JP2016095745A - E-mail inspection device, data processing method thereof and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an e-mail inspection device capable of detecting an e-mail exchange leading to a compliance risk of an email and specifically an illegal act such as bid-rigging or cartel, according to information obtained from the e-mail, so that a company can reduce a compliance risk and improve information governance, and also to provide a data processing method thereof and a program.SOLUTION: An e-mail inspection device includes: a risk value calculation part configured to calculate a risk value of a compliance risk with regard to an e-mail; an intimacy calculation part configured to calculate intimacy of the e-mail; and a screen generation part configured to generate screen data for presenting information on the compliance risk of the e-mail, using the risk value and the intimacy.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an electronic mail inspection device, a data processing method thereof, and a program, and more particularly to an electronic mail inspection device that detects an electronic mail, a data processing method thereof, and a program.

  An apparatus and method for accurately detecting a risk from an e-mail message is described in Patent Document 1. In the apparatus described in this document, the determination is made by taking into account both the first characteristic information of the content of the e-mail and the second characteristic information of the sender or the destination. It is determined by checking whether or not the e-mail has the characteristics to be audited with a condition. Then, based on the determination result, the e-mail message is classified into one of a plurality of categories predetermined for the characteristics to be audited. In addition, for the risks indicated by each category, “immediate inspection”, “warning”, and “no problem” countermeasures are set in order of higher urgency.

  Further, in the system described in Patent Document 2, it is determined whether or not the transmitted mail violates a predetermined rule using web mail, and if it violates, the wording of the violating rule is displayed. In addition, it is possible to prevent the transmission of inappropriate mail that violates the rules and to make the user aware of the rules.

JP 2009-43144 A JP 2010-108327 A

  The determination method described in the above document based on the contents of the mail and the characteristic information of the sender or the recipient may not be able to appropriately detect a mail with a high compliance risk. On the other hand, in order to prevent the detection of high-risk e-mails as much as possible, if the criteria are set loosely, the number of e-mails detected will increase, human verification will be enormous, and high-risk e-mail will be buried there is a possibility.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide an e-mail inspection apparatus and a data processing method for detecting an e-mail compliance risk with high accuracy based on information obtained from e-mail. , And to provide a program.

  Each aspect of the present invention employs the following configurations in order to solve the above-described problems.

The first aspect relates to an electronic mail inspection apparatus.
The email inspection device according to the first aspect is
A risk value calculation means for calculating a risk value of the compliance risk of email,
A closeness calculating means for calculating the closeness of the email;
Screen generating means for generating screen data for presenting information related to the compliance risk of the email using the risk value and the familiarity;
Have

The second aspect relates to a data processing method of an electronic mail inspection apparatus executed by at least one computer.
The data processing method of the electronic mail inspection apparatus according to the second aspect is as follows:
E-mail inspection device
Calculate the intimacy of the email,
Generating screen data that presents information related to the compliance risk of the mail using the risk value and the familiarity.

As another aspect of the present invention, there may be a program for causing at least one computer to execute the method of the second aspect, or a computer-readable recording medium recording such a program. May be. This recording medium includes a non-transitory tangible medium.
The computer program includes computer program code that, when executed by a computer, causes the computer to perform the data processing method on the electronic mail inspection device.

  It should be noted that any combination of the above-described constituent elements and a conversion of the expression of the present invention between a method, an apparatus, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.

  The various components of the present invention do not necessarily have to be independent of each other. A plurality of components are formed as a single member, and a single component is formed of a plurality of members. It may be that a certain component is a part of another component, a part of a certain component overlaps with a part of another component, or the like.

  Moreover, although the several procedure is described in order in the method and computer program of this invention, the order of the description does not limit the order which performs a several procedure. For this reason, when the method and computer program of the present invention are implemented, the order of the plurality of procedures can be changed within a range that does not hinder the contents.

  Furthermore, the plurality of procedures of the method and the computer program of the present invention are not limited to being executed at different timings. For this reason, another procedure may occur during the execution of a certain procedure, or some or all of the execution timing of a certain procedure and the execution timing of another procedure may overlap.

  According to each aspect described above, it is possible to provide a technique for efficiently and accurately detecting a mail compliance risk based on information obtained from an electronic mail.

It is a functional block diagram which shows logically the structure of the electronic mail inspection apparatus which concerns on embodiment of this invention. It is a block diagram which shows the structural example of the computer which implement | achieves the electronic mail inspection apparatus which concerns on embodiment of this invention. It is a flowchart which shows an example of operation | movement of the email inspection apparatus which concerns on embodiment of this invention. It is a figure which shows the example of the screen which the email inspection apparatus which concerns on embodiment of this invention produces | generates. It is a functional block diagram which shows logically the structure of the electronic mail inspection apparatus which concerns on embodiment of this invention. It is a flowchart which shows the example of operation | movement of the email inspection apparatus which concerns on embodiment of this invention. It is a flowchart which shows the example of operation | movement of the email inspection apparatus which concerns on embodiment of this invention. It is a functional block diagram which shows logically the structure of the electronic mail inspection apparatus which concerns on embodiment of this invention. It is a figure which shows the example of the screen which the email inspection apparatus which concerns on embodiment of this invention produces | generates. It is a functional block diagram which shows logically the structure of the electronic mail inspection apparatus which concerns on embodiment of this invention. It is a figure which shows the example of the screen which the email inspection apparatus which concerns on embodiment of this invention produces | generates. It is a functional block diagram which shows logically the structure of the electronic mail inspection apparatus which concerns on embodiment of this invention. It is a figure which shows the example of the screen which the email inspection apparatus which concerns on embodiment of this invention produces | generates. It is a figure which shows the example of the screen which the email inspection apparatus which concerns on embodiment of this invention produces | generates. It is a functional block diagram which shows logically the structure of the electronic mail inspection apparatus which concerns on embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In all the drawings, the same reference numerals are given to the same components, and the description will be omitted as appropriate.

(First embodiment)
An electronic mail inspection apparatus, its data processing method and program according to the first embodiment of the present invention will be described below.
FIG. 1 is a functional block diagram logically showing the configuration of the electronic mail inspection apparatus 100 according to the embodiment of the present invention.
The e-mail inspection apparatus 100 uses a risk value calculation unit 102 that calculates a risk value of an e-mail compliance risk, an intimacy calculation unit 104 that calculates an e-mail intimacy, and e-mail compliance using the risk value and intimacy. And a screen generation unit 106 that generates screen data for presenting information related to risk.

In this specification, “mail” is also called electronic mail or e-mail, and refers to a text message exchanged via a network between computers. The mail includes a body text describing a text message and a mail header. In addition to text messages, files such as image data, document files, and programs can be attached to the mail.
The mail header includes, for example, a subject, transmission source information, destination information (mail address and destination attribute information), reply destination information, mail creation date and time, transmission date and time, and the like.

  In the present invention, the compliance risk means the possibility of violating laws, ordinances, government ordinances, regulations, rules, rules such as matters to be agreed, in-house morals, etc. within the company. Email compliance risk refers to the possibility that the email leads to such violations.

  There are various degrees of email that lead to compliance violations. Employees with low legal knowledge may easily use compliance risk expressions when composing emails. Of course, there is a case where an e-mail is created as a communication means for intentionally performing an illegal act while knowing that the violation is a compliance violation. The possibility of compliance violations gradually escalating due to a gradual decline in compliance awareness. The e-mail inspection device of the present invention is particularly suitable for detecting and preventing mail exchanges that lead to illegal activities such as rigging and cartels that violate antitrust laws based on relationships with other companies in the same industry. Is done.

