JP3996181B1 - Web page authenticity confirmation device, web page authenticity confirmation method and program, and web page authenticity confirmation system - Google Patents

Abstract

[PROBLEMS] To improve the convenience of a user of a terminal as compared with the prior art, improve the security in authenticity determination of a web page, and further reduce the labor of the user who browses the web page and the processing load. Provide a web page authenticity confirmation device.
A regular web server distributes a web page in which digital watermark information generated by a management server is embedded, and a terminal that has received the distribution of the web page, when the digital watermark is not embedded in the web page, Depending on whether the character string input in the input field is stored, transmission, transmission suspension, and warning are performed. If the digital watermark information is embedded, a request for authenticity determination is made, and a character string is transmitted, transmitted, suspended, or warned according to the result of the authenticity determination. If the character string input in the input field is an important character string, it is registered in the terminal.
[Selection] Figure 1

Description

  The present invention relates to a web page authenticity confirmation device, a web page authenticity confirmation method, a program thereof, and a web page truth, which restrict leakage of personal information by confirming the authenticity of a web page having a character string input field. It relates to a fake confirmation system.

In an electronic payment system that displays a web page distributed by a web server on a terminal and purchases goods or pays for it, bank payments and card payments of goods are performed by sending account numbers, card numbers, etc. to the web server However, there is a crime that illegally obtains and misuses account numbers, card numbers, etc., using a technique called phishing that disguises these settlement procedures. This technique called phishing is, for example, in a web page provided by a malicious web server administrator, a web page user who mistakes a web page provided by a legitimate administrator inputs an account number, a card number, etc. It is done by procedures such as sending. In order to prevent leakage of personal information such as account numbers and card numbers by these procedures (preventing phishing), a program that authenticates the legitimacy of the page on the user's terminal etc. and a browser plug-in, etc. For example, a system described in the following non-patent literature has been devised.
“SecureBrain PhishWall”, SecureBrain Corporation, “online”, “May 18, 2005 search”, Internet <URL: http://www.securebrain.co.jp/products/phishwall/index.html> “PhishSafe Product Introduction”, eSecurity Japan Co., Ltd., “online”, “May 18, 2005 search”, Internet <URL: http://www.esecurity.co.jp/products/papers/PhishSafeDetail. pdf>

  Conventionally, in order to determine the authenticity of a web page (that is, whether or not it is a web page published by an unauthorized web server), a program or plug-in installed on the terminal is used independently on the terminal side. The authenticity determination is performed by the two-party authentication in which authentication information is exchanged between the terminal and the web server that publishes the web page. Therefore, there are the following problems.

(Problem 1)
In the authenticity determination of the web page on the terminal side alone, only a true web page in which a URL or the like is registered in advance on the terminal side can be determined. In other words, when a change such as addition or deletion of a true web page is made, the terminal side needs to change such as addition or deletion of a registered URL, forcing the user to useless labor.

(Problem 2)
In the authenticity determination of the web page by the two-party authentication between the terminal and the web server that publishes the web page, if the authentication method is different for each web server, each terminal is compatible with all authentication methods. It is necessary to provide an authentication mechanism, and in that case, the user has to perform an operation of incorporating a plurality of authentication mechanisms into the terminal, which causes a problem that convenience is lowered.

(Problem 3)
If the web page provided by the web server is not visually discernable, there is a method of electronically discriminating with a digital watermark, etc., but if the entire page content including the digital watermark is copied, There was a problem that it was impossible to distinguish between authentic and false electronically.

  Therefore, the present invention improves the convenience of the user of the terminal as compared with the prior art, improves the security in determining the authenticity of the web page, further reduces the labor of the user browsing the web page and reduces the processing load. An object of the present invention is to provide a web page authenticity confirmation apparatus, a web page authenticity confirmation method, a program thereof, and a web page authenticity confirmation system that can be realized.

  In order to achieve the above object, the present invention provides digital watermark information generating means for generating digital watermark information including at least identification information of a designated digital watermark, and the digital watermark information is embedded in the received web page. A process for automatically determining whether there is a process, a process for detecting a transmission instruction for a character string input in the character input field of the received web page, and the electronic watermark information embedded in the received web page Web page authenticity determination request information including at least digital watermark identification information included in the digital watermark information embedded in the received web page and identification information of the web page determined from the received web page Processing to transmit to the web page authenticity confirmation device, and the digital watermark information is embedded in the received web page. If not, it is determined whether or not the character string input in the character input field is stored, and depending on the result, transmission of the character string or suspension of transmission of the character string or the character string A process of performing at least one of the transmission warning indications of the transmission of the character string, and a process of permitting the transmission of the character string when the authenticity determination result returned in response to the web page authenticity determination request information indicates true. , At least the authenticity determination request information transmission program to be executed by the computer of the terminal, the authenticity determination request information transmission program transmission means for transmitting to the terminal, the digital watermark identification information and the identification information of the web page True / false determination table storage means for storing a true / false determination table indicating a correspondence relationship, and the digital watermark included in the web page authenticity determination request information received from the terminal It is determined whether or not the correspondence between the different information and the identification information of the web page is recorded in the authenticity determination table. As a result, if it is determined that the correspondence is recorded, the web The authenticity determination result indicating that the page is true is transmitted to the terminal, and if it is determined that the correspondence is not recorded, the authenticity determination result indicating that the web page is false A web page authenticity confirmation device comprising: authenticity determination means for transmitting to the terminal.

  Also, in the web page authenticity confirmation apparatus, the present invention provides the authenticity determination request information transmission program transmitting means in the character input field when the digital watermark information is embedded in the received web page. Processing for transmitting web page authenticity determination request information to the web page authenticity confirmation device before inputting a character string, and the authenticity determination result returned in response to the authenticity determination request information And a process for outputting a result of the authenticity determination in the received web page when the information indicates false, and transmitting a genuineness determination request information transmission program to the terminal to cause the computer of the terminal to execute the process. To do.

  Further, according to the present invention, the above-described web page authenticity confirmation apparatus stores important character string specifying information including identification information of a web page in which the digital watermark information is embedded and identification information of a character input field in the web page. A process of further storing important character string specifying information storage means, wherein the authenticity determination request information transmitting program transmitting means further records the important character string specifying information received together with the authenticity determination result in a storage unit provided in the terminal Determining whether the important character string specifying information is embedded in the received web page before transmitting the character string input in the character input field; and the important information in the received web page When the character string specifying information is embedded, the important character string specifying information and the character string input in the character input field are associated with each other and recorded in the storage unit. Process and the authenticity determination request information transmission program to be executed by the terminal computer and transmitting to the terminal.

  Further, the present invention is the above-described web page authenticity confirmation device, wherein the authenticity determination request information transmission program transmitting means further includes an authenticity determination result returned in response to the transmission of the web page authenticity determination request information. When indicating false, the terminal is provided with a true / false determination request information transmission program for causing the computer of the terminal to execute a process of performing at least one of suspension of transmission of the character string or warning display of the transmission of the character string. It is characterized by transmitting.

