JP4869956B2 - Web page authenticity confirmation device, web page authenticity confirmation method, program, and web page authenticity confirmation system - Google Patents

Description

The present invention, by checking the authenticity of the web page having an input field of the string, to limit the leakage of personal information, web page authenticity check equipment, cormorant Ebupeji authenticity sure how, programs and web It relates to a page authenticity confirmation system .

In an electronic payment system that uses a web page distributed by a web server connected to the Internet to make purchases and pay for the products, bank payments and card payments of the products can be made by sending account numbers, card numbers, etc. to the web server. Although there are cases where this is done, crimes that illegally obtain or misuse account numbers, card numbers, etc., have occurred due to a technique called phishing that disguises these settlement procedures. For example, this technique called phishing was mistaken for a web page provided by a malicious administrator (hereinafter referred to as a true administrator) in a Web page provided by a malicious Web server administrator (hereinafter referred to as a fake administrator). A web page user enters an account number, a card number, etc., and transmits them. In order to prevent leakage of personal information such as account numbers and card numbers by these procedures (preventing phishing), a program that authenticates the legitimacy of the page on the user's terminal etc. and a browser plug-in, etc. For example, a system described in the following document has been devised.
Japanese Patent Application No. 2005-166854 “Web page authenticity confirmation device, web page authenticity confirmation method and program” “SecureBrain PhishWall”, SecureBrain Corporation, “online”, “May 18, 2005 search”, Internet <URL: http://www.securebrain.co.jp/products/phishwall/index.html> “PhishSafe Product Introduction”, eSecurity Japan Co., Ltd., “online”, “May 18, 2005 search”, Internet <URL: http://www.esecurity.co.jp/products/papers/PhishSafeDetail. pdf> “Website authenticity confirmation system using certification marks”, JPO, “online”, Internet <URL: http://www.jpo.go.jp/shiryou/s_sonota/hyoujun_gijutsu/denshi_sukashi/2_b_4.htm>

Conventionally, by embedding information certified by an accreditation body in an image such as a certification mark on a web page using digital watermark technology, for example, information such as identification information (URL, etc.) or expiration date of a web page to be certified The authenticity of the web page is verified. However, when information is embedded in an image such as a certification mark by the digital watermark technology, there are the following problems.

If the amount of information embedded in an image is increased, the image will deteriorate significantly, and it may be perceived that digital watermark processing has been performed, and it may be recognized that the image is a digital watermark image. For this reason, the amount of information embedded in one digital watermark is limited depending on the image size and the color tone of the image, and there is a limit to adding the information amount for improving the service function level. In particular, for companies, etc., the image to be digitally watermarked is often a specific mark (logo mark, etc.), for embedding long URL information, or for controlling a dedicated program for authenticating authenticity In the case of embedding additional information such as the control flag and the expiration date, there is a limit to the amount of information to be embedded.

Further, even if the digital watermark information is changed by processing an image in which the digital watermark is embedded, it is difficult to detect the change or restore correction depending on one digital watermark.

Therefore, the present invention solves these problems by providing a correspondence relationship between two or more digital watermarks when embedding information in an image such as a certification mark by digital watermark technology.

The present invention has been made to solve the above-described problems, and is a relationship between two or more pieces of digital watermark information, wherein the two or more pieces of information are composed of the same ID and different serial numbers. Digital watermark information generating means for generating two or more digital watermark information having a parent-child relationship that includes a relationship including: a process for detecting a transmission instruction of a character string input to a character input field of a web page; and A process for determining whether or not two or more digital watermark information having the parent-child relationship is embedded; a process for comparing the input character string with a character string stored in advance by a registration instruction; and the digital watermark information when is embedded, identification of the web page that is determined electronic watermark identification information included in the two or more electronic watermark information having the parent-child relationship from the web page Processing for transmitting web page authenticity determination request information including at least information to the web page authenticity confirmation device, and when the authenticity determination result returned in response to the web page authenticity determination request information indicates true Characters stored in accordance with a registration instruction in advance in the comparison of the character strings in the case where the processing for performing transmission permission of the character strings and the two or more digital watermark information having the parent-child relationship are not embedded Authenticity request information transmission program for transmitting to the terminal a true / false determination request information transmission program for causing a computer of the terminal to execute a process of stopping the transmission process of the input character string when the string matches A true / false determination table that stores a true / false determination table indicating a normal correspondence between the transmission means and the digital watermark identification information and the web page identification information; Whether or not the correspondence between the electronic watermark identification information included in the web page authenticity determination request information received from the terminal and the identification information of the web page is recorded in the authenticity determination table. Authenticity determination means for transmitting the authenticity determination result indicating the trueness of the web page to the terminal when it is determined that the correspondence relationship is recorded. This is a web page authenticity confirmation device.

Further, according to the present invention, the above-described web page authenticity confirmation device includes a process in which each of the electronic watermark information generation unit and the authenticity determination unit is provided in a separate server connected via a communication network. The web page authenticity determination request information is transmitted to a server having the authenticity determination means.

Also, in the present invention, the authenticity determination request information transmission program is configured to display a screen for prompting registration of the character string on the display unit of the terminal in advance, and the character string when the character string registration instruction is received. And a process of transmitting the web page authenticity determination request information when the character string input in the input field matches the character string stored by the registration instruction. It is characterized by being.

Further, the present invention is characterized in that the digital watermark information generating means of the above-described web page authenticity confirmation device generates two or more digital watermark information having the correspondence relationship for each of different web pages.

Further, according to the present invention, the authenticity determination table holds a normal correspondence between identification information of two or more digital watermark information having a correspondence held in a plurality of designated web pages and the URL of the web page. It is characterized by doing.

