JP2011146038A - Page transition device, page transition system, and page transition method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To eliminate illegal accesses in simpler processing. <P>SOLUTION: Two associated caller IDs are embedded in a screen on a link is displayed. When the link screen is displayed on a user terminal 103, a cookie including a first caller ID is generated in a page transition device and stored in the user terminal 103. Afterward, when the user terminal 103 requests a reward service providing screen, the first caller ID as a part of the stored cookie and a second caller ID added to a URL of the reward service providing screen are transmitted to the page transition device. Then, when the two IDs are associated with each other, the reward service providing screen is transmitted to the user terminal 103. Thus, illegal accesses are eliminated by simple processing. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a page transition apparatus, a page transition system, and a page transition method for determining a Web page to be displayed next on a terminal.

  As a prior art, there is an electronic lottery server that gives points based on a winning result as in Patent Document 1 (“Electronic lottery using mobile phone / game / questionnaire system, method and program executed by computer”).

  In this way, when providing a service by electronic lottery to a site operator who intends to promote the use of the site and improve the migration rate with points as an incentive, the site operator bears the funds for the points. Therefore, it is requested to construct a system so as to provide a service that is limited to links from the site. That is, when there is an unauthorized access person who uses the lottery service from other than the site, it is necessary to eliminate such access.

  On the other hand, as a method of eliminating unauthorized access in the use of an external service, based on the result of monitoring normal actions of authorized users and authorized clients as in Patent Document 2 (“Electronic Commerce System Unauthorized Use Detection Method and Device”). Thus, a method for detecting unauthorized use of the system by an unauthorized user or an unauthorized client can be considered.

JP 2005-021358 A JP-A-11-259571

  However, in the conventional unauthorized access elimination method as described above, it is necessary to monitor the behavior, and the burden on the system is large. In addition, a general login authentication method or the like complicates procedures and operations and cannot be easily used.

  Therefore, it is an object to eliminate unauthorized access by a simple process compared to conventional unauthorized access elimination methods such as login authentication.

  A page transition apparatus according to the present invention is a page transition apparatus for causing a terminal to display a second Web page accessible from a link embedded in a first Web page. When displaying on the terminal a first Web page in which the caller ID and the second caller ID and the URL of the second Web page to which the second caller ID is added are displayed on the terminal, Content request receiving means for receiving from the terminal a request including the first caller ID for acquiring the identification content embedded in the first Web page, and a first call in the request received by the content request receiving means A generating unit that generates a cookie including an original ID and generates identification content to which the generated cookie is added, and the identification content generated by the generating unit is first Content transmitting means for transmitting the identification content to the terminal in order to display the first web page included in the web page and store the cookie added to the identification content in the terminal; A page request receiving means for receiving a URL to which a second caller ID is added and a cookie stored in the terminal, and a URL received by the page request receiving means. The first and second caller IDs are extracted from the cookie and the determination means for determining whether or not the first and second caller IDs correspond to the first and second caller IDs. Then, if it is determined, page transmission means for transmitting the second Web page to the terminal is provided.

  The page transition system of the present invention is a page transition system having a server and a terminal on which a second Web page accessible from a link embedded in the first Web page is displayed. First page request receiving means for receiving a web page request from the terminal, and first caller ID and second caller associated with each other in advance according to the request received by the first page request receiving means A first page transmitting means for transmitting the first web page in which the ID and the URL of the second web page to which the second caller ID is added are embedded to the terminal; and the first page transmitting means A request including a first caller ID for acquiring identification content embedded in the first Web page is received from a terminal that displays the transmitted first Web page. A content request receiving means; a generating means for generating a cookie including a first caller ID in the request received by the content request receiving means; and generating identification content to which the generated cookie is added; The identification content generated by the generation means is included in the first Web page to display the first Web page, and the cookie added to the identification content is stored in the terminal. A second means for receiving a URL to which a second caller ID is added and a cookie stored in the terminal from a content transmitting means for transmitting the content to the terminal and a terminal requesting the second Web page; First and second caller IDs are extracted from the URL and cookie received by the page request receiving means and the second page request receiving means, and the first And determining means for determining whether or not the second caller ID corresponds, and if it is determined that the first and second caller IDs correspond, the second Web page is transmitted to the terminal. 2 page transmission means.

