JP2020135693A - Transmission control method, transmission program, and terminal - Google Patents

Abstract

To prevent a piece of information from being illegally acquired.SOLUTION: The disclosed transmission control method executed by a computer includes the steps of: receiving a sending instruction of data input in association with the input element of the web page; acquiring a piece of information associated with the input element from the source code by analyzing the source code describing the web page; and determining whether to execute or prohibit the transmission of the input data based on the acquired information.SELECTED DRAWING: Figure 8

Description

The present invention relates to a transmission control method, a transmission control program, and a terminal.

Use cleverly crafted emails, web pages, etc. to trick users into accessing malicious sites disguised as legitimate sites to steal personal information, confidential information that users want to keep secret, and sensitive information. Phishing is rampant.

In this regard, techniques related to security against phishing attacks are known (for example, Patent Documents 1 to 3).

JP-A-2007-241809 Japanese Unexamined Patent Publication No. 2006-106928 JP-A-2007-18385

For phishing, security vendors and various organizations are taking measures such as enlightening activities and encouraging site operators to strengthen security against phishing. However, phishing does not tend to decrease. Therefore, it is desired to provide a technology for further strengthening security.

In one aspect, the present invention aims to prevent unauthorized acquisition of information.

The transmission control method executed by the computer according to one aspect of the present invention analyzes the source code describing the web page when receiving the transmission instruction of the data input in association with the input element of the web page, and the source code. The information associated with the input element is acquired from, and based on the acquired information, it is determined whether to execute or suppress the transmission of the input data.

It is possible to prevent unauthorized acquisition of information.

It is a figure which shows an exemplary network configuration. It is a figure which illustrates the functional block composition of the terminal which concerns on embodiment. It is a figure which shows the timing of the evaluation of the web page which concerns on embodiment. It is a figure which shows the HTML of the example bank-related web page and the display screen of a browser. It is a figure which illustrates the flow of the process which specifies the type of the service provided by a web page. It is a figure which illustrates the service label extraction information which concerns on embodiment. It is a figure which illustrates the service information which concerns on embodiment. It is a figure which illustrates the flow of the process of specifying the data type of the information collected by an input element and evaluating a risk. It is a figure which illustrates the input element extraction information which concerns on embodiment. It is a figure which illustrates the label element extraction information which concerns on embodiment. It is a figure which illustrates the data type information which concerns on embodiment. It is a figure which illustrates the collection reason information which concerns on embodiment. It is a figure which illustrates the display screen which concerns on embodiment. It is a figure which illustrates the history information which concerns on embodiment. It is a figure which illustrates the operation flow of the process which specifies the type of the service provided by the web page which concerns on embodiment. It is a figure which illustrates the operation flow of the data transmission control processing which concerns on embodiment. It is a figure which illustrates another display screen which concerns on embodiment. It is a figure which illustrates the hardware configuration of the computer for realizing the terminal which concerns on embodiment.

Hereinafter, some embodiments of the present invention will be described in detail with reference to the drawings. The same reference numerals are given to the corresponding elements in the plurality of drawings.

First, I will explain the current situation regarding phishing. As a countermeasure against phishing, the community centered on browser vendors uses SSL (Secure Socket Layer) certificates and URLs (Uniform Resource Identifiers) and domain information to verify the authenticity of websites based on the identity of the website. Is instructing to do it surely. In addition, technology is used to support or automate these confirmations programmatically. As an example, browser features can be used to warn you when sending form-filled data to non-SSL sites, or to color-code the browser user interface based on the authenticity of the SSL certificate issuer or domain. Such measures have been taken.

However, in recent years, phishing techniques have become more sophisticated, making it difficult to distinguish between legitimate and spoofed sites.

For example, there is a method of spoofing a certificate and a URL to make the user mistakenly think that the site is secure. The disguised site information and URL constructed in this case are created visually closely similar to the legitimate site information and URL, making it difficult for the user to visually distinguish them.

For example, in recent years, there are free and unexamined domain name acquisition and certificate issuance services, and it has become possible to easily build an SSL-compatible site. Therefore, it is possible to create a spoofed site using an SSL certificate obtained by a weak certificate issuing service or without guarantee of the identity of the effective destination. And since it is difficult for a general user to understand the difference in the trust level provided by each authentication service company, it causes damage.

Also, URL spoofing is becoming more sophisticated. For example, the widespread use of internationalized domain names has made it possible to spoof URLs using homonyms, making it difficult to visually distinguish them. There is also a method of hiding the actual site information by using the URL shortening service. Furthermore, a method has been found that exploits a defect in the browser to display a fake address bar and a specification that the browser abbreviates a long URL.

In such a case, even if the user pays attention to the SSL certificate and URL of the connection destination site, he / she cannot notice that he / she is connecting to the fake site, and it is difficult to prevent damage. .. Also, for the user, the confirmation of the certificate and the URL is a task irrelevant to the user's motive for connecting to the site, so it is difficult to expect the user to execute it reliably.

Alternatively, based on information about the authenticity of the site collected and distributed by security vendors, browsers and external programs deployed on the network will evaluate the site and warn or block access to dangerous sites. There is a method to do. For example, security vendors collect and distribute a list of "unsafe sites" (blacklists), and browsers can rate sites on this list as malicious sites. Similarly, for example, by preparing a list of "safe sites" (white list), the browser can evaluate whether or not the connected site is safe based on this list.

However, these lists use prior knowledge to assess the safety of the site. Therefore, the judgment rate of false positives and false negatives increases for sites where prior knowledge is not sufficiently accumulated. Also, for example, a security vendor registers a site on a blacklist only after the knowledge that the site is a malicious site is gathered. Therefore, prior knowledge about the attack cannot be obtained in a timely manner, and the damage cannot be suppressed from the time the attack damage is discovered until the blacklist is registered.

Regarding whitelists, it is difficult to create an appropriate whitelist for all users because the criteria for determining whether a site is safe depends on the environment, characteristics, and trends of each user.

As mentioned above, since the countermeasures against phishing are not sufficient, it is required to provide further countermeasures against phishing.

The embodiments described below provide a method of countermeasures against the case where information is exploited by a disguised web page input form. For example, in the embodiment, an execution instruction for a page transition of a web page is input, and when the page transition is detected in the browser, the browser calls the extension function. The extension identifies the label information corresponding to the input element of the input form on the web page, and specifies the data type indicating what kind of data is collected by the input element. Then, the extended function evaluates the risk of data transmission based on the specified data type, and suppresses the data transmission when it is determined that the risk is high. Therefore, it is possible to prevent the information from being exploited by the input form of the disguised web page. Hereinafter, embodiments will be described in more detail.

FIG. 1 is a diagram showing an exemplary network configuration 100. An exemplary network configuration 100 includes, for example, a terminal 101 and a server 102. The terminal 101 and the server 102 may be connected via, for example, a network 105.

The terminal 101 may be, for example, a computer having a communication function such as a personal computer (PC), a notebook PC, a smartphone, or a tablet terminal used by the user. Applications such as the browser 110 and the extension 120 operate on the terminal 101. The browser 110 is, for example, a web browser that accesses the website 130. Further, the extension function 120 is, for example, an application for extending the function of the browser 110.

The server 102 is, for example, a server computer that provides the website 130. The terminal 101 accesses the web page of the website 130 provided by the server 102 via the browser 110.