The present invention is also a web page authenticity confirmation method in a web page authenticity confirmation device, wherein the digital watermark information generation means is a relationship between two or more pieces of digital watermark information, and the two or more pieces of information are Two or more digital watermark information having a parent-child relationship that includes a digital watermark identification information composed of the same ID and different serial numbers is generated, and the authenticity request information transmission program transmission means enters the character input field of the web page. A process for detecting a transmission instruction of the input character string, a process for determining whether or not two or more digital watermark information having the parent-child relationship is embedded in the web page, and the input character string a process of comparing the string stored by the registration instruction, the electronic watermark identification information included in the two or more electronic watermark information having the parent-child relationship from the web page Processing to send web page authenticity determination request information including at least the identification information of the web page to be set to the web page authenticity confirmation device, and authenticity determination returned according to the web page authenticity determination request information The process of permitting transmission of the character string when the result indicates true, and the input character string in the comparison of the character strings when two or more pieces of digital watermark information having the parent-child relationship are not embedded. When the terminal and the character string stored in advance by the registration instruction match, a processing for stopping the transmission processing of the input character string and a process for transmitting the authenticity determination request information to the terminal computer are executed to the terminal. The authenticity determination table storage means transmits a true / false determination table indicating a normal correspondence between the digital watermark identification information and the web page identification information. The authenticity determination unit records the correspondence between the digital watermark identification information included in the web page authenticity determination request information received from the terminal and the identification information of the web page in the authenticity determination table. And determining whether or not the correspondence relationship is recorded as a result, and transmitting the true / false determination result indicating the trueness of the web page to the terminal. This is a page authenticity confirmation method.

The present invention is also a program to be executed by a computer of a web page authenticity confirmation device, which is a relationship between two or more pieces of digital watermark information, wherein the two or more pieces of information have the same ID and different serial numbers. A process for generating two or more digital watermark information having a parent-child relationship that includes a digital watermark identification information comprising: a process for detecting a transmission instruction for a character string input to a character input field of a web page; A process of determining whether or not two or more digital watermark information having the parent-child relationship is embedded in a page; a process of comparing the input character string with a character string stored in advance according to a registration instruction; When watermark information is embedded, it is determined from the digital watermark identification information included in the two or more digital watermark information having the parent-child relationship and the web page. Processing for causing the web page authenticity confirmation device to transmit web page authenticity determination request information including at least the identification information of the web page, and the authenticity determination result returned in response to the web page authenticity determination request information is true. In the case where two or more pieces of digital watermark information having the parent-child relationship are not embedded, and the input character string is registered in advance in the comparison of the character strings. a process of stopping the transmission process of the string the input if a string stored by instruction match, the authenticity determination request information transmission program to be executed by the end end of the computer, and transmits to the terminal Correspondence between the electronic watermark identification information included in the web page authenticity determination request information received from the terminal and the web page identification information The person in charge determines whether or not the information is recorded in the authenticity determination table indicating the normal correspondence between the electronic watermark identification information stored in the authenticity determination table storage means and the identification information of the web page, and as a result, When it is determined that a correspondence relationship is recorded, the program causes the computer to execute processing for transmitting the authenticity determination result indicating the trueness of the web page to the terminal.

The present invention is also a web page authenticity confirmation system in which a management server and a true / false determination server are connected via a communication network, wherein the management server is a relationship between two or more pieces of digital watermark information. Digital watermark information generating means for generating two or more digital watermark information having a parent-child relationship in which the two or more information includes a digital watermark identification information including the same ID and different serial numbers; A process for detecting a transmission instruction of a character string input to the input field, a process for determining whether or not two or more digital watermark information having the parent-child relationship is embedded in the web page, and the input character A process of comparing a string with a character string stored in advance according to a registration instruction, and two or more electronic watermarks having the parent-child relationship when the digital watermark information is embedded Processing for transmitting web page authenticity determination request information including at least the electronic watermark identification information included in the information and the identification information of the web page determined from the web page to the authenticity determination server, and the web page authenticity A process for permitting transmission of the character string when the authenticity determination result returned in response to the determination request information indicates true, and a case where two or more pieces of digital watermark information having the parent-child relationship are not embedded. executed by a computer of a terminus of a process of stopping the transmission process of the string the input if a character string stored in advance by registration instruction to the input character string in the comparison of the strings match A true / false determination request information transmission program for sending to the terminal a true / false request information transmission program transmission means, Included in the true / false determination table storage means for storing the true / false determination table indicating the normal correspondence between the electronic watermark identification information and the identification information of the web page, and the web page authenticity determination request information received from the terminal When the correspondence between the digital watermark identification information and the web page identification information is recorded in the authenticity determination table, and as a result, it is determined that the correspondence is recorded A web page authenticity confirmation system comprising: authenticity determination means for transmitting the authenticity determination result indicating the authenticity of the webpage to the terminal.

  According to the present invention, the authenticity determination server performs authenticity determination based on the ID of the digital watermark information, the expiration date, and the URL of the web page. Then, according to the determination result of the authenticity determination server, the terminal confirms the authenticity of the web page distributed from the web server, and transmits the character information on the communication network. Thereby, the distribution of the character string important for security registered by the user to the communication network can be stopped when the digital watermark information is not correct. Therefore, it is possible to prevent leakage of important character strings (personal information such as IDs, passwords, credit card numbers, and mail addresses, and other important information) to a fake web page distributed by a fake web server or the like.

  In addition, since the determination of the authenticity of the registered web page is performed by the authenticity determination server without adding or deleting the “true” or “false” web page on the terminal, the user who uses it However, it is not necessary to set the terminal, and the user's labor can be reduced.

  In addition, when the web page authenticity determination between the web server and the terminal is implemented, if a different web page authenticity determination method is implemented for each website, the terminal has a mechanism corresponding to each method. Although it must be incorporated, the authenticity of the web pages distributed by multiple websites can be determined by the same authentication mechanism by adding a true / false determination server and determining the authenticity of the web page between the three parties. Will be able to.

In addition, URL information consisting of a long character string in one digital watermark and additional information used for authentication may be unable to be embedded because the amount of information is limited. By distributing and embedding, the restriction on the amount of information embedded in the digital watermark is eliminated, and the expandability of the system is obtained.

Furthermore, even if the information embedded in the digital watermark is changed due to alteration or modification of the digital watermark, the change is detected or restored by providing a correspondence relationship between two or more digital watermark information. Security improvement can be expected.

