KR102658869B1 - Method and system for verifing websites provided to user - Google Patents

Abstract

This disclosure Provides a method and system for verifying websites provided to users. A website verification method provided to a user includes receiving URL (Uniform Resource Locator) information of a first website and first content disclosed on the first website from a computing device associated with a service provider, and receiving first content disclosed on the first website from a user terminal. receiving URL information and second content disclosed on a second website, and connecting a service provider and a second web site based on the URL information of the first website, the URL information of the second website, the first content, and the second content. It may include a step of determining whether the site is relevant.

Description

Website verification method and system provided to users {METHOD AND SYSTEM FOR VERIFING WEBSITES PROVIDED TO USER}

This disclosure relates to a method and system for verifying a website, and specifically relates to a method and system for verifying a website provided to a user.

Recently, as phishing techniques have become more diverse, it is becoming easier for Internet users to access malicious and phishing websites impersonating financial institutions and public institutions through spam emails and various advertisements. Additionally, as the spread of smartphones increases and smartphone technology develops, crimes using smartphones are increasing. In particular, smishing crimes that combine phishing using text messages are occurring frequently. Here, smishing refers to a criminal method that collects personal information or induces mobile payments by sending text messages to smartphone users to encourage them to download/install viral applications or malware on their smartphones. Specifically, it frequently occurs that a URL (Uniform Resource Locator) is attached to a text message to induce access to a phishing website.

For example, if a URL that causes misunderstanding or confusion is disclosed in a financial institution, public institution, etc., the user must directly access the URL to check the authenticity of the URL. It can be difficult to tell whether the website you access is an official website, such as a financial institution or public institution, or a phishing website. Users may enter their personal information or install malicious code or viral applications by mistaking it for an official website. In this case, the user may be phished and various financial information and personal information may be leaked.

The present disclosure provides a website verification method, a computer program stored in a recording medium, and a system (device) to solve the above problems.

The present disclosure may be implemented in various ways, including a method, a device (system), and/or a computer program stored in a computer-readable storage medium, and a computer-readable storage medium on which the computer program is stored.

According to one embodiment of the present disclosure, in a method of verifying a website provided to a user, which is performed by at least one processor, the Uniform Resource Locator (URL) information of the first website and the first URL are received from a computing device associated with a service provider. Receiving first content disclosed on the website, receiving URL information of the second website and second content disclosed on the second website from the user terminal, and URL information of the first website, It may include determining whether the service provider and the second website are related based on URL information, first content, and second content.

According to one embodiment of the present disclosure, the second content may include information representing or characterizing the service provider extracted from the second content.

According to an embodiment of the present disclosure, the step of determining whether the service provider and the second website are related includes determining whether the URL information of the first website matches the URL information of the second website, or determining whether the URL information of the first website matches the URL information of the second website. determining whether the URL information includes the URL information of the first website, determining whether the first content and information representing or characterizing the service provider are related, and determining whether the URL information matches the result and the service. It may include determining whether the service provider is related to the second website based on a result of determining whether the information indicating or characterizing the provider is related to the first content.

According to one embodiment of the present disclosure, the step of determining whether the first content and the information representing or characterizing the service provider are related includes using correlation analysis to determine whether the first content and the information representing or characterizing the service provider are related to each other. It may include calculating a degree of association and, if the degree of association is greater than a first predetermined standard degree of association, determining that the information representing or characterizing the service provider and the first content are related.

According to one embodiment of the present disclosure, the step of determining whether the first content and the information representing or characterizing the service provider are related includes, if the degree of association is less than or equal to a predetermined second reference degree of association, the service provider is determining that the information representing or characterizing the first content is unrelated, and if the degree of association is greater than the second standard degree of association and less than or equal to the first standard degree of association, URL information of the second website is provided to the computing device. and providing second content.

According to an embodiment of the present disclosure, in response to determining whether the service provider is related to the second website, information indicating one of a phishing website determination, a suspicious website determination, or an official website determination is provided to the user terminal. can do.

According to an embodiment of the present disclosure, the step of providing information indicating one of a phishing website determination, a suspicious website determination, or an official website determination to the user terminal. Information indicating one of a phishing website determination, a suspicious website determination, or an official website determination and the calculated correlation may be provided to the user terminal.

According to an embodiment of the present disclosure, through a verification application of the user terminal, it is determined whether at least one of the URL information of the second website or the second content is associated with a predetermined service provider, and the URL information of the second website Alternatively, the URL information of the second website and the second content may be received from the user terminal only when it is determined that at least one of the second content is associated with a predetermined service provider.

In order to execute the method according to an embodiment of the present disclosure on a computer, a computer program stored in a computer-readable recording medium may be provided.

According to an embodiment of the present disclosure, an information processing system includes a communication module, a memory, and at least one processor connected to the memory and configured to execute at least one computer-readable program included in the memory, and at least one The program receives URL information of the first website and first content disclosed in the first website from a computing device associated with the service provider, and receives URL information of the second website and second content disclosed in the second website from the user terminal. It may include instructions for receiving content and determining whether the service provider and the second website are related based on the URL information of the first website, the URL information of the second website, the first content, and the second content. there is.

According to some embodiments of the present disclosure, when a user accesses a website, the user can determine that the currently accessed website corresponds to a phishing website by checking information indicating that the website corresponds to a phishing website. In other words, users can avoid being phished by not mistaking the phishing website for a legitimate website.

According to some embodiments of the present disclosure, the website verification method may perform website verification only for a predetermined service provider, so that website verification may be performed only on some of the plurality of websites accessed by the user. In particular, website verification can be selectively performed only for predetermined service providers requesting website verification. Additionally, website verification may not be conducted indiscriminately for all websites accessed by the user.