  Further, the present invention provides the above-described web page authenticity confirmation device, wherein the digital watermark information generation means, the authenticity determination means, the authenticity determination request information transmission program transmission means, the authenticity determination table storage means, The important character string specifying information storage means is provided by one or a plurality of servers connected via a communication network, and the web page authenticity determination request information includes the authenticity determination means. It is transmitted to the server which has.

  The present invention is also the web page authenticity confirmation method in the web page authenticity confirmation device, wherein the electronic watermark information generating means of the web page authenticity confirmation device includes at least identification information of the designated electronic watermark. Processing for generating information, and automatically determining whether or not the digital watermark information is embedded in the received web page, wherein the authenticity determination request information transmission program transmission means of the web page authenticity confirmation device; Processing for detecting a transmission instruction of a character string input in the character input field of the web page, and the electronic watermark information embedded in the received web page if the digital watermark information is embedded in the received web page Identification of the web page determined from the digital watermark identification information included in the digital watermark information and the received web page Processing to send web page authenticity determination request information including at least information to the web page authenticity confirmation device, and input into the character input field when the digital watermark information is not embedded in the received web page It is determined whether or not a stored character string is stored, and at least one of transmission of the character string, suspension of transmission of the character string, or warning display of transmission of the character string is performed according to the result Processing and a process for permitting transmission of the character string when the authenticity determination result returned in response to the web page authenticity determination request information indicates true, at least a true / false determination request to be executed by the computer of the terminal An information transmission program is transmitted to the terminal, and the authenticity determination table storage means of the web page authenticity confirmation device includes the electronic watermark identification information and the web page Storing a true / false determination table indicating a normal correspondence relationship with other information, wherein the authenticity determination means of the web page authenticity confirmation device includes the electronic information included in the web page authenticity determination request information received from the terminal; It is determined whether or not the correspondence relationship between the watermark identification information and the web page identification information is recorded in the authenticity determination table. As a result, if it is determined that the correspondence relationship is recorded, The true / false determination result indicating that the web page is true is transmitted to the terminal, and the true / false determination result indicating that the web page is false when it is determined that the correspondence is not recorded. Is transmitted to the terminal. A web page authenticity confirmation method.

  Further, the present invention is a program to be executed by a computer of a web page authenticity confirmation device, wherein the watermark information generating process generates watermark information including at least identification information of a designated watermark, and the received web page A process for automatically determining whether or not the electronic watermark information is embedded, a process for detecting a transmission instruction for a character string input in the character input field of the received web page, and If the electronic watermark information is embedded, at least the electronic watermark identification information included in the electronic watermark information embedded in the received web page and the identification information of the web page determined from the received web page Processing to send web page authenticity determination request information to the web page authenticity confirmation device, If the digital watermark information is not embedded in the received web page, it is determined whether or not the character string input in the character input field is stored, and the transmission of the character string or the When the processing for performing at least one of suspension of transmission of the character string or warning display of transmission of the character string and the true / false determination result returned in response to the web page authenticity determination request information indicate true A process for permitting transmission of the character string, and a program for transmitting the authenticity determination request information for causing the computer of the terminal to execute at least the authenticity determination request information transmitting program for transmitting to the terminal, and receiving from the terminal Correspondence between the digital watermark identification information included in the web page authenticity determination request information and the web page identification information is recorded in the authenticity determination table storage means. It is determined whether or not the electronic watermark identification information and the web page identification information are recorded in a true / false determination table indicating a normal correspondence relationship, and as a result, it is determined that the correspondence relationship is recorded. In the case, the authenticity determination result indicating that the web page is true is transmitted to the terminal, and when it is determined that the correspondence is not recorded, the web page is false. A program for causing a computer to execute authenticity determination processing for transmitting an authenticity determination result to the terminal.

  The present invention is also a web page authenticity confirmation system in which a management server and a genuineness determination server are connected via a communication network, wherein the management server includes at least identification information of a designated digital watermark. Digital watermark information generating means for generating a message, a process for automatically determining whether or not the digital watermark information is embedded in the received web page, and a character string input in the character input field of the received web page Processing for detecting a transmission instruction, and when the digital watermark information is embedded in the received web page, the digital watermark identification information included in the digital watermark information embedded in the received web page and the received Web page authenticity determination request information including at least the identification information of the web page determined from the web page Processing to send to the web page authenticity confirmation device, and if the digital watermark information is not embedded in the received web page, it is determined whether the character string input in the character input field is stored. In accordance with the result, at least one of transmission of the character string, suspension of transmission of the character string, or warning display of transmission of the character string, and according to the web page authenticity determination request information Authenticity determination request for transmitting to the terminal a genuineness determination request information transmission program for causing at least the computer of the terminal to execute processing for permitting transmission of the character string when the returned authenticity determination result indicates true An authenticity determination server, wherein the authenticity determination server indicates a normal correspondence between the digital watermark identification information and the web page identification information. A correspondence relationship between the authenticity determination table storage means for storing the data and the electronic watermark identification information included in the web page authenticity determination request information received from the terminal and the identification information of the web page is the authenticity determination. It is determined whether or not it is recorded in the table. As a result, when it is determined that the correspondence is recorded, the authenticity determination result indicating that the web page is true is transmitted to the terminal. A web page comprising: authenticity determination means for transmitting to the terminal the authenticity determination result indicating that the webpage is false when it is determined that the correspondence relationship is not recorded. Authenticity confirmation system.

  According to the present invention, it is determined whether or not the character string input in the character input field of the web page in which the digital watermark information is not embedded is an important character string stored in the storage unit of the terminal. Therefore, even if the digital watermark information is not embedded in the web page, if the character string input in the character input field of the web page is not an important character string, the transmission process is performed as it is. In some cases, the hold or warning is given. As a result, unnecessary character string transmission suspension and warning processing can be reduced.

  Further, according to the present invention, before the character string is entered in the character input field, the terminal makes a first authenticity determination request to the authenticity determination server, and as a result, the authenticity received by the terminal is received. When the false determination result is “false”, the true / false determination result “false” is displayed on the web page received by the terminal. Accordingly, since the user of the terminal can recognize that the web page is fake before inputting characters on the web page, the user's action of entering characters in the character input field in the web page is Can be deterred. Therefore, for example, when a terminal receives a web page that stores spyware, or when spyware is running on the terminal, the user can be prevented from inadvertently entering important characters. The risk of character leakage can be reduced, thereby improving the security of the terminal.

  Further, according to the present invention, the administrator of the authorized web server creates a web page, embeds digital watermark information in the web page, and the character string input to the character input field of the web page is an important character string. (For example, a user ID or password), the URL and web page name of the web page, the field ID and name of the character input field, and the digital watermark ID of the digital watermark information embedded in the web page Correspondingly, it is registered in the management server 1 as an important character string specifying table. Then, this important character string specifying table is transmitted from the management server to the terminal via the authenticity determination server and registered in the terminal. Therefore, when the character string input to the web page displayed on the terminal is specified as an important character string and registered in the storage unit of the terminal, it is the character of the web page specified by the administrator of the authorized web server. This means that all character strings entered in the input field are stored in the terminal. In other words, the web page specified by the administrator of the authorized web server and the character string entered in the character entry field of the important web page from the viewpoint of security can be used without the user's operation using the terminal. It can be registered at the administrator's will. As a result, the user can reduce the work of registering the important character string, and since it is not necessary to inform the user of the terminal what the important character string is, the user does not know what the important character string is. Leakage of information on important character strings can be reduced.

