JP7219116B2 - Server device, information processing method and information processing program - Google Patents

Description

The present invention relates to technology for processing access via an SSID (Service Set Identifier).

In portable terminal devices (mobile terminals), certificate authentication at the time of wireless LAN connection is increasing. This certificate has an expiration date, and when the expiration date passes, it becomes invalid and various services cannot be used, and it takes time and effort to reissue it. Therefore, it is required to renew the certificate within the expiration date.
At the same time, with the spread of free Wi-Fi spots, the number of SSIDs whose safety cannot be confirmed is increasing, so the number of certificate renewal requests from SSIDs whose safety cannot be confirmed is increasing.
The SSID is a service provider of wireless LAN connection. One SSID may serve multiple access points. For example, if a convenience store chain is SSID, wireless LAN access points may be provided at stores of the convenience store chain throughout Japan.

FIG. 16 shows a configuration example of a conventional certificate renewal system.
A conventional certificate renewal system comprises a server device 1000, a terminal device 201, a terminal device 202, an access point 301, an access point 302, and the Internet 400, as shown in FIG.

The server apparatus 1000 confirms the SSID information together with the issued certificate, terminal unique information (MAC (Media Access Control) address, UDID (Unique Device Identifier), etc.). Server device 1000 is permitted to update a certificate, that is, permits a certificate update request from a secure SSID. On the other hand, it rejects a certificate update request from an SSID for which certificate update is not permitted, that is, from an unsecured SSID. A “secure SSID” is an SSID with no security risk. In other words, there is no fear of eavesdropping, falsification, etc. when using a "secure SSID". On the other hand, an “unsecure SSID” is an SSID with security risks. In other words, there is a risk of eavesdropping, tampering, etc. when using an “unsafe SSID”.
In the example of FIG. 16, the access point 301 is a secure SSID access point for which certificate update is permitted. The terminal device 201 transmits a certificate update request 501 to the server device 1000 via the access point 301 .
Since the certificate update request 501 is sent via the access point 301, the server device 1000 permits the certificate update. The server device 1000 then transmits the updated certificate 502 to the terminal device 201 via the access point 301 .
On the other hand, access point 302 is an access point with an insecure SSID that does not allow certificate updates. The terminal device 202 transmits a certificate renewal request 501 to the server device 1000 via the access point 302 .
The server device 1000 rejects the certificate update because the certificate update request 501 is sent via the access point 302 . The server device 1000 then transmits an update rejection notification 503 to the terminal device 202 via the access point 302 . The update refusal notification 503 is a message notifying that the update of the certificate is rejected.
In this way, the conventional certificate renewal system rejects a certificate renewal request using an SSID for which certificate renewal is not permitted.

In addition, there is a technique described in Patent Document 1 as another technique related to issuance of a certificate via an SSID.

JP 2016-187117 A

As described above, the conventional certificate renewal system illustrated in FIG. 16 rejects a certificate renewal request using an SSID for which certificate renewal is not permitted.
However, since the conventional certificate renewal system only refuses to renew the certificate, there is a problem that it becomes difficult to renew the certificate when the expiration date of the certificate is imminent. Also, if an access point with an SSID for which certificate update is permitted exists near the current location of the terminal device 202, the certificate can be updated by using that access point. If it does not exist nearby, the certificate cannot be renewed.
Also, the user of the terminal device 202 needs to check which SSID is the SSID for which certificate update is permitted. Also, the user of the terminal device 202 needs to find out where the access point of the SSID for which certificate update is permitted is located. As described above, the conventional certificate renewal system forces the user to conduct such an investigation, which is inconvenient.

A main object of the present invention is to solve the problems described above.
More specifically, the main object of the present invention is to enable a terminal device to use a secure SSID as early as possible even when the terminal device is using an unsecured SSID.

A server device according to the present invention includes:
When there is access from a terminal device using an SSID (Service Set Identifier), it is checked whether or not the access use SSID, which is the SSID used for the access, is registered in a blacklist in which unsafe SSIDs are registered. an SSID determination unit that determines
An SSID that is confirmed to be safe and that exists within a prescribed range from the location of the terminal device when the SSID determination unit determines that the access use SSID is registered in the blacklist. and the access point of the presumed safe SSID that is an SSID that is presumed to be safe, and notifies the access point of the SSID obtained by the search to the terminal device. and an SSID search unit.

The SSID search unit is
As a result of the search, if neither the access point of the safety-confirmed SSID nor the access point of the presumed safety SSID exists within the prescribed range from the location of the terminal device, the Either the access point of the safety confirmed SSID or the access point of the presumed safety SSID is searched.

The SSID search unit is
If the access point of the safety-confirmed SSID is obtained by searching, the access point of the safety-confirmed SSID is notified to the terminal device, and if the access point of the safety-confirmed SSID is not obtained by the search, the presumed safety SSID is When the access point is obtained, the access point of the presumed safe SSID is notified to the terminal device.

The SSID search unit is
If access points with multiple safety confirmation SSIDs are obtained by searching, encryption strength of the encryption method used by each safety confirmation SSID, average connection time of each safety confirmation SSID, average connection time of each safety confirmation SSID, and selecting a safety confirmation SSID that notifies the terminal device of the access point based on at least one of the number of connections of each safety confirmation SSID,
When access points of multiple presumed-safe SSIDs are obtained by searching, from among the plurality of presumed-safe SSIDs, the encryption strength of the encryption method used by each presumed-safe SSID, the average connection time of each presumed-safe SSID, and at least one of the number of connections of each presumed safety SSID as a reference, the presumed safety SSID that notifies the terminal device of the access point is selected.

The server device
a storage unit that stores access point location information indicating the location of an access point for each SSID;
The SSID determination unit
When there is an access from the terminal device using the access use SSID, the location of the terminal device is indicated, and an SSID other than the access use SSID where access points are located around the terminal device. obtaining surrounding SSID information in which the SSID is indicated;
referring to the access point location information and extracting SSIDs in which access points exist around the location of the terminal device as verification SSIDs;
Analyze the matching status between the surrounding SSID and the verification SSID.

The SSID search unit is
When the SSID determination unit determines that the coincidence rate between the surrounding SSID and the verified SSID is less than a threshold value, one of the safety confirmation SSID and the safety presumed SSID is searched.

A server device according to the present invention includes:
Analyzing the location of the terminal device, the name of the SSID, the encryption method used in the SSID, and the access route from the terminal device when there is access from the terminal device using an SSID (Service Set Identifier) a registration determining unit that determines whether or not to register the SSID in a blacklist in which unsafe SSIDs are registered;
and a registration processing unit that registers the SSID in the blacklist when the registration determining unit determines to register the SSID in the blacklist.

