JP3855022B1 - E-mail system, e-mail transmission / reception program, and e-mail system program - Google Patents

Abstract

It is possible to easily and reliably prevent confidential information and personal information from leaking to the outside due to an electronic file attached to an e-mail and without any effort or load on a user or an administrator.
A specifying unit 111 for specifying an electronic file to be attached to an e-mail, an encryption key receiving unit 121 for receiving an encryption key for the specified electronic file from a file access management server, and the received encryption key are used. The client terminal 10 is provided with an encryption unit 155 for encrypting the designated electronic file and an attachment unit 156 for attaching the encrypted electronic file to the e-mail.
[Selection] Figure 2

Description

  The present invention is a technique for preventing leakage of personal information such as confidential information and customer lists to the outside by an electronic file attached to an electronic mail and transmitted / received between information processing apparatuses having a function of transmitting / receiving the electronic mail. About.

  In general, in an information processing apparatus such as a personal computer, a mail function for transmitting and receiving electronic mail is realized by executing mail software (mailer; electronic mail transmission and reception program). With such a mail function, it is possible to send and receive various electronic files attached to an e-mail. Recently, personal information such as a customer list has become a problem. It is desired to reliably prevent information and confidential information from leaking outside.

Therefore, the electronic mail sent by the mail function and the electronic file attached to the electronic mail are monitored, and a keyword search is performed on the content of the electronic mail or the attached file. For example, “confidential”, “confidential”, Records, customer lists, and confidential keywords are prohibited, such as sending emails and attaching files, notifying administrators and recording access logs (monitoring) System solution; for example, see Non-Patent Documents 1 to 3 below).
Published by Canon System Solutions Co., Ltd. Product brochure “E-mail information leakage countermeasure solution“ GUARDIAN WALL Version 5.1 ”” Website information for publishing PDF documents of Non-Patent Document 1 above: Canon System Solutions Co., Ltd., product pamphlet “E-mail information leakage countermeasure solution“ GUARDIAN WALL Version 5.1 ””, [online], [May 31, 2005] Day search], Internet <URL: http://www.canon-sol.co.jp/guardian/dl/data/pamphlet/g_wall.pdf> “Preventing information leakage via e-mail”, [online], CLEARSWIFT website, [Search May 31, 2005], Internet <URL: http://www.clearswift.co.jp/rouei/index. php>

  However, in the information leakage countermeasure (monitoring system solution) by the keyword search as described above, if the keyword search condition setting is strict so as to surely prevent the information leakage, there is a high possibility that an e-mail having no problem will be checked. As a result, it becomes impossible to immediately send e-mails and electronic files, which hinders business operations. Also, at this time, the administrator needs to refer to the email or electronic file to be checked and approve the transmission of the email or electronic file if there is no problem. The burden on the administrator becomes extremely large due to the work.

  In addition, when an electronic file containing personal information or confidential information is taken out with malicious intent, the contents of the electronic file include descriptions such as “confidential”, “confidential”, “minutes”, “customer list”, “confidential” It is unlikely that an e-mail will be attached to an e-mail in a state that includes, and by not including such keywords, e-mails containing personal information and confidential information will be included in e-mail without being caught by keyword searches. It becomes possible to send with attachment. That is, in the information leakage countermeasure by the keyword search as described above, if the keyword search condition setting is known, an electronic file containing personal information and confidential information may be easily taken out via email.

  Therefore, an electronic file attached to an e-mail is separately encrypted using encryption software, and the encrypted electronic file is attached to the e-mail and transmitted (encryption solution). . In this case, only a person who has a decryption key for the encrypted electronic file (a legitimate user) can access the original electronic file by decrypting the encrypted electronic file, which is more reliable than the above-described monitoring solution. Leakage can be prevented.

  However, in the encryption system as described above, it is necessary to encrypt an electronic file to be attached to an e-mail. Each time an electronic file containing personal information or confidential information is attached, the user In the above, you must start encryption software separately from the mail software and encrypt the electronic file, or set the access authority for the encrypted electronic file in detail. There is a problem that it is troublesome and troublesome.

  The present invention has been devised in view of such problems, and confidential information and personal information are externally transmitted by an electronic file attached to and transmitted between e-mails between information processing apparatuses having a function of transmitting and receiving e-mails. The purpose is to be able to prevent leakage easily and surely without any effort or load on the user or administrator.

In order to achieve the above object, an electronic mail system according to the present invention (claim 1) includes a file access management server for managing access to an electronic file, a plurality of client terminals having a mail function for transmitting and receiving electronic mail, A designation unit that includes a plurality of client terminals and a network that connects the file access management servers so that they can communicate with each other, and each client terminal designates an electronic file to be attached to the e-mail; Registered in the file access management server as an access management target of the file access management server, and registered in the file access management server by the registration means Encryption key for the specified electronic file An encryption key receiving means received from the file access management server, an encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means, and encrypted by the encryption means An attachment unit for attaching an electronic file (hereinafter referred to as an encrypted electronic file) to the electronic mail, and the encrypted electronic file when opening the encrypted electronic file attached to the electronic mail received from another client terminal Authentication information transmitting means for transmitting authentication information on the file access management server, decryption key receiving means for receiving a decryption key corresponding to the encrypted electronic file from the file access management server, and the decryption key receiving means A decryption method for decrypting the encrypted electronic file using the received decryption key and restoring the original electronic file And a change request means for making a request to change the access authority for the encrypted electronic file to the file access management server, wherein the file access management server receives authentication information about the encrypted electronic file. Based on the authentication information receiving means received from each client terminal and the authentication information received by the authentication information receiving means, whether the client terminal that sent the authentication information is a valid transmission destination of the encrypted electronic file A destination determination unit for determining whether or not the client terminal has a decryption key for decrypting the encrypted electronic file when the destination determination unit determines that the client terminal is a valid destination A decryption key transmission means for transmitting to the terminal; and the designated electronic file registered by the registration means of the client terminal. The access authority on the receiver side with respect to the encrypted electronic file with respect to the encrypted file is set in advance, managed in association with the sender of the encrypted electronic file, and is a valid transmission destination by the transmission destination determination means An access authority management means for permitting only the access according to an access authority set in advance for the receiver as access to the encrypted electronic file to the client terminal on the receiver side determined to be, and the client terminal A sender determination for determining whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed when the change request is received from the change request means And the sender determination means determine that the change request is made by the sender of the encrypted electronic file. In accordance with the contents of the change request by said setting changing means is configured to include an access authority changing means for changing the settings of the access rights to the encrypted electronic files managed by the access right management means, each client terminal When registering the designated electronic file in the file access management server by the registration means or attaching the encrypted electronic file to the email by the attachment means,
It is characterized by further comprising access authority setting means for setting the access authority on the receiver side for the encoded electronic file in the access authority management means of the file access management server .