  Further, according to the present invention, since the authenticity of the web page distributed from the web server is confirmed and the character information is transmitted on the communication network according to the authenticity result of the authenticity determination server, the security registered in the terminal 5 The distribution of the upper important character string on the communication network can be stopped when the web page is not a regular web page and is an important character string. Therefore, it is possible to prevent leakage of important character strings (personal information such as IDs, passwords, credit card numbers, and mail addresses, and other important information) to a fake web page distributed by a fake web server or the like.

  In addition, according to the present invention, when the web page authenticity determination between the website and the terminal is implemented, when a different web page authenticity determination method is implemented for each website, each terminal It is necessary to incorporate a mechanism corresponding to the method, but by adding a true / false determination server and performing a true / false determination of the web page among the three parties, the same authentication mechanism can be used for the web pages distributed by a plurality of websites. The authenticity can be determined with.

  Hereinafter, a web page authenticity confirmation system according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a web page authenticity confirmation system according to the embodiment. In this figure, reference numeral 1 denotes a management server that generates various information and programs used for web page authenticity confirmation and transmits the information to other devices. Reference numeral 2 denotes a true / false determination server that determines the authenticity of a web page based on a request from a terminal. Reference numeral 3 is a regular web server, and 4 is a fake web server that illegally distributes a copy of a web page distributed by the regular web server 3. Reference numeral 5 denotes a terminal such as a PC, a mobile phone, or a PDA. These management server 1, authenticity determination server 2, regular web server 3, fake web server 4, and terminal 5 are connected via a communication network, and the web page authenticity is determined by each server except for the fake web server 4. A verification system is configured. In addition, although the management server 1, the authenticity determination server 2, and the regular web server 3 are shown as separate servers, the processing of any of a plurality of servers may be configured on the same server.

FIG. 2 is a diagram showing functional blocks of each server.
In the management server 1 in this figure, reference numeral 11 denotes a communication processing unit that transmits and receives information to and from other servers and the terminal 5. A control unit 12 controls each processing unit of the management server 1. Reference numeral 13 denotes a digital watermark information generation unit that generates digital watermark information embedded in a web page distributed by the regular web server 3. Reference numeral 14 denotes a true / false determination request program distribution unit that distributes a program (hereinafter referred to as a true / false determination request program) for determining the authenticity of a web page received by the terminal 5. Reference numeral 15 denotes creation of a true / false determination table used by the true / false determination server 2 to determine the authenticity of the web page, and when the user of the terminal 5 enters a character string in the character input field of the web page, the character string is displayed. This is a management unit that creates an important character string specifying table (important character string specifying information) used for specifying whether or not it is important, and transmits the generated digital watermark information and the like to the authorized web server 3. . Reference numeral 16 denotes a database for storing various information.

  In the authenticity determination server 2, reference numeral 21 denotes a communication processing unit that transmits and receives information to and from other servers and the terminal 5. Reference numeral 22 denotes a control unit that controls each processing unit of the authenticity determination server 2. Reference numeral 23 denotes a true / false determination processing unit that performs a true / false determination process for the web page. A database 24 stores various information. Reference numeral 25 denotes a warning information notification unit that notifies the terminal 5 of the warning information (or may notify the regular web server 3 or the like) when the web page is determined to be false in the web page authenticity determination.

  In the regular web server 3, reference numeral 31 denotes a communication processing unit that transmits information to each server and the terminal 5. A control unit 32 controls each processing unit of the regular web server 3. Reference numeral 33 denotes a web server processing unit that performs processing of the web server. Reference numeral 34 denotes a storage unit.

FIG. 3 is a diagram showing functional blocks of the terminal.
In this figure, reference numeral 51 denotes a communication processing unit that transmits and receives information to and from each server. A control unit 52 controls each processing unit in the terminal 5. A web browser processing unit 53 performs web browser processing. Reference numeral 54 denotes a digital watermark presence / absence determination unit that automatically determines whether or not digital watermark information is embedded in the received web page. Reference numeral 55 denotes a true / false determination request process for detecting a transmission instruction of a character string input in the character input field of the received web page and a process for transmitting web page authenticity determination request information to the authenticity determination server 2. Part. Further, 56 is a character string transmission or character string transmission based on the result of whether or not the digital watermark information is embedded in the received web page and the result of the authenticity determination obtained from the authenticity determination server 2. This is a character string transmission availability determination unit that performs processing for displaying a warning for holding or transmitting a character string, and processing for outputting the result of the authenticity determination in a received web page. 57 is a process of recording the important character string specifying table received together with the true / false determination result in the storage unit 58, or an important character string specifying stored in the important character string specifying table on the web page received before transmitting the character string. Processing to determine whether information is embedded or when important character string identification information is embedded in the received web page, the important character string identification information and the characters entered in the character input field of the web page This is an important character string registration unit that performs processing of associating a column with each other and recording it in the storage unit 58. Reference numeral 58 denotes a storage unit for storing various information.

  In the web page authenticity confirmation system, the authorized web server 3 delivers the web page in which the digital watermark information generated by the management server 1 is embedded, and the terminal 5 receiving the web page delivery receives the received web page. It is automatically determined whether or not digital watermark information is embedded in the page. Further, the terminal 5 detects a transmission instruction for a character string input in the character input field of the received web page. Further, the terminal 5 transmits web page authenticity determination request information to the authenticity determination server 2 when digital watermark information is embedded in the received web page. Further, the terminal 5 determines whether or not the character string input in the character input field is stored as an important character string when the digital watermark information is not embedded in the received web page, and the character is determined according to the result. Sends a string or puts a string on hold or displays a string transmission warning. Further, the terminal 5 permits the transmission of the character string when the authenticity determination result returned according to the web page authenticity determination request information indicates true. In addition, when the authenticity determination result returned in response to the web page authenticity determination request information indicates false, the terminal 5 suspends the transmission of the character string and displays a warning of the transmission of the character string. In the authenticity determination server 2, whether or not the correspondence relationship between the digital watermark identification information included in the web page authenticity determination request information received from the terminal 5 and the web page identification information is recorded in the authenticity determination table. When it is determined that the corresponding relationship is recorded, a true / false determination result indicating that the web page is true is transmitted to the terminal, and it is determined that the corresponding relationship is not recorded. Transmits a true / false determination result indicating that the web page is false to the terminal 5.

  Further, when the watermark information is embedded in the received web page, the terminal 5 prompts the web page authenticity confirmation device before inputting the character string in the character input field, that is, immediately after receiving the web page. Web page authenticity determination request information is transmitted. Then, the terminal 5 outputs the authenticity determination result returned in accordance with the authenticity determination request information on a screen such as a web page that has received it.