  The page transition method of the present invention is a page transition method executed by a page transition device for displaying on a terminal a second Web page accessible from a link embedded in a first Web page, The transition device includes a first caller ID and a second caller ID that are associated with each other in advance, and a URL of the second Web page to which the second caller ID is added. A content request receiving step of receiving a request including the first caller ID for acquiring identification content embedded in the first Web page from a terminal that displays one Web page; , Generating a cookie including the first caller ID in the request received in the content request reception step, and identifying the identification content to which the generated cookie is added. And a page transition device that causes the terminal to display the first Web page by including the identification content generated in the generation step in the first Web page, and is attached to the identification content. In order to store the cookie in the terminal, a content transmission step of transmitting the identification content to the terminal, and the page transition device adds a second caller ID from the terminal requesting the second Web page. Page request receiving step for receiving the received URL and the cookie stored in the terminal, and the page transition device extracts the first and second caller IDs from the URL and cookie received in the page request receiving step. A determination step for determining whether or not the first and second caller IDs correspond to each other; If the caller ID has been determined to correspond to the is characterized in that it comprises a page transmission step of transmitting the second Web page to the terminal.

  According to such an invention, the corresponding first and second caller IDs are embedded in the first Web page. Then, when the first Web page is displayed on the terminal, a cookie including the first caller ID is generated by the page transition device (system), sent to the terminal, and stored inside the terminal. Thereafter, when the terminal requests the second Web page, the first caller ID stored in the terminal as a part of the cookie and the second call added to the URL of the second Web page The original ID is sent to the page transition device (system). Then, a determination process using these two IDs is performed, and if both IDs correspond, the second Web page is transmitted to the terminal. As described above, the first caller ID included in the cookie generated when the first Web page is displayed and the second caller ID added to the URL of the page when the second Web page is requested. By confirming the correspondence, it is possible to confirm whether or not the access to the second Web page is a request from the properly deployed first Web page. As a result, unauthorized access (access from other than the first Web page) can be eliminated with simple processing.

  In the page transition device of the present invention, time information regarding the expiration date of the cookie is set in the cookie, and the determination unit determines whether the cookie is valid based on the time information, and the cookie is valid. If it is determined that the first caller ID corresponds to the first caller ID, the page transmission means determines that the cookie is valid and the first caller ID corresponds to the first caller ID. If it is determined, the second web page may be transmitted to the terminal.

  In this case, since the validity (expiration date) of the cookie itself is also considered, the second Web page is transmitted to the terminal only for a request within a predetermined time after the first Web page is displayed. can do. Thereby, unauthorized access can be more reliably eliminated.

  In the page transition apparatus of the present invention, one of the first and second caller IDs embedded in the first Web page is set to the other of the first and second caller IDs by a predetermined encoding method. A value obtained by encoding, and the determination unit decodes one of the first and second caller IDs by a decoding method corresponding to a predetermined encoding method, and the value obtained by the decoding And the other of the first and second caller IDs may be determined to correspond to each other.

  In this case, since one of the two caller IDs is encoded and then flows between the page transition device (system) and the terminal, it is possible to improve confidentiality regarding the caller ID.

  In the page transition apparatus of the present invention, the first caller ID embedded in the first Web page is a value obtained by encoding a predetermined value using the first encoding method, The second caller ID embedded in one Web page is a value obtained by encoding the predetermined value with the second encoding method, and the determination means uses the first caller ID. Are decoded by the first decoding method corresponding to the first encoding method, and the second caller ID is decoded by the second decoding method corresponding to the second encoding method. When the two values obtained by the decryption method match, it may be determined that the first and second caller IDs correspond to each other.

  In this case, since both of the two caller IDs are encoded by different methods and flow between the page transition device (system) and the terminal, the confidentiality of the caller ID can be improved.

  In the page transition device of the present invention, the second Web page may be a Web page for giving the user an opportunity to give a predetermined reward.

  In this case, unauthorized access to a page related to reward grant can be eliminated.

  According to the present invention, the first caller ID included in the cookie generated when the first Web page is displayed, and the second caller ID added to the URL of the page when the second Web page is requested. It is possible to confirm whether or not the access to the second Web page is a request from the first Web page that has been properly deployed. As a result, unauthorized access (access from other than the first Web page) can be eliminated with simple processing.