At that time, each client terminal is configured to include display control means for displaying an access authority setting window having a check box for allowing the sender to set access authority on the receiver side for the encrypted electronic file on the display unit. The access authority setting means sets the access authority on the receiver side for the encrypted electronic file in accordance with the check operation result for the check box displayed in the access authority setting window by the display control means. (Claim 2 ).

In the access authority setting window, the access authority for each of the e-mail destination field, CC (Carbon Copy) field, and BCC (Blind Carbon Copy) field to which the encrypted electronic file is attached is given to the sender. A check box for setting is displayed as the check box, and the access authority setting means fills in each of the e-mail destination column, CC column, and BCC column according to the check operation result for the check box. It may be set access rights for each transmission destination that is (claim 3).

Further, the display control means has a check box for allowing the sender to select whether or not the designated electronic file is to be an access management target of the file access management server before displaying the access authority setting window. When the selection window is displayed on the display unit and the designated electronic file is selected as the access management target of the file access management server by the check operation on the check box displayed in the selection window, the access authority the setting window may be displayed on the display unit (claim 4). When it is selected that the designated electronic file is not subject to access management of the file access management server by a check operation on the check box displayed in the selection window, the registration unit, the encryption key receiving unit, The attachment means attaches the designated electronic file as it is to the electronic mail without operating the encryption means (Claim 5 ).

In the electronic mail system, each client terminal is provided with personal information file determination means for determining whether or not the designated electronic file is a personal information file having personal information that can identify a specific individual. If the personal information file determination means determines that the designated electronic file is not a personal information file, the registration means may be configured to register the designated electronic file with the file access management server. 6 ). When the designated electronic file is judged to be a personal information file by the personal information file judging means, the attaching means attaches the designated electronic file or an encrypted electronic file for the designated electronic file to the electronic mail. It is configured so as to be prohibited (claim 7 ).

An electronic mail transmission / reception program according to the present invention (claim 8 ) is for realizing a mail function for transmitting / receiving an electronic mail by a computer, and in particular, the computer includes the above-mentioned designation means, registration means, and encryption key reception. Means, encryption means, attachment means, authentication information transmission means, decryption key reception means, decryption means, change request means, and access authority setting means . Furthermore, an electronic mail system program of the present invention (claim 9 ) includes a file access management server for managing access to an electronic file, a plurality of client terminals having a mail function for transmitting and receiving electronic mail, and the plurality of client terminals. And an e-mail system program configured to include a network that connects the file access management servers so that they can communicate with each other, wherein the e-mail function is realized by each client terminal computer. A transmission / reception program and a file access management server program for causing the server computer to function as the file access management server, wherein the e-mail transmission / reception program includes the above-mentioned designation means, registration means, encryption key reception means, encryption Means , Attachment means, authentication information transmission means, decryption key reception means, decryption means, change request means, and access authority setting means, each client terminal computer functions, and the file access management server program receives authentication information The server computer is made to function as means, transmission destination determination means, decryption key transmission means, access authority management means, sender determination means, and access authority change means.

According to the electronic mail system of the present invention described above, electronic mail sending and receiving program Contact and program for electronic mail systems, each client terminal (information processing apparatus), the access specified electronic file to be attached to electronic mail is designated When registered as a management target in the file access management server, the specified electronic file is encrypted using an encryption key managed by the file access management server, and the encrypted electronic file is attached to an e-mail and sent and received. Will be.

  At that time, processing such as registration, reception of encryption key, encryption, and attachment is executed by a program running in the background of the mail function, and the designated electronic file is automatically handled as an access management target of the file access management server. The user can send and receive the attached file by e-mail in an encrypted state under the control of the file access management server by simply specifying the attached file (electronic file) without special awareness. It becomes possible.

  Therefore, only a legitimate user who is authenticated by the file access management server (a client terminal / user of an information processing apparatus that is a legitimate transmission destination) can access the attached file, and the confidential information can be obtained by the attached file of the e-mail. And leakage of personal information to the outside can be prevented very easily and reliably without any effort or load on the user or administrator.

  Further, access to the attached file (designated electronic file) is managed by the file access management server, and when the encrypted electronic file is accessed at the transmission destination of the encrypted electronic file, the transmission destination is valid. The decryption key is received only when it is determined that the encrypted electronic file can be decrypted, so the confidential information or personal information contained in the electronic file may be inadvertently leaked or leaked, or the information may be illegally used. Is reliably prevented.

  In particular, in the present invention, for each encrypted electronic file and each recipient of the encrypted file, the access authority on the receiver side for the encrypted electronic file is set and managed, and the receiver has the set access authority. Because access is only permitted according to the client terminal, the decrypted electronic file cannot be accessed at all other than the preset access authority at the client terminal, and confidential information and personal information contained in the electronic file cannot be accessed. Inadvertent leakage or leakage of information and unauthorized use of the information can be prevented more reliably. As described above, the access authority is set for each encrypted electronic file and each recipient of the encrypted file, so that it is possible to respond to the user's judgments and requests on an ad hoc basis, which is convenient for the user. Can be increased.

