JP2002312284A - Device and program for detecting dishonest alteration of homepage - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a homepage dishonest alternation detecting device for coping with illegal cases becoming complicated by using information technology(IT) to expose an wicked false advertisement and a spoofing site by servicing the infrastructure for obtaining the information of illegally used homepage through electronic mails. SOLUTION: A digital watermark for inspecting the truth of the homepage information in a Web site is stored in a proper homepage, and whether the homepage is altered or spoofed is determined on the basis of the encryption key information corresponding to the digital watermark to carry out the predetermined check for inspecting the spoofing.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a homepage server device for preventing illegal use of commercial transaction information and product information obtained via the Internet. More specifically, the present invention prevents unauthorized use of a company name and a product name used during the provision of Internet commerce and product information by a third party without permission. In addition, based on information received via the Internet,
A homepage server device that compares telephone directory data, map data, registry information, NTT registration information, Internet URLs, trademarks, etc. with current registration or registered credible confirmation information to determine the authenticity of the received information. It is related to.

Furthermore, the present invention relates to an apparatus for verifying in advance the impersonation of a provider of a commercial transaction or collected information using the Internet or a provided item and determining whether the authenticity is black or white. The present invention relates to a device that stores in a server device, and provides authorized data such as stored registry information and a registered trademark to a general user or a responsible organization. In addition, the present invention verifies the collected information and impersonation in commercial transactions and determines the authenticity of the information in black and white, and then sends the black and white determination result to the victim who has been abused, in other words, to the true homepage owner. The present invention relates to a technology for increasing the accuracy of information collection using the Internet by automatically distributing the information, and further ensuring the security of electronic commerce in the Internet society.

[0003]

2. Description of the Related Art Generally, when starting a new business transaction,
As a method of obtaining the credit information of the other party, there is a method of requesting a credit research company to make a research report and judging the credit status of the user. In this case, the person initiating the transaction had to bear the investigation period and costs. In recent years, in the electronic commerce using the Internet, the importance of a credit check of a company has become even more important than that of general commercial transactions, and there has been a demand for speedy transactions. In addition, the credibility of the credit information must be determined immediately. Furthermore, in order to increase the spread of electronic commerce on the Internet, it is necessary to eliminate unauthorized use of homepages such as "spoofing" websites.

FIG. 1 is a configuration diagram of a conventional violation homepage detection system. This figure shows January 6, 2001
The content was published in the Asahi Shimbun and Asahi Shimbun. The article states that email should be used to detect illegal traders,
The government's Fair Trade Commission will begin strengthening the Internet-based investigation system with the cooperation of consumers next year to efficiently detect violations of the Antitrust Law and the Premium Labeling Law. Until now, the provision of information, such as reports from victim companies and consumers, called "declaration," often started the survey, but we have developed an infrastructure to obtain information by e-mail. The FTC plans to recruit “investigators” from consumers and detect malicious false advertisements on the Internet.
I would like to use T) to deal with increasingly complex violations. "

[0005]

However, as described above, in the coping method utilizing the research company and the e-mail,
After all, manual work is indispensable, and a lot of investigation time is spent and the cost is enormous.

[0006] In view of such circumstances, the present invention obtains basic data for verifying the authenticity of Web site homepage information from a competent institution and a company that manages and operates information, and then obtains predetermined data. By integrating and accumulating data in a single server device, an attempt is made to provide a system that can accurately and promptly determine the authenticity of a provider or a provided product or a provided service related to electronic commerce on the Internet based on stored data and materials. Things.

[0007]

According to the present invention, there is provided a means for reading collated information from digital information of a homepage being browsed, a means for comparing the collated information with collation information unique to a regular homepage, When the comparison result is determined to be consistent, the illegal use of the viewed homepage is determined, and when the comparison result is determined to be inconsistent, determination means for determining whether the viewed homepage is falsified is included.

Further, according to the present invention, when falsification determination is detected,
It further includes means for displaying a mark on the computer display at the tampered portion.

Further, the present invention provides an information acquisition step of reading collated information from digital information of a homepage being browsed, a comparing step of comparing the collated information with collation information unique to a regular homepage, and a comparison result. A determination step of determining unauthorized use of the currently viewed homepage when it is determined to be consistent, and determining falsification of the currently viewed homepage when the comparison result is determined to be inconsistent;
It is a program that includes

Still further, the present invention is a program further comprising a marking step of displaying a mark on a computer display of the tampered portion when the tampering determination is detected. Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[0011]

FIG. 2 to FIG. 18 show an example of an embodiment of the present invention. In FIG. 2, parts denoted by the same reference numerals as those in FIG. 2 represent the same parts. The feature is that, as shown in FIG.
aApplet) on the “spoofing” website (W
(e.g., ebSite), the spoofing occurrence is automatically notified to the mail server of the true website owner by e-mail.