FIG. 1 is a diagram illustrating a network configuration of a page transition restriction system. FIG. 2 is a diagram showing an outline of processing of the page transition restriction system. FIG. 3 is a diagram illustrating an example of a link posting screen. FIG. 4 is a diagram illustrating an example of a reward service providing screen. FIG. 5 is a diagram illustrating an example of an error screen. FIG. 6 is a diagram showing a pre-processing flow of the reward service utilization server. FIG. 7 is a diagram illustrating a pre-processing flow of the reward service providing server. FIG. 8 is a diagram illustrating a configuration of the reward service use server. FIG. 9 is a diagram showing a link posting screen distribution processing flow. FIG. 10 is a diagram illustrating a configuration of the reward service providing server. FIG. 11 is a diagram showing a resource distribution processing flow. FIG. 12 is a diagram showing a cookie generation processing flow. FIG. 13 is a diagram illustrating a reward service provision screen distribution processing flow. FIG. 14 is a diagram showing a cookie determination processing flow.

Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a network configuration of a page transition restriction system (page transition system). The reward service use server 101, the reward service providing server (page transition device) 102, and the user terminal 103 are connected via the Internet. The reward service use server 101 is a Web server that uses a reward service from a site operated by the reward service use server 101. The reward service providing server 102 is a Web server that provides a reward service. The user terminal 103 is a computer that operates in a Web environment, and is assumed to be operated by a user of the site of the reward service use server 101. The user terminal 103 includes a browser that can receive and display a Web screen (for example, HTML) from a Web server via the Internet, and access and load a linked resource described in the Web screen. ing. In addition, the browser can accept an icon click or key input, generate an event, and execute a program in response to the event.

  The reward service distributes a service screen linked from the site of the reward service utilization server 101 to the user terminal 103, and provides convenience to the site user of the reward service utilization server 101. In this example, a lottery server 102 a that provides a service for giving points by a lottery to the user of the user terminal 103 is assumed. As a reward service use server 101, a virtual shopping mall server 101a that operates a virtual shopping mall site, a marriage support server 101b that operates a marriage support site, and a blog management server 101c that operates a blog management site are assumed.

  The operator of each reward service use server 101 receives a specific reward service from the reward service providing server 102. That is, the reward service is provided only to the predetermined reward service usage server 101, and only access from a link from the operation site of the reward service usage server 101 is valid, and other access is excluded. In this example, each reward service utilization server 101 receives a unique lottery service. The virtual shopping mall server 101a uses a speed lottery service, the marriage support server 101b uses a lucky lottery service, and the blog management server 101c uses a happy lottery service. And each site management entity bears the service use fee and expense which arise with the reward service which is used.

  FIG. 2 is a diagram showing an outline of processing of the page transition restriction system. Through pre-processing (S201) by the reward service using server 101 and pre-processing (S202) by the reward service providing server 102, exchange of data to be shared and editing of the source code of the Web screen are performed. Details will be described later with reference to FIGS. 6 and 7.

  The processing after S203 is this processing. The user terminal 103 transmits a link posting screen request to the reward service utilization server 101 (S203). That is, the user terminal 103 accesses the link posting screen from the browser. In response to this, the reward service using server 101 returns a link posting screen (HTML) (S204) to the user terminal 103.

  FIG. 3 is a diagram illustrating an example of a link posting screen (first Web page). The transparent gif image 301 is a 1 × 1 transparent gif (GIF file indicating a transparent image of 1 pixel × 1 pixel). This is an example of a resource (identification content) acquired from the reward service providing server 102. When the reward service provision screen request icon 302 is clicked, a reward service provision screen (FIG. 4) provided by the reward service provision server 102 is accessed.

  The user terminal 103 receives the link posting screen (HTML), expands it with a browser, and displays the link posting screen (S205). In the deployment operation at this time, the user terminal 103 transmits a resource request (S206) to the reward service providing server 102. The source code of the link posting screen (HTML) has a description linked to the resource URL, and the user terminal 103 sends and accesses the resource URL of the reward service providing server 102 according to the instruction. A caller ID is added to the resource URL by a parameter. The caller ID is information associated with the link posting screen, and is an ID for specifying a regular caller. As the caller ID, an identifier of the link posting screen, an identifier of a screen group (menu) in the site of the reward service using server 101 to which the link posting screen belongs, an identifier of the reward service using server 101, or the like is used. In this example, the 1 × 1 transparent gif is called as a resource.

  When the reward service providing server 102 receives the resource request (S206) (content request reception step), the reward service providing server 102 generates a cookie to be added to the resource (S207, generation step), and returns the resource with the cookie (S208, content transmission). Step). The cookie includes a caller ID (first caller ID) received as parameters and a cookie generation date (time information).

