Systems, mobile terminals, servers, methods, and programs

The system autonomously adjusts IoT device operations based on location to comply with varying regulations, addressing user inconvenience and legal risks by implementing localized policy application.

JP2026109509APending Publication Date: 2026-07-01MIXI INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
MIXI INC
Filing Date
2025-06-24
Publication Date
2026-07-01

AI Technical Summary

Technical Problem

Existing IoT devices face challenges in efficiently and autonomously adapting their operations to comply with varying legal regulations across different countries, leading to cumbersome user setups and increased operational and legal risks.

Method used

A system comprising a mobile terminal and server that determines the device's location and applies corresponding operational policies, allowing the terminal to autonomously adjust data processing functions based on local regulations, with optional server-side or local storage-based policy retrieval.

Benefits of technology

Enables efficient and compliant operation of IoT devices across borders, reducing user burden, legal risks, and ensuring adherence to diverse regulations through automated policy application.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026109509000001_ABST
    Figure 2026109509000001_ABST
Patent Text Reader

Abstract

This invention provides a system, mobile terminal, server, method, and program for autonomously and efficiently controlling the operation of various functions in IoT devices in an environment where different laws and safety regulations exist in each country. [Solution] A system comprising a mobile terminal 10 and a server 20, wherein the mobile terminal includes an acquisition unit for acquiring the current location, a determination unit for determining the country, and a control unit for controlling data processing functions. The server includes a storage unit for storing territorial operational policies corresponding to the country. The control unit acquires the territorial operational policy corresponding to the country determined by the determination unit from the server and automatically controls the operation of the data processing functions according to that policy. The territorial operational policy can be configured as a rule set that defines conditions and actions in pairs, and the control unit can function as a policy enforcement engine that interprets, evaluates, and executes the policy, thereby flexibly and reliably responding to complex regulations.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present disclosure relates to a system, a mobile terminal, a server, a method, and a program for controlling the operation of IoT devices used across borders.

Background Art

[0002] In recent years, GPS terminals (hereinafter sometimes referred to as mobile terminals) for tracking children, the elderly, or goods have been widely used. When these mobile terminals are taken overseas and used, the legal regulations regarding data protection differ from country to country, as represented by the EU's General Data Protection Regulation (GDPR) and the US Children's Online Privacy Protection Act (COPPA).

[0003] Conventionally, in order to cope with such territorial legal regulations, it has been necessary for users to manually change the terminal settings every time they move to a different country, or for operators to prepare products with different specifications for each country. Such manual responses are cumbersome for users, and for operators, there are problems such as an increase in development and management costs and the risk of unintended violations of laws and regulations.

Prior Art Documents

Patent Documents

[0004]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0005] The present disclosure has been made in view of the above circumstances, and an object thereof is to provide a technology capable of autonomously and efficiently controlling the operation of various functions in IoT devices in an environment where there are different regulations and safety regulations, etc. for each country.

Means for Solving the Problems

[0006] To solve the above problems, one aspect of the present disclosure provides a system comprising a mobile terminal and a server capable of communicating with the mobile terminal, wherein the mobile terminal comprises an acquisition unit for acquiring its current location and a determination unit for determining a country based on the current location acquired by the acquisition unit, the server comprises a storage unit for storing a local operational policy corresponding to the country determined by the determination unit, and the mobile terminal further comprises a control unit for acquiring the local operational policy from the server and controlling the operation of a data processing function in accordance with the local operational policy. [Brief explanation of the drawing]

[0007] [Figure 1] This is an overview diagram showing the overall configuration of the system according to the first embodiment of this disclosure. [Figure 2] This is a block diagram showing the hardware configuration of a mobile terminal according to this embodiment. [Figure 3] This is a block diagram showing in detail the functional configuration of the mobile terminal according to this embodiment. [Figure 4] This block diagram shows the hardware configuration of the server according to this embodiment. [Figure 5] This block diagram shows the functional configuration of the server according to this embodiment in detail. [Figure 6] This figure shows an example of the data structure of the territorial operation policy according to this embodiment. [Figure 7] This figure shows an example of the structure of a territorial operational policy according to this embodiment. [Figure 8] This figure shows an example of the data structure of consent information according to this embodiment. [Figure 9] This figure shows an example of the consent settings screen for the parental application according to this embodiment. [Figure 10] This sequence diagram shows the basic flow of the automatic operation mode switching process according to this embodiment. [Figure 11] This sequence diagram shows the processing flow when offline and when country determination is not possible according to this embodiment. [Figure 12]This is a detailed functional block diagram of the operation mode determination unit according to this embodiment. [Figure 13] This is an overview diagram showing the overall configuration of the system relating to the second embodiment (drone) of this disclosure. [Figure 14] This figure shows an example of the user interface for the policy violation warning screen according to this embodiment. [Figure 15] This figure shows an example of the user interface for the audit trail display screen according to this embodiment. [Figure 16] This flowchart shows an example of the internal processing of the control unit according to this embodiment. [Modes for carrying out the invention]

[0008] The embodiments of this disclosure will be described in detail below with reference to the drawings. In each drawing, the same components are denoted by the same reference numerals, and redundant explanations are omitted. Furthermore, the elements of each embodiment can be combined as appropriate to the extent that they do not contradict the technical standards.

[0009] 《First Embodiment》

[0010] 《1. Overview of the entire system》 Figure 1 is an overview diagram showing the overall configuration of an automatic operating mode switching system 1 according to the first embodiment of this disclosure. This system 1 mainly comprises a mobile terminal 10 owned by a user and a server 20 that can communicate with the mobile terminal 10 via a network 100.

