Recently, it is becoming popular for communication terminals to have a plurality of wireless communication means, and switch and use the connection network, as needed. For example, a communication terminal which has a means for connecting to a cellular network and a means for connecting to a wireless LAN, and connects to a cellular network outdoors and a wireless LAN indoors has come into practical use.
In this case, the communication terminal switches between various networks or simultaneously uses them. There are various networks to be connected, and the respective networks greatly differ in operation policy. For example, an IP network provided by a cellular network provider and an office intranet introduce authentication and encryption means, and are regarded as very secure networks (high-security network). To the contrary, a free wireless LAN spot has neither an authentication nor encryption means, and even an unsecured network (low-security network) exists.
In this specification, a network such as an IP network provided by a cellular network provider or an office intranet mentioned above will be called a high-secure network, and a network whose Web server or DNS may be spoofed or one on which communication contents may be analyzed owing to lack of encryption will be called a low-secure network.
Recent communication terminals can download data such as an application or content from a server via a network, and receive various services using the downloaded data. An example of the application is a Java® application for cell phones. When such a communication terminal switches between high- and low-secure networks or simultaneously uses them, a security threat occurs.
For example, assume that a malicious application exists on a low-secure network, and a communication terminal downloads this application and executes it while connecting to a high-secure network. Then, the malicious application may attack the high-secure network, steal information, or execute destruction within the network.
A Java applet application will be considered. As for the Java applet application, this application can generally communicate with only a site from which it was downloaded. For example, an application downloaded from “http://www.example.com” can communicate with only “www.example.com” under restrictions by “Java VM”.
In this case, a DNS on a high-secure network is reliable, so the application can communicate with an intended server (www.example.com). However, on a low-secure network, not only an application and Web server but also even a DNS are unreliable. A malicious network administrator may set up a malicious DNS server, and cause a communication terminal to download an application from the spoofed server.
For example, assume that a communication terminal downloads an application from a Web server spoofed as “http://www.some-secure-server.com”. This application is permitted to communicate with “www.some-secure-server.com”. If a server having the same DNS name as this exists on a high-secure network, the malicious application can undesirably communicate with this server and attack it. That is, the application on the low-secure network can attack the server on the high-secure network. This is a serious problem.
To the contrary, assume that a communication terminal downloads an authentic application or content from “http://www.some-secure-server.com” on a high-secure network. If this communication terminal connects to the aforementioned malicious network, the application or content is connected to the spoofed server, and the communication contents may be analyzed. That is, the communication contents of the application or content on the high-secure network may be exposed to the low-secure network and analyzed. This may be a serious problem especially for an application closed in the high-secure network environment.
As a measure against such a security threat, an HTTPS (Hypertext Transfer Protocol Security) server or the like may be installed. However, a certificate needs to be acquired, and server settings and the like are required, raising the cost. It is difficult in terms of the cost to use the HTTPS for freeware or open information created by an individual, unlike a content provider who can gain an income from an application or content.
Considering this, for example, reference 1 (Japanese Patent Laid-Open No. 2004-320369) discloses a method of comparing a communication network corresponding to an application with a communication network during connection, and if they do not coincide with each other, restricting the application function.
By making an application to correspond to a communication network for use in this way, an application on a low-secure network cannot access a high-secure network, and an application on a high-secure network cannot access a low-secure network. The security problem can therefore be solved.
However, some applications can use both high-secure/low-secure networks without any problem. An example is a communication application residing on a server accessible via both high-secure/low-secure networks. This application can be accessed via a high-secure network, and at least the DNS is reliable. Also, this application can be accessed via a low-secure network and is not one closed in the high-secure network environment. For this reason, this application does not require the above restrictions originally.
However, the above solution inhibits this application from using both of the networks. Also, this problem occurs similarly even when an application is replaced with another data such as a content in reference 1 described above.