JP2009237949A - Communication repeater, web terminal, mail server device, e-mail terminal and site check program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To detect an illegal web page so as not to damage convenience during web browsing. <P>SOLUTION: This communication repeater is a device that is connected to a web server as a substitute for a client terminal with a web browser mounted thereon. The communication repeater acquires a web page (target page) 200 requested by the client terminal from the web server and transmits the web page to the client terminal. It also acquires a web page (anticipatory page) 208 of a link destination set in the target page 200 and determines whether contents of the anticipatory page 208 is suitable for display. When it is not suitable, it warns the client terminal that "an illegal page exists if following the link of the target page". <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a technique for detecting an unauthorized site such as a phishing site.

  The number of websites opened on the Internet is said to have exceeded 100 million in 2006. While the amount of electronic information disclosed by websites is steadily increasing, websites opened for fraud (hereinafter referred to as “illegal sites”) are becoming a social problem. An example of an unauthorized site is a phishing site.

Typical scam tricks by phishing sites are as follows:
1. First, a fake web page imitating a bank A web page is published.
2. An e-mail in which the URL (Uniform Resource Locator) of such an unauthorized web page (hereinafter referred to as “illegal page”) is described is distributed to an unspecified majority.
3. User B who has received this e-mail believes that it is a “notice” from bank A, accesses an unauthorized page, and enters personal information such as an account number and a personal identification number.
4). The operator of the phishing site thus obtains the personal information of the user B illegally and withdraws cash from the user B's account.
JP 2002-215482 A JP 2007-11626 A JP 2006-338086 A

  Various measures are being taken to prevent damage to phishing sites. For example, efforts are being made to prevent registration of URLs that are confused with URLs of famous banks, to notify providers as soon as a phishing site is found, or to inform general users of the phishing scheme itself. However, the problem of phishing scams is so serious that it cannot be dealt with by such steady efforts alone.

  The present invention is an invention completed based on the above-mentioned problems, and its main object is to provide a technology for efficiently discovering unauthorized sites while considering the convenience of the user when browsing the web. It is in.

An embodiment of the present invention relates to a communication relay device connected to a web server as a proxy for a client terminal equipped with a web browser.
This apparatus acquires a web page (target page) requested by a client terminal from a web server and transmits it to the client terminal. Further, a linked web page (preceding page) set in the target page is also acquired, and it is determined whether the content of the preceding page is suitable for display. When it is not suitable, the client terminal is warned that “an illegal page exists when following the link of the target page”.

Another aspect of the present invention relates to a web terminal.
This web terminal acquires not only the target page but also the preceding page of the link destination set in the target page, and determines whether the content of the previous page is suitable for display. When it is not suitable, a warning is displayed on the screen that “an illegal page exists when following the link of the target page”.

Still another embodiment of the present invention relates to a mail server device.
This apparatus acquires a web page (preceding page) set as a link destination in the body of an e-mail received from the outside, and determines whether the content of the preceding page is suitable for display. If it is not suitable, the client terminal is warned that “an illegal page exists when following an email link”. Alternatively, such an e-mail may be discarded.

Yet another embodiment of the present invention relates to an electronic mail terminal.
This e-mail terminal acquires a web page (preceding page) set as a link destination in the body of an e-mail received from the outside, and determines whether the content of the preceding page is suitable for display. If it is not suitable, the client terminal is warned that “an illegal page exists when following an email link”.

Still another aspect of the present invention relates to a communication relay device connected to a web server as a proxy for a client terminal equipped with a web browser.
This apparatus acquires a web page (target page) requested by a client terminal from a web server and transmits it to the client terminal. When an interface for downloading a program file of a predetermined format is set in the linked web page (previous page) set in the target page, the program file is inspected. If the program file is not suitable for downloading, the client terminal is warned that “an illegal download page exists when the link of the target page is followed”.

  It should be noted that any combination of the above-described components, and the present invention expressed by a method, system, recording medium, and computer program are also effective as an aspect of the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes easy to detect an unauthorized site efficiently, maintaining a user's convenience at the time of browsing a web page.

FIG. 1 is a schematic diagram for explaining the relationship between a target page and a preceding page.
A client terminal such as a personal computer or a mobile phone acquires a desired web page from an external web server and displays it on the screen. Hereinafter, such a web page to be acquired and displayed is particularly referred to as a “target page”.

Usually, a “link (hyperlink)” is set in a web page. For example, in the web page 200 shown in the figure, three links 202 called links 202a, 202b and 202c (hereinafter simply referred to as “link 202”) are set. In the case of the link 202a, an image icon imitating the letter “N” indicates the presence of the link. When the link 202a is clicked, a new web page 208a is acquired and displayed as the target page. On the other hand, in the case of the link 202b and the link 202c, the character strings “register now” and “recommended” indicate the presence of the link. When the link 202b is clicked, the web page 208b is acquired and displayed as the target page. When the link 202c is clicked, the web page 208c is acquired and displayed as a target page.
Hereinafter, such icons and character strings indicating the existence of links are referred to as “link objects”.

  Three links are also set in the web page 208c shown in the figure, and are linked to the web pages 210d, 210e, and 210f, respectively. Of these, web pages 212h, 212i, 212j, and 212k are further connected to the web page 210f. In this way, the web pages are hierarchically connected by “links”.

  A web page directly connected to the target page by a link set in the target page is referred to as a “first layer”. In the case of the figure, when the web page 200 is the target page, the web pages 208a to 208c form the first hierarchy. Further, a web page connected to the first-level web page by linking the first-level web page is referred to as a “second-level”. In the figure, the web pages 210a to 210f form the second hierarchy. The second hierarchy is a web page group that is reached by following a link from the target page in two stages. Similarly, the web pages 212a to 212f in the figure form the “third hierarchy”. The same applies to the fourth and subsequent layers.

  A web page that can be reached from a target page by following a link at a predetermined level is called a “preceding page”. When the web page 200 is the target page, the web pages 208a, 208b, 208c, 210a, ..., 210f, 212a, ... 212k, ... are all preceding pages of the web page 200. When the web page 200 is a target page, the preceding page is a web page that is likely to be selected as the next target page. The preceding page of the first hierarchy is highly likely to be selected. For this reason, if there is an unauthorized page in the preceding page, the user is approaching danger.

  Therefore, if it is determined in advance whether or not the preceding page is an unauthorized page and a warning is given to the user in advance, it becomes easy to prevent damage caused by an unauthorized site. Whether or not the web page is an unauthorized page is determined by whether or not the web page meets the “predetermined acceptance criteria”. Such a determination is called “pass / fail determination”. If it fails, it is treated as an illegal page.

  For example, a web page that does not include an interface for inputting personal information such as a credit card number or name is unlikely to be an unauthorized page. Therefore, a web page that does not include such an input interface is accepted. On the other hand, a web page not provided with security such as SSL (Secure Socket Layer) while having an interface for inputting personal information is highly likely to be an unauthorized page. Such web pages are rejected. Further, even if SSL security is applied, the suspicion of an illegal page remains when the certificate authority of the digital certificate is an anonymous certificate authority. Any web page that the user has visited many times in the past may be safe. On the other hand, when the nationality in which the web server is installed and the display language of the web page provided from the web server are different, there is a high possibility that the web page is an illegal page. For example, it is necessary to be careful when a Japanese web page is provided from a Korean website. Furthermore, websites with URLs that are confused with famous URLs such as banks and government agencies are likely to be fraudulent sites. The pass / fail judgment is executed from such various viewpoints.