[0011] In the following description, the configuration in which the mobile terminal 10 communicates with the server 20 to obtain a policy will be mainly described, but the present disclosure is not limited to this. For example, the mobile terminal 10 may be configured to include a large-capacity storage means (for example, a non-volatile memory incorporated in a removable SIM card or SD card) that stores all the territorial operation policies of various countries in advance. In this case, the mobile terminal 10 reads out the policy corresponding to the determined country from its own storage means without communicating with an external server, and autonomously controls the operation of the data processing function. Such a configuration is particularly effective when used in an environment where network connection is not always guaranteed.

[0012] In this embodiment, the mobile terminal 10 is assumed to be a GPS tracking terminal used for monitoring children and the elderly, but is not limited thereto. For example, it may be any IoT device that has the possibility of moving across borders, such as a smartwatch, a smartphone, a drone, or an in-vehicle device mounted on a vehicle. The server 20 is composed of one or more server computers constructed in a cloud computing environment.

[0013] As a basic operation of the system 1, the mobile terminal 10 identifies its current position and determines the country where it is currently staying from the position information. Then, it inquires the server 20 about the territorial operation policy corresponding to the determined country and obtains it.

[0014] Note that the "local operation policy" referred to in this embodiment is a concept that encompasses all parameter sets for causing the operation of a mobile terminal in a specific geographical area (country, region, or around a specific facility, etc.) to conform to some rules (laws, regulations, safety rules in operation, etc.). For example, it is not limited in the sense of being restricted to a rule set based on a law regarding personal data privacy such as GDPR. As will be described later in the second embodiment, when the mobile terminal is a drone, this policy may be a flight control rule set for prohibiting or restricting flight around an airport. Also, when the mobile terminal is a connected car, this policy may be a traffic rule set for restricting the level of autonomous driving and the maximum speed in a specific urban area. Thus, this disclosure is applicable not only to the protection of data privacy but also to the automatic application of local operation rules aimed at ensuring physical safety and public interests.

[0015] The mobile terminal 10 automatically switches the operation mode of its own data processing functions (e.g., the recording accuracy of location information, the availability of acquiring voice data, the output limit of the motor, etc.) according to the acquired local operation policy. Thereby, without the user being aware, the operation of the mobile terminal 10 is always kept in a state conforming to local rules. Also, although omitted in FIG. 1, a terminal installed with a caregiver application described later can also be connected to the network.

[0016] 《2. Hardware Configuration》 Figure 2 is a block diagram showing the hardware configuration of the mobile terminal 10 according to this embodiment. The mobile terminal 10 comprises a processor 11, memory 12, storage 13, communication interface (I / F) 14, and positioning sensor 15. The processor 11 comprehensively controls the operation of the entire mobile terminal 10 by reading programs stored in the storage 13 into the memory 12 and executing them. The memory 12 is composed of RAM or the like and functions as a work area for the processor 11. The storage 13 is composed of non-volatile memory or the like and stores various programs and data, which will be described later. The communication I / F 14 is an interface for connecting to a network 100 such as a mobile phone network or Wi-Fi. The positioning sensor 15 is composed of a GPS receiver or the like and acquires its own latitude and longitude information.

[0017] Figure 4 is a block diagram showing the hardware configuration of the server 20 according to this embodiment. The server 20 includes a processor 21, memory 22, storage 23, and a communication interface (I / F) 24. Since these configurations are similar to those of a typical server computer, a detailed explanation is omitted.

[0018] 《3. Functional Block Configuration (Details)》 In the following description, we will primarily describe a configuration in which the mobile terminal 10 is equipped with a determination unit 40 for determining the country, but the arrangement of each functional unit in this disclosure is not limited to this. For example, in order to reduce the processing power and power consumption of the mobile terminal 10, it is also possible to implement all or part of the functions of the determination unit 40 for determining the country on the server 20 side. In this case, the acquisition unit 30 of the mobile terminal 10 transmits the current location to the server 20, the control unit 70 of the server 20 determines the country, and sends a policy corresponding to that country back to the mobile terminal 10. Thus, any configuration in which the entire system 1 determines the country according to the current location and controls the operation of the mobile terminal 10 based on the corresponding policy is included in the scope of this disclosure.

[0019] (modified version) Furthermore, as a configuration in which the server 20 performs the actual determination, the control unit 70 of the server 20 determines, based on the received current location information (latitude and longitude), which of the polygon data containing border information pre-stored in the storage unit 60 includes the current location, and based on that inclusion relationship, identifies the territorial operational policy associated with the polygon and transmits it to the mobile terminal 10. In this case, the system may not explicitly generate intermediate data such as "country name," but by linking the geographical area with the policy, it is essentially implementing the core technical concept of this disclosure, which is to "determine the country based on the current location and select the corresponding policy." Therefore, such a determination method using a geographic information system (GIS) is also one form of the configuration for "determining the country" in this disclosure.

[0020] (Functional configuration of mobile terminals) Figure 3 is a block diagram showing in detail the functional configuration of the mobile terminal 10 according to this embodiment. Functionally, the mobile terminal 10 comprises an acquisition unit 30, a determination unit 40, and a control unit 50. These functional units are realized by the processor 11 executing a predetermined program.

[0021] The acquisition unit 30 acquires information regarding the current location of the mobile terminal 10. Specifically, it not only directly acquires latitude and longitude information from the positioning sensor 15 (GPS receiver), but also has the function of acquiring auxiliary information that can be used to determine the current location, such as the location information of Wi-Fi access points and base station information of the mobile phone network (e.g., MCC (Mobile Country Code), MNC (Mobile Network Code)), via the communication I / F 14. This makes it possible to improve the accuracy of current location estimation even indoors where GPS signals are difficult to receive.

