WO2015118751A1 - 情報処理装置、情報処理方法、プログラム、及びサーバ - Google Patents
情報処理装置、情報処理方法、プログラム、及びサーバ Download PDFInfo
- Publication number
- WO2015118751A1 WO2015118751A1 PCT/JP2014/081074 JP2014081074W WO2015118751A1 WO 2015118751 A1 WO2015118751 A1 WO 2015118751A1 JP 2014081074 W JP2014081074 W JP 2014081074W WO 2015118751 A1 WO2015118751 A1 WO 2015118751A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- developer
- content
- processing apparatus
- information processing
- Prior art date
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 439
- 238000003672 processing method Methods 0.000 title claims abstract description 8
- 238000012545 processing Methods 0.000 claims abstract description 184
- 238000011161 development Methods 0.000 claims abstract description 14
- 238000000034 method Methods 0.000 claims description 129
- 230000008569 process Effects 0.000 claims description 93
- 238000007726 management method Methods 0.000 description 130
- 238000004891 communication Methods 0.000 description 99
- 230000006870 function Effects 0.000 description 44
- 238000010586 diagram Methods 0.000 description 38
- 239000008186 active pharmaceutical agent Substances 0.000 description 27
- 230000007246 mechanism Effects 0.000 description 20
- 230000005540 biological transmission Effects 0.000 description 15
- 230000004044 response Effects 0.000 description 12
- 230000004048 modification Effects 0.000 description 11
- 238000012986 modification Methods 0.000 description 11
- 238000003384 imaging method Methods 0.000 description 10
- 230000002427 irreversible effect Effects 0.000 description 10
- 239000000284 extract Substances 0.000 description 8
- 230000000694 effects Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000001151 other effect Effects 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
Definitions
- the present disclosure relates to an information processing apparatus, an information processing method, a program, and a server.
- the function of operating the information processing apparatus via the user terminal is realized, for example, by installing a dedicated application program (hereinafter simply referred to as “application”) in the user terminal.
- application a dedicated application program
- a program for controlling the operation of the information processing device may be provided to general developers so that an application for controlling the operation of the information processing device can be developed.
- developer identification information an application created by a developer who does not have API usage authority spoofs information indicating the developer (hereinafter, sometimes referred to as “developer identification information”). It is presumed that no API is used illegally.
- an acquisition unit that acquires developer identification information associated with an application program included in a user terminal from the user terminal and a developer of the application program indicated by the developer identification information have been pre-applied. Based on an instruction from the user terminal, when the developer of the application program indicated by the developer identification information is a pre-applied developer, a determination unit that determines whether the developer is a developer A control unit that controls the execution of the function that has, and a content processing unit that acquires the content upon execution of the function, and associates the acquired content with the information of the developer that made the determination.
- a processing device is provided.
- the developer identification information associated with the application program of the user terminal is acquired from the user terminal, and the developer of the application program indicated by the developer identification information is pre-applied. On the basis of an instruction from the user terminal when the developer of the application program indicated by the developer identification information is a pre-applied developer. Control the execution of the function that the device itself has, acquiring the content in response to the execution of the function, and associating the acquired information of the developer that has made the determination with the content.
- a processing method is provided.
- the developer identification information associated with the application program that the user terminal has in the computer is acquired from the user terminal, and the developer of the application program indicated by the developer identification information is the developer that has been applied for in advance. And when the developer of the application program indicated by the developer identification information is a pre-applied developer, the function of the user terminal is executed based on an instruction from the user terminal. There is provided a program for performing control, acquiring content upon execution of the function, and associating the acquired content with the information of the developer that has made the determination.
- the developer information associated with the application program related to content acquisition and the developer information corresponding to the developer determined to be a pre-applied developer are encrypted. Comparing the content associated with the encrypted information obtained from the terminal, the developer information associated with the content, and the developer information indicated by the encrypted information; And a determination unit that determines whether or not the developer information associated with the content has been altered.
- an information processing apparatus capable of restricting the use of functions according to developers and suppressing the unauthorized use of functions. Is done.
- FIG. 4 is an explanatory diagram for describing an overview of processing related to access control to an API in the information processing system according to the embodiment;
- FIG. It is a figure for demonstrating the outline
- FIG. 6 is a sequence diagram illustrating an example of a series of operations related to API access control in the information processing apparatus according to the embodiment. It is the block diagram which showed an example of the function structure which paid its attention to the process which concerns on the acquisition of the content in the information processing apparatus and user terminal which concern on the embodiment. It is the figure which showed an example of the data of the content which the information processing apparatus which concerns on the embodiment produces
- Example 1 Example 1 of recording developer information as content attribute information 5.2.
- Example 2 Example 2 of recording developer information as content attribute information 5.3.
- Example 3 Example of superimposing developer information on preview image 5.4.
- Example 4 Example of superimposing developer information on a real image 5.5.
- Example 5 Example of recording developer information as history information 5.6.
- Example 6 Display example of developer information recorded as history information 5.7.
- Example 7 Example in which a plurality of applications are operated. Hardware configuration Summary
- FIG. 1 is a diagram for describing an application field of an information processing system according to an embodiment of the present disclosure.
- a device such as a digital camera 10a or a television device 10b or an information processing device 10c such as a PC (Personal Computer) is operated via a user terminal 20 such as a smartphone. Function is provided.
- the digital camera 10a, the television device 10b, and the information processing device 10c may be collectively referred to as “information processing device 10”.
- the technique for operating the information processing apparatus 10 via the user terminal 20 is realized, for example, by installing a dedicated application d10 on the user terminal 20 and controlling the operation of the information processing apparatus 10 through the application d10.
- an API for controlling the operation of the information processing apparatus 10 may be provided to a general developer so that an application d10 for controlling the operation of the information processing apparatus 10 can be developed.
- APIs such as an API for controlling basic operations, an API that enables fine control, or an API for realizing additional functions.
- Various types of APIs may be included. Some of these APIs can be disclosed only to developers who have made a specific contract or developers who have charged for the use of APIs, from those that can be disclosed to general developers. There is also a case. Therefore, there is a demand for a mechanism that can change the API disclosure range, that is, the restriction on the use of functions provided by the information processing apparatus 10 according to the developer.
- developer identification information indicating the developer (hereinafter, sometimes referred to as “developer identification information”). It is estimated that a fraud in which no API can be used is performed. For this reason, there is a need for a technique for preventing unauthorized use of the API due to the developer's misrepresentation.
- a technique for preventing unauthorized use of the API for example, there is a method of preventing eavesdropping on a communication path by encrypting information transmitted and received between the user terminal 20 and the information processing apparatus 10 based on a key sharing method.
- an application downloaded to the user terminal 20 such as a smartphone may be disassembled.
- the key information held by the user terminal 20 for encrypting the information When the key information is disassembled and disclosed illegally, the protection of the information based on the encryption is meaningful. In some cases, it may disappear.
- authority information for each developer is managed by an external server or the like different from the information processing apparatus 10 or the user terminal 20, and the information processing apparatus 10 refers to authority information on the server.
- some information processing apparatuses 10 do not have an interface for accessing an external network such as the Internet, such as a digital camera, and it is difficult to always access an external server. There is a case. Further, it may be difficult for the user terminal 20 side to always be accessible to the external server.
- some of the user terminals 20 are externally connected to the information processing apparatus 10 such as a digital camera based on a technology such as Wi-Fi (Wireless Fidelity) (registered trademark). Some cannot access the network.
- Wi-Fi Wireless Fidelity
- the information processing apparatus 10 that does not assume access to the external network updates internal information by firmware update or the like, for example, it may be difficult to update the internal information appropriately. Therefore, for example, there is a case where it is not practical to store information for determining the authority of a specific developer for the API on the information processing apparatus 10 side.
- the present disclosure proposes an information processing system capable of restricting the use of APIs depending on the developer and suppressing the illegal use of APIs associated with the developer's misrepresentation.
- the information processing system according to the present embodiment includes an API group 50 related to operation control of the information processing apparatus 10, so that the developer u 50 can develop an application for controlling the operation of the information processing apparatus 10. Provides a mechanism for publishing to.
- FIG. 2 is a diagram illustrating an example of a schematic system configuration of the information processing system according to the present embodiment.
- the information processing system includes an information processing apparatus 10, a user terminal 20, a management server 30, a content management server 70, a developer terminal 80, and an application providing server 90. including.
- the developer terminal 80 is a terminal for the developer u50 to develop an application.
- the application developed by the developer u50 may be referred to as “application d10”.
- the management server 30 issues control information for controlling (permitting) access to APIs whose use is restricted in the API group 50 to the developer u50 registered in advance.
- the developer u50 can cause the information processing apparatus 10 to execute an API whose use is restricted as the processing of the application d10. Become.
- Application providing server 90 schematically shows a server for providing application d10 developed by developer u50 to general user u20 for a fee or free of charge.
- a specific example of the application providing server 90 is a server that provides a distribution channel such as an application store.
- the user terminal 20 acquires the application d10 published by the application providing server 90 by downloading it.
- the method of providing the application d10 via the application providing server 90 is merely an example, and the configuration of the information processing system according to the present embodiment is not limited as long as the user terminal 20 can acquire the application d10 developed by the developer u50.
- the application d10 may be provided to the user u20 in a state stored in a portable medium or the like.
- the application d10 is stored in the user terminal 20 by the user u20 installing the application d10 in the portable medium in the user u20.
- the content management server 70 schematically shows a server for managing and storing content such as image data acquired by the information processing apparatus 10 or the like.
- the content management server 70 provides a storage area for storing the content acquired by the information processing apparatus 10 or provides a service for sharing the stored content among a plurality of users.
- the content management server 70 may be configured as a server for providing a service that enables information sharing among a plurality of users, such as SNS (Social Networking Service).
- the management server 30, content management server 70, developer terminal 80, application providing server 90, and user terminal 20 are connected via a network n0.
- the network n0 includes, for example, the Internet, a dedicated line, a LAN (Local Area Network), or a WAN (Wide Area Network). Note that the form of the network n0 is not limited as long as it is a network that connects different devices.
- a network between some configurations of the management server 30, the content management server 70, the developer terminal 80, the application providing server 90, and the user terminal 20 is physically or logically different from a network between other configurations. You may comprise as another network.
- the management server 30 and the developer terminal 80 may be logically isolated from an external network such as the Internet by using a VPN (Virtual Private Network) technology.
- the information processing apparatus 10 indicates a control target whose operation is controlled by executing the application d10 on the user terminal 20.
- the information processing apparatus 10 and the user terminal 20 are connected via a network n1.
- Examples of the network n1 include a wireless communication path in direct communication between devices such as Wi-Fi.
- the network n1 will be described as a wireless communication path in direct communication between the information processing apparatus 10 and the user terminal 20, but if communication can be established between the information processing apparatus 10 and the user terminal 20, The mode is not limited.
- the information processing apparatus 10 stores an API group 50 for controlling its own operation, and in response to an instruction from the user terminal 20 based on execution of the application d10, a corresponding program (API) is selected from the API group 50. ).
- API corresponding program
- FIG. 3 is a block diagram illustrating an example of a schematic functional configuration of the information processing apparatus 10 and the user terminal 20 according to the present embodiment.
- the user terminal 20 includes a communication unit 202 and a content storage unit 204, and an application 25 is installed.
- the application 25 schematically shows a function realized by executing the application d10 for controlling the operation of the information processing apparatus 10 described above.
- the application 25 includes an authentication processing unit 250 and a process execution unit 260.
- the communication unit 202 is an interface for communicating with the information processing apparatus 10.
- the communication unit 202 can be, for example, a device for establishing wireless communication such as Wi-Fi between the user terminal 20 and the information processing apparatus 10.
- the mode of the communication unit 202 is not particularly limited as long as communication can be established between the user terminal 20 and the information processing apparatus 10 without being limited to wireless communication.
- data transmission / reception is performed via the communication unit 202 even if there is no particular description.
- the communication unit 202 may be configured to be able to communicate with the content management server 70.
- the communication unit 202 may be a device that establishes communication between the user terminal 20 and the content management server 70 via a communication path such as the Internet.
- the communication unit 202 is shown to be communicable with both the information processing apparatus 10 and the content management server 70 in order to make the description easy to understand.
- the configuration is not necessarily limited thereto.
- a device for establishing communication may be provided separately for each of the case where communication is established with the information processing apparatus 10 and the case where communication is established with the content management server 70. Needless to say.
- the authentication processing unit 250 schematically shows a configuration for making an application to the information processing apparatus 10 to access an API whose use is restricted. The details of the processing by the authentication processing unit 250 will be separately described later as “3. API access control”.
- the process execution unit 260 schematically shows a configuration for controlling the operation of the information processing apparatus 10 by executing each process defined in the installed application 25.
- the process execution unit 260 accesses the API as each process defined in the application 25.
- the operation of the information processing apparatus 10 can be controlled.
- the operation of the information processing apparatus 10 realized by the processing execution unit 260 accessing the API as each process defined in the application 25 is not necessarily limited to content acquisition.
- the process execution unit 260 accesses the API to determine exposure conditions, white balance, exposure sensitivity, and the like. Control related to image capturing (that is, content acquisition) may be performed. As another example, the processing execution unit 260 may notify the information processing apparatus 10 of management information such as a list of APIs supported by the information processing apparatus 10 by accessing the API.
- management information such as a list of APIs supported by the information processing apparatus 10 by accessing the API.
- the process execution unit 260 controls the operation of the information processing apparatus 10 to cause the information processing apparatus 10 to acquire content, and even if the acquired content is acquired from the information processing apparatus 10 via the network n1. Good.
- the process execution unit 260 may store the acquired content in the content storage unit 204.
- the content storage unit 204 is a storage unit for storing the acquired content.
- the content storage unit 204 can be configured as a storage device (storage) provided in the user terminal 20.
- the content storage unit 204 may be configured as a portable medium that can be attached to and detached from the user terminal 20.
- the process execution unit 260 may be configured to be able to transmit (transfer) the content stored in the content storage unit 204 to the content management server 70 via the communication unit 202. Further, not only the application 25 but also another application installed in the user terminal 20 may transmit (transfer) the content stored in the content storage unit 204 to the content management server 70.
- the information processing apparatus 10 includes a communication unit 102, a processing unit 130, a content acquisition unit 190, a key information storage unit 104, a notification unit 106, an identification information storage unit 108, and a content storage. Part 110.
- the processing unit 130 includes an authentication processing unit 150 and a processing execution unit 170.
- the communication unit 102 is an interface for communicating with the user terminal 20. Note that the configuration of the communication unit 102 is the same as that of the communication unit 202 described above, and thus detailed description thereof is omitted. In addition, hereinafter, when each configuration in the information processing apparatus 10 performs data transmission / reception with the configuration on the user terminal 20 side, data transmission / reception is performed via the communication unit 102 even when there is no particular description. And
- the communication unit 102 may be configured to be able to communicate with the content management server 70. Also in this case, the configuration of the communication unit 102 may be the same as that of the communication unit 202 described above. In other words, in the example illustrated in FIG. 3, the communication unit 102 is shown to be able to communicate with both the user terminal 20 and the content management server 70 in order to make the description easy to understand, but the configuration is not necessarily limited thereto.
- the content acquisition unit 190 is a configuration for acquiring various types of content in accordance with instructions from a process execution unit 170 described later.
- the content acquisition unit 190 outputs the acquired content to the process execution unit 170.
- content acquired by the content acquisition unit 190 include image data such as still images and moving images.
- the content acquisition unit 190 can be configured by, for example, an image sensor that can capture an image or a device (for example, a camera) that includes the image sensor.
- the content acquisition unit 190 may acquire audio data as content.
- the content acquisition part 190 can be comprised by the device which can collect audio
- the example of the content described above is merely an example, and does not limit the type of content acquired by the content acquisition unit 190, and the acquisition method of the content is not limited. It goes without saying that the configuration of the content acquisition unit 190 may differ depending on the type of content to be acquired and the method for acquiring the content.
- the notification unit 106 is a configuration for notifying the user of the information processing apparatus 10 (that is, the user u20) of information. For example, the notification unit 106 notifies the user u20 of notification information specified by the authentication processing unit 150 described later.
- the notification unit 106 is, for example, a display unit that can display the character information or image information or a device (for example, a display) that includes the display unit. Can be configured.
- the notification unit 106 may notify the user u20 of voice information as notification information.
- the notification unit 106 can be configured by a device that can output audio, such as a speaker, for example.
