JP4845030B2 - Information browsing system and method - Google Patents

Description

  The present invention relates to a technique for ensuring the validity of information that is distributed on a network and associated with each other.

  With the spread of the information communication network represented by the Internet and the development of World Wide Web technology, anyone can send information through the Web site regardless of individuals or companies. On the other hand, for users who use such information, whether the page (information) posted on the website is trustworthy or whether the page is a legitimate organization. There is a problem that it is difficult to judge.

  Currently, authentication using a public key certificate of a web server is used to confirm the legitimacy of the website, but the user confirms the contents of the public key certificate every time the website is accessed. This is cumbersome, and it may be difficult to determine the legitimacy of the Web site only from the contents of the public key certificate, so the confirmation may be omitted. For this reason, the damage caused by phishing that guides the user to a Web site very similar to an existing online service and frauds important user information such as an ID / password is increasing.

Conventionally, there is a technique described in Patent Document 1 as a method for confirming the reliability of information on a Web site. This is because when a link is made from one site to another, in other words, the link information for the page of another site (link destination page) is embedded in the page of one site (link source page). In the link source page, the CRC value and time stamp of the link destination page are embedded together with the link information, and the link destination page is not modified using these information before following the link. This is a technology that confirms the URL and, if it has been modified, does not make a transition to the link destination or issues a warning.
JP 2002-41350 A

  However, in the technique described in Patent Document 1, access is disabled or a warning is issued when the link destination page is changed. Therefore, the CRC value and the time stamp are changed with the change of the link destination page. There is a problem that it is necessary to recalculate and change the link source page (information embedded in) based on the value. In addition, when there are multiple link source pages linked to the changed link destination page, it is necessary to change all of the link source pages, and the link source link source that further links to the link source page The effect of the change will spread to the page. That is, every time a page is changed, many pages that directly or indirectly refer to the page are required to be changed.

  In addition, when the link source page and the link destination page are managed by different entities, there has been a problem that the work accompanying the request for change described above becomes complicated.

  SUMMARY OF THE INVENTION In view of the above problems, an object of the present invention is to provide an information browsing system and method that can easily change a link destination page without changing the link source page while guaranteeing the legitimacy of the link. There is to do.

  The information browsing system according to claim 1, a server device that provides page information including at least one link information, a client device that requests, acquires, and browses the page information, and communication that connects them. The link information in the page information includes a URL indicating the position of the link destination page information and a link verification key indicating a key for verifying whether or not the link information included in the link destination page information has been tampered with. Information, link attribute information representing a calculation rule for obtaining link destination page information attributes from link source page information attributes, and link signature information for verifying whether the link information has been tampered with The client device includes at least a page information storage unit, a page attribute information storage unit, a link verification key information storage unit, and a signature verification unit. Further, the client device includes a function for presenting page information stored in the page information storage unit to the user, and link information included in the presented page information is included in the link information when selected by the user. Page signature information stored in the page attribute information storage unit and the signature verification unit verifies the validity of the link information using the key stored in the link verification key information storage unit. And the link attribute information included in the link information, a function for calculating page attribute information indicating the trust level of the page information of the link destination indicated by the link information, the verification result of the validity of the link information, and the link destination If the page information of the link destination is acquired automatically or based on the instruction from the user based on the page attribute information of the page information If you cross, to the server device through the communication network, characterized by comprising a function of acquiring request to provide the page information indicated by the URL included in the link information.

  With this configuration, the validity of the content of the link information can be guaranteed by the link verification key information included in the link information. Even if the link information included in the page information of the link destination is updated, the link signature information for the updated link information only needs to be recalculated at the link destination, and the link source page that refers to the page information Since it is not necessary to update the link information of the information, the page information is not updated to the link source, and the maintenance management is easier than the conventional management method in which the link destination is updated to the link source.

  The information browsing system according to claim 2, a server device that provides page information including at least one link information, a client device that requests, acquires, and browses the page information, and communication that connects them. The page information includes page signature information for verifying whether or not the page information is falsified together with the link information, and the link information in the page information is a URL indicating the position of the link destination page information. And link verification key information representing the key for verifying whether or not the link information included in the link destination page information has been tampered with and the calculation for obtaining the link destination page information attribute from the link source page information attribute Link attribute information representing rules, link signature information for verifying whether or not the link information has been tampered with, and falsification of linked page information At least page verification key information representing a key for verifying presence / absence, and the client device includes a page information storage unit, a page attribute information storage unit, a link verification key information storage unit, a page verification key information storage unit, A signature verification unit, and the client device selects a function for presenting page information stored in the page information storage unit to the user and link information included in the presented page information. Then, the link signature information included in the link information is verified by the signature verification unit using the key stored in the link verification key information storage unit, and the page attribute information is stored. Page attribute information stored in the section and the link attribute information included in the link information, the link destination page indicated by the link information. Link destination page information automatically or based on an instruction from the user based on a function for calculating page attribute information indicating the trust level of information, a verification result of the validity of the link information, and page attribute information of the page information of the link destination If it is determined that the server information is to be acquired, the server apparatus requests the server apparatus to provide the page information indicated by the URL included in the link information and acquires the page information, and is included in the acquired page information. Using the key stored in the page verification key information storage unit for page signature information, the signature verification unit verifies the validity of the page information, and the verification result of the validity of the page information, And a function of determining whether or not to store link destination page information in the page information storage unit.

  With this configuration, in addition to the above, the validity of the contents of the linked page information can be guaranteed by the page verification key information included in the link information. Similarly to the above, even if the content of the page information of the link destination is updated, the page signature information for the updated page information may be recalculated at the link destination, and the page of the link source that refers to the page information Since it is not necessary to update the link information of the information, the page information is not updated to the link source, and the maintenance management is easier than the conventional management method in which the link destination is updated to the link source.

  The information browsing system according to claim 3 is the information browsing system according to claim 1 or 2, wherein the URL indicating the position of the linked page information includes mailto, and the client device includes link information in addition to the above. A storage unit; a mailer unit; and in addition to the above, the client device determines whether the link information stored in the link information storage unit includes mailto. A function for activating the page and attribute information recalculation information for recalculating the page attribute information of the mail, and attaching this to the mail including the link information in the mail body by the mailer section When a mail is received by the mailer part with the function to send to the address entered from the mail, the received mail body is regarded as page information and attached. Was also updates the link information storing unit from the attribute information recalculation information Recalculating the page attribute information, the re-calculation result, characterized in that a function of verifying the validity of the e-mail using.

  With this configuration, in addition to the above, a link having a function of guaranteeing the validity of the contents of the linked page can be transmitted to a third party through a mail from the client device.

  According to a fourth aspect of the present invention, in the information browsing system according to the third aspect, the URL representing the position of the linked page information includes an instruction to send a mail to the server device. The server device further comprising a function of activating the mail transmission unit when a link including the mail transmission instruction is selected on the client device; and the page attribute information of the mail is retransmitted by the mail transmission unit. It has a function to create attribute information recalculation information for calculation, attach this to a mail containing link information in the mail body, and send it to an address designated in advance or designated by the user .

  With this configuration, in addition to the above, a link having a function of guaranteeing the validity of the content of the link destination page can be transmitted to a third party through a mail from the server device.

  The information browsing system according to claim 5 is the information browsing system according to any one of claims 1 to 4, wherein the validity of the link information included in the page information is verified and the page attribute information of the link destination page information Before the user selects link information, the calculation is performed on all link information included in the page information, the verification result and the calculation result are saved, and the user saves the link information when the user selects the link information. A verification result and a calculation result are used.