The server device
The blacklist, the whitelist in which safety-confirmed SSIDs that are SSIDs confirmed to be safe are registered, and the graylist in which presumed-safe SSIDs that are SSIDs that are presumed to be safe are registered. have
The registration decision unit
determining to register the SSID as the presumed safe SSID in the gray list when the SSID is not registered in the blacklist;
The registration processing unit
When the registration determination unit determines to register the SSID in the gray list, the SSID is registered in the gray list as the presumed safe SSID.

The registration decision unit
As a result of analyzing the location of the terminal device, if the location of the terminal device is not in Japan, it is determined to register the SSID in the blacklist.

The registration decision unit
As a result of analyzing the name of the SSID, if the name of the SSID contains characters used for spoofing the SSID, it is determined to register the SSID in the blacklist.

The registration decision unit
As a result of analyzing the encryption method used in the SSID, if the encryption method used in the SSID does not satisfy the prescribed encryption strength, it is determined that the SSID is registered in the blacklist.

The registration decision unit
As a result of analyzing the access route from the terminal device, if the access route from the terminal device includes a route outside Japan, it is determined to register the SSID in the blacklist.

An information processing method according to the present invention includes:
When there is access using an SSID (Service Set Identifier) from a terminal device, whether the access use SSID, which is the SSID used for the access, is registered in a blacklist in which unsafe SSIDs are registered. SSID determination processing for determining whether or not
When the SSID determination process determines that the access use SSID is registered in the blacklist, it is confirmed that the computer exists within a prescribed range from the location of the terminal device and is safe. either the access point of the safety-confirmed SSID that is the SSID that has been verified or the access point of the presumed safety SSID that is the SSID that is presumed to be safe, and the access point of the SSID obtained by the search is sent to the terminal. and SSID search processing for notifying the device.

An information processing method according to the present invention includes:
When there is access from a terminal device using an SSID (Service Set Identifier), a computer receives the location of the terminal device, the name of the SSID, the encryption method used by the SSID, and the access from the terminal device. a registration decision process that analyzes at least one of the routes and decides whether or not to register the SSID in a blacklist in which insecure SSIDs are registered;
a registration process of registering the SSID in the blacklist by the computer when the registration decision process determines to register the SSID in the blacklist.

An information processing program according to the present invention comprises
When there is access from a terminal device using an SSID (Service Set Identifier), it is checked whether or not the access use SSID, which is the SSID used for the access, is registered in a blacklist in which unsafe SSIDs are registered. SSID determination processing for determination;
If the SSID determination process determines that the access use SSID is registered in the blacklist, an SSID that exists within a prescribed range from the location of the terminal device and is confirmed to be safe. and the access point of the presumed safe SSID that is an SSID that is presumed to be safe, and notifies the access point of the SSID obtained by the search to the terminal device. SSID search processing is executed by the computer.

An information processing program according to the present invention comprises
When there is access from a terminal device using an SSID (Service Set Identifier), the location of the terminal device, the name of the SSID, the encryption method used in the SSID, and the access route from the terminal device registration determination processing for determining whether or not to register the SSID in a blacklist in which unsafe SSIDs are registered by analyzing at least one of
and a registration process for registering the SSID in the blacklist when the registration determination process determines that the SSID is to be registered in the blacklist.

According to the present invention, even if the terminal device uses an unsecured SSID, the terminal device is notified of the access point of the safety-confirmed SSID or the presumed-safe SSID located in the vicinity of the terminal device. A new SSID can be used early.

1 is a diagram showing a configuration example of a certificate update system according to Embodiment 1; FIG. 2 is a diagram showing a hardware configuration example of a server device according to Embodiment 1; FIG. FIG. 2 is a diagram showing a functional configuration example of a server device according to the first embodiment; FIG. 4 is a diagram showing details of the functional configuration of the terminal device and details of the functional configuration of the server device according to the first embodiment; FIG. 4 is a diagram showing an example of SSID information according to Embodiment 1; FIG. 4 is a diagram showing an example of a whitelist according to Embodiment 1; FIG. 4 is a diagram showing an example of a gray list according to Embodiment 1; FIG. 4 is a diagram showing an example of a blacklist according to Embodiment 1; FIG. 4 is a diagram showing an example of access point location information according to Embodiment 1; FIG. FIG. 4 is a diagram showing an example of an update request according to the first embodiment; FIG. FIG. 4 is a diagram showing the positions of access points of secure SSIDs existing near the current position of the terminal device according to Embodiment 1; 4 is a flowchart showing registration determination processing according to the first embodiment; 4 is a flowchart showing registration processing according to the first embodiment; 4 is a flowchart showing SSID determination processing according to the first embodiment; 4 is a flowchart showing SSID search processing according to the first embodiment; 1 is a diagram showing a configuration example of a conventional certificate renewal system; FIG.

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. In the following description of the embodiments and drawings, the same reference numerals denote the same or corresponding parts.

Embodiment 1.
*** Configuration description ***
FIG. 1 shows a configuration example of a certificate update system according to this embodiment. In principle, the elements in FIG. 1 with the same reference numerals as in FIG. 16 are the same as those shown in FIG.

The certificate update system according to the present embodiment comprises a server device 100, a terminal device 201, a terminal device 202, an access point 301, an access point 302, and the Internet 400, as shown in FIG.
Note that the operations performed by the server device 100 correspond to an information processing method and an information processing program.

As in FIG. 16, the access point 301 is a secure SSID access point for which certificate update is permitted. The terminal device 201 transmits a certificate update request 501 to the server device 100 via the access point 301 .
Also, the access point 302 is an access point with an insecure SSID that does not allow certificate updates. The terminal device 202 transmits a certificate renewal request 501 to the server device 100 via the access point 302 .
In the following description, the terminal devices 201 and 202 are collectively referred to as the terminal device 200 when there is no need to distinguish between the terminal devices 201 and 202 .

Server device 100 according to the present embodiment manages whitelist 151 , graylist 152 , blacklist 153 and access point location information 154 .

SSIDs that have been confirmed to be safe are registered in the whitelist 151 . The SSIDs registered in the whitelist 151 are also called safety confirmation SSIDs. It is assumed that the SSID of access point 301 is registered in whitelist 151 .
SSIDs that are presumed to be safe are registered in the gray list 152 . The SSIDs registered in the gray list 152 are also referred to as presumed safe SSIDs.
Insecure SSIDs are registered in the blacklist 153 . It is assumed that the SSID of access point 302 is registered in blacklist 153 .