- the authentication processing unit 150 determines whether or not the developer of the application 25 installed in the user terminal 20 is a developer who has applied in advance based on the key information stored in the key information storage unit 104. Then, the authentication processing unit 150 restricts or cancels the access from the application 25 to the API whose use is restricted according to the determination result.
- the key information storage unit 104 stores key information for determining whether or not the developer of the application 25 is a developer who has applied in advance. For details of the process in which the authentication processing unit 150 determines whether the developer of the application 25 is a developer who has applied in advance based on the key information stored in the key information storage unit 104, see “3. API. Will be separately described later.
- the identification information storage unit 108 is a storage unit for storing identification information for identifying a developer who has been determined to be a developer who has been previously applied by the authentication processing unit 150.
- the content storage unit 110 is a storage unit for storing, for example, the content acquired by the content acquisition unit 190 and information associated with the content (for example, history information related to content acquisition).
- the content storage unit 110 can be configured as a storage device (storage) provided in the information processing apparatus 10.
- the content storage unit 110 may be configured as a portable medium that is detachable from the information processing apparatus 10.
- each configuration of the information processing apparatus 10 that is, the communication unit 102, the processing unit 130, the content acquisition unit 190, the key information storage unit 104, the notification unit 106, the identification information storage unit 108, and the content storage unit 110 includes various calculations. It can be configured by a circuit for executing processing. These series of configurations may be realized by a device such as an IC (Integrated Circuit) configured by the circuit, or a part of the configuration may be realized by another device.
- IC Integrated Circuit
- the information processing apparatus 10 receives each API in the API group 50 from the application d10 according to the use application status of the developer u50 for the API group 50 for controlling its own operation. Control access to.
- FIG. 4 is an explanatory diagram for explaining an overview of processing related to access control to the API in the information processing system according to the present embodiment.
- FIG. 4 among the components shown in FIG. 2, only the configuration related to the access control to the API is shown and the description is omitted for the other configurations.
- the management server 30 based on the application from the developer u50, the management server 30 provides the access control information d30 for releasing the restriction of the API approved for the application in the API group 50 to the developer. Issued to u50.
- the management server 30 manages the developer name d20 of the developer u50 designated by the developer u50 and the list of APIs to be used in the API group 50 by the developer u50. Obtained from the terminal 80.
- the management server 30 issues identification information d22 to the developer u50 indicated by “developer name d20”.
- the management server 30 generates access control information d30 for controlling (permitting) access to the API specified in the list based on the acquired API list.
- the contents of the access control information d30 will be separately described later together with a description of a specific configuration for generating the access control information d30.
- the management server 30 stores key information k10 generated in advance, and encodes the developer name d20, identification information d22, and access control information d30 based on the key information k10. d32 is generated.
- the management server 30 transmits the issued identification information d22, the generated access control information d30, and the encoded information d32 to the developer terminal 80 of the developer u50.
- the advance application for the developer u50 to develop the application d10 using the API for which the application for use has been made in the API group 50 is completed.
- the developer u50 uses the developer name d20, the identification information d22, and the access control information when using the API that has been applied for use in the application d10 to be developed.
- d30 and the encoded information d32 are embedded in the application d10.
- the developer name d20 and the identification information d22 may be collectively referred to as “developer identification information”.
- the developer identification information, the access control information d30, and the encoded information d32 may be collectively referred to as “authentication information”.
- the information processing apparatus 10 acquires authentication information embedded in the application d10 when the application d10 is executed, and the developer u50 has API usage authority based on the acquired authentication information. It is possible to confirm whether or not The details of the operation related to the confirmation of the presence / absence of API use authority based on the authentication information by the information processing apparatus 10 will be described later.
- the embedding of authentication information in the application d10 can be ruled by the operation of the API.
- the use restriction is not lifted. The process should be defined as follows.
- the application d10 that is developed by the developer u50 and in which the authentication information is embedded is published on the application providing server 90, for example.
- the user u20 can download the application d10 developed by the developer u50 from the application providing server 90 and install it on the user terminal 20 thereof.
- the information processing apparatus 10 When the information processing apparatus 10 according to the present embodiment receives access from the user terminal 20 as the application d10 is executed, the information processing apparatus 10 acquires authentication information embedded in the application d10 from the user terminal 20.
- the user terminal 20 transmits the authentication information to the information processing apparatus 10 without performing irreversible processing on the developer identification information and the access control information d30. Further, the user terminal 20 may be a transmission target to the information processing apparatus 10 without performing any of the encryption process and the encoding process on at least the developer identification information in the authentication information.
- the encryption process and the encoding process here refer to an encryption process and an encoding process for the purpose of data protection, and an encryption process and an encoding process for performing communication based on a predetermined communication method. It does not point.
- the user terminal 20 may further encode the encoded information d32 included in the authentication information and transmit it to the information processing apparatus 10. At this time, the user terminal 20 may acquire key information (for example, a random number) for encoding the encoded information d32 from the information processing apparatus 10. Note that details of processing related to encoding of the encoded information d32 by the user terminal 20 will be described later.
- the information processing apparatus 10 determines whether or not the developer u50 indicated by the developer identification information included in the authentication information is the developer who has applied for the use of the API. Determine.
- the information processing apparatus 10 generates the encoded information d42 by encoding the developer name d20, the identification information d22, and the access control information d30 acquired from the user terminal 20, and stores the encoded information d42 in the encoded information d42. Based on this, the developer u50 may be discriminated.
- the information processing apparatus 10 acquires and stores the key information k10 stored in the management server 30 in advance.
- the information processing apparatus 10 encodes the developer identification information and the access control information d30 acquired from the user terminal 20 based on the key information k10 to generate encoded information d42.
- the information processing apparatus 10 compares the generated encoded information d42 and the acquired encoded information d32, and based on whether or not they match, the developer u50 indicated by the developer identification information What is necessary is just to discriminate
- the above-described determination method is merely an example, and whether the developer u50 indicated by the developer identification information is the developer who has applied for the use of the API based on the acquired authentication information.
- the mode is not limited as long as it can be determined.
- the information processing apparatus 10 recognizes the API for which the use application has been made based on the access control information d30 in the authentication information. Then, the information processing apparatus 10 controls the execution of the API by itself depending on whether or not the API that is called when the application d10 is executed is included in the API that can be recognized based on the access control information d30.
- the information processing apparatus 10 identifies the developer u50 information indicated by the developer identification information on, for example, a display unit. It may be displayed as possible.
- FIG. 5 is a diagram for describing an application example of the information processing system according to the present embodiment, and information indicating the developer of the application d10 when the connection between the information processing apparatus 10 and the user terminal 20 is established. An example of display is shown.
- the information processing apparatus 10 causes the notification unit 106 configured as a display to display developer information v10 that presents the developer u50 indicated by the developer identification information in an identifiable manner.
- the form of the developer information v10 is not particularly limited as long as the developer u50 indicated by the developer identification information can be presented in an identifiable manner.
- the information processing apparatus 10 or the user terminal 20 includes an output unit (for example, a speaker) that can output audio information
- the information processing apparatus 10 uses the developer information v10 as audio information.
- the output may be performed via the output unit.
- the notification unit 106 can be configured as the output unit.
- FIG. 6 is a diagram for explaining an application example of the information processing system according to the present embodiment, and shows an example of the download site v90.
- the download site v90 displays developer information v92 indicating the development of the application d10 as information about the application d10 to be provided.
- the developer information v10 notified to the notification unit 106 shown in FIG. 5 and the information shown in FIG.
- the developer information v92 presented on the download site v90 does not match.
- the developer identification information is transmitted to the information processing apparatus 10 without being encrypted or encoded, and thus is transmitted to the network n1 between the user terminal 20 and the information processing apparatus 10. Developer identification information will be exposed.
- the user terminal 20 when the application d10 is executed, the user terminal 20 is caused to present the developer information indicated by the developer identification information embedded in the application d10. As a result, even if the API is illegally used due to the developer's misrepresentation, the user who uses the application d10 can be made aware that the developer is misrepresented. Further, since the developer's fraud is detected by the user who uses the application d10 in this way, the developer's fraud is known to the user. Unauthorized use can be suppressed.
- the timing at which the information processing apparatus 10 presents the developer information v10 is not particularly limited.
- the information processing apparatus 10 may cause the notification unit 106 to be notified of the developer information v10 while the operation is controlled based on the application d10 executed on the user terminal 20.
- FIG. 7 is a diagram for describing an application example of the information processing system according to the present embodiment.
- a digital camera is used as the information processing apparatus 10 and imaging by the digital camera is performed based on an operation from the user terminal 20. An example in the case of controlling is shown.
- the image v20a captured by the notification unit 106 configured as a display unit is displayed along with the image capturing by the digital camera, and the image v20a is transferred to the user terminal 20 and is displayed as the image v20b. It is displayed on the display unit 206 of the terminal 20.
- the digital camera may display the developer information v10 together with the image v20a displayed on the notification unit 106. In this way, by displaying the developer information v10 during the period in which the application d10 is operating, the user u20 can be further informed of the relationship between the operating application d10 and the developer indicated by the developer information v10. It becomes possible to raise awareness.
- FIG. 8 is a block diagram illustrating an example of the configuration of the management server 30 according to the present embodiment.
- the management server 30 includes a developer information acquisition unit 302, an identification information generation unit 304, a developer information storage unit 306, an encoded information generation unit 308, and a key information storage unit 310. Including.
- the developer information acquisition unit 302 operates the developer name 80 of the developer u50 specified by the developer u50 and a list of APIs to be used in the API group 50 by the developer u50. Get from.
- the method by which the developer information acquisition unit 302 acquires the developer name d20 and the API list is not particularly limited.
- the developer information acquisition unit 302 may acquire the developer name d20 and the API list from the developer terminal 80 using mail as a medium.
- the developer information acquisition unit 302 may generate a screen for designating a developer name d20 and a list of APIs.
- the developer u50 accesses the management server 30 by operating the developer terminal 80, and operates the screen presented by the developer information acquisition unit 302, thereby developing the developer name d20.
- a list of APIs may be specified.
- the developer information acquisition unit 302 outputs the acquired developer name d20 and the API list to the identification information generation unit 304.
- the identification information generation unit 304 acquires the developer name d20 and the API list from the developer information acquisition unit 302. The identification information generation unit 304 issues identification information d22 to the developer u50 indicated by “developer name d20”.
- the identification information generation unit 304 generates access control information d30 for controlling (permitting) access to the API specified in the list based on the acquired API list.
- the access control information d30 may be, for example, a list of API names permitted to be used, or a list of identification information indicating API names (for example, numbers indicating APIs). Further, the contents of the access control information may be appropriately changed according to the API management unit. For example, when the management is performed in units of packages, the access control information d30 may be a list of package names that are permitted to be used. Further, in the case where developers are managed by being divided into predetermined types and APIs that can be used are defined for the respective types of the developers, the access control information d30 may be information indicating the types of developers. As described above, the form of the access control information d30 is not particularly limited as long as the API permitted to be used can be identified.
- the identification information generation unit 304 associates the acquired developer name d20, the issued identification information d22, and the generated access control information d30 with each other and stores them in the developer information storage unit 306 as developer information. In addition, when receiving an application for registration regarding a newly used API from the developer u50 whose developer information has already been registered, the identification information generation unit 304 stores the development stored in the developer information storage unit 306. The developer u50's developer information may be updated.
- the identification information generation unit 304 outputs the acquired developer name d20, the issued identification information d22, and the generated access control information d30 to the encoded information generation unit 308.
- the encoded information generation unit 308 acquires the developer name d20, identification information d22, and access control information d30 from the identification information generation unit 304.
- the encoded information generation unit 308 encodes the developer name d20, the identification information d22, and the access control information d30 based on the key information k10 generated in advance to generate encoded information d32.
- the key information k10 is stored in the key information storage unit 310.
- the encoding information generation unit 308 may use an irreversible encoding method as an encoding method.
- the encoding method for generating the encoded information d32 is not limited as long as encoding is possible based on the key information.
- An example of an encoding method for generating the encoded information d32 is a keyed hash.
- the encoded information generation unit 308 transmits the identification information d22, the access control information d30, and the encoded information d32 to the developer terminal 80 of the developer u50.
- the developer u50 notifies the developer u50 of information for developing the application d10 using the API for which the application has been applied, that is, the identification information d22, the access control information d30, and the encoded information d32. Is done.
- the advance application for generating the application d10 by using the API for which the developer u50 has applied for use in the API group 50 is completed.
- the application d10 in order for the application d10 to use the API group 50 in the information processing apparatus 10, it is necessary to notify the information processing apparatus 10 of the developer identification information, the access control information d30, and the encoding information d32. Therefore, for example, in the application d10 developed by the developer u50, developer identification information, access control information d30, and encoding information d32 notified from the management server 30 to the developer u50 are embedded. If the developer identification information, the access control information d30, and the encoded information d32 are notified to the information processing apparatus 10, it is not always necessary to embed these pieces of information in the application d10.
- FIG. 9 is a block diagram illustrating an example of a functional configuration focused on processing related to API access control in the information processing apparatus 10 and the user terminal 20 according to the present embodiment, and description of other configurations is omitted. ing. It is assumed that the application d10 developed by the developer u50 is installed in the user terminal 20 as “application 25”.
- the authentication processing unit 250 includes a communication processing unit 252, an encoding processing unit 254, an access control information storage unit 256, and an encoding information storage unit 258.
- the access control information storage unit 256 is a storage unit that stores developer identification information (that is, developer name d20 and identification information d22) and access control information d30.
- the encoded information storage unit 258 is a storage unit that stores the encoded information d32.
- the communication processing unit 252 acquires data from the information processing apparatus 10 and transmits data to the information processing apparatus 10. Hereinafter, a specific operation of the communication processing unit 252 will be described.
- the communication processing unit 252 requests the information processing apparatus 10 to generate key information for encoding, and the key information is returned as a response.
- k20 is acquired from the information processing apparatus 10. The details of the key information k20 will be separately described later together with the description of the configuration of the information processing apparatus 10.
- the communication processing unit 252 When the key information k20 is acquired from the information processing apparatus 10, the communication processing unit 252 outputs the acquired key information k20 to the encoding processing unit 254. In addition, the communication processing unit 252 acquires the encoded information d52 from the encoding processing unit 254 as a response to the output of the key information k20.
- the encoded information d52 is information obtained by encoding the above-described encoded information d32 based on the key information k20. Note that the processing relating to the generation of the encoding information d52 will be separately described later together with the operation of the encoding processing unit 254.
- the communication processing unit 252 reads the developer identification information and the access control information d30 from the access control information storage unit 256.
- the communication processing unit 252 transmits the acquired encoded information d52 and the developer identification information and access control information d30 read from the access control information storage unit 256 to the information processing apparatus 10 as authentication information.
- the communication processing unit 252 transmits the authentication information to the information processing apparatus 10 without performing irreversible processing on the developer identification information and the access control information d30. Further, the communication processing unit 252 may be a transmission target to the information processing apparatus 10 without performing any of the encryption process and the encoding process on at least the developer identification information in the authentication information.
- the encryption process and the encoding process here refer to an encryption process and an encoding process for the purpose of protecting data, and only an encryption process and an encoding process for performing communication based on a predetermined communication method. It does not point to.
- the encoding processing unit 254 acquires the key information k20 from the communication processing unit 252. When acquiring the key information k20, the encoding processing unit 254 reads the encoded information d32 from the encoded information storage unit 258. The encoding processing unit 254 generates the encoded information d52 by encoding the read encoded information d32 based on the acquired key information k20.
- the encoding processing unit 254 uses an irreversible encoding method as an encoding method.
- the encoding method for generating the encoded information d52 is not limited as long as it can be encoded based on the key information and is irreversible.
- An example of an encoding method for generating the encoded information d52 is a keyed hash.
- the encoding processing unit 254 outputs the generated encoded information d52 to the communication processing unit 252.
- the authentication processing unit 150 includes a random number generation unit 152, an authentication information acquisition unit 154, a determination unit 156, a notification control unit 158, and an access control unit 160.
- the key information storage unit 104 is a storage unit that stores key information k10.
- the key information storage unit 104 stores key information k10 similar to the key information stored in the key information storage unit 310 of the management server 30 described above.
- the random number generator 152 When the random number generator 152 receives a request for generating key information from the user terminal 20, the random number generator 152 generates key information k20 for encoding.
- the key information k20 information generated randomly such as a random number can be cited.
- the key information k20 is not limited to a random number, and its mode is not particularly limited as long as it plays the role of a key for performing an encoding process.