  With this configuration, the validity of the link information and the reliability level of the page information of the link destination are calculated in advance, and in addition to the above, after the user selects the link information included in the page information, Thus, the time required to request provision of page information indicated by the link information can be shortened.

  The information browsing method according to claims 6 to 10 corresponds to the information browsing system according to claims 1 to 5 described above, respectively, and the operation and effect thereof are also described in claims 1 to 5 described above. Same as the information browsing system described.

  According to the present invention, since information that guarantees the validity of the link and information that guarantees the reliability of the link destination page are added to the link, the user can trust the link source and the link source and link. The legitimacy and reliability of the landing page can be confirmed based on the previous trust relationship. In addition, if legitimacy is not confirmed, it is possible to control such as prohibiting browsing of pages and displaying warnings, so even if screen transition occurs in online shopping or net banking, it is guided to unauthorized sites The user can use it with peace of mind. Moreover, since it is difficult to guarantee the legitimacy of the page, online fraud that invites the user to a site very similar to the real one and frauds the user ID and password can be prevented. In addition, since the information included in the link information consists only of information that does not depend on the content change of the linked page, it is not necessary to change the link source page linked to the page when changing the page, and each page is managed There is an advantage that the contents can be easily changed in the site.

<First Embodiment>
A first embodiment of the present invention will be described with reference to the drawings.

  As shown in FIG. 1, the information browsing system 10 according to the first embodiment of the present invention is composed of a client device 100, server devices 200-1, 200-2,. The apparatus 100 and the server apparatuses 200-1, 200-2,... Can communicate with each other via the communication network 20. The communication network 20 is, for example, the Internet or a corporate network. The server devices 200-1, 200-2,... Are devices that provide information (page information) including at least one piece of link information, such as a Web server. The client device 100 is a device that requests the server device 200-1, 200-2,... For the page information, acquires the page information, and causes the user to browse. For example, a mobile phone, a personal computer, a PDA (Personal) having a browser function. (Digital Assistants).

  Although only one client device 100 is shown here, a plurality of client devices 100 may be connected to arbitrary server devices 200-1, 200-2,... Via the communication network 20, respectively. Further, the hyphen in the reference numeral and the numbers after that are for distinguishing a plurality of elements having the same configuration, and will be omitted in the following description when it is not necessary to distinguish them.

  First, page information in the information browsing system according to the first embodiment of the present invention will be described with reference to FIG.

  The page information represents a group of information that is provided for user browsing from the server device 200 through the client device 100, and includes at least one (generally a plurality of) link information. Here, the link information is information for referring to the page information of the link destination from the page information as the link source, and includes at least a URL (Uniform Resource Locator), link verification key information, link attribute information, and link signature information. It is out.

  The URL is information indicating the position of the link destination page information referred to by the page information (link source page information). The link verification key information is information representing a key for verifying the validity (tampering) of the link information included in the page information of the link destination, and more specifically, disclosure for verifying the digital signature. Key etc. The link attribute information is information representing a calculation rule for obtaining the attribute of the link destination page information from the attribute of the link source page information. The link signature information is information for verifying the validity (presence / absence of alteration) of the link information. More specifically, the link signature information is a digital signature calculated for a portion of the link information excluding the link signature information. Etc.

  As shown in FIG. 3, the client device 100 includes a network interface 110, an input unit 120, an output unit 130, a browsing unit 140, a storage unit 150, a signature verification unit 160, and a control unit 170.

  The network interface 110 is connected to the communication network 20 and communicates with the server device 200. The input unit 120 is a keyboard, a mouse, or the like that performs input from the user. The output unit 130 is a display, a speaker, or the like that outputs browsing information to the user.

  The browsing unit 140 receives page information from the server device 200 via the network interface 110, and outputs the page information through the output unit 130 so that the user can browse the page information. Also, an instruction from the user is input through the input unit 120. The browsing unit 140 further includes a page information storage unit 141, a page attribute information storage unit 142, a link information storage unit 143, a link verification key information storage unit 144, a browsing history storage unit 145, and a page attribute information temporary storage unit 146. It consists of

  The page information storage unit 141 stores the above-described page information.

  The page attribute information storage unit 142 stores information representing the attributes of page information stored in the page information storage unit 141. The page information attribute is, for example, the trust level of the page, and has a value of 1 (Trusted) or 0 (Unknown) here. Note that the page attribute information corresponds to the page represented by the page information stored in the page information storage unit 141. However, what page information is traced from what page information and the page information is referred to. It may vary depending on the situation. That is, the page attribute information need not always have the same value as the corresponding page information.

  Of the link information included in the page information stored in the page information storage unit 141, the link information storage unit 143 temporarily stores the link information selected by the user by the input unit 120.

  The link verification key information storage unit 144 temporarily stores link verification key information for verifying the validity of the link information.

  The browsing history storage unit 145 stores history such as page information viewed and link information selected by the user.

  The page attribute information temporary storage unit 146 temporarily stores page attribute information indicating the trust level of the link destination page information indicated by the link information selected by the user.

  The storage unit 150 stores initial page information P0, initial page attribute information A0, and initial link verification key information LVK0 in a form that cannot be tampered with or in a form that guarantees validity. Here, the initial page information P0 is page information that the user first browses, and includes at least one link information indicating link destination page information that can be referred to from the initial page information. The initial page attribute information A0 is information representing the trust level of the initial page information P0. The initial link verification key information LVK0 is information indicating a key for verifying the validity (presence of falsification) of the link information included in the initial page information P0.

  The signature verification unit 160 verifies the validity of the link information, that is, that there is no falsification.

  The control unit 170 controls components other than the control unit 170 such as the network interface 110, the input unit 120, the output unit 130, the browsing unit 140, the storage unit 150, and the signature verification unit 160 described above.

  As illustrated in FIG. 4, the server device 200 includes a network interface 210, an information providing unit 220, a storage unit 230, and a control unit 240.

  The network interface 210 communicates with the client device 100 via the communication network 20.

  The information providing unit 220 receives the request for page information transmitted from the client device 100 via the network interface 210, searches the page information stored in the storage unit 230 based on the received request, and uses the page information as the network interface. The data is transmitted to the client device 100 via 210.

  The storage unit 230 stores the above-described page information provided to the client device 100.

  The control unit 240 controls components other than the control unit 240 such as the network interface 210, the information providing unit 220, and the storage unit 230.

  Hereinafter, with respect to the browsing processing procedure in the information browsing system of the present invention according to the first embodiment, a case where the page information stored in the server device 200 is browsed by the client device 100 is taken as an example, and the client device shown in FIG. A description will be given according to 100 processing flow.

  First, the browsing unit 140 of the client device 100 reads the initial link verification key information LVK0, the initial page attribute information A0, and the initial page information P0 stored in the storage unit 150 as initial settings, and the link verification key of the browsing unit 140, respectively. The information is stored in the information storage unit 144, the page attribute information storage unit 142, and the page information storage unit 141 (S1).

  The browsing unit 140 outputs the content by the output unit 130 based on the page information stored in the page information storage unit 141. More specifically, the content of the page information is displayed on the display and presented to the user. Further, based on the page attribute information stored in the page attribute information storage unit 142, the output unit 130 outputs the attributes of the page information (S2).

  Further, an instruction input from the user regarding link selection is received from the input unit 120 (S3). Specifically, the link is specified by the user clicking a place where the link in the page information is embedded with a pointing device such as a mouse.

  The browsing unit 140 receives a user's link selection instruction from the input unit 120, identifies corresponding link information from the page information stored in the page information storage unit 141 based on the link selection instruction, and the contents Is stored in the link information storage unit 143 (S4).