FIG. 2 is a diagram illustrating a functional block configuration of the terminal 101 according to the embodiment. The terminal 101 includes, for example, a control unit 201, a storage unit 202, a display unit 203, an input unit 204, and a communication unit 205. The control unit 201 may operate as the browser 110 and the extension function 120 by executing the program stored in the storage unit 202, for example. The extended function 120 may operate as, for example, the acquisition unit 211, the transmission control unit 212, and the like. The storage unit 202 stores information such as service label extraction information 600, service information 700, input element extraction information 900, label element extraction information 1000, data type information 1100, collection reason information 1200, history information 1400, which will be described later, for example. ing. The display unit 203 is, for example, a display device such as a liquid crystal display. The input unit 204 is an input device such as a touch panel, a keyboard, and a mouse. The communication unit 205 may connect to the network according to the instruction of the control unit 201 and communicate with the server 102, for example. Details of each of these units and details of the information stored in the storage unit 202 will be described later.

FIG. 3 is a diagram showing the timing of evaluation of the web page according to the embodiment. For example, it is assumed that the terminal 101 is connected to the web page provided by the server 102 via the browser 110. Here, it is assumed that the user finishes inputting data in the form of the web page displayed on the browser 110, and inputs an instruction to send the data to the server 102 to the browser 110. In this case, the browser 110 detects the page transition and calls the extension 120 before sending the request to the server ((a) in FIG. 3).

The extension function 120 analyzes the source code of the web page, identifies the label information corresponding to the input element when the web page contains an input element, and inputs the label information and the corresponding data type. Specify as the type of data collected by the element. An example of the source code may be HTML. In the following, the case where the source code is HTML will be described as an example, but the embodiment is not limited to this, and the embodiment can be applied to other codes as well. Then, the extension function 120 evaluates the risk of data transmission based on the data type collected by the input element (FIG. 3 (b)). The input element is, for example, an element that receives input of information from the user. Input elements may include, for example, input elements, select elements, and textarea elements used in the form.

Then, the extension function 120 allows or suppresses data transmission to the server 102 by the browser 110 according to the evaluated risk. For example, the extension function 120 may suppress data transmission to the server 102 by the browser 110 when it is determined that the risk is high. Further, in this case, the extension function 120 may display a display screen for warning the user and inquire whether or not to continue the process. When the user inputs an input permitting transmission in response to the inquiry, the extension function 120 may cause the browser 110 to execute the transmission of the request to the server 102 ((c) of FIG. 3).

Therefore, according to the embodiment, for example, the user's attention is drawn before the sensitive information such as the credit card account number and the password is transmitted, and the data is transmitted to an unauthorized site. It can be suppressed. In addition, the information that requires careful handling may include, for example, personal information, ID (identifier), my number, credential, and other confidential information and sensitive information that should be kept secret.

Next, the HTML analysis of the web page by the extension function 120 will be described. As described above, in the embodiment, for example, when an instruction to execute a page transition of a web page such as an instruction to transmit data is input and a page transition is detected in the browser 110, the browser 110 is extended before executing the page transition. Function 120 is called. Then, the extension function 120 executes the following processing for analyzing the HTML of the transition source web page. Hereinafter, each step will be described in order.

(Step 1) Identify the type of service provided by the web page (Step 2) Identify the type of information collected by the input element and evaluate the risk (Step 3) Suppress data transmission when the risk is high

(Step 1) Specifying the Type of Service Provided by a Web Page In the process of specifying the type of service provided by a web page, the control unit 201 determines, for example, whether the web page is a bank service or an online shop. Specify the service type that represents the service type. Further, the control unit 201 may specify information on the provider of the web page (for example, AA bank, AA corporation, etc.) in the process of specifying the service type provided by the web page, for example. This information can be collected, for example, by analyzing the HTML of a web page.

FIG. 4 shows HTML of an exemplary bank-related web page and a display screen displaying it on a browser 110. Further, FIG. 5 illustrates a flow of processing for specifying the type of service provided by the web page of (process 1).

Then, the control unit 201 first extracts an element including information about the service provided by the web page from HTML ((1) in FIG. 5).

For example, HTML guidelines define roles for elements. Web pages also have, for example, universal document and visual structures that are common to many web pages.

For example, the header of a web page often includes an element, a menu, a navigation bar, etc. that clearly and visually expresses the provider of the service provided on the web page and the content of the content. In addition, the footer of a web page often includes the Copyright notice and company information of the provider of the service provided on the web page, as well as links to related pages. Therefore, from the header and footer of the web page, for example, information on the provider of the web page (for example, AA Bank, AA Co., Ltd.) and information on the type of service provided by the web page (bank service, online shop) are collected. can do.

Web page headers and footers can be identified, for example, from the coordinates of the display area, the type of element, and the attributes of the element. For example, the control unit 201 may specify a predetermined area such as the upper part or the lower part of the display area of the web page as a header and a footer, and may specify an element included in the predetermined area as an element of the header or the footer.

Alternatively, for example, in the case of a header, information on the header of the web page is often registered in <header> (HTML5) or <div data-role = "header">. Therefore, the control unit 201 can acquire the header information of the web page by analyzing the HTML of the web page and extracting these elements.

In addition, for example, corporate web pages and commercial service web pages adopt a document structure that follows common rules and practices so that users can easily visit the site as a measure against SEO (Search Engine Optimization). There are many. These document structure trends can be used to collect information to determine service providers and service content.

For example, the <title> element is used to give a title to an HTML document, which often describes the name of a web page or the name of a service. In addition, the <meta name = "description"> element often describes an easy-to-understand explanation of the service provided on the web page for the purpose of displaying it in the search results of the search engine. Furthermore, in the element of <meta name = "keyword">, keywords related to the service provided by the web page are often described. For example, the <meta name = "keyword"> element includes the company name of the company that provides the web page and the general term representation of the type of service that the web page provides. Also, heading information, such as elements of <h1> and <h2>, may also contain information related to the service.

As an example, in the HTML shown in FIGS. 4 and 5, information such as "Internet banking" indicating the type of service in the <title> element and the <meta name = "description"> element, and "AA bank" indicating the provider are used. Information such as is included.

Therefore, as illustrated above, information that specifies an element that may include information about the service provided by the web page is registered in, for example, the following service label extraction information 600. As a result, the control unit 201 can extract an element including information related to the service from the HTML of the web page by using the service label extraction information 600.

FIG. 6 is a diagram illustrating service label extraction information 600 according to the embodiment. For example, in the example of FIG. 6, in the service label extraction information 600, an entry corresponding to a selector expression and a description is registered. The entry selector expression is, for example, an expression for specifying an element in an HTML document. For example, an element inside an HTML document can be obtained by using a selector expression that specifies conditions such as an element name, a hierarchical structure, a class, an attribute, and an order. In the entry of the service label extraction information 600, a selector expression for designating an element that may include information about the service provided by the web page is registered. For example, FIG. 6 illustrates an entry containing a selector expression that extracts the above-mentioned <title> element and <meta name = "description"> element. In the description of the service label extraction information 600, for example, a description of the element extracted by the selector expression of the entry is registered.

Then, the control unit 201 uses the service label extraction information 600 to extract an element that may include information about the service provided by the web page from HTML. For example, in the example shown in FIG. 5, the element of <title> and the element of <meta name = "description"> are extracted from HTML using the service label extraction information 600 ((1) in FIG. 5).

Subsequently, the control unit 201 extracts keywords related to the service provided by the web page from the extracted elements by using the service information 700 of FIG. 7 below.