- the random number generation unit 152 transmits the generated key information k20 to the user terminal 20. Accordingly, the user terminal 20 can generate the encoded information d52 by encoding the encoded information d32 based on the key information k20.
- the random number generation unit 152 outputs the generated key information k20 to the determination unit 156.
- the authentication information acquisition unit 154 acquires developer identification information, access control information d30, and encoded information d52 from the information processing apparatus 10 as authentication information.
- the authentication information acquisition unit 154 outputs the acquired authentication information to the determination unit 156.
- the determination unit 156 acquires the authentication information transmitted from the user terminal 20, and based on the acquired authentication information, whether the developer indicated by the developer identification information in the authentication information is a developer that has been applied in advance. Determine whether.
- the developer indicated by the developer identification information indicates the developer of the application d10 executed on the user terminal 20. Below, an example of the determination process by the determination part 156 is demonstrated.
- the determination unit 156 acquires the key information k20 from the random number generation unit 152. Also, the determination unit 156 acquires authentication information from the authentication information acquisition unit 154. The determination unit 156 reads the key information k10 from the key information storage unit 310.
- the determination unit 156 encodes the developer identification information and the access control information d30 in the acquired authentication information based on the key information k10, and generates encoded information d42. At this time, the determination unit 156 generates the encoded information d42 based on the same encoding process as the encoded information generation unit 308 of the management server 30. That is, when the encoded information d32 that is the generation source of the encoded information d52 is generated by the encoded information generation unit 308 based on the developer identification information and the access control information d30 in the authentication information, the encoded information d32 and d42 match.
- the determination unit 156 After generating the encoded information d42, the determination unit 156 encodes the generated encoded information d42 based on the key information k20 to generate encoded information d62. At this time, the determination unit 156 generates encoding information d62 based on the same encoding process as the encoding processing unit 254 of the user terminal 20.
- the determination unit 156 compares the generated encoded information d62 and the acquired encoded information d52 and, if they match, recognizes that the developer indicated by the developer identification information is a developer that has been applied in advance. To do. At this time, if the encoded information d32 and d42 match, the encoded information d52 and d62 encoded by the same encoding process based on the similar key information k20 match.
- the processing of the determination unit 156 described above is merely an example, and based on the acquired authentication information, whether or not the developer indicated by the developer identification information in the authentication information is a developer that has been applied in advance. If it can be determined, the operation is not limited. For example, if the determination unit 156 can communicate with the management server 30 via an external network such as the Internet, whether the developer identification information in the acquired authentication information is correct is determined via the external network. 30 may be queried.
- the encoded information d32 is encoded with the key information k20 and transmitted from the user terminal 20 to the information processing apparatus 10 .
- the encoded information d32 is not encoded with the key information k20. You may transmit to the information processing apparatus 10 from the user terminal 20. FIG. In that case, it is needless to say that it is not necessary to execute processing relating to generation and transmission of the key information k20 and encoding processing of the encoding information d32 based on the key information k20.
- the information processing apparatus 10 acquires the encoded information d32 from the user terminal 20, and makes a determination based on whether or not the acquired encoded information d32 matches the encoded information d42 generated based on the key information k10. Just do it.
- the determination unit 156 If it is recognized that the developer indicated by the developer identification information is a developer that has been applied in advance, the determination unit 156 outputs the access control information d30 to the access control unit 160. Further, the determination unit 156 includes at least the developer identification information (or the developer indicated by the developer identification information) among the authentication information recognized as the developer for which the developer indicated by the developer identification information is applied in advance. Information) is stored in the identification information storage unit 108. At this time, the determination unit 156 may cause the identification information storage unit 108 to store a series of information included in the authentication information.
- the determination unit 156 may notify the user terminal 20 that it has been determined that the developer indicated by the developer identification information is a developer that has been applied in advance. Upon receiving this notification, the user terminal 20 may call the API for which advance application for use has been made.
- the determination unit 156 may output information indicating the developer indicated by the developer identification information, for example, at least one of the developer name d20 and the identification information d22 to the notification control unit 158. In the following description, it is assumed that the determination unit 156 outputs both the developer name d20 and the identification information d22 to the notification control unit 158.
- the access control unit 160 acquires the access control information d30 from the determination unit 156.
- the application d10 is executed and the API is called by the process execution unit 260 (see FIG. 3, details will be described later) of the user terminal 20, the access control unit 160, based on the content of the access control information d30, Allow or restrict execution.
- the access control unit 160 permits execution of the API.
- the API is executed by the process execution unit 170 (see FIG. 3, details will be described later) of the information processing apparatus 10.
- the access control unit 160 permits the execution of the API.
- the access control unit 160 restricts or prohibits the execution of the API. At this time, the access control unit 160 may notify the user terminal 20 that execution of the called API is not permitted.
- the access control unit 160 controls the execution of each API in the API group 50 based on the access control information d30.
- the notification control unit 158 acquires the developer name d20 and the identification information d22 from the determination unit 156.
- the notification control unit 158 causes the notification unit 106 to notify the acquired developer name d20 and identification information d22, that is, information indicating the developer of the executed application d10 in an identifiable manner.
- the notification unit 106 may be configured as a display medium such as a display, for example.
- the notification unit 106 may be a display or the like provided for confirming information or referring to a captured image.
- the notification unit 106 can be configured as an output medium for outputting audio information such as a speaker. In this case, it goes without saying that information indicating the developer of the executed application d10 is output from the notification unit 106 as audio information.
- the information processing apparatus It is possible to suggest the user u20 who is using 10.
- the determination unit 156 decrypts the encryption process or the encoding process performed on the developer name d20 or the identification information d22, and the determination process described above based on the decrypted developer name d20 or the identification information d22. Should be executed.
- a management unit that restricts the use of an API can be appropriately changed according to the operation.
- different access control information d30 may be issued for each application.
- the access control information d30 issued for each application may be managed in association with one identification information d22, or different identification information d22 may be issued for each.
- the encoded information d32 generated based on each access control information d30 is also different, so that it is possible to switch access control for the API on a per application basis.
- the information processing apparatus 10 uses the access control information d30 to identify a part of APIs whose use is restricted in the series of APIs, and performs access control for the part of APIs.
- the information processing apparatus 10 does not necessarily use the access control information d30.
- the processes related to generation of the access control information d30, transmission / reception of the access control information d30 between the management server 30 and the developer terminal 80, and embedding of the access control information d30 in the application d10 are not necessarily required. Needless to say.
- FIG. 10 is a sequence diagram showing a series of operations of the management server 30 according to the present embodiment.
- the developer information acquisition unit 302 operates the developer name 80 of the developer u50 specified by the developer u50 and a list of APIs to be used in the API group 50 by the developer u50. Get from.
- the developer information acquisition unit 302 outputs the acquired developer name d20 and the list of APIs to the identification information generation unit 304.
- the identification information generation unit 304 acquires the developer name d20 and the API list from the developer information acquisition unit 302. The identification information generation unit 304 issues identification information d22 to the developer u50 indicated by “developer name d20”.
- the identification information generation unit 304 generates access control information d30 for controlling (permitting) access to the API specified in the list based on the acquired API list.
- the identification information generation unit 304 outputs the acquired developer name d20, the issued identification information d22, and the generated access control information d30 to the encoded information generation unit 308.
- Step S106 The encoded information generation unit 308 acquires the developer name d20, identification information d22, and access control information d30 from the identification information generation unit 304.
- the encoded information generation unit 308 encodes the developer name d20, the identification information d22, and the access control information d30 based on the key information k10 generated in advance to generate encoded information d32.
- the key information k10 is stored in the key information storage unit 310.
- the encoding information generation unit 308 uses an irreversible encoding method as the encoding method.
- the encoding method for generating the encoded information d32 is not limited as long as it can be encoded based on the key information and is irreversible.
- An example of an encoding method for generating the encoded information d32 is a keyed hash.
- Step S108 The encoded information generation unit 308 transmits the identification information d22, the access control information d30, and the encoded information d32 to the developer terminal 80 of the developer u50.
- the developer u50 notifies the developer u50 of information for developing the application d10 using the API for which the application has been applied, that is, the identification information d22, the access control information d30, and the encoded information d32. Is done.
- FIG. 11 is a sequence diagram illustrating an example of a series of operations related to access control to the API in the information processing apparatus 10 according to the present embodiment.
- Step S202 When a function corresponding to the authentication processing unit 250 is executed in the application d10, the communication processing unit 252 requests the information processing apparatus 10 to generate key information for encoding.
- the random number generator 152 When the random number generator 152 receives a request for generating key information from the user terminal 20, the random number generator 152 generates key information k20 for encoding.
- the key information k20 information generated randomly such as a random number can be cited.
- the key information k20 is not limited to a random number, and its mode is not particularly limited as long as it plays the role of a key for performing an encoding process.
- Step S204 The random number generation unit 152 transmits the generated key information k20 to the user terminal 20. Further, the random number generation unit 152 outputs the generated key information k20 to the determination unit 156. When the key information k20 is acquired from the information processing apparatus 10, the communication processing unit 252 outputs the acquired key information k20 to the encoding processing unit 254.
- Step S206 The encoding processing unit 254 acquires the key information k20 from the communication processing unit 252.
- the encoding processing unit 254 reads the encoded information d32 from the encoded information storage unit 258.
- the encoding processing unit 254 generates the encoded information d52 by encoding the read encoded information d32 based on the acquired key information k20.
- the encoding processing unit 254 uses an irreversible encoding method as an encoding method.
- the encoding method for generating the encoded information d52 is not limited as long as it can be encoded based on the key information and is irreversible.
- An example of an encoding method for generating the encoded information d52 is a keyed hash.
- the encoding processing unit 254 outputs the generated encoded information d52 to the communication processing unit 252.
- the communication processing unit 252 acquires the encoded information d52 from the encoding processing unit 254 as a response to the output of the key information k20.
- Step S208 the communication processing unit 252 reads the developer identification information (that is, the developer name d20 and the identification information d22) and the access control information d30 from the access control information storage unit 256.
- the communication processing unit 252 transmits the acquired encoded information d52 and the developer identification information and access control information d30 read from the access control information storage unit 256 to the information processing apparatus 10 as authentication information.
- the communication processing unit 252 transmits the authentication information to the information processing apparatus 10 without performing irreversible processing on the developer identification information and the access control information d30. Further, the communication processing unit 252 may be a transmission target to the information processing apparatus 10 without performing any of the encryption process and the encoding process on at least the developer identification information in the authentication information.
- the authentication information acquisition unit 154 acquires developer identification information, access control information d30, and encoded information d52 as authentication information from the information processing apparatus 10.
- the authentication information acquisition unit 154 outputs the acquired authentication information to the determination unit 156.
- the determination unit 156 acquires the key information k20 from the random number generation unit 152. Also, the determination unit 156 acquires authentication information from the authentication information acquisition unit 154. The determination unit 156 reads the key information k10 from the key information storage unit 310.
- the determination unit 156 encodes the developer identification information and the access control information d30 in the acquired authentication information based on the key information k10, and generates encoded information d42. At this time, the determination unit 156 generates the encoded information d42 based on the same encoding process as the encoded information generation unit 308 of the management server 30.
- the determination unit 156 After generating the encoded information d42, the determination unit 156 encodes the generated encoded information d42 based on the key information k20 to generate encoded information d62. At this time, the determination unit 156 generates encoding information d62 based on the same encoding process as the encoding processing unit 254 of the user terminal 20.
- the determination unit 156 compares the generated encoded information d62 and the acquired encoded information d52 and, if they match, recognizes that the developer indicated by the developer identification information is a developer that has been applied in advance. To do.
- Step S212 When it is recognized that the developer indicated by the developer identification information is a developer that has been applied for in advance, the determination unit 156 outputs the access control information d30 to the access control unit 160. Further, the determination unit 156 includes at least the developer identification information (or the developer indicated by the developer identification information) among the authentication information recognized as the developer for which the developer indicated by the developer identification information is applied in advance. Information) is stored in the identification information storage unit 108. At this time, the determination unit 156 may cause the identification information storage unit 108 to store a series of information included in the authentication information.
- the determination unit 156 may reject the access from the user terminal 20. In this case, the user terminal 20 side may terminate the application d10 upon receiving a notification regarding access refusal from the determination unit 15. As another example, if the developer indicated by the developer identification information cannot be recognized as a pre-applied developer, the determination unit 156 accesses only the API that does not require a pre-application. The permitted access control information may be output to the access control unit 160.
- the determination unit 156 may output information indicating the developer indicated by the developer identification information, for example, at least one of the developer name d20 and the identification information d22 to the notification control unit 158. In the following description, it is assumed that the determination unit 156 outputs both the developer name d20 and the identification information d22 to the notification control unit 158.
- the notification control unit 158 acquires the developer name d20 and the identification information d22 from the determination unit 156.
- the notification control unit 158 causes the notification unit 106 to notify the acquired developer name d20 and identification information d22, that is, information indicating the developer of the executed application d10 in an identifiable manner.
- Step S214 the determination unit 156 may notify the user terminal 20 that it has been determined that the developer indicated by the developer identification information is the developer that has been applied in advance. Upon receiving this notification, the user terminal 20 may call the API for which advance application for use has been made.
- the access control unit 160 acquires the access control information d30 from the determination unit 156.
- the access control unit 160 permits the execution of the API based on the content of the access control information d30. Or it restrict
- the access control unit 160 permits execution of the API.
- the API is executed by an execution unit (not shown) of the information processing apparatus 10.
- the access control unit 160 permits the execution of the API.
- the access control unit 160 restricts or prohibits the execution of the API. At this time, the access control unit 160 may notify the user terminal 20 that execution of the called API is not permitted.
- the access control unit 160 controls the execution of each API in the API group 50 based on the access control information d30.
- the information processing apparatus 10 acquires content by receiving access to each API in the API group 50 from the application 25, the information processing apparatus 10 is a developer who has applied for the content in advance. The developer information indicated by the determined developer identification information is associated. With such a configuration, the information processing system according to the present embodiment is based on the information on the developer associated with the content even when the application 25 misrepresents the developer and the API is illegally used. Provide a mechanism to detect the misrepresentation.
- FIG. 12 is a block diagram illustrating an example of a functional configuration focusing on processing related to content acquisition in the information processing apparatus 10 and the user terminal 20 according to the present embodiment, and description of other configurations is omitted. . It is assumed that the application d10 developed by the developer u50 is installed in the user terminal 20 as “application 25”.
- the processing execution unit 170 of the information processing apparatus 10 includes a control unit 172, a content processing unit 174, and an encryption processing unit 176.
- the process execution unit 260 calls an API for performing the control. 10 is performed.
- the API is called from the process execution unit 260
- access control of the target API is performed by the authentication processing unit 150 (specifically, the access control unit 160).
- the authentication processing unit 150 determines that the API that has been called Is permitted to the control unit 172.
- the control unit 172 receives the permission of the authentication processing unit 150, extracts the API called from the process execution unit 260 from the API group 50, and executes the extracted API. At this time, the control unit 172 may return the execution result of the API to the process execution unit 260.
- control unit 172 may cause the content acquisition unit 190 to acquire the content in response to the execution of the API called from the process execution unit 260.
- the API executed at this time may be a function for acquiring content, or a function executed in a series of processes for acquiring content, not the content acquisition itself. May be.
- functions realized by the API for example, a list of APIs supported by the information processing apparatus 10 and functions for performing settings related to content acquisition such as exposure conditions, white balance, exposure sensitivity, and the like. And a function for notifying such management information.
- control unit 172 When the control unit 172 acquires the content from the content acquisition unit 190 in response to the execution of the called API, the control unit 172 outputs the content to the content processing unit 174, and the developer information for the content is output.
- the content processing unit 174 is instructed to associate.
- the control unit 172 acquires the content associated with the information of the developer (that is, the developer requested in advance) from the content processing unit 174 and outputs the content to the process execution unit 260. Good.
- the content processing unit 174 obtains the content from the control unit 172, the developer identification information stored in the identification information storage unit 108, that is, the development indicating the developer that has been confirmed to be a pre-applied developer. Extract original identification information. Then, the content processing unit 174 associates the extracted developer identification information or the developer information indicated by the developer identification information with the acquired content.
- the developer information indicated by the developer identification information is information presented so that the developer can be identified, and may be simply referred to as “developer information” hereinafter.
- the method is not particularly limited as long as the extracted developer identification information or the developer information indicated by the developer identification information is associated with the acquired content.