According to some embodiments of the present disclosure, After the user stops repetitive website verification by performing a certain input, the user can examine in detail the website determined to be a phishing website. Additionally, even if there is an error in determining the phishing website (for example, when it is determined to be a phishing website even though it is an official website), the user may be able to continue using the website. In this way, the website verification method according to the present disclosure can maintain user safety and security while simultaneously increasing user convenience.

The effects of the present disclosure are not limited to the effects mentioned above, and other effects not mentioned are clear to a person skilled in the art (referred to as “a person skilled in the art”) in the technical field to which this disclosure pertains from the description of the claims. It will be understandable.

Embodiments of the present disclosure will be described with reference to the accompanying drawings described below, in which like reference numerals indicate like elements, but are not limited thereto.
1 is a diagram illustrating an example of a website accessed from a user terminal according to an embodiment of the present disclosure.
Figure 2 is a schematic diagram showing a configuration connected to enable communication between an information processing system and a plurality of user terminals for website verification according to an embodiment of the present disclosure.
Figure 3 is a block diagram showing the internal configuration of a computing device according to an embodiment of the present disclosure.
4 is a flowchart of an example of a website verification method according to an embodiment of the present disclosure.
Figure 5 is a flowchart of an example of a website verification method according to an embodiment of the present disclosure.
FIG. 6 is a diagram illustrating an example of an interface of a user terminal that receives information about a phishing website determination according to an embodiment of the present disclosure.
Figure 7 is a flowchart showing an example of a website verification method according to an embodiment of the present disclosure.

Hereinafter, specific details for implementing the present disclosure will be described in detail with reference to the attached drawings. However, in the following description, detailed descriptions of well-known functions or configurations will be omitted if there is a risk of unnecessarily obscuring the gist of the present disclosure.

In the accompanying drawings, identical or corresponding components are given the same reference numerals. Additionally, in the description of the following embodiments, overlapping descriptions of identical or corresponding components may be omitted. However, even if descriptions of components are omitted, it is not intended that such components are not included in any embodiment.

Advantages and features of the disclosed embodiments and methods for achieving them will become clear with reference to the embodiments described below in conjunction with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below and may be implemented in various different forms. The present embodiments are merely provided to ensure that the present disclosure is complete and that the present disclosure does not convey the scope of the invention to those skilled in the art. It is provided only for complete information.

Terms used in this specification will be briefly described, and the disclosed embodiments will be described in detail. The terms used in this specification are general terms that are currently widely used as much as possible while considering the function in the present disclosure, but this may vary depending on the intention or precedent of a technician working in the related field, the emergence of new technology, etc. In addition, in certain cases, there are terms arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description of the relevant invention. Accordingly, the terms used in this disclosure should be defined based on the meaning of the term and the overall content of the present disclosure, rather than simply the name of the term.

In this specification, singular expressions include plural expressions, unless the context clearly specifies singular expressions. Additionally, plural expressions include singular expressions, unless the context clearly specifies plurality. When it is said that a certain part includes a certain element throughout the specification, this does not mean excluding other elements, but may further include other elements, unless specifically stated to the contrary.

Additionally, the term 'module' or 'unit' used in the specification refers to a software or hardware component, and the 'module' or 'unit' performs certain roles. However, 'module' or 'unit' is not limited to software or hardware. A 'module' or 'unit' may be configured to reside on an addressable storage medium and may be configured to run on one or more processors. Thus, as an example, a 'module' or 'part' refers to components such as software components, object-oriented software components, class components and task components, processes, functions and properties. , procedures, subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, or variables. Components and 'modules' or 'parts' may be combined into smaller numbers of components and 'modules' or 'parts', or may be divided into additional components and 'modules' or 'parts'. Could be further separated.

According to an embodiment of the present disclosure, a 'module' or 'unit' may be implemented with a processor and memory. 'Processor' should be interpreted broadly to include general-purpose processors, central processing units (CPUs), microprocessors, digital signal processors (DSPs), controllers, microcontrollers, state machines, etc. In some contexts, 'processor' may refer to an application-specific integrated circuit (ASIC), programmable logic device (PLD), field programmable gate array (FPGA), etc. 'Processor' refers to a combination of processing devices, for example, a combination of a DSP and a microprocessor, a combination of a plurality of microprocessors, a combination of one or more microprocessors in combination with a DSP core, or any other such combination of configurations. You may. Additionally, 'memory' should be interpreted broadly to include any electronic component capable of storing electronic information. 'Memory' refers to random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), programmable read-only memory (PROM), erasable-programmable read-only memory (EPROM), May also refer to various types of processor-readable media, such as electrically erasable PROM (EEPROM), flash memory, magnetic or optical data storage, registers, etc. A memory is said to be in electronic communication with a processor if the processor can read information from and/or write information to the memory. The memory integrated into the processor is in electronic communication with the processor.

In addition, terms such as first, second, A, B, (a), and (b) used in the following embodiments are only used to distinguish one component from another component, and the terms The essence, order, or order of the relevant components are not limited.

Additionally, in the following embodiments, when a component is described as being 'connected', 'coupled' or 'connected' to another component, the component may be directly connected or connected to the other component. , it should be understood that another component may be 'connected', 'combined', or 'connected' between each component.

In the present disclosure, 'each of a plurality of A' may refer to each of all components included in a plurality of A, or may refer to each of some components included in a plurality of A.

In addition, as used in the following embodiments, 'comprises' and/or 'comprising' means that the mentioned component, step, operation, and/or element includes one or more other components, steps, or operations. and/or the presence or addition of elements.

FIG. 1 is a diagram illustrating an example of a website 130 connected to a user terminal 120 being output according to an embodiment of the present disclosure. The user 110 can access the website 130 through the user terminal 120. In one embodiment, the website 130 may be a phishing website that impersonates a service provider (eg, a financial institution, public institution, etc.) and obtains certain information from the user regardless of service provision. For example, the user 110 may access the phishing website 130 through a smishing text message, a link shared on the Internet, etc.