FIG. 7 is a diagram illustrating service information 700 according to the embodiment. The service information 700 is, for example, information for specifying the type of service provided by the web page. In the service information 700, for example, an entry associated with a service type, a keyword, and a provider is registered. The service type of the service information 700 is, for example, information indicating the type of the service provided by the web page. The keywords of the service information 700 are, for example, information used for extracting keywords related to the service that provides the web page. The provider of the service information 700 is, for example, information used for extracting a character string indicating the provider that provides the web page. The keyword and the provider of the service information 700 may be represented by using a predetermined character string expression such as a regular expression. For example, the provider may register a character string in which a company name representing the provider can be extracted as a regular expression.

Then, the control unit 201 specifies, for example, the type of service provided by the web page by using the service information 700. For example, in the example shown in FIG. 5, the control unit 201 has, for each entry of the service information 700, a text that matches the keyword of the entry and the character string of the provider from the elements extracted in the process of (1) of FIG. Attempts to extract ((2) in FIG. 5). For example, in FIG. 5, the <title> element and the <meta name = "description"> element extracted in the process (1) include keywords: banking and banking. Therefore, the control unit 201 can specify the keyword: banking, the service associated with the bank in the entry: the bank service. Further, since the element of <title> includes the service type of the service information 700: the provider of the entry of the bank service: [^>] * AA bank that matches the character string of the bank, the control unit 201 provides it. Original: AA bank can be identified.

As described above, in the process of (step 1), the control unit 201 specifies the service type provided by the web page from the HTML of the web page by using, for example, the service label extraction information 600 and the service information 700. be able to. In addition, the control unit 201 can also identify the provider of the web page from the HTML of the web page.

(Step 2) Specifying the data type of the information collected by the input element and evaluating the risk Next, the process of specifying the data type of the information collected by the input element and evaluating the risk will be described. The data type is, for example, information indicating the type of data in which the input element collects what kind of information is expressed in an expression that can be understood by the user. Further, the input element in HTML may include, for example, an input element, a select element, a textarea element, a button element, a submit element, and the like used in the form.

Then, the data type indicating what kind of information the input element collects can be specified by, for example, analyzing HTML and collecting the label information associated with the input element. The label information may include, for example, information displayed on a web page as a label indicating information to be input to an input element. For example, in the display of the browser shown in FIG. 4, the user ID and password arranged next to the input field are label information for the input field. Further, the label information may include, for example, information specified as an attribute in the input element.

The label information associated with the input element can be collected by, for example, the following method.
-Collect from input element types and attributes-Collect from document structure near input elements

<Example of collecting from input element types and attributes>
For example, suppose there is an input element described by <input type = "password">. In this case, the control unit 201 can immediately identify the data type of the information requested to be input as the password by collecting the password specified by the type attribute as the label information.

Also, for example, suppose there is an input element described by <input type = "text" placeholder = "Enter security code">. In this case, the control unit 201 can collect the security code as the label information from "Enter the security code" described in the placeholder attribute. Then, the control unit 201 can estimate from the collected label information: security code that the data type of the information required to be input by the input element is credit card information. Other examples of attributes that can be used to collect label information include names (name attribute, ID attribute).

<Example of collecting from the document structure around the input element>
Label information that can be used to identify the data type from the caption information of the input element (for example, the contents of the text node adjacent to the input element, and the <label /> and <legend /> elements associated with the input element). Can be collected. For example, suppose that the description of the input element and the HTML immediately before it is <tr><th> credit card number </ th><td><input type = "text"></td></tr>. In this case, the "credit card number" can be collected as label information from the description of <tr><th> credit card number </ th><td> immediately before the element of <input type = "text">. .. Then, from the description of the label information "credit card number", it can be estimated that the data type of the information required to be input in the text box generated by the element of <input type = "text"> is the credit card information. ..

Further, for example, it is assumed that the description of the input element and the HTML immediately before it is <label for = "mynumber"> my number notification number </ label> <input type = "password" id = "mynumber">. In this case, from the description of <label for = "mynumber"> My Number Notification Number </ label> immediately before the element of <input type = "password" id = "mynumber">, label information "My Number Notification Number". Can be collected as. Then, from the description of the label information "My Number Notification Number", it is estimated that the data type of the information required to be input in the text box generated by <input type = "password" id = "mynumber"> is My Number. be able to.

As described above, the control unit 201 analyzes the types, attributes, and peripheral descriptions of the input element, and collects the label information associated with the input element to collect what kind of information the input element collects. It is possible to specify the data type that indicates whether or not to do so.

FIG. 8 illustrates a flow of processing for evaluating a risk by specifying a data type of information collected by the input element of (step 2). In the process of (step 2), the control unit 201 first extracts the input element included in the web page from HTML ((1) in FIG. 8).

FIG. 9 is a diagram illustrating the input element extraction information 900 according to the embodiment. In the input element extraction information 900, for example, an entry corresponding to a selector expression and a description is registered. The selector expression of the entry of the input element extraction information 900 is, for example, an expression for designating an input element in an HTML document. In FIG. 9, for example, an entry including a selector expression for extracting an element such as <input /> described above is registered. In the description of the input element extraction information 900, for example, a description of the element extracted by the selector expression of the entry is shown.

Then, the control unit 201 can extract the input element included in the web page from the HTML by using the input element extraction information 900. For example, in FIG. 8, using the input element extraction information 900 from HTML, "<input type =" text "name =" user_id ">" and "<input type =" password "name =" password ">" Two elements are extracted ((1) in FIG. 8).

Further, as described above, the label information that can be used to identify the data type of the information collected by the input element may be collected from the type of the input element and the attribute of the input element, but depending on the method of describing HTML. , It may be described in the element near the input element. Therefore, the control unit 201 extracts a label element including a character string displayed on the web page from HTML ((2) in FIG. 8).

FIG. 10 is a diagram illustrating the label element extraction information 1000 according to the embodiment. In the label element extraction information 1000, for example, an entry corresponding to a selector expression and a description is registered. The selector expression of the entry of the label element extraction information 1000 is, for example, an expression for designating a label element that may include the label information corresponding to the input element in the HTML document. In FIG. 10, a selector expression entry for extracting an element including a character string displayed on a web page such as <label /> and <legend /> is registered. In the description of the label element extraction information 1000, for example, a description of the element extracted by the selector expression of the entry is shown.

Then, the control unit 201 can extract the label element from the HTML by using the label element extraction information 1000. For example, in FIG. 8, two label elements, "<label> user ID: </ label>" and "<label> password: </ label>", are extracted from HTML using the label element extraction information 1000. ((2) in FIG. 8).

Subsequently, the control unit 201 analyzes the DOM (Document Object Model) structure of HTML, and from the label elements extracted using the label element extraction information 1000, the input element extracted from HTML in FIG. 8 (1). And the corresponding label element are specified ((3) in FIG. 8). For example, the control unit 201 may specify a label element having a predetermined relationship with the input element as a label element corresponding to the input element.

Predetermined relationships can be set using, for example, distances between elements, parent-child relationships between elements, group relationships between elements, and the like. Examples of distances between elements may be adjacent to the input element, the closest distance between the input element and the element on the DOM tree, and so on. Further, since the label for the input element is often arranged before the input element, for example, the closest label element before the input element may be used as the label element corresponding to the input element. Further, when a parent-child relationship and a group relationship between elements are used, for example, in the <label /> element, the ID attribute of the corresponding <input /> element can be specified by the for attribute. When such an association is described, the control unit 201 may detect the association from the DOM structure and specify the label element. As another example, in the HTML shown in FIG. 8, the <input /> element is enclosed in the <p> attribute together with the <label /> element. Therefore, the control unit 201 can determine that these two elements are in the same group, and can specify this <label /> element as a label element corresponding to the <input /> element. That is, for example, in (3) of FIG. 8, the control unit 201 has an input element: "<input type =" text "name =" user_id ">" and a label element: "<label> user ID: </ label>. > ”Can be associated. Further, the control unit 201 may associate the input element "<input type =" password "name =" password ">" with "<label> password: </ label>".