  The risk value calculation unit 102 analyzes the email and calculates a risk value indicating how much a keyword or expression that may be a compliance risk is used in the text or subject. In the present embodiment, the risk value is a numerical value of 0 to 1, and the higher the numerical value, the higher the risk, but the present invention is not limited to this. It can also be expressed as a percentage or as a gradual rank (high, medium, low, etc.). The risk value is calculated for each mail. Moreover, it may be calculated for each mail transmission / reception timing, may be calculated at a predetermined timing based on information accumulated every predetermined period, or a combination thereof. For the risk value calculation method by the risk value calculation unit 102, a prior art or a known technique disclosed in the literature cited in the prior art literature may be used.

  The familiarity calculation unit 104 calculates the familiarity of mail. The mail intimacy means at least one of the degree of familiarity represented by the mail itself and the degree of familiarity of the mail sender / receiver pair.

  For example, the intimacy level of an email is indicated by a numerical value, a percentage, or a stepped rank, etc. depending on whether the content of the email itself or the way of exchanging email is related. . For this reason, the mail intimacy may be calculated for each mail, may be calculated for each mail sender / receiver pair, or a combination thereof. Moreover, it may be calculated for each mail transmission / reception timing, may be calculated at a predetermined timing based on information accumulated every predetermined period, or a combination thereof.

  The mail transmission / reception pair is a pair of a mail sender (sender) and a receiver (destination person), and is treated as the same pair even if the sender and the receiver are interchanged. The mail has a single source (From :) address, and there are one or more destination addresses in a plurality of destination types (TO :, CC :, BCC :). Regardless, it may be a subset of the plurality of destination addresses rather than an exact match of the plurality of destination addresses.

  For example, when a pair of senders and receivers is A and B (A and B indicate mail addresses. The same applies to C and D hereinafter), the sender (From :) and the destination (TO :) are A and B. The destination (TO :) includes C and D in addition to A and B, or another destination type (CC :, etc.) and C in addition to A and B. And D are included, and these examples are all treated as A and B transmission / reception pairs. However, when C and D are included, not only the pair of A and B but also A and C, A and D, B and C, B and D, and C and D are treated as a pair.

  The calculated familiarity is stored in a mail information storage unit (not shown) for each mail. The mail information storage unit can be, for example, at least one of the memory 64 in FIG. 2, the storage 66, and a storage device (not shown) accessible by the computer 60 in FIG. 2. The email information storage unit may also include the email risk value calculated by the risk value calculation unit 102.

  The screen generation unit 106 generates screen data that presents information related to the compliance risk of mail using the risk value and the familiarity. In the present embodiment, the screen displayed based on the generated screen data only needs to present some information related to the compliance risk of mail, and does not limit the specific display content or display form. For example, an email list screen showing the risk value and intimacy for each email, an email list screen that extracts only emails that have a risk value or intimacy greater than or equal to a specified value, and sort emails in descending order of risk value or intimacy Includes a mail list screen. A mail having a risk value or intimacy greater than or equal to a predetermined value may be specified, and a mark indicating that the compliance risk is high may be given to the corresponding mail in the mail list, or may be highlighted.

  The electronic mail inspection apparatus 100 can be realized by a server computer, a workstation, a personal computer, or a device corresponding to them. The electronic mail inspection apparatus 100 is connected to a storage device in which mail or information related to the mail is stored, and inspects each mail. The electronic mail inspection apparatus 100 may be incorporated in the mail server as one function of the mail server.

FIG. 2 is a block diagram illustrating a configuration example of a computer 60 that implements the electronic mail inspection apparatus 100.
The computer 60 includes a CPU (Central Processing Unit) 62, a memory 64, a program 80 that implements the components shown in FIG. 1 loaded in the memory 64, a storage 66 such as a hard disk that stores the program 80, an I / O (Input / Input). Output) 68 and a network connection interface (communication I / F (InterFace) 70). The CPU 62, the memory 64, the storage 66, the I / O 68, and the communication I / F 70 are connected to each other via the bus 69. The CPU 62 controls the entire electronic mail inspection apparatus 100 together with the elements of the electronic mail inspection apparatus 100 of FIG. Is done. The computer 60 may be connected to an input device 72 such as a keyboard and a mouse, a display device 74 such as a display, and an output device (not shown) such as a printer.
In addition, in each figure, it has abbreviate | omitted about the structure of the part which is not related to the essence of this invention, and is not showing in figure.

  Each component of the electronic mail inspection apparatus 100 of this embodiment of FIG. 1 is implement | achieved by arbitrary combinations of the hardware and software of the computer 60 of FIG. It will be understood by those skilled in the art that there are various modifications to the implementation method and apparatus. The functional block diagram showing the electronic mail inspection apparatus of each embodiment described below shows a block of logical functional units, not a configuration of hardware units.

  The CPU 62 of the computer 60 in FIG. 2 reads out the program 80 stored in the storage 66 to the memory 64 and executes it, thereby realizing each function of each unit in FIG. Further, the electronic mail inspection apparatus 100 may be realized by a plurality of computers 60 sharing the processing.

  The computer program according to the present embodiment uses a procedure for calculating a risk value of email compliance risk, a procedure for calculating email intimacy, a risk value, and an intimacy in a computer 60 for realizing the email inspection apparatus 100. And a procedure for generating screen data for presenting information related to the compliance risk of e-mail.

  The computer program 80 of the present embodiment may be recorded on a recording medium that can be read by the computer 60. The recording medium is not particularly limited, and various forms can be considered. The program 80 may be loaded from the recording medium into the memory 64 of the computer 60, or downloaded to the computer 60 through the network 3 and loaded into the memory 64.

  The recording medium for recording the computer program 80 includes a medium that can be used by a non-transitory tangible computer 60, and a program code that can be read by the computer 60 is embedded in the medium. When the computer program 80 is executed on the computer 60, the computer 60 is caused to execute the following data processing method for realizing the electronic mail inspection apparatus 100.

A data processing method of the electronic mail inspection apparatus 100 of the present embodiment configured as described above will be described below.
FIG. 3 is a flowchart showing an example of the operation of the e-mail inspection apparatus 100 of the present embodiment.
The data processing method according to the embodiment of the present invention is a data processing method of the electronic mail inspection apparatus 100, and is a data processing method executed by the computer 60 that implements the electronic mail inspection apparatus 100.
In the data processing method of this embodiment, the e-mail inspection apparatus 100 calculates the risk value of the compliance risk of mail (step S101), calculates the closeness of mail (step S103), and uses the risk value and closeness. Generating screen data for presenting information related to the compliance risk of the email (step S105).

More specifically, first, the risk value calculation unit 102 calculates the risk value of the email compliance risk (step S101).
Then, the familiarity calculation unit 104 calculates the familiarity of the mail (step S103).
Then, the screen generation unit 106 generates screen data that presents information related to the compliance risk of the mail using the risk value calculated in step S101 and the familiarity calculated in step S103 (step S105).

  Each step can be executed asynchronously, and the order of steps S101 and S103 may be reversed. Further, step S101 and step S103 may be performed by batch processing or the like when the computer load is low.

  The e-mail inspection apparatus 100 also has a user interface function such as a menu for displaying a screen for presenting various information related to compliance risk, and operation buttons and icons for receiving user operations. With this function, the e-mail inspection apparatus 100 accepts a user operation requesting presentation of various types of information related to compliance risk, generates screen data that presents information according to the accepted operation, and displays the screen on the display device 74. Can be presented to the user.

  The processing timing of the screen data generation step S105 may be the screen data generated and stored at the timing when the risk value and the intimacy necessary for screen data generation are calculated or at a predetermined timing. The screen data may be generated when an information presentation request from is received. A screen may be displayed on the display device 74 based on the screen data. Note that the user interface function is a well-known function regardless of the essence of the present invention, and a detailed description thereof will be omitted.