  When receiving the resource, the browser of the user terminal 103 loads the resource (S209). In this example, the browser displays a 1 × 1 transparent gif. At the same time, the browser stores the cookie in the user terminal 103 (S210). When the reward service provision screen request icon is clicked in the screen display completion state (S211), the browser transmits a reward service provision screen request (S212) to the reward service provision server 102. For this purpose, the source code of the link posting screen (HTML) is described so that when a reward service provision screen request icon click event occurs, a reward service provision screen URL is transmitted and accessed. A caller ID (second caller ID) is added to the reward service providing screen URL by a parameter. Further, the browser adds the cookie (S212) stored in the user terminal 103 and transmits it.

  When the reward service providing server 102 receives the reward service providing screen request 212 (page request receiving step), the reward service providing server 102 determines a cookie (S213, determining step). Specifically, the reward service providing server 102 acquires the cookie generation date and time from the cookie of the reward service provision screen request, determines whether the access is within a predetermined time, and determines the cookie caller ID (first caller). ID) and the call source ID (second call source ID) of the parameter added to the reward service providing screen URL are determined to correspond (match). If it is determined to be valid, the reward service providing server 102 returns a reward service providing screen (HTML) to the user terminal 103 (S214, page transmission step). FIG. 4 is a diagram illustrating an example of a reward service providing screen (second Web page). The reward service providing screen is configured such that an electronic lottery operation process is activated by clicking an instruction area. That is, the reward service providing screen is a Web page for giving the user an opportunity to give a predetermined reward.

  On the other hand, when it is determined to be inappropriate, the reward service providing server 102 returns an error screen (HTML) to the user terminal 103 (S215, page transmission step). FIG. 5 is a diagram illustrating an example of an error screen (third Web page). By clicking a link icon 501 instruction, it is possible to access the linked transition destination screen URL. Here, since the URL of the link posting screen, which is a legitimate caller, is set, it is possible to prompt the user terminal 103 to call the reward service providing screen from the link posting screen again. In other words, the user can be guided to a legitimate link source via this error screen when the access is inappropriate. Note that the error screen automatically accesses the screen URL of the transition destination within a few seconds.

  From here, each process (S201-S215) is explained in full detail. First, pre-processing (S201) by the reward service using server 101 and pre-processing (S202) by the reward service providing server 102 will be described. FIG. 6 is a diagram illustrating a pre-processing flow of the reward service using server, and FIG. 7 is a diagram illustrating a pre-processing flow of the reward service providing server. The operator who intends to use the reward service sends a caller registration request from the reward service utilization server 101 to the reward service providing server 102 (S601). At this time, the link posting screen URL of the reward service utilization server 101 is also notified.

  When receiving the caller registration request (S701), the reward service providing server 102 assigns a caller ID for requesting resources (S702), and further assigns a caller ID for requesting a reward service providing screen (S703). In this example, both caller IDs are the same. However, if the correspondence between the two can be determined by the reward service providing server 102, the two caller IDs may be different. Then, the reward service providing server 102 notifies the reward service using server 101 of the resource requesting caller ID and the reward service providing screen requesting caller ID (S704). Further, the reward service providing server 102 writes the reward service providing screen URL as a transition destination by the automatic and instruction to the source code of the error screen (FIG. 5) (S705).

  On the other hand, when receiving both caller IDs (S602), the reward service using server 101 adds the caller ID for resource request as a parameter to the URL of the resource (S603). Similarly, the reward service use server 101 adds a caller ID for requesting a reward service provision screen as a parameter to the URL of the reward service provision screen (S604). By these processes, these two caller IDs are embedded in the link posting screen. The advance preparation is now complete.

  Next, link posting screen distribution (S203 to S205) by the reward service utilization server 101 will be described. FIG. 8 is a diagram illustrating a configuration of the reward service use server. The reward service utilization server 101 includes a link posting screen request receiving unit (first page request receiving unit) 801, a link posting screen transmitting unit (first page transmitting unit) 802, and a link posting screen storage unit 803. The link posting screen request receiving unit 801 is configured to receive a link posting screen request via the Internet. That is, the link posting screen request receiving unit 801 corresponds to the designation destination of the reward service providing screen URL. The link posting screen transmission unit 802 is configured to read out and return the link posting screen. The link posting screen storage unit 803 stores a link posting screen.