The whitelist 151 is generated, for example, by the administrator of the server device 100 registering SSIDs that have been confirmed to be safe.

Graylist 152 and blacklist 153 are generated based on information collected from agent 251 and agent 252 .
Specifically, the server device 100 installs the agent 251 in the terminal device 201 so that each time the terminal device 201 connects to an access point, the server device 100 sends the agent 251 the SSID information of the access point to which the terminal device 201 connects. obtained by using
Similarly, by installing the agent 252 in the terminal device 202, the server device 100 uses the agent 252 to obtain the SSID information of the access point to which the terminal device 202 connects every time the terminal device 202 connects to the access point. get.
Agent 251 and agent 252 are the same agent program. Hereinafter, agents 251 and 252 will be collectively referred to as agents 250 when there is no need to distinguish between agents 251 and 252 .
For example, when the server device 100 issues a certificate to the terminal device 200 for the first time, the server device 100 causes the agent 250 to be installed in the terminal device 200 at the same time.
The agent 250 periodically communicates with the server device 100 and transmits to the server device 100 information on the SSID connected to it (hereinafter referred to as SSID information) when communicating with the server device 100 .
Based on the SSID information received from the agent 250, the server device 100 determines in which of the graylist 152 and the blacklist 153 the SSID should be registered.

Further, the server device 100 checks the whitelist 151 , the graylist 152 and the blacklist 153 when receiving the certificate renewal request 501 via the access point 301 or the access point 302 .
Since the access point 301 is registered in the whitelist 151 , the server device 100 permits the update of the certificate and transmits the certificate 502 to the terminal device 201 via the access point 301 .
On the other hand, since the access point 302 is registered in the blacklist 153, the server device 100 refuses to update the certificate. In the conventional certificate renewal system shown in FIG. 16, server device 1000 transmits renewal refusal notification 503, but in the certificate renewal system shown in FIG. The updatable SSID notification 504 is a message that notifies that the update of the certificate has been rejected and also notifies the location of the access point of the SSID near the current location of the terminal device 202 where the certificate can be updated.
In other words, the updatable SSID notification 504 notifies the locations of access points with secure SSIDs near the current location of the terminal device 202 . Specifically, in the updatable SSID notification 504, the position of the access point of the safety-confirmed SSID registered in the whitelist 151 or the position of the access point of the presumed-safe SSID registered in the graylist 152 is the safe SSID. Reported as the location of the access point.
The terminal device 202 can obtain the certificate 502 by transmitting the certificate update request 501 again to the server device 100 via the access point of the secure SSID notified by the updatable SSID notification 504 . Therefore, the user of the terminal device 202 does not need to check which SSID is the secure SSID or where the access point of the secure SSID is located, thereby reducing the burden on the user.

The access point location information 154 indicates the location of the access point for each SSID.

FIG. 2 shows a hardware configuration example of the server device 100 according to this embodiment.

Server device 100 according to the present embodiment is a computer.
The server device 100 includes a processor 901, a main storage device 902, an auxiliary storage device 903, and a communication device 904 as hardware.
Auxiliary storage device 903 stores a program that realizes the functions of list generation unit 110, SSID verification unit 120, SSID proposal unit 130, certificate verification unit 141, and terminal authentication unit 142, which will be described later.
These programs are loaded from the auxiliary storage device 903 to the main storage device 902 . The processor 901 executes these programs to perform the operations of the list generation unit 110, the SSID verification unit 120, the SSID proposal unit 130, the certificate verification unit 141, and the terminal authentication unit 142, which will be described later.
FIG. 2 schematically shows a state in which processor 901 is executing a program that implements the functions of list generation unit 110, SSID verification unit 120, SSID proposal unit 130, certificate verification unit 141, and terminal authentication unit 142. there is

FIG. 3 shows a functional configuration example of the server device 100 according to this embodiment.
The server device 100 is composed of a list generation unit 110 , an SSID verification unit 120 , an SSID proposal unit 130 , a certificate management unit 140 and a storage unit 150 .

The list generator 110 generates a graylist 152 and a blacklist 153 .
More specifically, list generator 110 receives SSID information transmitted from agent 250 . Based on the SSID information, list generation unit 110 then registers the corresponding SSID in graylist 152 or blacklist 153 and updates graylist 152 or blacklist 153 .

When certificate update request 501 is sent from terminal device 200, SSID matching unit 120 registers the SSID used for sending certificate update request 501 in any of white list 151, gray list 152, and black list 153. identify whether Then, the SSID matching unit 120 determines the process for the certificate update request 501 depending on whether the SSID is registered in the whitelist 151, the graylist 152, or the blacklist 153. FIG.

When SSID matching unit 120 determines that certificate update is not permitted, SSID proposal unit 130 generates updateable SSID notification 504 and sends generated updateable SSID notification 504 to certificate update request 501 . It is transmitted to the original terminal device 200 . In the example of FIG. 1 , SSID proposal unit 130 transmits updatable SSID notification 504 to terminal device 202 .

The certificate management unit 140 manages certificates and authenticates the terminal device 200 .
The certificate management unit 140 includes, for example, a certificate matching unit 141, a terminal authentication unit 142, a certificate DB 143, and an authentication information DB 144.
Certificate management unit 140 is not directly related to the operations described in the present embodiment, so the details of the configuration of certificate management unit 140 will not be described.

Storage unit 150 stores whitelist 151 , graylist 152 , blacklist 153 and access point location information 154 .
The whitelist 151 is, for example, information shown in FIG. Details of the whitelist 151 will be described later.
The gray list 152 is, for example, the information shown in FIG. Details of the gray list 152 will be described later.
The blacklist 153 is, for example, the information shown in FIG. Details of the blacklist 153 will be described later.
The access point location information 154 is, for example, the information shown in FIG. Details of the access point location information 154 will be described later.
The storage unit 150 is realized by, for example, the main storage device 902 and/or the auxiliary storage device 903 .

FIG. 4 shows details of the functional configuration of the agent 250 and details of the functional configuration of the server device 100 .

The agent 250 comprises a transmission/reception section 2501 , an SSID information collection section 2502 , a location information collection section 2503 , a judgment result display section 2504 and an SSID information display section 2505 .