In another embodiment, the connected website 130 may be a formal website used by a service provider to provide services to the user 110. For example, the official website may be a website that is actually used by a famous company, financial institution, or public institution to provide services to the user 110. That is, the website 130 accessed through the user terminal 120 may correspond to a phishing website or an official website.

The website 130 may include URL (Uniform Resource Locator) information. Here, URL may mean an address for accessing the website 130. Referring to FIG. 1, the URL of the website 130 may correspond to “www.Abank.xyz”.

Website 130 may display content. For example, in order to provide services to users, a formal website may disclose various information about services and related content. In another example, a phishing website may publish content associated with a service provider in order to cause confusion or misconception that the website is provided by the service provider. Referring to FIG. 1, a phishing website may disclose information about services related to the bank as content in order to appear to be a website provided by a bank, which is a financial service provider.

Content may include information 136 that represents or characterizes the service provider. Here, the information 136 indicating or characterizing the service provider may include information that indicates the service provider or can indicate the service operating entity when combined with other information. For example, the information 136 representing or characterizing the service provider includes the service provider's name (or business name, brand name, etc.), the service provider's product name/service name/event name, contact information associated with the service provider, and the service provider. Images that can represent (e.g., trademarks, emblems, QR codes, etc.), sounds that can represent the service provider (e.g., sounds repeatedly provided to users or consumers when providing services to users or consumers, web (sound provided each time the site is accessed, etc.) may be included.

In one embodiment, a phishing website may include a phishing object 134. Referring to FIG. 1 , the user 110 may input phishing target information through the phishing object 134 . For example, the user 110 may input contact information, which is the user's 110 personal information, into the phishing object 134. However, it is not limited to this, and the phishing website may cause the user 110 to phish in various forms. For example, a phishing website may contain information that asks you to enter your bank account number and password for that account. Alternatively, the phishing website may include a link to install a separate phishing application on the user terminal 120 and information requesting installation.

The website verification system may receive URL information of the first website provided by the service provider and first content disclosed on the first website from a computing device associated with the service provider. Additionally, the website verification system may receive URL information of the second website and second content disclosed on the second website from the user terminal 120. The second website may be the website 130 accessed through the user terminal 120. In this case, the user terminal 120 may have a website verification application installed, and URL information of the second website and second content disclosed on the second website may be transmitted by the website verification application. Here, the website verification application is a separate application and the website verification service is provided. A website verification service may be provided as part of an application provided by a service provider.

In one embodiment, the user terminal 120 may receive information about a predetermined service provider. Additionally, the website verification application may extract information 136 that indicates or characterizes the service provider from content displayed on the website 130. Thereafter, the website verification application may use information about the predetermined service provider to determine whether the predetermined service provider is associated with the URL information of the second website. Additionally or alternatively, the website verification application may use information regarding the predetermined service provider to determine whether the content of the second website is associated with the predetermined service provider. In this case, the URL information and second content of the second website can be transmitted to the website verification system only when it is determined that at least one of the URL information or second content of the second website is associated with a predetermined service provider. there is. At this time, information 136 indicating or characterizing the extracted service provider may be transmitted instead of the second content. In this case, the web page verification system allows the web page verification application to verify a second web page associated with a predetermined service provider.

The website verification system may use the first website to determine whether the second website is related to the service provider. Specifically, the website verification system may determine whether the service provider and the second website are related based on the URL information of the first website, URL information of the second website, first content, and second content. The detailed process of determining whether the service provider is related to the second website is described with reference to FIGS. 4 and 5.

The website verification system may provide information indicating one of a phishing website determination, a suspicious website determination, or an official website determination to the user terminal 120 in response to determining whether the service provider is related to the second website. You can. Information provided by the website verification system may be output in various forms through the user terminal 120. For example, the user terminal 120 that has received the phishing website determination displays visual (e.g., pop-up window, etc.), tactile (e.g., vibration, etc.) signals indicating that the second website corresponds to the superficial website. An audible (e.g., beep) alarm may be provided. The output from the user terminal 120 in response to the information provided from the website verification system is described with reference to FIG. 6. The received output result from the user terminal 120 is described in detail with reference to FIG. 6.

Figure 1 shows a mobile website, but is not limited thereto. For example, a website verification method/service may also be performed on a website on a PC. Specifically, in the case of a PC, website verification can be done using a browser extension or a PC application.

With this configuration, when the user 110 accesses the website 130, the user 110 confirms the information indicating that it is a phishing website, thereby confirming that the currently accessed website 130 is a phishing website. It can be seen that this corresponds to . In other words, the user 110 can avoid being phished by not mistaking the phishing website for an official website.

In addition, the invention according to the present disclosure performs website verification only for predetermined service providers, so website verification may be performed only on some of the plurality of websites 130 accessed by the user 110. In particular, website verification can be selectively performed only for predetermined service providers requesting website verification. Additionally, website verification may not be conducted indiscriminately on all websites accessed by the user.

Figure 2 is a schematic diagram showing a configuration connected to enable communication between the information processing system 230 and a plurality of user terminals 210_1, 210_2, and 210_3 for website verification according to an embodiment of the present disclosure. As shown, a plurality of user terminals 210_1, 210_2, and 210_3 may be connected to the information processing system 230 that can provide a website verification service through the network 220. Here, the plurality of user terminals 210_1, 210_2, and 210_3 may include terminals of users receiving a website verification service.

According to one embodiment, the information processing system 230 is one or more server devices and/or capable of storing, providing, and executing computer-executable programs (e.g., downloadable applications) and data associated with the provision of website verification services, etc. It may include a database, or one or more distributed computing devices and/or distributed databases based on cloud computing services.

