JP2007115279A - Electronic mail system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To automatically register a necessary public key in a public key database without placing a burden on a manager of an electronic mail system shared by a plurality of users. <P>SOLUTION: The electronic mail system 10 attains: a public key verification means for verifying validity of a public key attached to a received e-mail; an address determination means for determining whether or not a domain of an e-mail address corresponding to the public key attached to the e-mail is registered in a domain registration means and a public key registration means for registering the public key in an address public key storage means by associating the public key with the e-mail address when the public key is determined to be valid by the public key verification means and the domain of the e-mail address corresponding to the public key is determined to exist in the domain registration means by the domain determination means by a program performed by a CPU 11. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an electronic mail apparatus that transmits and receives encrypted electronic mail using a public key cryptosystem, and more particularly to registration management of a public key corresponding to a destination mail address.

  In recent years, Internet facsimile machines that transmit and receive image data over the Internet using electronic mail have been put into practical use. In this Internet facsimile machine, image data is attached to an e-mail as a TIFF (Tagged Image File Format) format file. The technical contents related to the Internet facsimile machine are defined in RFCs (Request For Comment) 2301 to 2306 issued by the Internet Engineering Task Force (IETF) which is an Internet technology standardization organization.

  With the spread of the Internet, electronic mail devices such as Internet / facsimile devices have come to be used in the field of business and electronic commerce.

  However, since e-mails are stored and transferred sequentially to a destination via a large number of unspecified mail servers on the Internet, e-mails are wiretapped, tampered with, or sent on the Internet communication path or on the way. There is a problem when using an electronic mail apparatus such as an Internet / facsimile apparatus at a business or electronic commerce site.

  As a method of solving this problem, there is a method of using an encrypted electronic mail using a public key encryption technique, a common key encryption technique, or a message digest technique. By using the encrypted e-mail, it becomes possible to realize functions of e-mail encryption, falsification detection, and sender authentication with an e-mail apparatus such as the Internet / facsimile apparatus.

  Conventionally, S / MIME (Secure MIME) and PGP / MIME (Pretty Good Privacy MIME), which can handle encrypted email using the MIME (Multipurpose Internet Mail Extension) function, have been widely used as encrypted email. Yes.

  S / MIME currently has version 2 and version 3, and their technical contents are defined in RFC 2311 to RFC 2312 and RFC 2632 to RFC 2633 of IETF, respectively. The technical contents of PGP / MIME are defined in RFC 1991, 2015 of IETF.

  Of these, S / MIME uses the public key infrastructure of Recommendation X.509 defined by the International Telecommunication Union (ITU), and is adaptable for use in the business and electronic commerce fields. ing. In the X.509 public key infrastructure, the certificate authority (CA) guarantees the correspondence between the name and email address of a user or device called an entity and the public key, and the certificate authority is the private key of the certificate authority. It is a mechanism that issues a public key certificate that is digitally signed to the name, email address, and public key.

  On the other hand, unlike S / MIME, PGP / MIME has a mechanism that guarantees the correspondence between the name and email address of the entity that is a user or device and the public key as a certifier by another entity rather than a certificate authority. It is adaptable when encrypted email is easily used in small groups or organizations.

  When an encrypted email function such as S / MIME or PGP / MIME is used to encrypt the content of the email and send it to the destination, a destination public key corresponding to the destination is required.

  Here, as a method for acquiring a public key of a destination, (1) a method of acquiring from a public key of a destination attached to an e-mail received from a destination such as a signed e-mail, and (2) public disclosure outside the apparatus There is a way to get it from a key server.

  In the method (1), when an e-mail attached with a public key is received, the validity of the public key is verified, and if it is valid, it is stored in the public key database of its own device. When the electronic mail is encrypted and transmitted to the destination, the public key stored in the public key database of the own device is referred to and used.

  In this method, since the destination public key is stored in the public key database of the own device, there is an advantage that the overhead for obtaining the public key is small compared to the method (2). It is necessary to prepare the public key necessary for.

  In method (2), each time an e-mail is encrypted and sent to a destination, an external public key server is accessed, the destination public key is obtained from the public key server, and its validity is verified. Then use it.

  In this method, it is only necessary to store the public key of the authenticator and the public key of the own device in the public key database of the own device, and it is not necessary to store the public key of the e-mail transmission destination on the device side. Therefore, there is an advantage that the capacity of the public key database of the apparatus can be reduced as compared with the method (1), but since the e-mail is encrypted and transmitted to the destination, the public key server must be accessed. There is a problem that the overhead related to access to the public key server is large. In addition, since there is a possibility that the public key cannot be acquired and the encrypted electronic mail cannot be transmitted due to a failure of the public key server or concentration of load, it is usually used in combination with the method of (1).

  Conventionally, for example, application software (generally called a mailer) that runs on a personal computer such as Netscape Messenger of the US Netscape Messenger or Outlook Express of the US Microsoft Corporation as an S / MIME-compliant e-mail device. is there.

  In these application softwares, when a signed e-mail containing a public key certificate is received, if the user confirms the signature, a confirmation is made as to whether or not to register the public key certificate in the certificate database. When the user accepts the registration, the public key certificate is registered in the mailer's certificate database, and the certificate is sent when sending encrypted mail to the destination. Use the public key certificate in the database.

  Patent Document 1 discloses an offline mail transmission operation for searching for a public key from an external public key server only when the destination public key is first searched in the public key database of its own device and is not found there. A possible electronic mail transmission device is disclosed.