In the following, in order to simplify the explanation, “a web page that does not have an interface for inputting personal information” and “an interface for inputting personal information are provided, but security is provided by SSL and an existing one is provided. It is assumed that “a web page specified by a URL that is not similar to the URL group” is determined to be acceptable, and other web pages are determined to be unacceptable.
In addition to this, various acceptance criteria can be set. For example, whether or not a word that appears in a web page is likely to appear on a fraudulent page using natural language analysis techniques such as the Bayesian Filter method that is often used to determine spam mail Thus, pass / fail may be determined.

In the following, first, as a first embodiment, when a certain web page is displayed as a target page, the preceding page is also acquired in advance, and the pass / fail judgment of the preceding page is performed, thereby preventing damage to the unauthorized site. How to prevent it will be described.
Next, as a second embodiment, when an e-mail intended to be attracted to a predetermined web page is received, it is illegal to execute pass / fail judgment of the web page or a web page connected to the destination. Explain how to prevent damage to the site.
Finally, as a third embodiment, when a certain web page has an interface for downloading a program file (hereinafter simply referred to as a “program”), the program is acquired in advance, and this program determines the behavior of the client terminal. A method for preventing damage such as a computer virus by checking in advance whether the program is an unauthorized program that has an adverse effect will be described.

  A download button 204 is set on the web page 200 shown in FIG. When the download button 204 is clicked with the mouse, the program file 206 is downloaded. However, this program file 206 may be an unauthorized program. Therefore, when a download interface is set on the web page, the client terminal is prevented from being damaged by downloading the program in advance and checking in advance whether the program is an unauthorized program.

[First embodiment]
FIG. 2 is a hardware configuration diagram in the first embodiment.
In the first embodiment, a description will be given of a method for preventing damage to an unauthorized site by determining whether the preceding page is acceptable or not and warning the user when the page is an unauthorized page. For example, in an electronic bulletin board or a weblog (blog), a link to another web page may be set. These links are often set for reference and advertising purposes, but may also be set for the purpose of attracting unauthorized pages. In addition, a link is often set so that an illegal page appears two or more layers ahead of a web page forming an electronic bulletin board or the like.
In the first embodiment, when the user of the client terminal 160 is browsing an electronic bulletin board or the like as a target page, the user does not know by executing pass / fail judgment of the preceding page set in the electronic bulletin board. Prevent access to unauthorized pages.

  The execution subject of the pass / fail determination may be the client terminal 160 or the communication relay device 100 connected to the Internet 302 on behalf of the client terminal 160. In relation to FIGS. 2 to 6, as the first embodiment-1, first, an aspect in which the communication relay device 100 performs the pass / fail determination will be described. Then, with reference to FIG. 6, the aspect which performs a pass / fail determination in the client terminal 160 is demonstrated as 1st Example-2.

  The web servers 300a, 300b, and 300c (hereinafter simply referred to as “web server 300”) provide the client terminal 160 with web pages in HTML (HyperText Markup Language) format or XHTML (Extensible HyperText Markup Language) format. Web server 300 is connected to the Internet 302. The communication relay device 100 is connected to the Internet 302 as a proxy for the client terminal 160. Client terminals 160 a, 160 b, and 160 c (hereinafter simply referred to as “client terminal 160”) connect to the Internet 302 via the communication relay device 100 and acquire web pages from each web server 300. The communication relay device 100 may be connected to the Internet 302 as a firewall or a gateway.

First Example-1: Pass / Fail Determination by Communication Relay Device 100 FIG. 3 is a functional block diagram of the communication relay device 100 according to the first example-1.
Each block shown here can be realized in hardware by an element such as a CPU of a computer or a mechanical device, and in software it is realized by a computer program or the like. Draw functional blocks. Therefore, those skilled in the art will understand that these functional blocks can be realized in various forms by a combination of hardware and software. The same applies to the functional block diagrams of FIGS. 7, 9, 10, and 12.
Here, the function of each unit will be mainly described, and their cooperation, data structure, and operation will be described in detail with reference to FIG.

The communication relay device 100 includes a communication unit 110, a data processing unit 120, and a data holding unit 140.
The communication unit 110 is responsible for communication with the client terminal 160 and the web server 300. The data processing unit 120 executes various data processing based on data acquired from the communication unit 110 and the data holding unit 140. The data processing unit 120 also serves as an interface between the communication unit 110 and the data holding unit 140. The data holding unit 140 is a storage area for holding various data.

Communication unit 110:
The communication unit 110 includes a request reception unit 112, a target page acquisition unit 114, a warning unit 116, and a preceding page acquisition unit 118. The request receiving unit 112 receives a web page acquisition request from the client terminal 160. This acquisition request includes the Web page to be acquired, that is, the URL of the target page. The target page acquisition unit 114 acquires the target page from the web server 300 with reference to this URL, and transmits it to the client terminal 160. In this way, the client terminal 160 acquires and displays the target page via the communication relay device 100. The preceding page acquisition unit 118 acquires the preceding page from the web server 300. The warning unit 116 displays a warning on the screen of the client terminal 160 when an illegal page is included in the preceding page.

Data processing unit 120:
The data processing unit 120 includes a preceding address detection unit 122, a suitability determination unit 124, a risk level update unit 130, a pass ID registration unit 132, and a pass address registration unit 134. The preceding address detection unit 122 detects the address of another web page linked to a certain web page, in other words, the URL of the web page. The preceding address detection unit 122 detects the preceding page of the first hierarchy, and further detects the preceding pages of the second hierarchy and the third hierarchy. The preceding page acquisition unit 118 of the communication unit 110 refers to the URL thus detected and acquires the preceding page.

The suitability determination unit 124 performs pass / fail determination of a web page. The suitability determination unit 124 includes a temporary determination unit 126 and a correct determination unit 128. The pass / fail judgment is executed in two stages, “provisional judgment” and “correct judgment”. The temporary determination unit 126 performs a temporary determination, and the positive determination unit 128 performs a positive determination.
Temporary determination: “Web page that does not have an interface for inputting personal information” is determined to be acceptable. “A web page that includes an interface for inputting personal information and is also secured by SSL” is determined to be “provisionally successful”.
Positive determination: executed for a web page determined to be provisionally passed. If it is “a web page with a URL that is not similar to any of a plurality of well-known URLs registered in advance”, it is determined as a final pass, otherwise it is determined as a failure.
Thus, the provisionally acceptable web page is re-examined by the correctness determination unit 128. The provisional pass means “a state where there is a high possibility that the page is not an illegal page but the verification is insufficient to determine that the page is not an illegal page”. The reason for executing the two-stage pass determination will be described in detail later with reference to FIG.

  The risk level update unit 130 appropriately updates the “risk level table” that defines the relationship between the link object and the “risk level” that is the probability of reaching the unauthorized page from the link object. Details will be described later with reference to FIG.