  Next, the signature verification unit 160 uses the link verification key information stored in the link verification key information storage unit 144 and the link signature information included in the link information stored in the link information storage unit 143 to use the link information. Is verified (S5). More specifically, the digital signature is verified.

  Further, the browsing unit 140 uses the page attribute information (of the link source page information) stored in the page attribute information storage unit 142 and the link attribute information included in the link information stored in the link information storage unit 143 to The page attribute information of the link destination page information indicated by the link information is calculated and temporarily stored in the page attribute information temporary storage unit 146 (S6). For example, when the page attribute information Tp of the link source page information is either 1 (Trusted) or 0 (Unknown), and the link attribute information L is 1 (Preserve) or 0 (Not preserve), the link destination information The page attribute information Tp ′ of the page information is calculated as Tp ′ = L * Tp.

  Next, the browsing unit 140 presents the link information, as necessary, by presenting the validity of the link information obtained in S5 and the attribute information of the link destination page information obtained in S6 to the user by the output unit 130. An instruction as to whether or not to obtain link destination page information indicated by is received from the input unit 120 (S7). The determination as to whether or not the information can be acquired may be automatically made based on a predetermined rule. For example, the page is not acquired when the validity of the link information cannot be verified, or the page attribute information of the link destination represents a reliable page that can be verified (in the above example, Tp ′ = 1). In the case of (), the page is acquired without user confirmation. If it is determined that the page can be acquired, the process returns to step S3. Otherwise, step S8 and subsequent steps are executed.

  The browsing unit 140 requests and transmits the provision of page information indicated by the URL included in the link information stored in the link information storage unit 143 to the server device 200 via the network interface 110 and the communication network 20 (S8). As a response, page information is received / acquired from the server device 200 (S9).

  The browsing unit 140 stores the page information acquired in step S9 in the page information storage unit 141 of the browsing unit 140, and converts the link verification key information included in the link information stored in the link information storage unit 143 to the link verification key. The page attribute information stored in the information storage unit 144 and temporarily stored in the page attribute information temporary storage unit 146 is stored in the page attribute information storage unit 142 (S10), and control is passed to step S2.

  The above is the browsing processing procedure in the client device 100 of the information browsing system of the present invention according to the first embodiment. Since the operation of the server device 200 is the same as that of a normal Web server, description of the processing procedure is omitted.

  Further, referring to FIG. 6, a link setting procedure in the information browsing system of the present invention according to the first embodiment is shown. Here, the server apparatus 200-1 holds page information P1 referred to by link information included in the initial page information P0 stored in the client apparatus 100, and the server apparatus 200-2 stores the server apparatus 200-. It is assumed that page information P2 referred to by link information included in page information P1 held in 1 is held.

  The management entity C1 of the server apparatus 200-1 that holds the page information P1 generates a set of link verification key information LVK1 and link signature key information LSK1. LVK1 and LSK1 are a pair of a public key for verifying a digital signature and a secret key for generating a digital signature. The management entity C1 of the server apparatus 200-1 generates link signature information using the link signature key information LSK1 for the link information L1 included in the page information P1 on the server apparatus 200-1. However, the signature is calculated for the part obtained by removing the link signature information from the link information L1.

  On the other hand, the management entity C0 of the initial page information P0 receives link verification key information LVK1 paired with the link signature key information LSK1 from the management entity C1 of the server apparatus 200-1 that holds the page information P1 referred to by the initial page information P0. To get. Also, C0 generates a pair of initial link verification key information LVK0 and initial link signature key information LSK0, as in C1. Then, C0 calculates link signature information using the initial link signature key information LSK0 for the link verification key information LVK1, the URL of the page information P1, the link attribute information, etc. acquired from C1, and combines them together with the link information. L0 is generated. Then, the initial page information P0 including the link information L0 is generated and stored in the storage unit 150 in the client device 100 together with the initial link verification key information LVK0 and the initial page attribute information A0. The management entity of the initial page P0 and the management entity of the client device 100 may be the same.

  Similarly, the management entity C1 of the server device 200-1 acquires link verification key information LVK2 generated in the same manner as C1 from the management entity C2 of the server device 200-2 that holds the page information P2. C1 calculates link signature information using the link signature key information LSK1 for the link verification key information LVK2, the URL of the page information P2, the link attribute information, and the like acquired from C2, and combines them together with the link information L1. Is generated. Further, page information P1 including link information L1 is generated and stored in the storage unit 230 of the server device 200-1.

  If link verification key information is arranged as described above, the validity of link information can be guaranteed. For example, the legitimacy of the URL of the link destination page can be guaranteed, and detection can be made when the URL is falsified. Furthermore, since the link information includes link verification key information for verifying the validity of the link information included in the link destination page, it is possible to guarantee the validity of the link information included in the link destination page. In other words, the link can be regarded as a trust relationship from the link source page to the link destination page, and the reliability of all the pages that can be reached by following the trust link from the trust page can be guaranteed. Links between pages can be maintained and managed based on the link by the management body of the link source page and the link destination page in consultation.

  Further, in the present invention, even when the management entity of the linked page changes the contents of the link information included in the page, the linked page management entity only needs to recalculate the link signature information of the linked information. The link information on the link source page does not need to be changed without affecting the link source page. That is, the maintenance management is easier than the conventional management method in which the change of the link destination reaches the link source.

  Next, a modified example of the browsing processing procedure in the information browsing system according to the first embodiment of the present invention will be described according to the processing flow of the client device 100 shown in FIG. Note that portions that are the same as those in the processing flow shown in FIG. 5 described above are given the same reference numerals, and descriptions thereof are omitted.

  After step S2, the browsing unit 140 executes the following for all link information included in the page information stored in the page information storage unit 141.

  First, the link verification key information stored in the link verification key information storage unit 144 by the signature verification unit 160 and the link signature information included in all the link information in the page information stored in the page information storage unit 141 are obtained. The validity of each link information is verified, and the result is temporarily stored in the page information storage unit 141. Furthermore, the page attribute information (of the link source page information) stored in the page attribute information storage unit 142 and the link attribute information included in all link information in the page information stored in the page information storage unit 141 The page attribute information of the link destination page information indicated by each link information is calculated, and the result is temporarily stored in the page information storage unit 141 (S11).

  In step S7, since the validity of the link information obtained in step S11 and the attribute information of the link destination page can be referred to, steps S5 and S6 in FIG. 5 can be omitted.

  In step S4, the link information corresponding to the selected link is stored in the link information storage unit 143, and the page attribute information corresponding to the link information temporarily stored in the page information storage unit 141 is stored in the page attribute information. Assume that the temporary storage unit 146 temporarily stores the data.

  As described above, the validity of the link information and the page attribute information of the link destination page information are calculated in advance for all the link information included in the page information, so that the user selects a link in step S3. The process until the page information request is transmitted in step S8 can be executed at high speed, and the responsiveness can be improved. Also, by executing step S11 in parallel with step S3, step S11 can be executed while waiting for user input in step S3, and the responsiveness can be further improved.

<Second Embodiment>
Next, a second embodiment of the present invention will be described with reference to the drawings.

  In the information browsing system according to the second embodiment, a function for guaranteeing the contents of linked page information is added to the information browsing system according to the first embodiment. Note that, in the configuration and procedure of the information browsing system according to the second embodiment, the same components as those of the information browsing system according to the first embodiment are denoted by the same reference numerals, and description thereof is omitted.

  The configuration of the information browsing system according to the second embodiment is the same as that of the information browsing system according to the first embodiment shown in FIG.