The website verification service provided by the information processing system 230 includes a website verification service application, web browser, and web browser extension installed on each of the plurality of user terminals 210_1, 210_2, and 210_3 and/or the information processing system 230. It may be provided to the user through a program, etc. For example, the information processing system 230 provides information corresponding to a message verification request received from the user terminals 210_1, 210_2, 210_3 and/or the information processing system 230 through a website verification service application, etc. Corresponding processing can be performed. For example, the information processing system 230 may correspond to the website verification system described with reference to FIG. 1 .

A plurality of user terminals 210_1, 210_2, and 210_3 may communicate with the information processing system 230 through the network 220. The network 220 may be configured to enable communication between a plurality of user terminals 210_1, 210_2, and 210_3 and the information processing system 230. Depending on the installation environment, the network 220 may be, for example, a wired network such as Ethernet, a wired home network (Power Line Communication), a telephone line communication device, and RS-serial communication, a mobile communication network, a wireless LAN (WLAN), It may consist of wireless networks such as Wi-Fi, Bluetooth, and ZigBee, or a combination thereof. As another example, network 220 may include a communication network configured by a telecommunication company. At this time, the message and/or verification message may be communicated between the user terminals 210_1, 210_2, and 210_3 and the information processing system 230 through the network 220. The communication method is not limited, and may include communication methods utilizing communication networks that the network 220 may include (e.g., mobile communication networks, wired Internet, wireless Internet, broadcasting networks, satellite networks, etc.) as well as user terminals (210_1, 210_2, 210_3). ) may also include short-range wireless communication between

In Figure 2, the mobile phone terminal (210_1), tablet terminal (210_2), and PC terminal (210_3) are shown as examples of user terminals, but they are not limited thereto, and the user terminals (210_1, 210_2, 210_3) use wired and/or wireless communication. This can be any computing device capable of installing and executing a website verification application or a web browser. For example, user terminals include AI speakers, smartphones, mobile phones, navigation, computers, laptops, digital broadcasting terminals, PDAs (Personal Digital Assistants), PMPs (Portable Multimedia Players), tablet PCs, game consoles, It may include wearable devices, IoT (internet of things) devices, VR (virtual reality) devices, AR (augmented reality) devices, set-top boxes, etc. In addition, in Figure 2, three user terminals (210_1, 210_2, 210_3) are shown as communicating with the information processing system 230 through the network 220, but this is not limited to this, and a different number of user terminals are connected to the network ( It may be configured to communicate with the information processing system 230 through 220).

In Figure 2, a configuration in which the user's request is transmitted to the information processing system 230 through the user terminals 210_1, 210_2, and 210_3 is shown as an example, but the present invention is not limited thereto, and the user's request is transmitted to the information processing system 230 through the user terminals 210_1, 210_1, and 210_3. It can be provided to the information processing system 230 through an input device associated with the information processing system 230 without going through 210_2, 210_3), and the result of processing the user's request is sent to an output device associated with the information processing system 230 ( For example, it may be provided to the user through a display, etc.).

FIG. 3 is a block diagram showing the internal configuration of a computing device 310 according to an embodiment of the present disclosure. Computing device 310 may include memory 312, processor 314, communication module 316, and input/output interface 318. As shown in FIG. 3 , computing device 310 may be configured to communicate information and/or data over a network using a communication module 316 . In addition, each of the user terminal 210 and the information processing system 230 described above in FIG. 2 may correspond to one or more computing devices 310 or may include one or more computing devices 310. Additionally, the service provider may use the computing device 310 to provide/transmit the website (or URL information of the website, content disclosed on the website) to the information processing system 230 and/or the user terminal 210. there is.

Memory 312 may include any non-transitory computer-readable recording medium. According to one embodiment, the memory 312 is a non-permanent mass storage device such as random access memory (RAM), read only memory (ROM), disk drive, solid state drive (SSD), flash memory, etc. mass storage device). As another example, non-perishable mass storage devices such as ROM, SSD, flash memory, disk drive, etc. may be included in the computing device 310 as a separate persistent storage device that is distinct from memory. In addition, the memory 312 includes an operating system and at least one program code (e.g., installed and driven in the computing device 310 to generate a verification message, generate identification information, and determine whether the first verification message matches the second verification message. , code for extracting characteristic information of the operating entity, etc.) may be stored.

These software components may be loaded from a computer-readable recording medium separate from the memory 312. Recording media readable by such a separate computer may include recording media directly connectable to the computing device 310, for example, floppy drives, disks, tapes, DVD/CD-ROM drives, memory cards, etc. It may include a computer-readable recording medium. As another example, software components may be loaded into the memory 312 through the communication module 316 rather than a computer-readable recording medium. For example, at least one program is a computer program installed by files provided through the communication module 316 by developers or a file distribution system that distributes the installation file of the application (e.g., a service provider and a second It may be loaded into the memory 312 based on a program for determining the relevance of a website, extracting information representing or characterizing a service provider, etc.).

The processor 314 may be configured to process instructions of a computer program by performing basic arithmetic, logic, and input/output operations. Commands may be provided to a user terminal (not shown) or another external system by the memory 312 or communication module 316. For example, the processor 314 may determine whether the first verification message and the second verification message match. In this case, in response to determining whether the first verification message matches the second verification message, the determination result may be provided to the user terminal.

The communication module 316 may provide a configuration or function for a user terminal (not shown) and the computing device 310 to communicate with each other through a network, and the computing device 310 may be configured to communicate with an external system (e.g., a separate cloud system). etc.) may provide a configuration or function for communication. For example, control signals, commands, data, etc. provided under the control of the processor 314 of the computing device 310 pass through the communication module 316 and the network to the user terminal and/or the communication module of the external system. and/or transmitted to an external system.