FIG. 4 is a diagram illustrating an example of a screen generated by the electronic mail inspection apparatus 100 according to the present embodiment.
The screen data generated by the screen generation unit 106 in this embodiment is, for example, the outgoing mail list 110. The transmitted mail list 110 is displayed on the display device 74 of FIG. 2, for example.

  A general mail list includes information such as date and time, subject, and sender. The outgoing mail list 110 of the present embodiment further includes information on the risk value 112 calculated by the risk value calculation unit 102 and the familiarity 114 calculated by the familiarity calculation unit 104. Note that the information (data items) included in the outgoing mail list 110 is an example, and is not limited to these. For example, it may include information on the sender's email address, the recipient's email address, its destination type (TO :, CC :, BCC :), and the classification of the sender and recipient (internal, external, competitors, etc.) .

  Similar to the general list display, the outgoing mail list 110 has a function for sorting data items or a combination of data items by condition, and a function for selecting data items to be displayed or hidden in the list. May be.

  As shown in FIG. 4, the outgoing mail list 110 includes the risk value 112 and the intimacy 114 of each mail as information related to the compliance risk of the mail. Mails with high intimacy 114 can be confirmed in a list.

In addition, when a suspicious mail is found in the list of the outgoing mail list 110, for example, when a corresponding mail in the list is selected, the detailed contents (text and header information) of the mail may be confirmed (viewed).
Further, on the outgoing mail list 110, a column may be provided in which selection of a suspicious mail operated by an administrator is accepted and a mark can be added to the mail or a comment can be entered.

  Also, you can set a predetermined threshold and highlight, color-code, or mark a mail that has a risk value greater than the predetermined threshold and an intimacy greater than the predetermined threshold. And a function capable of being displayed in a distinguishable manner.

As described above, in the electronic mail inspection apparatus 100 of the present embodiment, the risk value calculation unit 102 calculates the risk value of the compliance risk of mail, and the closeness calculation unit 104 calculates the closeness of mail. Then, the screen generation unit 106 generates a screen that presents information related to the compliance risk of the mail using the risk value and the familiarity.
The inventors of the present invention have come up with the idea that emails with high compliance risk can be detected with high accuracy by adopting not only email risk values but also email intimacy. The inventors have found that an email with a high compliance risk is highly likely to be an email showing a high degree of intimacy or an email exchanged between those who are intimate.
According to the electronic mail inspection apparatus 100 of the present embodiment, it is possible to detect a mail compliance risk with high accuracy by calculating the familiarity from an electronic mail and using the familiarity.

In particular, rigging and cartels do not occur alone but with other companies. Also, the chances of rigging and cartel violations are low among those who have recently met, and those who are friends of the former are higher. Therefore, the relationship between the concerned persons becomes important as a factor for detecting rigging and cartel violation.
Therefore, the e-mail inspection apparatus 100 of the present embodiment can detect the compliance risk more effectively than the conventional method by using the closeness between the persons.

(Second Embodiment)
Next, an electronic mail inspection apparatus and a data processing method thereof according to the second embodiment of the present invention will be described below. Note that the program of the present embodiment causes at least one computer to execute the data processing method of the e-mail inspection apparatus, as in the above-described embodiment, and a detailed description thereof will be omitted.
FIG. 5 is a functional block diagram showing a logical configuration of electronic mail inspection apparatus 200 according to the embodiment of the present invention.
The e-mail inspection apparatus 200 according to the present embodiment is different from the e-mail inspection apparatus 100 according to the above-described embodiment in that the familiarity is calculated using the communication score, the expression score, and the transmission information score.

  The e-mail inspection apparatus 200 of the present embodiment includes a risk value calculation unit 102 and a screen generation unit 106 similar to the e-mail inspection apparatus 100 of the above embodiment, and further includes a first calculation unit 202 and a second calculation unit 202. At least one of the calculation unit 204 and the third calculation unit 206 and a closeness calculation unit 210 are provided.

The first calculation unit 202 calculates a communication score indicating the intimacy of the mail sender / receiver pair using the history information of the mail group exchanged by the mail sender / receiver pair.
The second calculation unit 204 calculates an expression score indicating the intimacy of the mail expression based on word information obtained by language processing for the mail text.
The third calculation unit 206 calculates a transmission information score indicating the intimacy of the mail transmission form based on header information other than the mail text.
The familiarity calculating unit 210 calculates the familiarity of the mail based on at least one of the calculated communication score, expression score, and transmission information score.

Hereinafter, each unit will be described in detail.
The first calculation unit 202 calculates a communication score indicating the intimacy of the mail sender / receiver pair using the history information of the mail group exchanged by the mail sender / receiver pair.
In this embodiment, a communication score shows that it is intimate, so that a numerical value is high.
The first calculation unit 202 creates a pair of senders and receivers from the header information of the mail, and stores the calculated communication score in a score storage unit (not shown) for each pair. The score storage unit can be, for example, at least one of the memory 64, the storage 66 in FIG. 2, and a storage device (not shown) accessible by the computer 60 in FIG. When there are a plurality of mail destinations, each destination and sender are paired, a plurality of pairs are created, and a communication score of each pair is calculated.

The mail group history information is information related to mail exchange between a certain pair of senders and receivers, and means information that can be extracted from log information or meta information obtained when sending or receiving one or more mails. The following information is exemplified as the mail group history information, but is not limited thereto. The history information includes at least one of the following.
(A1) First transmission date and time of mail transmitted / received for the first time between a pair of sender / receiver (a2) Cumulative number of mails transmitted / received between the pair of sender / receiver (a3) Mail received / transmitted between the pair of sender / receiver is received Average TAT (Turn Around Time) taken from reply to reply
If no reply is received after a predetermined time has elapsed, processing such as setting the predetermined time or excluding it from the average value calculation element may be performed.
(A4) Cumulative number of transmission / reception and average TAT of mail transmitted / received between a pair of sender / receiver for a predetermined period, and information on changes in the cumulative number of transmission / reception and average TAT

The first calculation unit 202 calculates a communication score indicating the closeness of a pair of mail senders and receivers using at least one of the above history information. In the present embodiment, the communication score is obtained by adding scores, but is not limited to this. A weighting factor may be added. In the present embodiment, the communication score is calculated for each pair of senders and receivers and stored in the score storage unit. In addition, since values such as the cumulative number of transmissions / receptions and average TAT may be added with the change of the change, past information may be stored in the score storage unit in association with time information.
The timing at which the first calculation unit 202 calculates and updates the score may be every time mail is transmitted / received in the mail server, every predetermined period, or at a predetermined date and time or periodically. May be.

  In the above (a1), the longer the elapsed time from the first transmission date and time, the longer it is and it can be evaluated that the familiarity is relatively high, so the score is added. However, even if the elapsed time from the first transmission date / time is long, if the cumulative number of mail transmission / reception is small, it can be evaluated that the intimacy is relatively low, so the score is not added. In addition, although the elapsed time from the first transmission date / time is short, if the cumulative number of mail transmission / reception is large, it can be evaluated that the familiarity is high, so a score is added.

In the above (a2), it can be evaluated that the greater the cumulative number of transmissions / receptions is, the higher the familiarity is, so the score is added.
In the above (a3), it can be evaluated that the shorter the average TAT is, the higher the intimacy is, and the longer the average TAT is, the lower the intimacy is. Therefore, when the average TAT is shorter than a predetermined value, When TAT is longer than a predetermined value, the score is not added.