Next, the operation of the illustrated example will be described.

FIG. 2 is a block diagram of an impersonation homepage check system illustrating the present invention. The user terminal 1 is connected to the central processing center 2 via a facsimile or the Internet network 9. The central processing center 2 is also connected to a plurality of information providing servers 7 via the Internet network 9. In this case, the user terminal may be a dial-up connection, or may be connected to the Internet network 9 via a router at a line speed of about T2, and is illustrated on behalf of a plurality of user terminals. Thereby, digital information can be mutually transmitted and received among the user terminal 1, the central processing center 2, and the information providing server 7. In this case, the user terminal 1 can transmit and receive information from the information providing server 7 and search and introduce necessary information. In one embodiment of the present invention, the Internet technology using the TCP / IP protocol is used. However, any protocol that can be connected to the Internet regardless of this does not impede other specifications.

The server 5 of the central processing center 2 in FIG.
A homepage server device for transmitting a homepage recorded in the server to the Internet 9 is inherent. In addition to the homepage server device, there are provided registered black-and-white files 5a and 5b, a URL registrar 6 such as JPNIC, existence check information 5f such as telephone directory data, a danger term dictionary 5c, and a financial term dictionary 5b. And a central processing unit 4 for recording and managing the information. Here, the central processing unit 4 includes a collection homepage synthesizing unit 4a, an existing registered black / white file checking unit 4b, a requester domain name checking unit 4c, a JP
The system is provided with an institution information check processing means 4d and a checked information report processing means 4e, such as NICs, and various "spoofing" check methods can be executed by the following procedure using this system.

As an example of the method of the present invention, in a user terminal 1 connected to the Internet 9 shown in FIG. 1, a search engine serving as a collecting means for searching and collecting homepage information of a plurality of web sites, for example, a search engine made by Microsoft Corporation Software generally called a browser such as Internet Explorer or Netscape Browser of Netscape can be used. YAHOO, MSN, inf on the Internet from this collection means
The name of the business partner or the name of the business partner can be entered in the keyword box on the screen by using "oseek,""goo" or "Excite". Next, when the server 5 receives the search result, the collection HP combination processing means 4a connected to the central processing unit 4 can collect the searched homepage in the server 5. In addition, it is possible to execute a sorting process of rearranging the homepage searched by the corresponding company name or product name using each domain name. Furthermore, it is possible to execute a process of creating a combined file that is arranged and combined so as to eliminate a file whose content is duplicated in the sorted homepage information and to make it a single file.

In the embodiment of the present invention, the spoofing HP check system in the initial state does not accumulate black-and-white data. Therefore, the domain name of the requester is compared with the retrieved and collected homepage information to determine whether or not the two match. A process is performed to determine whether In this case, the check of the data of the synthesized file described above is omitted, but does not affect the effect of finding the “spoofing” website. In other words, in the second and subsequent processes, at least the “black-and-white determination file” created at the first time can be used.
It can be determined whether the data matches the domain name of the data. The information in the combined file can be used to compare each domain name of the homepage combined by the requester domain name check processing means 4c with the requester domain name and determine whether or not the two match. . In this case, the homepage information in the composite file that matches the requester domain name is determined to be “white”, and the website is in a normal use state. This homepage information can be registered and stored in the white file 5a. It is needless to say that other equivalent devices can be used for the white file 5a in a magnetic disk device or an optical disk device as long as digital information can be stored and reproduced. Also, the homepage information in the synthesized file that does not match the client domain name can branch to the next process. Here, the digital information is stored in the storage area of the homepage server in the center server 6 as undetermined information in which the black and white are not clear. Can be stored as Note that the illustrated white file 5a and black file 5b and unillustrated undecided files may be stored in physically independent disk devices or may be stored in partitions in a shared disk device, or may be stored in a shared disk device. Needless to say, each folder name may be used for distinction and stored.