Subsequently, the control unit 201 collects label information from, for example, the types and attributes of the input elements extracted from the HTML, and specifies a data type indicating what kind of information the input elements collect from the label information (FIG. 8 (4)).

Here, among the information required to be input on the web page, the information that the user should pay attention to in terms of security is roughly determined, and examples thereof include login information, personal information, and credit card information. Therefore, it is possible to specify the data type of the input element by determining whether the text representing the information is included in the type and attribute of the input element extracted from HTML.

FIG. 11 is a diagram illustrating data type information 1100 according to the embodiment. In the data type information 1100, for example, an entry for associating the data type, the label information, and the risk value is registered. The data type represents, for example, the type of information for which input is required in the input element. In the label information, for example, a keyword indicating information on the data type of the entry is registered. The label information may be represented by using a predetermined character string expression such as a regular expression. The risk value is, for example, an evaluation value of risk for transmitting information of the data type of the entry.

Then, in FIG. 8 (4), the control unit 201 is requested to input by the input element depending on whether or not the extracted input element or the attribute of the input element includes the label information of each entry of the data type information 1100. Specify the data type of the information to be received. For example, the input element: <input type = "password" name = "password"> extracted in (1) of FIG. 8 includes the label information: password. Therefore, the control unit 201 may specify the data type of the information for which input is required by the input element: <input type = "password" name = "password"> as the password corresponding to the label information: password.

Further, in FIG. 8 (5), the control unit 201 is requested to input by the input element depending on whether or not the label element associated with the input element includes the label information of each entry of the data type information 1100. Identify the data type of information. For example, in (3) of FIG. 8, the label element: <label> user ID: </ label> associated with the input element: <input type = "text" name = "user_id"> is the label information: user, ID. Includes. Therefore, the control unit 201 may specify the data type of the information required to be input by the input element: <input type = "text" name = "user_id"> as the label information: user, and the login ID corresponding to the ID. ..

In the data type information 1100, a risk value is registered in association with the data type. Therefore, the control unit 201 can specify not only the data type of the information required to be input by the input element, but also the risk value which is the evaluation value of the risk for transmitting the information of the data type (for example, the login ID). Risk value: 7, password risk value: 9).

Subsequently, the control unit 201 specifies, for example, an information collection reason indicating a reason for collecting information on a web page from the data type specified for each input element included in HTML.

FIG. 12 is a diagram illustrating collection reason information 1200 according to the embodiment. In the collection reason information 1200, for example, an entry associated with the information collection reason, the data type group, and the description is registered. The reason for collecting information is information indicating the reason for collecting information by a web page. The data type group of the collection reason information 1200 is information indicating a candidate group of data types that may be required to be input due to the information collection reason of the entry. For example, in the information gathering reason: login entry, a login ID and password are listed as candidates for data types of information that may be required to be entered for login. In the explanation of the collection reason information 1200, for example, the explanation regarding the information collection reason corresponding to the entry is registered.

Then, in FIG. 8 (6), the control unit 201 identifies the reason for collecting information by the web page from the data type specified for the input element. For example, the data types of the input elements specified in (4) and (5) of FIG. 8 are a login ID and a password. Therefore, the control unit 201 may specify the information collection reason: login of the entry whose data type group includes the login ID and the password from the entries of the collection reason information 1200.

Further, the control unit 201 evaluates the risk of the information collected on the entire web page based on the risk value of the data type specified for the input element included in the web page, and acquires the total risk value. In one example, the control unit 201 may acquire the total risk value by integrating the risk values of the input elements included in the web page and the corresponding data types. For example, in FIG. 8 (6), the control unit 201 calculates the total risk value: 16 by adding the risk value of the login ID: 7 and the risk value of the password: 9.

As described above, in the process of (step 2), the control unit 201 includes the input element extraction information 900, the label element extraction information 1000, and the data type information 1100 from the HPML of the web page to the web page. Identify the input element and the corresponding label information. Then, the control unit 201 specifies the data type corresponding to the label information as the type of data collected by the input element. Further, the control unit 201 uses the data type information 1100 and the collection reason information 1200 from the specified data type to evaluate the information collection reason by the web page and the risk of the information collected by the web page, and the total risk value. To identify.

(Step 3) Suppressing Data Transmission When the Risk Is High Next, a process of suppressing data transmission when the risk is high will be described. For example, by setting a predetermined threshold value for the total risk value, it is possible to control the suppression of data transmission when the total risk value is higher than the predetermined threshold value and the risk is high. For example, it is assumed that a predetermined threshold value is set to 15. In this case, in FIG. 8 (6), since the total risk value: 16 exceeds a predetermined threshold value, the control unit 201 may perform control to suppress data transmission. Further, when the control for suppressing the data transmission is performed, the control unit 201 may output the display information for inquiring whether to continue the data transmission and display it on the display unit 203.

FIG. 13 is a diagram illustrating a display screen 1300 displayed on the display unit 203 based on the display information according to the embodiment. The display screen 1300 may include, for example, the above-mentioned service type information. For example, the service type may be the information specified in the process of FIG. 5 (3) described above, and in the example of FIG. 13, a bank service is shown. Further, the display screen 1300 may include, for example, the above-mentioned information of the provider. For example, the provider may be the information specified in the process of (2) of FIG. 5 described above, and in the example of FIG. 13, the provider: AA bank is shown.

Further, in the example of FIG. 13, the display screen 1300 includes, for example, a login indicating the reason for collecting information, and a login ID and password indicating the data type. These information may be, for example, the information specified in FIGS. 8 (4) to (6). Then, the user refers to this information on the display screen 1300, and continues to transmit data via the input unit 204 while grasping what kind of information he / she is trying to transmit to what kind of web page. It is possible to choose whether or not to do so. When the user makes a selection on the display screen 1300, the control unit 201 may register information regarding data transmission in the history information 1400.

FIG. 14 is a diagram illustrating history information 1400 according to the embodiment. In the history information 1400, for example, the date and time, the provider, the service type, the reason for collecting information, the data type, the URL, the selection, the total risk value, and the session ID are registered. The date and time is, for example, information indicating the date and time when the selection was made on the display screen 1300 and the entry was added to the history information 1400. The provider is, for example, information indicating the provider of the web page in which the transmission of the data corresponding to the entry is input. The service type is, for example, information indicating the type of service provided by the web page in which the transmission of the data corresponding to the entry is input. The information collection reason is, for example, information indicating the reason why the web page in which the transmission of the data corresponding to the entry is input collects the information. The data type represents, for example, the type of information that is required to be input by the input element in the web page in which the transmission of the data corresponding to the entry is input. The URL is, for example, the URL of the web page into which the transmission of the data corresponding to the entry is input. The selection is, for example, information indicating a user's selection made in the display of the display screen 1300 corresponding to the entry, for example, transmission or cancellation is registered. The total risk value is, for example, information representing the risk of information collected on a web page in which the transmission of data corresponding to an entry is entered. The session ID is the session ID of the web page acquired from the browser when the entry is registered in the history information 1400.