  In (a4) above, when the cumulative number of transmissions / receptions and the average TAT for each predetermined period and the cumulative number of transmissions / receptions and the average TAT change rapidly, it can be evaluated that the familiarity has changed. For example, if the cumulative number of transmissions / receptions is increasing, it can be evaluated that the familiarity is high, so the score is added.

The second calculation unit 204 calculates an expression score indicating the intimacy of the mail expression based on word information obtained by language processing for the mail text.
In the present embodiment, the higher the numerical value, the closer the expression score is. In the present embodiment, the expression score is obtained by adding the scores, but is not limited to this. A weighting factor may be added. In the present embodiment, the expression score is calculated for each mail and stored in the score storage unit.
The timing at which the second calculation unit 204 calculates and updates the score may be every time mail is transmitted / received in the mail server, every predetermined period, or at a predetermined date and time or periodically. May be.

  In the present embodiment, the second calculation unit 204 performs well-known natural language processing on the text of the mail text (which may include a subject), analyzes the text into words, and acquires word information. Then, based on the obtained word information, the friendliness of the mail expression is scored using a dictionary prepared in advance.

  In the present invention, in particular, the “friendliness” that may be associated with collusion, cartels, etc. may be specified, and the score addition amount may be larger than the general “friendliness”. As an example, when talking about “movie” by e-mail, it is determined that the relationship is a general close relationship, and the score is added by the first addition amount. When talking about “golf” by e-mail, there is a possibility of entertainment or a secret meeting, which is distinguished from a general close relationship, and the score is added as a second added amount larger than the first added amount.

The second calculation unit 204 performs an analysis exemplified below using a dictionary, determines a relationship such as “familiarity” based on the analysis result, and scores. In addition, the following analysis content is an example and is not limited to these.
(B1) It is determined whether or not a word included in the dictionary is included, and a score associated with the word is added.
(B2) The spoken language and the sentence are discriminated, and further, the style of the colloquial language is discriminated such as the key to be more or less.
(B3) The composition of the sentence is analyzed, and the score is added when the opening greeting is omitted.
(B4) The length of the mail text is measured, and if the mail length is short, the score is added.
(B5) Analyzing the name of the other party, if “san” and “kun” are used as honorific titles, the score is added. Alternatively, if a nickname is used, the score is added.
(B6) Analyzing the topic, and in the case of a private topic other than work, add a score.
(B7) Notation that is often used in close relations such as emoticons and (laughs) is determined, and if these notations are included, the score is added.

In the above (b1), a high score may be set for a word indicating familiarity and, as described above, a high-risk word likely to be associated with collusion or a cartel.
Examples of words and expressions that show friendliness and are at high risk include “examples”, “usual places”, “usual members”, and the like.
Examples of words and expressions that indicate familiarity and moderate risk include “adjustment”, “together”, “cooperation”, “team”, “request”, “golf”, “Ginza”, “secret”, etc. There is.
Examples of words and expressions whose risk is low but whose close relationship is predicted include “movie” and “tennis”.
Further, even if the word is not registered in the dictionary, similar terms may be further discriminated using a thesaurus dictionary or the like, and the score may be added in the same manner as the word registered in the dictionary.

In the above (b2), for example, a spoken phrase such as a key or a broken expression such as “Natatama” is discriminated, and the more the frequency of appearance, the larger the score addition amount.
In the above (b6), “topic” is specified by a combination of a plurality of words, for example, and a score set for the topic is added.
For example, if a topic such as “dining party” is held in “Ginza”, a high score is added. In the case of topics that actually meet or indicate that they are meeting, a high score is added.
In addition, when the subject is a hobby such as “movie” or “tennis”, the score is added. This score may be set lower than the former topic and may be set by changing the score according to the level of “intimacy” determined by the topic.
The word is analyzed and scored in (b1) above, and the topic score is also added.

The third calculation unit 206 calculates a transmission information score indicating the intimacy of the mail transmission form based on header information other than the mail text.
In this embodiment, a transmission information score shows that it is intimacy, so that a numerical value is high. In this embodiment, the transmission information score is obtained by adding scores, but is not limited to this. A weighting factor may be added. In the present embodiment, the transmission information score is calculated for each mail and stored in the score storage unit.
The timing at which the third calculation unit 206 calculates and updates the score may be every time mail is transmitted / received in the mail server, every predetermined period, or at a predetermined date and time or periodically. May be.

The transmission information score setting method of the third calculation unit 206 is exemplified below, but is not limited thereto.
(C1) The number of addresses (broadcast) of the mail is acquired from the mail header information, and the transmission information score is calculated using the reciprocal thereof.
When the reciprocal of the number of destinations is used as the transmission information score, the transmission information score decreases as the number of destinations increases, and the one-to-one exchange score becomes one. In calculating the transmission information score, a predetermined coefficient may be applied to the reciprocal of the number of destinations.
(C2) The mail address of the sender or receiver of the mail or the domain of the mail address is acquired from the header information of the mail, and predetermined destination information is detected. For example, it detects domains and email addresses of other companies in the same industry. The transmission information score calculated when the predetermined destination information is detected is set larger than the transmission information score calculated when the predetermined destination information is not detected.
(C3) From the mail history information, it is usually detected that members exchanged on a predetermined mailing list are sometimes exchanging alone, and a transmission information score calculated when detected is detected, It is larger than the transmission information score calculated when it is not detected.

The familiarity calculating unit 210 is configured to determine the parental degree based on at least one of the communication score, the expression score, and the transmission information score calculated by the first calculating unit 202, the second calculating unit 204, and the third calculating unit 206, respectively. Density. The calculated familiarity is stored together with the risk value in the mail information storage unit for each mail, as in the above embodiment.
When obtaining intimacy based on a plurality of scores, each score is added. Alternatively, the intimacy may be obtained by multiplying each score by a weighting factor and adding it.

  When the intimacy calculation unit 210 calculates intimacy for each mail, the expression score and the transmission information score use the score of the mail, but the communication score may use the score calculated by the mail, The score calculated up to the previous mail may be used.

In addition, when a mail includes a plurality of pairs of senders and receivers, a method for calculating intimacy using a communication score is exemplified below, but is not limited thereto.
(D1) The score of each pair is added to obtain the familiarity of the mail. (D2) A weighting factor is applied according to the destination type (TO :, CC :, BCC :) (for example, TO: is 1, CC: (E.g. 0.5, BCC: 0, etc.) are added to calculate the mail intimacy (d3) Only the score of the recipient / sending / receiving pair whose destination type is TO: is the intimacy of the mail

A data processing method of the electronic mail inspection apparatus 200 of the present embodiment configured as described above will be described below.
6 and 7 are flowcharts showing an example of the operation of the electronic mail inspection apparatus 200 of the present embodiment.
The data processing method according to the embodiment of the present invention is a data processing method of the electronic mail inspection apparatus 200, and is a data processing method executed by the computer 60 that implements the electronic mail inspection apparatus 200.
In the data processing method of the present embodiment, the e-mail inspection apparatus 200 calculates a communication score indicating the closeness of a mail sender / receiver pair using the history information of the mail group exchanged between the mail sender / receiver pair. (Step S201), based on the word information obtained by language processing for the mail body, calculates an expression score indicating the intimacy of the mail expression (Step S211), and based on the header information other than the mail body, A transmission information score indicating the intimacy of the mail transmission form is calculated (step S221), and the mail intimacy is calculated based on at least one of the calculated communication score, expression score, and transmission information score. (Step S230).

  FIG. 6 and FIG. 7 of this embodiment show the detailed procedure of the process of calculating the mail intimacy in step S103 of the flowchart of FIG. 3 of the above embodiment. In the data processing method of the electronic mail inspection apparatus 200 of the present embodiment, other procedures, risk value calculation (step S101), and screen data generation (step S105) are the same as those in the above embodiment.

