JP2005099901A - Mobile communication terminal - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To effectively use peculiar information such as cookie information by a simple method while suppressing a leakage of personal information of a user on the basis of the peculiar information. <P>SOLUTION: When the user of a cellphone performs operation for closing a browser by use of its ten-key pad or the like, the browser is ended according to operation contents thereof, and the cookie information stored in a RAM during the execution of the browser is deleted. Accordingly, after the browser is ended, the cookie information is not left inside the RAM. Accordingly, an HTTP request transmitted first when accessing a before browsed Web site after starting the browser does not include the cookie information. Accordingly, the leakage of the personal information from the cookie information can be prevented, the cookie information is stored during the execution of the browser, and service or the like using it can be received. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a mobile communication terminal such as a mobile phone capable of browsing a browsing screen such as a website via a communication network.

  As this type of mobile communication terminal, a mobile phone capable of browsing a website published on a communication network is known (for example, Patent Document 1). Such a mobile phone can browse a desired Web site by executing a browsing program (browser) for browsing the Web site. When browsing a Web site, communication is generally performed using HTTP (HyperText Transfer Protocol). This HTTP is a simple protocol in which a Web server repeats an operation of returning a response (browsing screen information) in response to a request (browsing request) transmitted from a client (mobile communication terminal). For this reason, it cannot be determined whether or not a plurality of requests received by the Web server are transmitted from the same mobile communication terminal. Therefore, it is not possible to perform processing that is necessary for an electronic commerce site or the like, such as transferring a browsing page while the Web server specifies a client. In order to realize such processing, session management is required in which continuous browsing processing between the Web server and the mobile communication terminal is managed as one unit. Conventionally, in communication using HTTP, a function called “cookie” that enables session management has been used (for example, Patent Document 2).

  This cookie is used as follows. That is, when a request for browsing a desired website is transmitted from the mobile communication terminal, a response is returned from the web server. Cookie information issued by the website is added to this response. This cookie information is unique to the mobile communication terminal that transmitted the request (unique information). When receiving this response, the mobile communication terminal stores the cookie information. Thereafter, when browsing the Web site that issued the cookie information, a request with the cookie information added to the header portion is transmitted. The Web server that has received this request can perform various session management based on the cookie information. For example, the mobile communication terminal that is the transmission source of the request can be specified from the cookie information, and browsing screen information customized for the mobile communication terminal can be returned as a response. In addition, for example, it is also possible to read out the operation contents performed in the past by the user of the mobile communication terminal that is the transmission source of the request from the cookie information, and perform processing according to the operation contents.

JP 2002-171294 A JP-A-11-98134

As described above, the cookie is a very convenient function in communication using HTTP. However, the cookie information includes various types of information depending on the usage mode, and may include personal information of the user of the mobile communication terminal. Therefore, a mechanism for suppressing the leakage of user personal information from cookie information is necessary.
The simplest mechanism is to provide a function for invalidating cookies on the mobile communication terminal side. In this mechanism, if the mobile communication terminal is set to invalidate the cookie, even if the cookie information is sent from the Web server, the cookie information is not stored in the mobile communication terminal. Accordingly, since cookie information is not transmitted from the mobile communication terminal via the communication network, leakage of personal information of the user can be effectively suppressed. However, if the cookie is set to be invalid, the service using the cookie provided by the website cannot be received at all.
As another mechanism, there is also a mechanism in which the data structure of the cookie is concealed by performing communication in a state in which the cookie is digitally signed and encrypted as disclosed in Patent Document 2 above. According to this mechanism, it is possible to use a cookie while suppressing leakage of the personal information of the user. However, this mechanism requires a large processing capacity for encryption and decryption of cookies, and the load is too large for a normal mobile communication terminal, so a simpler mechanism is desired.

  The present invention has been made in view of the above background, and the object of the present invention is to make it possible to receive a service using unique information such as cookie information, but to convert the unique information into a simple method. It is to provide a mobile communication terminal capable of suppressing leakage of personal information of a user based thereon.