  The terminal 5 receives the information of the important character string specifying table together with the authenticity determination result, and records the information in the storage unit 58. Then, before transmitting the character string input in the character input field of the web page, it is determined whether or not the important character string specifying information stored in the important character string specifying table is embedded in the web page. If the important character string specifying information is embedded in the received web page, the terminal 5 associates the important character string specifying information with the character string input in the character input field of the web page in the storage unit 58. Record.

Next, details of processing of the web page authenticity confirmation system will be described.
FIG. 4 is a conceptual diagram showing the flow of registration setting processing of the web page authenticity confirmation system.
First, the administrator of the authorized web server 3 opens a character input field for inputting an important character string that should not be leaked to the outside (for example, a field for inputting a character string such as a password, ID, account number, or credit card number). When the prepared web page is created, the management server 1 is accessed using the authorized web server 3 (or any server) in order to perform registration processing of the web page in the true / false determination confirmation system. Direct the request. At this time, a request for requesting digital watermark information is transmitted from the regular web server 3 to the management server 1 (step S101). When the digital watermark information generation unit 13 of the management server 1 accepts a request for digital watermark information via the communication processing unit 11, the digital watermark information generation unit 13 issues a digital watermark ID, and the digital watermark ID, the expiration date of the digital watermark, Digital watermark information including the URL of the fake determination server 2 is generated (step S102).

  Next, the digital watermark information generation unit 13 of the management server 1 receives, for example, information on a web page that stores the digital watermark information from the regular web server 3 and embeds the digital watermark information in the web page. The web page data in which the information is embedded is returned to the regular web server 3 (step S103). Alternatively, in the process of step S103, the digital watermark information generation unit 13 transmits the digital watermark information to the regular web server 3, and the regular web server 3 performs a process of embedding the digital watermark information in the target web page. As a result, the digital watermark information is embedded in the web page distributed by the regular web server 3.

  The digital watermark information embedded in the web page may be information in which the digital watermark ID, the expiration date of the digital watermark, and the URL of the authenticity determination server 2 are encrypted. Further, the management server 1 may generate other information such as a QR code instead of the digital watermark information, and embed the information in a web page. The management server 1 records the digital watermark ID included in the digital watermark information and the digital watermark expiration date in the server issue table of the database 16 in association with each other. The digital watermark information is generated for each target web page for which a request is made.

  When the electronic watermark information is transmitted to the regular web server 3, the management unit 15 of the management server 1 reads a check program for performing web page authenticity recording previously recorded in the database 16 or the like, and the regular web server 3 to the specified authenticity determination server 2 (step S104). If the check program has already been transmitted to the authenticity determination server 2, this process is omitted. The authenticity determination server 2 may be a server designated by the administrator of the regular web server 3 or a predetermined server. Then, the management unit 15 determines whether the digital watermark ID, the URL of the web page in which the digital watermark information is embedded, and the expiration date of the digital watermark included in the digital watermark information transmitted to the regular web server 3 are authenticity determination server 2. (Step S105).

  In addition, after the transmission of the digital watermark information, the management unit 15 associates the digital watermark ID and the digital watermark expiration date recorded in the server issuance table, and further checks the check program used by the authenticity determination server 2. The ID, the expiration date of the check program, the URL of the web page in which the digital watermark information is embedded, and the URL of the authenticity determination server that is the transmission destination of the check program are recorded in association with each other. The authenticity determination server 2 writes the digital watermark ID, the web page URL, and the digital watermark expiration date received from the management server 1 in association with the authenticity determination table stored in the database 24. When there are a plurality of web pages in which digital watermark information is embedded, a plurality of correspondence relationships of the digital watermark ID, the web page URL, and the digital watermark expiration date are recorded in the authenticity determination table.

  The management server 1 also includes a digital watermark ID for identifying the digital watermark information, identification information of the web page in which the digital watermark information is embedded (information on the correspondence between the URL of the web page and the web page name), An important character string specifying table in which identification information of the character input field in the web page (information on the correspondence between the field ID of the character input field and the input field name) is recorded is recorded in the database 16. This important character string specifying table is registered in the management server 1 in accordance with an instruction from the administrator of the regular web server 3. In the subsequent processing, it is determined in the terminal 5 whether or not the character string input to the character string input field of the web page received by the terminal 5 is an important character string from the identification information of the web page and the character input field. If it is an important character string, registration of the character string input in the character input field to the terminal 5 is processed. The important character string specifying table is transmitted from the management server 1 to the authenticity determination server 2 (step S106) and registered in the database 24 of the authenticity determination server 2. With the above processing, the setting of the web page authenticity confirmation system on the server side is completed.

FIG. 5 is a diagram illustrating information recorded in the server issue table.
As shown in this figure, the server issue table held in the database 16 is used by the digital watermark ID embedded in the web page distributed by the regular web server 3, the digital watermark expiration date, and the authenticity determination server 2. The check program ID, the expiration date of the check program, the URL of the web page in which the digital watermark information is embedded, and the URL of the authenticity determination server that is the destination of the check program are recorded in association with each other.

FIG. 6 is a diagram showing information recorded in the important character string specifying table.
As shown in FIG. 6, in the management server 1, an electronic watermark ID for specifying the electronic watermark information and identification information of the web page in which the electronic watermark information is embedded (information on the correspondence between the URL of the web page and the web page name) And an important character string specifying table including identification information of the character input field in the web page (information on the correspondence between the field ID of the character input field and the input field name) is recorded in the database 16. In addition, a character input field for inputting one or a plurality of important character strings can be set in one web page, and depending on the web page, there is a web page having a character input field for inputting an important character string, and the character concerned. Some web pages do not have an input field. The information registered in the important character string specifying table is a combination of the identification information of the web page for the web page having the character input field for inputting the important character string and the identification information of the character input field in the web page. Information of this important character string specifying table is transmitted to the authenticity determination server 2 and stored in the database 24 of the authenticity determination server 2. The web page name is character string information that can identify a web page transmitted by the regular web server 3 such as “top page”. The field ID of the character input field is a tag ID for specifying the character input field in the description of the markup language when the web page is described in a markup language such as HTML, for example. . The input field name is, for example, a character string for specifying the character input field in the description of the markup language.

  While the management server 1, the authenticity determination server 2, and the regular web server 3 perform the processing from step S101 to step S106, the terminal 5 accesses the management server 1 by the operation of the terminal 5 by the user on the terminal 5 side. Then, a download request for the authenticity determination request program is notified (step S107). When the management server 1 receives this notification, the authenticity determination request program distribution unit 14 reads the authenticity determination request program from the database 16 and distributes it to the terminal 5 (step S108). Here, the authenticity determination request program is executed in the terminal 5, whereby the electronic watermark presence / absence determination unit 54, authenticity determination request processing unit 55, character string transmission availability determination unit 56, important character string is included in the terminal 5. Each processing function of the registration unit 57 is configured.