First, an example of a method of calculating the familiarity using one score among the communication score, the expression score, and the transmission information score will be described with reference to FIG.
In FIG. 6A, first, the first calculation unit 202 creates a pair of senders and receivers from the mail header information using the mail group history information, and calculates a communication score for each pair (step S201). . The calculated communication score is stored in the score storage unit for each pair of sender and receiver.
Then, the closeness calculation unit 210 calculates the closeness of the mail based on the communication score calculated in step S201 (step S203). Here, the communication score of the mail including the pair of senders and receivers of the communication score calculated in step S201 becomes the intimacy of the mail. The calculated familiarity is stored in the mail information storage unit together with the risk value of mail.

  In FIG. 6B, first, the second calculation unit 204 calculates an expression score for each mail (step S211). The calculated expression score is stored in the score storage unit for each mail. Then, the familiarity calculation unit 210 calculates the familiarity of each mail based on the expression score calculated in step S211 (step S213). The calculated familiarity is stored in the mail information storage unit together with the risk value of mail.

  In FIG. 6C, first, the third calculation unit 206 calculates a transmission information score for each mail (step S221). The calculated transmission information score is stored in the score storage unit for each mail. Then, the familiarity calculation unit 210 calculates the familiarity of each mail based on the transmission information score calculated in step S221 (step S223). The calculated familiarity is stored in the mail information storage unit together with the risk value of mail.

  In FIG. 7, first, the first calculation unit 202 calculates communication for each pair of mail senders and receivers (step S201), and stores it in the score storage unit. And the 2nd calculation part 204 calculates an expression score for every mail (step S211), and memorize | stores it in a score memory | storage part. And the 3rd calculation part 206 calculates a transmission information score for every mail (step S221), and memorize | stores it in a score memory | storage part. Then, based on at least one of the communication score calculated in step S201, the expression score calculated in step S211 and the transmission information score calculated in step S221, the familiarity calculating unit 210 determines the parent of the mail. Calculate the density. The calculated familiarity is stored in the mail information storage unit together with the risk value of mail.

For example, the familiarity calculation unit 210 refers to the score storage unit, acquires the communication score of the pair of the sender and the receiver of the email calculated in step S201 from the score storage unit, and calculates the email of the email calculated in step S211. An expression score is acquired from the score storage unit, and the transmission information score of the mail calculated in step S221 is acquired from the score storage unit and added to calculate the mail intimacy (step S230).
As described above, the intimacy may be obtained by multiplying each score by a weighting factor and adding it.

  In FIG. 7, each step can be executed asynchronously. Further, the order of step S201, step S211 and step S213 is not limited to this.

In the e-mail inspection apparatus 200 of the present embodiment, the screen generation unit 106 uses the familiarity calculated in this way and the risk value calculated by the risk value calculation unit 102 described in the above embodiment to display screen data. Is generated. The screen data presents information about the compliance risk of email.
The screen data of this embodiment is the same as the transmitted mail list 110 of the above embodiment. In addition, the variation of the presentation method of the information regarding a compliance risk is later mentioned in the deformation | transformation aspect of this embodiment.

As described above, in the electronic mail inspection apparatus 200 of the present embodiment, the first calculation unit 202 calculates a communication score indicating the closeness of a mail sender / receiver pair for each mail sender / receiver pair, The 2 calculating unit 204 calculates an expression score indicating the intimacy of the mail expression for each mail, and the third calculating unit 206 calculates a transmission information score indicating the intimacy of the mail transmission form for each mail. Then, the familiarity calculation unit 210 calculates the familiarity of the mail based on at least one of the communication score, the expression score, and the transmission information score. According to the present embodiment, since the mail intimacy is calculated in consideration of both the intimacy indicated by the mail itself and the intimacy of the pair of the sender and the receiver of the mail, the mail intimacy is more accurate. Can be calculated.
With this configuration, according to the e-mail inspection apparatus 200 of the present embodiment, it is possible to efficiently and accurately detect e-mail compliance risk based on information obtained from e-mail.

(Modification 1 of 2nd Embodiment)
Next, the modification 1 of 2nd Embodiment is demonstrated.
FIG. 8 is a functional block diagram showing a logical configuration of the electronic mail inspection apparatus 230 according to the embodiment of the present invention.
The electronic mail inspection device 230 of the present embodiment is different from the electronic mail inspection device 200 of the above embodiment in that an evaluation value is calculated from the risk value and the familiarity, and screen data for presenting mail is generated based on the evaluation value. Is different.

  The email inspection device 230 of the present embodiment includes an evaluation value calculation unit 232 in addition to the same configuration as the email inspection device 200 of FIG. Note that the configuration of the e-mail inspection device 230 of the present embodiment may be combined with the configuration of at least one of the e-mail inspection device 200 of FIG. 5, other modified modes described later, and other embodiments.

In the present embodiment, the e-mail inspection device 230 further includes an evaluation value calculation unit 232 that calculates an evaluation value from the risk value and the familiarity regarding mail.
The screen generation unit 106 generates screen data that preferentially presents a mail with a high calculated evaluation value.

FIG. 9 is a diagram illustrating an example of a screen generated by the electronic mail inspection apparatus 230 according to the present embodiment.
The screen data generated by the screen generation unit 106 in the present embodiment is, for example, the outgoing mail list 240. The transmitted mail list 240 is displayed on, for example, the display device 74 in FIG.

  As shown in FIG. 9, the outgoing mail list 240 is the same as the outgoing mail list 110 in the above embodiment in that the risk value 112 and the closeness 114 are included and displayed as information related to compliance risk. In the present embodiment, the evaluation value calculation unit 232 further calculates an evaluation value from the risk value and the familiarity, and a mail with a high calculated evaluation value is preferentially presented in the transmission mail list 240. Different from list 110.

There are various methods for calculating the evaluation value from the risk value and the familiarity. In this embodiment, for example, the evaluation value is calculated by multiplying the risk value and the familiarity by weighting factors k1 and k2, respectively. To do.
Evaluation value = risk value × k1 + intimacy × k2 (1)
Here, k1 + k2 = 1, 0 ≦ k1 ≦ 1, and 0 ≦ k2 ≦ 1.
In another example, there is no association between the coefficient k1 and the coefficient k2, and each coefficient may be set individually.

  In the example of FIG. 9, the mails in the transmitted mail list 240 are sorted in descending order of the calculated evaluation value. Since the mail is sorted based on the calculated evaluation value, for example, the second mail in the outgoing mail list 240 is presented second even though the risk value is higher than the first mail. ing.

  In another example, the screen generation unit 106 may generate screen data to be displayed in a list by extracting e-mails having a calculated evaluation value equal to or greater than a predetermined value. Or you may produce | generate the screen data which extract the mail whose evaluation value is contained in the predetermined range, and display it by a list.

  As shown in FIG. 9, according to the present embodiment, the outgoing mail list 240 includes the risk value 112 and the intimacy 114 of each mail as information relating to the compliance risk of the mail, and is further displayed. Mail with a high evaluation value calculated from the risk value and closeness of each mail is preferentially presented. As a result, not only emails with a high risk value but also emails with a high compliance risk can be preferentially presented with an evaluation value that takes account of intimacy.

(Modification 2 of 2nd Embodiment)
Next, modification 2 of the second embodiment will be described.
FIG. 10 is a functional block diagram showing a logical configuration of the electronic mail inspection apparatus 250 according to the embodiment of the present invention.
The e-mail inspection apparatus 250 of the present embodiment, with the e-mail inspection apparatus 200 of the above-described embodiment, classifies each e-mail into a plurality of e-mail groups using a predetermined threshold of risk value and a predetermined threshold of the familiarity, The difference is that mails are presented in order of priority of the group.