- the content processing unit 174 may associate the content with the developer information by attaching the developer information to the content as attribute information of the acquired content.
- the content processing unit 174 may associate content with developer information recorded in a file different from the content. In the following description, in order to make the description easy to understand, the content processing unit 174 is described as associating the acquired content with the developer information indicated by the extracted developer identification information.
- the content processing unit 174 may associate the acquired content with the information of the developer that has been subjected to the encryption processing (hereinafter may be referred to as “encryption information”).
- the encryption processing unit 176 extracts the developer identification information stored in the identification information storage unit 108, and performs the encryption process on the developer information indicated by the extracted developer identification information. Generate encryption information. Then, the encryption processing unit 176 outputs the generated encryption information to the content processing unit 174.
- the content processing unit 174 may associate the encrypted information acquired from the encryption processing unit 176 with the content. Needless to say, the encryption processing unit 176 may generate the encrypted information by encrypting the developer identification information.
- key information for encrypting developer information is stored in advance in a location where the encryption processing unit 176 can read it, for example. Further, hereinafter, key information for encrypting developer information may be referred to as “key information k30”.
- a configuration that handles encrypted information as a processing target (details will be described later, for example, the content management server 70) can read key information k30 or key information for decryption corresponding to the key information k30. Needless to say, it may be configured.
- control unit 172 may transmit the content associated with the developer information to the user terminal 20 (for example, the process execution unit 260).
- the control unit 172 transmits (transfers) the content associated with the developer information to the content management server 70. May be.
- the content associated with the developer information may be stored in a storage medium provided in the information processing apparatus 10 such as the content storage unit 110.
- the entity that stores the content associated with the developer information in the content storage unit 110 may be the control unit 172 or the content processing unit 174.
- only one of the above-described processing related to transmission of the content associated with the developer information to the user terminal 20 and the processing of storing the content in the content storage unit 110 may be executed. It goes without saying that both may be executed.
- the information processing apparatus 10 may manage the period during which the access control to the API whose use is restricted based on the determination result of the developer described above is effective based on a preset rule. For example, the information processing apparatus 10 enables access to an API whose use is restricted only during a period in which the network n1 with the user terminal 20 is valid (that is, a period in which a connection is established), and disconnects the network n1. Thereafter, it may be invalid. If access to the API is requested again after invalidating access to the API, the information processing apparatus 10 may perform determination of the application developer again.
- the information processing apparatus 10 issues a session for each application that accesses an API whose use is restricted, and validates access to the API only during a period in which the session is valid, and invalidates after the session is disconnected. It is good. With such a configuration, the information processing apparatus 10 can perform access control for each application based on the issued session even when the API is accessed from a plurality of applications.
- the information processing apparatus 10 may invalidate the developer identification information stored in the identification information storage unit 108, for example, by deleting it.
- Example 1 Example 1 of recording developer information as attribute information of content
- Example 1 an example of a mechanism for detecting unauthorized use of an API accompanying a developer's misrepresentation when developer information and encryption information are attached to content as attribute information will be described.
- FIG. 13 is a diagram illustrating an example of data of the content d70 generated by the information processing apparatus 10 according to the present embodiment, and illustrates an example of a data structure of a header for associating attribute information with the content. .
- the header of the content d70 defines an area called IFD (Image File Directory) for tagging and recording each attribute information.
- IFD Image File Directory
- “0 th IFD” is an area for recording information of a predetermined type.
- a “Software” tag is defined for recording information on software used to acquire the content d70.
- the information processing apparatus 10 according to the first modification records developer information in a “Software” tag.
- an IFD called “ExifIFD” is defined in the header of the content d70.
- “ExifIFD” is an IFD defined based on a format called EXIF (Exchangeable image file format), and an IFD called “Makernote” is defined in the IFD.
- “MakerNote” is an example of an IFD in which a manufacturer of the information processing apparatus 10 that is a content acquisition source can freely define a tag to be associated.
- the information processing apparatus 10 according to the modified example 1 defines an IFD for recording the encryption information indicated as “Encrypted data” in “MakerNote”, and encrypts the “Remote application developer name” tag of the IFD. Record information.
- the information processing apparatus 10 (specifically, the content processing unit 174) according to the first modification records developer information in the Software tag and records encryption information in the Remote application developer name.
- the developer information is associated with the content d70.
- 0 th information IFD recorded on, for example, by the function of the OS can be referred to as information (properties) about the content d70.
- FIG. 14 is an example of a display screen v30 for information related to content, and shows a display example when the properties of the content are displayed by the function of Windows (registered trademark).
- the display screen v30, 0 th IFD developer information recorded on Software tags are displayed as the program name v32.
- the user u20 of the user terminal 20 can confirm the developer of the application used for acquiring the content d70.
- 0 th information recorded in the IFD for example, it is possible to modify the processing of the application. Therefore, for example, when an application executed on the user terminal 20 improperly acquires content using an API by misrepresenting the developer, the developer information recorded in the Software tag of the content is altered. Therefore, there are cases where unauthorized use is concealed.
- FIG. 15 is a diagram for explaining an overview of the information processing system according to the first embodiment, and illustrates an example in which the developer information recorded in the Software tag is modified.
- the example illustrated in FIG. 15 illustrates a case where the information processing apparatus 10 is configured as a so-called digital camera that acquires image data as content d70.
- an application of a developer “YYYYY” that is not permitted to use an API is misrepresented as a developer “XXXX” that is permitted to use an API.
- the image d72, the developer information d74 indicating that the developer is “XXXX”, and the developer information d74 are encrypted. Encrypted information d76.
- the application of the developer “YYYYY” modifies the developer information d74 indicating the developer “XXXX” to the developer information d74a indicating the developer “YYYYY”.
- the developer information of the developer “YYYYY” is displayed in the program name v32 of the screen v30 shown in FIG. Therefore, the user u20 of the user terminal 20 may continue to use the application without noticing that the application is an application that illegally uses the API.
- the content management server 70 when the content is uploaded (that is, transmitted or transferred) to the content management server 70, it is indicated that the API is illegally used. Detect at 70.
- the operation of the content management server 70 will be described below with reference to FIGS.
- FIG. 16 shows a schematic system configuration when attention is paid to the case where content is uploaded from the user terminal 20 to the content management server 70 via the network n1.
- the content d70a in which the developer information d74 indicating the developer “XXXX” is misrepresented as the developer information d74a indicating the developer “YYYYY” is uploaded to the content management server 70.
- the configuration for acquiring the content d70 from the user terminal 20 corresponds to an example of a “content acquisition unit”.
- the content management server 70 compares the developer information d74 attached to the content d70 acquired from the user terminal 20 and the encrypted information d76, and determines whether or not the developer information d74 has been altered. To do.
- key information for decrypting the encrypted information d76 that is, key information for decryption corresponding to the key information k30 used for generating the encrypted information d76 is previously stored in the content management server 70.
- the content management server 70 decrypts the encrypted information d76 based on the decryption key information, and compares the decrypted developer information with the developer information d74 attached to the content d70.
- the developer information d74 attached to the content d70 is altered (that is, when the altered developer information d74a is attached), the comparison results are inconsistent.
- the content management server 70 may store key information k30 used for generating the encrypted information d76 in advance.
- the content management server 70 may encrypt the developer information d74 attached to the content d70 based on the key information k30, and compare the encrypted developer information d74 with the encrypted information d76. At this time, if the developer information d74 attached to the content d70 has been altered, the comparison results are inconsistent.
- the content management server 70 changes the API of the developer information d74 based on the comparison result between the developer information d74 and the encrypted information d76 attached to the content d70, and further, the API of the developer by misrepresentation. It becomes possible to detect unauthorized use.
- the content management server 70 informs the user via the user terminal 20 that the application used to acquire the content d70 is an unauthorized application. You may notify u20.
- the user terminal 20 presents the content notified as a response to the upload of the content d70a to the user u20 as a message v40.
- the user u20 can recognize that the application used to acquire the content d70a uploaded to the content management server 70 is an unauthorized application.
- the content management server 70 may record and manage the developer indicated in the modified developer information d74a when detecting unauthorized use of the API due to the developer's misrepresentation.
- the content management server 70 manages the developer “YYYYY” indicated in the modified developer information d74a by recording it in the black list d80.
- the administrator of the content management server 70 or a person related to the camera manufacturer refers to the blacklist d80, so that the developer who misrepresents the developer information d74, that is, the developer It becomes possible to specify the developer who illegally used the API by misrepresentation.
- the content management server 70 displays the content management server 70 in the encryption information d76.
- the developed developer information may be presented.
- FIG. 19 shows an example in which the user u20 starts a browser on the user terminal 20 and refers to the content d70a stored in the content management server 70 via the browser.
- the content management server 70 decrypts the encrypted information d76 in the content d70a, and notifies the user terminal 20 of the decrypted developer information together with the image d72 in the content d70a.
- Reference sign v42 indicates developer information notified from the content management server 70 to the user terminal 20, that is, developer information decrypted from the encrypted information d76.
- the developer information shown in the encryption information d76 must have a configuration having key information k30 used at the time of encryption and key information for decryption corresponding to the key information k30. It is difficult to modify. That is, even when the developer information d74 attached to the content d70 is modified, the content management server 70 presents the developer information d74 before modification as the developer information shown in the encrypted information d76.
- the Rukoto is difficult to modify.
- the user u20 is different from the developer information d74a of the content d70 stored in the user terminal 20 and the developer information presented by the content management server 70. Can be recognized. That is, the user u20 can recognize that the application used to acquire the content d70a uploaded to the content management server 70 is an unauthorized application based on the developer information presented by the content management server 70. Become.
- FIG. 20 is a sequence diagram illustrating an example of a series of operations of the information processing system according to the first embodiment.
- the API in the information processing apparatus 10 is used, and image data is acquired as content by the information processing apparatus 10. Shows the case.
- Steps S302 and S304 When the application d10 is executed in the user terminal 20, first, in the information processing apparatus 10, processing related to the authentication of the developer is executed. In other words, the information processing apparatus 10 determines whether or not the developer of the application d10 is a pre-application developer, and controls access to the API in the information processing apparatus 10 based on the determination result. At this time, the information processing apparatus 10 stores developer identification information of the developer determined to be the developer that has been applied for in advance. The processing related to the authentication of the developer is the same as that described above with reference to FIG.
- Step S306 When the process related to the developer authentication is completed and access to the API whose use is restricted is permitted, the user terminal 20 controls the operation of the information processing apparatus 10 by accessing the permitted API. Here, it is assumed that the user terminal 20 instructs the information processing apparatus 10 to take an image by accessing an API whose use is restricted.
- Step S308 Based on the execution of the application d10, upon receiving an instruction relating to image capturing from the user terminal 20, the information processing apparatus 10 captures the image d72 and generates image data (ie, content) d70 based on the captured image d72. To do.
- the information processing apparatus 10 generates the encrypted information d76 by encrypting the developer information d74 indicated by the developer identification information stored when the developer is authenticated. Then, the information processing apparatus 10 attaches the developer information d74 and the encryption information d76 to the image data d70 as attribute information.
- Step S310 The information processing apparatus 10 outputs to the user terminal 20 the image data d70 with the developer information d74 and the encryption information d76.
- Step S399) it is assumed that the application d10 spoofs the developer and accesses the API of the information processing apparatus 10, and the developer information d74 in the image data d70 is changed to the developer information d74a by the processing of the application d10. Shall be.
- the image data d70 in which the developer information d74 is changed to the developer information d74a may be referred to as “image data d70a” hereinafter.
- Step S312 The user terminal 20 uploads the image data d70 acquired from the information processing apparatus 10 to the content management server 70 based on the execution of the application d10.
- description will be made assuming that the image data d70a in which the development source information d74 in the image data d70 is changed to the development source information d74a by the application d10 is uploaded to the content management server 70.
- Step S314 When the content management server 70 acquires the image data d70a from the user terminal 20, the content management server 70 compares the developer information d74a attached to the image data d70a with the encryption information d76 based on key information stored in advance. At this time, since the encrypted information d76 is generated based on the developer information d74 before modification, the comparison result with the developer information d74a after modification is inconsistent, and the content management server 70, based on the comparison result, Detects unauthorized use of APIs due to developer misrepresentation.
- Step S316 When the unauthorized use of the API due to the developer's misrepresentation is detected, the content management server 70 informs the user u20 via the user terminal 20 that the application used to acquire the content d70 is an unauthorized application. Notice. As a result, the user u20 can recognize that the application used to acquire the content d70a uploaded to the content management server 70 is an unauthorized application.
- the content management server 70 can manage the developer by recording the developer shown in the modified developer information d74a in the black list d80. Good.
- the administrator of the content management server 70 or a person related to the camera manufacturer refers to the blacklist d80, so that the developer who misrepresents the developer information d74, that is, the developer It becomes possible to specify the developer who illegally used the API by misrepresentation.
- the information processing apparatus 10 includes, for the acquired content, the developer information of the developer determined to be the developer that has been applied in advance, Encrypted developer information is added as attribute information.
- the developer information indicated in the encryption information is modified unless it has the key information used for encryption and the key information for decryption corresponding to the key information. Is difficult. Therefore, according to the information processing system according to the modified example 1, even when the developer information attached to the content is modified, the modification of the developer information based on the comparison with the encrypted information, and hence the development It is possible to detect unauthorized use of the API due to the original misrepresentation.
- the configuration includes key information (that is, key information k30 or Needless to say, it is necessary to store the decryption key information corresponding to the key information k30.
- Example 2 Example 2 of recording developer information as content attribute information
- an information processing system according to the second embodiment will be described.
- the first embodiment described above an example of a mechanism for detecting unauthorized use of an API accompanying a developer's misrepresentation by adding developer information and encryption information as attribute information to the content has been described.
- the outline of the information processing system according to the second embodiment will be described below with reference to FIG.
- the content d70 acquired by the information processing apparatus 10 based on the execution of the application in the user terminal 20 is uploaded to the content management server 70 from each of the user terminal 20 and a terminal 60 different from the user terminal 20.
- the terminal 60 is a terminal different from the user terminal 20 such as a PC (Personal Computer).
- the terminal 60 acquires, for example, the content d70 recorded on the portable medium by the information processing apparatus 10 by reading from the portable medium, and uploads the acquired content d70 to the content management server 70 via the network n0. .
- the information processing apparatus 10 can access the network n0, the information processing apparatus 10 itself may upload the content d70 to the content management server 70.
- the content management server 70 checks whether or not the content including the same image as the image d72 included in the content d70 has already been acquired.
- the developer information d74 in the content d70 is modified to the developer information d74a by the application, and the modified content d70a is uploaded from the user terminal 20 to the content management server 70.
- the content management server 70 extracts the content d70a, and compares the developer information attached as attribute information between the extracted content d70a and the content d70 acquired from the terminal 60.
- the comparison result of the developer information is inconsistent, the developer information d74 is altered in at least one of the contents d70 and d70a which are comparison targets. Therefore, if the comparison result of the developer information does not match, the content management server 70 recognizes that there is a possibility that the API is illegally used due to the developer's misrepresentation at the time of obtaining the image d72. Is possible.
- the content management server 70 determines whether the content d70 and the content d70a to be compared are transmitted to one or both of the transmission sources (that is, the terminal 60 and the user terminal 20). Alternatively, it may be notified that content may have been acquired by an unauthorized application.
- the content management server 70 acquires the content d70 including the same image d72 as the content that has already been acquired, Make a comparison. At this time, if the comparison result of the developer information does not match, at least one of the developer information among the contents to be compared is altered. Therefore, according to the information processing system according to the modified example 2, by comparing the developer information between different contents including the same image, the unauthorized use of the API due to the modification of the developer information, and consequently the developer's misrepresentation Can be detected.
- the case where the content d70 is image data including the image d72 has been described as an example.
- the type of the content d70 is The image data is not limited to the above.
- the content d70 may be audio data included as actual data including audio information.
- Example 3 Example of superimposing developer information on preview image
- a preview image is acquired as content, and developer information is superimposed on the preview image to detect unauthorized use of the API accompanying the developer's misrepresentation.
- FIG. 22 is a diagram for explaining the outline of the information processing system according to the third embodiment.
- preview image refers to an image acquired or generated separately from image data captured based on an imaging instruction from the user, such as a live view image updated in real time. ing.