  When the authenticity determination request program is executed in the terminal 5 by a user operation, the program first determines whether the authenticity determination request program is already installed (step S109). Then, the authenticity determination request processing unit 55 then performs processing for constantly monitoring the web page reception processing in the web browser processing unit 53 (step S110). Here, in the authenticity determination request program, information on the ID and expiration date of the program is stored, and such information is also recorded in the database 16 of the management server 1 as a setting file (terminal issue table). The authenticity determination request program may be a program in a format such as a plug-in installed in the web browser, or may be a format such as a program resident in the computer of the terminal 5. With the above processing, the setting of the web page authenticity confirmation system on the terminal side is completed.

FIG. 7 is a diagram showing information recorded in the terminal issue table.
As shown in FIG. 7, the management unit 15 of the management server 1 associates the authenticity determination request program ID, the validity determination request program expiration date, and the IP address of the transmission destination terminal in the terminal issue table. Store and register in database 16.

FIG. 8 is a conceptual diagram showing a flow of web page authenticity determination processing.
FIG. 9 is a diagram showing a processing flow of the terminal in the web page authenticity confirmation system.
Next, web page authenticity determination processing will be described with reference to FIGS.
First, the authenticity determination request program is executed in the terminal 5, and each of the electronic watermark presence / absence determination unit 54, the authenticity determination request processing unit 55, the character string transmission availability determination unit 56, the important character string registration unit 57, and the storage unit 58 is detected. It is assumed that the functional unit is configured. In such a situation, it is assumed from FIG. 8 that the web browser processing unit 53 transmits a web page distribution request to the regular web server 3 or the fake web server 4 when the user operates the terminal 5. Then, the web server processing unit 33 of the regular web server 3 or the fake web server 4 distributes the web page designated by the terminal 5 to the terminal 5 (step S201). In the terminal 5, the web browser processing unit 53 displays the web page distributed from the regular web server 3 or the fake web server 4 on the display unit.

  Here, the digital watermark presence / absence determination unit 54 of the terminal 5 reads the received web browser from the web browser processing unit 53 and automatically determines whether or not the digital watermark information is embedded in the web page (step S202). If the digital watermark information is embedded, the authenticity determination request processing unit 55 notifies the user of the start of authenticity determination by displaying “authenticating authenticity” or the like on the display unit of the terminal 5, and the web page It is determined whether or not the digital watermark information embedded in is digital watermark information. If the digital watermark information is encrypted, the digital watermark information is decrypted. Next, it is determined whether or not the expiration date is within the digital watermark information, and if it is within the expiration date, web page authenticity determination request information is generated (step S203). The authenticity determination request processing unit 55 may encrypt the web page authenticity determination request information.

  The web page authenticity determination request information includes the IP address of the terminal 5, the authenticity determination request program ID and expiration date, the authenticity determination server URL, the ID and expiration date of digital watermark information embedded in the web page, and the web page. And the creation date and time information of the web page authenticity determination request information are stored. These pieces of information are read from digital watermark information, web pages, and setting files held in the storage unit 58. When the web page authenticity determination request information is generated, the authenticity determination request processing unit 55 sends the web page authenticity determination request information to the authenticity determination server URL held in the web page authenticity determination request information. Is transmitted (step S204), and a first authenticity determination request is made.

  In the authenticity determination server 2, when the web page authenticity determination request information is received, the authenticity determination processing unit 23 decrypts the web page authenticity determination request information if encrypted, and the web page The ID and validity period of the authenticity determination request program stored in the authenticity determination request information, the ID of the digital watermark information, the URL of the web page in which the digital watermark information is embedded, and the expiration date of the digital watermark are read. Further, the authenticity determination processing unit 23 reads the Web page URL and electronic watermark expiration date recorded in the authenticity determination table in association with the ID of the electronic watermark information read from the Web page authenticity determination request information. Then, it is determined whether or not the ID system (such as the number of ID characters) of the authenticity determination request program ID is correct, whether or not the validity period of the authenticity determination request program has passed, and the ID system of the digital watermark ID is Correspondence relationship between the electronic watermark ID read from the web page authenticity determination request information and the URL of the web page in which the electronic watermark is embedded, whether or not it is correct, whether or not the expiration date of the electronic watermark has passed Web page authenticity is determined by determining whether or not is recorded in the authenticity determination table (step S205).

  In each determination, the authenticity determination processing unit 23 determines whether the ID system of each ID of the authenticity determination request program and the electronic watermark is correct, and the correspondence between the electronic watermark ID and the web page URL is within the validity period. If it is recorded in the table, it is determined that the web page of the web page URL stored in the web page authenticity determination request information is a true web page provided from the authorized web server 3. Also, the authenticity determination processing unit 23 stores the correspondence between the electronic watermark ID and the web page URL in the authenticity determination table when the ID system of each ID of the authenticity determination request program and the electronic watermark is not correct or within the expiration date. When any of the cases such as the case of not being recorded is determined, it is determined that the web page of the web page URL stored in the web page authenticity determination request information is false. If it is determined that the web page is false, the warning information notification unit 25 stores information indicating that a false page has been detected in the database 24 of the authenticity determination server 2. Information indicating that a fake page has been detected may be transmitted to the management server 1.

  Next, the authenticity determination processing unit 23 creates authenticity result data when the authenticity determination of the web page is completed (step S206). This true / false result data includes at least the determined web page URL and information indicating whether the web page of the URL is true or false. Further, the authenticity determination processing unit 23 reads the important character string specifying table (FIG. 6) from the database 24. Then, the authenticity determination processing unit 23 transmits authenticity result data to the terminal 5 (step S207), and transmits an important character string specifying table to the terminal 5 (step S208). At this time, the authenticity determination processing unit 23 may encrypt and transmit the authenticity result data and the information of the important character string specifying table.

  In the terminal 5, when the authenticity result data and the information on the important character string specifying table are received, the important character string registering unit 57 stores the important character string specifying table in the storage unit 58 (step S209). The information in the important character string specifying table may be registered after being encrypted. The character string transmission permission / inhibition determination unit 56 decrypts the authenticity determination result data if it is encrypted, and reads “true” and “false” information of the web page included in the authenticity result data. Then, when the true / false determination result is “true”, the character string transmission availability determination unit 56 displays the result on a screen such as a web page (for example, a toolbar), and proceeds to the next processing. Determine. On the other hand, if the true / false determination result is “false”, the fact that the true / false determination result is “false” is output on the received web page screen (for example, a toolbar) (step S210). According to the above process, when the terminal 5 makes a first authenticity determination request to the authenticity determination server 2 and the result of the authenticity determination received at the terminal 5 is “false”, The true / false determination result “false” is displayed on the web page received by the terminal 5. Accordingly, since the user of the terminal 5 can recognize that the web page is false before inputting characters on the web page, the user inputs the act of inputting characters into the character input field in the web page. Can be deterred before. Therefore, for example, when a terminal receives a web page that stores spyware, or when spyware is running on the terminal, the user can be prevented from inadvertently entering important characters. The risk of character leakage can be reduced, thereby improving the security of the terminal.