Additionally, the input/output interface 318 of the computing device 310 may be connected to the computing device 310 or may be a means for interfacing with a device (not shown) for input or output that the computing device 310 may include. . In FIG. 3 , the input/output interface 318 is shown as an element configured separately from the processor 314, but the present invention is not limited thereto, and the input/output interface 318 may be included in the processor 314. Computing device 310 may include more components than those of FIG. 3 . However, there is no need to clearly show most prior art components.

The processor 314 of the computing device 310 may be configured to manage, process, and/or store information and/or data received from a plurality of user terminals and/or a plurality of external systems. According to one embodiment, processor 314 may receive a second verification message. Thereafter, the processor 314 may determine whether the first verification message and the second verification message stored in the memory 312 of the computing device 310 match.

4 is a flowchart of an example of a website verification method according to an embodiment of the present disclosure. Computing device 410 associated with a service provider may be a computing device used by the service provider. Here, the computing device may correspond to the computing device 310 described with reference to FIG. 3 or may include the computing device 310.

The computing device 410 associated with the service provider may create a first website (S402). For example, the service provider may create a first website by inputting information about the first website through the computing device 410 associated with the service provider. Alternatively, computing device 410 associated with the service provider may receive information regarding the first website created.

The computing device 410 associated with the service provider may transmit URL information of the first website and first content disclosed on the first website to the information processing system 420 (S410). Afterwards, the information processing system 420 may store the received URL information and first content of the first website. Specifically, when receiving a plurality of pairs of URL information of the first website and first content, the information processing system 420 may classify and store the received information by service provider.

The user terminal 430 can access the second website (S412). For example, the second website may be a phishing website or a legitimate website. As another example, the second website may be a first website provided by a service provider. However, the second website is not limited to this and may be one of the websites accessible through the user terminal 430.

In one embodiment, the website verification application in the user terminal 430 may determine whether the second website is associated with a predetermined service provider (S414). Here, the user terminal 430 may receive information about the predetermined service provider (for example, the name, product name, brand name, etc. of the predetermined service provider). Specifically, the website verification application may determine whether at least one of the URL information of the second website or the second content disclosed on the second website is associated with a predetermined service provider. For example, if the URL of the second website includes the name of a predetermined service provider, it may be determined that the URL information of the second website and the predetermined service provider are associated. Additionally, when the second content includes one or more names of a predetermined service provider, it may be determined that the second content and the predetermined service provider are associated. In another example, when the second content includes a product name, brand name, service name, etc. provided by a predetermined service provider, it may be determined that the second content and the predetermined service provider are associated. However, it is not limited to this, and it can be determined whether the second website is associated with a predetermined service provider in various ways.

In one embodiment, when it is determined that the second website is associated with a predetermined service provider, the user terminal 430 may transmit the URL information of the second website and the second content to the information processing system 420. (S420). In another embodiment, the user terminal 430 may transmit URL information of the second website to the information processing system 420. Afterwards, the information processing system 420 may access the second website using the URL information of the second website and obtain the second content disclosed on the second website.

The information processing system 420 may determine whether the service provider and the second website are related (S422). Thereafter, the information processing system 420 may transmit the result of determining whether the service provider and the second website are related to the user terminal 430. Specifically, the information processing system 420 may transmit information indicating one of a phishing website determination, a suspicious website determination, or an official website determination in response to the determination result. The detailed process and result of determining whether the service provider is related to the second website are described with reference to FIGS. 5 and 6.

Figure 5 is a flowchart of an example of a website verification method according to an embodiment of the present disclosure. The information processing system 520 may determine whether the service provider and the second website are related. Specifically, the information processing system 520 may determine whether the URL information of the first website matches the URL information of the second website (S502). For example, the information processing system 520 may match the domain address and/or path address among the URL information of the second website with the domain address and/or path address among the URL information of the first website. It may be determined whether the URL information of the first website includes a domain address and/or a path address.

Additionally or alternatively, information processing system 520 may determine whether the URL information of the second website includes URL information of the first website. For example, URL information of the first website may be information corresponding to the host of the URL. In this case, it may be determined whether the URL information of the second website includes the URL information of the first website, which is information corresponding to the host.

The information processing system 520 may calculate the degree of association between the first content and the information representing or characterizing the service provider included in and/or extracted from the second content (S504). At this time, the information representing or characterizing the service provider may be information extracted and transmitted by the website verification application of the user terminal 530 or information extracted from the second content by the information processing system 520. Specifically, the information processing system 520 may use correlation analysis to calculate the correlation between the first content and information representing or characterizing the service provider. For example, the degree of relevance may include the degree to which information representing or characterizing the first content and the service provider is similar through natural language processing (NLP). In another example, the degree of relevance may include textual similarity of information representing or characterizing the first content and the service provider using text embedding. In another example, the degree of relevance may include a degree of similarity between an image included in the first content and an image included in information representing or characterizing the service provider. However, the connection analysis is not limited to this, and various methods may be selected that can indicate the degree to which information representing or characterizing the first content and the service provider are similar.

The information processing system 520 may determine whether the degree of association is greater than (or greater than or equal to) the predetermined first standard degree of association (S506). Here, the larger the value of the degree of relevance, the higher the correlation. Specifically, when the degree of association is determined to be greater than the predetermined first standard degree of association, it may be determined that the information representing or characterizing the service provider and the first content are related (S524).