  The pass ID registration unit 132 registers, in the pass data holding unit 142, the ID of the web page that has been determined to pass by the suitability determination unit 124 as “pass ID”. In addition, the pass address registration unit 134 registers, in the pass data holding unit 142, an address including a predetermined percentage or more of web pages determined to pass as a “pass address”. Details will be described later with reference to FIG.

Data holding unit 140:
The data holding unit 140 includes a pass data holding unit 142 and a risk holding unit 144. The data structure of the acceptable data holding unit 142 will be described later with reference to FIG. 4, and the data structure of the risk holding unit 144 will be described later with reference to FIG. The data held by the risk holding unit 144 is particularly called a “risk level table”.

FIG. 4 is a data structure diagram of the pass data holding unit 142.
The address column 146 shows a URL as an address on the Internet. A page column 148 indicates a web page belonging to the corresponding address indicated in the address column 146. For example, an address “ap.co.jp/ax/m1.html” belongs to an address “ap.co.jp/ax”. The pass / fail column 150 indicates pass / fail of the web page shown in the page column 148. The determination date / time column 152 indicates the execution date / time of the pass / fail determination.

  The web page “m1.html” belonging to “ap.co.jp/ax” is determined as “pass” as a result of the pass / fail determination executed at 13:50 on February 1, 2007. On the other hand, the pass / fail determination is not executed for the web page “m4.html” belonging to the same “ap.co.jp/ax”. The web page “n1.html” belonging to “kt.co.jp” is determined as “failed” as a result of the pass / fail determination executed at 11:56 on January 31, 2008. The suitability determination unit 124 updates the contents of the pass data holding unit 142 every time the pass / fail determination is executed.

  When it is determined that a certain web page A is passed, the pass ID registration unit 132 registers the URL of the web page A as a pass ID in the pass data holding unit 142. For example, when “m1.html” is determined to pass, setting the corresponding field in the pass / fail field 150 to “pass” corresponds to “registration as a pass ID”. On the other hand, if another web page B is determined to be rejected, the URL of this web page B is registered in the pass data holding unit 142 as a fail ID. For example, when “n1.html” is determined to be rejected, “failing” the corresponding field in the pass / fail field 150 corresponds to “registration as a fail ID”.

A web page once registered as a pass ID (hereinafter referred to as “pass page”) is treated as a “pass page” even if the pass / fail determination by the suitability determination unit 124 is not executed again. For example, when “m1.html” that is a pass page is selected again as a determination target, the suitability determination unit 124 determines “pass” without performing pass / fail determination on “m1.html”. That is, if the pass / fail determination is executed even once, the processing load of the communication relay device 100 accompanying the pass / fail determination is reduced by respecting the result of the pass / fail determination executed previously. The same applies to web pages registered as failure IDs (hereinafter referred to as “failed pages”). For example, when “n1.html” which is a reject page is selected again as a determination target, the suitability determination unit 124 determines “fail” without performing pass / fail determination for “n1.html”.
A web page that is neither a pass page nor a fail page is called a “neutral page”. In the case of the figure, “m4.html” is a neutral page.

  Some fraudulent sites provide a fraudulent page only during a predetermined time of the day and other harmless web pages during other times. This is considered to be for avoiding the detection as an unauthorized site. When considering the existence of such special fraudulent sites, it is better to perform pass / fail judgment periodically even after it is determined to be a passing page. Therefore, the pass ID registration unit 132 invalidates registration as a pass ID for a pass page for which a predetermined valid period has elapsed from the execution date and time of the pass / fail determination. For example, the pass / fail column 150 of the pass page where “2 months” has passed since the pass / fail judgment date and time is set to “neutral”. Since the pass / fail judgment date of “m1.html” was “13:50 on February 1, 2007”, the pass is invalid at “13:50 on April 1, 2007”, and the pass / fail column 150 is “ The setting is changed from “Pass” to “Neutral”. By adjusting the length of the effective period, it is possible to balance the reduction of the processing load associated with the pass / fail determination and the improvement of the detection rate of the special fraudulent site as described above.

When detecting the address of “m1.html”, the preceding address detection unit 122 may detect the number of web pages belonging to the upper address “ap.co.jp/ax”. There are four web pages belonging to the address “ap.co.jp/ax”: “m1.html”, “m2.html”, “m3.html”, and “m4.html”. Three web pages “.html”, “m2.html”, and “m3.html” are determined to be passed. Accordingly, 75% (= 3 ÷ 4 × 100) of the web pages belonging to the address “ap.co.jp/ax” are pass pages. The pass address registration unit 134 registers the “predetermined address” as a pass address if a web page belonging to a predetermined address has a predetermined percentage, for example, 60% or more of the web pages. Therefore, the address “ap.co.jp/ax” is a passing address. When “m4.html” for which pass / fail determination has not been made is selected as a determination target, the suitability determination unit 124 determines “pass” without executing pass / fail determination for “m4.html”. Alternatively, it may be determined as “provisional pass” and transmission of “m4.html” may be permitted. The processing method at the time of provisional acceptance will be described later. This is based on the determination that since many of the web pages belonging to the address “ap.co.jp/ax” are acceptable pages, this address “ap.co.jp/ax” is not an address of an unauthorized site. According to such a processing method, the number of executions of the pass / fail determination can be efficiently reduced, so that the processing load on the communication relay device 100 associated with the pass / fail determination can be reduced. By adjusting the above ratio, it is possible to balance the processing load reduction of pass / fail judgment and the detection rate of unauthorized sites.
The address to which the failed page belongs is registered as a “failed address”. This is because an address including at least one illegal page remains a suspicion of an illegal site. An address that is neither a pass address nor a fail address is called a “neutral address”. Each address is appropriately changed to one of a pass address, a fail address, and a neutral address as the validity period elapses and the pass / fail judgment is executed.

FIG. 5 is a flowchart showing a pass / fail determination process in the first embodiment.
First, when the target page is acquired by the target page acquisition unit 114, the preceding address detection unit 122 determines whether a link is set to the target page (S10). If the link is not set (N in S10), the pass / fail determination is unnecessary and the process ends. When the link is set (Y of S10), the preceding address detecting unit 122 selects one address of the preceding page of the first hierarchy (S12). The suitability determination unit 124 refers to the pass data holding unit 142, and if the pass / fail determination is necessary for this preceding page (N in S14), the preceding page acquisition unit 118 acquires the preceding page (S16). The time when pass / fail judgment is necessary is when the preceding page is a neutral page and belongs to a neutral address. After acquiring the preceding page, the suitability determining unit 124 determines whether the preceding page is acceptable (S18). Strictly speaking, it is a two-step determination of a temporary determination and a positive determination, but the reason for adopting the two-step determination will be described later. If pass / fail determination is unnecessary (Y in S14), S16 and S18 are skipped.

  If it fails (N in S20), the warning unit 116 displays a warning on the screen of the client terminal 160 (S22). This warning display may be a warning indicating that an illegal page is included in the link destination of the target page. If it passes (Y of S20), S22 is skipped. If there is a preceding page to be further verified (N in S24), the process returns to S12, and the same process is executed for the next preceding page. For example, when a plurality of links are set on the target page, pass / fail is determined for the preceding page of the first hierarchy set as the plurality of link destinations. When the verification for the preceding page of the first hierarchy is completed, the preceding page of the second hierarchy is verified. The number of layers to be verified may be arbitrarily set in consideration of the computer load of the communication relay device 100, the communication network load, and the like.