The central processing unit 4 can execute an additional black and white judgment on the undecided file in the following processing. That is, JP
Whether or not it matches the attribute of the registered contents of the URL registration institution 6 such as NIC or ICANN can be processed by the institution information checking means 4d such as JPNIC. JPN
As a result of the registration content consistency check such as IC, the homepage information in the undecided file whose attribute is determined to match the registration content of the URL registrar 6 such as JPNIC is determined to be “white”, and is registered and stored in the white file 5a described above. can do. On the other hand, the homepage information in the undecided file whose attribute does not match the registered content of the registrar is further examined by the automatic judgment processing means 4e in accordance with the existence confirmation information 5f such as telephone directory data. , "Whether or not the URL is a branch URL", and "Whether or not the company attribute differs from the existence confirmation information" can be automatically executed. In the data of this processing result, in addition to the company name and the match / difference determination information, the existence confirmation status of the comparison result based on the telephone directory data, for example, the company name, telephone number, address, representative, and other information are additionally stored. Is done. In addition, this automatic processing generally belongs to a non-client procedure and can be executed without an instruction from an operator. However, according to an embodiment of the present invention, in addition to the automatic processing, "whether or not the company names match", " It is also possible to have the operator instruct interactively with the center server 5 three types of verification, that is, whether the URL is a branch URL or not, and whether the company attribute differs from the existence confirmation information. Then, as an example of the existence confirmation information 5f, there are telephone directory corporate data, map information, land, building, company corporate register, and the like.
East and West NTT database, company information, trademark in IPL database IPL, trademark on homepage, G
An IF file, a DrBell file, and the like exist, and information serving as a basis for obtaining more accurate information on a target company name and a product name from the check target 3 to be verified is collected into a single center server 5. Can be built. Furthermore, in one embodiment of the present invention, since a trademark search system capable of searching for a trademark posted on a homepage is provided, the user enjoys providing search results from the user terminal 1 via the Internet. be able to.

The above-described automatic judgment processing can be executed also on the registered white file 5a after processing the requester domain name consistency check and the registered content consistency check such as JPNIC. As a result of the automatic judgment processing by the existence check information check, if the automatic judgment has already been performed, the central processing center 1 performs the processing with “judgment; ,as well as,
“Presence status” can be registered and stored in the black file 5b. In addition, homepage check requester 1
0 or related institutions 8 such as the Fair Trade Commission or arbitration institutions
These black file data can be automatically transmitted by e-mail to the mail server.

On the other hand, the homepage information which has not been determined by the automatic determination can be additionally determined by manual visual inspection. The homepage information of the website determined as white by the visual inspection can be registered and stored in the white file 5a. On the other hand, the homepage information of the web site manually determined to be black can be registered and stored in the black file 5b, similarly to the automatically determined information. In this case, the electronic mail can also be automatically transmitted to the check requester 1 or the mail server of the related organization 8 for the information of the black determination. However, although e-mail is used as a part of the embodiment of the present invention, if the check requester 1 or the related organization 8 dislikes electronic mail, for example, registered mail or facsimile from the electronic delivery system performed by the Patent Office. Some requesters do not use e-mail because the e-mailed person can save the trouble of printing. In this case, it goes without saying that the effect of the present invention is not affected at all by changing to a means for automatically sending facsimile data instead of e-mail or sending mail by E-MAIL reception of the Ministry of Posts and Telecommunications.

The white file and the black file obtained in the embodiment of the present invention serve as basic data for a black-and-white file and domain name consistency check in the subsequent processing.

In the above embodiment, based on the integrity of the domain name of the website found using the search engine and the presence or absence of infringement of the trademark, the fraudulent act of pretending to be a company with high creditworthiness and opening the homepage Although the user is specified, the spoofed homepage is left untouched from the time the improper user causing free trade of the credit and causing the trademark dilution starts impersonating until the present invention is implemented, and the impersonation homepage is left untouched, e-commerce Will be detrimental to safety.
The inventor discloses a second embodiment here. In other words, by including a program to prevent unauthorized use such as "spoofing" in the homepage information stored in the server device of the homepage of a well-known company or the homepage of a portal site, when the spoofing homepage is activated, When the connection status is reached, the spoofed victim can be notified by e-mail. Hereinafter, embodiments of the present invention will be described in detail.