  Furthermore, according to the present invention, only when the access authority change request from the client terminal is made by the sender of the encrypted electronic file (the person attached to the e-mail; the registrant) whose access authority is to be changed. Since the access authority to the encrypted electronic file under the management of the file access management server can be changed, the access authority to the encrypted electronic file or the encrypted electronic file can be changed by the sender in addition to the system administrator. It is possible to prohibit access to the user (revoke access authority). In other words, you can manage the access authority for encrypted electronic files that you send by attaching to an e-mail even after you send the e-mail. It is possible to respond immediately to a case where a change is desired, and the convenience for the user can be improved. The change or cancellation can be performed for each encrypted electronic file or each recipient of the encrypted file.

  The access authority for the encrypted electronic file is set by the user (sender) referring to the access authority setting window displayed on the display unit when attaching the encrypted electronic file on the client terminal. This can be done very easily by simply performing a check operation (click operation with the mouse) on the check box in the setting window. At that time, it is possible to set access authority for each of the e-mail destination column, CC column, and BCC column to which the encrypted electronic file is attached by the check box. Access authority setting for each transmission destination (recipient) entered in each of the CC column and the BCC column can be performed very easily. Here, for example, the destinations entered in the destination column and CC column are general employees, customers, etc., and the destination entered in the BCC column is often an administrator such as the user's supervisor. As described above, since the access authority corresponding to the transmission destinations having different reliability levels can be easily set in correspondence with the destination column, CC column, and BCC column, the convenience for the user can be improved.

  At this time, before the access authority setting window is displayed, a selection window is displayed and whether or not the designated electronic file is to be managed by the file access management server, that is, the designated electronic file is registered in the file access management and encrypted. By allowing the user to select whether or not to perform the encryption process, the encryption process is executed only when the user desires to encrypt the attached file, and when the user does not desire, the designated electronic file can be attached as it is. As a result, for example, when sending an electronic file containing highly confidential information, the electronic file is encrypted and attached, but when a distributor or the like wants to send raw data, it is not encrypted. As shown, it is possible to make a selection according to the situation and to improve the convenience for the user.

  Also, it is determined whether or not the designated electronic file is a personal information file having personal information that can identify a specific individual, and only the electronic files that are not personal information files are attached to the e-mail as management targets of the file access management server. On the other hand, by prohibiting attachment of electronic files, which are personal information files, to e-mail, it is ensured that the personal information file in the client terminal is sent out of the client terminal in a state of being attached to the e-mail. It is possible to prevent the personal information from leaking to the outside due to the attached file of the e-mail, and it can be prevented extremely easily and more reliably without any trouble or burden on the user or the administrator.

  In addition, the specified electronic file is converted into a completed document file (for example, PDF (Portable Document Format) file) that is difficult to tamper with, and then encrypted. It can be surely prevented from being used.

Embodiments of the present invention will be described below with reference to the drawings.
[1] Configuration of the E-mail System of the Present Embodiment FIG. 1 is a block diagram showing the configuration of the e-mail system as an embodiment of the present invention. As shown in FIG. 1, the e-mail system 1 of the present embodiment is shown. In addition to the plurality of client terminals 10, the file access management server 20, mail server 30, and network (such as the Internet) 40 are configured.

  Each client terminal 10 is an information processing apparatus such as a personal computer used by each employee (user) in the company, for example, and each client terminal 10 executes mail software (mailer; e-mail transmission / reception program described later). By doing so, a mail function for transmitting and receiving an electronic mail to and from another client terminal 10 is realized. The detailed functional configuration of each client terminal 10 will be described later with reference to FIG. Each client terminal 10 is connected to the other client terminals 10, the file access management server 20, and the mail server 30 via the network 40 so as to communicate with each other.

  The file access management server 20 manages, for example, access of each client terminal 10 to various electronic files used in the company via the in-house LAN 30. A detailed functional configuration of the file access management server 20 will be described later with reference to FIG. Further, the file access management server 20 is separated from an external (external) network (not shown), and it is impossible to access the file access management server 20 from an external client terminal (see FIG. 7).

  The mail server 30 manages e-mails transmitted and received between a plurality of client terminals 10 via a network (Internet) 40. The mail server 30 is always connected to the network 40 and transmits e-mails of users in its own network. A POP3 server that functions as an SMTP server for transmitting an e-mail to a user in another network and a POP3 server that stores an e-mail sent to the user in the own network and responds to a reception request from the user And functions as an IMAP4 server.

  That is, in FIG. 1, only one network 40 is shown, but actually includes an in-house LAN (Local Area Network) and the Internet, and the mail server 30 is connected to the in-house LAN (own network). Manages sending and receiving of e-mails between client terminals 10 in the company, and managing sending and receiving of e-mails between client terminals 10 connected to the company LAN and external client terminals 10 connected to the Internet (other networks). It is supposed to do.

[2] Functional Configuration of Client Terminal According to this Embodiment FIG. 2 is a block diagram showing the functional configuration of the client terminal 10 according to this embodiment. As shown in FIG. 2, the client terminal 10 according to this embodiment includes an input unit. 11. Transmission / reception means 12, display unit 13, display control means 14, confidential file determination means 150, personal information file determination means 151, switching means 152, registration means 153, conversion means 154, encryption means 155, attachment means 156, decryption It comprises a function as a conversion unit 157, a change request unit 158, an access authority setting unit 159 and a storage unit 16. The functions as these means 11 to 14 and 150 to 159 execute a predetermined application program (for example, the above-described e-mail transmission / reception program) to a CPU (Central Processing Unit) of a computer (information processing apparatus) as the client terminal 10. It is realized by letting.