[0022] The determination unit 40 determines which country the mobile terminal 10 is currently in based on the current location acquired by the acquisition unit 30. First, the determination unit 40 makes a simplified determination of the country from the country code (MCC) included in the mobile phone network base station information acquired by the acquisition unit 30. If higher accuracy is required, it attempts a faster determination by referring to the border polygon data stored in the storage 13. If this local determination is difficult (e.g., near a border) or if further reliability is desired, it sends an HTTP request containing latitude and longitude information to an external reverse geocoding API server via the communication I / F 14 and extracts country information (e.g., "country_code": "JP") from the JSON data obtained as a response. This step-by-step determination process balances processing speed and accuracy.

[0023] In this specification, "determining a country" is not limited to processes that explicitly identify a country name such as "Japan" or "USA" from the acquired current location information. For example, it is a concept that encompasses a series of processes for identifying that the current location belongs to one of the countries and selecting a territorial operational policy associated with that country (or the region in which that country is included). Therefore, instead of directly outputting a country name, the determination unit 40 may be configured to output an identifier that can uniquely identify a country (e.g., an ISO 3166-1 alpha-2 code, or key information for identifying a policy on the server's database).

[0024] The control unit 50 is a higher-level functional concept that comprehensively controls the operation of the data processing functions in the mobile terminal 10. In this embodiment, the control unit 50 can be divided into more specific intermediate functional units: the policy management unit 51, the operation mode determination unit 52, and the device control unit 53.

[0025] (Variations relating to the mode of control) In the above embodiment, a configuration was described in which the control unit 50 interprets the policy received from the server 20 and determines the operating mode to be applied. However, the mode of control in this disclosure is not limited to this. For example, in another embodiment, the interpretation of the policy and the determination of the operating mode can be performed on the server 20 side. In this case, the server 20 generates a set of specific control commands to be executed (e.g., "Set the GPS sampling rate to 60 seconds," "Disable microphone input") based on the policy corresponding to the country information, and transmits this to the mobile terminal 10 as a form of "local operation policy." The control unit 50 of the mobile terminal 10 receives this set of control commands and controls the operation of the data processing function by executing them sequentially. In this way, even in a configuration in which the server side is the entity that interprets the policy, the mobile terminal obtains information on country-specific operation rules (in this case, a set of commands) from the server and changes its operation based on that information, so it is within the scope of the technical concept of this disclosure.

[0026] The policy management unit 51 is responsible for acquiring, updating, and managing local operational policies. Specifically, upon receiving a country change notification from the determination unit 40, it sends an API request to the server 20 using a secure protocol such as HTTPS to acquire the latest policy. At this time, it includes the version information of the policy it holds in the request and reduces the amount of communication by receiving only the differences. The acquired policy is also stored in the cache memory of the storage 13 along with its expiration date information to prepare for offline operation. Furthermore, it manages the most restrictive default policy that is pre-configured to prepare for cases where determination is not possible.

[0027] Figure 12 is a detailed functional block diagram of the operation mode determination unit 52 according to this embodiment. The operation mode determination unit 52 is the brain of the system, ultimately deciding which operation mode to apply. This decision is not uniform and based on a single source of information. As shown in Figure 12, the operation mode determination unit 52 includes a context input unit 521, an evaluation engine 522, and a mode output unit 523.

[0028] The context input unit 521 receives multiple pieces of information of different natures as input, including (a) "geographic context (the country of the current location)" from the determination unit 40, (b) "local operational policies to be applied" managed by the policy management unit 51, and (c) "the legal status of the user (for example, whether or not parental consent is obtained, and the age requirements for which that consent is valid)" obtained from the consent information database 62 of the server 20 (if necessary).

[0029] The evaluation engine 522 comprehensively evaluates multiple pieces of information received from the context input unit 521. Internally, it includes a rule comparison unit 522a that compares and verifies the set of rules described in the local operational policy with the user's status. For example, if the current location is Germany (geographic context) and the policy stipulates that "special parental consent is required to obtain data from users under 16 years old," the rule comparison unit 522a makes a multi-layered decision to balance compliance and convenience, based on the information obtained from the server that "the user's status is '15 years old, with parental consent'," such as "disabling the voice recording function, but maintaining a medium level of location information recording accuracy."

[0030] The mode output unit 523 determines and outputs a specific operating mode (e.g., "Privacy Protection Mode (High)", "Standard Mode", etc.) that the device control unit 53 should execute, based on the judgment result of the evaluation engine 522. This complex judgment has a significant effect in maximizing user benefits within legally permissible limits, compared to simply imposing uniform restrictions on a country-by-country basis.

[0031] The device control unit 53 is an implementation mechanism that reflects the operating mode determined by the operating mode determination unit 52 to the physical device functions. Specifically, when it receives a "privacy protection mode (high)" instruction from the operating mode determination unit 52, it issues several control commands to the OS kernel and drivers, such as "change the positioning accuracy of the positioning sensor 15 to low (e.g., positioning interval to 10 minutes)", "disable access permission to the microphone device", and "execute a task to delete location information logs in storage 13 that are older than 7 days".

[0032] (Variations concerning indirect control) Furthermore, “control” in this disclosure is not limited to direct modification of data processing functions as described above. The concept of “control” in this disclosure also includes indirect, but substantially effective, ways of making the operation of data processing functions compliant with policies through user actions.