  According to such a processing method, the communication relay device 100 can execute pass / fail determination of the preceding page during a period when the user of the client terminal 160 is browsing a certain target page. Since the acquisition / display process and the pass / fail determination process of the target page in the client terminal 160 are separated, the pass / fail determination can be executed without reducing the processing efficiency of the acquisition / display process of the web page. In addition, instead of verifying a huge number of web pages on the Internet one by one, the preceding pages that are likely to be hit by the user are intensively verified, so that damage to unauthorized sites can be efficiently prevented.

  When the user is browsing a certain target page for a long time, the communication relay device 100 can secure time for determining whether or not the preceding page of the multi-layer destination is acceptable, which is more effective.

  The target page may be switched during the pass / fail determination. For example, it is assumed that the preceding pages of the first hierarchy of the web page A are web pages B and C, the web page B is linked to the web page B, and the web page E is linked to the web page C. When the web page A is the target page, the web pages B to E are the targets of the pass / fail determination. Here, it is assumed that the web page B is selected as a new target page at a stage where only the web pages B and C among the web pages B to E are judged as acceptable. At this time, you may exclude the web page E from the object of a pass / fail determination. This is because the web page E is the preceding page of the web page A but not the preceding page of the web page B. As described above, when the target page is switched during the verification of the preceding page group, the preceding address detecting unit 122 switches the preceding page group to be verified based on the new target page.

As another situation, when a certain web page F is selected as a target page, it is assumed that the pass / fail determination for the web page F has not been completed. In this case, the target page acquisition unit 114 transmits the web page F to the client terminal 160 even though the pass / fail determination has not been completed. On the other hand, the suitability determination unit 124 continues the pass / fail determination for the web page F. As a result of the pass / fail determination, if it is determined that the page is rejected, a warning is displayed on the client terminal 160 even during or after the display of the web page F.
According to such a processing method, even when the target page is frequently switched and a certain web page F is displayed, even if the pass / fail determination has not been completed for the web page F, the user can select a desired page. Web page F can be viewed.

  As a modified example, the target page acquisition unit 114 may not transmit the web page in the pass / fail unknown state to the client terminal 160 as the target page. Further, instead of warning about the failed page, the failed page may not be transmitted to the client terminal 160.

  When a certain web page is selected as the target page, it is desirable that pass / fail is already known for this web page. For this purpose, it is desirable that the communication relay device 100 can execute the pass / fail determination process at high speed. However, when dozens of links are set on a web page, the number of preceding pages is enormous, and a web page in an unacceptable state may be selected as the target page.

  Two measures are shown below as measures for suppressing the number of occurrences of such a situation. Here, it is assumed that many links are set in the web page G selected as the target page, and the web page H is selected as the next target page among the preceding pages of the first hierarchy of the web page G. .

First plan:
The provisional determination unit 126 performs provisional determination on all preceding pages of the first hierarchy for the web page G. First, “a web page that does not have an interface for inputting personal information” is first determined to be acceptable. Further, “a web page that includes an interface for inputting personal information but is secured by SSL” is determined to be provisionally passed. The positive determination unit 128 executes the positive determination on the provisionally passed web page after completing the temporary determination for all the preceding pages of the first hierarchy. In the present embodiment, “a web page having a URL that is not similar to any of a plurality of well-known URLs registered in advance” is determined as the final pass. It is assumed that the temporary determination has a relatively light processing load and the positive determination has a relatively heavy processing load.

  According to such a processing method, it is possible to identify a preceding page that is clearly unacceptable by executing only the provisional determination first. For this reason, the web page in the pass / fail unknown state is transmitted to the client terminal 160, and the risk that the failure is found later can be reduced. When the web page H is transmitted in a provisionally acceptable state, the web page H is positively determined after transmission. If the result of the positive determination is a failure, the warning unit 116 displays a warning on the client terminal 160. Note that the web page H may be transmitted to the client terminal 160 on the condition that at least the provisional determination is completed.

Second plan:
The second plan will be described with reference to FIG.

FIG. 6 is a data structure diagram of the risk degree holding unit 144.
In the pass / fail judgment of the preceding page, the illegal page detection rate per unit time varies depending on how many layers ahead or from which link destination should be verified. For example, it is assumed that a link object including a character string “Now” is often connected to an unauthorized page from past trends. On the other hand, it is also known that a link object including a character string “use agreement” hardly leads to an illegal page. Assume that a link object including “Now” and another link object including “Terms of Use” are set in a certain target page. In this case, it is better to verify “Now” before “Usage Terms”. This is because if this target page is connected to an unauthorized page, there is a high possibility of connection from “now”. In other words, it can be said that “Immediately” is more likely to lead to an unauthorized page (risk level) than “Usage Terms”. Based on this concept, the risk level holding unit 144 holds data in which risk levels for each link object are accumulated as a “risk level table”.

  The object column 154 shows the characteristics of the link object. In the figure, a link object including a character string “register” (hereinafter referred to as “link object A”) and a link object including a character string “description” (hereinafter referred to as “link object B”) are shown. Yes. The object column 154 may indicate a link object by an image like the link 202a of FIG. A hierarchy column 156 indicates a hierarchy, and a risk level column 158 indicates a risk level.

For example, in the case of the link object A including the character string “registration”, the probability (risk level) that an illegal page appears one layer ahead is 0.34%. On the other hand, the probability of an illegal page appearing two layers ahead is 0.11%, and the probability of appearing three layers ahead is 0.01%. Here, 0.10% is set as the “threshold value” of the risk level. When the link object A is set to a certain target page, the risk is higher than the threshold value of the preceding page of the first hierarchy directly connected to the link object A and the preceding page of the second hierarchy. However, since the risk level of the preceding page of the third hierarchy is smaller than the threshold value, there is almost no possibility of failing even if the pass / fail judgment is executed. Therefore, it is reasonable for the suitability determination unit 124 to perform the pass / fail determination up to the second layer for the preceding page group connected to the link object A.
For the same reason, when the link object A is set on a certain preceding page, the verification from the preceding page to the second hierarchical level may be made.

  On the other hand, in the case of the link object B including the character string “description”, the probability (risk level) that an illegal page appears in the first layer is 0.14%, which is equal to or higher than the threshold, but the second layer or the third layer Is less than the threshold. Therefore, it is reasonable for the suitability determination unit 124 to set the preceding page group connected to the link object B as a target of pass / fail determination up to the first layer.

  The risk level update unit 130 updates the contents of the risk level holding unit 144, in other words, the risk level table, every time pass / fail is found for the preceding pages leading to various link objects.

  According to such a processing method, it is possible to rationally determine how many layers ahead should be verified based on the relationship between the link object and the risk level. Further, the more the pass / fail judgment is performed, the more effective the data of the risk level table becomes.

First Example-2: Pass / Fail Determination by Client Terminal 160 In the above description, it has been described that the pass / fail determination is performed by the communication relay device 100. However, the pass / fail determination is performed by the client terminal 160 instead of the communication relay device 100. Also good. The relationship between the web server 300, the communication relay device 100, and the client terminal 160 is the same as that shown in FIG.