  The input means 11 is constituted by, for example, a keyboard or a mouse operated by a user. In this embodiment, the input means 11 functions as a designation means 111 and a selection means 112 to be described later. It is also used when inputting information for setting.

  The designation unit 111 designates an electronic file to be attached to an e-mail when a new e-mail is created using the e-mail function. In the present embodiment, the user displays on the display unit 13. By operating the keyboard and mouse as the specifying means 111 while referring to the attached file setting window 13b (see FIG. 6) and the attached file adding window 13c (see FIG. 6), the electronic to be attached to the e-mail A file is specified. The selection means 112 will be described later.

  The transmission / reception means 12 is realized by a communication function (including a part of the mail function) originally possessed by the client terminal 10, and in this embodiment, an e-mail transmission means 121 and an e-mail reception means described later. 122, the encryption key receiving unit 123, the authentication information transmitting unit 124, and the decryption key receiving unit 125. In addition, a registration request by the registration unit 153 described later, a change request by the change request unit 158 described later, and an access described later. It is also used when setting information by the authority setting means 159 is transmitted to the file access management server 20.

  The e-mail transmission unit 121 outputs the e-mail created by the e-mail function to the network 40 so as to be transmitted to the designated destination via the mail server 30, and the e-mail reception unit 122 is a mail server. The electronic mail transmitted via the network 30 is received through the network 40 and stored in the storage unit 16.

  The encryption key receiving unit 123 receives the encryption key issued by the file access management server 20 via the network 40. When registration (encryption key transmission request) of the electronic file designated by the designation unit 111 (hereinafter referred to as a designated electronic file) is performed on the file access management server 20 by the registration unit 153 described later, the file access management server 20, an encryption key for the designated electronic file is issued and transmitted to the client terminal 10 that has registered. This encryption key may be received in advance from the file access management server 20 via the network 40 and stored in the storage unit 16 or the like, or may be designated by the designation unit 111 (designated operation of an attached file by the user) or An encryption key transmission request may be made and received from the file access management server 20 via the network 40 in accordance with a selection operation by the selection unit 112 described later.

  The authentication information transmission unit 124 is an encrypted electronic file attached to an e-mail received from another client terminal 10 (a designated electronic file that has been subjected to conversion / encryption processing by the conversion unit 154 and the encryption unit 155 described later). Authentication information about the encrypted electronic file is transmitted to the file access management server 20 via the network 40. The authentication information transmission unit 124 also uses the user (registrant / transmission) of the client terminal 10 when performing registration by the registration unit 153 (authorization setting by the access authority setting unit 159) or a change request by the change request unit 158. It is assumed that the function of transmitting the authentication information about the user to the file access management server 20 via the network 40 is fulfilled.

  Here, the authentication information indicates that the user of the client terminal 10 who is trying to open the encrypted electronic file is a valid transmission destination (user / receiver / registrant) of the encrypted electronic file, or is designated The file access management server 20 confirms that the user of the client terminal 10 attempting to register the electronic file and set / change the access authority is a valid user (registrant / sender of the encrypted electronic file). This is information necessary for determination and authentication, and includes a user ID and a password registered in advance in the file access management server 20 for the user of the service by the file access management server 20. These user IDs and passwords are, for example, that the user operates the keyboard or mouse as the input means 11 when opening the encrypted electronic file, registering the encrypted electronic file, or setting / changing access authority. Thus, it is input from a login window (not shown) to the file access management server 20 displayed on the display unit 13.

The decryption key receiving means 125 receives the decryption key corresponding to the encrypted electronic file from the file access management server 20 when the validity of the user is authenticated by the authentication information, and sends the decryption key via the network 40. It is what you receive.
The display unit 13 is a display such as a CRT (Cathode Ray Tube) or an LCD (Liquid Crystal Display), and displays various information to the user of the client terminal 10.

  The display control means 14 controls the display state on the display unit 13, and a new mail creation window 13a, an attached file setting window 13b, an attached file addition window 13c and a selection window 13d, which will be described later with reference to FIG. 7, an access authority setting window 13 e described later, and a function of causing the display unit 13 to display the above-described login window. Among these windows 13a to 13e, a selection window 13d and an access authority setting window 13e are characteristic of the present invention, and an electronic file to be attached is designated by the designation means 111 in the attached file addition window 13c. In response to the designation operation, the display control unit 14 displays the selection window 13d on the display unit 13, and further displays the access authority setting window 13e when the check box 13d-1 described later is selected. To be displayed.

  Here, the selection window 13d determines whether or not the designated electronic file is an access management target of the file access management server 20, that is, whether the designated electronic file is attached as an “authorized file (encrypted electronic file)” or “original”. Attached as “file”, or in other words, for allowing the user to select whether or not to execute registration / conversion / encryption processing by a registration unit 153, a conversion unit 154, and an encryption unit 155 described later. .

  In this selection window 13d, for example, as shown in FIG. 6, a check box 13d-1 checked by the function as the selection means 112 of the input means 11 when selecting attachment as an "authorized file" A check box 13d-2 that is checked by the function of the input unit 11 as the selection unit 112 when the user selects to attach the file as "original file" is displayed. The check on the check box 13d-1 or 13d-2 is performed by the user clicking the mouse as the selection unit 112 while referring to the selection window 13d.

  The access authority setting window 13e is used for allowing the user (sender) to set the access authority on the receiver side for the encrypted electronic file. In the access authority setting window 13e, for example, as shown in FIG. In addition, the email address of the destination entered in the To column (address column), CC (Carbon Copy) column, BCC (Blind Carbon Copy) column of the email to which the encrypted electronic file is attached is displayed, Check boxes 13e-1 to 13e-9 are displayed for allowing the user (sender) to set the access authority for each of the To column, CC column, and BCC column.