  FIG. 9 is a diagram showing a link posting screen distribution processing flow. When the link posting screen request reception unit 801 receives the link posting screen request in a state of waiting for the link posting screen request (S901), the link posting screen transmission processing (S902) by the link posting screen transmission unit 802 performs link posting. The link posting screen (HTML) is read from the screen storage unit 803 and returned to the transmission source of the link posting screen request. Then, the link posting screen request receiving unit 801 enters a waiting state again (S901).

  The user terminal 103 develops the link posting screen (HTML) returned in S205 by the browser, and the browser requests the resource (1 × 1 gif) from the reward service providing server 102 according to the source code.

  Next, resource distribution (S206 to S208) by the reward service providing server 102 will be described. FIG. 10 is a diagram illustrating a configuration according to the reward service providing server. The user terminal 103 includes a resource request reception unit (content request reception unit) 1001, a cookie generation unit (generation unit) 1002, a resource storage unit 1003, a resource transmission unit (content transmission unit) 1004, a reward service provision screen request reception unit (( (Second) page request receiving means) 1005, cookie determining section (determining means) 1006, reward service providing screen storage section 1007, reward service providing screen transmitting section ((second) page transmitting means) 1008, error screen storing section 1009, And an error screen transmission unit ((second) page transmission means) 1010.

  The resource request receiving unit 1001 is configured to receive a resource request (access to the URL of the resource storage location). The cookie generation unit 1002 is configured to generate cookie information in the HTTP header of the resource to be transmitted. The resource storage unit 1003 stores resources. Generally, resources are stored in a file format. In this example, a 1 × 1 transparent image gif file is stored. The resource transmission unit 1004 is configured to return a resource in which cookie information is provided in the HTTP header to the source of the resource request.

  The reward service provision screen request receiving unit 1005 is configured to receive a reward service provision screen request (access to URL of reward service screen position). The cookie determination unit 1006 is configured to determine whether the received reward service provision screen request is a valid request based on the cookie attached to the reward service provision screen request. The reward service provision screen storage unit 1007 stores a reward service provision screen. The reward service provision screen in this example is an HTML document. When there are resources (image files and program files) linked from the HTML document, the reward service provision screen storage unit 1007 also stores those resources. The reward service provision screen transmission unit 1008 is configured to return the reward service provision screen to the source of the reward service provision screen request.

  The error screen storage unit 1009 stores an error screen. The error screen in this example is an HTML document. If there are resources (image files and program files) linked from the HTML document, the error screen storage unit 1009 also stores those resources. The error screen transmission unit 1010 is configured to return an error screen to the source of the reward service provision screen request.

  FIG. 11 is a diagram showing a resource distribution processing flow. When a resource request is received in the resource request reception process (S1101) by the resource request reception unit 1001, cookie information is generated in the HTTP header of the resource by the cookie generation process (S1102) by the cookie generation unit 1002. Details will be described later with reference to FIG. Then, in the resource transmission process (S1103) by the resource transmission unit 1004, the resource with the cookie attached is returned.

  FIG. 12 is a diagram showing a cookie generation processing flow. First, the domain name of the reward service providing server 102, the URL path of the reward service providing server 102 (other than the domain name in the URL), and the expiration date of the cookie are set (S1201). Then, the caller ID is set as the data retained in the cookie (S1202). The caller ID is read from the parameter added to the URL of the resource request. Further, the cookie generation time is set as the cookie retention data (S1203). The current date and time is acquired from the calendar clock unit inside the reward service providing server 102 and used as the cookie generation time.

  The user terminal 103 receives the resource distribution, loads the resource with the browser, and stores the cookie read from the resource header in a storage area in the hard disk. In this example, the transparent gif image 301 is displayed in FIG. However, since this image 301 is transparent, it cannot be seen on the screen. If a transparent image is used in this way, the display on the original screen can be prevented from being affected. When the reward service provision screen request icon 302 is clicked (S211), access to the reward service is executed.

  Next, reward service provision screen distribution and error screen distribution (S212 to S215) by the reward service provision server 102 will be described. FIG. 13 is a diagram illustrating a reward service provision screen distribution processing flow. When a request for a reward service provision screen is received in the reward service provision screen request reception process (S1301) by the reward service provision screen request reception part 1005, a reward service provision screen is obtained by a cookie determination process (S1302) by the cookie determination part 1006. Based on the cookie included in the HTTP header received in the request, it is determined whether the request is valid. Details will be described later with reference to FIG. When it is determined that the request is legitimate, the reward service provision screen is returned in the reward service provision screen transmission process (S1303) by the reward service provision screen transmission unit 1008, and it is determined that the request is an invalid request. The error screen is returned in the error screen transmission process (S1304) by the error screen transmission unit 1010.