FIG. 3 is a configuration diagram of a reporting system for an unauthorized use website exemplifying the present invention. FIG. 3 shows a website 20 of a well-known listed company A, a personal computer 22 used by a person who plans an impersonation homepage, and homepage information of company A downloaded to the personal computer. Or tampering with the personal computer 2
2 shows a homepage server 24 of the company A's web site of “spoofing” that receives an upload of the homepage information of company A, and a manager 26 of the web site of company A that receives a report of the spoofing damage. When the homepage server device of the present invention is used, a netsurfer who has visited the website of the company A displays, on the screen of a personal computer used by the netsurfer, a Java Applet stored in the homepage of the web site 20. You can see the indication that this site is a legitimate site. For this reason, since it can be easily distinguished from the counterfeit site in the electronic commerce scene, the net surfer can acquire the desired product with ease. This is because the Java applet stored in the website operated on the website 20 is 1
By starting regularly from 0 minute interval to 1 day interval,
As a result of referring to the IP address of the homepage where the Java applet is stored and comparing it with the previously stored IP address, it is possible to verify whether or not the Java applet is operated on a legitimate server. This IP address is used as an identification code unique to a homepage server in the Internet technology, and at present, a server of the whole world can be identified by a 32-bit code. Therefore, an individual identification number is also assigned to the website 20 of the company A, which is a homepage server connected to the Internet. The central processing unit 4 in the server reads the identification code unique to the homepage server, for example, one or both of the IP address and the subnet mask from the server of the company A's website 20 and stores the Java applet as the homepage information storage area. It can be compared with predetermined information of an IP address or a subnet mask stored in advance in a program area to be stored or an area in which an HTML language for storing homepage information is described. And
When the middle processing device 4 for comparison outputs the coincidence information, it can be determined that the homepage is for regular use.
On the other hand, the homepage information of the company A that has been maliciously tampered with on the personal computer 22 is displayed on the website 2 of the company A '.
4, the Java applet is activated to read the IP address or the subnet mask code from the server of the web site 24, and to store the Java applet, which is the homepage information storage area, and the homepage information. Is stored in an area in which an HTML language for storing
It can be compared with predetermined information of the P address or the subnet mask. In this case, the Java applet can recognize the fact that the processing is being executed at a website different from the regular IP address or the subnet mask by the fact that the comparison result outputs mismatch information. As described above, when the Java applet determines that the homepage is illegally used, when the homepage server of the web site 24 of the company A 'is connected to the Internet, the determination result of the unauthorized use is used as the information on the homepage which has been illegally used, for example, IP. Along with the address, the subnet mask, the domain name, and the like, the mail can be automatically distributed to the administrator 26 of the website of the company A, which is the authorized homepage owner, using an electronic mail. This automatic notification means can use a unique mailing system even by using a commonly used hyperlink technology. In the present embodiment, an e-mail is used. However, any means for notifying the administrator of the website of Company A of the fact of unauthorized use can use the above-described facsimile transfer or the mail system based on the e-mail order. Needless to say. In addition, when the Java applet determines that unauthorized use has occurred, an alert such as "This site is unauthorized use" can be displayed on the homepage of the A 'company website. Therefore, it is possible to judge at a glance that the web site 24 of the company A ', which is the "spoofing" site accessed by the netsurfer using the search engine, is a fake, and the security of the electronic commerce can be secured. it can. However, the malicious tampering person must confirm that the tampered information is displayed as intended on the company A's website 24.
To check the display status of the homepage, only the above-mentioned automatic notification means using e-mail etc. without displaying the warning such as "This site is illegal use" exemplified in the present invention. Can also be used. In this case, the administrator of Company A's website that received the report 2
6 can immediately access the homepage of the website 24 of the company A 'and check the state of “spoofing”. In this case, an e-mail address for contacting a malicious tampering person is generally displayed or hyperlinked on the spoofing homepage, so that a warning letter can be transmitted to that address. In the present embodiment, the automatic notifying unit notifies the administrator 26. However, in the case of a homepage expressing a copyrighted work such as a painting, a work of art, or a text in addition to the electronic commerce, the automatic notifying unit directly notifies the copyright holder. Email can be sent from the means. Furthermore, it goes without saying that automatic notification can also be made to mail servers of public institutions such as the Fair Trade Commission.

FIG. 4 is a block diagram for explaining the operation of software exemplifying the present invention. In the upper part of FIG. 4, a home page 30 being created by Company A and a completed home page 32 already being used are illustrated. The lower part of FIG. 4 shows a state in which the exemplified homepages 30 and 32 are stored in the homepage server of the WWW server 34. The homepage 36 can store four agents, that is, Java applets, so as to be embedded therein, and the homepage is open to the world 38 online. The first cooperation program exemplified by the present invention will be described as A, and the second cooperation program will be described as B. These cooperative programs can change the comparison result of the above-mentioned comparison means from a regular signal to a signal of unauthorized use. By embedding at least two agents, it is effective when a malicious tampering person finds an unauthorized use prevention function program and deletes the agent of A. That is, since the agent of B remains without being found on the homepage 36 of the website of the company A ', the agent of the second cooperative program, the agent of B, searches for the agent of A at the stage of uploading to the homepage server. Beginning, result A
If it is determined that this agent has been deleted, the determination result of the above-described determination means can be changed from regular to unauthorized use. These agents can be downloaded without limitation to the personal computer 22 that has downloaded the homepage 36 and can be stored in the personal computer 22.
2 is software that can be uploaded to the homepage server. Although the personal computer 22 is slightly different from the homepage server in a strict sense, the personal computer 22 technically has the function of a homepage server for distributing homepage information when viewed from the website 24 of Company A '. In this sense, unless the access to the personal computer 22 is restricted by an intranet management system such as a gateway or a proxy server, the personal computer 22 operates at the stage where the falsified “spoofing” homepage information is connected to the Internet and the agent functions to prevent unauthorized use. The fact can be reported to the company A web administrator 26 through the reporting means. In this embodiment, the first cooperative program has been described as the agent of A and the second cooperative program has been described as the agent of B. However, it is needless to say that the reverse configuration does not affect the effect of the present invention. Not even.