  In particular, in the example shown in FIG. 7, three check boxes 13e-1 to 13e-3 for setting the access authority for the To field are displayed, and similarly, 3 for setting the access authority for the CC field. Three check boxes 13e-4 to 13e-6 are displayed, and three check boxes 13e-7 to 13e-9 for setting the access authority for the BCC column are displayed.

  Three check boxes 13e-1 to 13e-3 are used to select one of the three levels A, B, and C as the access authority of the transmission destination entered in the To column. Three check boxes 13e-4 to 13e-6 are used to select one of the three levels A, B, and C as the access authority of the transmission destination entered in the CC column. The check boxes 13e-7 to 13e-9 are for selecting one of the three levels A, B, and C as the access authority of the transmission destination entered in the BCC column.

  In FIG. 7, level C (check box 13e-3) is selected for the To field, level B (check box 13e-5) is selected for the CC field, and level A (check box 13e-7) is selected for the BCC field. This state is shown. These check boxes 13e-1 to 13e-9 are checked when the user clicks the mouse as the selection means 112 while referring to the access authority setting window 13e. In level A, three authorities of viewing (Read), printing (Print), and copying (Copy) are granted, and in level B, two authorities of viewing (Read) and printing (Print) are granted. In C, only the right of viewing (Read) is given.

  The confidential file determination unit 150 determines whether or not the designated electronic file designated by the designation unit 111 is a confidential file. In the present embodiment, a flag indicating that the file is a confidential file is attached to the electronic file itself, or is held and managed in association with each electronic file by a management server (not shown). By referring to the flag, it is determined whether or not the designated electronic file is a confidential file.

  Further, if the designated electronic file is determined to be a confidential file (if the flag indicating the confidential file is attached to the designated electronic file), the confidential file determination unit 150 checks the email address of the email transmission destination. , Whether the destination of the email is internal or external, and if it is external, the attachment of the designated electronic file is prohibited and the function to notify the user to that effect is achieved. In some cases, the display control unit 14 functions to display the selection window 13d on the display unit 13 and execute the process of attaching the designated electronic file.

  The personal information file determination unit 151 determines whether the designated electronic file that is determined to be a non-confidential file by the confidential file determination unit 150 is a personal information file having personal information that can identify a specific individual. It is to determine whether or not. Here, as a determination method of the personal information file, any one of the two determination methods described later can be used.

  In the present embodiment, the condition of the personal information file is a file that holds a predetermined number or more of records including personal information elements, and the personal information element is a character string that can identify a specific individual alone or in combination. For example, name, date of birth, contact information (address, residence, telephone number, e-mail address), etc. In addition to these, personal information elements include title, basic resident register number, account number, credit card number, license number, passport number, and the like.

  When the personal information file determination unit 151 determines that the designated electronic file is not a personal information file, the display control unit 14 displays the selection window 13d on the display unit 13 to execute the attachment process of the designated electronic file. When it is determined that the designated electronic file is a personal information file, attachment processing of the designated electronic file is prohibited.

  The switching unit 152 performs the following switching operation in accordance with the selection result by the selection unit 112. The check box 13d-1 is checked and the designated electronic file is attached as an “authorized file” (that is, file access). When the management server 20 is selected as an access management target), the encryption key receiving unit 123, the registration unit 153, the conversion unit 154, and the encryption unit 155 are operated, and the attachment unit 156 sends the encrypted electronic file to the On the other hand, when the check box 13d-2 is checked and attachment of the designated electronic file as “original file” is selected (that is, not to be an access management target of the file access management server 20). Encryption key receiving means 123, registration means 153, variable Switch designated electronic file by the appended means 156 without operating the unit 154 and encryption unit 155 (original file / raw data) as it is to be attached to e-mail.

  The registration unit 153 registers the designated electronic file in the file access management server 20 as an access management target of the file access management server 20, and in the present embodiment, simultaneously with the registration, the function of the access authority setting unit 158 described later is used. The access authority for the designated electronic file (encrypted electronic file) according to the contents designated in the access authority setting window 13e is also set in the file access management server 20. At this time, as described above, the authentication information about the user (registrant / sender) is transmitted to the file access management server 20 via the network 40 by using the function of the authentication information transmission unit 124, and the file access management server 20 side. As described later, it is determined whether or not the user is a valid user (authentication).

  The conversion unit 154 converts the designated electronic file read from the storage unit 16 into a completed document file such as a PDF (Portable Document Format) file that is difficult to falsify. The conversion unit 154 is realized by, for example, a PDF driver, and the designated electronic file is converted to PDF by starting the PDF driver, and a PDF file as a completed document file is generated.

The encryption unit 155 encrypts the designated electronic file that has undergone the PDF conversion process by the conversion unit 154 using the encryption key received by the encryption key reception unit 123.
The attachment means 156 is an electronic file (encrypted electronic file / authorized file) encrypted by the encryption means 155 in accordance with the switching operation by the switching means 152, or an original that has not been converted or encrypted at all. One of the files is attached to the e-mail.

  The decryption unit 157 receives the decryption unit 18 by the decryption key reception unit 125 as described above when opening the encrypted electronic file (authorized file) attached to the email received from the other client terminal 10. Using the decrypted key, the encrypted electronic file is decrypted to restore the original electronic file.

  The change request unit 158 makes a request to the file access management server 20 to change the access authority for the encrypted electronic file that has already been set for the file access management server 20 in accordance with the instruction from the input unit 11. At that time, the change request and the change contents are notified to the file access management server 20 via the transmission / reception means 12 and the network 40, and the user (registrant / sender) is used by using the function of the authentication information transmission means 124 as described above. ) Is also transmitted to the file access management server 20 via the network 40, and the file access management server 20 determines (authenticates) whether or not the user is a valid user, as will be described later. It is supposed to be.

  As described above, the access authority setting unit 159 encrypts the electronic file when the designated electronic file is registered in the file access management server 20 by the registration unit 153 or when the encrypted electronic file is attached to the e-mail by the attachment unit 156. The access authority on the receiver (transmission destination) side for the file is set in the file access management server 20 (access authority management table 24a of the access authority management means 24 described later).