When the information processing system 520 determines that the degree of association is less than or equal to (or a value smaller than) the predetermined first standard degree of association, the information processing system 520 determines that the degree of association is less than the predetermined second standard degree of association. It can be determined whether it is a large value (or a value greater than or equal to) (S508). In this case, the first reference degree of relevance may be a larger value than the second reference degree of relevance. Specifically, when the information processing system 520 determines that the degree of relevance is a value greater than (or a value greater than or equal to) the predetermined second standard degree of association, the information processing system 520 exchanges the URL information of the second website and the second content with the service provider. It can be transmitted to the associated computing device 510 (S510). When the information processing system 520 determines that the degree of correlation is less than or equal to (or a smaller value) than the predetermined second standard degree of relationship, the information processing system 520 determines that the first content is not related to the information indicating or characterizing the service provider. A decision can be made (S522).

In one embodiment, the computing device 510 associated with the service provider may examine whether the service provider and the second website are related based on the received URL information and second content of the second website. For example, computing device 510 associated with a service provider may store detailed information regarding a plurality of websites that the service provider uses to provide services. In this case, the computing device 510 associated with the service provider can examine in detail whether the service provider is related to the second website using the stored information. Afterwards, the computing device 510 associated with the service provider may transmit a review result regarding whether the service provider is related to the second website (S520). The information processing system 520 determines that the information representing or characterizing the service provider and the first content are unrelated (S522), or determines that there is no relationship based on the result of reviewing whether the service provider and the second website are related. It can be determined that it exists (S524).

In one embodiment, the information processing system 520 determines whether the URL information generated by performing step S502 matches, determines whether there is an association between the first content and the information representing or characterizing the service provider according to step S522 or S524. Based on the determination result, it can be determined whether the service provider is related to the second website. For example, if the URL information matches and the first content and the information representing or characterizing the service provider are determined to be related, information processing system 520 determines that the second website is related to the service provider. can be judged. As another example, if the URL information does not match and the first content and the information representing or characterizing the service provider are determined to be unrelated, the information processing system 520 determines that the second website is not related to the service provider. It can be determined that

In one example, the URL information does not match and the first content and the information representing or characterizing the service provider are determined to be related, or the URL information matches and the first content and the information representing or characterizing the service provider are determined to be related. If the information is determined to be unrelated, the information processing system 520 performs steps S510 and S520 to receive a review result of whether the service provider and the second website are related from the computing device 510 associated with the service provider. can do. Thereafter, it may be determined whether the service provider and the second website are related based on the received review results.

In another example, if the URL information does not match and the information representing or characterizing the first content and the service provider is determined to be relevant, or if the URL information matches and the information representing or characterizing the first content and the service provider is determined to be relevant. If it is determined that there is no correlation, the information processing system 520 can determine whether the service provider and the second website are related according to the degree of correlation. In this way, the information processing system 520 connects the service provider and 2 It is possible to determine whether there is relevance to the website.

In one embodiment, the information processing system 520 may generate information representing one of a phishing website determination, a suspicious website determination, or a legitimate website determination as a result of the determination of whether the service provider is related to the second website. there is. For example, if the information processing system 520 determines that there is a relationship between the service provider and the second website, a determination result may be generated that the second website corresponds to an official website. Additionally, when the information processing system 520 determines that there is a relationship between the service provider and the second website, a determination result that the second website corresponds to a phishing website may be generated. As another example, if the URL information does not match and the information representing or characterizing the first content and the service provider is determined to be related, or if the URL information matches and the information representing or characterizing the first content and the service provider is determined to be related, If it is determined that there is no correlation, the information processing system 520 may generate a determination result that the second website corresponds to a suspected phishing website. As another example, if the degree of association is determined to be smaller than the first standard degree of association and greater than the second standard degree of association, the information processing system 520 does not perform steps S510 and S520, and the second website is the suspect website. A determination result that corresponds to can be generated.

Alternatively, the information processing system 520 may not generate a determination result corresponding to a suspicious website, but only generate a determination result corresponding to a phishing website determination or a legitimate website. Specifically, in the examples described above, when the information processing system 520 determines that it corresponds to a suspicious website, the information processing system 520 does not determine that it corresponds to a suspicious website but corresponds to a phishing website. It can be determined that it is a website or that it is an official website.

The information processing system 520 provides the user terminal 530 with information indicating one of a phishing website determination, a suspicious website determination, or an official website determination as a result of determining whether the service provider is related to the second website. You can do it (S540). In one embodiment, the information processing system 520 may provide a correlation degree to the user terminal 530 along with the website determination result. The user terminal 530 may output an analysis result for the second website based on the provided correlation. The analysis results will be described in detail with reference to FIG. 6.

If it is unclear whether the information processing system 520 determines whether the second website is associated with the service provider, it transmits information associated with the second website to the computing device 510 associated with the service provider to determine whether the second website is associated with the service provider. The relevance of the service provider may be reviewed. That is, the website verification method according to the present disclosure can accurately determine whether the second website is related to the service provider by using the computing device 510 associated with the service provider.

FIG. 6 is a diagram illustrating an example of an interface of a user terminal that receives information about a phishing website determination according to an embodiment of the present disclosure. In one example, the user terminal may receive information regarding the phishing website determination from the information processing system. Afterwards, the user terminal may output a warning indicating that it is a phishing website.

Referring to FIG. 6 , the first example 600 may represent an interface in which a pop-up window 610 is output on a user terminal. The pop-up window 610 may include a warning indicating that the website being accessed by the user terminal is a phishing website. The user can confirm that the website being accessed is a phishing website through the pop-up window 610.

The user terminal may receive the correlation from the information processing system. The user terminal may output an analysis result 612 for the website being accessed based on the degree of relevance. For example, if the degree of association in the case where the first content disclosed on the first website and the content disclosed on the website being accessed are completely identical, the user terminal analyzes the ratio corresponding to the received degree of association as an analysis result ( 612).