A transmission/reception unit 2501 communicates with the server device 100 .
For example, the transmission/reception unit 2501 transmits SSID information to the server device 100 . The SSID information is, for example, the information shown in FIG. Details of the SSID information will be described later.
Also, the transmission/reception unit 2501 transmits a certificate renewal request 501 to the server device 100 . The certificate renewal request 501 is, for example, the information shown in FIG. Details of the certificate update request 501 will be described later.
Further, the transmission/reception unit 2501 receives the certificate 502 or the updatable SSID notification 504 from the server device 100 .

When terminal device 200 connects to an access point, SSID information collection section 2502 acquires information about the SSID of the access point, and uses the acquired information to generate SSID information.

The determination result display unit 2504 displays the response from the server device 100 to the certificate renewal request 501 on the display installed in the terminal device 200 .
That is, when the certificate 502 is transmitted from the certificate update request 501, the determination result display unit 2504 displays on the display that the certificate 502 has been received, that is, that the certificate has been successfully updated. On the other hand, when the certificate update request 501 sends the updatable SSID notification 504, the location of the nearby secure SSID access point is displayed on the display.

Next, the details of the functional configuration of the server device 100 will be described.

In list generator 110 , SSID information receiver 111 receives SSID information transmitted from terminal device 200 via access point 301 or access point 302 . Then, SSID information receiving section 111 transfers the received SSID information to registration determining section 112 .

Registration determining unit 112 determines whether to register the target SSID in graylist 152 or blacklist 153 based on the SSID information. More specifically, the registration determination unit 112 analyzes the location of the terminal device 200, the name of the SSID, the encryption method used in the SSID, and the access route from the terminal device 200 indicated in the SSID information, It decides whether or not to register the SSID in the gray list 152 or the black list 153 .
Further, when the SSID is not registered in graylist 152 , registration determining unit 112 determines to register the SSID in blacklist 153 .
The processing performed by the registration determination unit 112 corresponds to registration determination processing.

Registration processing unit 113 registers the SSID in gray list 152 or black list 153 according to the determination of registration determination unit 112 . That is, when the registration determining unit 112 determines to register the SSID in the graylist 152 , the registration processing unit 113 registers the SSID in the graylist 152 . On the other hand, when the registration determining unit 112 determines to register the SSID in the blacklist 153 , the registration processing unit 113 registers the SSID in the blacklist 153 .
The processing performed by the registration processing unit 113 corresponds to registration processing.

In SSID matching section 120 , update transmission/reception section 121 receives certificate update request 501 from terminal device 200 . The update transmitting/receiving unit 121 then transfers the received certificate update request 501 to the SSID determining unit 122 .
Further, when the certificate 502 is generated by the SSID determination unit 122 , the update transmission/reception unit 121 transmits the certificate 502 to the terminal device 200 .

When the certificate update request 501 is received, the SSID determination unit 122 determines whether the SSID used for sending the certificate update request 501 (hereinafter referred to as the access use SSID) is included in the white list 151 , the gray list 152 and the black list 153 . It is determined whether it is registered in which of
When the SSID determination unit 122 determines that the access use SSID is registered in the blacklist 153 , the SSID determination unit 122 instructs the SSID search unit 131 to generate the updatable SSID notification 504 .
On the other hand, when it is determined that the SSID used for access is registered in the whitelist 151 or the graylist 152, the SSID determination unit 122 generates a certificate 502 and outputs the generated certificate 502 to the update transmission/reception unit 121. .
The processing performed by the SSID determination unit 122 corresponds to SSID determination processing.

SSID search unit 131 generates updatable SSID notification 504 when SSID determination unit 122 instructs generation of updatable SSID notification 504 .
That is, when the SSID determination unit 122 determines that the access use SSID is registered in the blacklist 153, the SSID search unit 131 detects the safety confirmation SSID that exists within the prescribed range from the location of the terminal device 200. Either the access point (SSID registered in the whitelist 151) or the access point with the presumed safe SSID (SSID registered in the graylist 152) is searched. Then, the SSID search unit 131 notifies the terminal device 200 of the access point of the SSID obtained by the search. More specifically, when an access point with a safety-confirmed SSID is obtained by searching, the SSID search unit 131 notifies the terminal device 200 of the access point with the safety-confirmed SSID. Further, when the access point of the safety-confirmed SSID is not obtained by searching but the access point of the presumed-safe SSID is obtained, the SSID searching unit 131 notifies the terminal device 200 of the access point of the presumed-safe SSID.
For example, the SSID search unit 131 generates the updatable SSID notification 504 shown in FIG. Details of FIG. 11 will be described later.
Note that the processing performed by the SSID search unit 131 corresponds to SSID search processing.

SSID information transmitting section 132 transmits update rejection notification 503 generated by SSID searching section 131 to terminal device 200 .

***Description of operation***
Next, an operation example of the server device 100 according to this embodiment will be described.

First, the registration determination process will be described with reference to FIG. The registration determination process is a process of determining in which of graylist 152 and blacklist 153 the SSID is to be registered.
Note that the registration in the whitelist 151 is performed according to the instruction of the administrator of the server device 100, so it is not performed in the flow of FIG. Also, it is assumed that the registration of the safety confirmation SSID to the whitelist 151 has been completed before the flow of FIG. 12 is started.

The agent 250 periodically communicates with the server device 100 and transmits to the server device 100 SSID information indicating the SSID to which the access point to which the terminal device 200 is connected belongs for communication with the server device 100 . Specifically, SSID information collection unit 2502 generates SSID information, and transmission/reception unit 2501 transmits the SSID information to server device 100 .
As described above, in this embodiment, the SSID information illustrated in FIG. 5 is transmitted to server device 100 .
As shown in FIG. 5, the SSID information includes "time", "SSID name", "encryption strength", "latitude", "longitude", "response time", "terminal IP address", and "terminal to server Via routes 1 to 20” are included.
"Time" describes the transmission time of the SSID information.
“SSID name” indicates the identifier of the SSID to which the access point to which the terminal device 200 is connected belongs.
The "encryption strength" describes the encryption strength of the encryption method used by the SSID to which the access point to which the terminal device 200 is connected belongs.
The current position of the terminal device 200 is described in “latitude” and “longitude”.
The "response time" describes, for example, a ping value.
The access route from the terminal device 200 to the server device 100 is described in the “terminal-server route 1 to 20”. Note that FIG. 5 shows an example in which there are 20 access routes from the terminal device 200 to the server device 100 . The number of columns of "via route from terminal to server" varies depending on the number of access routes.

