In an open network such as the Internet, people can freely publicize information or provide programs. Accordingly, there exists a possibility of a malicious program being provided via an open network to, for example, a communication terminal, and which if executed will result in a security breach with information stored in the terminal being read and sent out from the terminal. There are known in the art means to protect communication terminals from such programs. For example, JP2001-117769 discloses a program executing device wherein identification information (for example, an IP address or a URL) indicating reliable sources of programs in a memory in the program executing device; and if identification information indicating a source of a program received via a network is registered in the memory, execution of the program is permitted.
However, in the art disclosed in JP2001-117769, it is necessary to register all reliable program sending sources. Accordingly, each time a reliable program sending source is added or deleted, identification information stored in a memory must be updated. Moreover, since in a large network such as the Internet, there exists a large number of reliable program sending sources, it is substantially difficult to register in a memory of a terminal all identification information thereof. Further, even if it is possible to register in a memory in a terminal all such identification information, in order to do so it is necessary to increase a size of a memory used, particularly of that in a small communication terminal such as mobile phone, which results in an increase in manufacturing costs of such a terminal.
On the other hand, if security is enhanced by, for example, analyzing at a mobile terminal a content of a program received at the mobile terminal via a network to determine whether the program is a security threat, it is necessary for the mobile terminal to have a high level of computing power. Moreover, determination of security threats at the mobile terminal places a heavy load on a processing unit of the mobile terminal and takes a substantial amount of time to complete. Similarly, if at a relay device such as a server on a network, a content of a program received via a network is analyzed to thereby determine whether execution of the program in a communication terminal will constitute a security threat, it is necessary to provide the relay device with a high level of computing power. If the relay device is not provided with sufficient computing power, delays in communications are likely to occur.
The present invention has been made in view of the problems discussed above, and provides a technique of determining, at a receiving device or a relay device, whether a program provided via a network is a security threat, by using a simple method which can be quickly carried out.