- the information processing apparatus 10 when the information processing apparatus 10 receives an instruction regarding display of a preview image from the user terminal 20 when capturing an image d72, the information processing apparatus 10 displays the generated preview image d78. On the other hand, the developer information is superimposed. As a result, the user u20 can confirm the developer information determined in the information processing apparatus 10 when using the API via the preview image v44 displayed on the display unit 206 of the user terminal 20. Become.
- the information processing apparatus 10 may randomly change the position and time at which the developer information is superimposed on the preview image d78.
- FIG. 23 is a sequence diagram illustrating an example of a series of operations of the information processing system according to the third embodiment.
- the application d10 installed in the user terminal 20 is executed, whereby the API in the information processing apparatus 10 is used, and the preview image is acquired as content by the information processing apparatus 10. Shows the case.
- Steps S402 and S404 When the application d10 is executed in the user terminal 20, first, in the information processing apparatus 10, processing related to the authentication of the developer is executed. In other words, the information processing apparatus 10 determines whether or not the developer of the application d10 is a pre-application developer, and controls access to the API in the information processing apparatus 10 based on the determination result. At this time, the information processing apparatus 10 stores developer identification information of the developer determined to be the developer that has been applied for in advance. The processing related to the authentication of the developer is the same as that described above with reference to FIG.
- Step S406 When the process related to the developer authentication is completed and access to the API whose use is restricted is permitted, the user terminal 20 controls the operation of the information processing apparatus 10 by accessing the permitted API.
- the user terminal 20 has instructed the information processing apparatus 10 to present a preview image by accessing an API whose use is restricted.
- Step S408 When receiving an instruction relating to the presentation of the preview image from the user terminal 20 based on the execution of the application d10, the information processing apparatus 10 captures the preview image d78. At this time, the information processing apparatus 10 may capture the image d72 and generate a preview image d78 based on the captured image d72.
- Step S410 the information processing apparatus 10 extracts the developer identification information stored when the developer is authenticated, and superimposes the developer information indicated by the extracted developer identification information on the generated preview image d78.
- Step S412 the information processing apparatus 10 outputs a preview image d78 on which the developer information is superimposed to the user terminal 20.
- the information processing apparatus 10 may randomly change the position and time at which the developer information is superimposed on the preview image d78.
- Step S414 The user terminal 20 acquires the preview image d78 from the information processing apparatus 10 as a response to the instruction related to the presentation of the preview image, and displays the acquired preview image d78 on the display unit 206 (for example, a display).
- the user u20 transmits the information of the developer (that is, the developer that has been applied in advance) determined by the information processing apparatus 10 when using the API via the preview image v44 displayed on the user terminal 20. Can be confirmed.
- the information processing apparatus 10 superimposes the developer information on the generated preview image.
- the user u20 can check the developer information determined in the information processing apparatus 10 when using the API via the preview image displayed on the display unit 206 of the user terminal 20. .
- the application installed on the user terminal 20 illegally uses the API by misrepresenting the developer
- the user u20 has a developer different from the developer shown when the application is downloaded. Information will be confirmed. That is, in the information processing system according to the third embodiment, using such a mechanism, even if the API is illegally used due to the developer's misrepresentation, the developer is misrepresented by the user who uses the application. Can be noticed.
- the developer information is superimposed on the preview image on the information processing apparatus 10 side as described above.
- the information processing system according to the third embodiment in order to modify the developer information superimposed on the preview image on the application side, for example, it is necessary to perform image processing on the preview image. It is difficult to modify the developer information.
- the application side may specify the position and time at which the developer information is superimposed. It is practically difficult. For this reason, in the information processing system according to the third embodiment, it is extremely difficult to alter the developer information superimposed on the preview image on the application side.
- the information processing system according to the third embodiment can detect and consequently suppress the unauthorized use of the API associated with the developer's misrepresentation.
- FIG. 24 is a diagram for explaining the outline of the information processing system according to the fourth embodiment.
- the information processing apparatus 10 when the information processing apparatus 10 receives an instruction related to capturing an image d72 from the user terminal 20, the captured image d72 (that is, an actual image) is processed. To superimpose developer information. Then, the information processing apparatus 10 outputs the image d72 on which the developer information is superimposed (hereinafter, may be referred to as “image d72b”) to the user terminal 20.
- image d72b the image d72 on which the developer information is superimposed
- the user u20 refers to the acquired image d72b, so that the information of the developer that is determined when using the API in the information processing apparatus 10 is displayed on the display unit 206 of the user terminal 20, for example. It is possible to confirm via the displayed image v46.
- the information processing apparatus 10 may store the image d72b on which the developer information is superimposed in the content storage unit 110 (for example, a portable medium).
- the image d72 is not limited to a still image but may be a moving image.
- the information processing apparatus 10 may superimpose developer information on a part of the frames (for example, the last frame) among the frames constituting the moving image.
- FIG. 25 is a sequence diagram illustrating an example of a series of operations of the information processing system according to the fourth embodiment.
- the API in the information processing apparatus 10 is used by executing the application d10 installed in the user terminal 20, and an image (actual image) is used as content by the information processing apparatus 10. The case where it is acquired is shown.
- Steps S502 and S504 When the application d10 is executed in the user terminal 20, first, in the information processing apparatus 10, processing related to the authentication of the developer is executed. Since the operation related to the authentication of the developer is the same as that of the third embodiment (see FIG. 23), detailed description thereof is omitted.
- Step S506 When the process related to the developer authentication is completed and access to the API whose use is restricted is permitted, the user terminal 20 controls the operation of the information processing apparatus 10 by accessing the permitted API. Here, it is assumed that the user terminal 20 instructs the information processing apparatus 10 to take an image by accessing an API whose use is restricted.
- Step S408 Based on the execution of the application d10, the information processing apparatus 10 captures the image d72 when receiving an instruction related to image capturing from the user terminal 20.
- Step S410 the information processing apparatus 10 extracts the developer identification information stored at the time of authentication of the developer, and superimposes the developer information indicated by the extracted developer identification information on the captured image d72.
- Step S412 the information processing apparatus 10 outputs the image d72b on which the developer information is superimposed to the user terminal 20.
- the information processing apparatus 10 may store the image d72b in the content storage unit 110 (for example, a portable medium).
- the user u20 refers to the acquired image d72b, so that the information of the developer that is determined when using the API in the information processing apparatus 10 is displayed on the display unit 206 of the user terminal 20, for example. It is possible to confirm via the displayed image v46.
- the information processing apparatus 10 superimposes the developer information on the captured image.
- the user u20 can confirm the information of the developer determined in the information processing apparatus 10 when using the API, for example, via the image displayed on the display unit 206 of the user terminal 20. Become.
- the application installed on the user terminal 20 illegally uses the API by misrepresenting the developer
- the user u20 has a developer different from the developer shown when the application is downloaded. Information will be confirmed. That is, in the information processing system according to the fourth embodiment, using such a mechanism, even if the API is illegally used due to the developer's misrepresentation, the developer is misrepresented by the user who uses the application. Can be noticed.
- the developer information is superimposed on the image on the information processing apparatus 10 side as described above.
- the information processing system according to the fourth embodiment in order to modify the developer information superimposed on the image on the application side, Since it is necessary to perform processing, it is difficult to modify the developer information.
- the information processing system according to the fourth embodiment can detect and consequently suppress unauthorized use of the API associated with the developer's misrepresentation.
- Example 5 Example of recording developer information as history information
- Example 5 an API associated with the developer's misrepresentation is associated with the acquired content by associating history information regarding the acquisition of the content and the connection between the information processing apparatus 10 and the user terminal 20.
- FIG. 26 is a diagram for explaining an overview of the information processing system according to the fifth embodiment.
- the example shown in FIG. 26 has shown about the case where the image d72 is acquired as a content.
- the information processing apparatus 10 captures history information of each process, for example, when capturing an image d72 based on an instruction of an application installed in the user terminal 20. Record in the management data d90. At this time, the information processing apparatus 10 embeds developer information that is confirmed to be a pre-applied developer in the history information recorded in the management data d90. Further, the information processing apparatus 10 may embed information (for example, identification information) indicating the image d72 in the history information related to the acquisition of the image d72.
- information for example, identification information
- the management data d90 itself is managed on the information processing apparatus 10 side. Therefore, for example, even if the developer information associated with the image d72 is modified by an application on the user terminal 20 side, the developer used for accessing the API (that is, the advance information) is referred to by referring to the management data d90. It is possible to confirm the requested developer).
- FIG. 27 is a sequence diagram illustrating an example of a series of operations of the information processing system according to the fifth embodiment.
- the application d10 installed in the user terminal 20 is executed, whereby the API in the information processing apparatus 10 is used, and image data is acquired as content by the information processing apparatus 10. Shows the case.
- Steps S602 and S604 When the application d10 is executed in the user terminal 20, first, in the information processing apparatus 10, processing related to the authentication of the developer is executed. Since the operation related to the authentication of the developer is the same as that of the third embodiment (see FIG. 23), detailed description thereof is omitted.
- Step S606 When the process related to the authentication of the developer is completed, the information processing apparatus 10 generates history information related to the process, and embeds the developer information that has been confirmed to be a pre-applied developer in the history information. Then, the information processing apparatus 10 records the history information in which the developer information is embedded in the management data d90.
- Step S608 When the process related to the developer authentication is completed and access to the API whose use is restricted is permitted, the user terminal 20 controls the operation of the information processing apparatus 10 by accessing the permitted API. Here, it is assumed that the user terminal 20 instructs the information processing apparatus 10 to take an image by accessing an API whose use is restricted.
- Step S610 Based on the execution of the application d10, the information processing apparatus 10 captures the image d72 when receiving an instruction related to image capturing from the user terminal 20.
- Step S612 When the imaging of the image d72 is completed, the information processing apparatus 10 generates history information related to the imaging of the image d72, and it is confirmed that the history information includes information indicating the image d72 and a developer that has been applied in advance. Embedded developer information. Then, the information processing apparatus 10 records the history information in which the developer information is embedded in the management data d90.
- the imaged d72 is associated with the history information recorded in the management data d90.
- the management data d90 is data different from the content managed on the information processing apparatus 10 side, and is limited to data for managing history information as long as it is data in which information related to the content is recorded. Not.
- the information processing apparatus 10 is confirmed to be a developer who has previously applied for the history information of the process when executing the process related to content acquisition.
- the developer information is embedded and recorded in the management data d90.
- the access to the API can be performed by referring to the management data d90 managed on the information processing apparatus 10 side. It is possible to confirm the developer used for the application (that is, the developer applied in advance).
- FIG. 28 is a diagram for explaining the outline of the information processing system according to the fifth embodiment. The example shown in FIG. 28 shows a case where the image d72 is acquired as content.
- the management data d90 is transferred together.
- the transfer of the image d72 and the management data d90 from the information processing apparatus 10 to the terminal 60 may be realized, for example, by communication via a network or may be realized by movement of data via a portable medium. Good.
- the terminal 60 When the terminal 60 acquires the image d72 and the management data d90, the terminal 60 specifies history information related to acquisition of the image d72 from the management data d90, and extracts developer information embedded in the specified history information. The terminal 60 then presents the developer information extracted from the history information in association with the acquired image d72 as indicated by the reference sign v80.
- FIG. 29 is a sequence diagram illustrating an example of a series of operations of the information processing system according to the sixth embodiment.
- the application d10 installed in the user terminal 20 is executed, so that the image acquired by the information processing apparatus 10 using the API in the information processing apparatus 10 is displayed on the terminal 60. It shows the case where it is displayed on the side.
- Step S702 and S704 When the terminal 60 requests transmission of management data d90 in which history information is recorded (step S702), the information processing apparatus 10 transmits management data d90 to the terminal 60 based on the request (step S704).
- Step S706 and S708 Next, when the terminal 60 requests transmission of the image d72 recorded in the information processing apparatus 10 (step S706), the information processing apparatus 10 transmits the image d72 to the terminal 60 based on the request (step S708). .
- Step S710 When the terminal 60 acquires the image d72 and the management data d90, the terminal 60 specifies history information related to acquisition of the image d72 from the management data d90, and extracts developer information embedded in the specified history information. Then, the terminal 60 presents the acquired image d72 in association with the developer information extracted from the history information.
- the series of operations described above can be realized by, for example, an application installed in the terminal 60 (for example, an application provided by the manufacturer of the information processing apparatus 10).
- the image processing system when the image d72 acquired by the information processing apparatus 10 is transferred to the terminal 60, the history information related to the acquisition of the image d72 is recorded. Data d90 is transferred together. Then, the terminal 60 presents the acquired image d72 in association with the developer information recorded as history information in the management data d90.
- the presented developer information is information recorded in the management data d90 managed on the information processing apparatus 10 side, so that it is difficult to modify it by an application operating on the user terminal 20. That is, according to the image processing system according to the sixth embodiment, the user u20 confirms the information of the developer used for accessing the API (that is, the information of the developer that has been applied in advance) when acquiring the image d72. As a result, it is possible to detect unauthorized use of the API due to the developer's misrepresentation.
- FIG. 30 is a sequence diagram illustrating an example of a series of operations of the information processing system according to the seventh embodiment. When encrypted communication is performed between the information processing apparatus 10 and the user terminal 20 for each of a plurality of applications. An example is shown.
- management software for example, OS
- the API in the information processing apparatus 10 is accessed.
- Step S802 In order to transmit and receive information between the user terminal 20 and the information processing apparatus 10, first, a connection (that is, a communication path) between the user terminal 20 and the information processing apparatus 10 is established.
- a connection request is transmitted from the management software of the user terminal 20 to the information processing apparatus 10, and a connection is established between the user terminal 20 and the information processing apparatus 10 based on the connection request.
- An example of a connection established between the user terminal 20 and the information processing apparatus 10 is a wireless communication path in direct communication between apparatuses such as Wi-Fi.
- Step S811 Next, an operation when the application a1 accesses the API in the information processing apparatus 10 will be described.
- the application a1 requests the information processing apparatus 10 to establish an encrypted communication path.
- the information processing apparatus 10 establishes an encrypted communication path with the application a1.
- SSL Secure Sockets Layer
- TLS Transport Layer Security
- Step S813 When the encrypted communication path is established, the information processing apparatus 10 issues a session key k31 to the application a1 via the established communication path. Thereafter, the application a1 transmits and receives information to and from the information processing apparatus 10 based on the session key k31 issued from the information processing apparatus 10 while the communication path with the information processing apparatus 10 is established. I do.
- Step S815) For example, the application a1 transmits the session key k31 together with the authentication information to the information processing apparatus 10 via the encrypted communication path when executing processing related to developer authentication.
- the information processing apparatus 10 recognizes based on the session key k31 transmitted from the application a1 that the information and instruction transmitted together are transmitted from the application a1.
- Step S817) Further, the information processing apparatus 10 executes processing related to authentication of the developer based on the authentication information transmitted from the application a1, and manages the developer identification information sent as authentication information in association with the session key k31. Good.
- the information processing apparatus 10 corresponds to the developer identification information associated with the similar session key k31 based on the session key k31 transmitted together when the API from the application a1 is accessed. Access control can be performed.
- the information processing apparatus 10 continues access control corresponding to the developer identification information associated with the session key k31.
- Step S819) Note that when the end of communication is instructed from the application a1, the information processing apparatus 10 disconnects the communication path (that is, the encrypted communication path) with the application a1. At this time, the information processing apparatus 10 may invalidate (discard) the session key k31. Further, when the session key k31 is invalidated, the information processing apparatus 10 may invalidate (discard) the developer identification information managed in association with the session key k31.
- Step S821 The case where the application a2 accesses the API in the information processing apparatus 10 is the same as the case of the application a1. That is, the information processing apparatus 10 receives a request from the application a2, and establishes an encrypted communication path with the application a2.
- Step S823 the information processing apparatus 10 issues a session key to the application a2 through the established communication path. At this time, the information processing apparatus 10 issues a session key k32 different from the application a1 to the application a2. Thereafter, the application a2 transmits and receives information to and from the information processing apparatus 10 based on the session key k32 issued from the information processing apparatus 10 while the communication path with the information processing apparatus 10 is established. I do.
- Step S829) the information processing apparatus 10 disconnects the communication path (that is, the encrypted communication path) with the application a2.
- the information processing apparatus 10 may invalidate (discard) the session key k32 and the developer identification information managed in association with the session key k32.
- Step S804 when receiving an instruction for disconnecting the connection from the management software of the user terminal 20, the information processing apparatus 10 disconnects the connection established between the user terminal 20 and the information processing apparatus 10.