Then, the control unit 201 can use the information registered in the history information 1400 for evaluating the risk of data transmission on the web page. For example, phishing web pages are often created to visually resemble legitimate site information and URLs. Therefore, for example, it is assumed that an entry including information similar to the provider, service type, information collection reason, and data type collected from the currently connected Web page is registered in the history information 1400. In this case, if the URL registered in the similar entry and the URL of the currently connected web page match, it can be presumed that the URL is the same as the web page that has been connected in the past. Therefore, if the selection of similar entries is set to send, the risk of sending data from the currently connected web page can be underestimated. In this case, the control unit 201 may, for example, subtract a predetermined value from the total risk value and perform control so that the transmission of data is not suppressed.

However, the URL of the entry of the history information 1400 whose information of the provider, service type, information collection reason, and data type is similar to the currently connected web page, and the URL of the currently connected web page, for example. And are different. In this case, the web page may be a disguised web page that imitates only the display format, and it can be determined that there is a risk of being attacked by phishing. In this case, the control unit 201 may, for example, add a predetermined value to the total risk value to control the data transmission so as to be suppressed. Therefore, according to the embodiment, when a legitimate web page is accessed and data is transmitted in the past, if an entry related to the transmission is registered in the history information 1400, the user is directed to a website disguised thereafter. Even so, it is possible to deal with phishing attacks.

In the above, the processes from (Step 1) to (Step 3) have been described. In the following, the operation flow corresponding to the processes of (Step 1) to (Step 3) will be described.

FIG. 15 is a diagram illustrating an operation flow of a process for specifying a type of service provided by a web page according to an embodiment. The operation flow of FIG. 15 corresponds to the above-mentioned (step 1). For example, when an event in which a web page is newly loaded is detected in the browser 110, the control unit 201 may execute the extension function 120 called by the browser 110 and start the operation flow of FIG.

In step 1501 (hereinafter, the step is referred to as "S" and is referred to as S1501), the control unit 201 acquires, for example, information on the DOM tree of the loaded web page from the browser 110.

In S1502, the control unit 201 extracts an element including information about the service provided by the web page. For example, the control unit 201 may extract the elements of the web page by the selector expression registered in the service label extraction information 600. The process of S1502 is, for example, a process corresponding to (1) of FIG.

In S1503, the control unit 201 specifies the type of service that provides the web page. For example, if the element extracted in S1502 contains a text that matches the keyword of the service information 700, the control unit 201 of the service provided by the web page for the service type of the entry of the service information 700 including the keyword. The type may be specified.

In S1504, the control unit 201 identifies the provider of the service that provides the web page, and this operation flow ends. For example, if the element extracted in S1502 contains a text that matches the provider of the entry of the service information 700 including the service type specified in S1503, the control unit 201 uses the text as the provider of the web page. It may be specified as information to be shown. The processes of S1503 and S1504 are, for example, the processes corresponding to (2) and (3) of FIG.

As described above, according to the operation flow of FIG. 15, when the web page is loaded, the control unit 201 analyzes the HTML of the web page to provide information on the service type and provider of the web page. Can be collected. In the service information 700, for example, an entry relating to a Web page that may collect information that requires careful handling is registered. Therefore, in the processing of S1503 and S1504, if the web page does not include the information registered in the service information 700, the information may not be acquired.

Subsequently, FIG. 16 is a diagram illustrating an operation flow of data transmission control processing according to the embodiment. The operation flow of FIG. 16 includes the processes corresponding to the above-mentioned (step 2) and (step 3). For example, when the transition of the web page is detected in the browser 110, the control unit 201 may execute the extension function 120 called by the browser 110 and start the operation flow of FIG. In another embodiment, the control unit 201 may detect a transmission instruction of data input in association with the input element instead of the page transition. The control unit 201 is, for example, when a transmission instruction is input to an input element such as a submit button (for example, an element in which submit is specified for the value of the type attribute of the <input> tag) on a web page. The data transmission instruction may be detected.

In S1601, the control unit 201 inspects the URL of the transition destination page and the SSL certificate. For example, the control unit 201 determines whether the SSL certificate has not been tampered with, has been issued by a trusted issuer, has not expired and has not expired, and the owner name of the certificate is a URL. It may be determined whether it matches the host name. Then, in S1602, the control unit 201 determines whether or not the URL and the SSL certificate are not invalid as a result of these determinations. If it is not invalid (S1602 is NO), the flow proceeds to S1605. On the other hand, if it is invalid (YES in S1602), the flow proceeds to S1603.

In S1603, the control unit 201 asks the user whether to continue transmitting data. FIG. 17 is a diagram illustrating a display screen 1700 for inquiries displayed in S1603. The display screen 1700 includes, for example, information indicating that the URL or SSL certificate is fraudulent, and information for inquiring whether to continue transmission. For example, the user can input to the terminal 101 the selection of whether to continue or stop the transmission of data on the display screen 1700 by using the input unit 204 such as the touch panel or keyboard provided in the terminal 101. ..

Subsequently, in S1604, the control unit 201 determines whether or not an input for continuing transmission has been made. When an input for canceling transmission is made (NO in S1604), the control unit 201 suppresses page transition and data transmission, and this operation flow ends. On the other hand, when the input for continuing the transmission is made (YES in S1604), the flow proceeds to S1605. In S1605, the control unit 201 acquires the DOM tree of the transition source web page from the browser 110.

In S1606, the control unit 201 extracts the input element of the transition source web page. For example, the control unit 201 may extract the input element from the DOM tree of the transition source web page by using the selector expression of the input element extraction information 900. The process of S1606 is, for example, a process corresponding to (1) of FIG.

In S1607, the control unit 201 extracts the label element of the transition source web page. For example, the control unit 201 may extract the label element in the page by the selector expression registered in the label element extraction information 1000. The process of S1607 is, for example, a process corresponding to (2) of FIG.

In S1608, the control unit 201 analyzes the structure of the DOM tree and identifies the label element corresponding to the input element. For example, the control unit 201 may specify a label element having a predetermined relationship with the input element as a label element corresponding to the input element. As described above, the predetermined relationship can be set by using, for example, the distance between the elements, the parent-child relationship between the elements, the group relationship between the elements, and the like. The process of S1607 is, for example, a process corresponding to (3) of FIG.

In S1609, the control unit 201 determines the data type of the information to be input to the input element. For example, the control unit 201 determines whether the input element extracted in S1606 matches the label information of the entry registered in the data type information 1100, and inputs the data type of the matched entry to the input element. It may be specified as a data type. Note that this process corresponds to, for example, (4) in FIG. Alternatively, the control unit 201 may determine whether the label element corresponding to the input element specified in S1608 matches the label information of the entry registered in the data type information 1100. Then, when the label element matches the label information of the entry registered in the data type information 1100, the control unit 201 sets the data type of the matched entry to the type of data to be input to the input element corresponding to the label element. May be specified. Note that this process corresponds to, for example, (5) in FIG.

In S1610, the control unit 201 evaluates the risk of the information input to the web page. For example, the control unit 201 may evaluate the risk based on the specified data type and the corresponding risk value for each of the input elements included in the web page. As an example, the control unit 201 may acquire the total risk value by integrating the data type specified for each of the input elements included in the transition source web page and the corresponding risk value.