In order to achieve the above object, the invention of claim 1 transmits a browsing request to a server device via a display unit, an operating unit operated by a user, and a communication network, and responds to the browsing request. By receiving browsing screen information from the server device, browsing execution means for executing a browsing program for displaying the browsing screen related to the browsing request on the display means and the browsing screen information are transmitted from the server device. Storage means for storing unique information unique to the transmission source of the browsing request, and when the browsing execution means transmits the browsing request by executing the browsing program, the unique information is stored in the storage means. If stored, the mobile communication terminal transmits the specific information to the browsing request and transmits the browsing request from the end of the browsing program to the next execution of the browsing program. , It is characterized in that it has a deletion means for deleting operation of deleting the specific information from the storage means.
When the mobile communication terminal executes a browsing program and browses a desired browsing screen, unique information transmitted from the server device that holds the browsing screen information is stored in the storage unit. This unique information is stored as it is in the storage means while the browsing program is being executed. Therefore, while the browsing program is being executed, the unique information can be used in the communication process between the server device that transmitted the unique information and the mobile communication terminal. When the browsing program is terminated, the unique information is deleted from the storage means until the next time the browsing program is executed at the latest. Therefore, when the browsing program is executed next and the browsing screen browsed before is browsed again, unique information is not added to the browsing request transmitted to the server device. Thereby, after executing the browsing program, the first browsing request transmitted to browse a certain browsing screen does not include unique information. Accordingly, the past unique information before the execution of the browsing program is not sent from the mobile communication terminal, and the number of transmissions for transmitting the unique information to the server device is reduced, so that the unique information transmitted from the mobile communication terminal is reduced. Based on this, it is possible to reduce the risk of leakage of personal information.
In addition, although the cookie information mentioned above is mentioned as a typical example of the said specific information, it is not restricted to cookie information.

According to a second aspect of the present invention, in the mobile communication terminal according to the first aspect, the deletion unit performs the deletion operation of the specific information when the browsing program ends.
In this mobile communication terminal, the unique information is deleted at the end of the browsing program. Therefore, after the browsing program is terminated, the unique information no longer exists in the storage means. Therefore, it is possible to reduce the risk of leakage of personal information due to an unauthorized operation or an unauthorized operation after the viewing program is terminated.

According to a third aspect of the present invention, in the mobile communication terminal of the first or second aspect, whether or not the deletion operation by the deletion unit is validated or invalidated based on a user's operation content on the operation unit. A selection means for selecting, and an operation control means for controlling the operation of the deletion means according to the selection state selected by the selection means. The selection state of the selection means in the initial state is the deletion operation. It is characterized by being set to be effective.
This mobile communication terminal can switch the above-described unique information deletion operation between valid and invalid at the user's will. If this is invalid, the unique information stored at the time of executing the previous browsing program remains in the storage means even after the next execution of the browsing program. In this case, the effect of suppressing the leakage of personal information by the deleting means cannot be obtained, but communication processing between the server device and the mobile communication terminal is performed using the unique information stored when the previous browsing program is executed. The advantage of being able to do it is born.
Here, if the deletion operation is set to invalid in the initial state, the effect of suppressing the leakage of personal information by the deletion means remains unobtained unless the user effectively changes this setting. Many users continue to use mobile communication terminals without knowing how to change this setting. In the case of such a user, if the setting in the initial state is invalid, there is a high possibility that personal information will be leaked without knowing it, resulting in a lack of protection of personal information. Therefore, in this mobile communication terminal, the setting of the deletion operation in the initial state is valid. As a result, even a user who does not know how to change the setting can give the effect of suppressing the leakage of personal information by the deleting means, and the personal information can be protected.