[0033] For example, after acquiring a localized operational policy, the control unit 50 may notify the user of a change in the operating mode required by that policy (e.g., disabling a specific function) and display a user interface requesting consent to the change. In this case, the control unit 50 can strongly encourage or effectively enforce compliance with the policy by restricting the use of all or part of the other functions of the mobile terminal 10 or by continuously displaying a warning display as shown in Figure 14, which will be described later, until the user performs an operation compliant with the policy (e.g., pressing the consent button).

[0034] This series of processes, which guides user choices toward policy-compliant directions through user interface display control and ultimately aligns the operation of data processing functions with the policy's content, is, when viewed as a whole, nothing more than "controlling the operation of data processing functions in accordance with local operational policies."

[0035] 《4. Compliance Certification Function》 In another embodiment of this disclosure, the control unit 50 may be configured to generate an audit trail to retrospectively prove the validity of a decision when applying a local operational policy to change the operating mode of a data processing function, and to record it in the storage unit 13 in a tamper-proof format. This audit trail may include, for example, the following information, associated with a timestamp and location information. Event type: (Example: Automatic policy application) Applied policy information: (Example: Policy ID=DE-v1.2, Version=1.2) Contextual information that formed the basis of the decision: (Example: Country code = DEU, GPS coordinates = (xx, yy), Parental consent status = True) Control details: (Example: Change the parameter "Audio Data Collection" to "Disabled")

[0036] This configuration for recording audit trails can not only be used for debugging and auditing the system, but can also function as crucial legal evidence to objectively prove that the system was operating properly in accordance with local operational policies, in the face of information disclosure requests from regulatory authorities and litigation risks. This goes beyond simply solving the technical challenge of controlling the functionality of IoT devices, and provides a significant effect not found in conventional technologies: technically guaranteeing the operator's compliance obligations (accountability). This audit trail can be viewed on a screen like the one shown in Figure 15, which will be described later.

[0037] (Server Functional Configuration) Figure 5 is a block diagram showing in detail the functional configuration of the server 20 according to this embodiment. Functionally, the server 20 comprises a storage unit 60 and a control unit 70.

[0038] The memory unit 60 is implemented using the storage 23 and stores a policy database 61 that stores local operational policies for each country, a consent information database 62 that stores user consent information, and the like.

[0039] The control unit 70 is realized when the processor 21 executes a predetermined program. In response to a request from the mobile terminal 10, the control unit 70 extracts appropriate local operational policies and consent information from the storage unit 60 and transmits them to the mobile terminal 10.

[0040] 《5. Data Structure》 Figure 6 shows an example of the data structure of a localized operational policy stored in the policy database 61. A localized operational policy 400 includes a country code 401, a policy version 402, and several parameters 403. Parameters 403 include, for example, location accuracy (e.g., high, medium, low), voice function enablement (e.g., ON / OFF), and data retention period (e.g., 30 days). For example, in a policy for the United States, where privacy regulations are relatively strict, the data retention period on server 20 is set to "7 days" for parameter 403. On the other hand, in a policy for Japan, a longer value of "180 days" is set, and so on, with different values ​​set according to the requirements of each country.

[0041] Figure 8 shows an example of the data structure of consent information stored in the consent information database 62. The consent information 500 includes account ID 501, consent type 502 (e.g., parental consent), consent status 503 (e.g., yes / no), etc.

[0042] 《6. User Interface》 This system provides various user interfaces to support users' compliance and ensure transparency.

[0043] (Consent setting screen) Figure 9 shows an example of the consent setting screen 600 for the parental control application in this embodiment. This screen is displayed on a dedicated application installed on a smartphone or other device owned by the parent.

[0044] Screen 600 displays information 601 about the mobile terminal 10 being managed. Below this is a privacy consent setting area 602, which lists functional items that may require consent due to legal regulations (e.g., "collection of voice data," "storage of detailed movement history"). Each item displays a toggle switch 603 indicating whether consent is given and a detailed description 604 of the function. When a parent operates the toggle switch 603, the application sends a request to the server 20 and updates the consent status 503 in the consent information database 62 (see Figure 8). This information is used as a basis for the decision made by the aforementioned operation mode determination unit 52.

[0045] (Policy violation warning screen) Figure 14 shows an example of the user interface of the policy violation warning screen 1100 according to this embodiment. This screen is displayed, for example, when a user manually attempts to make a setting that violates the local operational policy for their current location. The screen displays a warning icon 1101 along with a message 1102 that specifically indicates the nature of the violation (e.g., "In the country you are currently in (France), the collection of voice data is not permitted for privacy reasons."). It also displays a button 1103 ("Restore Settings") to automatically revert the settings to a compliant state and a button 1104 ("Cancel") to cancel the operation, preventing the user from unintentionally violating the law.

[0046] (Audit trail display screen) This screen (Figure 15) is used by parents and businesses to check the operating history of mobile devices. Providing this screen not only ensures transparency of information but also aims to significantly improve the user experience (UX). For example, without this screen, users would have had to resort to cumbersome methods such as contacting customer support to resolve questions or concerns such as whether their device properly complied with local regulations while they were abroad.

[0047] This screen (Figure 15) allows users to easily check the system's operation history as objective facts in simple language at any time they wish, completely eliminating the time and psychological burden associated with making such inquiries. As a result, users can clearly understand and accept the processes the system automatically performs, leading to a significant increase in their trust in the product / service and their sense of control.