The user terminal may output an object related to the execution of the website verification service. Referring to FIG. 6, when the user terminal receives an input regarding the first object 614, a warning indicating that it is a phishing website can be removed. In this case, the user terminal accesses a site related to the website being accessed (e.g., a linked website that can be accessed through a link disclosed on the website being accessed, a website with the same domain address as the website being accessed, etc.) In this case, the website verification method may not be executed for the newly accessed website. When the user terminal receives an input regarding the second object 616, a warning indicating that it is a phishing website can be removed. In this case, when the user terminal accesses a website related to the website being accessed, the website verification method may be repeatedly executed for the newly accessed website.

Without being limited to what is shown in FIG. 6, a warning may be provided in various ways through which the user can confirm that it is a phishing website. For example, the user terminal may forcefully close the web browser in response to receiving information indicating a phishing website. As another example, the user terminal may output a warning sound in response to receiving information indicating a phishing website.

In one example, the user terminal may output a warning identical to the warning indicating a phishing website in response to receiving information indicating a suspicious website. In another example, when the user terminal receives information indicating an official website, a warning may not be output. In another example, when receiving information indicating an official website, the user terminal may output information indicating that it is an official website (for example, through a pop-up window) in response. However, it is not limited to this, and various methods can be used to allow the user to confirm that it is a phishing website, a suspicious website, or an official website.

With this configuration, the user can check whether the website being accessed from the user terminal is a phishing website or a legitimate website. After the user stops repetitive website verification by performing a certain input, the user can examine in detail the website determined to be a phishing website. Additionally, even if there is an error in determining the phishing website (for example, when a website is determined to be a phishing website even though it is an official website), the user may be able to continue using the website. In this way, the website verification method according to the present disclosure can maintain user safety and security while simultaneously increasing user convenience.

Figure 7 is a flowchart illustrating an example of a website verification method 700 according to an embodiment of the present disclosure. According to one embodiment, the website verification method 700 may be performed by at least one processor of a computing device associated with a user terminal, an information processing system, and a service provider. The website verification method 700 may be initiated by the processor receiving URL (Uniform Resource Locator) information of the first website and first content disclosed on the first website from a computing device associated with the service provider (S710).

In one embodiment, the processor may receive URL information of the second website and second content disclosed on the second website from the user terminal (S720). Here, the second content may include information representing or characterizing the service provider extracted from the second content.

In one embodiment, the processor may determine whether the service provider and the second website are related based on the URL information of the first website, the URL information of the second website, the first content, and the second content (S730 ). Additionally, the processor may determine whether the URL information of the first website matches the URL information of the second website or determine whether the URL information of the second website includes URL information of the first website. Additionally, the processor may determine whether there is a correlation between the first content and information representing or characterizing the service provider. Thereafter, the processor will determine whether the service provider is related to the second website based on the result of determining whether the URL information matches and the result of determining whether the information representing or characterizing the service provider is related to the first content. You can.

Additionally, the processor may use correlation analysis to calculate the correlation between the first content and information representing or characterizing the service provider. Additionally, the processor may determine that the information representing or characterizing the service provider and the first content are related if the degree of association is greater than the first predetermined reference degree of association.

Specifically, the processor may determine that the first content is unrelated to the information representing or characterizing the service provider if the degree of association is less than or equal to a second predetermined reference degree of association. Additionally, the processor may provide URL information and second content of the second website to the computing device when the degree of association is greater than the second standard degree of association and less than or equal to the first standard degree of association.

In one embodiment, in response to determining whether the service provider is related to the second website, the processor may provide the user terminal with information indicating one of a phishing website determination, a suspicious website determination, or a legitimate website determination. there is. Additionally, the processor may provide information indicating one of a phishing website determination, a suspicious website determination, or an official website determination, and the calculated correlation to the user terminal.

In one embodiment, through a verification application on the user terminal, it is determined whether at least one of the URL information or the second content of the second website is associated with a predetermined service provider, and the URL information or the second content of the second website is determined. Only when at least one of them is determined to be associated with a predetermined service provider, URL information and second content of the second website can be received from the user terminal.

The above-described method may be provided as a computer program stored in a computer-readable recording medium for execution on a computer. Media may be used to continuously store executable programs on a computer, or may be temporarily stored for execution or download. Additionally, the medium may be a variety of recording or storage means in the form of a single or several pieces of hardware combined. It is not limited to a medium directly connected to a computer system and may be distributed over a network. Examples of media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, and There may be something configured to store program instructions, including ROM, RAM, flash memory, etc. Additionally, examples of other media include recording or storage media managed by app stores that distribute applications, sites or servers that supply or distribute various other software, etc.

The methods, operations, or techniques of this disclosure may be implemented by various means. For example, these techniques may be implemented in hardware, firmware, software, or a combination thereof. Those skilled in the art will understand that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented in electronic hardware, computer software, or combinations of both. To clearly illustrate this interchange of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the specific application and design requirements imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementations should not be interpreted as causing a departure from the scope of the present disclosure.

In a hardware implementation, the processing units used to perform the techniques may include one or more ASICs, DSPs, digital signal processing devices (DSPDs), programmable logic devices (PLDs). ), field programmable gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, electronic devices, and other electronic units designed to perform the functions described in this disclosure. , a computer, or a combination thereof.

Accordingly, the various illustrative logical blocks, modules, and circuits described in connection with this disclosure may be general-purpose processors, DSPs, ASICs, FPGAs or other programmable logic devices, discrete gate or transistor logic, discrete hardware components, or It may be implemented or performed as any combination of those designed to perform the functions described in. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, such as a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other configuration.

For firmware and/or software implementations, techniques include random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), and PROM ( on computer-readable media such as programmable read-only memory (EPROM), electrically erasable PROM (EEPROM), flash memory, compact disc (CD), magnetic or optical data storage devices, etc. It may also be implemented as stored instructions. Instructions may be executable by one or more processors and may cause the processor(s) to perform certain aspects of the functionality described in this disclosure.