As described above, according to the first to third aspects of the present invention, it is possible to receive a service using the unique information during the execution of the browsing program, and the unique information from the storage means until the next execution of the browsing program at the latest. This method has an excellent effect that it is possible to suppress the leakage of the personal information of the user based on the unique information by the simple method of deleting.
In particular, according to the invention of claim 2, there is an excellent effect that the risk of leakage of personal information based on the unique information can be further reduced.
According to the invention of claim 3, since leakage of personal information of a user who does not know how to change the setting can be reliably suppressed, it is possible to widely suppress leakage of personal information of the user. There is an excellent effect of becoming.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 2 is an explanatory diagram for explaining a configuration of the entire mobile communication system for browsing a Web site using the mobile phone 20 as the mobile communication terminal according to the present embodiment.
In this mobile communication system, the mobile phone 20 used by the user 1 can perform data communication with the Web server 11 connected to the mobile phone communication network 10 which is a communication network. Communication between the Web server 11 and the mobile phone 20 is performed using HTTP. In the present embodiment, data communication with the Web server 11 that is a server device connected to the mobile phone communication network 10 will be described as an example. The same applies to data communication with a Web server connected to the.

FIG. 3 is a schematic configuration diagram showing a hardware configuration of the Web server 11.
The Web server 11 includes a system bus 100, a CPU 101, an internal storage device, an external storage device 104, an input device 105, and an output device 106. The internal storage device includes a RAM 102, a ROM 103, and the like. The external storage device includes a hard disk drive (HDD), an optical disk drive, and the like. The input device 105 includes an external storage device 104, a mouse, a keyboard, and the like. The output device 106 includes a display, a printer, and the like. Further, the Web server 11 includes a mobile phone communication device 107 for communicating with the mobile phone 20 of each user 1 via the mobile phone communication network 10.
The components such as the CPU 101 and the RAM 102 exchange data and program instructions with each other via the system bus 100. A program for operating the Web server 11 according to a predetermined procedure is stored in the ROM 103 or the external storage device 104, and is called up and executed in the work area on the CPU 101 or the RAM 102 as necessary. The Web server 11 stores Web site browsing screen information provided to the mobile phone 20 in the external storage device 104. In response to a request that is a browsing request from the mobile phone 20, the Web server 11 cooperates with the CPU 101, the RAM 102, the mobile phone communication network communication device 107, and the like to display browsing screen information stored in the external storage device 104. The mobile phone 20 has a function of transmitting a response to the mobile phone 20 via the mobile phone communication network 10. The Web server 11 may be configured as a dedicated control device or may be configured using a general-purpose computer system. Further, it may be configured by a single computer, or may be configured by connecting a plurality of computers each having a plurality of functions via a network.

4 is a front view showing the appearance of the mobile phone 20, and FIG. 5 is a schematic configuration diagram showing the hardware configuration of the mobile phone 20. As shown in FIG.
The mobile phone 20 is a clamshell (folding) type mobile phone, and includes an internal control device comprising a system bus 200, a CPU 201, a RAM 202, a ROM 203, etc., an input device 204 as an operation means, an output device 205, and a mobile phone communication A device 206 is provided. Components such as the CPU 201 and the RAM 202 exchange various data and instructions of a program to be described later via the system bus 200. The CPU 201 controls the RAM 202, ROM 203, output device 205, and mobile phone communication device 206. The CPU 201 executes a browsing program (browser) stored in the ROM 203 to allow the LCD 27 to browse the website of the web server 11 and perform a predetermined input operation using the input device 204. The input device 204 includes a data input key (ten key, * key, # key) 21, a call start key 22, an end key 23, a scroll key 24, a multi-function key 25, a microphone 26, and the like. By operating this input device 204, a user inputs data such as a URL to the mobile phone 20 to browse a Web site, start and end a call when receiving a call, and various settings. Can be changed. The output device 205 includes a liquid crystal display (LCD) 27, a speaker 28, and the like. The mobile phone communication device 206 is for communicating with another mobile phone or the Web server 11 via the mobile phone communication network 10. Specifically, the mobile phone communication network 10 is used for exchanging mails with other mobile phones, and the Web server 11 that is opened by the Web server 11 is browsed via the mobile phone communication network 10. Is for.