[0048] 《7. Processing Flow (Details)》 7.1. Basic Processing Flow (Online) Figure 10 is a sequence diagram showing the basic flow of the automatic operation mode switching process according to this embodiment. This shows the normal processing flow when the mobile terminal 10 is online.

[0049] The acquisition unit 30 of the mobile terminal 10 periodically acquires the current location (step S10).

[0050] The determination unit 40 determines the country from the current location and detects a change in country by comparing it with the previous determination result (step S20). Upon detecting a change in country, the policy management unit 51 in the control unit 50 sends a policy retrieval request to the server 20 using HTTPS, which includes the determined country code (e.g., "FR") and the cached policy version information (e.g., "FR_v1.1") (step S30).

[0051] Based on the received request, the control unit 70 of the server 20 refers to the policy database 61 and compares the latest version of the policy corresponding to the country code "FR" (e.g., "FR_v1.2") with the received version "FR_v1.1" (step S40). If the server-side policy is newer, it sends the latest local operational policy (FR_v1.2) to the mobile terminal 10 (step S50).

[0052] The control unit 50 (policy management unit 51) of the mobile terminal 10 receives the latest local operation policy and updates the cache in the storage 13 (step S60). Then, the operation mode determination unit 52 determines the operation mode to be applied based on the new policy and, if necessary, consent information obtained from the server. Finally, the device control unit 53 executes the operation of the data processing function (e.g., disabling the voice recording function) according to the determined operation mode (step S70).

[0053] 7.2. Processing flow when offline or when country determination is not possible Figure 11 is a sequence diagram showing the processing flow when offline and when country determination is not possible.

[0054] (Scenario 1: Offline) After detecting a change in country (S20), the terminal attempts to send a policy retrieval request to the server 20, but fails to establish communication (Step S35: Request Timeout). In this case, the control unit 50 (policy management unit 51) of the terminal 10 switches processing from communication with the server to accessing the internal cache memory (Step S36: Cache Search). If a policy corresponding to the determined country and within its expiration date exists in the cache, the cached policy is applied to control the operating mode (Step S37: Cache Policy Application). If only expired policies exist, the default policy described below is applied.

[0055] (Scenario 2: When country cannot be determined) Although the acquisition unit 30 successfully acquires location information (S10), the determination unit 40 is unable to identify the country for reasons such as a weak GPS signal and inability to acquire information from a mobile phone network base station, and this condition is met for a predetermined period (e.g., lasting for 5 minutes) (Step S25: Unable to determine). In this case, the control unit 50 (policy management unit 51) does not communicate and reads the most restrictive default policy pre-stored in the storage 13 (e.g., a mode that stops all acquisition, recording, and transmission of personally identifiable information) (Step S26: Default policy applied). Then, in accordance with that default policy, it switches to a safe mode, such as temporarily stopping data acquisition.

[0056] (Second embodiment) Next, a second embodiment of the present disclosure will be described. In this embodiment, it is assumed that the mobile terminal is an autonomously flying drone. Components common to the first embodiment are denoted by the same reference numerals and their descriptions are omitted.

[0057] Figure 13 is an overview diagram showing the overall configuration of System 2 according to this embodiment. System 2 comprises a drone 10A as a mobile terminal and a control server 20A that can communicate via the network 100. The drone 10A includes an acquisition unit 30, a determination unit 40, and a control unit 50, similar to the mobile terminal 10 of the first embodiment. The control server 20A includes a storage unit 60 and a control unit 70, similar to the server 20.

[0058] In this embodiment, the local operational policy stored in the memory unit 60 includes physical safety regulations based on national aviation laws and local ordinances, in addition to data privacy regulations. Specifically, it includes parameters such as polygon data of no-fly zones around airports and critical facilities, maximum altitude restrictions over urban areas, and restrictions on flight times at night or during specific events.

[0059] The determination unit 40 of the drone 10A determines whether its current position is within a specific geographical area defined by the local operational policy (e.g., within a no-fly zone polygon). The control unit 50 directly controls the physical operation of the drone 10A according to the policy. For example, if the drone 10A approaches a no-fly zone, the control unit 50, via the device control unit 53, limits the output of the propulsion motors to prevent intrusion or automatically lands the drone on the spot. Also, if the drone exceeds the altitude limit defined by the policy over an urban area, the control unit 50 controls the motors to automatically lower its altitude.

[0060] Thus, this disclosure is applicable not only to the control of data processing functions but also to systems that autonomously ensure the physical movement of moving objects conforms to local safety regulations, thus possessing an extremely broad technical scope.

[0061] (8. Conceptual extensions and variations of constituent elements) (Extensions regarding territorial operational policies) The "territorial operation policy" (reference numeral 400) described in the above embodiment is not limited to a mere list of parameters (see Figure 6). More broadly, it can be understood as structured rule information that defines one or more conditions for the operation or mode of operation of a mobile terminal.

[0062] For example, in a more advanced embodiment, a localized operational policy may be configured as a rule set that defines pairs of one or more "Conditions" and one or more "Actions" that are applied when those conditions are met. Figure 7 shows a specific example of the data structure of a localized operational policy configured as such a rule set, in JSON format. This policy 450 consists of a metadata section 451 that manages the entire policy and a rule set section 452 that stores multiple rules 453. The metadata section 451 includes an ID that uniquely identifies the policy, a version, a target country code, an expiration date, etc. Each rule 453 in the rule set section 452 has a condition block 454 and an action block 455. The condition block 454 defines the condition to be evaluated (e.g., "User is under 16 years old") and a logical operator for combining multiple conditions (e.g., "AND"). The action block 455 defines the control to be executed when the condition is met (e.g., "Disable voice recording function").