FIG. 5 is a block diagram for explaining the operation of software exemplifying the present invention. The relationship between the agents A, B, C, and X stored in the home page of the www server 34 can detect the impersonation of the home page while exchanging messages with each other. Since a malicious tamper may find and delete the spoofing prevention function program, each agent operates to periodically determine whether or not another agent has been deleted. After confirming that the other agents A, B, and C have not been deleted, the agent X shown in the drawing has a conditional Java applet or GIF encoder so that the name of the sunflower company or the graphic trademark 40 is displayed on the homepage. Can function as FIG. 6 is a block diagram for explaining the operation of software exemplifying the present invention. This shows the configuration of the remaining agents when a malicious alterator discovers and deletes the agent C. Agent X exchanges messages with agent A and agent B, but as a result of the search, cannot exchange messages with agent C. The agent X can determine that the agent of C has been deleted and prohibit the display of the above-mentioned sunflower company name and the sunflower company's graphic trademark on the homepage. FIG. 7 is a software block diagram illustrating the present invention. FIG. 2 is a configuration diagram of agents. Since the agents A, B, C, and X are all confirmed in the home page information by the message exchange between the agents, all the agents do not send instructions to the carry. In this embodiment, the carry corresponds to a supervisor of an operating system that manages a homepage. The instruction is a code for reporting the fact of unauthorized use. This code is information for inhibiting the above-described Java applet or GIF encoding. FIG.
FIG. 2 is a software block diagram illustrating the present invention. Agents A, B, and X cannot exchange messages with C's agent because C's agent was discovered and deleted by a malicious tamper. Therefore, all of the remaining three agents A, B, and X can transmit an instruction to regulate the encoding of the Java applet or the GIF to the carry. FIG. 9 is a software block diagram illustrating the present invention. The agents A, B, C, and X can periodically refer to the currently stored IP address of the homepage server, for example, IP1, and determine whether or not they match the initially programmed reference code. Since the illustrated IP1 matches the initial reference code, the agents A, B, C and X do not send a prohibition command to the carry, so that the above-mentioned company name and graphic trademark can be displayed on the homepage. On the other hand, FIG. 10 shows a configuration in which a home page is copied and uploaded to another home page server. FIG. 10 is a software block diagram illustrating the present invention. This aspect is the operation of each agent in the impersonation site during unauthorized use. That is, agents A, B, C, and X can obtain IP2 by referring to the IP address of the homepage server of the spoofing site. Since the IP address of the initially programmed reference code is IP1, This is clearly different from the currently acquired IP2. Therefore, each of the agents A, B, C, and X can transmit a control command to the carry, and can control the display processing of the genuine company name and the graphic trademark. FIG. 11 is a software block diagram illustrating the present invention. It is a block diagram of a carry. When the carry 42 receives the command from the agent, the current “year / month / day / hour / minute / second”, the “IP address” and “domain name” of the spoofing site, and the “event contents” of any of the agent missing or the change of the IP address are stored in A. This can be automatically notified to the administrator 26 of the company's web site via e-mail. In the present embodiment, the IP address can be implemented with a full path IP address, a global address, or a subnet mask.

FIG. 12 is a flowchart of an alarm flow illustrating the present invention. FIG. 12 shows a GIF screen 44 downloaded from a part of the display screen of the homepage of the sunflower information corresponding to the company A and processed by a maliciously tampered or diverted person.
A falsified person, etc., processes the homepage information to be used illegally, uploads it to the homepage server 48 of company A 'using a file transfer program such as FTP, and then accesses the homepage server 48 by a well-meaning netsurfer. GIF of sunflower information
Image 44 is the missing GIF image 5 missing from the homepage
In addition to being displayed as 0, an alarm mail can be automatically transmitted via a mail server to a personal computer 52 owned by a web administrator of Company A, for example, Kenichiro Imai. In other words, even if the person who misuses intentionally wants to display the trademark of Company A on the spoofing site, the embodiment of the present invention can regulate the display of the original trademark. Moreover, it is also possible to take legal action early to warn trademark owners of the appearance of spoofing sites so as not to leave the spoofing sites, while ensuring the safety of commercial transactions even against good-willed Internet surfers This is a technology that can ensure the justice and fairness of the e-commerce society. In the present embodiment, each agent exchanges messages. However, the following agent configuration does not affect the effects of the invention in place of the message exchange which is a part of the configuration requirements of the present invention. In this embodiment, the electronic mail is sent to Kenichiro Imai's personal computer 52. However, there are cases where Kenichiro Imai is absent and cannot see the report. In this case, in another embodiment of the present invention, the mail server of Kenichiro Imai analyzes the e-mail received within a predetermined time, for example, within 1 minute to 10 minutes after the reception of the notification e-mail, and uses the mail based on the notification information. Automatic access means for automatically accessing the home page inside can be provided. The homepage information of the spoofing site obtained by the automatic access means cannot be re-edited, for example, AcrobatReader.
After converting to a file that can be restricted from being rewritten as displayed in, or converting it to a file that itself destroys itself when edited, the converted file is converted to digital information on a medium such as a magnetic disk or non-rewritable optical disk. Can be fixedly recorded. The information fixedly stored in this medium can be expected to be used as a document of a trial in the future, and at least can be used as a bargaining material for a maliciously tampered person. In this embodiment, since the mail server is intended to enter the homepage server of the spoofing site, the mail server is used in a meaning included in the category of the homepage server device with an unauthorized use prevention function.