JP 2000-49850 A

  In the conventional e-mail device described above, it is assumed that the user also operates e-mail reception like a personal computer or a mobile computer, and an e-mail with a public key attached is used. If it is received, a decision on whether or not to register the public key in its own public key database, and the deletion of a public key that has expired due to expiration of the validity period, etc. Management is performed by the user each time.

  However, in an electronic mail apparatus such as an Internet facsimile machine in which a plurality of users share the apparatus, it is assumed that the apparatus automatically processes the reception of the electronic mail without intervention of the user. . For this reason, each time the device receives an e-mail with a public key attached, the administrator determines whether to register the public key in the device's public key database, or the administrator periodically Management of the public key database, such as checking whether there is a revoked public key in the device's public key database and deleting the revoked public key, is a heavy burden on the administrator and cannot be performed in practice. There is.

  As a method for solving this problem, there has also been proposed an e-mail device that automatically registers all public keys in its own public key database when an e-mail attached with a public key is received. However, in this case, until the administrator deletes an unnecessary public key from the device public key database, unnecessary public keys are registered in the device public key database more and more, and the public key database capacity is depleted. In addition, since many unnecessary public keys are registered, there is a problem that it takes a long time to search for a desired public key.

  Further, in a conventional electronic mail apparatus, even if a public key database is provided inside the apparatus and the public key can be acquired from an external public key server, a desired destination is stored in the public key database of the apparatus. The public key of the destination is acquired from the external public key server only when there is no public key of the user, or the public key is specified by the user one by one from the external public key server and the public key of the device is specified. Since it could only be registered in the database, frequently receive emails with public keys of all destinations used, or specify the destinations one by one and external public keys If the public key server does not register the device in the public key database of the device, the public key database required for the device public key database is stored even if all the public keys required for the external public key server are stored. There arises a problem that the key opening cannot be registered.

  The present invention has been made in view of such problems, and an object thereof is necessary for a public key database of an electronic mail apparatus without imposing a burden on an administrator of the electronic mail apparatus shared by a plurality of users. An electronic mail apparatus capable of automatically setting and registering only a public key is provided.

  Another object of the present invention is to automatically manage the public key database so that only a valid public key is held in the public key database of the electronic mail device without burdening the administrator. It is to provide a possible electronic mail device.

  In order to achieve the above object, in the electronic mail apparatus according to claim 1, the address public key storage means stores the mail address and public key of the destination of the electronic mail, and the domain registration means permits automatic registration of the public key. Or register domain information for prohibited email addresses. When the e-mail with the public key attached is received by the mail receiving means, the validity of the public key attached to the e-mail is verified by the public key verifying means, and the domain of the mail address corresponding to the public key is verified by the domain determining means. Is registered in the domain registration means. If the domain of the email address corresponding to the valid public key is registered in the domain registration means and has a permission attribute, the public key registration means associates the public key with the email address. If the domain registered in the address public key storage unit and the domain registered in the domain registration unit has a prohibited attribute, the public key registration unit does not register the public key. As a result, when it is necessary to communicate with an organization or company with a specific domain name by encrypted email, or when it is not necessary to communicate with an organization with a specific domain name by encrypted email. Accordingly, it is possible to set an environment in which a necessary public key is automatically registered in the address public key storage means and an electronic mail is encrypted and transmitted.

  In the electronic mail apparatus according to claim 2, the electronic mail apparatus according to claim 1 is revoked even if the public key corresponding to the mail address of the received or acquired public key is already registered in the address public key storage means. If the determination unit determines that the public key already registered has expired, the public key registration unit registers and updates the received or acquired public key, and is registered in the address public key storage unit. A revoked public key can be automatically updated to a valid public key.

  In the electronic mail apparatus according to claim 3, in the electronic mail apparatus according to claim 1, it is determined whether the public key already registered by the revocation determining means has expired, and the public key deleting means has already been registered. Since the revoked public key is deleted, the revoked public key remains registered in the address public key storage means, and it is possible to prevent the storage capacity of the address public key storage means from being wasted. .

  The electronic mail apparatus according to claim 4, wherein in the electronic mail apparatus according to claim 3, when the public key deleting means deletes the revoked public key that has already been registered, the deletion notifying means notifies the administrator of the address public key. Since the notification that the public key has been deleted from the storage means is made, the administrator can know that the public key has been deleted from the address public key storage means of the apparatus.

  In the electronic mail apparatus according to claim 5, in the electronic mail apparatus according to any one of claims 1 to 4, an administrator sets an authenticator who permits registration of a public key by an authenticator registration unit. And the public key registration unit registers only the public key set in the certifier setting unit among the received or acquired public keys in the address public key storage unit. Even when the key is received or acquired, only the public key authenticated by the certifier authorized by the administrator is automatically registered in the address public key storage means, and the public key authenticated by the unauthorized certifier is not registered. It is possible to prevent an operation unintended by the administrator from being registered in the address public key storage means.

  The electronic mail device according to claim 6, wherein the administrator permits the registration of the public key for each mail address by the address authenticator setting means in any one of the electronic mail devices according to claims 1 to 4. If the certifier is set, the public key registration means will only receive the public key that has been authenticated by the certifier set in the address certifier setting means for the mail address among the received or acquired public keys. Because it is registered in the address public key storage means, it becomes possible to automatically register only the public key authenticated by the desired certifier for each e-mail address, and e-mail using a public key with a different certifier for each e-mail address. Can be encrypted and transmitted.

  The electronic mail apparatus according to claim 7, wherein the administrator sets the public key encryption method that permits the registration of the public key by the encryption method setting means in any of the electronic mail devices according to claims 1 to 4. Then, the public key registration means registers only the public key whose encryption method is set in the encryption method setting means, among the received or acquired public keys, in the address public key storage means. Only the public key of the cryptographic method permitted by the public key is automatically registered in the address public key storage unit, and the public key of the cryptographic method not permitted can be prevented from being registered in the address public key storage unit.

