In a network system wherein content existing on a server can be accessed from clients connected to the server through communication lines, the present invention relates to a proxy server that relays data to be communicated between the server and the clients, and a system using the proxy server.
It has been come into popular use for end users to download computer-executable programs and files of music and moving pictures, using a protocol called Hypertext Transfer Protocol (HTTP), and run programs or play music and moving pictures on the end users' personal computers. In this way of getting programs and information files over a network, it is an important problem to assure providing user terminals with security. It is possible that, for example, a malicious third party invades a Web server on the Internet and alters data of content (for example, a moving picture file or computer-executable program) existing on the server to program data polluted with a computer virus. In that event, when a user downloads the program to the user's terminal unconsciously and run the program, trouble will happen that data stored on the terminal is corrupted or that the user personal important information that should be secret is transmitted over a network freely by the malicious third party. As countermeasures against such trouble, a virus detection program is used to detect and eliminate computer viruses. The countermeasures using the virus detection program may be taken in the following two manners.
One method is running the virus detection program on end user's terminals or a Web server. Another method is running the virus detection program on a proxy server or a fire wall, wherein content being downloaded to a user terminal is checked for viruses in real time. A Web proxy is a Web communications intermediary technology via which Web data is transmitted from a server to a client. Description of the Web proxy is provided in Sections 1.3 and 1.4, R. Fielding, et al. RFC 2616 “Hypertext Transfer Protocol—HTTP/1.1” June, 1999, The Internet Society, <URL:http://www/ietf.org/rfc/rfc2626.txt>. The latter method in which virus detection is performed on the network is suitable for communication carriers that provide Internet connection services in providing users with security services as well.
As an advanced version of the latter technology, a Web proxy verifies digital signatures, as described in PCT Gazette WO 00/64122. According to this art, tampered content is detected as follows. First, a digital signatures to all content items stored on a Web server are generated beforehand. When content is downloaded via the Web proxy, the Web proxy verifies that the content being downloaded is authorized, using its digital signature. The digital signatures are generated and stored in a storage of the Web proxy beforehand. If authorized content is verified, the content is sent as is to the user that requested the content. If tampered content is detected, the Web proxy returns an error message or sends its original content stored beforehand on it to the user.
In the former method, it is difficult to install the virus detection program on all user terminals connected to the network. If a mobile phone is used as such a terminal, it is impossible to run the virus detection program on it. Even if virus check is performed on the server, there is a possibility of the checked data being polluted with a virus when it is routed over the network.
In the latter method by which the Web proxy performs virus detection, because the proxy at which traffic on the network rushes must perform the task of virus detection that is a heavy processing load, the processing performance of the proxy itself becomes very low. Another approach has been proposed in which the virus detection program runs on another server connecting to the proxy and data is exchanged between the server and the proxy. Even for this approach, the processing performance of the server on which the virus detection program runs is also a bottleneck.
In the art disclosed in WO 00/64122, because the proxy does not perform the virus scan, its processing load is reduced. However, increase in its processing load for decrypting digital signatures is inevitable.
As described above, the approach that an intermediary device on the network, instead of the server, performs additional processing of content being downloaded from the server to a client involves the problem that its processing load becomes too heavy.
Another problem also exists. The sequence of downloading a plurality of contents cannot be checked by prior art, even though such check would be desirable. For example, when a content and its metadata are downloaded, it cannot be checked whether the content is downloaded after the metadata is downloaded.