Hereinafter, a web page authenticity confirmation system according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a web page authenticity confirmation system according to the embodiment. In this figure, reference numeral 1 denotes a management server that generates various information and programs used for web page authenticity confirmation and transmits the information to other devices. Reference numeral 2 denotes a true / false determination server that performs true / false determination of a web page based on a request from a terminal. Reference numeral 3 is a regular web server, and 4 is a fake web server that illegally distributes a copy of a web page distributed by the regular web server 3. Reference numeral 5 denotes a terminal such as a PC, a mobile phone, or a PDA. These management server 1, authenticity determination server 2, regular web server 3, fake web server 4, and terminal 5 are connected via a communication network, and the web page authenticity is determined by each server except for the fake web server 4. A verification system is configured. In addition, although the management server 1, the authenticity determination server 2, and the regular web server 3 are illustrated as separate servers, the processing of each server may be configured on the same server.

FIG. 2 is a diagram showing functional blocks of each server. In the management server 1 in this figure, reference numeral 11 denotes a communication processing unit that transmits and receives information to and from other servers and the terminal 5. A control unit 12 controls each processing unit of the management server 1. Reference numeral 13 denotes a digital watermark information generation unit that generates two or more digital watermark information having a correspondence relationship embedded in a web page distributed by the regular web server 3. Reference numeral 14 denotes a true / false determination request program distribution unit that distributes a program for transmitting web page authenticity determination request information to the authenticity determination server 2 in the terminal 5 (hereinafter referred to as a true / false determination request program). Reference numeral 15 denotes a process for generating a true / false determination table used by the true / false determination server 2 for determining the authenticity of a web page, a process for transmitting a check program for true / false determination to the true / false determination server 2, and electronic watermark information. It is a management unit that performs processing to transmit to the regular web server 3 and processing to transmit the authenticity determination request program to the terminal 5. Reference numeral 16 denotes a database for storing various information.

In the authenticity determination server 2, reference numeral 21 denotes a communication processing unit that transmits and receives information to and from other servers and the terminal 5. Reference numeral 22 denotes a control unit that controls each processing unit of the authenticity determination server 2. Reference numeral 23 denotes a true / false determination processing unit that performs a true / false determination process for the web page. A database 24 stores various information. Reference numeral 25 denotes a warning information notification unit for notifying the normal web server 3 of the warning information when it is determined in the web page authenticity determination that the web page is false.

In the regular web server 3, reference numeral 31 denotes a communication processing unit that transmits information to each server and the terminal 5. A control unit 32 controls each processing unit of the regular web server 3. Reference numeral 33 denotes a web server processing unit that performs processing of the web server. Reference numeral 34 denotes a storage unit.

FIG. 3 is a diagram showing functional blocks of the terminal. In this figure, reference numeral 51 denotes a communication processing unit that transmits / receives information to / from each server. A control unit 52 controls each processing unit in the terminal 5. A web browser processing unit 53 performs web browser processing. A character string registration unit 54 displays a screen for prompting registration of a character string on the display unit of the terminal 5 and performs processing for storing the character string when an instruction to register the character string is received. 55 is a process for determining whether or not to transmit web page authenticity determination request information using two or more digital watermark information having a correspondence relationship embedded in the web page, and generating the information and transmitting it to the authenticity determination server 2 A true / false determination request processing unit. 56 is input to the input page of the web page based on the result data of the true / false determination acquired from the true / false determination server 2 in response to the transmission of the web page authenticity determination request information to the true / false determination server 2. It is a character string transmission availability notification unit that notifies the web browser processing unit 53 of continuation or cancellation of transmission of a character string to the communication network. Reference numeral 57 denotes a storage unit for storing various information.

In the web page authenticity confirmation system, the authorized web server 3 delivers a web page embedded with two or more pieces of digital watermark information having the correspondence generated by the management server 1 and receives the web page. When the terminal 5 detects an input of a character string in the input field or a transmission instruction thereof, the authenticity determination server uses at least the identification information of the digital watermark information and the URL of the web page (web page identification information). Request 2 for authenticity of web page. Then, as a result of the request, the terminal 5 performs processing for determining whether to continue or stop the transmission of the character string on the communication network based on the authenticity determination result transmitted from the authenticity determination server 2.

Next, details of processing of the web page authenticity confirmation system will be described. FIG. 4 is a diagram showing a registration setting flow of the web page authenticity confirmation system. First, when the administrator of the authorized web server 3 creates a web page that prompts the user to enter a character entry field (for example, a character string such as a password, ID, account number, or credit card number), the authenticity confirmation of the web page is confirmed. In order to perform registration processing in the system, the management server 1 is accessed using the regular web server 3 and a request for digital watermark information is instructed. At this time, a request for requesting digital watermark information is transmitted from the regular web server 3 to the management server 1 (step S101). When the digital watermark information generation unit 13 of the management server 1 accepts a request for digital watermark information via the communication processing unit 11, the digital watermark information generation unit 13 issues a digital watermark ID, and the digital watermark ID, the expiration date of the digital watermark, Two or more pieces of electronic watermark information having a correspondence relationship including the URL of the fake determination server 2 are generated (step S102).
Furthermore, the correspondence relationship includes additional information such as a control flag for controlling the authenticity determination request program downloaded to the terminal 5 and a control flag for controlling the check program used by the authenticity determination server 2. Two or more pieces of digital watermark information having the following may be generated.

Here, generation of two or more pieces of digital watermark information having a correspondence relationship will be described in detail. 9 and 10 are diagrams illustrating two or more pieces of digital watermark information having a correspondence relationship with one piece of digital watermark information.
Two or more pieces of electronic watermark information having a correspondence relationship are generated so as to hold information having a parent-child relationship, for example. The information having a parent-child relationship refers to, for example, two or more pieces of digital watermark information, which hold the same digital watermark ID between the parent and child and further indicate a serial number indicating the parent-child relationship (for example, 0 for the parent and 1 and 2 for the child). 3,...) Are held so as to have a parent-child relationship. Alternatively, the parent and child digital watermark IDs may be generated so as to hold different IDs between the parent, the child and the child, and the child further holds the parent digital watermark ID. Further, an ID system with a branch number is assigned when the digital watermark ID is assigned. For example, when the digital watermark ID before the branch number is assigned as 100, the ID system with a branch number is applied, and the parent digital watermark ID is applied. Is generated to be 100-0 (or 1000), and the digital watermark ID of the child is 100-1, 100-2, 100-3,... (Or 1001, 1002, 1003,...) You may make it have parent-child relationship. (In the following description, information having a correspondence relationship such as the parent-child relationship described above refers to information such as a digital watermark ID and a serial number indicating the parent-child relationship. Is a digital watermark ID held by the parent digital watermark information among the information held in two or more pieces of digital watermark information having a correspondence relationship.)