In server device 100 , SSID information receiving section 111 receives the SSID information and transfers the received SSID information to registration determining section 112 .

The registration determining unit 112 determines whether or not the "latitude" and "longitude" indicated in the SSID information are the latitude and longitude in Japan (step S101).

If the “latitude” and “longitude” indicated in the SSID information are not the latitude and longitude in Japan (NO in step S101), the registration determination unit 112 puts the SSID indicated in the “SSID name” in the SSID information into the blacklist 153. (step S102).

On the other hand, if the "latitude" and "longitude" indicated in the SSID information are the latitude and longitude in Japan (YES in step S101), the registration determination unit 112 sets the "SSID name" of the SSID information to the SSID impersonation. It is determined whether or not frequently used characters (for example, characters other than ASCII characters) are included (step S103).

If the "SSID name" of the SSID information contains characters that are often used for SSID spoofing (YES in step S103), registration determining unit 112 blacks out the SSID indicated in the "SSID name" of the SSID information. It decides to register in the list 153 (step S104).

On the other hand, if the "SSID name" of the SSID information does not contain characters that are often used for SSID spoofing (NO in step S103), the registration determination unit 112 determines the "encryption strength" indicated in the SSID information. It is determined whether or not the encryption strength is greater than or equal to the specified strength (step S105).

If the encryption strength indicated in the “encryption strength” of the SSID information is not equal to or higher than the designated strength (NO in step S105), the registration determination unit 112 puts the SSID indicated in the “SSID name” of the SSID information into the blacklist 153. (step S106).

If the encryption strength indicated in the "encryption strength" of the SSID information is equal to or higher than the designated strength (YES in step S105), the registration determination unit 112 registers the access indicated in the "route from terminal to server" of the SSID information. It is determined whether or not the route passes through a global IP address assigned outside the country (step S107). That is, as a result of analyzing the access route from the terminal device 200 to the server device 100, the registration determination unit 112 determines whether or not the access route from the terminal device 200 to the server device 100 includes a route outside Japan. .

If the route indicated in the “route from terminal to server” of the SSID information passes through the global IP address assigned outside the country (YES in step S108), the registration determination unit 112 registers the “SSID name ” is determined to be registered in the blacklist 153 (step S108).

On the other hand, if the route indicated in the “route from terminal to server” in the SSID information does not pass through the global IP address assigned outside the country (NO in step S107), the registration determination unit 112 determines the “route from terminal to server” in the SSID information. SSID name” is determined to be registered in the gray list 152 (step S109).

Next, the registration process will be described with reference to FIG. The registration process is a process of registering the SSID in the graylist 152 or blacklist 153 .

The registration processing unit 113 determines whether or not the same SSID as the SSID to be registered (hereinafter referred to as the SSID to be registered) has already been registered in the graylist 152 or blacklist 153 (step S201).

If the same SSID as the registration target SSID is not registered (NO in step S201), the registration processing unit 113 registers the registration target SSID as a new SSID in the gray list 152 or the black list 153 (step S202).

On the other hand, if the same SSID as the SSID to be registered has already been registered (YES in step S201), the registration processing unit 113 determines the encryption strength of the SSID to be registered and the already registered SSID (hereinafter referred to as the registered SSID). ) have the same encryption strength (step S203).

If the encryption strengths are not the same (NO in step S203), registration processing unit 113 registers the SSID to be registered as a new SSID in gray list 152 or black list 153 (step S204).

On the other hand, if the encryption strengths are the same (YES in step S203), the registration processing unit 113 determines whether the difference between the latitude and longitude of the SSID to be registered and the latitude and longitude of the already registered SSID is within the specified range. (step S205).

If the difference between the latitude and longitude of the SSID to be registered and the latitude and longitude of the already registered SSID is not within the specified range (NO in step S205), the registration processing unit 113 puts the SSID to be registered as a new SSID into the gray list 152 or the black list. It is registered in the list 153 (step S206).

On the other hand, if the difference between the latitude and longitude of the SSID to be registered and the latitude and longitude of the already registered SSID is within the designated range (YES in step S205), the registration processing unit 113 puts the SSID to be registered as an existing SSID into the gray list. 152 or blacklist 153 (step S207).

12 and 13, the graylist 152 shown in FIG. 7 and the blacklist 153 shown in FIG. 8 are generated.
Since the configurations of the graylist 152 and the blacklist 153 are the same, the configuration of the graylist 152 will be described below as a representative. The following discussion also applies to blacklist 153 .

The gray list 152 includes "time", "SSID name", "encryption strength", "latitude", "longitude", "average response time", "number of connections", and "routes 1 to 20 from terminal to server." ” is included.
The "time", "SSID name", "encryption strength", "latitude", "longitude", and "routes 1 to 20 from terminal to server" are the same as those shown in FIG.
Note that when the same SSID is registered as an existing SSID (step S207 in FIG. 13), the value of “time” of the latest SSID information is registered in “time” of gray list 152 .
In addition, when the same SSID is registered as an existing SSID (step S207 in FIG. 13), the “latitude” and “longitude” values of all SSID information are set to “latitude” and “longitude” in the gray list 152. "Latitude" and "Longitude".
When the same SSID is registered as an existing SSID (step S207 in FIG. 13), the average value of the "response time" of the SSID information is registered in the "average response time". When the SSID is registered for the first time, the "response time" value of the SSID information is registered in the "average response time".
The number of accesses to the server apparatus 100 via the access point of the SSID indicated in the "SSID name" is registered in the "number of connections".

As described above, the whitelist 151 is generated by a process different from the processes in FIGS. 12 and 13 by the operation of the administrator of the server apparatus 100. FIG.
FIG. 6 shows an example of whitelist 151 .
In FIG. 6, "Time", "SSID Name", "Encryption Strength", "Average Response Time", "Number of Connections", and "Terminal-Server Transit Routes 1 to 20" are as shown in FIG. are the same.
“Time” indicates the time when the record in the whitelist 151 was generated.
“Latitude” and “longitude” indicate the location of the access point of the SSID indicated in “SSID name”.
“Assigned IP address” is the IP address assigned to the SSID indicated in “SSID name”.

Next, referring to FIG. 14, SSID determination processing will be described. The SSID determination process is a process of determining whether to approve or reject the certificate update request 501 .