[0063] By using this rule set-based policy format, it becomes possible to flexibly implement more complex and dynamic control, such as "disabling specific functions only during specific time periods and within specific areas." Furthermore, the data format for this policy is not limited to JSON; any format capable of describing structured data, such as XML or YAML, can be used.

[0064] (Extensions related to the control unit) Similarly, the "control unit" (reference numeral 50) in the above embodiment can also take on a variety of specific implementation forms. More broadly, it can be generalized as a function state change module that changes the operating state of one or more functions of a mobile terminal based on predetermined rule information (territorial operation policy).

[0065] In a more advanced embodiment, the control unit 50 may be configured as a Policy Enforcement Engine in which the components (51, 52, 53) shown in Figure 3 work in close coordination. Figure 16 is a flowchart showing an example of the internal processing of the control unit 50 as this Policy Enforcement Engine. First, when the policy management unit 51 receives a new policy (step S80), the policy parser in the control unit analyzes its syntax and extracts a rule set (step S81). Next, the context evaluation unit obtains the current terminal context (current location, time, user status, etc.) based on the positioning sensor 15, internal clock, consent information obtained from the server 20, etc. (step S82). Subsequently, the evaluation engine 522 enters a loop to sequentially evaluate each rule in the policy (step S83). For each rule, it is determined whether its condition matches the current context (step S84). If it matches the current context (Yes), the corresponding action is added to the application list (step S85). If there is no match (No), no action is added for that rule, and the process proceeds to the determination in step S86. It is determined whether the evaluation of all rules has been completed (step S86), and if not (No), the process returns to step S84 to evaluate the next rule in the list. If the evaluation of all rules has been completed (Yes), the execution unit generates the device control command to be executed based on the actions in the application list (step S87). In this case, if multiple actions conflict, arbitration is performed based on the priority defined in the policy. Finally, the device control unit 53 executes the generated command in the form of an OS API call or issuing a command to the driver (step S88).

[0066] This configuration makes it possible to consistently and reliably reflect even complex policies in the operation of the device. It goes without saying that, in addition to the rule-based evaluation shown in this flowchart, various other technologies such as decision trees, scoring models, or pre-trained machine learning models can be applied as variations of the evaluation algorithm in the operation mode determination unit 52.

[0067] This disclosure describes how a computer called a mobile terminal 10 (10A) can autonomously control its operation in accordance with external conditions (the country or specific area of ​​the current location) and corresponding legal and safety regulations (territorial operational policies). This frees the computer from cumbersome tasks that were previously performed manually by humans, such as changing country-specific settings and checking flight plans. This directly improves the computer's functionality, enabling more reliable information processing and physical operation, and significantly enhances user convenience and safety by eliminating the need for operation via a user interface and guiding safe operation.

[0068] [Note]

[0069] [Issues corresponding to Appendix 1] To provide a basic client-server system configuration to solve the above-mentioned general problems. [Note 1] A system comprising a mobile terminal and a server capable of communicating with the mobile terminal, wherein the mobile terminal comprises an acquisition unit for acquiring its current location and a determination unit for determining a country based on the current location acquired by the acquisition unit, the server comprises a storage unit for storing a territorial operational policy corresponding to the country determined by the determination unit, and the mobile terminal further comprises a control unit for acquiring the territorial operational policy from the server and controlling the operation of a data processing function in accordance with the territorial operational policy. (Effects of Appendix 1) By having the mobile terminal determine its current country of location, retrieve the corresponding policy from the server, and control its operation, autonomous compliance with regulations becomes possible, enabling efficient function control. More specifically, according to this disclosure, in environments where different laws and security regulations exist in each country, the operation of various functions in IoT devices can be controlled autonomously and efficiently. Furthermore, this disclosure brings the following significant benefits to users, especially parents and guardians who use the device overseas: (1) Even if users do not have expertise in the complex data protection laws and security regulations of the country or region they are traveling to (e.g., the EU's General Data Protection Regulation (GDPR)), the device will automatically comply with local regulations, freeing them from the psychological burden of "unintentionally violating laws" and the vague anxiety of "personal data being handled inappropriately." (2) As a result, users are not only freed from cumbersome setup operations and prior research, but also gain a high level of confidence and peace of mind in the product and service, allowing them to concentrate on their original activities such as overseas travel and business trips. As a result, this disclosure will significantly improve the user experience (UX) and dramatically increase customer satisfaction with the product and service.

[0070] [Issues corresponding to Appendix 2] Maintain system continuity and compliance even when communication with the server is impossible. [Note 2] A system as described in any of the above appendices, wherein the mobile terminal further comprises a cache memory for temporarily storing the local operational policy, and the control unit controls the operation of the data processing function using the local operational policy stored in the cache memory when it is unable to obtain the local operational policy from the server. (Effects due to Appendix 2) Because policies acquired in the past can be applied even when offline, the continuity of compliance is improved.

[0071] [Issues corresponding to Appendix 3] Minimizing legal and security risks in uncertain situations where the current location cannot be determined. [Note 3] A system as described in any of the above appendices, wherein the mobile terminal further stores a predetermined most restrictive default policy, and the control unit applies the default policy when the determination unit is unable to determine the country. (Effects of Appendix 3) Because it operates in the safest mode when a determination cannot be made, the system's reliability is improved and the operator's risk is reduced.