FIG. 7 is a functional block diagram of the client terminal 160 in the first embodiment-2.
The client terminal 160 includes a user interface (UI) unit 170, a data processing unit 180, and a data holding unit 190.
The UI unit 170 is in charge of user interface processing and communication processing with the communication relay device 100. The data processing unit 180 executes various data processing based on data acquired from the UI unit 170 and the data holding unit 190. The data processing unit 180 also serves as an interface between the UI unit 170 and the data holding unit 190. The data holding unit 190 is a storage area for holding various data.

  The UI unit 170 includes an input unit 172, a display unit 174, a target page acquisition unit 114, a warning unit 116, and a preceding page acquisition unit 118. The input unit 172 detects input by the user, and the display unit 174 displays a web page or the like on the screen. The target page acquisition unit 114 transmits a target page acquisition request to the communication relay device 100 and acquires the target page via the communication relay device 100. The preceding page acquisition unit 118 transmits a preceding page acquisition request to the communication relay device 100 and acquires the preceding page via the communication relay device 100. The warning unit 116 is the same as the warning unit 116 shown in FIG.

  The data processing unit 180 includes a preceding address detection unit 122, a suitability determination unit 124, a risk level update unit 130, a pass ID registration unit 132, and a pass address registration unit 134. In addition, the data holding unit 190 includes a pass data holding unit 142 and a risk holding unit 144. Each functional block is the same as each functional block given the same reference numeral in FIG.

  The pass / fail determination may be executed by both the client terminal 160 and the communication relay device 100 instead of either the communication relay device 100 or the client terminal 160. For example, the temporary determination may be executed by the communication relay device 100 and the correct determination may be executed by the client terminal 160. Alternatively, the pass / fail determination may be performed by the client terminal 160 for the first layer, and the pass / fail determination may be executed by the communication relay device 100 for the second and subsequent layers. Alternatively, in consideration of the processing load of the communication relay device 100 and the client terminal 160, which one accepts the degree of acceptance / rejection determination may be changed.

[Second Embodiment]
FIG. 8 is a hardware configuration diagram in the second embodiment.
As an example of a phishing scam, by sending an e-mail containing a link to a fraudulent page, falsely as if it were a tax refund procedure notice, to enter personal information on this fraudulent page There is a trick to encourage.
In the second embodiment, when an unauthorized e-mail (hereinafter simply referred to as “illegal e-mail”) is received, a pass / fail determination is executed for the web page set in the e-mail and the subsequent web page. By doing so, we can prevent damage to unauthorized sites.

  The execution subject of the pass / fail determination may be the client terminal 460 or the mail server 400. With reference to FIG. 9, first, the case where the mail server 400 performs pass / fail determination will be described as a second embodiment-1. Then, in connection with FIG. 10, the aspect which performs a pass / fail determination in the client terminal 160 is demonstrated as 2nd Example-2.

  The client terminals 460a, 460b, 460c and the client terminals 460d, 460e, 460f (hereinafter simply referred to as “client terminal 460”) are connected to the Internet 302 via the mail server 400b and the mail server 400a. When the client terminal 460d transmits an e-mail addressed to the client terminal 460a, the mail server 400a relays the e-mail to the mail server 400b. The client terminal 460a acquires an e-mail addressed to itself from the mail server 400b. The mail server 400a is in charge of the client terminals 460d, 460e, and 460f, and the mail server 400b is in charge of the client terminals 460a, 460b, and 460c.

Second Example-1: Pass / Fail Judgment by Mail Server 400 FIG. 9 is a functional block diagram of the mail server 400 in the second example-1.
Mail server 400 includes a communication unit 410, a data processing unit 420, and a data holding unit 430.
The communication unit 410 is in charge of communication processing with the client terminal 460 and other mail servers 400. The data processing unit 420 executes various data processing based on data acquired from the communication unit 410 or the data holding unit 430. The data processing unit 420 also serves as an interface between the communication unit 410 and the data holding unit 430. The data holding unit 430 is a storage area for holding various data.

  The communication unit 410 includes a mail reception unit 412, a mail transfer unit 414, a warning unit 116, and a page acquisition unit 416. The mail receiving unit 412 receives an e-mail transmitted from another mail server 400 to the client terminal 460 that the mail receiving unit 412 is responsible for. The mail transfer unit 414 transmits the received electronic mail to the destination client terminal 460. The page acquisition unit 416 acquires a web page that is a link destination of an e-mail, a web page that is a link destination of the web page, and the like. The warning unit 116 is the same as the warning unit 116 in FIG.

  The data processing unit 420 includes a preceding address detection unit 122, a suitability determination unit 124, a risk level update unit 130, a pass ID registration unit 132, and a pass address registration unit 134. In addition, the data holding unit 190 includes a pass data holding unit 142 and a risk holding unit 144. All the functional blocks are the same as the functional blocks denoted by the same reference numerals in FIG.

  The process of executing pass / fail judgment from the link set in the body of the e-mail is substantially the same as in the first embodiment. That is, in the first embodiment, the pass / fail determination is performed by identifying the preceding page that is likely to be accessed by the user by following the link of the target page. In the second embodiment, the link of the e-mail is used. By following the above, a preceding page that is highly likely to be accessed by the user is identified and a pass / fail determination is executed. For example, when a link to the web page 200 of FIG. 1 is set in a certain e-mail, each preceding page such as the web page 200, the web page 208a, the web page 210a, and the like is a target of pass / fail judgment.

  Note that an e-mail that may reach an unauthorized page is likely to be an unnecessary e-mail for the user of the client terminal 460 in the first place. In this case, the suitability determination unit 124 of the mail server 400 may discard such unauthorized mail. Or, if there is an invalid page in the web page that is explicitly linked in the e-mail, or a web page up to several layers further away, do not discard it if there is an invalid page earlier than that It may be a warning.

Second Example-2: Pass / Fail Determination by Client Terminal 460 In the above description, the pass / fail determination is performed by the mail server 400. However, the pass / fail determination may be performed by the client terminal 460 instead of the mail server 400. . The relationship between the mail server 400 and the client terminal 460 is the same as that shown in FIG.

FIG. 10 is a functional block diagram of the client terminal 460 in the second embodiment-2.
The client terminal 460 includes a user interface (UI) unit 470, a data processing unit 480, and a data holding unit 490.
The UI unit 470 is in charge of user interface processing and communication processing with the mail server 400. The data processing unit 480 executes various types of data processing based on data acquired from the UI unit 470 and the data holding unit 490. The data processing unit 480 also serves as an interface between the UI unit 470 and the data holding unit 490. The data holding unit 490 is a storage area for holding various data.

  The UI unit 470 includes an input unit 172, a display unit 174, a mail reception unit 418, a warning unit 116, and a page acquisition unit 416. These functional blocks are the same as the functional blocks given the same reference numerals in FIG. 3, FIG. 7, and FIG.

  The data processing unit 180 includes a preceding address detection unit 122, a suitability determination unit 124, a risk level update unit 130, a pass ID registration unit 132, and a pass address registration unit 134. In addition, the data holding unit 190 includes a pass data holding unit 142 and a risk holding unit 144. All the functional blocks are the same as the functional blocks denoted by the same reference numerals in FIG.