A certificate update request 501 is transmitted from the terminal device 200 to the server device 100 by the operation of the user of the terminal device 200 . Specifically, SSID information collection unit 2502 generates certificate update request 501 , and transmission/reception unit 2501 transmits certificate update request 501 to server device 100 .
As described above, in this embodiment, the certificate update request 501 shown in FIG. 10 is sent to the server device 100. FIG.
The certificate update request 501 is divided into access use SSID information and surrounding SSID information.
The access use SSID information is information about the SSID that the terminal device 200 uses for communication with the server device 100 .
The surrounding SSID information is information about SSIDs other than access use SSIDs (hereinafter referred to as surrounding SSIDs) where access points are located around the terminal device 200 .
"Time", "SSID name", "Encryption strength", "Latitude", "Longitude", "Response time", "Terminal IP address", "Terminal-server route 1 to 20" in the certificate renewal request 501 ' are the same as those shown in FIG.
Values such as "time", "SSID name", and "encryption strength" of access use SSID information are the same as those shown in FIG. 5 except for the values of "time", "latitude" and "longitude". . Since the certificate update request 501 was generated after the SSID information in FIG. 5, the "time" describes the time later than the time in FIG. Also, since the terminal device 200 has moved after the SSID information was generated, the values of "latitude" and "longitude" are different from those in FIG.
In the surrounding SSID information, the time when each record was generated is described in "Time". In addition, the identifier of the surrounding SSID is described in the "SSID name". "Encryption strength" describes the encryption strength of the encryption method used by each surrounding SSID. “Latitude” and “longitude” describe the locations of access points around the terminal device 200 of each surrounding SSID. Note that descriptions of "encryption method", "latitude" and "longitude" of the surrounding SSID information can be omitted.

In server device 100 , update transmission/reception unit 121 receives certificate update request 501 and transfers received certificate update request 501 to SSID determination unit 122 .
In the SSID determination unit 122, as shown in FIG. 14, the access usage SSID indicated in the "SSID name" of the access usage SSID information of the certificate update request 501 is included in one of the whitelist 151, graylist 152, and blacklist 153. It is determined whether or not registration has been completed (step S301).
If the access use SSID is not registered in any of the whitelist 151, graylist 152, and blacklist 153 (NO in step S301), the processing of steps S101 to S109 in FIG. 12 is performed (step S302). After the processing of steps S101 to S109 in FIG. 12, the processing of step S301 is performed again.

On the other hand, if the access SSID is registered in any one of whitelist 151, graylist 152, and blacklist 153 (YES in step S301), SSID determination unit 122 determines whether the surrounding SSID matches the verification SSID. (step S303).
Specifically, the SSID determination unit 122 verifies SSIDs in which access points are located around the location of the terminal device 200 indicated in the “latitude” and “longitude” of the access use SSID information of the certificate update request 501. is extracted from the access point location information 154 as. That is, the SSID determination unit 122 collates the values of “latitude” and “longitude” of the access use SSID information of the certificate update request 501 with the values of “latitude” and “longitude” of the access point location information 154, SSIDs other than access use SSIDs with access points around the terminal device 200 are extracted as verification SSIDs. For example, the SSID determination unit 122 extracts SSIDs with access points within a radius of 100 meters from the location of the terminal device 200 as verification SSIDs.
Then, the SSID determination unit 122 compares the neighboring SSID indicated in the “SSID name” of the neighboring SSID information of the certificate renewal request 501 with the verification SSID, and confirms the match rate between the neighboring SSID and the verification SSID.

If the match rate between the surrounding SSID and the verification SSID is less than the threshold (NO in step S303), the SSID determination unit 122 determines to reject the update of the certificate, and presents the location information of the secure SSID to the terminal device 200. is determined (step S304).
By checking the match rate between the surrounding SSID and the verification SSID in this way, it is possible to detect fraudulent use of the terminal device 200 . In other words, even when the terminal device 200 is disguised as using a secure SSID when it actually uses an unsecure SSID, a high match rate can be obtained. Spoofing the surrounding SSID is difficult. For this reason, by checking the matching rate between the surrounding SSID and the verification SSID, it is possible to discover the above-described spoofing.
Further, in step S304, the SSID determination unit 122 instructs the SSID search unit 131 to generate the updatable SSID notification 504. FIG. At this time, the SSID determination unit 122 notifies the SSID search unit 131 of the location information of the terminal device 200 .
In this example, the SSID determination unit 122 determines to present the terminal device 200 with location information of a safe SSID. The determination unit 122 may instead decide to send the update rejection notification 503 .

On the other hand, if the matching rate between the surrounding SSID and the verification SSID is equal to or higher than the threshold (YES in step S303), the SSID determination unit 122 determines whether or not the access use SSID is registered in the whitelist 151 (step S305). .

If the SSID used for access is registered in the whitelist 151 (YES in step S305), the SSID determination unit 122 permits the update of the certificate (step S306).
In this case, the SSID determination unit 122 generates the certificate 502 and causes the update transmission/reception unit 121 to transmit the generated certificate 502 to the terminal device 200 .

On the other hand, if the access SSID is not registered in the whitelist 151 (NO in step S305), the SSID determination unit 122 determines whether or not the access SSID is registered in the blacklist 153 (step S307). .

If the SSID used for access is registered in the blacklist 153 (YES in step S307), the SSID determination unit 122 determines refusal to update the certificate and instructs the terminal device 200 to present the location information of the secure SSID. Determine (step S308).
In this case, SSID determination unit 122 instructs SSID search unit 131 to generate updatable SSID notification 504 . At this time, the SSID determination unit 122 notifies the SSID search unit 131 of the location information of the terminal device 200 .

On the other hand, if the access SSID is not registered in the blacklist 153 (NO in step S307), the SSID determination unit 122 determines whether the access SSID is registered in the graylist 152 (step S309).

If the access use SSID is registered in the gray list 152 (YES in step S309), the SSID determination unit 122 permits the update of the certificate (step S310).
In this case, the SSID determination unit 122 generates the certificate 502 and causes the update transmission/reception unit 121 to transmit the generated certificate 502 to the terminal device 200 .

On the other hand, if the SSID used for access is not registered in the gray list 152 (NO in step S309), the SSID determination unit 122 determines to reject the update of the certificate, and presents the location information of the secure SSID to the terminal device 200. (step S311).
In this case, SSID determination unit 122 instructs SSID search unit 131 to generate updatable SSID notification 504 . At this time, the SSID determination unit 122 notifies the SSID search unit 131 of the location information of the terminal device 200 .

Next, SSID search processing will be described with reference to FIG. The SSID search process is a process of searching for a secure SSID.