  In addition to the same configuration as the electronic mail inspection apparatus 200 of FIG. 5, the electronic mail inspection apparatus 250 of this embodiment further includes a classification unit 252. Note that the configuration of the electronic mail inspection device 250 of this embodiment is the configuration of at least one of the electronic mail inspection device 200 of FIG. 5, the electronic mail inspection device 230 of FIG. 8, a modification described later, and other embodiments. And may be combined.

The electronic mail inspection apparatus 250 according to the present embodiment further includes a classification unit 252 that classifies each mail into one of a plurality of mail groups using a predetermined threshold for risk values and a predetermined threshold for familiarity.
The screen generation unit 106 generates screen data that preferentially presents a mail group having a risk value higher than a predetermined threshold value of the risk value and having a closeness higher than the predetermined threshold value of the closeness.

FIG. 11 is a diagram illustrating an example of a screen generated by the e-mail inspection apparatus 250 of the present embodiment.
The screen data generated by the screen generation unit 106 in this embodiment is, for example, a mail group diagram 260. The mail group diagram 260 is displayed on the display device 74 of FIG. 2, for example.

  As shown in FIG. 11, the mail group diagram 260 plots the mails belonging to each mail group by plotting the risk value and the familiarity of each mail. In the figure, ○ represents mail. In the example of FIG. 11, mails are classified into four groups (first group 262, second group 264, third group 266, and fourth group 268) based on risk values and intimacy. The group having the highest email compliance risk is the group 262 having a high priority. The first group 262 includes emails having a risk value equal to or higher than a predetermined threshold and a closeness equal to or higher than the predetermined threshold.

  The next group with the highest email compliance risk is the medium priority group 264. The second group 264 includes emails having a risk value equal to or higher than a predetermined threshold and a closeness less than the predetermined threshold.

  Next, the group with the highest email compliance risk is the group 266 with the lower priority. The third group 266 includes emails whose risk value is less than a predetermined threshold and whose familiarity is equal to or higher than the predetermined threshold.

  Finally, the group with the lowest email compliance risk is the group 268 with the lowest priority. The fourth group includes emails having a risk value less than a predetermined threshold and a closeness less than the predetermined threshold.

  In the mail group diagram 260, for example, a period may be specified, and mail sent and received during that period may be illustrated. Alternatively, a plurality of mail group diagrams 260 of a plurality of different periods may be displayed side by side on the screen. With this configuration, changes in the mail group distribution during each period can be seen at a glance. You can also find the period when emails are concentrated in the first group.

  Further, in another example of the present embodiment, screen data of a transmitted mail list similar to that in FIG. 9 may be generated. Mails in the sent mail list may be sorted and presented in order of group priority. Or you may extract the mail of the designated group, such as only the mail of the 1st group with high priority, and may present it as a transmission mail list. Further, the screen data of the mail group diagram 260 may be generated for each department. According to this configuration, it is possible to compare the compliance risk distributions of mails for each department at a glance.

  According to the present embodiment, mails can be classified into groups based on the risk value and familiarity of mails, and the mail distribution can be schematically shown. Then, it is possible to analyze email compliance risk from various viewpoints by generating and comparing screen data of the mail group diagram 260 between a certain period, a certain department, a certain user, or a certain pair of senders and receivers. it can.

(Modification 3 of 2nd Embodiment)
Next, modification 3 of the second embodiment will be described.
FIG. 12 is a functional block diagram showing a logical configuration of electronic mail inspection apparatus 270 according to the embodiment of the present invention.
The e-mail inspection apparatus 270 of the present embodiment, with the e-mail inspection apparatus 200 of the above-described embodiment, classifies each e-mail into a plurality of e-mail groups using a predetermined threshold of risk values and a predetermined threshold of the familiarity, The difference is that mails are presented in order of priority of the group.

  The electronic mail inspection device 270 of this embodiment further includes a specifying unit 272 in addition to the same configuration as the electronic mail inspection device 200 of FIG. The configuration of the e-mail inspection device 270 of this embodiment is the same as that of the e-mail inspection device 200 of FIG. 5, the e-mail inspection device 230 of FIG. 8, the e-mail inspection device 250 of FIG. 10, and other embodiments described later. You may combine with at least any one structure.

The electronic mail inspection apparatus 270 of this embodiment further includes a specifying unit 272 that specifies a user whose statistical value of risk value of a mail group serving as at least one of a sender and a recipient is higher than a predetermined value.
The screen generation unit 106 generates screen data that presents the specified users as a specific user list.

FIG. 13 is a diagram showing an example of a screen generated by the electronic mail inspection apparatus 270 of this embodiment.
The screen data generated by the screen generation unit 106 in this embodiment is, for example, the specific user list 280 in FIG. The specific user list 280 is displayed on, for example, the display device 74 in FIG.
The specifying unit 272 calculates a statistical value (total, average, etc.) of the risk value for each user, and specifies a user whose statistical value is higher than a predetermined value.

  In addition, although the specific | specification part 272 of this embodiment calculated the statistical value of the risk value for every user, you may calculate the statistical value of a closeness for every user in another example. Alternatively, the statistical value of the evaluation value calculated based on the risk value and the familiarity may be calculated for each user.

  The specific user list 280 includes information on users specified by the specifying unit 272. In the example of FIG. 13, the average risk value of each user and the number of emails are presented. Further, by selecting and operating the detailed link 282 of each user, it may be possible to extract and display the mail including the user as a sender or receiver in the transmitted mail list 240 of FIG.

  Further, as shown in FIG. 13B, when a certain user is selected on the specific user list 280, a user in an intimate relationship may be identifiable, such as a highlight display 284.

  In the electronic mail inspection apparatus 270 according to the present embodiment, the specifying unit 272 further specifies a pair of users who are highly intimate regarding mail exchange among the specified users. The screen generation unit 106 generates screen data that displays the identified pair of users in the specific user list in an identifiable manner.

  In the example of the figure, only two users are highlighted 284, but if two or more users are in an intimate relationship, all of those users may be highlighted 284. The highlight display 284 is an example, and may be presented so as to be identifiable by other highlighting methods. For example, background or character color change, blinking, 3D (3-Dimensional) display, or a predetermined mark may be added for display.

In addition, although the specific method of a user with high familiarity regarding the exchange of the mail by the specific | specification part 272 is illustrated below, it is not limited to this.
(E1) Method of calculating from the familiarity of each mail (e2) Method of using communication score as it is

The screen generation unit 106 generates screen data for displaying a list of emails exchanged with the specified user pair.
In FIG. 13, by selecting and operating the detailed link 282 of each user, it may be possible to extract and display the mail including the user as a sender or receiver in the sent mail list 240 of FIG.

FIG. 14 is a diagram showing an example of another screen generated by the electronic mail inspection apparatus 270 of this embodiment.
In the example of FIG. 14, the screen data generated by the screen generation unit 106 is the user network diagram 290. The user network diagram 290 is displayed, for example, on the display device 74 of FIG.

In the present embodiment, the specifying unit 272 further specifies a partner user who has a high degree of closeness with respect to mail exchange regarding the user selected from the specified users.
The screen generation unit 106 displays screen data in which the selected user and the specified partner user are indicated, and the connecting line segment between the user and the partner user indicates the closeness of the user. Is generated.

  In the user network FIG. 290, the user to whom the user E exchanges mail is indicated by a circle. And the line which connects between users is displayed thickly, so that a user's pair with high intimacy regarding mail exchange. In the example of the figure, the familiarity is shown by the thickness of the line connecting the users, but is not limited to this. For example, the closeness may be displayed in a distinguishable manner by a display method such as line color, type (solid line, broken line, etc.), blinking display, and the like.