  Next, from FIG. 9, after receiving the true / false result data corresponding to the first authenticity determination request, the authenticity determination request processing unit 55 waits for the input of the character string in the character input field (step S301). In the received web page, it is detected whether or not a transmission instruction for the character string input in the character input field has been input (step S302). When the transmission instruction of the character string is detected, the authenticity determination request processing unit 55 notifies the user of the start of authenticity determination by displaying “authenticating authenticity” or the like on the display unit of the terminal 5, and electronically reappears on the web page. It is determined whether or not watermark information is embedded (step S303). If the digital watermark information is encrypted, the digital watermark information is decrypted. Next, when it is determined in step S303 that the digital watermark information is embedded in the web page, it is determined from the digital watermark information whether or not it is within the expiration date. If it is within the expiration date, the web page authenticity determination request information is determined. Is generated (step S304). The authenticity determination request processing unit 55 may encrypt the web page authenticity determination request information. When the web page authenticity determination request information is generated, the authenticity determination request processing unit 55 transmits the web page authenticity determination request information to the authenticity determination server URL held by the web page authenticity determination request information. (Step S305), a second authenticity determination request is made.

  In the authenticity determination server 2, when the web page authenticity determination request information is received, the authenticity determination processing unit 23 decrypts the web page authenticity determination request information if encrypted, and the web page The ID and validity period of the authenticity determination request program stored in the authenticity determination request information, the ID of the digital watermark information, the URL of the web page in which the digital watermark information is embedded, and the expiration date of the digital watermark are read. Further, the authenticity determination processing unit 23 reads the Web page URL and electronic watermark expiration date recorded in the authenticity determination table in association with the ID of the electronic watermark information read from the Web page authenticity determination request information. Then, it is determined whether or not the ID system (such as the number of ID characters) of the authenticity determination request program ID is correct, whether or not the validity period of the authenticity determination request program has passed, and the ID system of the digital watermark ID is Correspondence relationship between the electronic watermark ID read from the web page authenticity determination request information and the URL of the web page in which the electronic watermark is embedded, whether or not it is correct, whether or not the expiration date of the electronic watermark has passed Is recorded in the true / false determination table.

  In each determination, the authenticity determination processing unit 23 determines whether the ID system of each ID of the authenticity determination request program and the electronic watermark is correct, and the correspondence between the electronic watermark ID and the web page URL is within the validity period. If it is recorded in the table, it is determined that the web page of the web page URL stored in the web page authenticity determination request information is a true web page provided from the authorized web server 3. Also, the authenticity determination processing unit 23 stores the correspondence between the electronic watermark ID and the web page URL in the authenticity determination table when the ID system of each ID of the authenticity determination request program and the electronic watermark is not correct or within the expiration date. When any of the cases such as the case of not being recorded is determined, it is determined that the web page of the web page URL stored in the web page authenticity determination request information is false. When it is determined that the web page is false, the warning information notification unit 25 uses a predetermined mail address or IP address to notify a predetermined server that a false page has been detected. May be. Next, the authenticity determination processing unit 23 generates authenticity result data when the authenticity determination of the web page is completed. Then, the authenticity determination processing unit 23 transmits authenticity result data to the terminal 5. At this time, the authenticity determination processing unit 23 may encrypt and transmit information of the authenticity result data. Note that the processing in the authenticity determination server 2 is the same as the processing in steps S203 to S207 described above.

  Next, in the terminal 5, when the authenticity determination result data is received by the character string transmission determination unit 56, if the information is encrypted, the information is decrypted and stored in the authenticity result data. Is read to determine whether it is “true” or “false” (step S306). If the true / false result data is “true”, it is determined whether or not an important character string registration process, which will be described later, is performed (step S307). The character string input in the input field is registered in the storage unit 58 (step S308), and the web browser processing unit 53 is notified to cancel the suspension of the character string transmission and continue the character string transmission process ( Step S309). And the web browser process part 53 transmits the character string input into the web page to the regular web server 3 via a communication network. If the truth / false result data is “false” in step S306, the transmission of the character string input in the character input field is suspended and a warning message for the transmission of the character string is displayed (step S310). For example, in the processing of step S310, (1) hold and display a warning, or (2) display a warning and select whether or not to hold, and if hold is selected, hold and select not to hold If so, send the string.

  As another embodiment, for example, since the authenticity result data includes at least the determined web page URL and whether the web page of the URL is true or false, the above-described step S203 is performed. After step S208, if the terminal 5 holds the true / false result data in a memory or the like, it is already executed by the URL of the web page stored in the web page true / false determination request information generated in step S304. The true / false result data of the passed true / false judgment can be specified. That is, without sending the web page authenticity determination request information to the authenticity determination server 2 in step S305, the authenticity result data corresponding to the web page authenticity determination request information generated in step S304 is stored in the terminal 5 inside the terminal 5. In step S306, whether or not the true / false result data is “true” or “false” is read from the cache memory 5 or the like and stored in the true / false result data using the “true” or “false” information. You may make it perform the process of.

  Here, the determination as to whether or not to perform the important character string registration process in step S307 described above is performed first by the important character string registration unit 57 of the terminal 5 inputting the web page URL and all the characters in which the character strings are input. The field ID of the column is read from the received web page. An important character string in which information on the correspondence between the web page URL and one field ID (when there are a plurality of field IDs read from one web page, the correspondence is plural) is already stored in the storage unit 58. It is determined whether or not it is registered in the specific table (important character string specific table stored in step S209). If the correspondence (important character string specifying information) between the web page URL and the field ID of the character input field in which the character string is input is registered in the important character string specifying table, the process of step S308, That is, the character string input in the character input field is registered in the important character string storage table of the storage unit 58. If the correspondence (important character string specifying information) between the web page URL and the field ID of the character input field in which the character string is input is not registered in the important character string specifying table, the process of step S309, That is, a process of notifying the web browser processing unit 53 to cancel the suspension of the transmission of the character string and continue the transmission process of the character string is performed.

  Here, the administrator of the authorized web server 3 creates a web page, embeds digital watermark information in the web page, and the character string input in the character input field of the web page is an important character string (for example, a user The URL and web page name of the web page, the field ID of the character input column and the input column name, and the digital watermark ID of the digital watermark information embedded in the web page, It is registered in the management server 1 as an important character string specifying table. Then, this important character string specifying table is transmitted from the management server 1 to the terminal 5 via the authenticity determination server 2 and registered in the terminal 5 in step S209. Therefore, when the character string input to the web page displayed on the terminal 5 is identified as the important character string in step S307 described above and registered in the process of step S308, it is the administrator of the authorized web server 3. This means that all the character strings input in the character input field of the web page designated by the above are stored in the terminal 5. That is, according to the above-described processing of Step S307 to Step S308, the character string input to the character input field of the web page designated by the administrator of the regular web server 3 and important from the viewpoint of security is obtained. Registration can be made by the intention of the administrator of the authorized web server 3 without the operation of the user who uses the terminal 5. As a result, the work of registering the important character string by the user can be reduced, and it is not necessary to inform the user of the terminal 5 what the important character string is, so that the user does not know what the important character string is. , Leakage of information about important character strings can be reduced.