- the information processing apparatus 10 issues different session keys to the different applications a1 and a2. Then, the information processing apparatus 10 identifies the application that is the transmission source of the information and instruction based on the session key transmitted together with the information and instruction from each application, and performs access control corresponding to the application.
- the information processing apparatus 10 rejects the instruction from the application. It is also possible.
- FIG. 31 is an explanatory diagram showing an example of a hardware configuration of the information processing apparatus 10.
- the information processing apparatus 10 includes a CPU (Central Processing Unit) 901, a ROM (Read Only Memory) 902, a RAM (Random Access Memory) 903, an input device 908, an output device 910, and the like.
- the CPU 901 functions as an arithmetic processing unit and a control unit, and controls the overall operation in the information processing apparatus 10 according to various programs.
- the CPU 901 can be configured by, for example, a circuit for executing various arithmetic processes. Further, the CPU 901 may be a microprocessor.
- the CPU 901 can realize various functions according to various programs. For example, the processing unit 130 in the information processing apparatus 10 described above, that is, each process of the authentication processing unit 150 and the processing execution unit 170 can be realized by the CPU 901.
- the ROM 902 stores programs used by the CPU 901, calculation parameters, and the like.
- the RAM 903 temporarily stores programs used in the execution of the CPU 901, parameters that change as appropriate during the execution, and the like. These are connected to each other by a host bus including a CPU bus.
- the input device 908 includes input means for a user to input information, such as buttons and switches, and an input control circuit that generates an input signal based on an input by the user and outputs the input signal to the CPU 901.
- a user of the information processing apparatus 10 can instruct the information processing apparatus 10 to perform a processing operation by operating the input device 908.
- the output device 910 includes a display device such as a liquid crystal display (LCD) device, an OLED (Organic Light Emitting Diode) device, and a lamp. Furthermore, the output device 910 includes an audio output device such as a speaker and headphones. For example, the display device displays a captured image or a generated image. On the other hand, the audio output device converts audio data or the like into audio and outputs it. Note that the notification unit 106 in the information processing apparatus 10 described above can be realized by the output device 910.
- LCD liquid crystal display
- OLED Organic Light Emitting Diode
- the storage device 911 is a data storage device configured as an example of a storage unit of the information processing apparatus 10 according to the present embodiment.
- the storage device 911 may include a storage medium, a recording device that records data on the storage medium, a reading device that reads data from the storage medium, a deletion device that deletes data recorded on the storage medium, and the like.
- the storage device 911 stores programs executed by the CPU 901 and various data.
- the drive 912 is a reader / writer for a storage medium, and is built in or externally attached to the information processing apparatus 10.
- the drive 912 reads information recorded on a mounted removable storage medium such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and outputs the information to the RAM 903.
- the drive 912 can also write information on a removable storage medium.
- the key information storage unit 104, the identification information storage unit 108, and the content storage unit 110 in the information processing apparatus 10 described above can be realized by a removable storage medium attached to the RAM 903, the storage apparatus 911, or the drive 912.
- the communication device 913 is a communication interface configured with, for example, a communication device for connecting to the network N.
- the communication device 913 according to the embodiment of the present disclosure includes a wireless LAN (Local Area Network) compatible communication device.
- the communication device 915 may include an LTE (Long Term Evolution) compatible communication device or a wire communication device that performs wired communication.
- the communication unit 102 in the information processing apparatus 10 described above can be realized by the communication apparatus 913.
- the imaging device 914 has a function of capturing a still image or a moving image via a lens according to the control of the CPU 901.
- the imaging device 914 may store the captured image in a removable storage medium attached to the storage device 911 or the drive 912. Note that the content acquisition unit 190 in the information processing apparatus 10 described above can be realized by the imaging apparatus 914, for example.
- the CPU 901, ROM 902, and RAM 903 are connected to each other via a bus 904.
- the input device 908, the output device 910, the storage device 911, the drive 912, the communication device 913, and the imaging device 914 are connected to the bus 906 via the interface 907, and the bus 906 and the bus 904 are connected to the bridge 905. Connected through.
- the CPU 901, ROM 902, RAM 903, input device 908, output device 910, storage device 911, drive 912, communication device 913, and imaging device 914 are connected to each other.
- the network N is a wired or wireless transmission path for information transmitted from a device connected to the network N.
- the network N may include a public line network such as the Internet, a telephone line network, and a satellite communication network, various LANs including the Ethernet (registered trademark), a WAN (Wide Area Network), and the like.
- the network N may include a dedicated line network such as an IP-VPN (Internet Protocol-Virtual Private Network).
- FIG. 31 is merely an example, and the hardware configuration illustrated in FIG. 31 is not limited as long as the operation of the information processing apparatus 10 according to the embodiment of the present disclosure described above can be realized.
- the information processing apparatus 10 acquires the developer identification information associated with the application d10 from the user terminal 20, and the acquired developer identification information is The execution of the API is controlled depending on whether or not the developer shown is a developer that has been applied in advance. With such a configuration, the information processing apparatus 10 can restrict the use of the API according to the developer.
- the information processing apparatus 10 associates the acquired content with the developer information determined to be a pre-applied developer.
- the information processing apparatus system according to the present embodiment provides a mechanism for detecting unauthorized use of an API due to a developer's misrepresentation based on developer information associated with the content. Can be suppressed.
- An acquisition unit that acquires developer identification information associated with an application program that the user terminal has, from the user terminal; Based on the developer identification information, an authentication processing unit for performing authentication processing of the developer of the application program, After the authentication process, based on an instruction from the user terminal, a control unit that controls execution of a function that the device has, A content processing unit that receives the execution of the function, acquires content, and associates the acquired content with the information of the developer that has been subjected to the authentication processing;
- An information processing apparatus comprising: (2) The information processing unit according to (1), wherein the content processing unit associates the content with the developer information by attaching the developer information on which the authentication process has been performed to the acquired content. apparatus.
- the content processing unit associates the content and the information of the developer by attaching the encrypted information obtained by encrypting the information of the developer subjected to the authentication process to the acquired content.
- the information processing apparatus according to (3), wherein the encryption information associated with the content is information for determining whether or not the developer information attached to the content has been altered.
- the information processing apparatus according to (2), wherein the content accompanied by the developer information is transmitted to the user terminal.
- the content is image data
- the content processing unit associates the information on the developer with the image data by superimposing the information on the developer on which the authentication processing has been performed on an image displayed based on the image data.
- the information processing apparatus according to any one of (5) to (5).
- the information processing apparatus is actual data of an image included in the image data.
- the information processing apparatus is a preview image based on actual data of an image included in the image data.
- the content processing unit associates the content with the information on the developer by recording the information on the developer on which the authentication processing has been performed in management data associated with the content.
- the image processing apparatus according to any one of (8).
- the image processing apparatus according to (9), wherein the management data associated with the content is data for managing a history related to acquisition of the content.
- the authentication processing unit determines whether the developer of the application program is a pre-applied developer based on the developer identification information, according to any one of (1) to (10).
- the control unit controls execution of a function of the user based on an instruction from the user terminal, The information processing apparatus according to (11).
- the image processing apparatus Provided with an audio output unit for outputting audio information, The image processing apparatus according to (13), wherein the notification control unit causes the audio output unit to output information on a developer on which the authentication process has been performed, as audio information.
- the notification control unit causes the display unit to display information on a developer on which the authentication process has been performed.
- (16) Obtaining developer identification information associated with the application program of the user terminal from the user terminal; A processor performs authentication processing of the developer of the application program based on the developer identification information; After execution of the authentication process, based on an instruction from the user terminal, controlling execution of a function that the user has; Acquiring the content upon execution of the function, associating the acquired content with the information of the developer on which the authentication processing has been performed; Including an information processing method.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
1.課題の整理
2.概略的な構成
2.1.システム構成
2.2.情報処理装置及びユーザ端末の構成
3.APIへのアクセス制御
3.1.概要
3.2.管理サーバの構成
3.3.情報処理装置及びユーザ端末の構成
3.4.処理
3.3.1.事前申請に係る動作
3.3.2.APIへのアクセス制御に係る動作
3.5.情報処理装置及びユーザ端末の処理
4.コンテンツの取得
5.実施例
5.1.実施例1:コンテンツの属性情報として開発元情報を記録する例1
