embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented.

(Seventh embodiment)
Next, a seventh embodiment of the present invention will be described. In the present embodiment, a method in which an application acquires dummy information fixed for each confidential information will be described. This embodiment is a modification of the third embodiment, and the configuration of the present embodiment is the same as the configuration of the third embodiment (FIG. 11). In this embodiment, as in the fifth embodiment, a table in which dummy information and confidential information are associated with each other is stored in advance in the storage unit 12 when a predetermined application executes the information acquisition API. . The dummy information and the confidential information are stored in a storage area prepared for each confidential information (or for each information acquisition API) in the storage unit 12.

  Next, the operation of the information processing apparatus of this embodiment will be described. FIG. 17 shows the flow of processing when the information processing apparatus displays confidential information.

  At a certain first time, the application 10 calls an information acquisition API (step S700). The information acquisition API execution unit 11a detects that the information acquisition API has been called, and requests dummy information corresponding to the confidential information acquired by the information acquisition API from the API execution control unit 11d (step S705). The API execution control unit 11d reads the dummy information from the storage area of the storage unit 12 corresponding to the confidential information acquired by the information acquisition API that requested the dummy information (step S710). The information acquisition API execution unit 11a notifies the read dummy information to the information acquisition API execution unit 11a, and the information acquisition API execution unit 11a returns the dummy information to the application 10 (step S715). Since the subsequent processing of steps S720 to S740 is the same as the processing of steps S325 to S345 of FIG. 12, the description of steps S720 to S740 is omitted.

  Also in this embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented. Moreover, the security of confidential information can be improved.

(Eighth embodiment)
Next, an eighth embodiment of the present invention will be described. In the present embodiment, a method in which an application acquires dummy information fixed for each confidential information will be described. The present embodiment is a modification of the fourth embodiment, and the configuration of the present embodiment is the same as the configuration of the fourth embodiment (FIG. 13). In this embodiment, as in the fifth embodiment, a table in which dummy information and confidential information are associated with each other is stored in advance in the storage unit 12 when a predetermined application executes the information acquisition API. . The dummy information and the confidential information are stored in a storage area prepared for each confidential information (or for each information acquisition API) in the storage unit 12.

  FIG. 18 shows a processing flow when the information processing apparatus stores confidential information in the memory card. Since the processing of steps S800 to S815 is the same as the processing of steps S700 to S715 of FIG. 17, the description of steps S800 to S815 is omitted. Moreover, since the process of step S820-S850 is the same as the process of step S425-S455 of FIG. 14, description is abbreviate | omitted about step S820-S850.

  Also in this embodiment, the use of confidential information can be restricted so that the application 10 cannot directly use the confidential information, and information leakage can be prevented. Moreover, the security of confidential information can be improved.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the above-described embodiments, and includes design changes and the like without departing from the gist of the present invention. . For example, the information processing apparatus of each embodiment may be applied to a mobile phone terminal such as a smartphone, and the application destination may be an apparatus that operates on a general-purpose OS. It may be applied to cars and cars.

  DESCRIPTION OF SYMBOLS 10 ... Application, 11 ... Control part, 11a ... Information acquisition API execution part, 11b ... Display API execution part, 11c ... Write API execution part, 11d, 11e ... API execution control Part, 12 ... storage part, 13 ... display part, 14 ... input part, 15 ... memory card

Claims (10)

A storage unit and a control unit, the control unit,
An information acquisition step of acquiring the first information when the application attempts to execute a first API (Application Program Interface) for acquiring the first information stored in the terminal at a first time point; ,
An information storage step of storing the acquired first information and second information different from the first information in the storage unit;
A reply step of returning the second information to the application;
At a second time point after the first time point, the application specifies the second information, and when the application tries to execute a second API different from the first API, the specified An information reading step of reading out the first information associated with second information from the storage unit;
A processing step of returning have line processing of the second API by using the first information read, the processing result does not include the first information to the application,
An information processing apparatus characterized by executing The controller is
A first control unit that executes the information acquisition step, the reply step, and the processing step;
A second control unit for executing the information storing step and the information reading step;
The information processing apparatus according to claim 1, further comprising: A notification unit for notifying a user;
The information reading step includes
At a second time point after the first time point, the application specifies the second information, and when the application tries to execute a second API different from the first API, the specified A reading step of reading out the first information associated with second information from the storage unit;
A notification step of notifying the user via the notification unit,
In the processing step, after the notification to the user only when the user's permission has been obtained, it has row processing of the second API by using the first information read, the first information The information processing apparatus according to claim 1 , wherein a processing result not included is returned to the application . A storage unit that associates first information stored in a terminal with second information different from the first information and stores the first information in a storage area prepared in correspondence with the first information; and a control And the control unit comprises:
When an application tries to execute a first API (Application Program Interface) for acquiring the first information at a first time point, the application starts from the storage area corresponding to the first information in the storage unit. A first information reading step for reading the information of 2;
A response step of returning the read second information to the application;
At a second time point after the first time point, the application specifies the second information, and when the application tries to execute a second API different from the first API, the specified A second information reading step of reading out the first information associated with second information from the storage unit;
A processing step of returning have line processing of the second API by using the first information read, the processing result does not include the first information to the application,
An information processing apparatus characterized by executing The controller is
A first control unit for executing the reply step and the processing step;
A second control unit for executing the first information reading step and the second information reading step;
The information processing apparatus according to claim 4, further comprising: A notification unit for notifying a user;
The first information reading step includes:
At a second time point after the first time point, the application specifies the second information, and when the application tries to execute a second API different from the first API, the specified A reading step of reading out the first information associated with second information from the storage unit;
A notification step of notifying the user via the notification unit,
In the processing step, after the notification to the user only when the user's permission has been obtained, it has row processing of the second API by using the first information read, the first information 6. The information processing apparatus according to claim 4 , wherein a processing result not included is returned to the application .   6. The information processing apparatus according to claim 2, wherein different UIDs (User IDs) are given to the application and the second control unit.   The information processing apparatus according to claim 3 or 6, wherein the notifying step notifies the user of the read first information. When an application tries to execute a first API (Application Program Interface) for acquiring first information stored in the terminal at a first time point, the first API is processed to execute the first API. An information acquisition step of acquiring information of 1;
An information storing step of storing the acquired first information and second information different from the first information in association with each other in a storage unit;
A reply step of returning the second information to the application;
At a second time point after the first time point, the application specifies the second information, and when the application tries to execute a second API different from the first API, the specified An information reading step of reading out the first information associated with second information from the storage unit;
A processing step of returning have line processing of the second API by using the first information read, the processing result does not include the first information to the application,
A program that causes a computer to execute. When an application attempts to execute a first API (Application Program Interface) for acquiring first information stored in a terminal at a first time point, the first information and the first information The second information from the storage area corresponding to the first information of the storage unit stored in the storage area prepared corresponding to the first information. A first information reading step of reading;
A response step of returning the read second information to the application;
At a second time point after the first time point, the application specifies the second information, and when the application tries to execute a second API different from the first API, the specified A second information reading step of reading out the first information associated with second information from the storage unit;
A processing step of returning have line processing of the second API by using the first information read, the processing result does not include the first information to the application,
A program that causes a computer to execute.

Images