Further, in S1611, the control unit 201 identifies the reason for collecting information on the web page based on the data type of the input element specified in S1609. For example, it is assumed that the data type group specified for each of the input elements included in the web page in S1609 matches the data type included in the data type group of the entry of the collection reason information 1200. In this case, the control unit 201 may specify the reason for collecting information on the web page as the reason for collecting information of the entry. The processes of S1610 and S1611 are, for example, the processes corresponding to (6) of FIG.

In S1612, the control unit 201 determines whether or not an entry of the same session as the current session is registered in the history information 1400. For example, the control unit 201 acquires the session ID from the browser 110. Then, the control unit 201 determines whether the history information 1400 has an entry of the same session as the current session, depending on whether or not the acquired session ID and the date and time of the history information 1400 match the session ID of the latest entry. It may be determined whether or not. If there are entries of the same session, the control unit 201 may determine YES in S1612, and the flow proceeds to S1613. In this case, the control unit 201 reads the information of the entries belonging to the same session and merges the information acquired from the transition source web page. This is because, for example, some websites collect information over a plurality of web pages in one session, and in that case, it is preferable to evaluate the risk based on the information on a plurality of pages belonging to the same session. For example, the control unit 201 may merge the provider and service type of the entry of the history information 1400 belonging to the same session with the service type and provider information specified in S1503 and S1504, respectively. Further, the control unit 201 may merge the information collection reason and data type information of the entries of the history information 1400 belonging to the same session with the data type and information collection reason specified in S1609 and S1611, respectively. The control unit 201 may, for example, merge the URL information of the entry of the history information 1400 belonging to the same session with the URL information of the transition source web page. In the merging process, the control unit 201 may, for example, leave the same value as it is and add different values. Further, in the merging process, the control unit 201 may update the total risk value by adding the total risk value acquired in S1610 to the total risk value of the entries of the history information 1400 belonging to the same session.

Subsequently, in S1614, the control unit 201 determines whether or not there is an entry in the past entries excluding the entry of the current session from the history information 1400 that includes information similar to the information extracted from the web page in the current session. To judge. For example, the control unit 201 has an entry having a value that satisfies a predetermined condition (for example, a number equal to or more than a predetermined ratio) with the provider, the service type, the reason for collecting information, and the data type specified from the transition source web page. Determine if there is. In the process of S1614, if there is no entry that satisfies the predetermined condition and matches (S1614 is NO), the flow proceeds to S1617. On the other hand, if there is an entry that satisfies the predetermined condition (YES in S1614), the flow proceeds to S1615.

In S1615, the control unit 201 determines whether or not the URL of the entry that satisfies the predetermined conditions and matches the URL of the transition source matches. If the URL of the entry that satisfies the predetermined conditions and matches the URL of the transition source matches (YES in S1615), the flow proceeds to S1617. On the other hand, if the URL of the entry that satisfies the predetermined conditions and matches the URL of the transition source does not match (S1615 is NO), the flow proceeds to S1616. In this case, although the data transmission event executed in the past and the data to be transmitted are similar, the URL is different, and the fake web page created by imitating the legitimate web page. It is presumed that you may be trying to send data. Therefore, in S1616, the control unit 201 changes the total risk value to a value indicating a higher risk by adding a predetermined value to the total risk value. It should be noted that the risk can be judged to be low if the data is transmitted with exactly the same contents as the data transmitted to the web page performed in the past. Therefore, in another embodiment, for example, the URL of the entry that satisfies the predetermined condition and matches in S1615 and the URL of the transition source match, and the entry that satisfies and matches the predetermined condition can be selected. Suppose it was a transmission. In this case, the control unit 201 may change the total risk value to a value indicating a lower risk by, for example, subtracting a predetermined value from the total risk value.

In S1617, the control unit 201 determines whether or not the calculated total risk value is equal to or greater than a predetermined threshold value. When the total risk value is less than a predetermined threshold value (NO in S1617), this operation flow ends. On the other hand, when the total risk value is equal to or higher than a predetermined threshold value (YES in S1617), the flow proceeds to S1618.

In S1618, the control unit 201 outputs display information for inquiring whether or not to continue transmitting data, and causes the display unit 203 included in the terminal 101 to display the display screen 1300. The control unit 201 generates display information for displaying the display screen 1300 from, for example, the service type and provider information specified in S1503 and S1504, and the information collection reason and data type information specified in S1609 and S1611. It may be displayed. Alternatively, the control unit 201 may generate, for example, display information for displaying the display screen 1300 from the information merged in S1613 and display it.

In S1619, when the control unit 201 receives an input from the user on the display screen 1300, the control unit 201 may register an entry in the history information 1400. The entries registered in the history information 1400 include, for example, the service type and provider specified in S1503 and S1504, the information collection reason and data type specified in S1609 and S1611, and the URL of the transition source web page. May include. Further, the entries registered in the history information 1400 in S1619 include information on whether to continue or stop the transmission selected on the display screen 1300, the total risk value, and the session ID of the current session acquired from the browser 110. May include. Furthermore, the entry registered in the history information 1400 in S1619 may include the information merged in S1613.

In S1620, the control unit 201 determines whether the instruction to continue or the instruction to stop is input from the user on the display screen 1300. When the stop instruction is input (S1620 is NO), this operation flow ends. On the other hand, when the instruction to continue is input (YES in S1620), the flow proceeds to S1621.

In S1621, the control unit 201 transmits the information input to the input element to the server 102 and executes the process of executing the page transition in the browser 110, and this operation flow ends.

As described above, according to the operation flow of FIG. 16, the control unit 201 identifies what kind of information the web page collects from the HTML of the web page, and the risk of transmission based on the information. Can be determined whether or not is high. Further, the control unit 201 can suppress the transmission of information when it is determined that the risk of transmission is high. Then, when the transmission of information is suppressed, the display information is output and the display screen 1300 or the like is displayed on the display unit 203, so that the user can be provided with, for example, information on the service type and the provider. As a result, the user can grasp what kind of connection destination he / she is connected to by referring to the provided information. Further, according to the embodiment, by displaying the display screen 1300 or the like on the display unit 203, it is possible to provide the user with information such as the reason for collecting information and the data type. As a result, the user can recognize what kind of data is being transmitted.

Further, for example, some browsers have an automatic input function. With the auto-fill feature, for example, when you enter an email address, personal information such as address, name, and phone number is automatically entered in the form. There is also a phishing technique that exploits this feature to make users think they have just entered their email address while stealing other personal information. Even in such a case, in the above-described embodiment, since the data type of the information to be transmitted is specified and presented to the user, the user can know that the unintended information is about to be transmitted. As a result, the risk of information leakage due to phishing can be reduced.

In addition, the information registered in the history information 1400 in the above-described embodiment can be used for the evaluation of subsequent web pages. For example, spoofed web pages used for phishing may be created by imitating legitimate web pages. In this case, the disguised web page is visually difficult to distinguish from a legitimate web page. However, in the above-described embodiment, the information collected from the previously connected web page registered in the history information 1400 is compared with the information collected from the currently connected web page. Then, at the time of comparison, the control unit 201 separately determines the match of information such as the service type, the provider, the reason for collecting information, and the data type, and the match of the URL. Therefore, for example, it is assumed that the appearance and structure of the web page are similar, the information such as the service type, the provider, the reason for collecting information, and the data type are similar, but the URL is different. In this case, the control unit 201 can determine that the web page may have been created by imitating a legitimate website.

Further, by evaluating the risk based on the past user's selection in this way, it is possible to control the suppression of data transmission according to the characteristics and tendencies of each user, and the transmission is excessively suppressed. It is possible to reduce the amount of storage.

