Mobile terminal, access control management device, and access control management method
First Claim
1. A mobile terminal, comprising:
- an application execution unit configured to execute an application program;
an access control rule management unit configured to retain an access control rule defining whether the application program has an access authorization to a confidential resource in the mobile terminal and a determining unit;
an access control rule query unit configured to acquire, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and to retain the acquired access control rule in the access control management unit;
a query requirement determination unit configured to determine whether to update the access control rule when the application program accesses to the confidential resource, and to update the access control rule;
an authorization management unit configured to determine whether the application program has the access authorization based on the access control rule; and
a confidential resource management unit configured to determine whether to permit an access request to the confidential resource by the application program, based on a result of the determination of the authorization management unit;
whereinthe query requirement determination unit is configured to add, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data and to update the access control rule when the mobile terminal is out of service for a certain period or more.
1 Assignment
0 Petitions
Accused Products
Abstract
A mobile terminal (200) comprises an application execution unit (240) configured to execute an application program; an access control rule management unit (270) configured to retain an access control rule defining whether the application program has an access authorization to a confidential resource in the mobile terminal and a determining unit; an access control rule query unit (220) configured to acquire, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and to retain the acquired access control rule in the access control management unit; a query requirement determination unit (260) configured to determine whether to update the access control rule when the application program makes an access to the confidential resource, and to update the access control rule; an authorization management unit (230) configured to determine whether the application program has the access authorization based on the access control rule; and a confidential resource management unit (250) configured to determine whether to permit an access request to the confidential resource by the application program, based on a result of the determination of the authorization management unit (230).
29 Citations
11 Claims
-
1. A mobile terminal, comprising:
-
an application execution unit configured to execute an application program; an access control rule management unit configured to retain an access control rule defining whether the application program has an access authorization to a confidential resource in the mobile terminal and a determining unit; an access control rule query unit configured to acquire, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and to retain the acquired access control rule in the access control management unit; a query requirement determination unit configured to determine whether to update the access control rule when the application program accesses to the confidential resource, and to update the access control rule; an authorization management unit configured to determine whether the application program has the access authorization based on the access control rule; and a confidential resource management unit configured to determine whether to permit an access request to the confidential resource by the application program, based on a result of the determination of the authorization management unit;
whereinthe query requirement determination unit is configured to add, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data and to update the access control rule when the mobile terminal is out of service for a certain period or more. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An access control management device, comprising:
-
a user management unit configured to retain user information of a mobile terminal and an access control rule to be given to the mobile terminal; a user authentication unit configured to perform a user authentication; an access control rule response unit configured to respond with the access control rule of the mobile terminal to an inquiry from the mobile terminal, the inquiry including a designation of at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal; an access control request reception unit configured to receive, from a user, a registration request of the access control rule or a change request of the access control rule, the access control rule being for a mobile terminal or a plurality of mobile terminals; an access control rule verification management unit configured to manage a verification rule for verifying the registration request or the change request; and an access control rule verification unit configured to verify, according to the verification rule, the registration request or the change request; and a query requirement determination unit configured to add, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data and to update the access control rule when the mobile terminal is out of service for a certain period or more. - View Dependent Claims (8, 9, 10)
-
-
11. An access control management method for limiting an access to a confidential resource in a mobile terminal by an application program, comprising:
-
determining whether to update an access control rule when the application program make the access to the confidential resource, the access control rule defining whether the application program has an access authorization to the confidential resource in the mobile terminal and a determining unit; acquiring, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and retaining the acquired access control rule; determining whether the application program has the access authorization based on the access control rule; responding to an access request based on a result of the determination; adding, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data; and updating the access control rule when the mobile terminal is out of service for a certain period or more.
-
Specification