  The pass / fail determination may be executed by both the client terminal 460 and the mail server 400 instead of either the mail server 400 or the client terminal 160. For example, the provisional determination may be executed by the mail server 400 and the correct determination may be executed by the client terminal 460. Alternatively, pass / fail determination may be performed by the client terminal 460 up to a predetermined hierarchy, and pass / fail determination may be executed by the mail server 400 for a further hierarchy. Alternatively, in consideration of the processing load of the mail server 400 or the client terminal 460, which one accepts the degree of acceptance / rejection may be changed.

[Third embodiment]
FIG. 11 is a hardware configuration diagram of the third embodiment.
By clicking the download button on the web page with the mouse, the client terminal 160 can download various programs. These programs have various formats such as an execution format and a library format for extending the functions of existing programs. However, among these programs, there are many programs (hereinafter referred to as “illegal programs”) that adversely affect the client terminal 160. To prevent the negative effects of malware,
1. Do not download programs from suspicious websites.
2. After downloading, you can consider measures such as using a program after checking with virus check software. However, there is a limit to how the user can determine whether or not the site is a “suspicious website”. In addition, a method of using a program after checking for viruses after downloading is highly secure, but has a demerit that the program cannot be used immediately after downloading.

In the third embodiment, when a certain web page has an interface for downloading a program (hereinafter, such a web page is referred to as a “download page”), the program is acquired before the actual downloading is started. A method for preventing damage caused by a malicious program by verifying in advance whether the program is a malicious program will be described.
In the third embodiment, the execution subject of the pass / fail determination is the communication relay device 500.

  As in FIG. 1, each web server 300 provides a web page to the client terminal 160. Web server 300 is connected to the Internet 302. The communication relay device 500 is connected to the Internet 302 as a proxy for the client terminal 160. Each client terminal 160 connects to the Internet 302 via the communication relay device 500 and acquires a web page from each web server 300. The communication relay device 500 may be connected to the Internet 302 as a firewall or a gateway.

FIG. 12 is a functional block diagram of the communication relay device 500 in the third embodiment.
The communication relay device 500 includes a communication unit 510, a data processing unit 520, and a data holding unit 530.
The communication unit 510 is in charge of communication with the client terminal 160 and the web server 300. The data processing unit 520 executes various data processing based on data acquired from the communication unit 510 and the data holding unit 530. The data processing unit 520 also serves as an interface between the communication unit 510 and the data holding unit 530. The data holding unit 530 is a storage area for holding various data.

  The communication unit 510 includes a request receiving unit 112, a target page acquisition unit 114, a warning unit 116, a preceding page acquisition unit 118, and a file acquisition unit 512. The file acquisition unit 512 downloads the program from the download page. Other functional blocks are the same as the functional blocks given the same reference numerals in FIG.

  The data processing unit 520 includes a preceding address detection unit 122, a pass ID registration unit 526, a pass address registration unit 528, a risk level update unit 524, and a suitability determination unit 522. The preceding address detection unit 122 is similar to the preceding address detection unit 122 of FIG. 3 and detects the URL of another web page that is linked to a certain web page. The suitability determination unit 522 executes pass / fail determination of the program acquired by the file acquisition unit 512 based on a predetermined acceptance criterion. For example, the suitability determination unit 522 determines whether or not only a program in a predetermined format such as the EXE format, the JAR format, the BAT format, or the BIN format is acceptable. Programs that are unlikely to have an adverse effect on the client terminal 160, such as the MP3 format or the JPG format, may be excluded from the pass / fail determination target. In the following, a web page on which a program in a predetermined format such as EXE format can be downloaded is called a “conditional download page”.

  The pass / fail judgment here may be performed by applying an existing virus detection technique. A program that passes is called a “passed program”, and a program that fails is called a “failed program”. In addition, a conditional download page that provides a passing program is called a “pass download page”, and a conditional download page that provides at least one failing program is called a “fail download page”. The conditional download page before pass / fail is known as the “neutral download page”.

  The risk level update unit 524 appropriately updates the “risk level table” that defines the relationship between the link object and the “risk level” as the probability of reaching the failed download page from the link object. The concept of risk is as described in connection with FIG. The pass ID registration unit 526 registers the pass download page ID as “pass ID” in the pass data holding unit 142. In addition, the pass address registration unit 528 registers an address including a predetermined number or more of download download pages as a “pass address” in the pass data holding unit 142. The concept of the pass ID and pass address is as described in connection with FIG.

  The data holding unit 530 includes a pass data holding unit 142 and a risk holding unit 144. The pass data holding unit 142 and the risk holding unit 144 are the same as the functional blocks denoted by the same reference numerals in FIG.

FIG. 13 is a flowchart showing the pass / fail determination process in the third embodiment.
First, when the target page is acquired by the target page acquisition unit 114, the preceding address detection unit 122 determines whether a link is set to the target page (S30). If no link is set (N in S30) and the target page is not a conditional download page (N in S34), the process skips to S48 and ends as it is. When the target page is a conditional download page (Y in S34), the processes after S36 are executed.

  When the link is set to the target page (Y in S30), the preceding address detection unit 122 selects one address of the preceding page in the first hierarchy (S32). The suitability determination unit 522 determines whether the preceding page is a conditional download page (S34). If it is not a conditional download page (N in S34), the process skips to S48. If it is a conditional download page (Y in S34) and a pass / fail determination is necessary for the program of this conditional download page (N in S36), the preceding page acquisition unit 118 acquires the preceding page (S36). The pass / fail judgment is necessary when the conditional download page is a neutral download page and belongs to a neutral address. The file acquisition unit 512 acquires the program from the conditional download page (S40). The suitability determination unit 522 executes pass / fail determination of the program (S42). If pass / fail determination is unnecessary (Y in S36), S38 to S42 are skipped.

If it fails (N in S44), the warning unit 116 displays a warning on the screen of the client terminal 160 (S46). This warning display may be a warning indicating that the target page or its preceding page is a download page for a malicious program. If it passes (Y of S44), S46 is skipped. If verification has not been completed for all web pages (N in S48), the process returns to S32, and the same process is executed for another preceding page. If the verification is complete (Y in S48), the process ends.
Note that the file acquisition unit 512 of the communication relay device 500 may cache the passing program. When another client terminal 160 requests download of this pass program, a transmission unit (not shown) included in the communication relay device 500 may transmit the cached pass program as it is. When the version number is included in the program, the file acquisition unit 512 compares the version number of the cached program with the version number of the program set in the conditional download page, and the version numbers do not match. In some cases, the cached program may be discarded and the latest program downloaded. Not only programs but also web pages may be appropriately cached and discarded while referring to update date / time information and the like.

The method for verifying electronic information on the Internet such as a web page and a program has been described above based on the first embodiment, the second embodiment, and the third embodiment.
According to the communication relay device 100 and the client terminal 160 of the first embodiment, it is possible to make a pass / fail determination in advance on the preceding page of the web page that the user of the client terminal 160 is actually browsing. Since it is possible to make a pass / fail determination in advance for a web page that is likely to be viewed by the user in the future, it is easy to protect the user from unauthorized sites. In the first embodiment, since the pass / fail judgment process is separated from the web page acquisition / display process, the convenience of the user at the time of browsing the web page is unlikely to be impaired.