5.2.実施例2:コンテンツの属性情報として開発元情報を記録する例2
5.3.実施例3:プレビュー画像上へ開発元情報を重畳させる例
5.4.実施例4:実画像上へ開発元情報を重畳させる例
5.5.実施例5:履歴情報として開発元情報を記録する例
5.6.実施例6:履歴情報として記録された開発元情報の表示例
5.7.実施例7:複数のアプリケーションを動作させる場合の例
6.ハードウェア構成
7.まとめ
まず、図1を参照しながら、本開示の実施形態に係る情報処理システムの課題について整理する。図1は、本開示の実施形態に係る情報処理システムの適用分野について説明するための図である。
次に、本実施形態に係る情報処理システムの概略的な構成について説明する。本実施形態に係る情報処理システムは、開発者u50が情報処理装置10の動作を制御するためのアプリケーションを開発できるように、当該情報処理装置10の動作制御に係るAPI群50を、開発者u50に公開するための仕組みを提供する。
まず、図2を参照しながら、本実施形態に係る情報処理システムの概略的な構成について説明する。図2は、本実施形態に係る情報処理システムの概略的なシステム構成の一例を示した図である。
次に、図3を参照しながら、本実施形態に係る情報処理装置10及びユーザ端末20の概略的な機能構成について説明する。図3は、本実施形態に係る情報処理装置10及びユーザ端末20の概略的な機能構成の一例を示したブロック図である。
[3.1.概要]
本実施形態に係る情報処理システムでは、情報処理装置10は、自身の動作を制御するためのAPI群50に対する開発者u50の利用申請の状況に応じて、アプリケーションd10からAPI群50中の各APIへのアクセスを制御する。
次に、図8を参照しながら、管理サーバ30の詳細な構成について説明する。図8は、本実施形態に係る管理サーバ30の構成の一例を示したブロック図である。
次に、図9を参照しながら、APIへのアクセス制御に係る情報処理装置10及びユーザ端末20の詳細な構成について説明する。図9は、本実施形態に係る情報処理装置10及びユーザ端末20におけるAPIへのアクセス制御に係る処理に着目した機能構成の一例を示したブロック図であり、その他の構成については記載を省略している。なお、ユーザ端末20には、開発者u50のより開発されたアプリケーションd10が、「アプリケーション25」としてインストールされているものとして説明する。
次に、本実施形態に係る情報処理システムにおける、APIへのアクセス制御に係る処理の流れについて説明する。なお、以降では、特に、開発者u50がAPI群50の利用のための事前申請に係る動作と、ユーザ端末20からの情報に基づき情報処理装置10がAPI群50の利用を制御する動作とに着目して説明する。
まず、図10を参照しながら、開発者u50が管理サーバ30に対してAPI群50の利用に関する事前申請を行う場合の、管理サーバ30の処理の流れについて説明する。図10は、本実施形態に係る管理サーバ30の一連の動作を示したシーケンス図である。
開発元情報取得部302は、開発者u50により指定された当該開発者u50の開発者名d20と、API群50のうち使用するAPIのリストとを、当該開発者u50が操作する開発者端末80から取得する。開発元情報取得部302は、取得した開発者名d20と、APIのリストとを識別情報生成部304に出力する。
識別情報生成部304は、開発者名d20と、APIのリストとを開発元情報取得部302から取得する。識別情報生成部304は、「開発者名d20」が示す開発者u50に対して識別情報d22を発行する。
符号化情報生成部308は、開発者名d20と、識別情報d22と、アクセス制御情報d30とを、識別情報生成部304から取得する。
符号化情報生成部308は、識別情報d22と、アクセス制御情報d30と、符号化情報d32とを、開発者u50の開発者端末80に送信する。これにより、開発者u50が、利用申請を行ったAPIを使用してアプリケーションd10を開発するための情報、即ち、識別情報d22、アクセス制御情報d30、及び符号化情報d32が、開発者u50に通知される。
次に、図11を参照しながら、ユーザ端末20からの指示を受けて、情報処理装置10が、API群50の利用に関する権限を確認し、API群50に対するアクセス制御を行う場合の、情報処理装置10及びユーザ端末20の処理の流れについて説明する。図11は、本実施形態に係る情報処理装置10におけるAPIへのアクセス制御に係る一連の動作の一例を示したシーケンス図である。
アプリケーションd10のうち、認証処理部250に相当する機能が実行されると、通信処理部252は、情報処理装置10に対して符号化のための鍵情報の生成を依頼する。
乱数生成部152は、生成した鍵情報k20をユーザ端末20に送信する。また、乱数生成部152は、生成した鍵情報k20を判定部156に出力する。情報処理装置10から鍵情報k20を取得すると、通信処理部252は、取得した鍵情報k20を符号化処理部254に出力する。
符号化処理部254は、通信処理部252から鍵情報k20を取得する。鍵情報k20を取得すると、符号化処理部254は、符号化情報記憶部258から符号化情報d32を読み出す。符号化処理部254は、読み出した符号化情報d32を取得した鍵情報k20に基づき符号化して、符号化情報d52を生成する。
また、通信処理部252は、アクセス制御情報記憶部256から、開発元識別情報(即ち、開発者名d20及び識別情報d22)と、アクセス制御情報d30とを読み出す。通信処理部252は、取得した符号化情報d52と、アクセス制御情報記憶部256から読み出した開発元識別情報及びアクセス制御情報d30とを、認証情報として情報処理装置10に送信する。
認証情報取得部154は、情報処理装置10から認証情報として、開発元識別情報、アクセス制御情報d30、及び符号化情報d52を取得する。認証情報取得部154は、取得した認証情報を判定部156に出力する。
開発元識別情報が示す開発元が事前申請された開発元であると認識したら、判定部156は、アクセス制御情報d30をアクセス制御部160に出力する。また、判定部156は、開発元識別情報が示す開発元が事前申請された開発元であると認識された認証情報のうち、少なくとも開発元識別情報(もしくは、当該開発元識別情報が示す開発元の情報)を、識別情報記憶部108に記憶させる。なお、このとき判定部156は、認証情報に含まれる一連の情報を識別情報記憶部108に記憶させてもよい。
また、判定部156は、開発元識別情報が示す開発元が事前申請された開発元であることが判別されたことを、ユーザ端末20に通知してもよい。この通知を受けて、ユーザ端末20は、利用に関する事前申請を行ったAPIの呼び出しを行えばよい。
アクセス制御部160は、判定部156からアクセス制御情報d30を取得する。アクセス制御部160は、ユーザ端末20の実行部(図示しない)によりアプリケーションd10が実行されAPIが呼び出された場合には(ステップS216)、アクセス制御情報d30の内容に基づき、当該APIの実行を許可または制限する(ステップS218)。
次に、本実施形態に係る情報処理装置10における、コンテンツの取得に係る処理について説明する。本実施形態に係る情報処理装置10は、アプリケーション25からAPI群50中の各APIへのアクセスを受けてコンテンツを取得した場合には、当該コンテンツに対して、事前申請された開発元であると判定された開発元識別情報が示す開発元の情報を関連付ける。このような構成により、本実施形態に係る情報処理システムは、例えば、アプリケーション25が開発元を詐称することでAPIが不正に利用された場合においても、コンテンツに関連付けられた開発元の情報に基づき当該詐称を検知する仕組みを提供する。
[5.1.実施例1:コンテンツの属性情報として開発元情報を記録する例1]
まず、実施例1として、コンテンツに対し、属性情報として開発元情報及び暗号化情報を付帯した場合における、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明する。
ユーザ端末20においてアプリケーションd10が実行されると、まず、情報処理装置10において、開発元の認証に係る処理が実行される。即ち、情報処理装置10により、当該アプリケーションd10の開発元が、事前申請された開発元か否かが判定され、判定結果に基づき当該情報処理装置10内のAPIへのアクセスが制御される。また、このとき、情報処理装置10は、事前申請された開発元であると判定された開発元の開発元識別情報を記憶する。なお、開発元の認証に係る処理については、図11に基づき前述した内容と同様のため、詳細な説明は省略する。
開発元の認証に係る処理が完了し利用が制限されたAPIへのアクセスが許可されると、ユーザ端末20は、許可されたAPIにアクセスすることで、情報処理装置10の動作を制御する。ここでは、ユーザ端末20は、利用が制限されたAPIにアクセスすることで情報処理装置10に対して画像の撮影を指示したものとして説明する。
アプリケーションd10の実行に基づき、ユーザ端末20から画像の撮影に係る指示を受けると、情報処理装置10は、画像d72を撮像し、撮像された画像d72に基づき画像データ(即ち、コンテンツ)d70を生成する。
情報処理装置10は、開発元情報d74と暗号化情報d76とが付帯された画像データd70を、ユーザ端末20に出力する。
ここで、アプリケーションd10が、開発元を詐称して情報処理装置10のAPIにアクセスしたものとし、当該アプリケーションd10の処理により、画像データd70中の開発元情報d74が、開発元情報d74aに改変されたものとする。なお、開発元情報d74が開発元情報d74aに改変された画像データd70を、以降では、「画像データd70a」と記載する場合がある。
ユーザ端末20は、アプリケーションd10の実行に基づき、情報処理装置10から取得した画像データd70をコンテンツ管理サーバ70にアップロードする。ここでは、アプリケーションd10により、画像データd70中の開発元情報d74が開発元情報d74aに改変された画像データd70aが、コンテンツ管理サーバ70にアップロードされたものとして説明する。
コンテンツ管理サーバ70は、ユーザ端末20から画像データd70aを取得すると、あらかじめ記憶された鍵情報を基に、画像データd70aに付帯された開発元情報d74aと、暗号化情報d76とを比較する。このとき、暗号化情報d76は改変前の開発元情報d74に基づき生成されているため、改変後の開発元情報d74aとの比較結果は不一致となり、コンテンツ管理サーバ70は、当該比較結果に基づき、開発元の詐称によるAPIの不正利用を検出する。
開発元の詐称によるAPIの不正利用を検出した場合には、コンテンツ管理サーバ70は、当該コンテンツd70の取得に用いられたアプリケーションが不正なアプリケーションである旨を、ユーザ端末20を介してユーザu20に通知する。これにより、ユーザu20は、コンテンツ管理サーバ70にアップロードしたコンテンツd70aの取得に使用したアプリケーションが、不正なアプリケーションであることを認識することが可能となる。
次に、実施例2に係る情報処理システムについて説明する。前述した実施例1では、コンテンツに対して、開発元情報及び暗号化情報を属性情報として付帯することで、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明した。実施例2では、コンテンツに対して、開発元情報のみを属性情報として付帯した場合(即ち、暗号化情報を付帯しない場合)において、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明する。以下に、図21を参照しながら、実施例2に係る情報処理システムの概要について説明する。
次に、実施例3として、画像データの取得に際し、プレビュー画像をコンテンツとして取得し、当該プレビュー画像上に開発元情報を重畳表示させることで、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明する。例えば、図22は、実施例3に係る情報処理システムの概要について説明するための図である。なお、本説明において、「プレビュー画像」とは、例えば、リアルタイムに更新されるライブビュー画像のように、ユーザからの撮像指示に基づき撮像される画像データとは別に取得または生成される画像を示している。
ユーザ端末20においてアプリケーションd10が実行されると、まず、情報処理装置10において、開発元の認証に係る処理が実行される。即ち、情報処理装置10により、当該アプリケーションd10の開発元が、事前申請された開発元か否かが判定され、判定結果に基づき当該情報処理装置10内のAPIへのアクセスが制御される。また、このとき、情報処理装置10は、事前申請された開発元であると判定された開発元の開発元識別情報を記憶する。なお、開発元の認証に係る処理については、図11に基づき前述した内容と同様のため、詳細な説明は省略する。
開発元の認証に係る処理が完了し利用が制限されたAPIへのアクセスが許可されると、ユーザ端末20は、許可されたAPIにアクセスすることで、情報処理装置10の動作を制御する。ここでは、ユーザ端末20は、利用が制限されたAPIにアクセスすることで情報処理装置10に対してプレビュー画像の提示を指示したものとして説明する。
アプリケーションd10の実行に基づき、ユーザ端末20からプレビュー画像の提示に係る指示を受けると、情報処理装置10は、プレビュー画像d78を撮像する。なお、このとき、情報処理装置10は、画像d72を撮像し、撮像された画像d72に基づきプレビュー画像d78を生成してもよい。
次いで、情報処理装置10は、開発元の認証時に記憶した開発元識別情報を抽出し、抽出した開発元識別情報が示す開発元情報を、生成したプレビュー画像d78に重畳させる。
そして、情報処理装置10は、開発元情報が重畳されたプレビュー画像d78をユーザ端末20に出力する。なお、このとき、情報処理装置10は、プレビュー画像d78に対して開発元情報を重畳する位置や時間をランダムに変更してもよい。
ユーザ端末20は、プレビュー画像の提示に係る指示に対する応答として、情報処理装置10からプレビュー画像d78を取得し、取得したプレビュー画像d78を表示部206(例えば、ディスプレイ)に表示させる。これにより、ユーザu20は、情報処理装置10においてAPIの利用に際し判定が行われた開発元(即ち、事前に申請された開発元)の情報を、ユーザ端末20に表示されたプレビュー画像v44を介して確認することが可能となる。
次に、実施例4に係る情報処理システムについて説明する。実施例3に係る情報処理システムでは、プレビュー画像をコンテンツとして取得し、当該プレビュー画像上に開発元情報を重畳表示させていた。実施例4に係る情報処理システムでは、撮像される画像(即ち、実画像)をコンテンツとして、当該実画像に開発元情報を重畳表示させることで、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明する。例えば、図24は、実施例4に係る情報処理システムの概要について説明するための図である。
ユーザ端末20においてアプリケーションd10が実行されると、まず、情報処理装置10において、開発元の認証に係る処理が実行される。なお、当該開発元の認証に係る動作は、前述した実施例3(図23参照)と同様ため、詳細な説明は省略する。
開発元の認証に係る処理が完了し利用が制限されたAPIへのアクセスが許可されると、ユーザ端末20は、許可されたAPIにアクセスすることで、情報処理装置10の動作を制御する。ここでは、ユーザ端末20は、利用が制限されたAPIにアクセスすることで情報処理装置10に対して画像の撮影を指示したものとして説明する。
アプリケーションd10の実行に基づき、ユーザ端末20から画像の撮影に係る指示を受けると、情報処理装置10は、画像d72を撮像する。
次いで、情報処理装置10は、開発元の認証時に記憶した開発元識別情報を抽出し、抽出した開発元識別情報が示す開発元情報を、撮像した画像d72に重畳させる。
そして、情報処理装置10は、開発元情報が重畳された画像d72bをユーザ端末20に出力する。なお、このとき、情報処理装置10は、画像d72bをコンテンツ記憶部110(例えば、可搬媒体等)に記憶してもよい。
次に、実施例5として、取得されたコンテンツに対して、当該コンテンツの取得や、情報処理装置10とユーザ端末20との間の接続に関する履歴情報を関連付けることで、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明する。例えば、図26は、実施例5に係る情報処理システムの概要について説明するための図である。なお、図26に示す例は、画像d72をコンテンツとして取得する場合について示している。
ユーザ端末20においてアプリケーションd10が実行されると、まず、情報処理装置10において、開発元の認証に係る処理が実行される。なお、当該開発元の認証に係る動作は、前述した実施例3(図23参照)と同様ため、詳細な説明は省略する。
開発元の認証に係る処理が完了すると、情報処理装置10は、当該処理に関する履歴情報を生成し、当該履歴情報に、事前申請された開発元であることが確認された開発元情報を埋め込む。そして、情報処理装置10は、開発元情報が埋め込まれた履歴情報を、管理データd90に記録する。
開発元の認証に係る処理が完了し利用が制限されたAPIへのアクセスが許可されると、ユーザ端末20は、許可されたAPIにアクセスすることで、情報処理装置10の動作を制御する。ここでは、ユーザ端末20は、利用が制限されたAPIにアクセスすることで情報処理装置10に対して画像の撮影を指示したものとして説明する。
アプリケーションd10の実行に基づき、ユーザ端末20から画像の撮影に係る指示を受けると、情報処理装置10は、画像d72を撮像する。
画像d72の撮像が完了すると、情報処理装置10は、当該画像d72の撮像に関する履歴情報を生成し、当該履歴情報に、画像d72を示す情報と、事前申請された開発元であることが確認された開発元情報とを埋め込む。そして、情報処理装置10は、開発元情報が埋め込まれた履歴情報を、管理データd90に記録する。
次に、情報処理装置10に記録されたコンテンツをPCのような端末60で参照する際に、実施例5で示した管理データd90に記録された開発元情報をあわせて提示することで、開発元の詐称に伴うAPIの不正利用を検出する仕組みの一例について説明する。例えば、図28は、実施例5に係る情報処理システムの概要について説明するための図である。なお、図28に示す例は、画像d72をコンテンツとして取得する場合について示している。
端末60から、履歴情報が記録された管理データd90の送信が要求されると(ステップS702)、情報処理装置10は、当該要求に基づき管理データd90を端末60に送信する(ステップS704)。
次いで、端末60から、情報処理装置10に記録された画像d72の送信が要求されると(ステップS706)、情報処理装置10は、当該要求に基づき画像d72を端末60に送信する(ステップS708)。
端末60は、画像d72及び管理データd90を取得すると、管理データd90から画像d72の取得に関する履歴情報を特定し、特定した履歴情報に埋め込まれた開発元情報を抽出する。そして、端末60は、取得した画像d72に対して、履歴情報から抽出された開発元情報を関連付けて提示する。
次に、実施例7として、ユーザ端末20側で動作する複数のアプリケーションのそれぞれから、情報処理装置10内のAPIに対してアクセスされる場合における動作の一例について、図30を参照しながら説明する。図30は、実施例7に係る情報処理システムの一連の動作の一例を示したシーケンス図であり、複数のアプリケーションそれぞれについて、情報処理装置10とユーザ端末20との間で暗号化通信を行う場合の一例について示している。
ユーザ端末20と情報処理装置10との間で情報の送受信を行うために、まず、ユーザ端末20と情報処理装置10との間のコネクション(即ち、通信経路)が確立される。この場合には、例えば、ユーザ端末20の管理ソフトから情報処理装置10に対して接続要求が送信され、当該接続要求に基づき、ユーザ端末20と情報処理装置10との間でコネクションが確立される。なお、ユーザ端末20と情報処理装置10との間で確立されるコネクションの一例として、Wi-Fiのような装置間の直接通信における無線通信の経路が挙げられる。
次に、アプリケーションa1が、情報処理装置10内のAPIにアクセスする場合の動作について説明する。まず、アプリケーションa1は、情報処理装置10に対して暗号化された通信経路の確立を要求する。アプリケーションa1からの要求を受けて、情報処理装置10は、当該アプリケーションa1との間で暗号化された通信経路を確立する。なお、通信経路を暗号化するための技術として、例えば、SSL(Secure Sockets Layer)やTLS(Transport Layer Security)が挙げられる。
暗号化された通信経路を確立すると、情報処理装置10は、確立された通信経路を介してアプリケーションa1にセッションキーk31を発行する。以降、アプリケーションa1は、情報処理装置10との間の通信経路が確立されている間は、情報処理装置10から発行されたセッションキーk31に基づき、当該情報処理装置10との間で情報の送受信を行う。
例えば、アプリケーションa1は、開発元の認証に係る処理を実行する場合に、情報処理装置10に対し、認証情報とあわせてセッションキーk31を、暗号化された通信経路を介して送信する。
また、情報処理装置10は、アプリケーションa1から送信された認証情報に基づき開発元の認証に係る処理を実行し、認証情報として送付された開発元識別情報をセッションキーk31に関連付けて管理してもよい。
なお、アプリケーションa1から通信の終了が指示されると、情報処理装置10は、当該アプリケーションa1との間の通信経路(即ち、暗号化された通信経路)を切断する。このとき、情報処理装置10は、セッションキーk31を無効化(破棄)してもよい。また、情報処理装置10は、セッションキーk31を無効化した場合には、当該セッションキーk31と関連付けて管理している開発元識別情報をあわせて無効化(破棄)してもよい。
また、アプリケーションa2が、情報処理装置10内のAPIにアクセスする場合についても、アプリケーションa1の場合と同様である。即ち、情報処理装置10は、アプリケーションa2からの要求を受けて、当該アプリケーションa2との間で暗号化された通信経路を確立する。
また、暗号化された通信経路を確立すると、情報処理装置10は、確立された通信経路を介してアプリケーションa2にセッションキーを発行する。なお、このとき情報処理装置10は、アプリケーションa2に対して、アプリケーションa1とは異なるセッションキーk32を発行する。以降、アプリケーションa2は、情報処理装置10との間の通信経路が確立されている間は、情報処理装置10から発行されたセッションキーk32に基づき、当該情報処理装置10との間で情報の送受信を行う。
そして、アプリケーションa2から通信の終了が指示されると、情報処理装置10は、当該アプリケーションa2との間の通信経路(即ち、暗号化された通信経路)を切断する。このとき、情報処理装置10は、アプリケーションa1の場合と同様に、セッションキーk32と、当該セッションキーk32に関連付けて管理している開発元識別情報とを無効化(破棄)してもよい。
また、ユーザ端末20の管理ソフトからコネクションの切断に係る指示を受けると、情報処理装置10は、ユーザ端末20と情報処理装置10との間で確立されたコネクションを切断する。
以上、本開示の実施形態を説明した。上述した情報処理装置10による情報処理は、以下に説明するような情報処理装置10のハードウェアとの協働により実現される。
以上のように、本実施形態に係る情報処理装置システムに依れば、情報処理装置10は、アプリケーションd10に関連付けられた開発元識別情報をユーザ端末20から取得し、取得した開発元識別情報が示す開発元が、事前申請された開発元か否かに応じてAPIの実行を制御する。このような構成により、情報処理装置10は、開発者に応じてAPIの利用を制限することが可能となる。
(1)
ユーザ端末が有するアプリケーションプログラムに関連付けられた開発元識別情報を、当該ユーザ端末から取得する取得部と、
前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元の認証処理を行う認証処理部と、
前記認証処理の後に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御する制御部と、
前記機能の実行を受けてコンテンツを取得し、取得した前記コンテンツに、前記認証処理が行われた前記開発元の情報を関連付けるコンテンツ処理部と、
を備える、情報処理装置。
(2)
前記コンテンツ処理部は、前記認証処理が行われた開発元の情報を、取得した前記コンテンツに付帯することにより、当該コンテンツと当該開発元の情報とを関連付ける、前記(1)に記載の情報処理装置。
(3)
前記コンテンツ処理部は、前記認証処理が行われた開発元の情報が暗号化された暗号化情報を、取得した前記コンテンツに付帯することにより、当該コンテンツと当該開発元の情報とを関連付ける、前記(2)に記載の情報処理装置。
(4)
前記コンテンツに関連付けられた暗号化情報は、当該コンテンツに付帯された開発元の情報が改変されているか否かを判定するための情報である、前記(3)に記載の情報処理装置。
(5)
前記開発元の情報が付帯された前記コンテンツは、前記ユーザ端末に送信される、前記(2)に記載の情報処理装置。
(6)
前記コンテンツは、画像データであり、
前記コンテンツ処理部は、前記画像データに基づき表示される画像上に、前記認証処理が行われた開発元の情報を重畳させることで、当該画像データに当該開発元の情報を関連付ける、前記(1)~(5)のいずれか一項に記載の情報処理装置。
(7)
前記画像データに基づき表示される画像は、当該画像データに含まれる画像の実データである、前記(6)に記載の情報処理装置。
(8)
前記画像データに基づき表示される画像は、当該画像データに含まれる画像の実データに基づくプレビュー画像である、前記(6)に記載の情報処理装置。
(9)
前記コンテンツ処理部は、前記コンテンツに関連付けられた管理データに、前記認証処理が行われた開発元の情報を記録することで、当該コンテンツと当該開発元の情報とを関連付ける、前記(1)~(8)のいずれか一項に記載の画像処理装置。
(10)
前記コンテンツに関連付けられた管理データは、当該コンテンツの取得に係る履歴を管理するためのデータである、前記(9)に記載の画像処理装置。
(11)