  According to an eighth aspect of the present invention, in the electronic mail device according to the seventh aspect, the encryption method automatic setting means acquires a public key encryption method that can be processed by the device, and the encryption method setting means receives the encryption method. Since the encryption method is automatically set, only the encryption method public key that can be processed by the device is automatically registered in the address public key storage unit, and the encryption method public key that cannot be processed by the device is registered in the address public key storage unit. Can be prevented.

  The electronic mail apparatus according to claim 9 is the electronic mail apparatus according to any one of claims 1 to 4, wherein an administrator sets an encryption method of a public key for each mail address by an address encryption method setting means. Then, the public key registration unit registers only the public key of the encryption method set in the address encryption method setting unit for the mail address among the received or acquired public keys in the address public key storage unit. Only the public key of the desired encryption method can be automatically registered for each mail address, and the public key of the encryption method that is not permitted for each mail address can be prevented from being registered in the address public key storage means.

  The electronic mail apparatus according to claim 10 is the electronic mail apparatus according to any one of claims 1 to 4, wherein an administrator permits the public key to be automatically registered by the key length setting means. When the comparison determination condition is set, the public key registration unit compares the key length of the received or acquired public key with the key length set in the key length setting unit, and the key length setting unit Since the public key is registered in the address public key storage means when it matches the comparison judgment condition set in the above, only the public key of the key length condition permitted by the administrator is automatically registered in the address public key storage means, It becomes possible to prevent a public key having an unpermitted key length from being registered in the address public key storage means. As a result, it is possible to cope with, for example, prohibiting registration of a public key having a short key length with weak encryption strength.

  In the electronic mail apparatus according to claim 11, in the electronic mail apparatus according to claim 10, the key length automatic setting means further acquires a maximum key length of a public key that can be processed by the apparatus, and the key length setting means Since the maximum key length and the comparison judgment condition are automatically set, only the public key having the maximum key length that can be processed by the device is automatically registered in the address public key storage means, and the public key having the key length that cannot be processed by the device Can be prevented from being registered in the address public key storage means.

  The electronic mail apparatus according to claim 12, wherein in the electronic mail apparatus according to any one of claims 1 to 4, the administrator permits automatic registration of a public key for each mail address by an address key length setting means. If the key length of the key and the comparison determination condition are set, the public key registration means sets the key length of the received or acquired public key to the address key length setting means for the mail address. Only when the comparison judgment condition set by the address key length setting means is matched with the registered key length, it is registered in the address public key storage means. It is possible to prevent the public key having a key length that is registered and not permitted for each mail address from being registered in the address public key storage means. As a result, it is possible to cope with, for example, prohibiting registration of a public key having a short key length with weak encryption strength.

  In the electronic mail apparatus according to claim 13, in the electronic mail apparatus according to any one of claims 1 to 12, when the public key is automatically registered in the address public key storage means, the registration notification means notifies the administrator. Since the notification to that effect is given, the administrator can know that the public key is registered in the address public key storage unit of the apparatus.

  14. The electronic mail device according to claim 14, wherein in the electronic mail device according to any one of claims 1 to 13, the public key registration means is configured such that the free space of the address public key storage means becomes a predetermined value or less. In addition, since the registration of the public key in the address public key storage unit is stopped, the storage capacity of the address public key storage unit can be prevented from being exhausted, and the apparatus can be prevented from being stopped. It is possible to leave an area for registering.

  As described above, the electronic mail apparatus of the present invention can automatically set and register only the public key necessary for the public key database of the electronic mail apparatus without burdening the administrator. Further, the electronic mail apparatus of the present invention can automatically manage the public key database so that only a valid public key is held in the public key database of the electronic mail apparatus without burdening the administrator. it can.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing a schematic configuration and a network configuration of an electronic mail apparatus 10 according to the first and second embodiments of the present invention.

  In FIG. 1, reference numeral 11 denotes a CPU, which controls this apparatus according to a program stored in the ROM 13. Reference numeral 12 denotes an address / data bus, which communicates data by connecting to each part to be controlled by the CPU 11. Reference numeral 13 denotes a ROM (Read Only Memory) in which various programs relating to control of the electronic mail device 10, encryption and decryption of electronic mail, and transmission / reception of electronic mail are stored.

  In the present embodiment, as various programs, public key verification means (performs processing for verifying the validity of the public key attached to the received e-mail), address determination means (corresponding to the public key attached to the e-mail) Processing to determine whether or not the e-mail address to be present exists in the hard disk (HD) 15 which is the address public key storage means of the own device), public key registration means (the public key is stored in the address public key according to a predetermined condition) Domain registration means (a domain that permits or prohibits registration of the public key in the address public key storage means among the domain information of the mail address corresponding to the public key attached to the e-mail) Domain registration means (the domain of the email address corresponding to the public key attached to the email is the domain). Process for determining whether or not it is registered in the domain registration means), registration instruction means (process for instructing registration of public key), public key acquisition means (address to the registration instruction means based on the instruction) The public key corresponding to the e-mail address registered in the public key storage means is acquired from an external public key server.) Revocation determination means (revocation of the public key stored in the address public key storage means) Public key deletion means (performs processing for deleting the public key determined to have been revoked from the address public key storage means), deletion notification means (address public key storage means) If the public key is deleted from the device, the administrator is notified of that fact), the encryption method automatic setting means (obtains the public key encryption method that can be processed by the local device, and the encryption method setting means Automatic key length setting means (obtains the maximum key length of the public key that can be processed by its own device, and automatically sets the maximum key length in the key length setting means) .), Registration notifying means (when the public key is registered in the address public key storage means, processing for notifying the administrator is performed), inspection means (processing for checking the free capacity of the address public key storage means) Etc.).

  Reference numeral 14 denotes a RAM (Random Access Memory), which serves as a work memory during program execution and a communication buffer memory for sending and receiving e-mails. Reference numeral 15 denotes a hard disk (HD) that stores received e-mail data, an address book 100 that stores e-mail addresses and public keys of each destination, automatic registration permission condition data 110, automatic registration permission domain data 120, and an administrator. Various device setting parameters such as e-mail addresses are stored and saved.

  In the present embodiment, in the hard disk 15, an address public key storage means (a part for storing an e-mail destination mail address and a corresponding public key), an authenticator setting means (address public key storage means) Public key certifier that permits public key registration), address certifier setting means (part that sets public key certifiers that permit public key registration for each email address), encryption method setting means (The part that sets the public key encryption method that permits the registration of the public key in the address public key storage means), the address encryption method setting means (the public key encryption method that permits the registration of the public key for each mail address is set) Part), key length setting means (part for setting the key length of the public key permitting registration of the public key in the address public key storage means and the comparison judgment condition), address key length setting means It has a part) to set the comparison criterion with the key length of the public key that allows the registration of the public key to each e-mail address.

  A printer unit 16 prints out the text of the received electronic mail and the content of the attached image file. Reference numeral 17 denotes an operation display unit for displaying the status of the apparatus, registering an e-mail address in the address book 100, setting permission conditions in the address book 100 or automatic registration permission condition data 110, and registering in the automatic registration permission domain data 120. Set permitted domains and send emails.

  A scanner 18 reads image data of a document attached to an e-mail. Reference numeral 19 denotes a network interface, which is an interface for communicating with other electronic mail devices 21 connected on the network 30 and transmitting / receiving electronic mail.

  Reference numeral 20 denotes a timer for measuring time. Reference numeral 21 denotes a network, the electronic mail device 10 of the present embodiment, another electronic mail device 22 that communicates with the electronic mail device 10 of the present embodiment by electronic mail, and an X.509 public key infrastructure managed by a certificate authority. A public key server 23 storing a public key certificate based on the above is connected. In this embodiment, the X.509 public key infrastructure is used. However, the present invention is not limited to this, and other public key infrastructure such as PGP may be used.

  FIG. 2 is a diagram showing the data structure of the address book of the electronic mail apparatus 10 according to the first and second embodiments of the present invention. The administrator of the electronic mail apparatus 10 registers the frequently used mail address from the operation display unit 17, and thereafter refers to the mail address registered in the address book when transmitting an electronic mail. Set the destination.

  The address book 100 shown in FIG. 2 shows a state in which three mail addresses are registered as the mail address 101. The administrator can set the permitted certificate authority 102, the permitted encryption scheme 103, and the permitted key length condition 104 for each mail address from the operation display unit 17 as necessary. Here, the permitted certificate authority 102 indicates a certificate authority that permits automatic registration of a public key certificate corresponding to a mail address.

  In FIG. 2, CA # 1 is set as the permitted certificate authority for the mail address “ochaddress1 @ domainA” in the address book 100, and the issuer (certificate authority) is CA # 1 for this mail address. Only key certificates are permitted to be automatically registered, and public key certificates of other issuers (certificate authorities) are not automatically registered.

  Similarly, the permitted encryption method 103 indicates a public key encryption method that permits automatic registration of a public key certificate corresponding to a mail address. In FIG. 2, RSA is set as the permitted encryption method for the mail address “address1 @ domainA” in the address book 100, and the public key encryption method for this mail address is the RSA method. Only certain public key certificates are permitted to be automatically registered, and public key certificates of other public key cryptosystems are not automatically registered.

  Similarly, the permission key length condition 104 indicates the key length condition of the public key that permits automatic registration of the public key certificate corresponding to the mail address. In FIG. 2, for the mail address “address1 @ domainA” in the address book 100, (512, ==) is set as the permission key length condition, and only the public key certificate whose public key length is 512 bits. Are permitted to be automatically registered, and public key certificates having a public key with a key length that does not satisfy this condition are not automatically registered.

  Here, the permission key length condition is set in the format of (number of bits of public key, determination condition). As the determination condition, “==” (equal), “> =” (or higher), and “<=” (or lower) can be set.

  In the public key certificate field 105, the file name of the public key certificate corresponding to each mail address is set. In FIG. 2, the public key certificate of the mail address “address1 @ domainA” in the address book 100 is not registered, but the public key certificates of the mail addresses “address2 @ domainA” and “address3 @ domainB” are registered. Indicates the state.

  FIG. 3 is a diagram showing a configuration of the automatic registration permission condition data 110 of the electronic mail apparatus 10 according to the first and second embodiments of the present invention. Unlike the permission condition data for each mail address in the address book 100 (permitted certificate authority 102, permitted encryption scheme 103, permitted key length condition 104), the automatic registration permission condition data 110 is the address book 100 of the public key certificate in the entire apparatus. Data related to permission conditions for automatic registration.

  Regarding the permitted encryption method 112 and the permitted key length condition 113, after the electronic mail device 10 is turned on, the electronic device 10 automatically acquires the capability information on the encryption method and key length of the public key certificate that can be processed by the own device. To set.

  FIG. 5 is a flowchart showing an automatic setting operation of the permitted encryption method 112 and the permitted key length condition 113 of the electronic mail apparatus 10 according to the first and second embodiments of the present invention.

  In FIG. 5, first, in step S50, public key encryption capability information that can be processed by the own apparatus is acquired. Next, in step S51, the public key encryption method is set to the permitted encryption method 112 based on the public key encryption method capability information acquired in step S50. In step S52, the capability information of the key length of the public key that can be processed by the own device is acquired. In step S53, based on the capability information of the key length of the public key acquired in step S50, the key length condition of the public key is set as the permission key length condition 113.

  Further, the administrator can set the permitted certification authority 111, the permitted encryption method 112, and the permitted key length condition 113 for the entire apparatus from the operation display unit 17 as necessary.

  FIG. 4 is a diagram showing a configuration of the automatic registration permission domain data 120 of the electronic mail apparatus 10 according to the first and second embodiments of the present invention. The automatic registration permission domain data 120 indicates a domain of a mail address that permits automatic registration of the mail address and its public key certificate in the address book 100.

  The administrator can set the domain name of the mail address that permits automatic registration of the mail address and its public key certificate in the address book 100 from the operation display unit 17 as necessary.

  In FIG. 4, “domainC” is registered as the domain name. If the mail address of the subject of the public key certificate is “address4 @ domainC”, the domain name “domainC” is registered in the auto-registration allowed domain data 120. Automatic registration of “address4 @ domainC” and its public key certificate is permitted.

  If the domain name is not set in the automatic registration permission domain data 120, it means that the mail address and the public key certificate are not automatically registered from the domain name.

  In this embodiment, a domain name that allows automatic registration of public keys is set. However, a domain name that prohibits automatic registration of public keys is registered, and an e-mail address that does not have a prohibited domain name is registered. The public key certificate may be automatically registered.

  Next, processing when the electronic mail apparatus 10 according to the first embodiment of the present invention receives an electronic mail will be described with reference to the flowcharts of FIGS. 6 and 7. In the following description, reference numerals not shown in FIGS. 6 and 7 refer to FIG. 1 unless otherwise specified.

  When the network interface 19 receives the electronic mail, first, in step S10, it is checked whether or not the public key certificate is attached to the electronic mail.

  For example, if the e-mail conforms to S / MIME version 3, the public key certificate is set in the certificate field of the CMS (Cryptographic Message Syntax) object of the signature data type defined in RFC2630 Therefore, it is checked whether or not there is a public key certificate of the sender of the e-mail in this field.

  In this case, the e-mail sender's public key certificate is such that the e-mail address set in the subject alias of the X.509 public key certificate matches the e-mail sender's e-mail address. If it is determined in step S10 that the public key certificate is attached to the received mail, the process proceeds to step S11. If not, the process proceeds to step S24, and the received mail is printed.

  In step S11, it is verified whether the sender's public key certificate attached to the received mail is valid. The validity verification is performed by verifying an electronic signature of the issuer (certificate authority) of the public key certificate and checking that the public key certificate has expired.

  Next, in step S12, it is determined whether the public key certificate is valid based on the verification result in step S11. If the public key certificate is valid, the process proceeds to step S13, and if not, the process proceeds to step S24 to print the received mail.

  In step S13, it is determined whether the mail address of the subject of the public key certificate exists in the address book. The subject alias that is the email address of the subject of the public key certificate has already been confirmed to match the email address of the sender of the received email in step S10.

  If it is determined in step S13 that the e-mail address of the subject of the public key certificate exists in the address book, the process proceeds to step S15. If not, the process proceeds to step S14 to determine the automatic permission domain. .

  In step S <b> 14, it is determined whether the domain of the mail address of the subject of the public key certificate is registered in the public key certificate automatic registration permission domain data 120. If it is determined in step S14 that the domain of the e-mail address of the subject of the public key certificate is registered in the public key certificate automatic registration permission domain data 120, the process proceeds to step S15. The process proceeds to step S24.

  In step S 15, it is determined whether a public key certificate corresponding to the mail address of the subject of the public key certificate is registered in the address book 100. In FIG. 2, when the mail address is “address1 @ domainA”, the public key certificate has not been registered yet, and the public address certificate is stored in the mail address “address2 @ domainA” and the mail address “address3 @ domainB”. Indicates that it is registered.

  In step S15, if the public key certificate corresponding to the mail address has already been registered in the address book 100, the process proceeds to step S16, and if not, the process proceeds to step S18.

  Next, in step S18, it is checked whether the public key certificate already registered in the address book has expired. In Fig. 2, the public key certificate "CERT # 001" with the email address "address2 @ domainA" is registered. Check whether this public key certificate "CERT # 001" has expired due to expiration. Do.

  As a result, even if a public key certificate has already been registered in the address book 100, if the public key certificate has expired, the registered contents are updated with the new public key certificate. be able to.

  Step S17 is a step of determining whether or not the public key certificate corresponding to the mail address registered in the address book 100 has been revoked based on the result of the revocation check of the public key certificate in step S16. is there. If the public key certificate has expired, the process proceeds to step S17 and proceeds to the public key certificate registration process. If not, the process proceeds to step S24.

  Next, in step S18, the issuer (certificate authority) of the public key certificate to be registered is first permitted by the permitted certificate authority 111 of the registration permission condition data 110, and then, the address book 100 It is determined whether or not the authorized certificate authority 102 is authorized. Only when all the permitted certificate authorities 102 are permitted, it is determined that they are permitted. When there is no setting data in the permitted certificate authority 102, it means that all the authenticators are permitted.

  Here, if the certificate authority (CA # 2) of the public key certificate of the e-mail address “address1 @ domainA” to be registered is CA # as the certificate authority in the permitted certificate authority 111 of the registration permission condition data 110 1 and CA # 2 are permitted, but only CA # 1 is permitted and CA # 2 is not permitted as the permitted certificate authority 102 for the mail address “address1 @ domainA” in the address book 100. The public key certificate of # 2) will not be registered.

  Next, in step S19, the issuer (certificate authority) of the public key certificate to be registered is first permitted by the permitted encryption scheme 112 of the registration permission condition data 110, and then, the address book 100 It is determined whether the permitted encryption method 112 is permitted. Only when it is permitted in all of the permitted encryption schemes 112 and 103, it is determined that it is permitted. Here, if there is no setting data in the permitted encryption schemes 103 and 112, it means that all encryption schemes are permitted.

  Here, when the encryption method of the public key certificate of the email address “address1 @ domainA” to be registered is the DH (Diffie Hellman) method, the encryption method is used as the encryption method in the permission encryption method 112 of the registration permission condition data 110. RSA and DH are permitted, but only RSA is permitted and DH is not permitted as the permitted encryption method 103 for the mail address “address1 @ domainA” in the address book 100, so the public key certificate of the encryption method DH is registered. It will not be allowed.

  In addition, when the encryption method of the public key certificate of the email address “address1 @ domainA” to be registered is the RSA method, it is permitted in both of the permitted encryption methods 103 and 112. Public key certificates are permitted to be registered.

  Next, in step S20, whether the key length condition of the public key certificate to be registered is first permitted by the permission key length condition 113 of the registration permission condition data 110, and then, the permission of the address book 100 is permitted. It is determined whether the key length condition 104 is permitted. Only when the permitted key length conditions 104 and 113 are permitted, it is determined that the permitted key length conditions are permitted. Here, if there is no setting data in the permitted key length conditions 104 and 113, it means that all key lengths of the public key are permitted.

  Here, if the key length of the public key certificate of the email address “address1 @ domainA” to be registered is 1024 bits, it is permitted as 1024 bits or less in the permission key length condition 113 of the registration permission condition data 110. However, since only 512 bits are permitted in the permitted key length condition 104 for the mail address “address1 @ domainA” in the address book 100, registration of a public key certificate with a public key key length of 1024 bits is not permitted. become.

  In addition, when the key length of the public key of the public key certificate of the email address “address1 @ domainA” to be registered is 512 bits, it is permitted in both the permitted key length conditions 104 and 113. Registration of a public key certificate having a public key length of 512 bits is permitted.

  If it is determined that all steps from step S18 to step S20 are permitted, the process proceeds to step S21.

  In step S21, it is determined whether the free space in the address book 100 is equal to or less than a predetermined value. If the free space is less than or equal to the predetermined value, the process proceeds to step S26 without registering the public key certificate. If the free space is larger than the predetermined value, the process proceeds to step S22, and the public key certificate is registered in the address book 100 in association with the mail address of the subject of the public key certificate.

  If it is determined in any of the steps from Step S18 to Step S20 that it is not permitted, the process proceeds to Step S24, and the received mail is printed.

  In step S23, a notification to the effect that the public key certificate has been registered is transmitted by e-mail to the administrator's e-mail address registered in the e-mail device 10. The notification content includes the e-mail address where the public key certificate is registered, the certificate authority name of the public key certificate, the certificate number, the public key encryption method, the key length of the public key, and the like.

  In step S24, it is determined whether there is a body (text data) or attached image data as content to be printed on the received e-mail. If there is content to be printed, the process proceeds to step S25, where the printer unit 16 prints out the body (text data) or attached image data. On the other hand, if there is no content to be printed, the process proceeds to step S26, and the revocation check of all public key certificates registered in the address book 100 and the address book 100 when the public key certificate has been revoked. Delete from.

  With this step, if there is a public key certificate that has expired and expired in the address book 100, the public key certificate is deleted.

  Thus, the e-mail receiving process of the e-mail device 10 is completed.

  Next, when the electronic mail apparatus 10 according to the second embodiment of the present invention acquires a public key certificate corresponding to a destination registered in the address book 100 from the external public key server 23 and automatically registers it. The processing will be described with reference to the flowcharts of FIGS. In the following description, reference numerals not shown in FIGS. 7 and 8 refer to FIG. 1 unless otherwise specified.

  The automatic registration of the public key certificate from the external public key server 23 to the address book 100 of the electronic mail apparatus 10 is performed when the administrator instructs the automatic display from the operation display unit 17 or the administrator displays the operation display unit 17. This is done when the time of automatic registration set from is reached. The time for automatic registration can be set at a predetermined date and time (for example, 10:00 on August 01, 2000) or at a time interval (for example, every 12 hours).

  First, in step S30, it is determined whether or not the time of the timer 20 has reached the automatic registration time set by the administrator. If it is the set time for automatic registration, the process proceeds to step S32, where all the mail addresses registered in the address book 100 are checked, and the automatic registration process starts. If it is not the automatic registration set time, it is determined in step S31 whether or not a public key self-registration instruction has been instructed from the operation display unit 17. If the public key self-registration instruction has not been given, the process returns to step S30, and a standby loop is made until the automatic registration set time is reached or until the automatic registration instruction is detected.

  In steps S32 to S42, processing is performed for all the 1st to Nth mail addresses registered in the address book 100. Therefore, when N mail addresses are registered in the address book 100, the processing from step S32 to step S42 is performed N times.

  In step S32, it is checked whether a public key certificate has been registered for the mail address registered in the address book 100. If the public key certificate has already been registered, the process advances to step S33 to check whether the public key certificate registered in the address book 100 has expired due to expiration of the validity period.

  In step S34, it is determined whether or not it has expired based on the inspection result in step S33. If the public key certificate has expired, the process proceeds to step S35, and the process for acquiring a valid new public key certificate from the public key server 23 is entered.

  If the public key certificate has not expired, it is not necessary to acquire the public key certificate from the public key server 23 for the mail address. Until the process is completed, the process returns to step S32 to process the next mail address.

  Next, in step S35, a public key certificate is obtained from the public key server 23. Acquisition of a public key certificate from the public key server 23 is performed using a protocol such as LDAP (Lightweight Directory Access Protocol) or HTTP (Hyper Text Transfer Protocol).

  In step S36, the validity of the public key certificate acquired in step S35 is verified. The verification of the validity of the public key certificate here is performed by verifying the electronic signature of the certifier of the public key certificate and checking the validity period.

  In step S37, it is determined whether the acquired public key certificate is valid based on the validity check result in step S36. If it is valid, the process proceeds to step S38, and a check of permission for automatic registration of the public key certificate is started. If it is not valid, the process returns to step S32 until processing of all mail addresses in the address book 100 is completed, and processing of the next mail address is performed.

  In step S38, the issuer (certificate authority) of the public key certificate to be registered is first permitted by the permitted certificate authority 111 of the registration permission condition data 110, and then the permission authentication of the address book 100 is performed. It is determined whether the station 102 is permitted. Only when all the permitted certificate authorities 111102 are permitted, it is determined that they are permitted. If there is no setting data in the permitted certificate authority 111102, it means that all the authenticators are permitted.

  Here, if the certificate authority (CA # 2) of the public key certificate of the e-mail address “address1 @ domainA” to be registered is CA # as the certificate authority in the permitted certificate authority 111 of the registration permission condition data 110 1 and CA # 2 are permitted, but only CA # 1 is permitted and CA # 2 is not permitted as the permitted certificate authority 102 for the mail address “address1 @ domainA” in the address book 100. The public key certificate of # 2) will not be registered.

  Next, in step S39, the issuer (certificate authority) of the public key certificate to be registered is first permitted by the permitted encryption method 112 of the registration permission condition data 110, and then, the address book 100 It is determined whether the permitted encryption method 112 is permitted. Only when it is permitted in all of the permitted encryption schemes 112 and 103, it is determined that it is permitted. Here, if there is no setting data in the permitted encryption schemes 103 and 112, it means that all encryption schemes are permitted.

  Here, when the encryption method of the public key certificate of the email address “address1 @ domainA” to be registered is the DH (Diffie Hellman) method, the encryption method is used as the encryption method in the permission encryption method 112 of the registration permission condition data 110. RSA and DH are permitted, but only RSA is permitted and DH is not permitted as the permitted encryption method 103 for the mail address “address1 @ domainA” in the address book 100, so the public key certificate of the encryption method DH is registered. It will not be allowed.

  In addition, when the encryption method of the public key certificate of the email address “address1 @ domainA” to be registered is the RSA method, it is permitted in both of the permitted encryption methods 103 and 112. Public key certificates are permitted to be registered.

  Next, in step S40, whether the key length condition of the public key certificate to be registered is first permitted by the permission key length condition 113 of the registration permission condition data 110, and then, the permission of the address book 100 is permitted. It is determined whether the key length condition 104 is permitted. Only when the permitted key length conditions 104 and 113 are permitted, it is determined that the permitted key length conditions are permitted. Here, if there is no setting data in the permitted key length conditions 104 and 113, it means that all key lengths of the public key are permitted.

  Here, if the key length of the public key certificate of the email address “address1 @ domainA” to be registered is 1024 bits, it is permitted as 1024 bits or less in the permission key length condition 113 of the registration permission condition data 110. However, since only 512 bits are permitted in the permitted key length condition 104 for the mail address “address1 @ domainA” in the address book 100, registration of a public key certificate with a public key key length of 1024 bits is not permitted. become. In addition, when the key length of the public key of the public key certificate of the email address “address1 @ domainA” to be registered is 512 bits, it is permitted in both the permitted key length conditions 104 and 113. Registration of a public key certificate having a public key length of 512 bits is permitted.

  If it is determined that it is permitted in all steps from step S38 to step S40, the process proceeds to step S41, and the public key certificate is registered in the address book 100 in association with the mail address.

  If it is determined in any of the steps from step S38 to step S40 that it is not permitted, the process proceeds to step S43 and the next mail address is processed.

  In step S42, a notification to the effect that the public key certificate has been registered is sent by e-mail to the administrator's e-mail address registered in the e-mail device 10. The notification content includes the e-mail address where the public key certificate is registered, the certificate authority name of the public key certificate, the certificate number, the public key encryption method, the key length of the public key, and the like.

  In step S43, it is determined whether or not processing has been performed for all the mail addresses registered in the address book 100. If there is a mail address that has not been processed yet, the process returns to step S32 to return to the next mail. Start processing for the address. If processing for all mail addresses is completed, the process returns to step S30.

It is a figure which shows schematic structure and network structure of the electronic mail apparatus in embodiment of this invention. It is a figure which shows the data structure of the address book of the electronic mail apparatus in embodiment of this invention. It is a figure which shows the data structure of the automatic registration permission condition data of the electronic mail apparatus in embodiment of this invention. It is a figure which shows the data structure of the automatic registration permission domain data of the electronic mail apparatus in embodiment of this invention. It is an operation | movement flowchart of the automatic setting of the permission encryption system and permission key length condition of an electronic mail apparatus in embodiment of this invention. It is the operation | movement flowchart (the 1) of the process at the time of receiving the electronic mail of the electronic mail apparatus in the 1st Embodiment of this invention. It is the operation | movement flowchart (the 2) of the process at the time of receiving the electronic mail of the electronic mail apparatus in the 1st Embodiment of this invention. It is an operation | movement flowchart (the 1) of the process which automatically registers the public key certificate from the public key server of the electronic mail apparatus to the address book in the 2nd Embodiment of this invention. It is an operation | movement flowchart (the 2) of the process which automatically registers the public key certificate from the public key server of the electronic mail apparatus to the address book in the 2nd Embodiment of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10,22 ... E-mail apparatus, 11 ... CPU, 12 ... Address data bus, 13 ... ROM (read-only memory), 14 ... RAM (random access memory), 15 ... Hard disk, 16 ... Printer part, 17 ... Operation display unit, 18 ... Scanner, 19 ... Network interface, 20 ... Timer, 23 ... Public key server

Claims (14)

In an email device that encrypts and sends an email using the public key of the destination,
Address public key storage means for storing a mail address and a public key as a destination of the e-mail;
A mail receiving means for receiving an e-mail with a public key attached;
Public key verification means for verifying the validity of the public key attached to the email received by the mail reception means;
Domain registration means for registering domain information that permits or prohibits registration of the public key in the address public key storage means among the domain information of the mail address corresponding to the public key attached to the e-mail;
Domain determination means for determining whether or not the domain of the mail address corresponding to the public key attached to the e-mail is registered in the domain registration means;
When it is determined by the public key verification means that the public key is valid, and when the domain determination means determines that the domain of the mail address corresponding to the public key is registered in the domain registration means A public key registration unit that registers the public key in the address public key storage unit in association with the mail address according to the permission or prohibition attribute of the domain information registered in the domain registration unit. E-mail device featuring. The electronic mail apparatus according to claim 1, further comprising a revocation determination unit that determines revocation of a public key stored in the address public key storage unit,
The public key registering means is configured so that even if the public key attached to the e-mail received by the mail receiving means is already registered in the address public key storage means in correspondence with the mail address, the revocation determining means If it is determined that the public key registered in association with the address has expired, the public key attached to the e-mail is registered in the address public key storage means in association with the e-mail address. E-mail device featuring. The electronic mail apparatus according to claim 1, further comprising: a revocation determination unit that determines revocation of a public key stored in the address public key storage unit;
An electronic mail apparatus comprising: a public key deleting unit that deletes the public key determined to be revoked by the revocation determining unit from the address public key storage unit. 4. The electronic mail apparatus according to claim 3, further comprising a deletion notification means for notifying an administrator when the public key deletion means deletes a public key from the address public key storage means. E-mail device. 5. The electronic mail apparatus according to claim 1, further comprising a certifier setting unit that sets a public key certifier that permits registration of a public key in the address public key storage unit. ,
The electronic mail apparatus, wherein the public key registration unit registers a public key in the address public key storage unit only when a public key authenticator is set in the certifier setting unit. The electronic mail apparatus according to any one of claims 1 to 4, further comprising an address authenticator setting means for setting a public key authenticator that permits registration of a public key for each mail address,
The public key registration means registers the public key in the address public key storage means only when the public key authenticator is set by the address authenticator setting means for the public key mail address. E-mail device characterized by. 5. The electronic mail apparatus according to claim 1, further comprising an encryption method setting unit that sets an encryption method of a public key that permits registration of a public key in the address public key storage unit. ,
The electronic device according to claim 1, wherein the public key registration unit registers a public key in the address public key storage unit only when a public key encryption method is set by the encryption method setting unit. 8. The electronic mail apparatus according to claim 7, further comprising: an encryption method automatic setting unit that acquires a public key encryption method that can be processed by the device, and that automatically sets the encryption method in the encryption method setting unit. E-mail device to do. The electronic mail apparatus according to any one of claims 1 to 4, further comprising an address encryption method setting means for setting a public key encryption method that permits registration of a public key for each mail address,
The public key registration means registers the public key in the address public key storage means only when the public key encryption method is set by the address encryption method setting means for the mail address of the public key. E-mail device featuring. 5. The electronic mail apparatus according to claim 1, further comprising: a key length for setting a public key key permitting registration of a public key in the address public key storage unit and a comparison determination condition. Having setting means,
The public key registration unit compares the key length of the public key with the key length set by the key length setting unit, and only when the comparison determination condition set by the key length setting unit is satisfied. An e-mail apparatus, wherein a key is registered in the address public key storage means. 11. The electronic mail apparatus according to claim 10, further comprising a key length automatic setting means for acquiring a maximum key length of a public key that can be processed by the apparatus and automatically setting the maximum key length in the key length setting means. E-mail device featuring. 5. The electronic mail apparatus according to claim 1, further comprising: an address key length setting unit that sets a public key key length that permits registration of a public key for each mail address and a comparison determination condition. Have
The public key registration means is set by the address key length setting means by comparing the key length of the public key to be registered with the key length set by the address key length setting means for the mail address of the public key. An electronic mail apparatus, wherein a public key is registered in the address public key storage means only when the comparison determination condition is satisfied. 13. The electronic mail apparatus according to claim 1, wherein when the public key registration unit registers a public key in the address public key storage unit, a notification to that effect is sent to the administrator. An e-mail device comprising registration notifying means. 14. The electronic mail device according to claim 1, wherein the public key registration unit stops public key registration when a free capacity of the address public key storage unit becomes a predetermined value or less. An electronic mail device characterized by:

Images