  By executing the pass / fail judgment for not only the preceding page of the first hierarchy but also the preceding page of a deeper hierarchy, it becomes easier to prevent the risk that the user will browse without knowing that the unauthorized page is an unauthorized page. Further, the pass / fail determination processing efficiency can be improved by the pass ID and the pass address, and the illegal page detection rate can be increased by managing the pass ID validity period. Further, the effectiveness of the pass / fail determination can be efficiently enhanced by the two-step pass / fail determination and the selection order control of the preceding pages based on the risk level.

  According to the mail server 400 and the client terminal 460 of the second embodiment, the existence of an unauthorized page can be warned in advance before the user of the client terminal 460 actually accesses the unauthorized page. Alternatively, the unauthorized mail itself may be discarded. According to such a processing method, it becomes easy to effectively suppress phishing scams triggered by unauthorized mail.

  According to the communication relay device 500 of the third embodiment, it is possible to make a pass / fail determination in advance for a program that is likely to be actually downloaded by the user of the client terminal 160. Since it is possible to make a pass / fail determination in advance for a program that is likely to be downloaded by the user in the future, it is easy to protect the user from malicious programs. In the third embodiment, since the pass / fail determination process is separated from the program download / execution process, the convenience of the user at the time of program download is unlikely to be impaired.

  The first embodiment, the second embodiment, and the third embodiment can be arbitrarily combined. For example, not only the pass / fail determination of a web page, but also the pass / fail determination of a program file downloaded from the web page may be executed. Also, the URL of the download site may be given to the e-mail. Also in this case, the program of the download site may be checked in advance by the communication relay device 500.

  The present invention has been described based on the embodiments. The embodiments are exemplifications, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are within the scope of the present invention. .

  For example, a web page provided by a phishing site has been described as a typical example of an unauthorized page, but the definition of an unauthorized page varies depending on the person. If you are targeting minors, you may want to restrict access to adult sites or e-commerce sites. Therefore, such a web page can be detected as an illegal page by determining acceptance criteria based on unique information that is often included in adult sites.

  In the first and second embodiments, it has been described that the presence of an unauthorized page is warned, but the display of the unauthorized page itself may be suppressed. Pass IDs and pass addresses may be exchanged between communication relay apparatuses or between client terminals. According to such an aspect, it becomes easy to efficiently collect information on the pass page and the fail page.

It is a schematic diagram for demonstrating the relationship between a target page and a preceding page. It is a hardware block diagram in 1st Example. It is a functional block diagram of the communication relay apparatus in 1st Example-1. It is a data structure figure of a pass data holding part. It is a flowchart which shows the process of the pass / fail determination in 1st Example. It is a data structure figure of a risk holding part. It is a functional block diagram of the client terminal in 1st Example-2. It is a hardware block diagram in 2nd Example. It is a functional block diagram of the mail server in 2nd Example-1. It is a functional block diagram of the client terminal in 2nd Example-2. It is a hardware block diagram in 3rd Example. It is a functional block diagram of the communication relay apparatus in 3rd Example. It is a flowchart which shows the process of the pass / fail determination in 3rd Example.

Explanation of symbols

  200 web page, 202 link, 204 download button, 206 program file, 208 web page, 210 web page, 212 web page, 100 communication relay device, 160 client terminal, 302 internet, 300 web server, 110 communication unit, 120 data processing Part, 140 data holding part, 112 request receiving part, 114 target page acquiring part, 116 warning part, 122 preceding address detecting part, 124 suitability determining part, 130 risk level updating part, 132 passing ID registering part, 134 passing address registering part 118 Preceding page acquisition unit, 126 Temporary determination unit, 128 Positive determination unit, 142 Passed data holding unit, 144 Risk level holding unit, 146 Address column, 148 page column, 50 Pass / fail column, 152 Judgment date / time column, 154 Object column, 156 Hierarchy column, 158 Risk level column, 170 UI unit, 180 Data processing unit, 190 Data holding unit, 172 Input unit, 174 Display unit, 460 Client terminal, 400 Mail Server, 410 communication unit, 420 data processing unit, 430 data holding unit, 412 mail receiving unit, 414 mail transfer unit, 416 page acquisition unit, 470 UI unit, 480 data processing unit, 490 data holding unit, 418 mail receiving unit, 500 communication relay device, 510 communication unit, 520 data processing unit, 530 data holding unit, 512 file acquisition unit, 522 suitability determination unit, 524 risk update unit, 526 pass ID registration unit, 528 pass address registration unit.

Claims (20)