Then, the information is distributed and held as follows in the two or more pieces of digital watermark information generated so as to have a correspondence relationship. For example, in the case of two digital watermark information of a parent and a child, the digital watermark information of the parent holds the expiration date of the digital watermark and the URL of the authenticity determination server 2 in addition to the information having the correspondence relationship, The electronic watermark information includes a control flag for controlling the authenticity determination request program downloaded to the terminal 5 and a control for controlling the check program used by the authenticity determination server 2 in addition to information having a correspondence relationship. Additional information such as a flag is held.
Until now, the embedding destination of digital watermark information has often been decided to be a specific image such as a logo mark set on a web page depending on the company, etc., and depending on the image such as a logo mark, it is embedded in one image There was an upper limit on the amount of information that could be done. However, since information is distributed and held in two or more pieces of digital watermark information as described above and used as one piece of digital watermark information, the amount of information to be held is not limited.

In addition, when information is distributed and held in two or more pieces of digital watermark information generated so as to include information having a correspondence relationship, a part or all of the information to be held may be held in an overlapping manner. . For example, in the case of two pieces of digital watermark information of a parent and a child, the parent digital watermark information holds the validity period of the digital watermark and the URL of the authenticity determination server 2 in addition to the information indicating the digital watermark ID and the parent-child relationship In addition to the information indicating the digital watermark ID and the parent-child relationship, the child digital watermark information includes a URL of the authenticity determination server 2 and a control flag for controlling the authenticity determination request program downloaded to the terminal 5. Additional information such as a control flag for controlling the check program used in the fake determination server 2 is held. In other words, the URL of the authenticity determination server 2 is held redundantly in the two digital watermark information of the parent and the child.

Further, when information is held redundantly in two or more pieces of digital watermark information, an information check digit held in the digital watermark may be added.
In addition, information to be held in a digital watermark is generated as some electronic tally using a digital tally technique (incomplete secret sharing method), and the electronic tally is distributed and held in two or more pieces of digital watermark information. Good. For example, the electronic tally A1, A2, A3 is generated from the URL of the true / false determination server 2 using the electronic tally technology, the electronic watermark information A1, A2 is held in the parent watermark information, and the child watermark information is stored in the child watermark information. You may make it hold | maintain electronic tally A2, A3.
With the above processing, generation of two or more pieces of digital watermark information having a correspondence relationship in the digital watermark information generation unit 13 is completed.

  Next, the digital watermark information generation unit 13 receives, for example, information on a web page in which the management server 1 stores the digital watermark information from the regular web server 3 and outputs two or more pieces of digital watermark information having a correspondence relationship with the web page. An embedding process is performed, and the web page data in which the digital watermark information is embedded is returned to the regular web server 3 (step S103). Alternatively, in the process of step S103, the digital watermark information generation unit 13 transmits two or more pieces of digital watermark information having a correspondence relationship to the regular web server 3, and the regular web server 3 embeds the digital watermark information in the target web page. I do. The digital watermark information may be embedded in an image such as a logo mark set on the web page, in addition to being embedded in the web page. As a result, two or more pieces of electronic watermark information having a corresponding relationship are embedded in the web page distributed by the regular web server 3.

Note that the two or more pieces of electronic watermark information having a corresponding relationship embedded in the web page may be information obtained by encrypting the electronic watermark ID, the expiration date of the electronic watermark, and the URL of the authenticity determination server 2. Further, the management server 1 may generate other information such as a QR code instead of the digital watermark information, and embed the information in a web page. The management server 1 records the digital watermark ID included in the digital watermark information and the digital watermark expiration date in the server issue table of the database 16 in association with each other. In addition, two or more pieces of electronic watermark information having a correspondence relationship are generated for each target web page for which a request is made.

  When two or more pieces of electronic watermark information having a correspondence relationship are transmitted to the regular web server 3, the management unit 15 of the management server 1 next checks the authenticity of the web page recorded in the database 16 or the like in advance. Is transmitted from the legitimate web server 3 to the specified authenticity determination server 2 (step S104). If the check program has already been transmitted to the authenticity determination server 2, this process is omitted. The authenticity determination server 2 may be a server designated by the administrator of the regular web server 3 or a predetermined server. Then, the management unit 15 includes the electronic watermark ID, the URL of the web page in which the electronic watermark information is embedded, and the expiration date of the electronic watermark included in the two or more electronic watermark information having the correspondence relationship transmitted to the regular web server 3. Are transmitted to the authenticity determination server 2 (step S105). Further, additional information such as a control flag for controlling the check program used in the authenticity determination server 2 may be transmitted.

  In addition, the management unit 15 associates the digital watermark ID recorded after the transmission of the digital watermark information with the server issue table and the digital watermark expiration date, and the ID of the check program used in the authenticity determination server 2; The expiration date of the check program, the URL of the web page in which two or more pieces of electronic watermark information having a corresponding relationship are embedded, and the URL of the authenticity determination server that is the transmission destination of the check program are recorded. The authenticity determination server 2 writes the received electronic watermark ID, web page URL, and electronic watermark expiration date in association with the authenticity determination table stored in the database 24. When there are a plurality of web pages in which two or more digital watermark information having a correspondence relationship is embedded, a correspondence relationship between a plurality of digital watermark IDs, web page URLs, and expiration dates of the digital watermark is recorded in the authenticity determination table. It becomes. With the above processing, the setting of the web page authenticity confirmation system on the server side is completed.