  FIG. 14 is a diagram showing a cookie determination processing flow. It is determined whether or not it is within a predetermined time from the cookie generation time that is the cookie retention data (S1401). Specifically, the current date and time is acquired from the calendar clock unit in the reward service providing server 102, and the elapsed time is calculated by subtracting the cookie generation time from the current date and time. Then, when the elapsed time does not exceed the time limit (for example, 5 minutes), it is determined that the time is within the predetermined time. On the other hand, when the elapsed time exceeds the time limit, it is determined that it is not within the predetermined time. Subsequently, it is determined whether the caller ID of the cookie corresponds to the caller ID of the reward service provision screen request (S1402). In this example, the caller ID, which is the data held in the cookie included in the HTTP header received by the reward service provision screen request, matches the caller ID read from the parameter added to the URL of the reward service provision screen request. In the case, both are determined to correspond. If it is within the predetermined time (S1401) and the two caller IDs correspond (S1402), it is determined to be valid (S1403). On the other hand, if it is not within the predetermined time (S1401), or if both caller IDs do not correspond (S1402), it is determined to be invalid (S1404).

Embodiment 2. FIG.
In the above example, the same value is assigned to the caller ID for resource request (first caller ID) and the caller ID for request for reward service provision screen (second caller ID), and they match. Shows an example of judging it as valid. In this embodiment, an example will be described in which another value associated with the resource requesting caller ID and the reward service provision screen requesting ID is used, and it is determined to be valid when both correspond.

  When assigning a caller ID for requesting a reward service provision screen in S703 in FIG. 7, a value different from the caller ID for resource request is set in S702. Then, a caller ID table for storing the caller ID for resource request and the caller ID for requesting a reward service provision screen in association with each other is provided.

  In S1402 of FIG. 14, the combination of the caller ID of the cookie and the caller ID of the reward service screen provision request is the caller ID for the resource request and the caller ID for the reward service screen provision request of the caller ID table. It is determined that both caller IDs correspond to each other (YES).

Embodiment 3 FIG.
In the second embodiment, an example is shown in which a caller ID table is provided and a caller ID for requesting a resource is associated with a caller ID for requesting a reward service provision screen. In the present embodiment, an example will be described in which one of both caller IDs is encoded and transferred, decoded, and then matched.

  For example, after assigning a caller ID for resource request in S702 of FIG. 7, the caller ID for resource request is encoded by a predetermined encoding method, and the encoded value is used for requesting a reward service provision screen. (S703).

  Then, in S1402 of FIG. 14, the caller ID of the reward service provision screen request is decoded by a decoding method corresponding to the encoding method of S703, and it is determined whether the decoding result matches the caller ID of the cookie. If they match, it is determined that both caller IDs correspond (YES).

  As another example, the caller ID for the reward service provision screen request is assigned first (S703), and the caller ID for the reward service provision screen request is encoded by a predetermined encoding method. This value is set as the caller ID for resource request (S702).

  Then, in S1402 of FIG. 14, the cookie caller ID is decoded by a decoding method corresponding to the encoding method of S702, and it is determined whether the decoding result matches the caller ID of the reward service screen request. If they match, it is determined that both caller IDs correspond (YES).

  By encoding the caller ID in this way, confidentiality regarding the caller ID can be enhanced. For example, it is possible to prevent eavesdropping and forgery of URL parameters. An example of the encoding method includes a method using a hash function, but the specific method of encoding is not limited to this and may be arbitrarily determined.

Embodiment 4 FIG.
In the third embodiment, an example in which only one caller ID is encoded has been described. However, it is also effective to encode both caller IDs using different encoding methods.

  For example, in S702 of FIG. 7, a basic caller ID is assigned, the basic caller ID is encoded by a predetermined encoding method (first encoding method), and the encoded value is used for resource request. Set to caller ID. In step S703, the basic caller ID is encoded by another predetermined encoding method (second encoding method), and the encoded value is set as the caller ID for requesting a reward service provision screen.

  In S1402 of FIG. 14, the caller ID of the cookie is decoded by a decoding method (first decoding method) corresponding to the encoding method of S702, and the caller ID of the reward service provision screen request is encoded in S703. When decoding is performed using a decoding method corresponding to the method (second decoding method) and the decoding results match, it is determined that both caller IDs correspond (YES).