When there is an instruction to generate updatable SSID notification 504 from SSID determination unit 122, SSID search unit 131 detects that there is an access point with an SSID registered in white list 151 within a prescribed range from the location of terminal device 200. It is determined whether or not (step S401).
Specifically, the SSID search unit 131 collates the location of the terminal device 200 notified from the SSID determination unit 122 with the “latitude” and “longitude” of the whitelist 151 , and It is determined whether or not there is an access point with an SSID registered in the whitelist 151 within the specified range. The prescribed range is, for example, a range with a radius of 500 meters from the location of the terminal device 200 .

If there is an access point with an SSID registered in whitelist 151 within a prescribed range from the location of terminal device 200 (YES in step S401), SSID search unit 131 searches for the access point with the SSID extracted in step S401. A proposal is made to the terminal device 200 (step S402).
Specifically, SSID search unit 131 generates updatable SSID notification 504 in which the location of the access point of the SSID extracted in step S401 is displayed as shown in FIG. Then, the SSID searching unit 131 causes the SSID information transmitting unit 132 to transmit the updatable SSID notification 504 to the terminal device 200 .
Note that when a plurality of SSIDs are extracted in step S401, the SSID search unit 131 selects an SSID that satisfies the following conditions.
(1) the encryption strength is equal to or greater than the threshold; (2) the average response time is less than the threshold; and (3) the number of connections with the terminal device 200 is equal to or greater than the threshold. The best SSID may be selected. Further, the SSID search unit 131 may select an SSID having an access point closest to the terminal device 200 that satisfies (1) to (3) above. Alternatively, only one of the above (1) to (3) may be set as a condition.

If there is no access point with an SSID registered in the whitelist 151 within the specified range from the location of the terminal device 200 (NO in step S401), the SSID search unit 131 searches for an access point within the specified range from the location of the terminal device 200. determines whether or not there is an access point with an SSID registered in the gray list 152 (step S403).
Specifically, the SSID search unit 131 collates the location of the terminal device 200 notified from the SSID determination unit 122 with the “latitude” and “longitude” of the gray list 152 , and from the location of the terminal device 200 It is determined whether or not there is an access point with an SSID registered in the gray list 152 within the prescribed range. The prescribed range is, for example, a range with a radius of 500 meters from the location of the terminal device 200 .

If there is an access point with an SSID registered in graylist 152 within the prescribed range from the location of terminal device 200 (YES in step S403), SSID searching unit 131 searches for the access point with the SSID extracted in step S403. A proposal is made to the terminal device 200 (step S404).
Specifically, SSID search unit 131 generates updatable SSID notification 504 in which the location of the access point of the SSID extracted in step S403 is displayed as shown in FIG. Then, the SSID searching unit 131 causes the SSID information transmitting unit 132 to transmit the updatable SSID notification 504 to the terminal device 200 .
Note that when a plurality of SSIDs are extracted in step S403, the SSID search unit 131 selects an SSID that satisfies the following conditions.
(1) the encryption strength is equal to or greater than the threshold; (2) the average response time is less than the threshold; and (3) the number of connections with the terminal device 200 is equal to or greater than the threshold. The best SSID may be selected. Further, the SSID search unit 131 may select an SSID having an access point closest to the terminal device 200 that satisfies (1) to (3) above. Alternatively, only one of the above (1) to (3) may be set as a condition.

If there is no access point with an SSID registered in the graylist 152 within the prescribed range from the location of the terminal device 200 (NO in step S403), a range wider than the range in step S401 is registered in the whitelist 151. It is determined whether or not there is an access point with an SSID that is present (step S405).
For example, the SSID search unit 131 determines whether there is an access point with an SSID registered in the whitelist 151 within 1 km from the location of the terminal device 200 .

Thereafter, the processing of steps S401 to S405 is repeated, and if the access point of the SSID registered in the whitelist 151 or the graylist 152 cannot be extracted even after repeating the processing for a specified number of times, the SSID search unit 131 sends an error message to the terminal device 200. Send (step S406).
More specifically, the SSID search unit 131 sends an error message to the SSID information transmission unit 132 to the effect that the certificate update has been rejected and that there is no access point with a secure SSID near the terminal device 200. Send via.

In the terminal device 200 , when the certificate 502 is received, the determination result display unit 2504 displays on the display that the certificate has been successfully updated based on the certificate 502 .
Further, when the updatable SSID notification 504 is received, the determination result display unit 2504 displays on the display that the update of the certificate is rejected based on the updatable SSID notification 504 . Also, the SSID information display unit 2505 displays on the display position information indicating the position of the access point of the secure SSID illustrated in FIG.
Also, when an error message is received, the determination result display unit 2504 displays based on the error message that the update of the certificate has been rejected and that there is no secure SSID access point nearby.

***Description of the effect of the embodiment***
As described above, according to the present embodiment, even if the terminal device uses an unsafe SSID, the terminal device is notified of the access point of the safety-confirmed SSID or the presumed-safe SSID located near the terminal device. A terminal device can use a secure SSID early.

It should be noted that the mechanism shown in this embodiment can be applied to applications other than certificate renewal. In other words, this embodiment can be applied to any data as long as the server device can decide whether to respond or reject a request from the terminal device according to the security of the SSID.
For example, assume a case where a terminal device uses an unsecured SSID to request a ticket reservation from a server device. In this case, the server device can refuse the ticket reservation and present an access point with a secure SSID near the current location of the terminal device. The terminal device can realize the reservation of the ticket by accessing the server device again via the presented secure SSID access point.

***Description of hardware configuration***
Finally, a supplementary explanation of the hardware configuration of the server apparatus 100 will be given.
A processor 901 shown in FIG. 2 is an IC (Integrated Circuit) that performs processing.
The processor 901 is a CPU (Central Processing Unit), a DSP (Digital Signal Processor), or the like.
The main memory device 902 shown in FIG. 2 is a RAM (Random Access Memory).
The auxiliary storage device 903 shown in FIG. 2 is a ROM (Read Only Memory), flash memory, HDD (Hard Disk Drive), or the like.
The communication device 904 shown in FIG. 2 is an electronic circuit that performs data communication processing.
The communication device 904 is, for example, a communication chip or a NIC (Network Interface Card).