FIG. 5 is a diagram illustrating information recorded in the server issue table.
As shown in this figure, the server issue table held in the database 16 is used by the digital watermark ID embedded in the web page distributed by the regular web server, the digital watermark expiration date, and the authenticity determination server 2. The ID of the check program, the expiration date of the check program, the URL of the web page in which two or more pieces of electronic watermark information having a corresponding relationship are embedded, and the URL of the authenticity determination server that is the transmission destination of the check program are associated with each other. To be recorded. Further, additional information such as a control flag for controlling a check program used in the authenticity determination server may be recorded in association with each other.

  On the server side, registration setting for the web page authenticity confirmation system is performed on the server side. On the terminal side, the terminal 5 accesses the management server 1 by the operation of the terminal 5 by the user, and download request for the authenticity determination request program. Is notified (step S106). When the management server 1 receives this notification, the authenticity determination request program distribution unit 14 reads the authenticity determination request program from the database 16 and distributes it to the terminal 5 (step S107). Here, the authenticity determination request program is executed in the terminal 5, whereby the processing functions of the character string registration unit 54, the authenticity determination request processing unit 55, and the character string transmission availability notification unit 56 are provided inside the terminal 5. Constitute.

  When the authenticity determination request program is executed by the user's operation on the terminal 5, the program first determines whether the authenticity determination request program is already implemented (step S108), and the forged authenticity determination request. It is determined whether or not the program is installed (step S109). Next, the character string registration unit 54 configured in the terminal 5 displays a character string registration screen on the display unit, and information on character strings such as IDs and passwords to be prevented from leaking information, names of the character strings, and the like. Registration is urged (step S110). When character string information is input by the user, the character string registration unit 54 stores the character string as a monitoring target character string in a setting file such as a storage unit. At this time, the character string registration unit 54 may encrypt and store the monitoring target character string. Then, the authenticity determination request processing unit 55 then performs a process of constantly monitoring the transmission process of the character string input in the input field of the web page received by the web browser processing unit 53 (step S111). The authenticity determination request program stores information on the ID and expiration date of the program, and the information is also recorded in the storage unit 57 as a setting file or the like. The authenticity determination request program may be a program in a format such as a plug-in installed in a web browser, or may be a format such as a program resident in the computer of the terminal 5. With the above processing, the setting of the web page authenticity confirmation system on the terminal side is completed.

FIG. 6 is a diagram showing information recorded in the terminal issue table.
As shown in FIG. 6, the management unit 15 of the management server 1 associates the authenticity determination request program ID, the validity determination request program expiration date, and the IP address of the destination terminal in the terminal issue table. Record. Furthermore, additional information such as a control flag for controlling the authenticity determination request program may be recorded in association with each other.

FIG. 7 is a first diagram showing a processing flow of web page authenticity determination.
Next, web page authenticity determination processing will be described.
First, it is assumed that the web browser processing unit 53 transmits a web page distribution request to the regular web server 3 by an operation of the user of the terminal 5. Then, the web server processing unit 33 of the regular web server 3 distributes to the terminal 5 a web page in which two or more pieces of electronic watermark information having a character input column and corresponding relationship are embedded (step S201). In the terminal 5, the web browser processing unit 53 displays the web page distributed from the regular web server 3 on the display unit.

  Here, it is assumed that a character string is input to the input column of the web page displayed on the display unit of the terminal 5 by a user operation, and a transmission instruction for the character string is issued (step S202). At this time, the authenticity determination request processing unit 55 of the terminal 5 instructs the web browser processing unit 53 to temporarily hold the transmission of the character string. Then, the authenticity determination request processing unit 55 notifies the user of the start of authenticity determination by displaying, for example, “authenticating authenticity” on the display unit of the terminal 5, and two or more electronic devices having a correspondence relationship embedded in the web page. It is determined whether or not the watermark information is predetermined digital watermark information. If the watermark information is encrypted, the digital watermark information is decrypted.

Here, it will be described in detail whether or not two or more pieces of digital watermark information having a correspondence relationship embedded in a web page are predetermined digital watermark information.
First, two or more embedded digital watermark information is acquired from the web page displayed on the display unit. Information having a correspondence relationship is obtained from the obtained digital watermark information, and the correspondence relationship between two or more pieces of digital watermark information is determined.
For example, when two or more pieces of digital watermark information have a parent-child relationship generated using the same digital watermark ID and serial number, the parent-child relationship is specified by the same digital watermark ID, and the parent-child relationship and child rank are determined by the serial number. To judge. When the parent-child relationship is generated such that two or more pieces of digital watermark information use different digital watermark IDs for the parent and child and the children, and the child holds the parent digital watermark ID, the parent held by the child The parent-child relationship may be specified by the same digital watermark ID and the digital watermark ID held by the parent, and the children's rank may be determined by the children based on the size of the digital watermark ID held by each other. When two or more pieces of digital watermark information generate a parent-child relationship based on the ID scheme of the digital watermark ID, the identification of the parent-child relationship and the order of children are determined based on the ID scheme.
As described above, the correspondence between two or more pieces of digital watermark information can be determined, and information held by two or more pieces of digital watermark information can be acquired.

Next, when two or more pieces of digital watermark information are redundantly held, the information that is duplicated is compared to determine whether the digital watermark information has been changed. For example, when the authenticity determination server URL is duplicated and held in each of the parent and child digital watermark information, the authenticity determination server URL and the child electronic watermark information held in the parent digital watermark information are stored. The URL of the authenticity determination server held in the watermark information is compared. As a result, if they do not match, the user may be warned even if any digital watermark information has been changed.
In this way, by holding information redundantly in two or more pieces of digital watermark information having a correspondence relationship, if there is a mismatch between the duplicate information, any digital watermark information is It becomes possible to judge that it has been changed or damaged.