FIG. 13 is a block diagram of a server device illustrating the present invention. The WWW server 60 is a Java applet 62, 64, 6
6, 68. The Java applet is downloaded to a personal computer on the side of a viewer when accessed by a net surfer, and has a function of exchanging messages with each other. These Java applets are stored in a homepage information 70 described in the HTML language stored in the server 60, for example, a file 72 having a predetermined file name such as "index.html" stored in an area permitted to be accessed from the outside via the Internet. The startup can be controlled by the use definition body of the applet defined internally. FIG. 14 is a software flowchart illustrating the present invention. The flow shown in FIG. 14 includes a step 80 in which the program is started from the time when the homepage is browsed by accessing from the Internet, a step 82 in which the representative applet monitors whether another definition is missing, and a step 82 in which the other applet is monitored. If the URL is missing, the process branches to step 84 and the homepage server 60
Step 86 of activating the common gateway interface CGI using the IP address and domain name as information and ending the process while obtaining the IP address and domain name of the server, and Step 82 if no other definition bodies are missing. Branch to step 88 to obtain the IP address of the server 66 where each applet is currently stored, compare it with the programmed code and verify it 8
8, a step 90 for branching when the IP address matches the code, a step 91 for each applet to periodically continue the monitoring process, and a step 88 to step 92 when the IP address does not match. Although not shown, after obtaining the IP address and the domain name of the server 60, it has a step 94 for starting a CGI for transmitting the information to the outside and a step 96 for ending the processing. Further, the process terminated from Steps 86 and 96 shifts to Step 98 for transmitting an e-mail using CGI, and the IP address and domain name of the obtained unauthorized user's homepage are A.
The method also includes a step 100 of receiving a call to the mail server of the web administrator 26 of the company. According to the embodiment of the present invention, the company name and the trademark of the GIF image are downloaded from the homepage server of the website 20 of the true owner. However, the display of the company name and the trademark on the screen of the personal computer on the net surfer side is performed. Instead of making it possible, the storage of the homepage may be restricted. For example, a known configuration such as a homepage of the United States Patent and Trademark Office or the Japan Patent Office can be used.

In this way, the Java applets are configured to verify the IP address of the home page server in order to prevent unauthorized use, and to monitor alterations or spoofing by monitoring the absence of other Java applets. Other embodiments can be used to implement
That is, the Java applet determines whether the number of characters of the home page information described in the HTLM language is different from the original, or whether the line described in the HTML language is analyzed line by line and a hash function is generated to determine whether the number is different from the original. You can also. Furthermore, it is also possible to analyze the HTML language description line by line and execute a sum check of the number of characters.
As described above, any means capable of detecting a difference from the original and preventing unauthorized use thereof will not affect the effects of the present invention even if replaced with other means.

FIG. 15 is a block diagram of a system illustrating the present invention. The homepage server 110 includes an area 112 accessed from outside via the Internet,
A domain name and an IP address are acquired in the area 112, and a timer function is used to periodically verify whether or not tampering has been performed. Also, a plurality of cooperative programs can be included in the homepage information. The cooperative program 116 is generally called a good virus, and can display a character trademark, an image trademark, and the like of the owner of the homepage on the homepage using GIF. If the good virus 1 determines that the homepage has not been falsified, the GIF image can be read from the external non-entry area 114 and the data can be expanded. The good virus 2 can also periodically monitor whether the good virus 1 has been deleted. According to the present embodiment, if a malicious hacker hacks the home page server 110 of the true owner and falsifies the home page, and illegally uses the home page such as obscene contents, slander, false display, etc., it immediately becomes the true owner. E-mail can be used to automatically report hacking facts. Also, the homepage server 110
Disconnect the Internet line while displaying the contents of the homepage being viewed by the net surfer accessing the screen, then save the contents of the displayed homepage to a personal computer, falsify and upload it to the spoofing site At that point, it is connected to the Internet, and the good virus 1 and the good virus 2 contained in the falsified homepage information function as a cooperative program, so an e-mail notification is sent to the web administrator of the company A, which is the true owner. can do.