  In particular, the access authority setting unit 159 according to the present embodiment includes each of the To column, the CC column, and the BCC column of the e-mail according to the check operation result for the check boxes 13e-1 to 13e-9 of the access authority setting window 13e. The access authority on the receiver side with respect to the encrypted electronic file is set for each transmission destination entered in. Thereby, for each encrypted electronic file and for each recipient of the encrypted electronic file, the access authority on the recipient side for the encrypted electronic file is set in the file access management server 20. When setting the access authority in this way, authentication information about the user (registrant / sender) is transmitted to the file access management server 20 via the network 40 using the function of the authentication information transmitting unit 124 as described above. Then, on the file access management server 20 side, as described later, it is determined (authenticated) whether or not the user is a valid user.

The storage unit 16 stores various electronic files to be attached to e-mails, e-mails received from other client terminals 10 by the e-mail receiving unit 122, and includes, for example, a hard disk constituting the client terminal 10, It is composed of a RAM (Random Access Memory).
In each client terminal 10 of the present embodiment, at least the encryption key receiving unit 123, the confidential file determination unit 150, the personal information file determination unit 151, the registration unit 153, the conversion unit 154, the encryption unit 155, and the attachment unit 156 described above. Is configured to operate in the background of the mail function.

[3] Personal Information File Determination Method Here, two determination methods used when the personal information file determination unit 151 of the present embodiment determines a personal information file will be described.
[3-1] First Determination Method In the first determination method, the appearance frequency of an address, a telephone number, a mail address, and a name is quantified as follows to determine a personal information file.

  First, the character or character string included in the designated electronic file is collated with the characteristic character / characteristic character string preset as the character / character string that appears characteristically in the personal information, and the characteristic character / characteristic character string is Count the number of occurrences in the file. However, if collation / recognition using character strings is performed, the load on the CPU becomes extremely large. Therefore, collation / recognition for each character is performed. Therefore, as the condition, characteristic characters are set one by one. In addition, when the arithmetic processing capability of the CPU is sufficiently high, collation / recognition by a character string may be performed.

  Then, the characters extracted from the designated electronic file (text file) are collated one by one with the characteristic character set as the condition, and if they match, it is determined that the characteristic character has appeared. Thus, the count value of the characteristic character is incremented by “1”. Thus, after counting the number of appearances of characteristic characters in all characters included in the designated electronic file, it is determined whether or not the designated electronic file is a personal information file based on the count result. Yes.

  Here, the characteristic character set in advance as the condition will be specifically described. In general personal information, an address is usually required. Therefore, a character that appears characteristically in an address in Japan is set and registered in the above condition as a characteristic character. For example, the address information may include “city”, “road”, “fu”, “prefecture”, “city”, “ward”, “town”, “village”, “county”, etc. In the case of “Tokyo”, the characters “East” and “Kyo” appear in ordinary documents, but in the case of address information, they will appear in combination with “City”. It becomes possible to regard the number of appearances as the number of addresses. Similarly, “prefecture”, “prefecture”, and “road” are considered as address information, and “@” can be used as e-mail address information.

Specifically, the following characteristic characters and points are set as the conditions.
(1) “East”, “Kyo”, “Metro”, “Large”, “Osaka”, “Fu”, “North”, “Sea”, “Road” are set as address information (characters). The total of the count values of these characteristic characters is counted / calculated as the address point 1.
(2) As presumed address information (characteristics), prefecture names other than address point 1, that is, “mountain”, “form”, “god”, “na”, “river”, “saki”, “tama”, ..., "Fuku", "Oka", "Prefecture", etc. are set, and the total of the count values of these characteristic characters is counted and calculated as address point 2.

(3) “City”, “District”, “Town”, “Village” and “County” are set as address disregard information (characteristic characters), and the total of the count values of these characteristic characters is calculated as address point 3 Is done.
(4) “@” is set as the mail address deemed information (characteristic character), and the count value of “@” is used as the mail address point.

  (5) “N” (numeric string with a predetermined number of digits consisting of numerals and hyphens) is set as the telephone number deemed information (characteristic character string), and the counted value is used as the telephone number point. More specifically, the phone number is a specific number string corresponding to the mobile phone area code or area code, such as “090-XXXX-XXXX”, “03-XXXX-XXXX”, “048-XXX-XXXX”. It consists of “090”, “03”, “048” followed by an 8-digit or 7-digit numeric string. When such a numeric string appears, the telephone number point is incremented by “1”. . At this time, the count-up is performed regardless of the presence or absence of a hyphen in the numeric string.

(6) As name disregard information (characters), for example, the characters “sa”, “wisteria”, “da”, “middle”, “high”, “bridge”, etc. included in the best 50 of last names in Japan. , “Mountain”, and “field” are set, and the sum of the count values of these characteristic characters is calculated as a name point.
(7) As the total points, the total value of the points (1) to (6) described above is counted and calculated.

  In addition, when calculating the appearance rate of each prefecture name based on the counting result (number of appearances) obtained as described above, handling when there are duplicate characters will be described. For example, if “Tokyo” and “Kyoto Prefecture” are mixed in a text file, “Metropolitan” is duplicated. Therefore, the “Metropolitan” count is the same as the “Tokyo” count. It will be mixed. Since “Fu” in “Kyoto” overlaps with “Fu” in “Osaka”, first calculate the appearance rate of “Osaka” and subtract that appearance rate from the appearance rate of “Fu”. It is possible to predict the appearance rate of “fu”. By subtracting the appearance rate of “Kyoto Prefecture” predicted in this way from the appearance rate of “Metropolitan”, the appearance rate of “Tokyo” can be obtained. If the prefecture name and city name overlap (for example, Osaka City, Osaka Prefecture), the appearance rate of “Osaka” will double, but based on the Japanese address book published by the Ministry of Posts and Telecommunications. It is possible to estimate the actual appearance rate by calculating the duplication rate for each prefecture name and adjusting the appearance rate based on the calculated duplication rate.

