1. Field of the Invention
The present invention relates to a mobile terminal in which operational settings of various functions thereof can be set to be in unusable states, and a program and a method for preventing unauthorized use of a mobile terminal.
2. Related Art
Mobile terminals such as mobile phones, PHS (Personal Handyphone System), and PDA (Personal Digital Assistant) are now indispensable for realizing ubiquitous society as terminals for utilizing application services on networks including net banking, and as terminals to be used for actual business transactions using electronic money and the like.
Meanwhile, cases that mobile terminals are used in unauthorized states so that the users suffer from mental and economic damages are increasing. As such, mobile terminals are generally provided with various security functions for preventing unauthorized use.
Among various security functions of a mobile terminal, security functions for applications installed therein include a lock mechanism which sets manipulations from outside invalid so that the terminal becomes unusable, and security functions for applications of a mobile terminal for receiving network services include an access control through user authentication using such as an ID and a password.
Regarding a lock mechanism for an application installed in a mobile terminal, timing to lock an application varies. For instance, in the case of a foldable mobile phone, it is locked when the terminal is folded, and in the case of a terminal with a cover for protecting the keys, it is locked when the cover is closed. Further, there are a variety of terminal such as those being locked with operations by the user from a menu screen, those being locked when keys are pressed in a predetermined order, and those being locked automatically if no operation has been performed at the time when several ten seconds to several ten minutes elapsed, as it is determined that the mobile terminal is out of user's control. The locked state activated in this way will be unlocked by performing user authentication using a password and the like.
The procedures of an access control in network services are as follows. That is, a unique ID and a password for a user are transmitted from a mobile terminal to a server of the service provider side and are subjected to user authentication in the server. Upon completion of the user authentication, the server authorizes an access of the mobile terminal, and the mobile terminal logs into a service provided by the server. When the user terminates the use of the service, the connection between the mobile terminal and the server is disconnected, and the mobile terminal logs out. In an assumption that a period from login to logout is a “login state” and a state other than the “login state” is a “logout state”, the user can use application services on the network using the mobile terminal during the “login state”.
However, even in a mobile terminal with such a security mechanism, it is difficult to determine whether an access using the mobile terminal is performed by an authorized user or by an unauthorized third party in the “unlocked state” or in the “login state”. Therefore, the timing to start locking or logout is important in the aforementioned security mechanism.
If the user leaves the mobile terminal in the “login state”, a third party may use the service in an unauthorized state with the mobile terminal in the “login state”. In order to prevent such unauthorized use, there is an access control to network services, in which the “login state” will be forcibly logged out from the server on the side of providing the network service if no communication is made from the mobile terminal within a predetermined time period.
Further, a mobile terminal including an acceleration sensor or a pressure sensor and having a function of determining the used state thereof based on the observed value of the sensor to thereby start locking or logout according to the determination result is disclosed in International Patent Laid-Open Publication No. WO 2002/103497 (Patent Document 1), and Japanese Patent Laid-Open Publications No. 2007-13546 (Patent Document 2) and No. 2001-142849 (Patent Document 3).
Patent Document 1 discloses a configuration in which an acceleration sensor provided in a mobile terminal accumulates the travel distance of the mobile terminal to measure the cumulative travel distance, and when the cumulative travel distance reaches the reference value, the mobile terminal is locked. Patent Document 2 discloses a configuration in which a sensor provided to a mobile terminal determines an abnormal state of the mobile terminal, and an input by the input device of the mobile terminal is restricted when it is determined to be in an abnormal state. Patent Document 3 discloses a configuration in which a pressure sensor provided to a mobile terminal regularly measures the pressure by the user holding the terminal, and compares the measured pressure with the reference value which is the pressure measured at the time of user authentication so as to prevent unauthorized use of the mobile terminal.
In the above-mentioned security functions, although automatic lock and logout functions, including a lock function which is executed when no operation is performed within a certain time period as being determined that the user left the terminal, and a logout function which is executed forcibly when no communication is made to the server of the network service side for a certain period of time, are excellent for preventing unauthorized use by a third party, they involve a problem that a use by the authorized user may be inconvenient.
For example, in the case of making settlement using an IC card function incorporated in a terminal, even when the IC card function is unlocked, if the user is waiting for purchasing something and a predetermined time period elapses during the waiting time, the IC card function may be locked at the time for the settlement so that the user has to release the lock. There are also the cases that if the user is viewing the same page for a long time so that the predetermined time period elapses without any communication, it is logged out when the user attempts to view the next page, and that if the user is inputting a long message and when he/she attempts to send the message, it is logged out. As described above, the conventional automatic lock or logout function is not user friendly.