FIG. 1 is a sequence flow diagram when browsing a Web site on the Web server 11 with the mobile phone 20 in the present embodiment.
When browsing a Web site with the mobile phone 20, first, the user performs a predetermined operation on the input device 204, for example, starts a browser and inputs a URL of a browsing destination. Then, the CPU 201 that executes the browser transmits a request to the Web server 11 specified by the URL. Upon receiving this request, the Web server 11 generates cookie information that is unique information for each mobile phone 20 that is the transmission source of the request. Then, the Web server 11 transmits the generated cookie information to the mobile phone 20 that is the transmission source of the request together with the browsing screen information (first browsing screen information) of the Web site related to the request. The mobile phone 20 that has received this response displays a first browsing screen on the LCD 27 based on the first browsing screen information under the control of the CPU 201 that executes the browser. In addition, the cellular phone 20 that has received the response also performs a process of storing the cookie information included in the response in a predetermined storage area of the RAM 202 as a storage unit by the CPU 201.

  The user can browse the first browsing screen displayed on the LCD 27 and operate the input device 204 to input a character string or select information. When input and selection are performed in this way, the input character string and the information indicating the selected content are transmitted to the Web server 11 together with the request. Upon receiving this request, the Web server 11 generates new cookie information according to the content of the request. Then, the Web server 11 transmits the generated cookie information to the mobile phone 20 together with the browsing screen information (second browsing screen information) of the Web site related to the request. The mobile phone 20 that has received this response displays the second browsing screen on the LCD 27 based on the second browsing screen information as described above, and stores the cookie information included in the response in the RAM 202.

  The second browsing screen changes depending on the cookie information in addition to the information input and selected by the user on the first browsing screen. The reason why such session management is possible in communication using HTTP is that the Web server 11 can specify the transmission source of the request based on the cookie information. By enabling such session management, a service provider such as a content provider who intends to provide a service through a Web site can provide various services to the user of the mobile phone 20. . For example, it is possible to provide a service that uses a function such as a “shopping basket” often found on shopping sites. This function enables the user to purchase a plurality of products and the like, so that the purchase procedure can be collectively performed at the end, so that the convenience of the user can be improved. In addition, a service such as taking a questionnaire from the user over a plurality of pages (a plurality of browsing screens) is also possible.

Here, as described above, the cookie information includes personal information of the user of the mobile phone 20, and a mechanism for suppressing the leakage is necessary.
FIG. 6 is a sequence flow diagram when a general processing operation using a cookie in a personal computer or the like is applied to a cookie processing operation in the mobile phone 20. In this sequence, the cookie information remains in the RAM 202 even after the browser is terminated, and the first request transmitted when the browser is activated next includes the cookie information. Since the cookie information included in the first request sent when the browser is started becomes the past cookie information, it may contain the user's personal information. In some cases, the personal information entered in other sites in the past may be included. There is a possibility that it may be added. Also, if the cookie information is stored in the RAM 202 even while the browser is not running, it may be maliciously altered or stolen by exploiting some means such as a security hole. Sex cannot be denied. .

  Therefore, in this embodiment, when the user performs an operation of closing the browser using the input device 204, the CPU 201 performs processing for terminating the browser according to the operation content, and also stores the cookie information stored in the RAM 202 during the browser execution. Process to delete. Therefore, cookie information does not remain in the RAM 202 after the browser is terminated. Therefore, when the browser is started next time and the same Web site as described above is browsed, the request transmitted first does not include cookie information. As a result, it is possible to prevent personal information from leaking based on the cookie information included in the first transmission request. Further, since the cookie information is not stored in the RAM 202 while the browser is not being executed, the cookie information is not altered, and leakage of personal information due to unauthorized access or the like can be effectively prevented.

  In addition, the charging system of the mobile phone 20 in the present embodiment charges according to the amount of data (packet amount) transmitted or received by the mobile phone 20. Therefore, as shown in the sequence shown in FIG. 6, when cookie information is added to the first request transmitted after the browser is activated, an extra charge is made for the amount of data of the cookie information. On the other hand, in this embodiment, cookie information is not added to the first request transmitted after the browser is activated. Therefore, the financial burden on the user can be reduced. In addition, as a result of reducing the amount of data communication in the mobile phone communication network 10, it is also possible to effectively use limited communication resources.