  Furthermore, the handling when there is no state display will be described. In the file, when the title header is used for the prefecture name, or when the address display using the government-designated city or the postal code is used, the appearance rate of “city”, “road”, “prefecture”, “prefecture” is extremely high. Will be reduced. Instead, since the name appearance rate such as the prefecture name becomes high, it is possible to specify that the file is a personal information file including address information from the name appearance rate.

  In the above conditions, characters / character strings that appear characteristically in addresses, e-mail addresses, telephone numbers, and names are set as characteristic characters / character strings, but the present invention is not limited to these. Character / character string that appears characteristically in the date of birth, title, personal identification information (for example, Basic Resident Register Number, Account Number, Credit Card Number, License Number, Passport Number, etc.) It may be set as a character string.

  Based on the counting result obtained as described above, a determination value for determining whether or not the designated electronic file is a personal information file is calculated. As the determination value, the value of (a) quarantine total points (see item (7) above) may be used as it is, or (b) a determination point that increases as the appearance rate of characteristic characters / characteristic strings increases. It may be calculated as the determination value, or (c) the appearance pattern of the feature character / feature character string in the target file is obtained based on the counting result obtained for each feature character / feature character string, and the obtained appearance pattern And a degree of coincidence indicating a degree of coincidence with a feature appearance pattern set in advance as an appearance pattern of a feature character / feature character string may be calculated as the judgment value, or (d) of these three kinds of judgment values 2 or more may be combined, and a value calculated by substituting two or more determination values into a predetermined function may be used as the determination value.

  At this time, if there are characteristic characters / characteristic strings related to multiple types of information (for example, four types of address, e-mail address, telephone number, and name) in the designated electronic file, one type of information is included in the designated electronic file. The count result is weighted so that the determination value is larger than when there is a feature character / feature character string related to. In other words, if the designated electronic file includes a plurality of types of information that can identify an individual, the possibility that the designated electronic file is a personal information file is that only one type of information that can identify an individual is included. Since it is considered to be higher than the case where it is included, weighting is performed so that the determination value (importance) for the designated electronic file is increased. Further, weighting may be performed so that the determination value increases as the number of types of information increases. As a result, the personal information file can be more reliably determined.

  When the determination value as described above is calculated, it is determined whether the designated electronic file is a personal information file based on the determination value. For example, when the determination value exceeds a predetermined threshold, it is determined that the designated electronic file is a personal information file.

[3-2] Second Determination Method In the second determination method, the personal information file is determined as follows.
First, text data (for example, CSV (Comma Separated Value) format data) of a specified electronic file is extracted, and character sections delimited by delimiters are extracted from the extracted text data and buffered as a determination target / collation target. Write sequentially (not shown). Here, the delimiter is, for example, a half-width space, a half-width comma (half-width comma + half-width space is also regarded as a half-width comma), a tab character (half-width), CR (Carrige Return), or LF (Line Feed). Symbols other than alphanumeric characters, katakana, hiragana, and kanji characters, such as hyphens, underbars, and parenthesis symbols, are removed from the extracted character section.

  A character string (hereinafter simply referred to as a character string) in a character section from which symbol characters have been removed as described above is a personal information element other than a name (specifically, in this embodiment, a telephone number, an e-mail address, and an address). It is determined whether it corresponds to any one of them. Here, the character string determination process is performed in the order of the lighter determination process load, that is, in the order of the telephone number, the e-mail address, and the address.

  First, it is determined whether or not the character string corresponds to a telephone number. Specifically, if the character string satisfies the telephone number determination condition set as the condition, it is determined that the character string corresponds to a telephone number. Here, it is assumed that the telephone number determination condition includes 9 to 15 digits in the character string.

  Next, when it is determined that the character string does not correspond to a telephone number, it is determined whether or not the character string corresponds to an e-mail address. Specifically, when the character string satisfies the e-mail address determination condition set as the condition, it is determined that the character string corresponds to the e-mail address. Here, the e-mail address determination condition is as follows: “One or more ASCII (American Standard Code for Information Interchange)” + “@ (at mark)” + “One or more ASCII characters” + “. (Dot)” ”+“ ASCII character of one or more characters ”is included. In this case, the shortest e-mail address is “a@a.a”, for example.

  Further, when it is determined that the character string does not correspond to an e-mail address, it is determined whether or not the character string corresponds to an address (residence), and the character string is set as the condition. When the address determination condition is satisfied, it is determined that the character string corresponds to the address. In the present embodiment, the address determination condition includes a character string of “one or more double-byte characters” + “city” or “city” or “county” + “one or more double-byte characters” in the character string. Suppose that At this time, if the CPU has sufficiently high processing capability, it may be added to the address determination condition that a 7-digit number corresponding to the postal code is included in addition to the character string. In addition, the address determination condition is that the character string includes a 7-digit numeric string corresponding to the postal code or “3-digit numeric string” + “− (−” instead of the above-described conditions. Hyphens) ”+“ a digit string of four digits ”may be included.

  When it is determined that the character string does not correspond to any of a telephone number, an e-mail address, and an address, whether or not the character string satisfies the character determination condition set as the condition, Specifically, it is determined whether or not the number of characters in the character string is within a predetermined range and all the characters in the character string are kanji. In the present embodiment, the character determination condition is that, as described above, the number of characters in the character string is within a predetermined range and all the characters in the character string are kanji characters. Is set to a general (appropriate) number range, for example, 1 to 6 as the number of characters of the name (including only the last name and only the name).