The auxiliary storage device 903 also stores an OS (Operating System).
At least part of the OS is executed by the processor 901 .
While executing at least part of the OS, the processor 901 executes programs that implement the functions of the list generation unit 110 , the SSID verification unit 120 , the SSID proposal unit 130 , the certificate verification unit 141 and the terminal authentication unit 142 .
Task management, memory management, file management, communication control, and the like are performed by the processor 901 executing the OS.
In addition, at least one of information, data, signal values, and variable values indicating the processing results of the list generation unit 110, the SSID verification unit 120, the SSID proposal unit 130, the certificate verification unit 141, and the terminal authentication unit 142 is stored in the main memory. It is stored in at least one of device 902 , secondary storage device 903 , registers in processor 901 and cache memory.
Also, a program that realizes the functions of the list generation unit 110, the SSID verification unit 120, the SSID proposal unit 130, the certificate verification unit 141, and the terminal authentication unit 142 can be a magnetic disk, a flexible disk, an optical disk, a compact disk, a Blu-ray (registered trademark) ) may be stored in a portable recording medium such as a disk or a DVD. Then, a portable recording medium storing a program for realizing the functions of the list generation unit 110, the SSID verification unit 120, the SSID proposal unit 130, the certificate verification unit 141, and the terminal authentication unit 142 may be commercially distributed. .

Also, the “parts” of the list generation unit 110, the SSID verification unit 120, the SSID proposal unit 130, the certificate verification unit 141, and the terminal authentication unit 142 are read as “circuit”, “process”, “procedure”, or “processing”. may
Also, the server device 100 may be realized by a processing circuit. The processing circuits are, for example, logic ICs (Integrated Circuits), GAs (Gate Arrays), ASICs (Application Specific Integrated Circuits), and FPGAs (Field-Programmable Gate Arrays).
In this case, the list generation unit 110, the SSID verification unit 120, the SSID proposal unit 130, the certificate verification unit 141, and the terminal authentication unit 142 are each realized as part of the processing circuit.

100 server device, 110 list generation unit, 111 SSID information reception unit, 112 registration determination unit, 113 registration processing unit, 120 SSID verification unit, 121 update transmission/reception unit, 122 SSID determination unit, 130 SSID proposal unit, 131 SSID search unit, 132 SSID information transmission unit 140 certificate management unit 141 certificate verification unit 142 terminal authentication unit 143 certificate DB 144 authentication information DB 150 storage unit 151 white list 152 gray list 153 black list 154 Access point location information, 200 terminal device, 201 terminal device, 202 terminal device, 250 agent, 251 agent, 252 agent, 301 access point, 302 access point, 400 Internet, 501 certificate update request, 502 certificate, 503 update refusal notification, 504 updatable SSID notification, 901 processor, 902 main storage device, 903 auxiliary storage device, 904 communication device, 1000 server device, 2501 transmission/reception unit, SSID 2502 information collection unit, 2503 location information collection unit, 2504 determination result display unit, 2505 SSID information display part.

Claims (8)

When there is access from a terminal device using an SSID (Service Set Identifier), it is checked whether or not the access use SSID, which is the SSID used for the access, is registered in a blacklist in which unsafe SSIDs are registered. an SSID determination unit that determines
An SSID that is confirmed to be safe and that exists within a prescribed range from the location of the terminal device when the SSID determination unit determines that the access use SSID is registered in the blacklist. and the access point of the presumed safe SSID that is an SSID that is presumed to be safe, and notifies the access point of the SSID obtained by the search to the terminal device. A server device having an SSID search unit. The SSID search unit is
As a result of the search, if neither the access point of the safety-confirmed SSID nor the access point of the presumed safety SSID exists within the prescribed range from the location of the terminal device, the 2. The server apparatus according to claim 1, wherein either the access point of the safety confirmation SSID or the access point of the presumed safety SSID is searched. The SSID search unit is
If the access point of the safety-confirmed SSID is obtained by searching, the access point of the safety-confirmed SSID is notified to the terminal device, and if the access point of the safety-confirmed SSID is not obtained by the search, the presumed safety SSID is 2. The server apparatus according to claim 1, wherein when an access point is obtained, the terminal apparatus is notified of the access point of the presumed safe SSID. The SSID search unit is
If access points with multiple safety confirmation SSIDs are obtained by searching, encryption strength of the encryption method used by each safety confirmation SSID, average connection time of each safety confirmation SSID, average connection time of each safety confirmation SSID, and selecting a safety confirmation SSID that notifies the terminal device of the access point based on at least one of the number of connections of each safety confirmation SSID,
When access points of multiple presumed-safe SSIDs are obtained by searching, from among the plurality of presumed-safe SSIDs, the encryption strength of the encryption method used by each presumed-safe SSID, the average connection time of each presumed-safe SSID, 2. The server device according to claim 1, wherein the estimated safety SSID for notifying the access point to the terminal device is selected based on at least one of the number of connections of each estimated safety SSID. The server device
a storage unit that stores access point location information indicating the location of an access point for each SSID;
The SSID determination unit
When there is an access from the terminal device using the access use SSID, the location of the terminal device is indicated, and an SSID other than the access use SSID where access points are located around the terminal device. obtaining surrounding SSID information in which the SSID is indicated;
referring to the access point location information and extracting SSIDs in which access points exist around the location of the terminal device as verification SSIDs;
2. The server device according to claim 1, which analyzes a matching situation between said surrounding SSID and said verification SSID. The SSID search unit is
6. The server according to claim 5, wherein, when the SSID determination unit determines that a match rate between the surrounding SSID and the verification SSID is less than a threshold value, one of the safety confirmation SSID and the safety presumed SSID is searched. Device. When there is access using an SSID (Service Set Identifier) from a terminal device, whether the access use SSID, which is the SSID used for the access, is registered in a blacklist in which unsafe SSIDs are registered. SSID determination processing for determining whether or not
When the SSID determination process determines that the access use SSID is registered in the blacklist, it is confirmed that the computer exists within a prescribed range from the location of the terminal device and is safe. either the access point of the safety-confirmed SSID that is the SSID that has been verified or the access point of the presumed safety SSID that is the SSID that is presumed to be safe, and the access point of the SSID obtained by the search is sent to the terminal. and an SSID search process for notifying a device. When there is access from a terminal device using an SSID (Service Set Identifier), it is checked whether or not the access use SSID, which is the SSID used for the access, is registered in a blacklist in which unsafe SSIDs are registered. SSID determination processing for determination;
If the SSID determination process determines that the access use SSID is registered in the blacklist, an SSID that exists within a prescribed range from the location of the terminal device and is confirmed to be safe. and the access point of the presumed safe SSID that is an SSID that is presumed to be safe, and notifies the access point of the SSID obtained by the search to the terminal device. An information processing program that causes a computer to execute an SSID search process.

Images