  In addition, the mobile phone 20 of the present embodiment has three types of setting items regarding handling of cookie information. The first setting item is a setting in which the CPU 201 executing the browser deletes the cookie information in the RAM 202 when the browser ends (hereinafter referred to as “cookie temporary storage setting”). The second setting item is a setting in which the CPU 201 executing the browser does not delete the cookie information in the RAM 202 when the browser is terminated (hereinafter referred to as “cookie valid setting”). The third setting item is a setting (hereinafter referred to as “cookie invalid setting”) in which cookie information is not stored in the RAM 202 even while the CPU 201 is executing the browser. These settings can be arbitrarily selected by the user. Specifically, when the user performs a predetermined operation on the input device 204, the CPU 201 as the selection unit selects which setting is to be made based on the operation content. Then, the CPU handles the cookie information according to the selected setting while the browser is running or when the browser is closed.

  In this embodiment, the initial state set at the factory shipment stage is set to the temporary cookie storage setting. This is due to the following reason. That is, if importance is attached to personal information protection, it is desirable that the initial state is a cookie invalid setting. However, although the setting item can be arbitrarily changed by the user, there are many users who use the setting item as it is without changing the setting item. Therefore, if the initial state is the cookie invalid setting, the number of users who use the Web site using the cookie is reduced. This reduces the willingness to develop a website using cookies in a service provider such as a content provider that provides the website, which in turn reduces the quality of service to the user. On the other hand, when the cookie valid setting is set to the initial state, many users who do not change the setting item have a high risk of leaking their personal information without their knowledge. On the other hand, in this embodiment, since the initial state is the cookie temporary storage setting, while the CPU 201 is executing the browser, the service using the cookie can be received, and the leakage of personal information based on the cookie information as described above is also possible. Effectively suppressed. Therefore, it is possible to effectively suppress the leakage of personal information of many users who use the initial settings without changing the above setting items, while suppressing the deterioration of the service provided by the service provider on the website. Can do.

The sequence flow figure when browsing the Web site on the Web server 11 using the mobile telephone 20 which concerns on embodiment. Explanatory drawing for demonstrating the structure of the whole mobile communication system for browsing a web site using the mobile phone. The schematic block diagram which shows the hardware constitutions of the Web server which comprises the mobile communication system. The front view which shows the external appearance of the mobile phone. The schematic block diagram which shows the hardware constitutions of the mobile phone. The sequence flow figure at the time of applying the general processing operation using the cookie in a personal computer etc. to the processing operation of the cookie in a mobile telephone.

Explanation of symbols

11 Web Server 20 Mobile Phone 27 Liquid Crystal Display 201 CPU
202 RAM
204 Input device 206 Mobile phone communication device

Claims (3)

Display means;
An operation means operated by a user;
A browsing program for transmitting a browsing request to a server device via a communication network and displaying the browsing screen related to the browsing request on the display unit by receiving browsing screen information corresponding to the browsing request from the server device. Browsing execution means for executing
Storage means for storing unique information that is transmitted together with the browsing screen information from the server device and is unique to the source of the browsing request;
When the browsing execution unit executes the browsing program and transmits a browsing request, if the specific information is stored in the storage unit, the browsing execution unit adds the specific information to the browsing request and transmits it. A body communication terminal,
A mobile communication terminal, comprising: a deletion unit that performs a deletion operation of deleting the unique information from the storage unit between the end of the browsing program and the next execution of the browsing program. The mobile communication terminal according to claim 1, wherein
The mobile communication terminal characterized in that the deletion means performs the deletion operation of the specific information at the end of the browsing program. In the mobile communication terminal according to claim 1 or 2,
A selection means for selecting whether to enable or disable the deletion operation by the deletion means based on the user's operation content for the operation means;
An operation control means for controlling the operation of the deletion means in accordance with the selection state selected by the selection means,
A mobile communication terminal characterized in that a selection state of the selection means in an initial state is set to enable the deletion operation.

Images