Furthermore, when two or more pieces of digital watermark information having a correspondence relationship are held redundantly and a check digit is added to each of them, the following processing may be performed. First, an error is detected using a check digit for each of two or more pieces of digital watermark information. As a result, if an error is detected in one of the digital watermark information, the information held in duplicate is based on the information held in the other digital watermark information in which no error is detected. The information held in the digital watermark information in which an error is detected may be restored (overwritten), and the subsequent processing may be continued. For example, when two digital watermark information of a parent and a child hold the URL of the authenticity determination server redundantly and a check digit is added to each URL, each of the digital watermark information of the parent and the child Use check digits to detect errors. As a result, if an error is detected in the authenticity determination server URL held by the parent digital watermark information, the error is restored based on the authenticity determination server URL held by the child digital watermark information.
On the other hand, when information held in two or more electronic watermark information is generated and held as several electronic tally using the electronic tally technology, if some electronic tally is changed, The original information may be restored using the remaining electronic tally by the tally technique, and the process may be continued.
In this way, by holding information redundantly with respect to two or more pieces of digital watermark information having a correspondence relationship, or holding information using a digital tally technique, one piece of information held in the digital watermark information is stored. Even when the information of the part is changed or damaged, the original information is restored and the generation of the web page authenticity determination request information can be continued.
With the above processing, the determination processing as to whether or not the two or more pieces of digital watermark information having the correspondence embedded in the web page in the authenticity determination request processing unit 55 is the predetermined digital watermark information is completed.

Next, it is determined whether or not it is within the expiration date from the digital watermark information. If it is within the expiration date, web page authenticity determination request information is generated (step S203). The authenticity determination request processing unit 55 may encrypt the web page authenticity determination request information.

Here, the web page authenticity determination request information includes the IP address of the terminal 5, the authenticity determination request program ID and expiration date, the authenticity determination server URL, the ID and expiration date of the digital watermark information embedded in the web page, Information on the creation date and time of the web page URL and web page authenticity determination request information is stored. These pieces of information are read from two or more digital watermark information having a corresponding relationship, a web page, or a setting file held in the storage unit 57. When the web page authenticity determination request information is generated, the authenticity determination request processing unit 55 transmits the web page authenticity determination request information to the authenticity determination server URL held by the web page authenticity determination request information. Then, a true / false determination request is made (step S204).
The authenticity determination request processing unit 55 of the terminal 5 reads the character string instructed to be transmitted from the web browser processing unit 53, compares it with the monitoring target character string recorded in the setting file of the storage unit 57, and is instructed to transmit. The authenticity determination request may be made only when the detected character string matches the monitored character string.

  In the authenticity determination server 2, when the web page authenticity determination request information is received, the authenticity determination processing unit 23 decrypts the web page authenticity determination request information if encrypted, and the web page The ID and validity period of the authenticity determination request program stored in the authenticity determination request information, the ID of the digital watermark information, the URL of the web page in which two or more digital watermark information having a corresponding relationship is embedded, and the validity of the digital watermark Read the deadline. Further, the authenticity determination processing unit 23 reads the Web page URL and electronic watermark expiration date recorded in the authenticity determination table in association with the ID of the electronic watermark information read from the Web page authenticity determination request information. Then, it is determined whether or not the ID system (such as the number of ID characters) of the authenticity determination request program ID is correct, whether or not the validity period of the authenticity determination request program has passed, and the ID system of the digital watermark ID is Correspondence relationship between the electronic watermark ID read from the web page authenticity determination request information and the URL of the web page in which the electronic watermark is embedded, whether or not it is correct, whether or not the expiration date of the electronic watermark has passed Is recorded in the authenticity determination table (step S205).

  In each determination, the authenticity determination processing unit 23 determines whether the ID system of each ID of the authenticity determination request program and the electronic watermark is correct, and the correspondence between the electronic watermark ID and the web page URL is within the validity period. If it is recorded in the table, it is determined that the web page of the web page URL stored in the web page authenticity determination request information is a true web page provided from the authorized web server 3. Also, the authenticity determination processing unit 23 stores the correspondence between the electronic watermark ID and the web page URL in the authenticity determination table when the ID system of each ID of the authenticity determination request program and the electronic watermark is not correct or within the expiration date. When any of the cases such as the case of not being recorded is determined, it is determined that the web page of the web page URL stored in the web page authenticity determination request information is false. When it is determined that the web page is false, the warning information notification unit 25 notifies a predetermined server that a fake page has been detected using a predetermined mail address, IP address, or the like. You may do it.

  Next, the authenticity determination processing unit 23 creates authenticity result data when the authenticity determination of the web page is completed (step S206). This true / false result data includes at least the determined web page URL and information indicating whether the web page of the URL is true or false. Then, the authenticity determination processing unit 23 transmits authenticity result data to the terminal 5 (step S207). At this time, the authenticity determination processing unit 23 may encrypt and transmit the authenticity result data.

In the terminal 5, when the character string transmission availability notification unit 56 receives the authenticity determination result data, if the information is encrypted, the information is decrypted, and “true” of the web page included in the authenticity result data is obtained. Read “false” information. Then, the character string transmission availability notification unit 56 notifies the web browser processing unit 53 to release the hold and continue the character string transmission process when “true”. And the web browser process part 53 transmits the character string input into the web page to the regular web server 3 via a communication network (step S208). Through the above processing, according to the determination result of the authenticity determination server 2, the authenticity of the web page distributed from the web server is confirmed and the character information is transmitted over the communication network. Can be stopped when the web page is not true. Therefore, it is possible to prevent leakage of important character strings (personal information such as IDs, passwords, credit card numbers, and mail addresses, and other important information) to a fake web page distributed by a fake web server or the like.
In this embodiment, the authenticity determination is performed using the digital watermark ID held by the parent digital watermark information among the information held in the two or more digital watermark information having a correspondence relationship. The authenticity determination may be performed using information such as a digital watermark ID held by the digital watermark information of the child and a serial number indicating a parent-child relationship. That is, in the server issue table of the database 16 of the management server 1 and the authenticity determination table transmitted by the management unit 15 of the management server 1 and written in the database 24 of the authenticity determination server 2 and used for authenticating the web page. At the time of recording in the database, instead of the digital watermark ID held by the parent digital watermark information, the digital watermark ID of the parent and child and information such as a serial number indicating the parent-child relationship are recorded in association with each other. When transmitting the web page authenticity determination request information transmitted to the authenticity determination server 2 by the authenticity determination request processing unit 55 of the terminal 5, instead of the digital watermark ID held by the parent digital watermark information, Further, information such as a digital watermark ID of the child and a serial number indicating the parent-child relationship may be transmitted to determine whether the web page is authentic.
In this embodiment, the authenticity determination is performed based on whether or not the correspondence between the digital watermark ID and the URL of the web page is recorded in the authenticity determination table, but the web page URL is used instead of the web page URL. The IP address of the page may be used.

