Today, along with the popularization of the Internet and WANs (Wide Area Networks), an increasing number of users are utilizing the Internet, even in schools and homes. In the utilization of public facilities such as schools and homes, it is often the case that the same computer is shared by a plurality of persons to connect to the Internet.
Additionally, there are a wide variety of services on Web sites that are connected over the Internet. Some of these services include those that are provided by sending personal data to agents who exhibit the contents or those that are provided by paying money utilizing a credit card or the like.
In such an environment, where a computer apparatus is shared by a plurality of users as described above, one of the users may send personal information of other users to the external network (e.g., the Internet) or may do some shopping of his or her own by using a credit card of other persons of a family in a home. Accordingly, there is a need for a system that prevents others from sending such personal information or specific information.
Conventionally, one way to prevent others from sending such personal information to the external network is to use a filtering function of a proxy server. The proxy server is a server that is installed between the external network, such as the Internet, and the internal network, such as a Local Area Network (LAN), and prevents dishonest invasions into the internal network. Additionally, a proxy server relays and manages the access from the internal network to the external network. Accordingly, the security in the internal network is established and the traffic needed for accessing the external network is reduced, thereby enabling fast accesses.
Using the filtering function of the proxy server, it is possible to prevent personal information from flowing out to the external network by retaining Uniform Resource Locators (URLs) of the Web sites that may require personal information in the proxy server and restricting accesses to these URLs.
Another way to prevent others from sending personal information or the like to the external network is to delete specific tags from HyperText Markup Language (HTML) documents that have been received from the external network in order to prevent the information transmission. The structure of HTML documents, which are the documents of Web pages, is described by a combination of tags, wherein the function for information transmission from a client machine is defined by tags as well. Therefore, by deleting the tags used for information transmission, by using the filtering function of the proxy server when the browser displays Web pages on the display of the client machine, it is unlikely that information will be sent from the client machine to the external network.
A further way to prevent others from sending personal information or the like to the external network is to filter the request message sent from the client machine to the external network. A widely used request message is a HyperText Transfer Protocol (HTTP) request. In this type of filtering, words and URLs that restrict transmission have been set in advance, wherein if a request message includes the word or URL that restricts transmission when it is sent from the client machine, the request message is prohibited from being transmitted. The check for request messages may be established as a function of the proxy, Operating System (OS), browser, or other suitable device.
However, those methods described above for preventing others from sending personal information or the like to the external network will have the following problems. The method for restricting the access to the specific URL using the filtering function of the proxy server rejects the access itself to the contents with that URL; therefore, it cannot cope with the case of restricting only the transmission of personal information and still the viewing of contents of the Web page associated with the URL. Furthermore, along with the popularization of network environments such as the Internet, as it is expected that the contents that need personal information such as identifications (IDs) and credit card numbers will increase, it is impractical to search for all the contents that may make information flow out and to filter all the corresponding URLs.
As to the method for deleting the specific tags from HTML documents that have been sent from the external network, this method needs to perform filtering for the specific URL; thus it cannot cope with the increase of URLs that need personal information, as with the case of restricting the access to the specific URL as described above. Also, as to the method for filtering the request message sent from the client machine to the external network, there are cases where the words whose transmission is restricted are replaced in the request message, whereby this method fails to restrict the transmission.
In order to explain such a situation, a mechanism for generating a request message, which is the information sent from the HTML document, will now be described. FIG. 13 is a diagram illustrating a request message, which is the information sent to the HTTP from the FORM tag portion displayed in the browser of the client machine.
FIG. 13(a) represents part of an HTML document, which is the source of a Web page displayed in the browser of the client machine. It is noted that there are elements for a user's inputting or selecting operations, such as <INPUT>, <SELECT> and <OPTION>, arranged within a portion from <FORM> to </FORM>.
In this Web page, when a user pushes a send button where type=“submit” is specified, the contents of information selected in the form is sent to the Common Gateway Interface (CGI) program of the URL specified by the “action” attributes. In the case of FIG. 13(a), it is sent to “default.cgi” when selecting “Tokyo” on the Web page displayed in the browser of the client machine. Using the HTML document shown in FIG. 13(a), a value “tk” is returned to the SELECT object “WTS”, resulting in WTS=tk. That is an HTTP request message shown in FIG. 13(b), i.e., “get http://abc/default.cgi?WTS=tk” is issued.
Therefore, even in the case where “Tokyo” is set as a word for restricting the transmission and a word “Tokyo” is actually input in the input form of Web page, this request message is not able to be prevented from being transmitted, because the information sent as the request message is replaced with the information such as “WTS=tk”. Besides, this replaced information can be arbitrarily set in the HTML document using the OPTION tags as shown in FIG. 13(a).
Accordingly, when attempting to restrict the transmission of a word “Tokyo”, it is practically impossible to set words in advance that restrict the transmission by supposing all replaced information. There is therefore a need to reliably prevent request messages from being transmitted.