FIG. 16 is a block diagram of a system illustrating an embodiment of the present invention. Web server 120, 1
22 stores digital information of a legitimate homepage. The stored home pages can be browsed via the Internet using personal computers 124 and 138 of ordinary viewers.
In addition to 0 and 122, it is also possible to browse on a mobile terminal such as a mobile phone or PHS. In these homepages, domain names, IP addresses and contents of contents are being automatically collected by spider means generally called a search robot. For example, Goo, Yahoo, i
nfoseek exists. In the above-described embodiment, the homepage copied to the falsification or another web server is configured to be notified to the authorized owner of the fact.
In this embodiment, a falsified or illegally used homepage is downloaded to automatically check for tampering,
The altered portion can be confirmed on the computer display. In the homepage stored in the web server 120, a digital watermark and an unauthorized use detection program called a buster are included in advance. The digital watermark includes information of a public key cryptosystem or a common key cryptosystem used by an electronic information authentication system, and the result of raising the integer data to a power is a large integer n, for example, a 128-bit or 32-bit binary. The remainder divided by the information can be used as an encryption key. The buster detects a state in which an illegally used homepage is connected to the Internet environment, determines whether the IP address or the domain name is different, detects the illegal use, and notifies the authorized owner. If the malicious reader has the IP address "1, 2,
When the user browses the homepage in the web server 120 of "3, 4", downloads it to his / her personal computer, and then uploads it to the web server 126 whose IP address is "5, 6, 7, 8" in the same content state In a state where the web server 126 is constantly connected to the Internet environment, a buster is activated after a predetermined machine cycle elapses and a notification is sent to the authorized homepage owner as in the above-described embodiment.
This means that although the legitimate IP address is "1, 2, 3, 4", the illegally uploaded IP address is "5,
6, 7, 8 ". Although this difference can be determined by the buster and automatically notified to the official homepage administrator, in the present embodiment, the computer network controller CNC 130 comprising a digital computer receives this notification and automatically The user can access the URL address of the copied homepage that has been illegally used and download the homepage into the CNC. The access to the URL address from the reception of the notification may be performed in real time, or may be periodically checked at predetermined intervals.

In the present embodiment, the aspect in which the content is used as it is without alteration on another web server has been described. However, the embodiment of the present invention is also effective for altering a homepage. Is explained. That is, if a malicious browser alters the downloaded homepage, such as modifying it, and uploads it to the web server 122 with, for example, a change to disable or completely delete the digital watermark or buster, , The buster is activated 128 when someone views the falsified homepage in the web server 122, and the software program can execute the same processing as described above. On the other hand, when the buster is in the disabled state, the notification function does not work, and there is a possibility that the falsified use may be in the notification state. In this case, a search robot, which is a general spider machine, must periodically search for similar homepages manually to determine whether it is a falsified homepage. Therefore, in the embodiment of the present invention, for example, whether or not the cipher of the digital watermark in the searched homepage matches the encryption corresponding to the legitimate homepage, a public key such as a common key cryptosystem or RSA is used. It can be programmed to verify using cryptography and to display a mosaic or shaded mark on the tampered portion. As described above, according to the embodiment of the present invention, it is determined whether the IP address has been changed but the contents of the home page have been left unchanged, or that the IP address and the contents of the home page have been changed. be able to.

FIG. 17 is a front view of a homepage altered by a malicious reader. Web server 122 or 1
The fake homepage uploaded to 26 includes a picture 142 of the copied building, a picture 140 of the bird added by falsification, and "Oki Digital Watermar".
The character 141 of “k Technology” is configured to be displayed on a computer display.
The general viewers 124 and 138 cannot distinguish between fake and genuine products, which may impair the security of e-commerce.
FIG. 18 is a front view in which a falsified homepage, which illustrates an embodiment of the present invention, is displayed as an alert. The falsified part is verified by the digital watermark, and information 14 of the part where the encryption does not match.
Shading processes 144 and 145 are performed on 0 and 141 to visually notify the user of a warning. This program is, for example, Regio currently under development.
It can be implemented by an application program called n Editor Viewer. In addition to the visual notification, a program may be made to generate a destructive notification sound such as a bell or a buzzer. The OK button 146 located at the bottom of the figure is a GUI that the user clicks with a pointer such as a mouse when recognizing the tampering. By operating the button 146, information of the displayed home page, for example, an IP address, a domain name, a URL, a displayed date and time, and an alert mark of a falsified portion can be stored in the storage device of the digital computer. This can be used as evidence of tampering. FIG. 19 shows the contents of the official homepage.