  In addition, with the above-described mechanism, the authenticity determination server can determine the authenticity of the registered web page without adding or deleting the URL of the “true” or “false” web page on the terminal 5. Therefore, since the user who uses it does not need to set the terminal 5, the user's effort when incorporating the web page authenticity determination mechanism into the terminal 5 can be reduced.

  In addition, according to the above-described mechanism, when the web page authenticity determination between the website and the terminal is implemented, if a different web page authenticity determination method is implemented for each website, the terminal However, by adding a true / false determination server and determining the authenticity of the web page among the three parties, the same authentication mechanism can be used to distribute web pages distributed by multiple websites. Authenticity can be determined.

FIG. 8 is a second diagram illustrating a processing flow of web page authenticity determination.
Next, the authenticity determination process of the web page distributed by the fake web server will be described.
When an administrator of the fake web server 4 performs an action such as a phishing scam, the fake web server 4 distributes the copied fake web page by copying the web page delivered by the regular web server 3. Obtain personal information from. Here, if a legitimate web page in which two or more pieces of digital watermark information having a correspondence relationship are embedded is copied, naturally the digital watermark information can be copied as it is. It is assumed that the fake web page is a web page provided with a character input field.

  Then, the fake web page is delivered from the fake web server 4 by the web page delivery request from the terminal 5 (step S301), and when a character string is input in the character input field and a transmission instruction is detected (step S302), the terminal 5 Web page authenticity determination request information including the URL of the fake web page, the digital watermark ID, the digital watermark expiration date, and the like is generated by the same processing and transmitted to the authenticity determination server 2 (step S303). However, since the URL of the fake web server 4 is different, the correspondence between the URL of the web page and the digital watermark ID is not recorded in the true / false determination table, and therefore the web server in the true / false determination server 2 is “false”. (Step S304), and the true / false result data is transmitted to the terminal 5 (Step S305). Thereby, the terminal 5 stops the transmission process of the character string when the true / false result data is false (step S306). Therefore, the terminal 5 can prevent leakage of a character string important for security with respect to a fake web page distributed by such a fake web server.

  In addition, when it is a fake web page in which two or more digital watermark information having a correspondence relationship is not embedded, or when information held in the digital watermark information is changed or damaged, or As a result of the expiration date determination, if it is not within the expiration date, the authenticity determination request processing unit 55 reads the instructed character string from the web browser processing unit 53 and records it in the setting file of the storage unit 57. Compare with the monitored string. At this time, if the monitored character string is encrypted, it is decrypted and compared. When the character string instructed to be transmitted matches the character string to be monitored, the character string transmission is determined to be canceled, and the character string transmission availability notification unit 56 notifies the web browser processing unit 53 of the cancellation of the character string transmission. To do. Then, the web browser processing unit 53 stops the character string transmission process. Accordingly, for security reasons, it is impossible to transmit a character string input to an input field of a web browser in which two or more digital watermark information having a corresponding relationship is not embedded or a web browser in which predetermined digital watermark information is not embedded. It is possible to prevent leakage of important character strings.

  Each of the above servers and terminals has a computer system inside. The process described above is stored in a computer-readable recording medium in the form of a program, and the above process is performed by the computer reading and executing this program. Here, the computer-readable recording medium means a magnetic disk, a magneto-optical disk, a CD-ROM, a DVD-ROM, a semiconductor memory, or the like. Alternatively, the computer program may be distributed to the computer via a communication line, and the computer that has received the distribution may execute the program.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

It is a block diagram which shows the structure of a web page authenticity confirmation system. It is a figure which shows the functional block of each server. It is a figure which shows the functional block of a terminal. It is a figure which shows the registration setting flow of a web page authenticity confirmation system. It is a figure which shows the information recorded on a server issue table. It is a figure which shows the information recorded on a terminal issue table. It is a 1st figure which shows the processing flow of a web page authenticity determination. It is a 2nd figure which shows the processing flow of a web page authenticity determination. It is a 1st figure which shows the 2 or more digital watermark information which has a corresponding relationship with one digital watermark information. It is a 2nd figure which shows the 2 or more digital watermark information which has a corresponding relationship with one digital watermark information.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Management server 2 ... True / false determination server 3 ... Regular web server 4 ... Fake web server 5 ... Terminal

Claims (8)