  On the other hand, as illustrated in FIG. 8, the client device 300 according to the second embodiment is similar to the client device 100 according to the first embodiment in that the initial page information P0 and the initial page attribute information are used instead of the storage unit 150. A0, initial link verification key information LVK0, and initial page verification key information PVK0 are configured to include a storage unit 350 that is stored in a form that cannot be tampered with or in a form that guarantees validity. Here, the initial page verification key information PVK0 is information representing a key for verifying the validity (presence of falsification) of the initial page information P0.

  Further, as shown in FIG. 9, the page information in the information browsing system according to the second embodiment includes the page signature in addition to each information included in the page information in the information browsing system according to the first embodiment. Consists of information. The page signature information is information for verifying the legitimacy (presence of falsification) of the page information. More specifically, the page signature information is a digital signature calculated for a portion of the page information excluding the page signature information. Etc.

  The link information included in the page information in the information browsing system according to the second embodiment includes the page information in addition to each information in the link information included in the page information in the information browsing system according to the first embodiment. It includes verification key information. The page verification key information is information representing a key for verifying the validity (presence of falsification) of the link destination page information pointed to by the link information, and more specifically, for verifying the digital signature. The public key.

  The page information described above is stored in the page information storage unit 141 of the client device 300 and the storage unit 230 of the server device 200 as in the case of the first embodiment.

  Hereinafter, the browsing process procedure in the information browsing system according to the second embodiment of the present invention will be described with reference to the case where the client apparatus 300 browses the page information stored in the server apparatus 200 as an example. FIG. A description will be given according to the processing flow 300.

  First, the browsing unit 140 of the client device 300 reads the initial page information P0 and the initial page verification key information PVK0 stored in the storage unit 350 (S12), and the signature verification unit 160 reads the initial page verification key information PVK0. And the page signature information included in the initial page information P0, the validity of the initial page information P0 is verified (S13).

  The browsing unit 140 confirms the verification result of the validity of the initial page information P0, and if it is not valid, outputs an error and terminates the process. On the other hand, if it is valid, the browsing unit 140 sequentially executes step S1 and subsequent steps (S14). .

  Further, the browsing unit 140 receives and acquires the page information from the server device 200 in step S9, and then the page verification key information included in the link information stored in the link information storage unit 143 by the signature verification unit 160, Using the page signature information included in the acquired page information, the validity of the acquired page information is verified (S15). If the page information is not valid, the process returns to step S3. If the page information is valid, step S10 is executed (S16).

  Further, referring to FIG. 11, a link setting procedure in the information browsing system of the present invention according to the second embodiment is shown.

  The management entity C1 of the server apparatus 200-1 that holds the page information P1 generates a set of the page verification key information PVK1 and the page signature key information PSK1 in addition to the set of the link verification key information LVK1 and the link signature key information LSK1. To do. PVK1 and PSK1 are a pair of a public key for verifying a digital signature and a secret key for generating a digital signature, respectively. The management entity C1 of the server device 200-1 generates a signature for the page information P1 on the server device 200-1 using the page signature key information PSK1. However, the signature is calculated for the part obtained by removing the page signature information from the page information P1.

  On the other hand, the management entity C0 of the initial page information P0 receives page verification key information PVK1 paired with the page signature key information PSK1 from the management entity C1 of the server apparatus 200-1 that holds the page information P1 referred to by the initial page information P0. To get. Similarly to C1, C0 generates a pair of initial page verification key information PVK0 and initial page signature key information PSK0, and generates a signature for the initial page information P0 using the initial page signature key information PSK0. . However, the signature is calculated for the part obtained by removing the page signature information from the initial page information P0. The generated initial page verification key information PVK0 and initial page information P0 are securely stored in the storage unit 350 in the client device 300 together with the initial link verification key information LVK0 and the initial page attribute information A0.

  Similarly, the operating entity C1 of the server apparatus 200-1 acquires the page verification key information PVK2 generated in the same manner as C1 from the operating entity C2 of the server apparatus 200-2 that holds the page information P2. C1 calculates link signature information using link signature key information LSK1 for the page verification key information PVK2, link verification key information LVK2, URL of page information P2, link attribute information, etc. acquired from C2, To generate link information L1, and further generate page information P1 including link information L1. The page information P1 is signed with the page signature key information PSK1 as described above.

  As described above, according to the information browsing system of the present invention relating to the second embodiment, the validity of the contents of the linked page can be guaranteed by the page verification key information included in the link information. For example, even when the linked page is falsified due to an attack on the server device 200, the presence or absence of falsification can be detected. When the management entity updates the link destination page information, the management entity only needs to recalculate the page signature information for the updated page information, and it is necessary to update the link information referring to the page information. Absent. That is, the page information is not updated at the link source, and the maintenance management is easier than the conventional management method in which the link destination is updated at the link source.

<Third Embodiment>
Next, a third embodiment of the present invention will be described with reference to the drawings.

  The information browsing system according to the third embodiment performs a more detailed evaluation of the reliability of the linked page by the extended page attribute information with respect to the information browsing system according to the second embodiment. It is.

  The extended page attribute information includes the maximum number of hops (Hp) and the trust domain set (Dp).

  The maximum number of hops (Hp) is a non-negative integer representing the maximum number of hops that can be traced from the page information while keeping the reliability level of the page information higher than 0 (unknown). For example, if Hp of certain page information is 0, the link cannot be followed any more while maintaining the trust level, and the trust level Tp of the link destination page information is 0. This attribute is used to limit the depth to follow the link as a range in which the correctness of the page information can be guaranteed.

  The trust domain set (Dp) is information for limiting the domain of the URL of the link destination page information that can follow the link while maintaining the trust level higher than 0 (unknown). For example, when the domain of the URL of the link destination page information is not included in the trust domain set Dp of the link source page information, the trust level Tp of the link destination page information is 0. This attribute is used to limit the domain of the URL of the page information as a range in which the legitimacy of the page information can be guaranteed. For example, it is possible to perform operations such as guaranteeing reliability only for linked page information in the same domain as the page information being referenced.

  The extended page attribute information is calculated from the transition function (TM), the maximum number of hops (Hl), the trusted domain set (Dl), etc., which are the extended link attribute information. The transition function (TM) is a function for calculating the trust level of the link destination page information from the trust level of the link source page information. The maximum hop count (Hl) is information that limits the maximum hop count (Hp) of the link destination page information. The trust domain set (Dl) is information that limits the trust domain set (Dp) of the linked page information.

  Note that, in the configuration and procedure of the information browsing system according to the third embodiment, the same components as those in the information browsing system according to the first or second embodiment are denoted by the same reference numerals and the description thereof is omitted. Omitted.

  The configuration of the information browsing system according to the third embodiment is the same as that of the information browsing system according to the first or second embodiment shown in FIG.

  On the other hand, as illustrated in FIG. 12, the client device 500 according to the third embodiment is similar to the client device 300 according to the second embodiment in that a page information storage unit 141, page attribute information is used instead of the browsing unit 140. Along with the storage unit 142, the link information storage unit 143, the link verification key information storage unit 144, the browsing history storage unit 145, and the page attribute information temporary storage unit 146, a page verification key information storage unit 547 and a page verification key information temporary storage unit 548 are provided. The browsing part 540 provided is comprised. Here, the page verification key information storage unit 547 stores page verification key information for confirming the validity of the page information. The page verification key information temporary storage unit 548 temporarily stores page verification key information.