The contents disclosed by the inventor will be described below. A digital watermark (including one of the pair keys) must be created on the homepage before conducting a homepage patrol using a digital watermark.
Incorporate. It is a program that is built in to improve the security of the websites of famous companies, organizations and governments. If a malicious third party copies the homepage without permission and uses or partially falsifies this homepage, or if it is tampered with, the evidence of unauthorized use of this homepage will be sent to the electronic watermark embedded in the homepage. It can be proved by a pair key. The proof method is to incorporate a unique digital watermark into the entire homepage or a part of the display of each homepage. Then, if a third party is tampered with, it is programmed to detect the domain name and IP address of this tampered homepage. In addition, a falsified homepage can be recorded, and the recorded falsified homepage is determined by a falsification detection program as to whether or not a digital watermark of a legitimate homepage is present. Furthermore, the recorded falsification homepage and falsification detection program can be programmed to display the falsified portion with a pair key and visually confirmed, or automatically confirmed by a computer program. In this case, in response to the activation of the falsification alert display, the computer can be programmed to branch to the falsification evidence maintenance processing. Further, a program processing for automatically notifying the authorized homepage establisher of the fact of falsification detection can also be performed.

It should be noted that the agent of the present invention is not limited to the illustrated example described above, and it is needless to say that various changes can be made without departing from the gist of the present invention.

[0034]

As described above, according to the homepage tampering detection device and the software of the present invention, it is possible to prevent the occurrence of a spoofing site, and even if a spoofing site appears, the electronic owner will be able to obtain the electronic information. This can be an excellent effect of being able to make a report, and even automatically entering an impersonation site and preserving evidence.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a conventional violation homepage site detection system.

FIG. 2 is a block diagram of a spoofing homepage check system illustrating the present invention.

FIG. 3 is a configuration diagram of a reporting system for an unauthorized use website exemplifying the present invention.

FIG. 4 is a block diagram illustrating the operation of software exemplifying the present invention.

FIG. 5 is a block diagram illustrating the operation of software exemplifying the present invention.

FIG. 6 is a block diagram illustrating the operation of software exemplifying the present invention.

FIG. 7 is a software block diagram illustrating the present invention.

FIG. 8 is a software block diagram illustrating the present invention.

FIG. 9 is a software block diagram illustrating the present invention.

FIG. 10 is a software block diagram illustrating the present invention.

FIG. 11 is a software block diagram illustrating the present invention.

FIG. 12 is a flowchart of an alarm flow illustrating the present invention.

FIG. 13 is a block diagram of a server device illustrating the present invention.

FIG. 14 is a software flowchart illustrating the present invention.

FIG. 15 is a block diagram of a system illustrating the invention.

FIG. 16 is a block diagram of a system illustrating the invention.

FIG. 17 is a front view of a falsified home page illustrating the invention.

FIG. 18 is a front view of a falsified home page illustrating the invention.

FIG. 19 is a front view of a regular home page illustrating the present invention.

[Explanation of symbols]

 Reference Signs List 1 User terminal 2 Central processing center 3 Check target 4 Central processing unit 5 Center server 6 URL organization 7 Information providing server 8 Related organization 9 Internet 68 Java applet 70 Homepage 72 HTML language list 110 Establishing server 112 Homepage 114 Homepage 114 Entry area 116 Cooperation program 120, 122, 126 Web server 124, 138 Personal computer of viewer

Claims (4)

[Claims] 1. A digital computer connected to a communication network for browsing a home page, comprising: means for reading collated information from digital information of the home page being browsed; Means for comparing the web page being viewed, if the comparison result is determined to be inconsistent, and unauthorized use of the page being viewed is determined, and if the comparison result is determined to be inconsistent, falsification of the page being viewed is performed. A homepage tampering detection device that includes a determination unit that performs determination. 2. The homepage tampering detection device according to claim 1, further comprising means for displaying a mark on the computer display of the tampered portion when the tampering determination is detected. 3. A software program executed by a digital computer having a step of connecting to a communication network and a step of browsing a home page, the information acquisition for reading collated information from digital information of the home page being viewed. A step of comparing the information to be verified with the verification information unique to the official homepage; and determining that the homepage being viewed is illegally used when the result of the comparison is determined to be consistent. A determination step of determining whether the home page being browsed has been tampered with when it is determined to be inconsistent. 4. The method according to claim 3, further comprising a step of displaying a mark on the computer display of the tampered portion when the tampering determination is detected.
Website alteration detection program described in section.