  According to the present embodiment, it is possible to identify a pair of users who are highly intimate regarding mail exchange and display them on various screens.

(Third embodiment)
Next, an e-mail inspection apparatus according to the third embodiment of the present invention will be described below. Note that the method and program of the present embodiment, as in the above embodiment, cause the data processing method of the electronic mail inspection apparatus and at least one computer to execute the data processing method. The detailed explanation is omitted.

FIG. 15 is a functional block diagram showing a logical configuration of electronic mail inspection apparatus 300 according to the embodiment of the present invention.
The e-mail inspection apparatus 300 of the present embodiment is different from the e-mail inspection apparatus 200 of the above-described embodiment in the communication score calculation method in the first calculation unit.
The configuration of the electronic mail inspection apparatus 300 according to the present embodiment includes the electronic mail inspection apparatus 200 in FIG. 5, the electronic mail inspection apparatus 230 in FIG. 8, the electronic mail inspection apparatus 250 in FIG. 10, and the electronic mail inspection apparatus in FIG. 270 may be combined with at least one of the configurations.

  The electronic mail inspection apparatus 300 of the present embodiment is similar to the electronic mail inspection apparatus 200 of the above embodiment of FIG. 5, the risk value calculation unit 102, the second calculation unit 204, the third calculation unit 206, and the familiarity calculation. Unit 210 and screen generation unit 106, and further includes a first calculation unit 302.

  In the electronic mail inspection apparatus 300 according to the present embodiment, the first calculation unit 302 includes a plurality of expression scores calculated by the second calculation unit 204 for each mail exchanged by a pair of mail senders and receivers, and each mail. Based on the plurality of transmission information scores respectively calculated by the third calculation unit 206 and the history information of each mail, a mail communication score is calculated.

The first calculation unit 202 of the above embodiment calculates a communication score for each pair of mail senders and receivers. In addition, the expression score and the transmission information score calculated by the second calculation unit 204 and the third calculation unit 206 of the above-described embodiment are values for each mail, and do not include past mail score information.
The 1st calculation part 302 of this embodiment calculates the communication score of mail instead of the communication score for every sender / receiver pair. At this time, not only the history information of each mail exchanged by the mail sender / receiver pair but also the second calculator 204 and the third calculator 206 for each mail exchanged by the mail sender / receiver pair. A plurality of expression scores and a plurality of transmission information scores respectively calculated in (1) may be acquired from the score storage unit and added to the communication score. Each score may be subjected to statistical processing (such as averaging), may be added as it is, or each score may be multiplied by a weighting coefficient. Thus, in this embodiment, the past mail expression score and the transmission information score can be reflected in the communication score.

  Further, for each mail exchanged by a pair of mail senders and receivers, a plurality of expression scores and a plurality of transmission information scores respectively calculated by the second calculation unit 204 and the third calculation unit 206 are acquired from the score storage unit, You may detect the transition of the change of the predetermined period of several expression scores and several transmission information scores. Then, the communication score may be made larger than when there is no change when the change is rapid.

  For example, if the expression score of a pair of senders and receivers whose past expression scores were maintained high and close was suddenly low, it was possible to intentionally hide the close relationship and use an unfriendly expression There is sex. According to this configuration, such a case can be reflected in the communication score.

  The familiarity calculation unit 210 may add the mail communication score calculated in this way to the mail expression score and the mail transmission information score to calculate the mail familiarity. Each score may be multiplied by a weighting factor.

In the electronic mail inspection apparatus 300 according to the present embodiment, the first calculation unit 302 includes a plurality of expression scores calculated by the second calculation unit 204 for each mail exchanged by a pair of mail senders and receivers, and each mail. Based on the plurality of transmission information scores respectively calculated by the third calculation unit 206 and the history information of each mail, a mail communication score is calculated.
Thereby, according to this embodiment, while having the same effect as the above-mentioned embodiment, it is possible to further reflect the past expression score of the mail sender / receiver pair and the history information of the transmission information score in the communication score. As a result, it is possible to detect the compliance risk of e-mail more accurately.

  As mentioned above, although embodiment of this invention was described with reference to drawings, these are the illustrations of this invention, Various structures other than the above are also employable.

While the present invention has been described with reference to the embodiments and examples, the present invention is not limited to the above embodiments and examples. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.
In addition, when acquiring and using the information regarding a user in this invention, this shall be done legally.

Hereinafter, examples of the reference form will be added.
1. E-mail inspection device
Calculate the risk value of email compliance risk,
Calculate the intimacy of the email,
Using the risk value and the intimacy, generate screen data that presents information regarding the compliance risk of the email,
Data processing method for e-mail inspection device.
2. The e-mail inspection device is
Calculation of a communication score indicating the intimacy of the mail sender / receiver pair, using history information of the mail group exchanged by the mail sender / receiver pair;
Calculation of an expression score indicating the intimacy of the expression of the mail based on word information obtained by language processing on the body of the mail;
Based on header information other than the body of the mail, calculation of a transmission information score indicating intimacy of the mail transmission form,
Do one of the
Furthermore, the e-mail inspection device includes:
Calculating a closeness of the email based on at least one of the calculated communication score, the expression score, and the transmission information score;
1. A data processing method for the e-mail inspection apparatus according to claim 1.
3. The e-mail inspection device is
Based on a plurality of expression scores calculated for each mail exchanged with each pair of mail senders and receivers, a plurality of transmission information scores calculated for each mail, and history information of each mail, Calculating the communication score of the email;
2. A data processing method for the e-mail inspection apparatus according to claim 1.
4). The e-mail inspection device is
Obtaining the number of recipients from the header information of the mail, and calculating the transmission information score using the reciprocal of the number of recipients;
2. Or 3. A data processing method for the e-mail inspection apparatus according to claim 1.
5. The e-mail inspection device is
Predetermined destination information is detected from the header information of the mail,
The transmission information score calculated when the predetermined destination information is detected is larger than the transmission information score calculated when the predetermined destination information is not detected.
2. To 4. A data processing method for an e-mail inspection apparatus according to any one of the above.
6). The e-mail inspection device is
Classifying each email into any one of a plurality of email groups using a predetermined threshold for the risk value and a predetermined threshold for the intimacy,
Generating screen data that preferentially presents a mail group having a risk value higher than a predetermined threshold value of the risk value and having a closeness higher than the predetermined threshold value of the closeness;
1. To 5. A data processing method for an e-mail inspection apparatus according to any one of the above.
7). The e-mail inspection device is
For the email, an evaluation value is calculated from the risk value and the familiarity,
Generate screen data that preferentially presents emails with high calculated evaluation values,
1. To 6. A data processing method for an e-mail inspection apparatus according to any one of the above.
8). The e-mail inspection device is
Identify users whose statistics of risk value of email group that is at least one of sender and recipient is higher than a predetermined value,
Generating screen data for presenting the identified user as a specific user list;
1. To 7. A data processing method for an e-mail inspection apparatus according to any one of the above.
9. The e-mail inspection device is
Among the identified users, further identify a pair of users who are intimate regarding mail exchange,
In the specific user list, generate screen data that displays the specified pair of users in an identifiable manner,
8). A data processing method for the e-mail inspection apparatus according to claim 1.
10. The e-mail inspection device is
Generating screen data for displaying a list of emails exchanged with the specified pair of users;
8). Or 9. A data processing method for the e-mail inspection apparatus according to claim 1.
11. The e-mail inspection device is
For the selected user among the identified users, further identify a partner user who is intimate regarding the exchange of mail,
Generating screen data in which the selected user and the identified partner user are indicated, and a connecting line segment between the user and the partner user is indicated to indicate a high degree of intimacy;
8). To 10. A data processing method for an e-mail inspection apparatus according to any one of the above.