  The page attribute information storage unit 142 includes the page attribute information shown in FIG. Here, the trust level (Tp) is a number representing the trust level of the page information and is, for example, either 1 (trusted) or 0 (unknown). Alternatively, a real value or the like of 0 (unknown) or more and 1 (trusted) or less may be used. The meanings of the maximum number of hops (Hp) and the trust domain set (Dp) are as described above.

  More specifically, the link information storage unit 143 includes the link information shown in FIG.

  Here, URL (Ul) is information indicating the position of the page information of the link destination indicated by the link.

  The transition function (TM) is a function for calculating the trust level of the page information of the link destination from the trust level of the page information of the link source. Basically, the trust level is raised by following the link. Therefore, the sequence {x, TM (x), TM (TM (x)),...} Is monotonically decreasing in a broad sense (terms are equal or decreasing with respect to the previous term). For example, when the confidence level (Tp) is 0 or 1, TM is a function f0 (function that always shifts the input to 0) where f0 (x) = 0, or a function f1 (constant that f1 (x) = x). Is an equivalent map).

  The link verification key information (LVKl) is information representing a key for verifying the validity of the link information further included in the link destination page information indicated by the link information.

  The page verification key information (PVKl) is information representing a key for verifying the validity of the link destination page information indicated by the link information.

  Note that LVKl and PVKl can take a special value called preserve. The link verification key information LVK and the page verification key information PVK are updated when the link is traced. If the value of LVKl or PVKl is preserve, the update of the LVK or PVK is skipped. This function has an advantage that the number of keys to be managed can be reduced by using the same verification key in a plurality of pages attached to the link. For example, the same link verification key information and page verification key information can be applied to a plurality of pages whose URLs are the same don-in.

  The link signature information (LS) is information necessary for verifying the validity of the link information. Specifically, the link signature information (LS) is a digital signature calculated for information obtained by removing the link signature information from the link information. is there.

  More specifically, the page attribute information temporary storage unit 146 includes information shown in FIG. Here, the trust level (Tp ′), the maximum number of hops (Hp ′), and the trust domain set (Dp ′) are the trust level (Tp), the maximum number of hops (Hp), and the trust domain set (Dp) of the page information. , Each of which is temporarily stored.

The page information in the third embodiment is as shown in FIG. More specifically, the link information included in the page information is described in an HTML anchor element format as shown in FIG. 16, for example. <A ....> is an HTML anchor tag, and href included in the anchor tag is the URL (Ul) of the page information of the link destination. map is the transition function (TM), max hop is the maximum number of hops (Hl), trusted “domain” is an attribute representing a trust domain set (Dl), “lvkey” is link verification key information (LVKl), pvkey is page verification key information (PKVl), and signature is link signature information (LS).

Ignore The query (IQ) is a flag. When the value is TRUE, when calculating the link signature information (LS) for the link information, the query string of the URL (Ul) in the link information is determined from the signature target. It means to remove. In this way, it is not necessary to recalculate the signature each time for link information including a dynamically changing URL.

  Since parts other than the anchor tag are the same as those of the conventional HTML, description thereof is omitted.

Also, anchor elements <a ...>... </a> shown in FIG. 16 correspond to the link information shown in FIG. For example, max in the anchor tag in FIG. Since hop is undefined (undefined), the maximum number of hops (Hl) in FIG. 14 is also undefined. In this case, max in the anchor tag The hop is clearly undefined, but the link information contains max The same applies when no hop is included.

  Hereinafter, the browsing process procedure in the information browsing system of the present invention according to the third embodiment is illustrated in FIG. 17 to FIG. 20, taking as an example the case of browsing the page information stored in the server device 200 by the client device 500. The processing will be described according to the processing flow of the client apparatus 500.

  In step 17, the browsing unit 540 of the client device 500 reads the initial page verification key information PVK 0 stored in the storage unit 350 and stores it in the page verification key information storage unit 547 of the browsing unit 540.

  Next, details of step S6 will be described with reference to the processing flow shown in FIG. First, it is determined whether or not the maximum hop count Hl is undefined (S100). If YES, step S101 is executed (Hp ′ = max (0, Hp−1)), and if NO, step S102 is executed ( Hp ′ = max (0, min (Hp−1, Hl))), and control is passed to step S103.

  In step S103, it is determined whether or not the trust domain set Dl is undefined (S103). If YES, step S104 is executed (Dp '= Dp), and then control is passed to step S108. On the other hand, if NO, it is determined whether or not the trust domain set Dp is undefined (S105). If YES, step S106 is executed (Dp ′ = Dl), and if NO, step S107 is executed (Dp ′ = Dp∩Dl), and control is transferred to step S108.

  In step S108, it is determined whether or not the transition function TM is undefined. If YES, step S109 is executed (Tp '= 0), and the processing in step S7 is completed. On the other hand, in the case of NO, it is determined whether or not the trust level Hp = 0 (S110). In the case of YES, step S109 is executed, and the entire process of step S7 is terminated. On the other hand, if NO, it is determined whether or not the trust domain set Dp is undefined (S111). If YES, step S112 is executed (Tp '= TM (Tp)), and the process in step S7 is completed. If NO, it is determined whether or not the URL to be linked is included in the trusted domain set Dp (S113). If YES, S112 is executed. If NO, S109 is executed. finish.

  Returning to FIG. 17, the details of step S18 will be described with reference to the processing flow shown in FIG. First, it is determined whether or not the value of the page verification key information (PVKl) of the link information is Preserve (S120). If YES, the value of the page verification key information (PVK) is stored in the page verification key temporary storage unit (PVK ′). If NO, the value of the page verification key information (PVKl) of the link information is stored in the page verification key temporary storage unit (PVK ′) (S122). Next, using the value stored in the page verification key information temporary storage unit (PVK ′), the legitimacy of the page information acquired in step S9 is verified (S123), and the process in step S18 is completed.

  Returning to FIG. 17, in step S <b> 19, the value (PVK ′) stored in the page verification key information temporary storage unit 548 is stored in the page verification key information storage unit 547.

  Next, details of step S10 will be described with reference to the processing flow shown in FIG. First, it is determined whether the value of the link verification key information (LVKl) in the link information storage unit 143 is Preserve (S130). If YES, nothing is performed. If NO, the link information stored in the link information storage unit 143 is verified. The value of the key information (LVKl) is stored in the link verification key information storage unit 144 (LVK) (S131). Then, step S132 is executed (Tp ← Tp ′, Hp ← Hp ′, Dp ← Dp ′), and the process of the entire step S10 is completed.

  If the above procedure is followed, the trust level of page information can be defined in more detail and flexibly.

Note that the link information shown in FIG. 16 includes information related to a user who uses the client device 500, user. An info attribute may be included. user info is, for example, a user ID, a user public key, or the like. The server device 200 acquires information related to the user through transmission / reception of information to / from the client device 500, and uses the information as the user. It is embedded in the link information as an info attribute and transmitted to the client device 500. Since the link information received by the client device 500 includes information related to the user, when the client device 500 accesses the page information based on the link information, the user embedded in the link information. By performing authentication based on info, access control for each user and customization of service for each user are possible. Since the signature is added to the entire link information, user It is difficult to falsify info information.

<Fourth embodiment>
Next, a fourth embodiment of the present invention will be described with reference to the drawings.

  In the information browsing system according to the fourth embodiment, the link destination URL is a mailto scheme with respect to the information browsing system according to the first or second embodiment, and a link is made from the viewer to a third party. It is possible to send an email containing information. The configuration and procedure of the fourth embodiment will be described below based on the second embodiment.

  Of the configuration and procedure of the information browsing system according to the fourth embodiment, the same components as those of the information browsing system according to the second embodiment are denoted by the same reference numerals, and the description thereof is omitted.

  The configuration of the information browsing system according to the fourth embodiment is the same as that of the information browsing system according to the first or second embodiment shown in FIG.

  As illustrated in FIG. 21, a client device 700 according to the fourth embodiment is different from the client device 300 according to the second embodiment in that a page information storage unit 141, a page attribute information storage unit is used instead of the browsing unit 140. 142, a link information storage unit 143, a link verification key information storage unit 144, a browsing history storage unit 145, and a page attribute information temporary storage unit 146, and a browsing unit 740 including a mailer unit 749. Here, the mailer unit 749 performs processing such as mail creation, mail reception, and transmission.

  FIG. 22 shows an outline of the operation in the fourth embodiment.

  A user who operates client device 700-1 acquires page information P1 from server device 200-1. The page information P1 includes link information L1, and the URL included in the link information L1 is a URL including mailto as shown in FIG. In FIG. 23, the e-mail address is optional and may be omitted. In this case, the user designates a mail transmission destination. Further, the mail text is an HTML mail text including link information L2 as in the mail text M1 shown in FIG.

  As shown in FIG. 22, attribute information recalculation information R1 is attached to the transmitted mail. Here, the attribute information recalculation information R1 is information necessary for the mail recipient to recalculate the mail page attribute information (for example, reliability), for example, browsing history storage of the client device 700-1. Browsing history from the initial page stored in the unit 145.

  The client device 700-2 recalculates the page attribute information using the attribute information recalculation information R1 attached to the received mail. The reliability of the mail body M1 is determined based on the recalculated page attribute information, and it is determined whether or not the page information is acquired from the URL described in the link information L2 included in the mail body M1.

  The browsing process procedure in the information browsing system of the present invention according to the fourth embodiment is shown in FIGS. 24 and 25, taking as an example the case where the page information placed on the server device 200 is browsed by the client device 700. The processing will be described according to the processing flow of the client apparatus 700 to be executed.

  After step S7, the browsing unit 740 of the client device 700 determines whether the URL in the link information stored in the link information storage unit 143 includes mailto shown in FIG. 23 (S20). If the URL does not include mailto, the process proceeds directly to step S8. If the URL includes mailto, the browsing unit 740 of the client device 700 activates the mailer unit 749 (S21). The mailer unit 749 determines whether an e-mail address is specified by the URL (S22). If it is specified, the e-mail address is acquired from the user via the input unit 120. (S23), the address is designated as the transmission destination.

  Next, the browsing unit 740 of the client device 700 creates attribute information recalculation information (S24). There are two types of attribute information recalculation information: a case of creating from the history from the initial page to the current page, and a case of creating from the current page information alone. When creating from the history from the initial page to the current page, for example, a list of URLs of pages traced from the initial page to the current page is attribute information recalculation information. When creating only from the current page information, the page attribute information of the current page, the link verification key and the page verification key included in the selected link information become the attribute information recalculation information.

  Next, the mailer unit 749 attaches attribute information recalculation information to the mail (S25), and also adds a signature to the mail to be transmitted or performs encryption processing (S26). This prevents falsification of attribute information recalculation information. Note that there are S / MIME and PGP as methods for signing and encrypting mail. Finally, the mailer unit 749 transmits a mail to the designated address via the network interface 110 (S27).

  Subsequently, with respect to the browsing processing procedure in the information browsing system of the present invention according to the fourth embodiment, taking as an example the case where the page information placed on the server device 200 is browsed by the client device 700 that has received the mail. The processing will be described according to the processing flow of the client device 700 shown in FIG.

  When the browsing unit 740 of the client device 700 receives mail by the mailer unit 749 via the network interface 110 (S28), it decrypts the encrypted message and verifies the signature (S29). At this time, if the signature verification fails, the process is terminated (S30), and if successful, the attribute information recalculation information attached to the mail is acquired (S31). The browsing unit 740 uses the acquired attribute information recalculation information to recalculate the attribute information and update the link information storage unit 143 (S32).

  Here, the way of performing step S32 differs depending on the type of the attribute information recalculation information attached. When the attribute information recalculation information includes a list of URLs from the initial page, the client apparatus 700 sequentially traces the URLs described in the list according to the flow of FIG. 10, thereby recalculating attribute information and storing link information. The unit 143 is updated. On the other hand, when the attribute information recalculation information includes the page attribute information of the page that triggered the mail transmission, the link verification key and the page verification key included in the selected link information, the client device 700 attaches the link verification that is attached. The key and the page verification key are stored in the link information storage unit 143.

  The page attribute information is recalculated as follows. That is, based on the page attribute information A included in the acquired attribute information recalculation information and an index T indicating how much the receiver trusts the sender, F (A, T). For example, if A and T are 0/1, indicating that they do not trust / do, an example of F is F (A, T) = A × T. That is, it is assumed that the mail can be trusted only when the page is trusted on the mail sender side and the mail receiver trusts the mail sender.

  When the recalculation of the attribute information is completed, the browsing unit 740 subsequently verifies the mail validity (S33). Here, the recalculated attribute information is used for the validity verification. Furthermore, if a page verification key is defined and a signature is attached to the email body, the signature attached to the email body is verified using the page verification key, and the verification result is also used. . Only when the mail is judged to be valid, the user is allowed to select link information included in the mail. Since the flow after the user selects link information is the same as in the second embodiment (after step S3), the description is omitted.

  As described above, according to the information browsing system of the present invention according to the fourth embodiment, the contents of the linked page realized by the information browsing system of the present invention according to the first and second embodiments. A link having a function of guaranteeing the legitimacy of the message can be transmitted to a third party through a mail from the client device.

<Fifth embodiment>
Next, a fifth embodiment of the present invention will be described with reference to the drawings.

  In the information browsing system according to the fifth embodiment, the link destination URL points to the mail transmission program with respect to the information browsing system according to the first or second embodiment. It is possible to send an email including link information from the device to a third party. Hereinafter, the configuration and procedure of the fifth embodiment will be described based on the second embodiment.

  Note that, in the configuration and procedure of the information browsing system according to the fifth embodiment, the same components as those of the information browsing system according to the second embodiment are denoted by the same reference numerals, and description thereof is omitted.

  The configuration of the information browsing system according to the fifth embodiment is the same as that of the information browsing system according to the first or second embodiment shown in FIG.

  As illustrated in FIG. 27, the server apparatus 400 according to the fifth embodiment includes a storage unit 430 that includes a trusted path information storage unit 431 instead of the storage unit 230 in the server apparatus 200 according to the second embodiment. And a mail transmission unit 450 is included. Here, the trusted path information storage unit 431 holds at least one path that starts from the initial page and reaches the page information provided by the server apparatus 400 by following the link. The mail transmission unit 450 performs processing such as creation and transmission of mail.

  FIG. 28 shows an outline of the operation in the fifth embodiment.

  The server device 400 provides page information P1 including the link information L1 to the client device 300 (500, 700). Here, the URL included in the link information L1 includes an instruction to cause the mail transmission unit 450 of the server device 400 to transmit a mail. Specifically, it is a CGI URL for instructing mail transmission. When the user who operates the client device 300 (500, 700) selects the link information L1, the mail transmitting unit 450 is instructed to transmit mail, and the mail transmitting unit 450 first creates a mail text to be transmitted. Here, the mail text is an HTML mail text including link information L2 as in the mail text M1 shown in FIG.

  As shown in FIG. 27, attribute information recalculation information R1 is attached to the transmitted mail. Here, the attribute information recalculation information R1 is information necessary for the mail recipient to recalculate the mail page attribute information (for example, reliability), and is stored in the trusted path information storage unit 431. Created based on information. As an example of the attribute information recalculation information, there is a list including URLs that constitute a path that reaches a page information P1 by following a link from an initial page.

  The mail transmission unit 450 of the server device 400 transmits the mail thus created to the client device 700 via the network interface 210. The processing of the client device 700 that has received the mail is the same as in the case of the fourth embodiment.

  Hereinafter, with respect to the browsing processing procedure in the information browsing system of the present invention according to the fifth embodiment, the page information placed on the server device 400 is browsed by the client device 700 as an example, and the server shown in FIG. A description will be given according to the processing flow of the apparatus 400. Note that description of portions that are functions of a general Web server is omitted.

  When the client device 700 selects link information including a mail transmission instruction, the mail transmission unit 450 of the server device 400 is activated (S41). The mail sending unit 450 creates a mail text to be sent (S42), and then creates attribute information recalculation information (S43). Specifically, using the information included in the trusted path information storage unit 431, a list of URLs constituting a path starting from the initial page and following the link to the page information currently provided to the client device. is there.

  Next, the mail transmission unit 450 attaches the attribute information recalculation information to the mail (S44), and also adds a signature to the mail to be transmitted or performs encryption processing (S45). This prevents falsification of attribute information recalculation information. Note that there are S / MIME and PGP as methods for signing and encrypting mail. Finally, the mail transmission unit 450 transmits mail via the network interface 210 (S46). The address of the transmission destination may be specified by the mail transmission unit 450 or may be acquired from a page viewer through a Web FORM or the like.

  The flow of the client device 700 that has received the mail is the same as the flow of the client device 700 of the fourth embodiment shown in FIG.

  As described above, according to the information browsing system of the present invention according to the fifth embodiment, the contents of the linked page realized by the information browsing system of the present invention according to the first and second embodiments. Can be transmitted to a third party through a mail from the server device.

  Note that the link information included in the mail text in the fourth and fifth embodiments may include a URL including mailto described in the fourth embodiment. Further, the URL including the mail transmission instruction described in the fifth embodiment may be included.

  Also in the second to fifth embodiments, as in the case of the first embodiment, after step S2, all link information included in the page information stored in the page information storage unit 141 is Steps S5 and S6 may be omitted by verifying link validity and calculating page attribute information.

  In the information browsing system described above, link information has been described using an HTML anchor element. However, this may be described using another HTML element. For example, when a form (FORM) element is used, it can be used to guarantee the validity of a CGI program that is activated when a send button is pressed. In addition, when a link (LINK) element is used, it can be used to ensure the validity of an external script file or style sheet.

  Further, the client device and the server device described above record a program for realizing the function in a computer-readable recording medium, and execute the program recorded in the recording medium by causing the computer to read the program. May be. The computer-readable recording medium refers to a recording medium such as a flexible disk, a magneto-optical disk, and a CD-ROM, and a storage device such as a hard disk device built in the computer system. Further, the computer-readable recording medium is a medium that dynamically holds the program for a short time (transmission medium or transmission wave) as in the case of transmitting the program via the Internet, and in the computer serving as the server in that case Such as a volatile memory that holds a program for a certain period of time.

The block diagram which shows the information browsing system which concerns on the 1st Embodiment of this invention Explanatory drawing which shows the page information in the information browsing system which concerns on the 1st Embodiment of this invention The block diagram which shows the client apparatus which concerns on the 1st Embodiment of this invention The block diagram which shows the server apparatus which concerns on the 1st Embodiment of this invention Flowchart of processing in the client device according to the first embodiment of the present invention Explanatory drawing which shows the link setting procedure in the information browsing system which concerns on the 1st Embodiment of this invention Flowchart of modified processing in the client device according to the first embodiment of the present invention The block diagram which shows the client apparatus based on the 2nd Embodiment of this invention Explanatory drawing which shows the page information in the information browsing system which concerns on the 2nd Embodiment of this invention. Flowchart of processing in the client device according to the second embodiment of the present invention Explanatory drawing which shows the link setting procedure in the information browsing system which concerns on the 2nd Embodiment of this invention. The block diagram which shows the client apparatus which concerns on the 3rd Embodiment of this invention Explanatory drawing which shows the page attribute information in the information browsing system which concerns on the 3rd Embodiment of this invention. Explanatory drawing which shows the link information in the information browsing system which concerns on the 3rd Embodiment of this invention Explanatory drawing which shows the page attribute information temporarily stored in the client apparatus concerning the 3rd Embodiment of this invention Explanatory drawing which shows an example of the link information in the information browsing system which concerns on the 3rd Embodiment of this invention Flowchart of processing in the client device according to the third embodiment of the present invention Flowchart of detailed processing in step S6 in FIG. Flowchart of detailed processing in step S18 in FIG. Flowchart of detailed processing in step S10 in FIG. The block diagram which shows the client apparatus which concerns on the 4th Embodiment of this invention Explanatory drawing which shows the outline | summary of operation | movement in the information browsing system which concerns on the 4th Embodiment of this invention. Explanatory drawing which shows an example of URL contained in the link information in the information browsing system which concerns on the 4th Embodiment of this invention Flowchart of processing in the client device according to the fourth embodiment of the present invention Flowchart of processing in the client device according to the fourth embodiment of the present invention Flowchart of processing in the client device according to the fourth embodiment of the present invention The block diagram which shows the server apparatus based on the 5th Embodiment of this invention Explanatory drawing which shows the outline | summary of operation | movement in the information browsing system which concerns on the 5th Embodiment of this invention. Flowchart of processing in the server device according to the fifth embodiment of the present invention

Explanation of symbols

  10: Information browsing system, 20: Communication network, 100, 300, 500, 700: Client device, 200, 400: Server device, 110: Network interface, 120: Input unit, 130: Output unit, 140, 540, 740: Browsing unit, 141: page information storage unit, 142: page attribute information storage unit, 143: link information storage unit, 144: link verification key information storage unit, 145: browsing history storage unit, 146: page attribute information temporary storage unit, 150, 350: storage unit, 160: signature verification unit, 170: control unit, 210: network interface, 220: information providing unit, 230, 430: storage unit, 240: control unit, 431: trusted path information storage unit, 450 : Mail transmission unit, 547: page verification key information storage unit, 548: page verification key information temporary storage unit, 49: mailer section.

Claims (10)

A server device that provides page information including at least one link information, a client device that requests, acquires, and browses the page information, and a communication network that connects them,
The link information in the page information includes a URL indicating the position of the link destination page information, link verification key information indicating a key for verifying whether or not the link information included in the link destination page information has been tampered with, and a link source Link attribute information representing a calculation rule for obtaining the attribute of the page information of the link destination from the attribute of the page information, and link signature information for verifying whether or not the link information has been tampered with,
The client device includes at least a page information storage unit, a page attribute information storage unit, a link verification key information storage unit, and a signature verification unit,
Furthermore, the client device
A function of presenting page information stored in the page information storage unit to a user;
When the link information included in the presented page information is selected by the user, the signature verification unit uses the key stored in the link verification key information storage unit for the link signature information included in the link information. The link information is verified from the page attribute information stored in the page attribute information storage unit and the link attribute information included in the link information, and the trust level of the link destination page information indicated by the link information is verified. A function that calculates page attribute information that represents
Based on the verification result of the link information validity and the page attribute information of the page information of the link destination, if it is determined to acquire the page information of the link destination automatically or according to an instruction from the user, the server via the communication network An information browsing system comprising a function of requesting and acquiring page information indicated by a URL included in the link information from an apparatus. A server device that provides page information including at least one link information, a client device that requests, acquires, and browses the page information, and a communication network that connects them,
The page information includes page signature information for verifying whether or not the page information has been tampered with along with the link information. The link information in the page information includes a URL indicating the position of the link destination page information, the link destination Link attribute that represents the link verification key information that represents the key for verifying whether the link information included in the page information has been tampered with, and the calculation rule for obtaining the attribute of the link destination page information from the attribute of the link source page information Information, link signature information for verifying whether or not the link information has been tampered with, and page verification key information representing a key for verifying whether or not the link destination page information has been tampered with,
The client device includes at least a page information storage unit, a page attribute information storage unit, a link verification key information storage unit, a page verification key information storage unit, and a signature verification unit,
Furthermore, the client device
A function of presenting page information stored in the page information storage unit to a user;
When the link information included in the presented page information is selected by the user, the signature verification unit uses the key stored in the link verification key information storage unit for the link signature information included in the link information. The link information is verified from the page attribute information stored in the page attribute information storage unit and the link attribute information included in the link information, and the trust level of the link destination page information indicated by the link information is verified. A function that calculates page attribute information that represents
Based on the verification result of the link information validity and the page attribute information of the page information of the link destination, if it is determined to acquire the page information of the link destination automatically or according to an instruction from the user, the server via the communication network A function for requesting and obtaining the page information indicated by the URL included in the link information from the device;
A function for verifying the legitimacy of the page information by the signature verification unit using the key stored in the page verification key information storage unit for the page signature information included in the acquired page information;
An information browsing system comprising: a function for determining whether to store link destination page information in the page information storage unit based on a verification result of the validity of the page information. In the information browsing system according to claim 1 or 2,
The URL indicating the location of the linked page information includes mailto,
In addition to the above, the client device includes a link information storage unit and a mailer unit,
Further, in addition to the above, the client device includes:
A function for determining whether the link information stored in the link information storage unit includes mailto, and a function for starting the mailer unit if it includes mailto;
Attribute information recalculation information for recalculating the mail page attribute information is created, and the mailer unit attaches it to the mail containing the link information in the mail body, and sends it to the address specified in advance or input by the user Function to
When the mail is received by the mailer unit, the received mail body is regarded as page information, the page attribute information is recalculated from the attached attribute information recalculation information, and the link information storage unit is updated and the recalculation result is used. And a function for verifying the validity of the email. In the information browsing system according to claim 3,
The URL indicating the position of the page information of the link destination includes an instruction to send a mail to the server device,
The server device includes at least a mail transmission unit,
Furthermore, the server device
A function of activating the mail transmission unit when a link including the mail transmission instruction is selected in the client device;
Attribute information recalculation information for recalculating the page attribute information of the mail is created by the mail sending unit, and this is attached to the mail including the link information in the mail body, to the address designated in advance or designated by the user An information browsing system characterized by having a function to transmit. In the information browsing system in any one of Claims 1 thru | or 4,
Before the user selects link information, the verification of the validity of the link information included in the page information and the calculation of the page attribute information of the page information of the link destination are performed on all the link information included in the page information. An information browsing system characterized in that the verification result and the calculation result are stored, and the verification result and the calculation result stored when the user selects link information are used. A method for requesting and acquiring the page information from a client device via a communication network to a server device that provides page information including at least one link information, and allowing a user to browse the page information,
The link destination based on the URL indicating the position of the link destination page information, the link verification key information indicating the key for verifying whether the link information included in the link destination page information has been tampered with, and the attributes of the link source page information Page information including link information including at least link attribute information representing a calculation rule for obtaining the attribute of the page information and link signature information for verifying whether the link information has been tampered with,
A client device comprising at least a page information storage unit, a page attribute information storage unit, a link verification key information storage unit, and a signature verification unit,
Present the page information stored in the page information storage unit to the user,
When the link information included in the presented page information is selected by the user, the signature verification unit uses the key stored in the link verification key information storage unit for the link signature information included in the link information. The link information is verified from the page attribute information stored in the page attribute information storage unit and the link attribute information included in the link information, and the trust level of the link destination page information indicated by the link information is verified. Calculate page attribute information that represents
Based on the verification result of the link information validity and the page attribute information of the page information of the link destination, if it is determined to acquire the page information of the link destination automatically or according to an instruction from the user, the server via the communication network An information browsing method comprising: requesting and obtaining the page information indicated by the URL included in the link information from the apparatus. A method for requesting and acquiring the page information from a client device via a communication network to a server device that provides page information including at least one link information, and allowing a user to browse the page information,
The link destination based on the URL indicating the position of the link destination page information, the link verification key information indicating the key for verifying whether the link information included in the link destination page information has been tampered with, and the attributes of the link source page information Link attribute information representing calculation rules for obtaining page information attributes, link signature information for verifying whether or not the link information has been tampered with, and a key for verifying whether or not the link destination page information has been tampered with Using page information including page signature information for verifying whether or not the page information has been tampered with, together with link information including at least page verification key information representing
A client device comprising at least a page information storage unit, a page attribute information storage unit, a link verification key information storage unit, a page verification key information storage unit, and a signature verification unit,
Present the page information stored in the page information storage unit to the user,
When the link information included in the presented page information is selected by the user, the signature verification unit uses the key stored in the link verification key information storage unit for the link signature information included in the link information. The link information is verified from the page attribute information stored in the page attribute information storage unit and the link attribute information included in the link information, and the trust level of the link destination page information indicated by the link information is verified. Calculate page attribute information that represents
Based on the verification result of the link information validity and the page attribute information of the page information of the link destination, if it is determined to acquire the page information of the link destination automatically or according to an instruction from the user, the server via the communication network Requesting and obtaining the page information indicated by the URL included in the link information from the device;
Using the key stored in the page verification key information storage unit for the page signature information included in the acquired page information, the signature verification unit verifies the validity of the page information,
An information browsing method, comprising: determining whether to store link destination page information in the page information storage unit based on a verification result of the validity of the page information. In the information browsing method according to claim 6 or 7,
Use the URL that indicates the location of the linked page information including mailto,
In addition to the above, a client device including a link information storage unit and a mailer unit,
Determine whether the link information stored in the link information storage unit includes mailto, and if the mail information includes mailto, start the mailer unit,
Attribute information recalculation information for recalculating the mail page attribute information is created, and the mailer unit attaches it to the mail containing the link information in the mail body, and sends it to the address specified in advance or input by the user And
When the mail is received by the mailer unit, the received mail body is regarded as page information, the page attribute information is recalculated from the attached attribute information recalculation information, and the link information storage unit is updated and the recalculation result is used. An information browsing method characterized by verifying the validity of the email. In the information browsing method of Claim 8,
Using a URL indicating the location of the linked page information including an instruction to send a mail to the server device,
A server device having at least a mail transmission unit
When the link including the mail transmission instruction is selected in the client device, the mail transmission unit is activated,
Attribute information recalculation information for recalculating the page attribute information of the mail is created by the mail sending unit, and this is attached to the mail including the link information in the mail body, to the address designated in advance or designated by the user An information browsing method characterized by transmitting. In the information browsing method in any one of Claims 6 thru | or 9,
Before the user selects link information, the verification of the validity of the link information included in the page information and the calculation of the page attribute information of the page information of the link destination are performed on all the link information included in the page information. An information browsing method comprising: performing a verification result and a calculation result, and using the verification result and the calculation result stored when the user selects link information.

Images