Moreover, the above-described embodiment can be implemented without depending on prior knowledge. Therefore, it does not take time (several days to several weeks) to recognize the damage of phishing and to call attention and spread countermeasures, and it is possible to shorten the time to countermeasures against attacks.

In the above-described embodiment, for example, in the processes of S1605 to S1609, the control unit 201 of the terminal 101 operates as the acquisition unit 211. Further, for example, in the processing of S1610, S1611, S1617 to S1621, the control unit 201 of the terminal 101 operates as the transmission control unit 212.

Although the embodiments have been illustrated above, the embodiments are not limited thereto. For example, the above-mentioned operation flow is an example, and the embodiment is not limited thereto. When possible, the operation flow may be executed by changing the order of processing, may include additional processing separately, or may omit some processing. For example, the process of confirming the URL and the SSL certificate of the transition destination web page from S1601 to S1604 in FIG. 16 may be omitted. In this case, for example, after permitting the browser 110 to transmit data in S1621, the browser 110 may confirm the URL and the SSL certificate of the transition destination web page.

Further, in the above-described embodiment, the process shown in the operation flow of FIG. 15 is executed at the timing when the web page is loaded, but the embodiment is not limited to this, and in another embodiment, the process is not limited to this. It may be executed at the timing when the page transition is detected.

In addition, some web pages do not require the user to input all the input elements contained in the page. For example, in a web page such as a questionnaire, the input of personal information may be arbitrarily set. Therefore, in the above-described embodiment, the control unit 201 does not have to extract the input element for which information has not been input from the user at the time of page transition in the above-mentioned processing of S1606.

Further, in the above-described embodiment, the control unit 201 may further collect image information such as a company logo or favicon embedded as an image element and display it on the display screen 1300. Further, in the above-described embodiment, the analysis of the web page may be combined with an advanced analysis method such as machine learning.

Further, in the above-described embodiment, the risk is evaluated based on the data type of the input element included in the web page, and the control for suppressing the page transition is performed. However, the embodiment is not limited to this. For example, some information such as passwords and card numbers can be judged to have a sufficiently high risk even with individual information. Therefore, in another embodiment, the control unit 201 controls to suppress the page transition of the web page when the data type of the information for which the input element requests input is a predetermined data type (for example, a password and a card number). May be done.

FIG. 18 is a diagram illustrating a hardware configuration of a computer 1800 for realizing the terminal 101 according to the embodiment. The hardware configuration for realizing the terminal 101 of FIG. 18 includes, for example, a processor 1801, a memory 1802, a storage device 1803, a reading device 1804, a communication interface 1806, and an input / output interface 1807. The processor 1801, the memory 1802, the storage device 1803, the reading device 1804, the communication interface 1806, and the input / output interface 1807 are connected to each other via, for example, the bus 1808. Further, a display device 1811 and an input device 1812 are connected to the input / output interface 1807.

The processor 1801 may be, for example, a single processor, a multiprocessor, or a multicore. The processor 1801 provides a part or all of the functions of the control unit 201 described above by executing, for example, a program describing the procedure of the operation flow described above using the memory 1802. For example, the processor 1801 may operate as the acquisition unit 211 and the transmission control unit 212 by reading and executing the program stored in the storage device 1803.

The memory 1802 is, for example, a semiconductor memory and may include a RAM area and a ROM area. The storage device 1803 is, for example, a semiconductor memory such as a hard disk or a flash memory, or an external storage device. RAM is an abbreviation for Random Access Memory. ROM is an abbreviation for Read Only Memory.

The reading device 1804 accesses the removable storage medium 1805 according to the instructions of the processor 1801. The removable storage medium 1805 includes, for example, a semiconductor device (USB memory, etc.), a medium (magnetic disk, etc.) to which information is input / output by magnetic action, and a medium (CD-ROM, etc.) to which information is input / output by optical action. It is realized by DVD etc.). USB is an abbreviation for Universal Serial Bus. CD is an abbreviation for Compact Disc. DVD is an abbreviation for Digital Versatile Disk.

The storage unit 202 described above may include, for example, a memory 1802, a storage device 1803, and a removable storage medium 1805. For example, the storage device 1803 may store service label extraction information 600, service information 700, input element extraction information 900, label element extraction information 1000, data type information 1100, collection reason information 1200, and history information 1400.

The communication interface 1806 transmits and receives data via the network 105 according to the instructions of the processor 1801. The communication interface 1806 is an example of the above-mentioned communication unit 205. The input / output interface 1807 may be, for example, an interface between an input device and an output device. The input / output interface 1807 is connected to, for example, a display device 1811 such as a display, and displays information on the display screen of the display device 1811 according to the instruction of the processor 1801. The display device 1811 is an example of the display unit 203 described above. Further, the input / output interface 1807 is connected to, for example, an input device 1812 such as a touch panel, a keyboard, and a mouse, and notifies the processor 1801 of the information received by the input device 1812. The input device 1812 is an example of the above-mentioned input unit 204.

The hardware configuration of the computer 1800 for realizing the terminal 101 described with reference to FIG. 18 is an example, and the embodiment is not limited to this. For example, some or all the functions of the above-mentioned functional parts may be implemented as hardware by FPGA, SoC, or the like. FPGA is an abbreviation for Field Programmable Gate Array. SoC is an abbreviation for System-on-a-chip.

Further, each program according to the embodiment is provided to the terminal 101 in the following form, for example.
(1) It is pre-installed in the storage device 1803.
(2) Provided by the removable storage medium 1805.
(3) Provided from a server such as a program server.

Further, for example, the above-mentioned information such as service label extraction information 600, service information 700, input element extraction information 900, label element extraction information 1000, and data type information 1100 is distributed from a server operated by a security vendor or the like. You may receive it. Alternatively, the user may individually register an entry in this information. Further, for example, by aggregating the above-mentioned history information 1400 on a server operated by a security vendor or the like, it becomes possible to evaluate a risk using the information of a web page collected by a plurality of terminals 101.

In the above, some embodiments will be described. However, the embodiments are not limited to the above embodiments, and should be understood to include various variants and alternatives of the above embodiments. For example, it will be understood that various embodiments can be embodied by modifying the components within a range that does not deviate from the purpose and scope. It will also be appreciated that various embodiments can be implemented by appropriately combining the plurality of components disclosed in the above-described embodiments. Furthermore, various embodiments are implemented by removing or replacing some components from all the components shown in the embodiments, or by adding some components to the components shown in the embodiments. Those skilled in the art will understand that it can be done.