前記認証処理部は、前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元が事前申請された開発元であるか否かを判定する、前記(1)~(10)のいずれか一項に記載の情報処理装置。
(12)
前記制御部は、前記開発元識別情報の示す前記アプリケーションプログラムの開発元が事前申請された開発元である場合に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御する、前記(11)に記載の情報処理装置。
(13)
前記認証処理が行われた開発元の情報の示す前記アプリケーションプログラムの開発元を識別可能に通知するための通知制御部を備える、前記(1)~(12)のいずれか一項に記載の画像処理装置。
(14)
音声情報を出力するための音声出力部を備え、
前記通知制御部は、前記認証処理が行われた開発元の情報を、音声情報として前記音声出力部から出力させる、前記(13)に記載の画像処理装置。
(15)
表示部を備え、
前記通知制御部は、前記認証処理が行われた開発元の情報を前記表示部に表示させる、前記(13)に記載の画像処理装置。
(16)
ユーザ端末が有するアプリケーションプログラムに関連付けられた開発元識別情報を、当該ユーザ端末から取得することと、
プロセッサが、前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元の認証処理を行うことと、
前記認証処理の後に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御することと、
前記機能の実行を受けてコンテンツを取得し、取得した前記コンテンツに、前記認証処理が行われた前記開発元の情報を関連付けることと、
を含む、情報処理方法。
(17)
コンピュータに、
ユーザ端末が有するアプリケーションプログラムに関連付けられた開発元識別情報を、当該ユーザ端末から取得することと、
前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元の認証処理を行うことと、
前記認証処理の後に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御することと、
前記機能の実行を受けてコンテンツを取得し、取得した前記コンテンツに、前記認証処理が行われた前記開発元の情報を関連付けることと、
を実行させるプログラム。
(18)
ユーザ端末が有するアプリケーションプログラムであって、情報処理装置により取得されるコンテンツの取得に係るアプリケーションプログラムに関連付けられた開発元の情報と、前記情報処理装置により認証された開発元に対応した前記開発元の情報が暗号化された暗号化情報とが関連付けられた前記コンテンツを、取得するコンテンツ取得部と、
前記アプリケーションプログラムに関連付けられた開発元の情報と、前記暗号化情報が示す開発元の情報とを比較し、当該コンテンツに関連付けられた開発元の情報が改変されているか否かを判定する判定部と、
を備えるサーバ。
(19)
前記判定の結果を前記情報処理装置に通知する通知部を備える、前記(18)に記載のサーバ。
15 判定部
20 ユーザ端末
25 アプリケーション
30 管理サーバ
70 コンテンツ管理サーバ
80 開発者端末
80 端末
90 アプリケーション提供サーバ
102 通信部
104 鍵情報記憶部
106 通知部
108 識別情報記憶部
110 コンテンツ記憶部
130 処理部
150 認証処理部
152 乱数生成部
154 認証情報取得部
156 判定部
158 通知制御部
160 アクセス制御部
170 処理実行部
172 制御部
174 コンテンツ処理部
176 暗号化処理部
190 コンテンツ取得部
202 通信部
204 コンテンツ記憶部
206 表示部
250 認証処理部
252 通信処理部
254 符号化処理部
256 アクセス制御情報記憶部
258 符号化情報記憶部
260 処理実行部
302 開発者情報取得部
304 識別情報生成部
306 開発者情報記憶部
308 符号化情報生成部
310 鍵情報記憶部
Claims (19)
- ユーザ端末が有するアプリケーションプログラムに関連付けられた開発元識別情報を、当該ユーザ端末から取得する取得部と、
前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元の認証処理を行う認証処理部と、
前記認証処理の後に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御する制御部と、
前記機能の実行を受けてコンテンツを取得し、取得した前記コンテンツに、前記認証処理が行われた前記開発元の情報を関連付けるコンテンツ処理部と、
を備える、情報処理装置。 - 前記コンテンツ処理部は、前記認証処理が行われた開発元の情報を、取得した前記コンテンツに付帯することにより、当該コンテンツと当該開発元の情報とを関連付ける、請求項1に記載の情報処理装置。
- 前記コンテンツ処理部は、前記認証処理が行われた開発元の情報が暗号化された暗号化情報を、取得した前記コンテンツに付帯することにより、当該コンテンツと当該開発元の情報とを関連付ける、請求項2に記載の情報処理装置。
- 前記コンテンツに関連付けられた暗号化情報は、当該コンテンツに付帯された開発元の情報が改変されているか否かを判定するための情報である、請求項3に記載の情報処理装置。
- 前記開発元の情報が付帯された前記コンテンツは、前記ユーザ端末に送信される、請求項2に記載の情報処理装置。
- 前記コンテンツは、画像データであり、
前記コンテンツ処理部は、前記画像データに基づき表示される画像上に、前記認証処理が行われた開発元の情報を重畳させることで、当該画像データに当該開発元の情報を関連付ける、請求項1に記載の情報処理装置。 - 前記画像データに基づき表示される画像は、当該画像データに含まれる画像の実データである、請求項6に記載の情報処理装置。
- 前記画像データに基づき表示される画像は、当該画像データに含まれる画像の実データに基づくプレビュー画像である、請求項6に記載の情報処理装置。
- 前記コンテンツ処理部は、前記コンテンツに関連付けられた管理データに、前記認証処理が行われた開発元の情報を記録することで、当該コンテンツと当該開発元の情報とを関連付ける、請求項1に記載の情報処理装置。
- 前記コンテンツに関連付けられた管理データは、当該コンテンツの取得に係る履歴を管理するためのデータである、請求項9に記載の情報処理装置。
- 前記認証処理部は、前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元が事前申請された開発元であるか否かを判定する、請求項1に記載の情報処理装置。
- 前記制御部は、前記開発元識別情報の示す前記アプリケーションプログラムの開発元が事前申請された開発元である場合に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御する、請求項11に記載の情報処理装置。
- 前記認証処理が行われた開発元の情報の示す前記アプリケーションプログラムの開発元を識別可能に通知するための通知制御部を備える、請求項1に記載の情報処理装置。
- 音声情報を出力するための音声出力部を備え、
前記通知制御部は、前記認証処理が行われた開発元の情報を、音声情報として前記音声出力部から出力させる、請求項13に記載の情報処理装置。 - 表示部を備え、
前記通知制御部は、前記認証処理が行われた開発元の情報を前記表示部に表示させる、請求項13に記載の情報処理装置。 - ユーザ端末が有するアプリケーションプログラムに関連付けられた開発元識別情報を、当該ユーザ端末から取得することと、
プロセッサが、前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元の認証処理を行うことと、
前記認証処理の後に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御することと、
前記機能の実行を受けてコンテンツを取得し、取得した前記コンテンツに、前記認証処理が行われた前記開発元の情報を関連付けることと、
を含む、情報処理方法。 - コンピュータに、
ユーザ端末が有するアプリケーションプログラムに関連付けられた開発元識別情報を、当該ユーザ端末から取得することと、
前記開発元識別情報に基づいて、前記アプリケーションプログラムの開発元の認証処理を行うことと、
前記認証処理の後に、前記ユーザ端末からの指示に基づき、自身が有する機能の実行を制御することと、
前記機能の実行を受けてコンテンツを取得し、取得した前記コンテンツに、前記認証処理が行われた前記開発元の情報を関連付けることと、
を実行させるプログラム。 - ユーザ端末が有するアプリケーションプログラムであって、情報処理装置により取得されるコンテンツの取得に係るアプリケーションプログラムに関連付けられた開発元の情報と、前記情報処理装置により認証された開発元に対応した前記開発元の情報が暗号化された暗号化情報とが関連付けられた前記コンテンツを、取得するコンテンツ取得部と、
前記アプリケーションプログラムに関連付けられた開発元の情報と、前記暗号化情報が示す開発元の情報とを比較し、当該コンテンツに関連付けられた開発元の情報が改変されているか否かを判定する判定部と、
を備えるサーバ。 - 前記判定の結果を前記情報処理装置に通知する通知部を備える、請求項18に記載のサーバ。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/100,419 US10318715B2 (en) | 2014-02-06 | 2014-11-25 | Information processing device, information processing method, program, and server |
CN201480074472.XA CN105940403B (zh) | 2014-02-06 | 2014-11-25 | 信息处理设备、信息处理方法、程序和服务器 |
EP14881618.4A EP3073403B1 (en) | 2014-02-06 | 2014-11-25 | Information processing device, information processing method, program, and server |
JP2015561164A JP6471698B2 (ja) | 2014-02-06 | 2014-11-25 | 情報処理装置、情報処理方法、プログラム、及びサーバ |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014021477 | 2014-02-06 | ||
JP2014-021477 | 2014-02-06 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015118751A1 true WO2015118751A1 (ja) | 2015-08-13 |
Family
ID=53777568
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/081074 WO2015118751A1 (ja) | 2014-02-06 | 2014-11-25 | 情報処理装置、情報処理方法、プログラム、及びサーバ |
Country Status (5)
Country | Link |
---|---|
US (1) | US10318715B2 (ja) |
EP (1) | EP3073403B1 (ja) |
JP (1) | JP6471698B2 (ja) |
CN (1) | CN105940403B (ja) |
WO (1) | WO2015118751A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020514863A (ja) * | 2016-12-28 | 2020-05-21 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | 証明書取得方法、認証方法及びネットワークデバイス |
US11928148B2 (en) | 2019-11-19 | 2024-03-12 | Canon Kabushiki Kaisha | Information processing apparatus, method of controlling the same, non-transitory computer-readable storage medium, and information processing system |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7077688B2 (ja) * | 2018-03-15 | 2022-05-31 | 株式会社リコー | 情報処理システム、情報処理装置、情報処理方法及びプログラム |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005092275A (ja) * | 2003-09-12 | 2005-04-07 | Minolta Co Ltd | 処理装置、ネットワークシステム、制御方法、および制御プログラム |
US20080155698A1 (en) * | 2006-12-22 | 2008-06-26 | Schlumberger Technology Corporation | Method of and system for watermarking applicatoin modules |
JP2009116865A (ja) * | 2007-10-18 | 2009-05-28 | Hitachi Ltd | 情報提供方法及び広告提供方法 |
JP2012098814A (ja) * | 2010-10-29 | 2012-05-24 | Toshiba Corp | 情報処理装置及びプログラム |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5825877A (en) | 1996-06-11 | 1998-10-20 | International Business Machines Corporation | Support for portable trusted software |
JPH10301773A (ja) * | 1997-04-30 | 1998-11-13 | Sony Corp | 情報処理装置および情報処理方法、並びに記録媒体 |
JP4166437B2 (ja) * | 2001-01-31 | 2008-10-15 | 株式会社日立製作所 | 真正性出力方法及びその実施装置並びにその処理プログラム |
US8789204B2 (en) * | 2009-12-22 | 2014-07-22 | Nokia Corporation | Method and apparatus for secure cross-site scripting |
WO2011080668A1 (en) * | 2009-12-31 | 2011-07-07 | Nokia Corporation | Method and apparatus for a content protection |
US20110225074A1 (en) * | 2010-03-12 | 2011-09-15 | Microsoft Corporation | System and method for providing information as a service via web services |
EP2727307A4 (en) * | 2011-07-01 | 2015-05-06 | Nokia Corp | SOFTWARE AUTHENTICATION |
CN102271130B (zh) * | 2011-07-22 | 2014-09-10 | 四川长虹电器股份有限公司 | 实现软件安全交付及分发的方法 |
US9495849B2 (en) * | 2011-08-05 | 2016-11-15 | Rsi Video Technologies, Inc. | Security monitoring system |
US9032303B2 (en) * | 2012-02-28 | 2015-05-12 | Microsoft Technology Licensing, Llc | Web-based interaction with a local system |
US8844026B2 (en) * | 2012-06-01 | 2014-09-23 | Blackberry Limited | System and method for controlling access to secure resources |
US9105110B2 (en) * | 2012-08-04 | 2015-08-11 | Fujifilm North America Corporation | Method of simulating an imaging effect on a digital image using a computing device |
US20150022666A1 (en) * | 2013-07-22 | 2015-01-22 | Intellivision Technologies Corp. | System and method for scalable video cloud services |
EA201690882A1 (ru) * | 2013-10-30 | 2016-11-30 | Джилбарко Инк. | Криптографическая отметка водяным знаком содержимого в топливораздаточном оборудовании |
US11336648B2 (en) * | 2013-11-11 | 2022-05-17 | Amazon Technologies, Inc. | Document management and collaboration system |
US9276934B2 (en) * | 2014-03-31 | 2016-03-01 | Cellco Partnership | Self-activation of user device |
-
2014
- 2014-11-25 US US15/100,419 patent/US10318715B2/en active Active
- 2014-11-25 JP JP2015561164A patent/JP6471698B2/ja active Active
- 2014-11-25 EP EP14881618.4A patent/EP3073403B1/en active Active
- 2014-11-25 CN CN201480074472.XA patent/CN105940403B/zh active Active
- 2014-11-25 WO PCT/JP2014/081074 patent/WO2015118751A1/ja active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005092275A (ja) * | 2003-09-12 | 2005-04-07 | Minolta Co Ltd | 処理装置、ネットワークシステム、制御方法、および制御プログラム |
US20080155698A1 (en) * | 2006-12-22 | 2008-06-26 | Schlumberger Technology Corporation | Method of and system for watermarking applicatoin modules |
JP2009116865A (ja) * | 2007-10-18 | 2009-05-28 | Hitachi Ltd | 情報提供方法及び広告提供方法 |
JP2012098814A (ja) * | 2010-10-29 | 2012-05-24 | Toshiba Corp | 情報処理装置及びプログラム |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020514863A (ja) * | 2016-12-28 | 2020-05-21 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | 証明書取得方法、認証方法及びネットワークデバイス |
US11451531B2 (en) | 2016-12-28 | 2022-09-20 | Huawei Technologies Co., Ltd. | Certificate obtaining method, authentication method, and network device |
US11928148B2 (en) | 2019-11-19 | 2024-03-12 | Canon Kabushiki Kaisha | Information processing apparatus, method of controlling the same, non-transitory computer-readable storage medium, and information processing system |
Also Published As
Publication number | Publication date |
---|---|
EP3073403A1 (en) | 2016-09-28 |
US20160306951A1 (en) | 2016-10-20 |
JPWO2015118751A1 (ja) | 2017-03-23 |
CN105940403A (zh) | 2016-09-14 |
CN105940403B (zh) | 2019-09-06 |
EP3073403A4 (en) | 2017-05-10 |
JP6471698B2 (ja) | 2019-02-20 |
EP3073403B1 (en) | 2019-01-09 |
US10318715B2 (en) | 2019-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102137673B1 (ko) | 어플리케이션 연결 방법 및 이를 이용하는 시스템 | |
US11868509B2 (en) | Method and arrangement for detecting digital content tampering | |
TWI539838B (zh) | 用於接取憑證供應的方法與裝置 | |
JP5852265B2 (ja) | 計算装置、コンピュータプログラム及びアクセス許否判定方法 | |
KR101583206B1 (ko) | 인터넷 사이트에 업로드되는 멀티미디어에서 사용자의 프라이버시를 보호하는 시스템 및 방법 | |
US9608966B2 (en) | Information handling device, information output device, and recording medium | |
US20150326692A1 (en) | Terminal device, information processing system, information processing method, and program | |
EP3282737B1 (en) | Information processing device, authentication device, system, information processing method, program, and authentication method | |
JP6223634B2 (ja) | 情報処理システム及び情報処理方法及び情報処理プログラム | |
JP6471698B2 (ja) | 情報処理装置、情報処理方法、プログラム、及びサーバ | |
WO2020090165A1 (ja) | 情報処理プログラム、情報処理装置および情報処理方法 | |
CN116633582A (zh) | 安全通信方法、装置、电子设备及存储介质 | |
WO2021039055A1 (ja) | 撮像装置、画像データ処理方法、プログラム | |
JP2015001817A (ja) | 情報処理装置、情報処理方法、及びプログラム | |
CN116756750A (zh) | 医疗敏感数据采集脱敏方法 | |
JP6288109B2 (ja) | カメラ端末装置、シンクライアントサーバ装置、カメラシステム、および制御方法 | |
JP2009218710A (ja) | 撮像装置、情報処理装置、撮像方法、及び情報処理方法 | |
EP2827537B1 (en) | Filtering messages containing illegally copied content out of a telecommunication network | |
WO2023141864A1 (zh) | 会议数据的传输方法、装置、系统、电子设备及可读介质 | |
JP2016103677A (ja) | 撮像装置、サーバ、及びシステム | |
CN114553594A (zh) | 保护数据安全的方法以及装置 | |
WO2016195060A1 (ja) | 画像処理システム、サーバ装置、サーバ装置の制御方法、及びプログラム | |
CN116566694A (zh) | 一种访问请求处理方法以及装置 | |
JP2011100250A (ja) | デジタルカメラ |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14881618 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015561164 Country of ref document: JP Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2014881618 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014881618 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15100419 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |