JP2010198379A - Electronic mail distribution system and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique for evaluating electronic mail (e-mail) transmission safety, which can quickly and simply confirm transmission of e-mail and can be applied regardless of the kind of a communication protocol between a mailer and a mail server. <P>SOLUTION: An e-mail evaluation processing server arranged behind the mail server includes: a means for receiving the e-mail sent from a client apparatus through the mail server and storing the received e-mail in a transmission mail information storage part; a means for analyzing and evaluating safety for transmitting the e-mail and storing evaluated result information in the transmission mail information storage part; a means for reading the evaluated result information from the sending mail information storage part and transmitting the read evaluated result information to the client apparatus without passing through the mail server; and a means for receiving information input from the client apparatus as response information to the evaluated result information, and when the input information is information indicating a transmission instruction, reading the e-mail from the transmission mail information storage part and transmitting the read e-mail according to the transmission instruction. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention prevents erroneous transmission of an email due to an erroneous operation or erroneous setting by the sender of the email, and further allows the sender of the email to determine whether or not secure transmission is ensured for the email. The present invention relates to a technique that enables easy confirmation.

  As the use of e-mail becomes widespread, e-mail is used as an information exchange means in various businesses, and cases in which important confidential information is exchanged by e-mail via a network are increasing. On the other hand, the leakage of important confidential information due to inadvertent mistakes such as eavesdropping and falsification of e-mail on the communication path, erroneous setting of the transmission destination by the operator, and incorrect specification of the attached file is increasing.

  As a conventional technique for solving the above problem, there is a technique described in Patent Document 1, for example. In the technique described in Patent Document 1, the mail server inquires of a person (approver) designated in advance according to the sender of the e-mail about whether or not the e-mail received from the terminal device can be transmitted. An e-mail is sent when e-mail transmission is approved. The approver confirms, approves, etc., the e-mail requested for approval by accessing a predetermined Web site having a Web mail function.

  Moreover, there exists a technique described in Non-Patent Document 1 as a conventional technique. Even in the technique described in Non-Patent Document 1, a sender of an e-mail accesses a predetermined Web site and confirms an e-mail whose transmission is suspended, sends a transmission instruction, and the like.

  Furthermore, there is a technique described in Patent Document 2 as a conventional technique. In the technique described in Patent Document 2, a secure proxy is provided between the mailer and the mail server, and the secure proxy acquires the email transmitted from the mailer, and the destination of the email, the content of the email, and the safety during transmission. It analyzes and evaluates the characteristics, etc., outputs the evaluation result to a terminal on which the mailer is mounted, and determines whether or not transmission is possible based on a response from the terminal.

JP 2007-65787 A JP 2007-87327 A Search February 5, 2009, Internet, URL: http://www.necsoft.com/soft/guardian/wall/

  However, the techniques described in Patent Document 1 and Non-Patent Document 1 are based on the premise that an operation related to a transmission instruction or the like is performed on a Web browser, and an e-mail sender or the like can send an e-mail transmitted from a mailer. It is necessary to start a web browser and newly access a predetermined website. The need for such an operation is inconvenient for the sender using the mailer. Furthermore, in the techniques described in Patent Document 1 and Non-Patent Document 1, a notification that a transmitted electronic mail is being held is distributed by electronic mail from the mail server, which increases the load on the mail server. There is also.

  The technique described in Patent Document 2 assumes that communication between the mailer and the mail server is performed by the standard mail transfer protocol SMTP (Simple Mail Transfer Protocol). If the communication is performed using a protocol other than SMTP, the secure proxy communication program needs to be modified. If the modification is not possible, the secure proxy cannot be used.

  The present invention has been made in view of the above-described problems of the prior art, such as improper transmission of an e-mail such as an error in setting a destination e-mail address, forgetting to attach a file, attaching an incorrect file, etc. In the technology for preventing eavesdropping of e-mails, it is possible to allow the sender to quickly and easily confirm the presence / absence of the error and to specify whether or not to send the mail requested to be sent from the mailer, It is an object of the present invention to provide a technology that can be applied using an existing mailer and mail server as they are, regardless of the type of communication protocol between the mailer and the mail server.

  In order to solve the above-described problems, the present invention provides an e-mail delivery system in which a client device, a mail server, and an e-mail evaluation processing server are connected to a communication network, and the e-mail evaluation processing server includes: Means for receiving an e-mail sent from the client device and passing through the mail server, storing the e-mail in a transmission mail information storage unit, and sending the e-mail stored in the transmission mail information storage unit Means for storing and evaluating evaluation result information in the transmission mail information storage unit, and analyzing the evaluation result information as the transmission mail. Means for reading from the information storage unit and transmitting to the client device without going through a mail server; When the information input as response information to the evaluation result information is received from the remote device and the information is information indicating a transmission instruction, the electronic mail is read from the transmission mail information storage unit according to the transmission instruction. The client device receives the evaluation result information from the e-mail evaluation processing server, and displays a dialog screen representing the evaluation result information on a display unit; and the evaluation Means for transmitting information input on the dialog screen as response information to the result information to the e-mail evaluation processing server, and is configured as an e-mail delivery system.

  The present invention is a program for causing a computer to function as the e-mail evaluation processing server in an e-mail distribution system configured by connecting a client device, a mail server, and an e-mail evaluation processing server to a communication network. A receiving means for storing an e-mail sent from the client device and received via the mail server in a transmission mail information storage unit, and a computer storing the electronic mail stored in the transmission mail information storage unit. Analyzing and evaluating the safety of transmission based on information stored in advance in the computer, and analyzing and evaluating by the evaluation and evaluation means for storing the evaluation result information in the transmission mail information storage unit, and the analysis and evaluation means Emails stored in the outgoing mail information storage unit. Notification means for notifying the client device without going through a mail server, evaluation result information sending means for reading the evaluation result information from the transmission mail information storage unit and sending it to the client device without going through a mail server, the client When the information input as response information to the evaluation result information is received from the apparatus, and the information is information indicating a transmission instruction, the electronic mail is read from the transmission mail information storage unit according to the transmission instruction. It can also be configured as a program for functioning as an e-mail transmitting means for transmitting.

  Furthermore, the present invention is a program for causing a computer to function as the client device in an electronic mail distribution system configured by connecting a client device, a mail server, and an electronic mail evaluation processing server to a communication network. E-mail transmitted from the computer and received by the e-mail evaluation processing server via the mail server is analyzed and evaluated by the e-mail evaluation processing server, and stored in the e-mail evaluation processing server. Notification receiving means for receiving a notification indicating that the notification is received, receiving the evaluation result information of the email corresponding to the notification from the email evaluation processing server, and displaying a dialog screen representing the evaluation result information on the display unit Evaluation result information reception display means for performing the evaluation The information entered in the dialog screen as response information to the result information can also be configured as a program for functioning as a response information transmitting means for transmitting to the electronic mail rating process server.

  In the technology according to the present invention, an e-mail evaluation processing server (secure proxy server) is arranged on the side where a mail server sends an e-mail received from a client device to another mail server using a standard mail protocol, and the e-mail evaluation processing server Analyzes and evaluates the email received from the mail server and sends notification indicating that the email is on hold and evaluation result information to the client device without going through the mail server. A dialog screen representing the information is displayed, and the e-mail evaluation processing server transmits or discards the e-mail according to an instruction from the client device.

  According to the technology according to the present invention, the load on the mail server does not increase as in the conventional technology in which the notification of the pending electronic mail is performed by electronic mail. In addition, according to the technology according to the present invention, unlike the prior art, it does not require a troublesome operation such as starting up a web browser on a client device and accessing a web site for confirmation of a pending email, and can be performed quickly and quickly. It is possible to easily check a pending email.

  Further, according to the present invention, it is possible to construct a network environment in which e-mail is safely transmitted by performing e-mail safety analysis / evaluation regardless of the type of communication protocol between the mailer and the mail server. Furthermore, it is possible to realize a function for preventing erroneous transmission of electronic mail without modifying existing mailers and mail servers.

It is a schematic block diagram of the electronic mail delivery system in embodiment of this invention. 3 is a functional configuration diagram of a secure proxy server 3. FIG. 2 is a functional configuration diagram of a client terminal 1. FIG. It is a sequence chart which shows operation | movement of the electronic mail delivery system which concerns on embodiment of this invention. 4 is a diagram illustrating an example of a structure of information stored in a transmission mail information storage unit 32. FIG. It is a figure which shows an example of the transmission confirmation screen displayed on the client terminal. It is a sequence chart which shows operation | movement of the electronic mail delivery system which concerns on embodiment of this invention. It is an example of the list screen of a pending | holding email. It is a figure which shows the example of the evaluation item of a transmission mail. It is the figure which showed an example of the content of each table stored in the risk evaluation information storage means 333. It is a figure which shows the example of the mail risk evaluation procedure in the risk analysis evaluation part. It is the figure which showed an example of the mail risk evaluation rule.

  Embodiments of the present invention will be described below with reference to the drawings.

(System overview)
FIG. 1 is a diagram showing a schematic configuration of an electronic mail distribution system according to an embodiment of the present invention. As shown in FIG. 1, the e-mail delivery system in the present embodiment includes a client terminal 1 on which a mailer used by a user for sending and receiving e-mails, a mail server 2, and a secure proxy server 3 are provided. Take the configuration.

  In the configuration shown in FIG. 1, the e-mail protocol between the mailer and the mail server 2 may be SMTP or a manufacturer-specific protocol. The e-mail erroneous transmission prevention technique using the secure proxy server 3 according to the present invention is applicable regardless of the e-mail protocol between the mailer and the mail server 2. The outline of the operation of the system shown in FIG. 1 is as follows.

  An e-mail is sent from the mailer to the mail server 2 (step 1), and the e-mail is sent from the mail server 2 to the secure proxy server 3 (step 2). Is evaluated (step 3).

  In the security evaluation of the outgoing message, the destination of the email sent from the mailer, the email body, the attached file, etc. are analyzed, and the evaluation result information is generated from the analysis result and the information stored and held in the secure proxy server 3 Then, the evaluation result information is notified to the client terminal 1 (step 4) and displayed (step 5). In the client terminal 1, the operator confirms the display contents for each individual transmission destination, and when the transmission permission / inhibition and the transmission form (encrypted transmission, flat transmission) are input, the contents are notified to the secure proxy server 3. (Step 6).

  As a result of the evaluation, for example, an e-mail that is determined to be encrypted and transmitted is encrypted in the secure proxy server 3 with respect to a transmission message such as a subject, a body text, and an attached file (step 7). The encrypted electronic mail is distributed to the external network 4 (step 8). When the secure proxy server 3 receives an electronic mail encrypted by another secure proxy server from the external network 4, the electronic mail is decrypted and transmitted to the mail server 2. Then, an electronic mail is transmitted to the client terminal 1 according to an electronic mail protocol between the mailer and the mail server 2. The public key or the like used for encryption / decryption processing may be stored in the secure proxy server 3, but may be stored in a key management server that can be accessed via a network and obtained from there.

  In the present embodiment, it is assumed that the outside of the secure proxy server 3 is connected to a public network such as the Internet through a firewall or the like, and that the client terminal 1, the mail server 2, and the secure proxy server 3 are connected to a private network. Assumed. In the present embodiment, the mail server 2 does not encrypt the transmission message, and is encrypted when an e-mail is sent from the secure proxy server 3 to the external network 4. / The administrator of the organization can monitor the mail contents. That is, by providing the secure proxy server 3 outside the mail server 2, it is possible to audit emails in the internal network while preventing eavesdropping of emails in the external network 4.

(System configuration)
Next, functional configurations of the client terminal 1 and the secure proxy server 3 will be described in detail.

  First, the functional configuration of the secure proxy server 3 will be described with reference to FIG. As shown in FIG. 2, the secure proxy server 3 includes a mail transmission / reception unit 31 for performing transmission / reception of electronic mail between the mail server 2 and the mail server of the external network 4, stores transmission mail, and security evaluation result information regarding transmission mail The transmission mail information storage unit 32 that stores the email, the risk analysis evaluation unit 33 that analyzes the email received from the mail server 2 and evaluates the security risk, etc., notifies the client terminal 1 of the security evaluation result of the email. , A transmission control unit 34 for receiving a transmission instruction or the like from the client terminal 1 and an encryption processing unit 35 for performing encryption / decryption processing of e-mail, and these units are configured to be able to communicate with each other as necessary. .

  The mail transmission / reception unit 31 is a functional unit for performing transmission / reception of electronic mail according to SMTP with the mail server 2 and the mail server of the external network 4. The mail transmission / reception unit 31 also has a function of storing the electronic mail received from the mail server 2 in the transmission mail information storage unit 32. Hereinafter, a case where an e-mail is transmitted from the mailer related to the present invention to the external network 4 will be described, and a case where an e-mail is received from the outside will be omitted.

  The risk analysis evaluation unit 33 includes mail analysis means 331, risk evaluation means 332, and risk evaluation information storage means 333. The mail analysis unit 331 analyzes the transmission destination, the body, and the transmission method (encryption possibility) of the transmission mail from the header information of the email stored in the transmission mail information storage unit 333, the content of the body, and the attached file. Do. Further, based on the result analyzed by the mail analysis unit 331 and the information stored in the risk evaluation information storage unit 333 by the risk evaluation unit 332, the risk level in terms of security of sending the email is determined. The evaluation result information is stored in the transmission mail information storage unit 32 in association with the evaluation target electronic mail.

  The transmission control unit 34 notifies the client terminal 1 that an e-mail is stored in the transmission mail information storage unit 32, and sends information such as the risk evaluation result stored in the transmission mail information storage unit 32 to the client An e-mail information notifying unit 341 for notifying the terminal 1 and a transmission instruction receiving unit 342 for receiving an e-mail transmission instruction from the client terminal 1 are provided.

  The cipher processing unit 35 includes a mail encryption / decryption unit 351 for encrypting / decrypting an e-mail body, and a mail signature / signature verification unit for applying an electronic signature and determining whether the signature is valid. 352.

  Next, the functional configuration of the client terminal 1 will be described with reference to FIG. As illustrated in FIG. 3, the client terminal 1 includes a mailer 11, a transmission confirmation control unit 12, and an operation / display unit 13. The mailer 11 is a general e-mail application for creating and sending / receiving e-mails. The operation / display unit 13 includes information input means such as a keyboard and a display, and information output means.

  The transmission confirmation control unit 12 includes an e-mail information acquisition unit 121, a screen creation / display unit 122, and a transmission availability information notification unit 123.

  The e-mail information acquisition unit 121 has a function of receiving notification information and evaluation result information transmitted from the transmission control unit 34 of the secure proxy server 3. Further, the e-mail information acquisition unit 121 transmits a hold e-mail information acquisition request to the secure proxy server 3 at a fixed period, and when there is hold e-mail information corresponding to the request, the e-mail information acquisition means 121 A function of receiving from the transmission control unit 34 of the server 3 may be provided. Further, the e-mail information acquisition unit 121 requests and acquires more detailed information such as an e-mail evaluation result from the transmission control unit 34 of the secure proxy server 3 based on the operation information from the information input unit. Have

  The screen creation / display unit 122 has a function of creating screen information using information received from the transmission control unit 34 of the secure proxy server 3 and displaying the screen information on the display of the client terminal 1. The transmission availability information notifying unit 123 has a function of transmitting information such as a transmission instruction to the transmission control unit 34 of the secure proxy server 3 based on the operation of the client terminal 1 by the user.

  The hardware configurations of the secure proxy server 3 and the client terminal 1 are the same as those of a general computer including a CPU, a memory, a hard disk, a communication processing device, and the like. In each computer, the secure proxy server 3 and the client terminal 1 are realized by executing a program corresponding to the above-described function.

  That is, the program installed in the secure proxy server 3 is a receiving means for sending an e-mail sent from the client terminal 1 via the computer and received via the mail server 2 to the sending mail information storage unit 32, sending mail. Analysis and evaluation means for analyzing and evaluating the safety of transmitting the e-mail stored in the information storage unit 32 based on information stored in advance in the computer, and storing the evaluation result information in the transmission mail information storage unit 32; Notifying means for notifying the client terminal 1 via the mail server 2 that the e-mail analyzed and evaluated by the analyzing / evaluating means is stored in the transmitted mail information storage unit 32; An evaluation result read from the information storage unit 32 and transmitted to the client terminal 1 without going through the mail server 2 Information transmission means, which receives information inputted as response information to the evaluation result information from the client terminal 1 and, when the information is information indicating a transmission instruction, sends an e-mail according to the transmission instruction, a transmission mail information storage unit This is a program for functioning as an e-mail transmission unit that reads out from 32 and transmits to an external network.

Note that the evaluation result information transmitting means refers to the transmitted mail information storage unit 32 in response to an inquiry from the client terminal 1 to obtain a list of emails whose transmission is suspended, and stores the list as a client terminal. 1 and after receiving an evaluation result information transmission instruction regarding a specific electronic mail from the client terminal 1, it also has a function of transmitting the evaluation result information of the electronic mail to the client terminal 1.
In addition, the program of the client terminal 1 is a computer that transmits an electronic mail that is transmitted from the computer and received by the secure proxy server 3 via the mail server 2, and is analyzed and evaluated by the secure proxy server 3. A notification receiving means for receiving a notification indicating that the notification is stored in 3, receiving the evaluation result information of the e-mail corresponding to the notification from the secure proxy server 3, and displaying a dialog screen representing the evaluation result information on the display unit This is a program for functioning as an evaluation result information reception display means to be displayed on the screen, and a response information transmission means for transmitting information inputted on the dialog screen as response information to the evaluation result information to the secure proxy server 3.

  Each functional unit in the secure proxy server 3 shown in FIG. 2 may be provided in one computer, or a plurality of mail transmission / reception units 31 and risk analysis evaluation units 33 may be provided on different computers. It is good also as providing in the computer of.

(System operation)
Next, the operation of the e-mail delivery system according to the present embodiment will be described with reference to the sequence chart shown in FIG. In the sequence chart shown in FIG. 4, a sequence between main components is shown for easy understanding. In the following processing, communication between the transmission confirmation control unit 12 of the client terminal 1 and the transmission control unit 34 of the secure proxy server 3 is performed using a communication method capable of notifying an information quickly such as UDP instead of e-mail. Used.

  When the user of the client terminal 1 creates a plain text mail using the mailer 11 and performs a transmission operation on the mailer 11, an email is sent from the mailer 11 to the secure proxy server 3 via the mail server 2 (Step 11, 12). In the secure proxy server 3, the mail transmitting / receiving unit 31 receives the electronic mail and stores it in the transmitted mail information storage unit 32 (step 13). When e-mail is accumulated, it is accumulated including header information so that the IP address of the client terminal 1 of the transmission source can be acquired.

  Subsequently, the risk analysis / evaluation unit 33 analyzes the transmission destination address of the email stored in the transmission mail information storage means 32, the presence / absence of an attached file, the content of the text, etc., and stores the analysis result and the risk evaluation information in advance. From the information held in the means 333, the risk of sending the electronic mail is evaluated (step 14). A specific evaluation method will be described later.

  As a result of the evaluation, when it is determined that the e-mail can be sent without requiring confirmation by the sender, the risk analysis evaluation unit 33 notifies the mail transmission / reception unit 31 to that effect, and the mail transmission / reception unit 31. Extracts the e-mail from the transmission mail information storage unit 32 and transfers the e-mail to the external network 4.

  In this example, it is assumed that the electronic mail is determined to require the sender's confirmation. In this case, the risk analysis evaluation unit 33 stores the evaluation result information in the transmission mail information storage unit 32 in association with the corresponding electronic mail (step 15). Since such processing is performed for a plurality of electronic mails of a plurality of users, information as shown in FIG. The information of “e-mail” shown in FIG. 5 includes the content of the transmitted e-mail (destination e-mail address, subject, text, etc.), the IP address of the source client terminal, the management ID in the mail server, etc. The management information of the e-mail exchanged between the mail servers is also included.

  Subsequently, the risk analysis / evaluation unit 33 sends notification information to the transmission control unit 34 to notify that the evaluated e-mail is stored in the transmission mail information storage unit 32 (step 16). This notification information includes the destination information (IP address, etc.) of the client terminal 1 and the e-mail identification information (e.g., the mail address of the client terminal 1) acquired from the header of the email. Then, the transmission control unit 34 transmits the notification information to the transmission confirmation control unit 12 of the client terminal 1 without using the mail server 2 (step 17). The transmission confirmation control unit 12 can acquire e-mail evaluation result information from the secure proxy server 3 based on the reception of the notification information.

  For example, as shown in FIG. 4, when the notification information is received, the transmission confirmation control unit 12 automatically sends an evaluation result request including the e-mail identification information from the transmission confirmation control unit 12 to the secure proxy server 3. The e-mail information notifying unit 341 of the transmission control unit 34 that has transmitted the control result to the control unit 34 (step 18) and has received the evaluation result request uses the identification information to send evaluation result information corresponding to the pending e-mail. The information is acquired from the information storage unit 32 and transmitted to the transmission confirmation control unit 12 of the client terminal 1 (steps 19 to 21).

  Instead of automatically transmitting an evaluation result request as described above, when the transmission confirmation control unit 12 receives the notification information, the icon of the program corresponding to the transmission confirmation control unit 12 blinks on the display. When the user performs an operation such as clicking a blinking part, the transmission confirmation control unit 12 may transmit an evaluation result request to the transmission control unit 34 of the secure proxy server 3.

  Further, instead of performing the processing related to the evaluation result request, the evaluation result information may be transmitted from the transmission control unit 34 to the transmission confirmation control unit 12 instead of the notification information in steps 16 and 17.

  In the transmission confirmation control unit 12 that has received the evaluation result information, the screen creation / display unit 122 creates and displays, for example, a transmission confirmation screen (error transmission prevention dialog screen) shown in FIG. 6 using the evaluation result information.

  The screen shown in FIG. 6 is based on the assumption that the client terminal 1 allows the user to input transmission permission / inhibition. In this example, when the evaluation result is presented to the user, “transmission cancellation” and evaluation for each sender are performed. Only the result confirmation check box can be input, and confirmation is omitted so that a transmission instruction is not made. Further, the transmission confirmation control unit 12 determines that transmission confirmation has been performed for each of the broadcast mail addresses, and after the determination, the encryption mode (encrypted transmission, plain transmission, transmission that can be encrypted) is performed for the target mail. The display is updated so that only the destination is encrypted and others can be selected (for example, flat transmission), and the user proceeds to a transmission execution instruction or a cancel operation which is the next process.

  Here, it is assumed that the user checks the mail address and selects encrypted transmission (step 22 in FIG. 4). Then, the transmission permission information notifying unit 123 in the transmission confirmation control unit 12 transmits the instruction information (including e-mail identification information) corresponding to the instruction content to the transmission control unit 34 of the secure proxy server 3 (step 23).

  When the transmission instruction receiving unit 342 of the transmission control unit 34 receives the instruction information, the transmission instruction receiving unit 342 instructs the mail transmitting / receiving unit 31 to encrypt and transmit the corresponding e-mail (step 23). Upon receipt of the instruction, the mail transmission / reception unit 31 acquires the target electronic mail from the transmission mail information storage unit 32, encrypts the mail body, attached file, etc. using the encryption processing unit 35, and encrypts the electronic mail Is transferred to the external network 4 (steps 25 and 26).

  Further, the transmission control unit 34 updates information related to the transmission result such as transmission history information in the risk evaluation information storage unit 333 and deletes the transmitted e-mail information from the transmission mail information storage unit 32 (step 27). .

  If transmission stop is selected in step 22, instruction information indicating this is notified from the transmission confirmation control unit 12 to the transmission control unit 34, and the transmission control unit 34 transfers an e-mail based on the instruction information. Without deleting the electronic mail, the electronic mail is deleted from the transmission mail information storage unit 32. In this case, the secure proxy server 3 may transmit an e-mail notifying that the e-mail has been discarded based on an instruction from the sender to the client terminal 1 via the mail server 2. Alternatively, the secure proxy server 3 may notify the mail server 2 that a communication error has occurred regarding the discarded electronic mail. In this case, the mail server 2 notifies the client terminal 1 of information indicating that there is an error in the e-mail transmission and the e-mail transmission is not sent to the destination. With these processes, the user can confirm that the e-mail instructed to stop transmission has not been transmitted to the destination.

  In addition to the operation described with reference to FIG. 4, in addition to the operation described with reference to FIG. 4, the transmission confirmation control unit 12 of the client terminal 1 performs the pending mail in preparation for the case where the client terminal 1 cannot receive the notification information that notifies that the pending mail exists An operation may be performed to inquire the secure server 3 at regular intervals as to whether there is any. FIG. 7 shows a sequence example in this case. In FIG. 7, the same reference numerals (steps 11 to 15 and steps 22 to 27) are given to the same processes as those in the sequence shown in FIG. 4, which are as described with reference to FIG. 4. Omitted.

  In step 31 of FIG. 7, the transmission confirmation control unit 12 of the client terminal 1 uses the e-mail information acquisition unit 121 to send a request for acquisition of pending e-mail information to the transmission control unit 34 of the secure proxy server 3 at a certain period. Send it out. This acquisition request includes e-mail identification information for identifying an e-mail originating from the client terminal 1.

  The transmission control unit 34 that has received the hold email information acquisition request searches the send mail information storage unit 32 based on the email identification information (step 32), and if there is a corresponding hold email, sends information to that effect to the client terminal. 1 is returned to the transmission confirmation control unit 12 using UDP or the like without using the mail server 2 (step 33).

  In the transmission confirmation control unit 12 that has received the information indicating that there is a pending email in step 33, the screen creation / display unit 122 displays on the display of the client terminal 1 the presence of the pending email (step 33). 34). This display is performed, for example, by blinking an icon on the screen.

  Thereafter, when the user of the client terminal 1 clicks the icon (step 35), a request for pending email list information (including email identification information) is sent from the transmission confirmation control unit 121 to the transmission control unit 34 of the secure proxy server 3. (Step 36), a list of the corresponding pending emails is acquired from the transmission mail information storage unit 32 (steps 37 and 38), and transmitted to the transmission confirmation control unit 12 of the client terminal 1 (step 39). Then, a list screen of pending emails as shown in FIG. 8, for example, is displayed on the client terminal 1 (step 40).

  Here, when the user selects (clicks) an e-mail for which he / she wants to make a transmission from the list (step 41 in FIG. 7), an evaluation result request including identification information for identifying the e-mail is transmitted and confirmed. The data is transmitted from the control unit 12 to the transmission control unit 34 of the secure proxy server 3 (step 42). The e-mail information notifying unit 341 of the transmission control unit 34 that has received the evaluation result request acquires the evaluation result information corresponding to the pending e-mail selected by the user from the transmission mail information storage unit 32 by using the identification information. The data is transmitted to the transmission confirmation control unit 12 of the client terminal 1 (steps 43, 44, 45). Subsequent processing is the same as the processing described with reference to FIG.

  In the above example, the presence / absence display of the pending email is displayed, and the list is acquired and displayed when the list is requested. However, without displaying the presence / absence of the pending email (steps 34 to 39), step 32 is performed. 33, the list may be transmitted to the transmission confirmation control unit 12, and the client terminal 1 may perform display and selection processing (steps 40 to 40). Further, in the case where the presence / absence display of pending emails (steps 34 to 39) is not performed as described above, when the number of pending emails is only one, the evaluation result information is transmitted in steps 32 and 33. 12 and the client terminal 1 may perform display and transmission instruction processing (from step 22).

  Thus, even when the notification information of the pending email sent from the secure proxy server 3 cannot be received by inquiring the presence / absence of the pending email from the client terminal 1 to the secure proxy server 3 at a certain period, The client terminal 1 can confirm whether there is an electronic mail that is securely held.

(Example of evaluation process)
Next, a specific example of the sent mail evaluation process executed by the risk analysis evaluation unit 33 in the secure proxy server 3 will be described.

  FIG. 9 shows an example of an evaluation item for outgoing mail in this example. Here, there are three viewpoints: destination, mail content (subject, body, attached file), and safety during transmission. The outline of evaluation from each viewpoint is as follows.

  About "destination", it is completely new by checking the existence of transmission history and domain name classification (internal / external, customer, community for development consideration, associations participating as external activities, unregistered, etc.) It is possible to detect a destination and thereby detect a typo in an email address. In addition, by displaying the domain name hierarchy classification, it is possible to detect a selection error in the address book such as the same address (abc@xy.com and abc@jk.com) in different domains. From the viewpoint of the destination shown in FIG. 9, the “combination of destinations that have been sent before” refers to between different communities (A system development project for company X and B system development project for company Y, intellectual property-related In general, there should be no mail distribution in activities and software development environment study activities, etc., and it is usually not mixed as the same mail destination. “Number of destinations” is sent when the number of destinations is very large (for example, when sending a seminar invitation email to a customer), it is preferable to hide the destinations from the viewpoint of protecting personal information. Can call attention.

  As for “mail contents”, users must register specific keywords (“HR”, “confidential”, etc.) in advance, and pay attention to the destination of transmission, transmission format (encryption), whether attached files are acceptable, etc. This is a reminder to the sender. The keywords to be registered are classified according to the purpose of confirmation (confidentiality, type of email (guidance, request / inquiry, etc.)) and email content (office communication, development review, etc.), and the evaluation results for multiple categories are registered. It can also be output. Also, by checking the combination of the content of the body text and the presence / absence of the attached file with the secure proxy server 3, it is possible to prevent the attachment of the file from being leaked before the e-mail is transmitted to the transmission partner. With regard to “security during transmission”, whether or not encryption is possible is determined by whether or not the other party's public key can be acquired.

  Evaluation result of the safety of sending an email with a combination of the evaluation results regarding the security during transmission (encryption is possible), the content of the email body (high confidentiality), and the destination (inside, outside, etc.) It is stored as information and used as information to be notified to the client terminal 1. Thereby, the sender can easily evaluate the safety of mail transmission from each viewpoint without omission. Hereinafter, an example of the procedure for e-mail risk evaluation will be described.

  Since the risk analysis / evaluation unit 33 evaluates the risk based on the information stored in the risk evaluation information storage unit 333, the information stored in the risk evaluation information storage unit 333 will be described first.

  FIG. 10 shows an example of the contents of each table stored in the risk evaluation information accumulating means 333. In the transmitted address table shown in FIG. 10A, the transmitted address and the most recent transmission date and time are recorded. Each time an e-mail having a mail address that has never been designated as a transmission destination is transmitted in the secure proxy server 3, the mail address is added together with the most recent transmission date and time. When an e-mail having a mail address that has been transmitted before is transmitted, the latest transmission date and time of the mail address is updated.