Two or more pieces of digital watermark information having a parent-child relationship, which is a relationship between two or more pieces of digital watermark information, wherein the two or more pieces of information include digital watermark identification information having the same ID and different serial numbers. Whether to generate digital watermark information generating means, processing for detecting a transmission instruction of a character string input to a character input field of a web page, and whether two or more digital watermark information having the parent-child relationship is embedded in the web page A process of determining whether or not, a process of comparing the input character string with a character string stored in advance according to a registration instruction, and two or more having the parent-child relationship when the digital watermark information is embedded Web page authenticity determination request including at least electronic watermark identification information included in electronic watermark information and identification information of the web page determined from the web page Processing for transmitting information to a web page authenticity confirmation device, processing for permitting transmission of the character string when the authenticity determination result returned in response to the webpage authenticity determination request information indicates true, and When two or more pieces of digital watermark information having a parent-child relationship are not embedded and the input character string matches the character string stored in advance according to the registration instruction in the comparison of the character strings, the input is performed. and authenticity request information transmission program transmitting means and a process for stopping a transmission process of a character string, the authenticity determination request information transmission program to be executed by the end end of the computer, and transmits to the terminal a, and the electronic watermark identification information A true / false determination table storage means for storing a true / false determination table indicating a normal correspondence with the identification information of the web page; and the web page received from the terminal. It is determined whether or not the correspondence between the digital watermark identification information included in the authenticity determination request information and the identification information of the web page is recorded in the authenticity determination table, and as a result, the correspondence is recorded. A web page authenticity confirmation device comprising: a true / false determination unit that transmits the true / false determination result indicating true of the web page to the terminal when it is determined that the web page is true. Each means of the electronic watermark information generation means and the authenticity determination means is a processing means provided in a separate server connected via a communication network, and the web page authenticity determination request information includes the 2. The web page authenticity confirmation apparatus according to claim 1, wherein the apparatus is transmitted to a server having authenticity determination means.   The authenticity determination request information transmission program includes a process of displaying a screen for prompting registration of the character string in advance on the display unit of the terminal, and a process of storing the character string when an instruction to register the character string is received. , A process for transmitting the web page authenticity determination request information when the character string input in the input field matches the character string stored in accordance with the registration instruction. The web page authenticity confirmation device according to claim 1 or 2.   4. The web page authenticity confirmation apparatus according to claim 1, wherein the digital watermark information generation unit generates two or more pieces of digital watermark information having the correspondence relation for each of different web pages. .   The authenticity determination table holds a normal correspondence between identification information of two or more pieces of digital watermark information having a parent-child relationship held in a plurality of designated web pages and identification information of the web pages. The web page authenticity confirmation device according to any one of claims 1 to 4. A web page authenticity confirmation method in a web page authenticity confirmation device, wherein the electronic watermark information generating means is a relationship between two or more pieces of electronic watermark information, and the two or more pieces of information are different from each other with the same ID. Two or more digital watermark information having a parent-child relationship, which is a relationship including digital watermark identification information consisting of serial numbers, is generated, and the authenticity request information transmission program transmitting means transmits the character string input to the character input field of the web page. A process for detecting a transmission instruction, a process for determining whether or not two or more digital watermark information having the parent-child relationship is embedded in the web page, the input character string, and a character stored in advance by a registration instruction Processing to compare with columns,
Web page authenticity confirmation device including web page authenticity determination request information including at least digital watermark identification information included in two or more digital watermark information having a parent-child relationship and identification information of the web page determined from the web page A process for allowing the transmission of the character string when the authenticity determination result returned in response to the web page authenticity determination request information indicates true, and two or more electrons having the parent-child relationship When the watermark information is not embedded and the input character string matches the character string stored in advance according to the registration instruction in the character string comparison, the transmission processing of the input character string is stopped. And a process for transmitting the authenticity determination request information for causing the computer of the terminal to execute transmission to the terminal, and the authenticity determination table storage means includes: A true / false determination table indicating a normal correspondence between the digital watermark identification information and the web page identification information is stored, and the true / false determination means is included in the web page authenticity determination request information received from the terminal. When the correspondence between the digital watermark identification information and the web page identification information is recorded in the authenticity determination table, and as a result, it is determined that the correspondence is recorded The web page authenticity confirmation method, wherein the authenticity determination result indicating the authenticity of the web page is transmitted to the terminal. A program to be executed by a computer of a web page authenticity confirmation device, which is a relationship between two or more pieces of digital watermark information, wherein the two or more pieces of information are composed of the same ID and different serial numbers A process of generating two or more digital watermark information having a parent-child relationship that is a relationship including: a process of detecting a transmission instruction of a character string input to a character input field of a web page; and the parent-child relationship of the web page A process for determining whether or not two or more electronic watermark information is embedded; a process for comparing the input character string with a character string stored in advance by a registration instruction; and the electronic watermark information embedded. The web page determined from the digital watermark identification information included in the two or more digital watermark information having the parent-child relationship and the web page. When the web page authenticity determination request information including at least the identification information of the web page is transmitted to the web page authenticity confirmation device and the authenticity determination result returned according to the web page authenticity determination request information indicates true In the case where the processing for permitting transmission of the character string and two or more pieces of digital watermark information having the parent-child relationship are not embedded, the input character string is stored in advance in accordance with the registration instruction in the comparison of the character string a process of a process of stopping the transmission process of the string the input, the authenticity determination request information transmission program to be executed by the end end of the computer, and transmits to the terminal if the string matches, A correspondence relationship between the digital watermark identification information included in the web page authenticity determination request information received from the terminal and the web page identification information is true / false determination test information. It is determined whether or not it is recorded in a true / false determination table indicating a normal correspondence between the digital watermark identification information stored in the bull memory means and the web page identification information, and as a result, the correspondence is recorded. A program for causing a computer to execute processing for transmitting the authenticity determination result indicating the authenticity of the web page to the terminal when it is determined that the web page is true. A web page authenticity confirmation system in which a management server and a true / false determination server are connected via a communication network, wherein the management server is a relationship between two or more pieces of digital watermark information, and the two or more pieces of information Digital watermark information generating means for generating two or more digital watermark information having a parent-child relationship that includes digital watermark identification information consisting of the same ID and different serial numbers, and input to a character input field of a web page A process of detecting a transmission instruction of a character string, a process of determining whether or not two or more digital watermark information having the parent-child relationship is embedded in the web page, and the input character string and a registration instruction in advance Included in the two or more digital watermark information having the parent-child relationship when the process of comparing the stored character string and the digital watermark information is embedded A process of transmitting web page authenticity determination request information including at least the sub-watermark identification information and the identification information of the web page determined from the web page to the authenticity determination server; and the web page authenticity determination request information A process for permitting transmission of the character string when the authenticity determination result returned in response indicates true, and a case where two or more pieces of digital watermark information having the parent-child relationship are not embedded, authenticity determination to be executed by the end end of the computer, a process of stopping the transmission process of the string the input if a character string stored in advance by registration instruction to the input character string in the comparison match Authenticity request information transmission program transmitting means for transmitting a request information transmission program to the terminal, and the authenticity determination server includes the digital watermark identification Authenticity determination table storage means for storing a true / false determination table indicating a normal correspondence between the information and the web page identification information, and the digital watermark included in the web page authenticity determination request information received from the terminal It is determined whether the correspondence between the identification information and the identification information of the web page is recorded in the authenticity determination table. As a result, when it is determined that the correspondence is recorded, the web A web page authenticity confirmation system comprising: authenticity determination means for transmitting the authenticity determination result indicating the authenticity of a page to the terminal.