  When it is determined in step S303 that the digital watermark information is not embedded in the received web page, the character string transmission availability determination unit 56 determines that the character string input in the character input field is the important character string stored in the storage unit 58. It is determined whether or not the character string is stored in the storage table (step S311). If the character string is not stored, the suspension of transmission of the character string is canceled and the character string transmission process is continued so as to continue the character string transmission process. Notification is made to the unit 53 (step S312). If it is determined in step S311 that the character string input in the character input field is stored in the storage unit 58, the transmission of the character string is suspended and a warning display of the transmission of the character string is performed (step S311). S313). For example, in the process of step S313, as in step S310, (1) hold and display a warning, or (2) display a warning and select whether or not to hold, and if hold is selected, hold If it is selected not to hold, a character string is transmitted. In the warning display in the process of step S313, for example, the character string transmission availability determination unit 56 reads the web page name of the web page and tries to transmit an important character string on the “Warning!“ Web page name ”screen. You may make it display on a screen information, such as. In determining whether or not the character string in step S311 is stored in the storage unit 58, it is determined whether or not the character string is stored in the storage unit 58 by registering the character string in step S308. In other words, if the digital watermark information is not embedded in the web page, if the character string entered in the character input field of the web page is not an important character string, the transmission process is performed as it is. The hold and warning are done. As a result, unnecessary character string transmission suspension and warning processing can be reduced.

  In addition, since the processing of steps S302 to S310 described above confirms the authenticity of the web page distributed from the web server according to the authenticity result of the authenticity determination server 2, and transmits the character information on the communication network, the terminal 5 The distribution of the character string important for security registered in the communication network to the communication network can be stopped when the web page is not a regular web page and is an important character string. Accordingly, it is possible to prevent leakage of important character strings (personal information such as IDs, passwords, credit card numbers, mail addresses, and other important information) input to the character input field of the fake web page. In this embodiment, the authenticity determination is performed based on whether or not the correspondence between the digital watermark ID and the URL of the web page is recorded in the authenticity determination table, but the web page URL is used instead of the web page URL. The IP address of the page may be used.

  In addition, according to the above-described mechanism, when the web page authenticity determination between the website and the terminal is implemented, if a different web page authenticity determination method is implemented for each website, the terminal Although a mechanism corresponding to the web page must be incorporated, the authenticity determination server 2 is added to perform the authenticity determination of the web page among the three parties so that the web pages distributed by a plurality of websites can be the same authentication mechanism. The authenticity can be determined with.

  Previously, there was only a phishing site determination, but the web page was made public according to the result of the web page authenticity determination and whether or not a digital watermark was embedded in the web page. There is no product that controls the monitoring and transmission of the character string entered in the character entry field of the web page by judging the risk level of the website and the importance of the information to be transmitted. Therefore, even if the user recognizes the danger level of the website that publishes the web page, the user cannot make an accurate decision and makes an incorrect decision, and inadvertently sends important information to the dangerous website. It was. The present invention is a technique for solving these problems, displays whether or not a received web page is transmitted from a phishing site, and is important in a character input field designated by an authorized web server administrator. A method of recognizing a character string and controlling its transmission is used. This prevents erroneous self-determination by the user and prevents information leakage.

  Each of the above servers and terminals has a computer system inside. The process described above is stored in a computer-readable recording medium in the form of a program, and the above process is performed by the computer reading and executing this program. Here, the computer-readable recording medium means a magnetic disk, a magneto-optical disk, a CD-ROM, a DVD-ROM, a semiconductor memory, or the like. Alternatively, the computer program may be distributed to the computer via a communication line, and the computer that has received the distribution may execute the program.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

It is a block diagram which shows the structure of a web page authenticity confirmation system. It is a figure which shows the functional block of each server. It is a figure which shows the functional block of a terminal. It is a conceptual diagram which shows the flow of a registration setting process. It is a figure which shows the information recorded on a server issue table. It is a figure which shows the information recorded on an important character string specific table. It is a figure which shows the information recorded on a terminal issue table. It is a conceptual diagram which shows the flow of a process of web page authenticity determination. It is a figure which shows the processing flow of the terminal in a web page authenticity confirmation system.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Management server, 2 ... True / false judgment server, 3 ... Regular web server, 4 ... Fake web server, 5 ... Terminal

Claims (7)