  In the trusted domain table shown in FIG. 10A, domain names registered as domain names that can be trusted by the user are recorded together with the registration date and time. In the keyword table shown in (c) of FIG. 10, keywords registered for evaluating the risk of outgoing mail from the user are recorded together with the registration date and time. In the encryption key table shown in FIG. 10D, the encryption key (the public key of the transmission partner, etc.), the mail address of the user who disclosed the encryption key, and the registration date and time are recorded in association with each other. ing.

  Next, the processing procedure of the mail risk level evaluation in the risk level analysis evaluation unit 32 will be described with reference to the flowchart of FIG. Note that the order of processing does not have to be as shown in FIG.

  First, the mail information analysis means 331 obtains the header information, the mail text, and the attached file of the e-mail to be evaluated from the transmission mail information storage unit 32. From the header information, the transmission destination address and domain name necessary for the evaluation are obtained. Get mail titles, etc.

  Subsequently, the risk level evaluation unit 332 determines whether all transmission destination addresses analyzed by the mail information analysis unit 331 exist in the transmitted address table (FIG. 10A) of the risk level evaluation information storage unit 333. And a point related to “transmission history presence / absence” is calculated (step 41).

  Next, the mail risk evaluation means 332 determines whether all domain names analyzed by the mail information analysis means 331 exist in the trust domain table (FIG. 10 (a)) stored in the risk evaluation information storage means 333. Confirm whether or not, and calculate a point related to the "trusted domain" (step 42).

  Next, the mail risk evaluation means 332 has all the transmission destination addresses analyzed by the mail information analysis means 331 in the encryption key table (FIG. 10D) stored in the risk evaluation information storage means 333. Whether or not to do so is confirmed, and a point related to “encryption availability” is calculated (step 43). It should be noted that the risk evaluation information storage means 333 is not provided with an encryption key table, and is sent from the public key server accessible by the secure proxy server 3 via the network to the transmission partner (destination mail address or a user corresponding to the address). “Encryption propriety” may be determined based on whether or not the corresponding public key can be acquired.

  Next, the mail risk evaluation means 332 is registered in the keyword table (FIG. 10 (c)) stored in the risk evaluation information storage means 333 in the title and body of the mail acquired by the mail information analysis means 331. It is confirmed whether or not a keyword is included, and a point related to “keyword presence / absence” is calculated (step 44).

  Then, the mail risk evaluation means 332 calculates a point regarding “attached file presence / absence” depending on whether or not the mail information analyzing means 331 has acquired the attached file (step 45).

  Finally, the mail risk evaluation means 332 multiplies the above points calculated for each evaluation viewpoint by the weight set in advance by the user for each evaluation viewpoint, and then sums those points to calculate the error of the mail. A comprehensive evaluation value relating to the transmission risk is calculated (step 46).

  FIG. 12 shows an example of the mail risk evaluation rule. These rules are set in advance by the user and stored in the secure proxy server 3. (A) of FIG. 12 sets points and weights for each evaluation viewpoint and records them as a table. For example, regarding the evaluation viewpoint of “transmission history presence / absence”, if there is a transmission history for all destination addresses, it is 0 points, and if there is even one address without transmission history, it is 1 point. Means that a weight of 1 is applied to this point. (A) in FIG. 12 is a table showing evaluation criteria for the risk of erroneous mail transmission by the comprehensive evaluation value, and when the sum of the weighted values for each point of evaluation is 0 point or 1 point, In the example, “safety” is evaluated as “caution” when the score is 2 to 4, and “warning” when the score is 5 to 7.

  Next, how the information that is the basis of the screen image shown in FIG. 8 is generated according to the above evaluation method will be described.

  In the example shown in FIG. 8, “ccmail@yellow.kick.gr.jp”, “tsuchiya@yellow.kick.gr.jp”, and “taura@yellow.kick.gr.jp” are sent in the sent e-mail. This is a screen that is displayed when the destination is specified.

  First, the mail risk evaluation means 332 checks whether or not these transmission destination addresses are stored in the transmitted address table shown in FIG. Since the transmission destination address is not stored in the transmitted address table, one point relating to “transmission history presence / absence” is calculated according to the rule shown in FIG.

  Next, the mail risk evaluation means 332 checks whether the domain names of these destination addresses are stored in the trust domain table shown in FIG. Since the domain name of the destination address is “yellow.kick.gr.jp” and is not registered as a trusted domain, according to the rule shown in FIG. Calculated as a point.

  Next, the mail risk evaluation means 332 checks whether or not these transmission destination addresses exist in the encryption key table shown in FIG. Since any of the transmission destination addresses is registered in the encryption key table, it is determined that encryption is possible, and the point relating to “mail encryption propriety” is calculated as 0 according to the rule shown in FIG.

  Then, the mail risk evaluation means 332 checks whether or not the keyword stored in the keyword table shown in FIG. 10C is included in the title and body of the electronic mail. For example, if the text of the e-mail contains the keywords “Personnel”, “Company Limit”, and “Secret”, these are all stored in the keyword table, so the rules shown in FIG. Thus, the point regarding “keyword presence / absence” is calculated as one point.