[0072] [Issues corresponding to Appendix 4] Rather than imposing uniform restrictions, the goal is to provide the maximum possible functionality within the legally permissible limits, tailored to the individual circumstances of each user. [Note 4] A system as described in any of the above appendices, wherein the storage unit of the server further stores user consent information, and the control unit of the mobile terminal controls the operation of the data processing function based on the country's determination result by the determination unit and the consent information obtained from the server. (Effects of Appendix 4) By evaluating multiple contexts, such as geographical information and user consent information, more sophisticated and flexible control becomes possible, improving user convenience.

[0073] [Issues corresponding to Appendix 5] Clearly define the specific behavior of the functions controlled by the policy. [Note 5] A system as described in any of the above appendices, wherein the local operational policy includes parameters relating to at least one of the accuracy of location information, the effectiveness of voice functions, and the data retention period. (Effects of Appendix 5) Examples of the functions to be controlled become clear, and specific embodiments of the invention are protected.

[0074] [Issues corresponding to Appendix 6] To clarify the specific technical means for determining a country. [Note 6] A system as described in any of the above appendices, wherein the determination unit determines the country based on GPS positioning information or mobile phone network base station information. (Effects of Appendix 6) The national criteria for determining whether an invention is feasible will be made clearer.

[0075] [Issues corresponding to Appendix 7] Define the specific challenges regarding territorial operational policies and address these challenges. [Note 7] A system as described in any of the above appendices, wherein the local operational policy includes information relating to at least one of privacy regulations relating to the protection of personal data or security regulations relating to the physical movement of a mobile entity. (Effects of Appendix 7) By defining the challenges more specifically regarding territorial operational policies, it becomes possible to address specific issues.

[0076] [Issues corresponding to Appendix 8] To provide a standalone mobile terminal that does not require communication with a server. [Note 8] A mobile terminal comprising: an acquisition unit for acquiring the current location; a determination unit for determining a country based on the current location acquired by the acquisition unit; a storage unit for storing a territorial operational policy corresponding to the country; and a control unit for acquiring the territorial operational policy corresponding to the country determined by the determination unit from the storage unit and controlling the operation of a data processing function in accordance with the policy. (Effects of Appendix 8) This allows for the enforcement of rights even against standalone products, preventing circumvention designs.

[0077] [Issues corresponding to Appendix 9] To establish an invention that is valid for a single server that constitutes a system. [Note 9] A server comprising: a storage unit capable of communicating with a mobile terminal and storing a localized operational policy corresponding to a country; and a control unit that, in response to a request from the mobile terminal, transmits the localized operational policy stored in the storage unit to the mobile terminal. (Effects of Appendix 9) This will allow users to directly exercise their rights against cloud service providers and other entities that offer the system.

[0078] [Issues corresponding to Appendix 10] To protect an invention as a method. [Note 10] A method performed by a computer, comprising the steps of: obtaining a current location; determining a country based on the obtained current location; obtaining a territorial operational policy from a server corresponding to the determined country; and controlling the operation of a data processing function in accordance with the obtained territorial operational policy. (Effects of Appendix 10) The right to exercise rights becomes possible against the act of using that method.

[0079] [Issues corresponding to Appendix 11] Protecting inventions as programs. [Note 11] A program for causing a computer to function as an acquisition unit that acquires the current location, a determination unit that determines the country based on the current location acquired by the acquisition unit, and a control unit that acquires a territorial operational policy from a server corresponding to the country determined by the determination unit and controls the operation of data processing functions in accordance with the territorial operational policy. (Effects of Appendix 11) This allows for the exercise of rights against the sale of recording media containing the program and its distribution via networks.

[0080] [Issues corresponding to Appendix 12] To provide a system with a different architecture where country determination processing is performed on the server side. [Note 12] A system comprising a mobile terminal and a server capable of communicating with the mobile terminal, wherein the mobile terminal comprises an acquisition unit for acquiring its current location and a transmission unit for transmitting the current location acquired by the acquisition unit to the server, the server comprises a determination unit for determining a country based on the current location received from the mobile terminal and a storage unit for storing a territorial operational policy corresponding to the country determined by the determination unit, and the mobile terminal further comprises a control unit for acquiring the territorial operational policy from the server and controlling the operation of a data processing function in accordance with the policy. (Effects of Appendix 12) This clarifies that the regulations include both data privacy and physical security, thereby preventing disputes over interpretation.

[0081] [Issues corresponding to Appendix 13] To protect methods of indirectly controlling functions through user actions. [Note 13] A system according to claim 1, wherein the control unit controls the display of a user interface that prompts the user to change the operation of the data processing function in accordance with the local operational policy. (Effects of Appendix 13) This allows for the exercise of rights not only against direct automatic control but also against indirect control systems that prompt users to take action through UI displays, thereby preventing circumvention designs.

[0082] [Note: Contribution to key KPIs] [Issues related to the appendix] To clearly demonstrate how the present invention can contribute to key performance indicators (KPIs) of specific products and services, and to show its business value. [Contents of the supplement] The system according to the present invention is expected to contribute to the improvement of the following key KPIs (Key Performance Indicators) of the products and services provided (especially services that are based on continuous use, such as monthly subscriptions) by reducing the psychological burden on users and fostering trust and a sense of security in the products and services. (1) Improvement of user retention and reduction of churn rate: Negative experiences such as "difficulty in setup" or "uncertainty about compliance with laws and regulations" in critical usage scenarios for users, such as cross-border travel, can be major triggers for service cancellation. This invention prevents such negative experiences and instead provides a positive success experience of "automatic optimization without any effort," thereby deepening trust in the product / service and creating a powerful lock-in effect that encourages long-term continued use. (2) Improving customer satisfaction (CSAT) and net promoter score (NPS): The experience of users confidently delegating complex regulatory compliance, which is outside their area of ​​expertise, to a system significantly improves overall satisfaction with the product or service. This leads to maintaining a high CSAT score, increasing NPS (Net Promoter Score), and is expected to contribute to acquiring new customers through positive word-of-mouth. (3) Reduce customer acquisition costs (CAC): In addition to the improvement in NPS mentioned above, the clear benefit of being "safe to use overseas" becomes a strong differentiating factor in product and service marketing. This is expected to reduce reliance on advertising, promote organic growth, and ultimately lower the cost of acquiring each customer. [Effects of the added note] As described above, by demonstrating the specific potential contribution to key KPIs, it is possible to clearly show that the introduction of this invention is not merely an addition of a single function, but rather an extremely important investment that directly contributes to achieving the business objectives of the product and service. [Explanation of Symbols]