The following additional notes will be further disclosed with respect to the above embodiments.
(Appendix 1)
When the transmission instruction of the data input in association with the input element of the web page is received, the source code describing the web page is analyzed, and the information associated with the input element is acquired from the source code.
Based on the acquired information, it is determined whether to execute or suppress the transmission of the input data.
A transmission control method characterized in that a computer executes processing.
(Appendix 2)
When the transmission of the data is suppressed, display information for inquiring whether or not to execute the transmission of the data is output.
The transmission control method according to Appendix 1, further comprising the above.
(Appendix 3)
Whether the process to determine is a data type associated with the information and the data is transmitted according to the risk evaluated based on the data type representing the type of the data input to the input element. Decide whether to suppress
The transmission control method according to Appendix 1 or 2, wherein the transmission control method is described.
(Appendix 4)
A risk value is associated with the data type.
The suppression of data transmission is executed when the total risk value evaluated based on the risk value associated with the data type specified for each of the plurality of input elements included in the web page is equal to or higher than a predetermined threshold value. Ru,
The transmission control method according to Appendix 3.
(Appendix 5)
When the first input element included in the source code describing the web page includes the first information associated with the first data type, the data type of the first input element is referred to as the data type. Specify for the first data type,
The transmission control method according to Appendix 3 or 4, further comprising the above.
(Appendix 6)
A plurality of label elements including a character string displayed on the web page are extracted from the source code that describes the web page.
When the label element having a predetermined relationship with the second input element included in the source code among the plurality of label elements includes the second information associated with the second data type, the above-mentioned The data type of the second input element is specified as the second data type.
The transmission control method according to any one of Supplementary note 3 to 5, further comprising the above.
(Appendix 7)
An element indicating the title of the web page, an element explaining the content of the content of the web page, or an element included in the header or footer of the web page includes a predetermined keyword associated with a predetermined service type. In this case, the type of service provided by the web page is specified as the predetermined service type.
The transmission control method according to any one of Supplementary note 3 to 6, further comprising the above.
(Appendix 8)
When the element indicating the title of the web page, the element explaining the content of the content of the web page, or the element contained in the header or footer of the web page contains a character string that matches the expression of the predetermined character string. A character string that matches the expression of the predetermined character string is specified as the provider of the web page.
The transmission control method according to any one of Supplementary note 3 to 7, further comprising the above.
(Appendix 9)
A group of data types specified for each of a plurality of input elements included in the web page is a data type included in a predetermined group associated with a predetermined information collection reason representing a data collection reason, and a predetermined data type. The transmission control method according to any one of Supplementary note 3 to 8, further comprising specifying the reason for collecting data by the web page as the reason for collecting the predetermined information when the conditions are satisfied and the conditions are met.
(Appendix 10)
In the data type specified from the source code describing the web page, the first service type representing the type of service provided by the web page, the first provider providing the web page, and the web page. The second data type identified from the second source code that describes the second web page in the access to the second web page executed in the past by the first reason for collecting information representing the reason for collecting information. , A second service type representing the service provided by the second web page, a second provider representing the second service, and a second reason for collecting information on the second web page. If the reason for collecting information meets the predetermined conditions and the URL of the web page is different from the URL of the second web page, the total risk value is changed to a value indicating a higher risk. ,
The transmission control method according to Appendix 4, further comprising the above.
(Appendix 11)
In the data type specified from the source code describing the web page, the first service type representing the type of service provided by the web page, the first provider providing the web page, and the web page. The second data type identified from the second source code that describes the second web page in the access to the second web page executed in the past by the first reason for collecting information representing the reason for collecting information. , A second service type representing the service provided by the second web page, a second provider representing the second service, and a second reason for collecting information on the second web page. When the reason for collecting information and the predetermined conditions are satisfied and the URL of the web page and the URL of the second web page match, the total risk value is a value indicating a lower risk. Change to,
The transmission control method according to Appendix 4, further comprising the above.
(Appendix 12)
When the transmission instruction of the data input in association with the input element of the web page is received, the source code describing the web page is analyzed, and the information associated with the input element is acquired from the source code.
Based on the acquired information, it is determined whether to execute or suppress the transmission of the input data.
A transmission control program that causes a computer to perform processing.
(Appendix 13)
When a transmission instruction of data input in association with an input element of a web page is received, the source code describing the web page is analyzed and the information associated with the input element is acquired from the source code. Department and
A transmission control unit that determines whether to execute or suppress the transmission of the input data based on the acquired information.
Including terminals.

100 Network configuration 101 Terminal 102 Server 105 Network 110 Browser 120 Extended function 130 Website 201 Control unit 202 Storage unit 203 Display unit 204 Input unit 205 Communication unit 211 Acquisition unit 212 Transmission control unit 1800 Computer 1801 Processor 1802 Memory 1803 Storage device 1804 Read Device 1805 Detachable storage medium 1806 Communication interface 1807 Input / output interface 1808 Bus 1811 Display device 1812 Input device

Claims (12)

When the transmission instruction of the data input in association with the input element of the web page is received, the source code describing the web page is analyzed, and the information associated with the input element is acquired from the source code.
Based on the acquired information, it is determined whether to execute or suppress the transmission of the input data.
A transmission control method characterized in that a computer executes processing. When the transmission of the data is suppressed, display information for inquiring whether or not to execute the transmission of the data is output.
The transmission control method according to claim 1, further comprising the above. Whether the process to determine is a data type associated with the information and the data is transmitted according to the risk evaluated based on the data type representing the type of the data input to the input element. Decide whether to suppress
The transmission control method according to claim 1 or 2, wherein the transmission control method is characterized in that. A risk value is associated with the data type.
The suppression of data transmission is executed when the total risk value evaluated based on the risk value associated with the data type specified for each of the plurality of input elements included in the web page is equal to or higher than a predetermined threshold value. Ru,
The transmission control method according to claim 3. When the first input element included in the source code describing the web page includes the first information associated with the first data type, the data type of the first input element is referred to as the data type. Specify for the first data type,
The transmission control method according to claim 3 or 4, further comprising the above. A plurality of label elements including a character string displayed on the web page are extracted from the source code that describes the web page.
When the label element having a predetermined relationship with the second input element included in the source code among the plurality of label elements includes the second information associated with the second data type, the above-mentioned The data type of the second input element is specified as the second data type.
The transmission control method according to any one of claims 3 to 5, further comprising the above. An element indicating the title of the web page, an element explaining the content of the content of the web page, or an element included in the header or footer of the web page includes a predetermined keyword associated with a predetermined service type. In this case, the type of service provided by the web page is specified as the predetermined service type.
The transmission control method according to any one of claims 3 to 6, further comprising the above. When the element indicating the title of the web page, the element explaining the content of the content of the web page, or the element contained in the header or footer of the web page contains a character string that matches the expression of the predetermined character string. A character string that matches the expression of the predetermined character string is specified as the provider of the web page.
The transmission control method according to any one of claims 3 to 7, further comprising the above. A group of data types specified for each of a plurality of input elements included in the web page is a data type included in a predetermined group associated with a predetermined information collection reason representing a data collection reason, and a predetermined data type. The transmission control method according to any one of claims 3 to 8, further comprising specifying the reason for collecting data by the web page as the reason for collecting the predetermined information when the conditions are satisfied. In the data type specified from the source code describing the web page, the first service type representing the type of service provided by the web page, the first provider providing the web page, and the web page. The second data type identified from the second source code that describes the second web page in the access to the second web page executed in the past by the first reason for collecting information representing the reason for collecting information. , A second service type representing the service provided by the second web page, a second provider representing the second service, and a second reason for collecting information on the second web page. If the reason for collecting information meets the predetermined conditions and the URL of the web page is different from the URL of the second web page, the total risk value is changed to a value indicating a higher risk. ,
The transmission control method according to claim 4, further comprising the above. When the transmission instruction of the data input in association with the input element of the web page is received, the source code describing the web page is analyzed, and the information associated with the input element is acquired from the source code.
Based on the acquired information, it is determined whether to execute or suppress the transmission of the input data.
A transmission control program that causes a computer to perform processing. When a transmission instruction of data input in association with an input element of a web page is received, the source code describing the web page is analyzed and the information associated with the input element is acquired from the source code. Department and
A transmission control unit that determines whether to execute or suppress the transmission of the input data based on the acquired information.
Including terminals.

Images