Connected to a web server on behalf of a client device with a web browser,
A request receiving unit that receives an acquisition request for a target page, which is a web page to be displayed, from the client terminal;
A target page acquisition unit that acquires the target page instead of the client terminal from a web server that holds the target page, and transmits the target page to the client terminal;
A preceding address detector that detects an address set as a link destination in the target page;
A preceding page acquisition unit that acquires the linked web page as a preceding page from the web server specified by the address;
A suitability determination unit that determines pass / fail of the preceding page, based on a predetermined acceptance criterion determined to determine whether the content of the web page is suitable for display;
When the preceding page is determined to be unacceptable, a warning unit that warns the client terminal that there is an inappropriate web page at the link destination of the target page;
A communication relay device comprising: The preceding address detection unit further detects an address set as a link destination in the preceding page, thereby detecting an address of a web page that is a plurality of layers ahead from the target page,
The preceding page acquisition unit acquires the web page ahead of the plurality of layers as a preceding page,
The suitability determination unit determines pass / fail of the preceding page,
The warning unit warns the client terminal that an inappropriate web page is reached when the link destination of the target page is followed when the preceding page is determined to be unacceptable. The communication relay device according to claim 1. A pass ID registration unit for registering the ID of the web page determined to pass as a pass ID in a predetermined recording area;
The adequacy determination unit determines that the web page is acceptable without executing the pass / fail determination based on the acceptance criteria when the ID of the web page that is the target of the pass / fail determination is already registered as a pass ID. The communication relay device according to claim 1 or 2.   The pass ID registration unit registers the pass ID in association with the execution timing of the pass determination, and invalidates the pass ID for which a predetermined valid period has elapsed from the execution timing of the pass determination. 4. The communication relay device according to 3. A pass address registration unit that registers the predetermined address as a pass address in a predetermined recording area when the ID of a web page of a predetermined ratio or more among a plurality of web pages belonging to the predetermined address has been registered as a pass ID, Further comprising
The adequacy determination unit, when the address of the web page that is the target of the pass / fail determination belongs to the pass address, determines that the web page is pass without executing the pass / fail determination based on the pass criteria. The communication relay device according to claim 3 or 4.   The warning unit, when the pass / fail determination for the preceding page is completed after the preceding page is transmitted to the client terminal as the target page, and when the determination result is unacceptable, The communication relay device according to claim 1, which warns afterwards that an inappropriate web page is being displayed. The acceptance criteria are divided into the acceptance criteria for the first stage and the acceptance criteria for the second stage,
The suitability determination unit
Based on the acceptance criteria of the first stage, a provisional determination unit that determines provisional pass / fail of the preceding page;
A positive determination unit that determines final pass / fail of the preceding page based on the acceptance criteria of the second stage,
The provisional determination unit, when a plurality of link destinations are set on a web page, performs provisional pass / fail determination for a plurality of preceding pages corresponding to the plurality of link destinations,
The communication relay device according to claim 1, wherein the correct determination unit performs a final pass / fail determination for a preceding page that has passed the provisional pass / fail determination. A risk level that associates a link object set to indicate a link to another web page on a web page with a risk level that is a probability of reaching an inappropriate web page from the link destination indicated by the link object. A risk holding unit for holding the table;
A risk level update unit that updates the risk level table according to the pass / fail judgment result of the preceding page,
When a plurality of link objects are set on a web page, the suitability determination unit refers to the risk level table, and first selects a preceding page corresponding to a link object having the highest risk level among the plurality of link objects. The communication relay device according to claim 1, wherein a pass / fail decision is made. A request transmission unit that transmits an acquisition request for a target page, which is a web page specified by a user, to an external web server;
A target page acquisition unit for receiving the target page from the web server;
A preceding address detector that detects an address set as a link destination in the target page;
A preceding page acquisition unit that acquires the linked web page as a preceding page from the web server specified by the address;
A suitability determination unit that determines pass / fail of the preceding page, based on a predetermined acceptance criterion determined to determine whether the content of the web page is suitable for display;
When the preceding page is determined to be rejected, a warning unit that warns on the screen that an inappropriate web page exists at the link destination of the target page;
A web terminal comprising: The preceding address detection unit further detects an address set as a link destination in the preceding page, thereby detecting an address of a web page that is a plurality of layers ahead from the target page,
The preceding page acquisition unit acquires the web page ahead of the plurality of layers as a preceding page,
The suitability determination unit determines pass / fail of the preceding page,
The warning section warns on the screen that an inappropriate web page is reached when the link destination of the target page is traced when the preceding page is determined to be unacceptable. Web terminal described in. A mail receiving unit that receives an email transmitted from an external communication device to a client terminal via a communication network;
A preceding address detection unit for detecting an address set as a link destination in the body of the email;
A preceding page acquisition unit that acquires the linked web page as a preceding page from the web server specified by the address;
A suitability determination unit that determines pass / fail of the preceding page, based on a predetermined acceptance criterion determined to determine whether the content of the web page is suitable for display;
When it is determined that the preceding page is unacceptable, a warning unit that warns the client terminal that is the destination of the e-mail that an inappropriate web page exists at the link destination of the electronic page;
A mail server device comprising: A mail receiving unit that receives an email transmitted from an external communication device to a client terminal via a communication network;
A preceding address detection unit for detecting an address set as a link destination in the body of the email;
A preceding page acquisition unit that acquires the linked web page as a preceding page from the web server specified by the address;
A suitability determination unit that determines pass / fail of the preceding page based on a predetermined acceptance criterion set to determine whether the content of the web page is suitable for display,
The mail server device, wherein the suitability determination unit discards the electronic mail when it determines that the preceding page is unacceptable. A mail receiving unit for receiving e-mail from an external communication device;
A preceding address detection unit for detecting an address set as a link destination in the body of the email;
A preceding page acquisition unit that acquires the linked web page as a preceding page from the web server specified by the address;
A suitability determination unit that determines pass / fail of the preceding page, based on a predetermined acceptance criterion determined to determine whether the content of the web page is suitable for display;
When the preceding page is determined to be unacceptable, a warning unit that warns that an inappropriate web page exists at the link destination of the electronic page;
An e-mail terminal comprising: Connected to a web server on behalf of a client device with a web browser,
A request receiving unit that receives an acquisition request for a target page, which is a web page to be displayed, from the client terminal;
A target page acquisition unit that acquires the target page instead of the client terminal from a web server that holds the target page, and transmits the target page to the client terminal;
A preceding address detector that detects an address set as a link destination in the target page;
A preceding page acquisition unit that acquires the linked web page as a preceding page from the web server specified by the address;
In the preceding page, when an interface for downloading a program file of a predetermined format is set, a file acquisition unit that acquires the program file via the interface;
An adequacy determination unit that determines pass / fail of the program file based on a predetermined acceptance criterion determined to determine whether the program file may adversely affect the operation of the client terminal;
When it is determined that the program file is rejected, a warning unit that warns the client terminal that there is an inappropriate download page at the link destination of the target page;
A communication relay device comprising:   The file acquisition unit temporarily stores the acquired program file, and reads the stored program file without going through the interface when it is necessary to acquire the program file thereafter. The communication relay device according to claim 14. The preceding address detection unit further detects an address set as a link destination in the preceding page, thereby detecting an address of a web page that is a plurality of layers ahead from the target page,
The preceding page acquisition unit acquires the web page ahead of the plurality of layers as a preceding page,
The file acquisition unit acquires the program file via the interface when an interface for downloading the program file of the predetermined format is set in the preceding page,
The suitability determination unit determines whether the program file is acceptable,
The warning unit warns the client terminal that an inappropriate download page is reached when the link destination of the target page is followed when the program file is determined to be unacceptable. Item 16. The communication relay device according to Item 14 or 15. A link object set to indicate a link to another web page on the web page, a risk that is a probability of reaching an inappropriate download page from the link destination indicated by the link object, and the link object from the link object A risk level holding unit that holds a risk level table that associates the number of levels up to an inappropriate download page, and
A risk update unit that updates the risk table according to a result of the pass / fail determination of the program file,
The preceding page acquisition unit refers to the risk level table, acquires the previous previous page for the hierarchy in which the highest risk level is set for the link object set in the target page, and the interface It is determined whether it is set, The communication relay apparatus of Claim 16 characterized by the above-mentioned. A function for acquiring a target page, which is a web page to be displayed on a client terminal, from a web server;
A function of detecting an address set as a link destination in the target page;
A function of acquiring the linked web page as a preceding page from a web server specified by the address;
A function for determining the success or failure of the preceding page based on a predetermined acceptance criterion established for determining whether or not the content of the web page is suitable for display;
When it is determined that the preceding page is unacceptable, a function for warning the client terminal that there is an inappropriate web page at the link destination of the target page;
A site check program characterized by causing a computer to demonstrate. A function of receiving an e-mail transmitted from an external communication device to a client terminal via a communication network;
A function of detecting an address of a web page set as a link destination in the body of the email;
A function of acquiring the linked web page as a preceding page from a web server specified by the address;
A function for determining the success or failure of the preceding page based on a predetermined acceptance criterion established for determining whether or not the content of the web page is suitable for display;
When it is determined that the preceding page is unacceptable, a function for warning the client terminal that is the destination of the e-mail that an inappropriate web page exists at the link destination of the electronic page;
A site check program characterized by causing a computer to demonstrate. A function for acquiring a target page, which is a web page to be displayed on a client terminal, from a web server;
A function of detecting an address set as a link destination in the target page;
A function of acquiring the linked web page as a preceding page from a web server specified by the address;
In the preceding page, when an interface for downloading a program file of a predetermined format is set, a function of acquiring the program file via the interface;
A function for determining pass / fail of the program file based on a predetermined acceptance criterion set for determining whether the program file may adversely affect the operation of the client terminal;
When it is determined that the program file is rejected, a function for warning the client terminal that there is an inappropriate download page at the link destination of the target page;
A site check program characterized by causing a computer to demonstrate.

Images