[0083] 1, 2... System 10…Mobile terminals 10A... Drone (mobile terminal) 11, 21… Processor 12, 22...memory 13, 23… Storage 14, 24…Communication I / F 15…Positioning sensor 20... Server 20A... Control Server 30…Acquisition part 40…Judgment section 50…Control Unit 51…Policy Management Department 52...Operation mode determination unit 521...Context input section 522…Evaluation Engine 522a...Rule comparison section 523...Mode output section 53…Device Control Unit 60...Storage section 61…Policy Database 62…Consent Information Database 70... Control Unit 100…Network 400… Territorial operational policy 401... Country code 402…Policy Version 403...Parameters 450... Territorial operation policy (structure example) 451…Metadata section 452...Rule Set Section 453... Rules 454...Conditional block 455… Action Block 500…Consent information 501…Account ID 502...Type of consent 503... Agreement Status 600…Consent setting screen 601… Terminal Information 602...Privacy consent setting area 603...Toggle switch 604...Description 1100...Policy Violation Warning Screen 1101…Warning icon 1102...Message 1103, 1104… buttons 1200... Audit trail display screen 1201... List 1202… Date and time 1203...Event details 1204…Policy Information 1205…Details

Claims

1. A system comprising a mobile terminal and a server capable of communicating with the mobile terminal, The aforementioned mobile terminal is A unit that obtains the current location, A determination unit that determines the country based on the current location acquired by the acquisition unit, Equipped with, The aforementioned server, The system includes a storage unit that stores the territorial operational policy corresponding to the country determined by the determination unit, The aforementioned mobile terminal is The system further includes a control unit that acquires the localized operational policy from the server and controls the operation of the data processing function in accordance with the localized operational policy. system.

2. The system according to claim 1, The mobile terminal further comprises a cache memory for temporarily storing the localized operational policy, If the control unit cannot obtain the local operation policy from the server, it controls the operation of the data processing function using the local operation policy stored in the cache memory. system.

3. The system according to claim 1, The aforementioned mobile terminal further stores the most restrictive default policy predetermined, The control unit applies the default policy when the determination unit is unable to determine the country. system.

4. The system according to claim 1, The storage unit of the aforementioned server further stores user consent information, The control unit of the mobile terminal controls the operation of the data processing function based on the country's determination result by the determination unit and the consent information obtained from the server. system.

5. The system according to claim 1, The aforementioned localized operational policy includes parameters relating to at least one of the accuracy of location information, the effectiveness of voice functions, and the data retention period. system.

6. The system according to claim 1, The determination unit determines the country based on GPS positioning information or mobile phone network base station information. system.

7. The system according to claim 1, The aforementioned local operational policy includes information relating to at least one of the privacy regulations concerning the protection of personal data or the security regulations restricting the physical movement of mobile entities. system.

8. A unit that obtains the current location, A determination unit that determines the country based on the current location acquired by the acquisition unit, A memory unit that stores local operational policies corresponding to each country, A control unit which obtains the territorial operational policy corresponding to the country determined by the determination unit from the storage unit and controls the operation of the data processing function in accordance with the policy, A mobile terminal equipped with [a specific feature / feature].

9. It is capable of communicating with mobile terminals and has a memory unit that stores a territorial operational policy corresponding to a country, A control unit that, in response to a request from the mobile terminal, transmits the local operational policy stored in the storage unit to the mobile terminal, A server equipped with the following features.

10. A method performed by a computer, Steps to obtain the current location, The steps include: determining the country based on the current location obtained above, The steps include obtaining the territorial operational policy corresponding to the country determined above from the server, The steps include controlling the operation of the data processing function in accordance with the acquired local operational policy, A method that includes this.

11. Computers, Acquisition unit to obtain current location, A determination unit that determines the country based on the current location acquired by the acquisition unit. A control unit obtains a territorial operational policy from the server corresponding to the country determined by the determination unit, and controls the operation of the data processing function in accordance with the said territorial operational policy. A program designed to function as such.

12. A system comprising a mobile terminal and a server capable of communicating with the mobile terminal, The aforementioned mobile terminal is A unit that obtains the current location, A transmission unit that transmits the current location acquired by the acquisition unit to the server, Equipped with, The aforementioned server, A determination unit that determines the country based on the current location received from the mobile terminal, A storage unit that stores the local operational policy corresponding to the country determined by the determination unit, Equipped with, The aforementioned mobile terminal is The system further includes a control unit that acquires the local operational policy from the server and controls the operation of the data processing function in accordance with the policy. system.

13. The system according to claim 1, The control unit controls the display of a user interface that prompts the user to change the operation of the data processing function in accordance with the local operational policy. system.