When implemented in software, the techniques described above may be stored on or transmitted through a computer-readable medium as one or more instructions or code. Computer-readable media includes both computer storage media and communication media, including any medium that facilitates transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a computer. By way of non-limiting example, such computer readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or the desired program code in the form of instructions or data structures. It can be used to transfer or store data and can include any other media that can be accessed by a computer. Any connection is also properly termed a computer-readable medium.

For example, if the Software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair cable, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, , fiber optic cable, twisted pair, digital subscriber line, or wireless technologies such as infrared, radio, and microwave are included within the definition of medium. As used herein, disk and disk include CD, laser disk, optical disk, digital versatile disc (DVD), floppy disk, and Blu-ray disk, where disks are usually magnetic. It reproduces data optically, while discs reproduce data optically using lasers. Combinations of the above should also be included within the scope of computer-readable media.

A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM, or any other form of storage medium known. An exemplary storage medium may be coupled to the processor such that the processor may read information from or write information to the storage medium. Alternatively, the storage medium may be integrated into the processor. The processor and storage media may reside within an ASIC. ASIC may exist within the user terminal. Alternatively, the processor and storage medium may exist as separate components in the user terminal.

Although the above-described embodiments have been described as utilizing aspects of the presently disclosed subject matter in one or more standalone computer systems, the disclosure is not limited thereto and may also be implemented in conjunction with any computing environment, such as a network or distributed computing environment. . Furthermore, aspects of the subject matter of this disclosure may be implemented in multiple processing chips or devices, and storage may be similarly effected across the multiple devices. These devices may include PCs, network servers, and portable devices.

Although the present disclosure has been described in relation to some embodiments in this specification, various modifications and changes may be made without departing from the scope of the present disclosure as can be understood by a person skilled in the art to which the invention pertains. Additionally, such modifications and changes should be considered to fall within the scope of the claims appended hereto.

110: user
120: user terminal
130: User interface
132: Message
134: Notification window

Claims (10)

A method for verifying a website provided to a user, performed by at least one processor, comprising:
Receiving Uniform Resource Locator (URL) information of a first website and first content disclosed on the first website from a computing device associated with a service provider;
Receiving URL information of a second website and second content disclosed on the second website from a user terminal;
Determining whether the service provider and the second website are related based on the URL information of the first website, the URL information of the second website, the first content, and the second content - the second the content includes information representing or characterizing the service provider extracted from the second content; and
determining whether there is a correlation between the first content and information representing or characterizing the service provider.
Including,
The step of determining whether the first content is related to the information representing or characterizing the service provider includes:
calculating a correlation between the first content and information representing or characterizing the service provider using correlation analysis;
determining that information representing or characterizing the service provider and the first content are related when the degree of association is greater than a predetermined first reference degree of association;
determining that information representing or characterizing the service provider and the first content are unrelated when the degree of association is less than or equal to a predetermined second reference degree of association; and
If the degree of association is greater than the second reference degree and less than or equal to the first standard degree of association, providing the URL information of the second website and the second content to the computing device.
Including,
Through the verification application of the user terminal, it is determined whether at least one of the URL information of the second website or the second content is associated with a predetermined service provider,
Only when it is determined that at least one of the URL information of the second website or the second content is associated with the predetermined service provider, the URL information of the second website and the second content are received from the user terminal. , how to verify a website.
delete According to paragraph 1,
The step of determining whether the service provider is related to the second website is,
determining whether the URL information of the first website matches the URL information of the second website or determining whether the URL information of the second website includes URL information of the first website; and
Based on the result of determining whether the URL information matches and the result of determining whether the information representing or characterizing the service provider is related to the first content, determining whether the service provider is related to the second website step
Including, website verification method.
delete delete According to paragraph 1,
In response to determining whether the service provider is related to the second website, providing information indicating one of a phishing website determination, a suspicious website determination, or an official website determination to the user terminal.
A website verification method further comprising:
According to clause 6,
The step of providing information indicating one of the phishing website determination, suspicious website determination, or official website determination to the user terminal.
Providing information indicating one of the phishing website determination, suspicious website determination, or official website determination and the calculated correlation to the user terminal.
A website verification method further comprising:
delete A computer program stored in a computer-readable recording medium for executing the method according to any one of claims 1, 3, 6, and 7 on a computer.
As an information processing system,
communication module;
Memory; and
At least one processor connected to the memory and configured to execute at least one computer-readable program included in the memory
Including,
The at least one program is,
receive URL information of the first website and first content disclosed on the first website from a computing device associated with the service provider;
Receiving URL information of a second website and second content disclosed on the second website from the user terminal,
Determine whether the service provider and the second website are related based on the URL information of the first website, the URL information of the second website, the first content, and the second content, and - the second content includes information representing or characterizing the service provider, extracted from the second content -,
Includes instructions for determining whether there is a correlation between the first content and information representing or characterizing the service provider,
Determining whether the first content and information representing or characterizing the service provider are related includes:
Using correlation analysis, calculate the correlation between the first content and information representing or characterizing the service provider,
If the degree of association is greater than a predetermined first reference degree of association, determining that the information representing or characterizing the service provider and the first content are related,
If the degree of association is less than or equal to a predetermined second reference degree of association, determining that the information representing or characterizing the service provider and the first content are unrelated,
When the degree of relevance is greater than the second reference degree and less than or equal to the first standard degree of association, providing URL information of the second website and the second content to the computing device,
Through the verification application of the user terminal, it is determined whether at least one of the URL information of the second website or the second content is associated with a predetermined service provider,
Only when it is determined that at least one of the URL information of the second website or the second content is associated with the predetermined service provider, the URL information of the second website and the second content are received from the user terminal. , information processing system.

Images