Digital watermark information generating means for generating digital watermark information including at least identification information of the designated digital watermark;
Important character string specifying information storage means for storing important character string specifying information consisting of identification information of a web page in which the digital watermark information is embedded and identification information of a character input field in the web page;
A process for automatically determining whether or not the digital watermark information is embedded in the received web page; a process for detecting a transmission instruction of a character string input in a character input field of the received web page; and the reception When the digital watermark information is embedded in the received web page, the digital watermark identification information included in the digital watermark information embedded in the received web page and the web page determined from the received web page The important page received together with the process of transmitting the web page authenticity determination request information including at least the identification information to the web page authenticity confirmation device and the authenticity determination result as a response to the transmitted web page authenticity determination request information The process of recording the character string specifying information in the storage unit, and the reception of the character string input in the character input field before transmission. Processing for determining whether or not the important character string specifying information is embedded in the web page, and when the important character string specifying information is embedded in the received web page, it is input to the character input field. The registered character string in the important character string storage table of the storage unit, and if the digital watermark information is not embedded in the received web page, the character string input in the character input field is the important character Processing for determining whether or not the character string is stored in the column storage table and performing at least one of transmission of the character string, suspension of transmission of the character string, and warning display of transmission of the character string according to the result And a process of permitting transmission of the character string when the authenticity determination result returned in response to the web page authenticity determination request information indicates true, at least the terminal compilation The authenticity determination request information transmission program to be executed by the over data, and authenticity determination request information transmission program transmitting means for transmitting to said terminal,
A true / false determination table storage means for storing a true / false determination table indicating a normal correspondence between the digital watermark identification information and the identification information of the web page;
Determining whether the correspondence between the digital watermark identification information included in the web page authenticity determination request information received from the terminal and the web page identification information is recorded in the authenticity determination table; As a result, when it is determined that the correspondence is recorded, the authenticity determination result indicating that the web page is true is transmitted to the terminal, and it is determined that the correspondence is not recorded. In the case, authenticity determination means for transmitting the authenticity determination result indicating that the web page is false to the terminal,
An apparatus for confirming authenticity of a web page, comprising: The authenticity determination request information transmission program transmission means, when the digital watermark information is embedded in the received web page, the web page authenticity confirmation before the character string is input in the character input field. A process of causing the device to transmit the authenticity determination request information of the web page and a process of outputting the authenticity determination result returned in response to the authenticity determination request information on the screen, to the computer of the terminal The web page authenticity confirmation apparatus according to claim 1, wherein the authenticity determination request information transmission program to be executed is transmitted to the terminal. The authenticity determination request information transmission program transmitting means further holds the transmission of the character string when the authenticity determination result returned in response to the transmission of the web page authenticity determination request information indicates false or the 2. The web page according to claim 1, further comprising: transmitting to the terminal a true / false determination request information transmission program that causes a computer of the terminal to execute a process of performing at least one of a warning display for sending a character string. Authenticity confirmation device. The electronic watermark information generating means;
The authenticity determination means;
The authenticity determination request information transmission program transmission means;
The authenticity determination table storage means;
Each means of the important character string specifying information storage means is provided by one or a plurality of servers connected via a communication network,
The web page authenticity confirmation device according to any one of claims 1 to 3 , wherein the web page authenticity determination request information is transmitted to a server having the authenticity determination means. A web page authenticity confirmation method in a web page authenticity confirmation device,
The electronic watermark information generating means of the web page authenticity confirmation device generates electronic watermark information including at least identification information of a designated electronic watermark,
The important character string specifying information storage means of the web page authenticity confirmation device includes important character string specifying information consisting of identification information of a web page in which the digital watermark information is embedded and identification information of a character input field in the web page. Remember,
Processing for automatically determining whether the digital watermark information is embedded in the received web page, the authenticity determination request information transmission program transmission means of the web page authenticity confirmation device, and the characters of the received web page Included in the digital watermark information embedded in the received web page if the digital watermark information is embedded in the received web page, and processing for detecting a transmission instruction of the character string input in the input field Processing for transmitting web page authenticity determination request information including at least the electronic watermark identification information to be determined and the identification information of the web page determined from the received web page to the web page authenticity confirmation device, and the transmitted web Stores the important character string specifying information received together with the authenticity determination result as a response to the page authenticity determination request information A process for recording in the character input field, a process for determining whether or not the important character string specifying information is embedded in the received web page before transmitting the character string input in the character input field, and the received web when the key character string specifying information on the page is embedded, the process of registering a character string input to the text entry field in critical character string storage table in the storage unit, the electronic watermark to the web page said received When the information is not embedded, it is determined whether or not the character string input in the character input field is stored in the important character string storage table, and the transmission of the character string or the character is determined according to the result. Processing for performing at least one of suspension of string transmission or warning display of transmission of the character string, and a true / false determination result returned according to the web page authenticity determination request information Wherein the process of performing transmission permission strings, the authenticity determination request information transmission program to be executed by at least a terminal of the computer, transmitted to the terminal to indicate,
The true / false determination table storage means of the web page authenticity confirmation device stores a true / false determination table indicating a normal correspondence between the digital watermark identification information and the identification information of the web page,
The authenticity determination means of the web page authenticity confirmation device has a correspondence relationship between the digital watermark identification information included in the web page authenticity determination request information received from the terminal and the identification information of the web page. It is determined whether or not it is recorded in the fake determination table. As a result, if it is determined that the correspondence relationship is recorded, the authenticity determination result indicating that the web page is true is sent to the terminal. When transmitting and determining that the correspondence is not recorded, the authenticity determination result indicating that the Web page is false is transmitted to the terminal. A program to be executed by a computer of a web page authenticity confirmation device,
A digital watermark information generation process for generating digital watermark information including at least identification information of the designated digital watermark;
A process for automatically determining whether or not the digital watermark information is embedded in the received web page; a process for detecting a transmission instruction of a character string input in a character input field of the received web page; and the reception When the digital watermark information is embedded in the received web page, the digital watermark identification information included in the digital watermark information embedded in the received web page and the web page determined from the received web page a process of transmitting the web page authenticity determination request information including at least identification information to web pages authenticity checking device destined, true the web page with authenticity determination result as a response of the transmitted web page authenticity determination request information The process of recording the important character string specifying information received from the fake confirmation device in the storage unit and the input to the character input field A process for determining whether or not the important character string specifying information is embedded in the received web page before transmitting the character string, and when the important character string specifying information is embedded in the received web page In addition, a process of registering the character string input in the character input field in the important character string storage table of the storage unit, and if the digital watermark information is not embedded in the received web page, the character input field It is determined whether or not the input character string is stored in the important character string storage table, and the transmission of the character string or the suspension of the transmission of the character string or the warning display of the transmission of the character string is determined according to the result A process for performing at least one of the above, and a process for permitting transmission of the character string when a true / false determination result returned in response to the web page authenticity determination request information indicates true At least the authenticity determination request information transmission program to be executed by the terminal computer, authenticity determination request information transmission program transmitting process of transmitting to the terminal a,
Correspondence between the digital watermark identification information included in the web page authenticity determination request information received from the terminal and the web page identification information is stored in the authenticity determination table storage unit and the digital watermark identification information It is determined whether or not it is recorded in a true / false determination table indicating a normal correspondence relationship with the identification information of the web page. As a result, if it is determined that the correspondence relationship is recorded, the web page is true. The authenticity determination result indicating that the web page is false is transmitted to the terminal when it is determined that the correspondence is not recorded. Authenticity determination processing to be transmitted;
A program that causes a computer to execute. A web page authenticity confirmation system in which a management server and a true / false determination server are connected via a communication network,
Management server
Digital watermark information generating means for generating digital watermark information including at least identification information of the designated digital watermark;
A process for automatically determining whether or not the digital watermark information is embedded in the received web page; a process for detecting a transmission instruction of a character string input in a character input field of the received web page; and the reception When the digital watermark information is embedded in the received web page, the digital watermark identification information included in the digital watermark information embedded in the received web page and the web page determined from the received web page Processing for transmitting web page authenticity determination request information including at least identification information to the authenticity determination server, and the authenticity determination server as a response to the transmitted web page authenticity determination request information The process of recording the important character string specifying information received from the storage unit and the character string input in the character input field. A process for determining whether or not the important character string specifying information is embedded in the received web page, and when the important character string specifying information is embedded in the received web page, the character Processing for registering the character string input in the input field in the important character string storage table of the storage unit, and if the digital watermark information is not embedded in the received web page, the character input in the character input field It is determined whether or not a column is stored in the important character string storage table, and at least one of transmission of the character string, suspension of transmission of the character string, or warning display of transmission of the character string is determined according to the result And a process of permitting transmission of the character string when a true / false determination result returned in response to the web page authenticity determination request information indicates true. Also the authenticity determination request information transmission program to be executed by the terminal computer, and a false determination request information transmission program transmitting means for transmitting to said terminal,
The true / false judgment server
A true / false determination table storage means for storing a true / false determination table indicating a normal correspondence between the digital watermark identification information and the identification information of the web page;
Important character string specifying information storage means for storing important character string specifying information consisting of identification information of a web page in which the digital watermark information is embedded and identification information of a character input field in the web page;
Determining whether the correspondence between the digital watermark identification information included in the web page authenticity determination request information received from the terminal and the web page identification information is recorded in the authenticity determination table; As a result, when it is determined that the correspondence is recorded, the authenticity determination result indicating that the web page is true is transmitted to the terminal, and it is determined that the correspondence is not recorded. A web page authenticity confirmation system comprising: a true / false determination means that transmits the true / false determination result indicating that the web page is false to the terminal.

Images