Embodiment 5 FIG.
In the above example, transparent image data of 1 × 1 pixel by gif is used as a resource (identification content). However, the image data size may be larger than 1 × 1 pixel. Further, it may be an opaque color instead of transparent. The resource may be image data other than gif, data other than image data, or a program other than data. The processing content of the program serving as a resource is arbitrary and is not necessarily related to the operation of the present invention.

Embodiment 6 FIG.
Instead of the cookie generation date and time, it is also effective to set the response deadline date and time as time information in the data held in the cookie.

  In S1203 of FIG. 12, the current time is acquired from the internal calendar clock, and a predetermined time (about 5 minutes) is added to the current time to obtain a response deadline date. Then, the response deadline date is set in the data held in the cookie.

  In S1401 of FIG. 14, the response time limit date and time held in the cookie is read, the current time is acquired from the internal calendar clock, and it is determined whether the current time has exceeded the response time limit date. If not, the process proceeds to S1402, and if it has exceeded, the process proceeds to S1404.

Embodiment 7 FIG.
An abbreviated form in which the date and time of cookie generation is omitted is also possible.

  In that case, S1203 of FIG. 12 is not performed. Further, the determination of S1401 in FIG. 14 is not performed.

  The reward service use server 101, the reward service providing server 102, and the user terminal 103 are computers, and each element can execute processing by a program. Further, the program can be stored in a storage medium so that the computer can read the program from the storage medium.

  As described above, according to each of the above embodiments, the caller ID included in the cookie generated when the link posting screen is displayed and the caller added to the URL of the page when the reward service provision screen is requested By confirming the correspondence with the ID, it is possible to confirm whether or not the access to the reward service providing screen is a request from the link posting screen that has been properly deployed. As a result, unauthorized access (access from other than the link posting screen) can be eliminated with simple processing. For example, it is possible to eliminate fraud such as reusing the URL of the reward service provision screen. Such a fraud elimination mechanism is meaningful for a site operator (for example, a link posting screen operator in each of the above embodiments) who intends to increase access to his / her own site by giving the user an opportunity to reward. It is.

  In addition, according to the first to sixth embodiments, the validity (expiration date) of the cookie itself is also taken into consideration, so the reward service provision screen is displayed only for a request within a predetermined time after the link posting screen is displayed. It can be transmitted to the user terminal 103. That is, it is ensured that the access is accompanied by an operation within a short period from the developed link posting screen. Thereby, unauthorized access can be more reliably eliminated.

  The present invention has been described in detail based on the embodiments. However, the present invention is not limited to the above embodiment. The present invention can be variously modified without departing from the gist thereof.

  In the above embodiments, the page transition device and the page transition system according to the present invention are applied to a system related to a reward service, but the present invention may be applied to a system that provides a service other than the reward service. In other words, any page may be adopted as the second Web page. Further, the configuration of the third Web page is not limited.

  In the above-described embodiment, the page transition system is configured by the reward service use server 101 and the reward service providing server 102. However, the functions of these two servers are integrated into one server, and the page is executed by the one server. A transition system may be constructed.

DESCRIPTION OF SYMBOLS 101 Compensation service use server 101a Virtual shopping center server 101b Marriage support server 101c Blog management server 102 Compensation service provision server 102a Lottery server 103 User terminal 301 Transparent gif image 302 Compensation service provision screen request icon 501 Link icon 801 Link posting screen request reception unit 802 Link posting screen transmission unit 803 Link posting screen storage unit 1001 Resource request reception unit 1002 Cookie generation unit 1003 Resource storage unit 1004 Resource transmission unit 1005 Reward service provision screen request reception unit 1006 Cookie judgment unit 1007 Reward service provision screen storage unit 1008 Reward Service provision screen transmission unit 1009 Error screen storage unit 1010 Error screen transmission unit

Claims (7)