12 On the computer,
The procedure for calculating the risk value of email compliance risk,
A procedure for calculating the intimacy of the email;
Using the risk value and the intimacy to generate screen data that presents information related to the compliance risk of the email;
A program for running
13. A procedure for calculating a communication score indicating the intimacy of the mail sender / receiver pair using history information of the mail group exchanged by the mail sender / receiver pair;
A procedure for calculating an expression score indicating intimacy of the expression of the mail based on word information obtained by language processing on the body of the mail;
A procedure for calculating a transmission information score indicating intimacy of the transmission form of the mail based on header information other than the body of the mail;
Steps to perform any of the
A procedure for calculating a closeness of the email based on at least one of the calculated communication score, the expression score, and the transmission information score;
For causing the computer to execute 12. The program described in.
14 Based on a plurality of expression scores calculated for each mail exchanged with each pair of mail senders and receivers, a plurality of transmission information scores calculated for each mail, and history information of each mail, A procedure for calculating the communication score of the email;
For causing the computer to execute 13. The program described in.
15. A procedure for obtaining the number of destinations from the header information of the mail and calculating the transmission information score using the reciprocal of the number of destinations.
For causing the computer to execute 13. Or 14. The program described in.
16. A procedure for detecting predetermined destination information from the header information of the mail;
A step of making the transmission information score calculated when the predetermined destination information is detected larger than the transmission information score calculated when the predetermined destination information is not detected;
For causing the computer to execute 13. To 15. The program as described in any one.
17. A procedure for classifying each mail into any one of a plurality of mail groups using the predetermined threshold of the risk value and the predetermined threshold of the familiarity;
A procedure for generating screen data that preferentially presents a mail group having a risk value higher than a predetermined threshold value of the risk value and having a higher closeness value than the predetermined threshold value of the closeness level,
For causing the computer to execute 12. To 16. The program according to any one of the above items.
18. A procedure for calculating an evaluation value from the risk value and the familiarity with respect to the email;
A procedure to generate screen data that preferentially presents emails with a high evaluation value,
For causing the computer to execute 12. To 17. The program as described in any one.
19. A procedure for identifying a user whose statistical value of risk value of a mail group serving as at least one of a sender and a recipient is higher than a predetermined value,
A procedure for generating screen data for presenting the identified user as a specific user list;
For causing the computer to execute 12. To 18. The program as described in any one.
20. A step of further identifying a pair of users who are intimate regarding the exchange of mail among the identified users;
In the specific user list, a procedure for generating screen data for displaying the specified pair of users in an identifiable manner,
19. to make the computer execute The program described in.
21. A procedure for generating screen data for displaying a list of emails exchanged with the specified pair of users,
19. to make the computer execute Or 20. The program described in.
22. A procedure for further specifying a partner user who is intimately related to mail exchange with respect to the selected user among the specified users;
A procedure for generating screen data in which the selected user and the identified partner user are shown and the connecting line segment between the user and the partner user indicates the closeness of the user ,
19. to make the computer execute 21. The program according to any one of 21 to 21.

3 Network 60 Computer 62 CPU
64 Memory 66 Storage 69 Bus 72 Input device 74 Display device 80 Program 100 Email inspection device 102 Risk value calculation unit 104 Intimacy calculation unit 106 Screen generation unit 110 Outgoing mail list 112 Risk value 114 Intimacy 200 Email inspection device 202 1 calculation unit 204 2nd calculation unit 206 3rd calculation unit 210 familiarity calculation unit 230 e-mail inspection device 232 evaluation value calculation unit 240 outgoing mail list 250 e-mail inspection device 252 classification unit 260 mail group FIG. 262 first group 264 first 2 group 266 3rd group 268 4th group 270 Email inspection device 272 Identification unit 280 Specific user list 282 Detailed link 284 Highlight display 290 User network diagram 300 Email inspection device 302 First calculation unit

Claims (13)

A risk value calculation means for calculating a risk value of the compliance risk of email,
A closeness calculating means for calculating the closeness of the email;
Screen generating means for generating screen data for presenting information related to the compliance risk of the email using the risk value and the familiarity;
E-mail inspection device comprising: First calculation means for calculating a communication score indicating the intimacy of the mail sender / receiver pair using history information of the mail group exchanged by the mail sender / receiver pair;
Second calculation means for calculating an expression score indicating intimacy of the expression of the mail based on word information obtained by language processing on the body of the mail;
Third calculation means for calculating a transmission information score indicating intimacy of the transmission form of the mail based on header information other than the body of the mail;
One of the following,
The intimacy calculating means includes
Calculating a closeness of the email based on at least one of the calculated communication score, the expression score, and the transmission information score;
The electronic mail inspection apparatus according to claim 1. The first calculation means includes
A plurality of expression scores respectively calculated by the second calculation means for each mail exchanged by the mail sender / receiver pair, and a plurality of transmission information scores respectively calculated by the third calculation means for each mail. And calculating the communication score of the mail based on the history information of each mail.
The electronic mail inspection apparatus according to claim 2. The third calculation means includes:
Obtaining the number of recipients from the header information of the mail, and calculating the transmission information score using the reciprocal of the number of recipients;
The electronic mail inspection apparatus according to claim 2 or 3. The third calculation means includes:
Predetermined destination information is detected from the header information of the mail,
The transmission information score calculated when the predetermined destination information is detected is larger than the transmission information score calculated when the predetermined destination information is not detected.
The electronic mail inspection apparatus according to any one of claims 2 to 4. Classifying means for classifying each mail into any one of a plurality of mail groups using the predetermined threshold of the risk value and the predetermined threshold of the familiarity, respectively,
The screen generation means includes
Generating screen data that preferentially presents a mail group having a risk value higher than a predetermined threshold value of the risk value and having a closeness higher than the predetermined threshold value of the closeness;
The electronic mail inspection apparatus according to any one of claims 1 to 5. The mail further includes an evaluation value calculating means for calculating an evaluation value from the risk value and the familiarity,
The screen generation means includes
Generate screen data that preferentially presents emails with high calculated evaluation values,
The electronic mail inspection apparatus according to any one of claims 1 to 6. Further comprising a specifying means for specifying a user whose statistical value of a risk value of a mail group serving as at least one of a sender and a recipient is higher than a predetermined value;
The screen generation means includes
Generating screen data for presenting the identified user as a specific user list;
The electronic mail inspection apparatus according to any one of claims 1 to 7. The specifying means is:
Among the identified users, further identify a pair of users who are intimate regarding mail exchange,
The screen generation means includes
In the specific user list, generate screen data that displays the specified pair of users in an identifiable manner,
The electronic mail inspection apparatus according to claim 8. The screen generation means includes
Generating screen data for displaying a list of emails exchanged with the specified pair of users;
The electronic mail inspection apparatus according to claim 8 or 9. The specifying means is:
For the selected user among the identified users, further identify a partner user who is intimate regarding the exchange of mail,
The screen generation means includes
Generating screen data in which the selected user and the identified partner user are indicated, and a connecting line segment between the user and the partner user is indicated to indicate a high degree of intimacy;
The electronic mail inspection apparatus according to claim 8. E-mail inspection device
Calculate the risk value of email compliance risk,
Calculate the intimacy of the email,
Using the risk value and the intimacy, generate screen data that presents information regarding the compliance risk of the email,
Data processing method for e-mail inspection device. On the computer,
The procedure for calculating the risk value of email compliance risk,
A procedure for calculating the intimacy of the email;
Using the risk value and the intimacy to generate screen data that presents information related to the compliance risk of the email;
A program for running

Images