  Finally, the mail risk evaluation means 332 confirms whether or not an attached file exists in the electronic mail, and calculates a point related to “existence of attached file”. For example, if there is no attached file in the mail, the number of “attached file presence / absence” is 0 according to the rule shown in FIG.

  When the points in each of the above evaluation viewpoints are multiplied by the weights defined in (a) of FIG. 12 to calculate the total sum, the total evaluation value of the mail is (1 point × 1) + (1 point × 2) + (0 points) × 2) + (1 point × 1) + (0 point × 1) = 4 points, and the outgoing mail risk level is evaluated as “caution” according to the rule shown in FIG.

  Information obtained as a result of the above check is stored in the transmission mail information storage unit 32 together with the target electronic mail and transmitted to the client terminal 1, and the screen creation / display unit 122 of the transmission confirmation control unit 12 uses the information to display the information. The screen shown in Fig. 8 is created and displayed.

  The above-mentioned evaluation rule is an example, and the evaluation weight for the presence / absence of an attached file is increased to 2 points, or a user who cannot be encrypted and transmitted is included, and a keyword indicating that the text is highly confidential is included. If it is, the evaluation element and its combination result may be weighted, such as “warning” regardless of the evaluation result of other conditions.

  The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.

DESCRIPTION OF SYMBOLS 1 Client terminal 2 Mail server 3 Secure proxy server 4 External network 11 Mailer 12 Transmission confirmation control part 121 E-mail information acquisition means 122 Screen creation and display means 123 Transmission availability information notification means 13 Operation / display part 31 Mail transmission / reception part 32 Transmission mail Information accumulation unit 33 Risk analysis evaluation unit 331 Mail analysis unit 332 Risk evaluation unit 333 Risk evaluation information storage unit 34 Transmission control unit 341 Email information notification unit 342 Transmission instruction reception unit 35 Encryption processing unit 351 Mail encryption / decryption unit 352 Email signature / signature verification means

Claims (5)

An email delivery system configured by connecting a client device, a mail server, and an email evaluation processing server to a communication network,
The e-mail evaluation processing server
Means for receiving an e-mail sent from the client device and via the mail server, and storing the e-mail in a transmission mail information storage unit;
Based on the information stored in advance in the e-mail evaluation processing server, the safety of sending the e-mail stored in the e-mail information storage unit is analyzed and evaluated, and evaluation result information is stored in the e-mail information storage Means for storing in the department;
Means for reading the evaluation result information from the transmission mail information storage unit and transmitting it to the client device without going through a mail server;
When the information input as response information to the evaluation result information is received from the client device, and the information is information indicating a transmission instruction, the electronic mail is transmitted from the transmission mail information storage unit according to the transmission instruction. Means for reading and transmitting,
The client device is
Means for receiving the evaluation result information from the e-mail evaluation processing server and displaying a dialog screen representing the evaluation result information on a display unit;
Means for transmitting information inputted on the dialog screen as response information to the evaluation result information to the e-mail evaluation processing server. A program for causing a computer to function as the e-mail evaluation processing server in an e-mail distribution system configured by connecting a client device, a mail server, and an e-mail evaluation processing server to a communication network, the computer comprising:
Receiving means for storing an e-mail sent from the client device and received via the mail server in a transmission mail information storage unit;
Analyzing and evaluating the safety of transmitting the electronic mail stored in the transmitted mail information storage unit based on information stored in the computer in advance, and storing evaluation result information in the transmitted mail information storage unit Analysis evaluation means,
Notification means for notifying the client device via the mail server that the email analyzed and evaluated by the analysis evaluation means is stored in the transmission mail information storage unit;
An evaluation result information transmitting means for reading the evaluation result information from the transmission mail information storage unit and transmitting the evaluation result information to the client device without going through a mail server;
When the information input as response information to the evaluation result information is received from the client device, and the information is information indicating a transmission instruction, the electronic mail is transmitted from the transmission mail information storage unit according to the transmission instruction. E-mail transmission means to read and send,
Program to function as.   The evaluation result information transmission means refers to the transmission mail information storage unit in response to an inquiry from the client device, acquires a list of emails whose transmission is suspended, and stores the list as the client device. The program according to claim 2, wherein the evaluation result information of the e-mail is transmitted to the client device after receiving an evaluation result information transmission instruction regarding the specific e-mail from the client device. A program for causing a computer to function as the client device in an e-mail distribution system configured by connecting a client device, a mail server, and an e-mail evaluation processing server to a communication network,
An email transmitted from the computer and received by the email evaluation processing server via the mail server is analyzed and evaluated by the email evaluation processing server, and stored in the email evaluation processing server. Notification receiving means for receiving a notification indicating that;
Evaluation result information reception display means for receiving the evaluation result information of the e-mail corresponding to the notification from the e-mail evaluation processing server and displaying a dialog screen representing the evaluation result information on the display unit,
Response information transmitting means for transmitting information input on the dialog screen as response information to the evaluation result information to the e-mail evaluation processing server;
Program to function as.   The program according to claim 4, further causing the computer to function as means for inquiring the electronic mail evaluation processing server whether or not there is an accumulated electronic mail.

Images