A page transition device for causing a terminal to display a second Web page accessible from a link embedded in a first Web page,
The first caller ID and the second caller ID that are associated with each other in advance and the URL of the second Web page to which the second caller ID is added are embedded. Content request receiving means for receiving, from the terminal, a request including the first caller ID for acquiring identification content embedded in the first Web page when displaying a Web page on the terminal;
Generating means for generating a cookie including a first caller ID in a request received by the content request receiving means, and generating the identification content to which the generated cookie is added;
The terminal includes the identification content generated by the generation unit in the first Web page to display the first Web page, and stores the cookie added to the identification content in the terminal Therefore, a content transmission means for transmitting the identification content to the terminal;
Page request receiving means for receiving the URL to which the second caller ID is added and the cookie stored in the terminal from the terminal requesting the second Web page;
Determining means for extracting the first and second caller IDs from the URL and cookie received by the page request receiving means, and determining whether or not the first and second caller IDs correspond;
A page transition device, comprising: page transmission means for transmitting the second Web page to the terminal when it is determined that the first and second caller IDs correspond to each other. In the cookie, time information regarding the expiration date of the cookie is set,
If the determination means determines whether or not the cookie is valid based on the time information, and determines that the cookie is valid, the first and second caller IDs correspond to each other. Whether or not
The page transmitting means transmits the second Web page to the terminal when it is determined that the cookie is valid and the first and second caller IDs correspond;
The page transition apparatus according to claim 1. One of the first and second caller IDs embedded in the first Web page is obtained by encoding the other of the first and second caller IDs with a predetermined encoding method. Value,
The determination means decodes one of the first and second caller IDs by a decoding method corresponding to the predetermined encoding method, and the value obtained by the decoding and the first and second When the other caller IDs match, the first caller ID and the second caller ID are determined to correspond.
The page transition apparatus according to claim 1, wherein the page transition apparatus is a page transition apparatus. The first caller ID embedded in the first Web page is a value obtained by encoding a predetermined value using the first encoding method, and is embedded in the first Web page. The second caller ID is a value obtained by encoding the predetermined value with the second encoding method;
The determination means decodes the first caller ID by a first decoding method corresponding to the first encoding method and corresponds the second caller ID to the second encoding method. Decoding with the second decoding method and determining that the first and second caller IDs correspond when the two values obtained by the first and second decoding methods match,
The page transition apparatus according to claim 1, wherein the page transition apparatus is a page transition apparatus. The second web page is a web page for giving a user an opportunity to give a predetermined reward.
The page transition apparatus as described in any one of Claims 1-4 characterized by the above-mentioned. A page transition system having a server and a terminal on which a second web page accessible from a link embedded in the first web page is displayed,
The server
First page request receiving means for receiving a request for the first Web page from the terminal;
In response to the request received by the first page request receiving means, the first caller ID and the second caller ID that are associated with each other in advance, and the second caller ID to which the second caller ID is added. First page transmission means for transmitting the first web page embedded with the URL of the second web page to the terminal;
A request including the first caller ID for acquiring identification content embedded in the first Web page from the terminal that displays the first Web page transmitted by the first page transmission unit. A content request receiving means for receiving;
Generating means for generating a cookie including a first caller ID in a request received by the content request receiving means, and generating the identification content to which the generated cookie is added;
The terminal includes the identification content generated by the generation unit in the first Web page to display the first Web page, and stores the cookie added to the identification content in the terminal Content transmitting means for transmitting the identification content to the terminal,
Second page request receiving means for receiving the URL to which the second caller ID is added and the cookie stored in the terminal from the terminal requesting the second Web page;
Determination means for extracting the first and second caller IDs from the URL and cookie received by the second page request receiving means and determining whether or not the first and second caller IDs correspond to each other. When,
A page transition system comprising: second page transmission means for transmitting the second Web page to the terminal when it is determined that the first and second caller IDs correspond to each other. A page transition method executed by a page transition device for displaying on a terminal a second web page accessible from a link embedded in a first web page,
The page transition device embeds a first caller ID and a second caller ID that are associated with each other in advance, and a URL of the second Web page to which the second caller ID is added. A content request receiving step of receiving a request including the first caller ID for obtaining identification content embedded in the first Web page from the terminal displaying the first Web page. ,
The page transition device generates a cookie including a first caller ID in the request received in the content request reception step, and generates the identification content to which the generated cookie is added; and
The page transition device causes the terminal to display the first Web page by including the identification content generated in the generation step in the first Web page, and to add a cookie added to the identification content A content transmission step of transmitting the identification content to the terminal for storage in the terminal;
A page request for the page transition device to receive the URL to which the second caller ID is added and the cookie stored in the terminal from the terminal requesting the second Web page. Receiving step;
The page transition device extracts the first and second caller IDs from the URL and cookie received in the page request reception step, and determines whether or not the first and second caller IDs correspond to each other. A determination step for determining;
The page transition device includes a page transmission step of transmitting the second Web page to the terminal when it is determined that the first and second caller IDs correspond to each other. Transition method.

Images