In the development of the provision of services such as Internet banking in which an advanced security is required, various types of malware attacking methods are used. As an example, in conventional malware, when a user terminal device is infected with the malware, an ID and a password which are input at the time of login are read and abused for a user's unintended remittance and the like. In this case, in order to prevent damage, a one-time password which is changed each time is introduced or communication is encrypted.
A method is often adopted in which first authentication using an ID and a password that are normal is performed to establish a communication session and in which thereafter second authentication is performed so as to prevent an authorized access. Since the second authentication often has a format in which only a few questions from a random number table previously provided to the user are arbitrarily asked, an authorized access is not successful without reception of the entire random number table. Hence, a method called fishing is present in which a screen very similar to a bank site is introduced to make the user input all answers in the random number table.
Since in the case of the fishing, the accessed site is a false site, it is relatively easy to detect the site with the attention of the user or security software.
Hence, in recent times, for example, an attack method appears in which the first authentication is successfully passed by entering the process of a browser, in which thereafter a plain text after SSL encrypted communication has been decoded is falsified to display a false second authentication screen and in which thus necessary information is stolen without any notice by the user or the user performs an unintended operation. This attack is called a Man In The Browser (MITB) attack, and since an unauthorized operation is performed in a state where an authorized site is connected, it is disadvantageously difficult for the user to find the attack with virus detection software.
For example, patent literature 1 discloses a method of detecting the Man In The Browser attack in which the external transmission of a web site is intercepted, in which it is compared with a transaction fingerprint related to the web site and in which thus whether or not the external transmission is performed by the input of the user is determined.
Non patent literature 1 also discloses software (“Limosa” made by FFRI, Inc) in which a secure module for coping with the MITB attack described above is installed into the side of a terminal to prevent the intervention of malware. In the present software, when the user accesses and logs in to a target site, the secure module is downloaded from the side and is automatically applied to the browser.