  Thereafter, a character section determined not to correspond to any of a telephone number, an e-mail address, and an address, and further, a character section within the predetermined range and all characters determined to be kanji By comparing the character / character string included in the character section with an inappropriate character / unsuitable character string preset as a character / character string that cannot appear in the name, the character section is determined to be an inappropriate character. / Judge whether or not to include an inappropriate character string.

  Here, inappropriate characters / inappropriate character strings are set in advance as the above-mentioned conditions. For example, Tokyo, Osaka, Nagoya, Yokohama, Kyushu, Hokkaido, Kyoto, capital, individual, school, store, stock, prefecture, University, academy, TSE, research, management, general affairs, accounting, sales, supervision, pharmaceutical, sales, school, education, specialization, architecture, machine, corporation, factory, manufacture, technology, commerce, books, unknown, deputy director, disclosure, Publication, Advertising, Broadcasting, Target, Wholesale, Retail, Planning, Human Resources, Information, Department, President, Regulatory, General Manager, Section Manager, General Manager, Officer, Head Office, Branch Office, Business, Business, Education, Precision, Petroleum, Transportation, Management, Strategy, material, engineer, electricity, production, tax, public relations, transportation, chief, computer, finance, office work, development, policy, production, economy, industry, finance, bank, research, English, quality, warranty, equipment, charge, President, Director, Audit, Support, Design, Insurance, Safe, Business, Representative, Transportation, First, Second, Third, Fourth, Fifth, Sixth, Seventh, Eighth, Ninth, Special Sales, Facility, Name, Mail, Name, Name, City Hall, Affiliation, Characteristic, Childhood, Christianity, Association, Church, Union, cult, commerce, nationwide, branch, contact, assembly, life, consumption, promotion, city hall, ward office, general, modification, function, overview, composition, company, organization, association, deletion, document, deadline, validity, etc. A character / character string that cannot appear in a typical name, that is, a character / character string that is inappropriate as a name.

  Then, it is determined whether or not the designated electronic file is a personal information file based on the above-described telephone number determination result, e-mail address determination result, address determination result, and inappropriate character / inappropriate character string matching determination result. To do. More specifically, the number of character sections considered to correspond to each of a telephone number, an e-mail address, and an address is counted, and an inappropriate character / unsuitable character string matching determination result is received. / The character section determined not to contain an inappropriate character string is regarded as corresponding to the name, and the number is counted.

  Based on the counting results (four counting values; the number of telephone numbers, the number of e-mail addresses, the number of addresses, the number of names) for each of the telephone number, e-mail address, address, and name, the larger the counting value, the larger the count value. A judgment value is calculated. For example, the sum of four count values may be calculated as the determination value, or a weighting factor is set in advance for each of the telephone number, e-mail address, address, and name, and the weighting factor for each personal information element The sum of multiplication results of the count value and the count value may be calculated as the determination value, and various methods for calculating the determination value are conceivable.

When the determination value as described above is calculated, it is determined whether or not the designated electronic file is a personal information file based on the determination value. Specifically, when the determination value exceeds a predetermined threshold, it is determined that the target file is a personal information file.
In the second determination method described above, the case where the personal information elements other than the name are the three elements of the telephone number, the e-mail address, and the address has been described. However, the present invention is not limited to this. As the personal information element other than the name, for example, the date of birth, the basic resident register number, the account number, the credit card number, the license number, the passport number, etc. may be used.

[4] Functional configuration of file access management server of the present embodiment FIG. 3 is a block diagram showing the functional configuration of the file access management server 20 of the present embodiment. As shown in FIG. 3, the file access management server of the present embodiment. The server 20 has functions as a transmission / reception unit 21, a storage unit (encryption key / decryption key storage unit) 22, a determination unit 23, an access authority management unit 24, an access authority setting / change unit 25, and a sender determination unit 26. It is configured. The functions as these means 21, 23 to 26 are realized by causing a CPU of a computer to function as a server to execute a predetermined application program (file access management server program).

  The transmission / reception means 21 is realized by a communication function that the file access management server 20 originally has. In this embodiment, the transmission / reception means 21 is an encryption key transmission means 211, an authentication information reception means 212, and a decryption key transmission means 213, which will be described later. In addition to fulfilling the above function, it is also used when various types of information are transmitted and received between each client terminal 10 and the access authority management means 24 and the sender determination means 25 described later.

When the encryption key transmission unit 211 receives a registration request (encryption key transmission request) from each client terminal 10 via the network 40, the encryption key transmission unit 211 transmits the encryption key for the designated electronic file to the client terminal 10 that has transmitted the request via the network 40. To send in.
The authentication information receiving unit 212 receives the authentication information about the encrypted electronic file transmitted from each client terminal 10 (authentication information transmitting unit 124) via the network 40. The decryption key transmission means 213 will be described later.

  The storage unit (encryption key / decryption key storage unit) 22 is an encryption key to be transmitted to each client terminal 10 or an already transmitted encryption key, and a decryption key corresponding to this encryption key (encrypted by this encryption key). Decryption key for decrypting encrypted electronic files) and pre-registered users [registrants (destination, recipient) who are allowed to access encrypted electronic files (authorized files), etc. The user ID, password, and the like of the registrant who receives the service of the file access management server 20 are stored. For example, the registrant is configured by a hard disk or a RAM constituting the file access management server 20.

  Based on the authentication information received by the authentication information receiving means 212 (authentication information transmitted when executing access to the encrypted electronic file), the transmission destination determining means 23 encrypts the client terminal 10 that has transmitted the authentication information. This is to determine whether or not the electronic file is a valid transmission destination. Actually, the user ID and password input at the client terminal 10 are registered and stored in advance in the storage unit 22 of the file access management server 20. By determining whether or not the user ID and password match, it is determined and authenticated whether or not the user of the client terminal 10 is a valid registrant.

  The decryption key transmission unit 213 performs encryption when the determination unit 23 determines that the client terminal 10 is a valid transmission destination, that is, when the user of the client terminal 10 is authenticated as a valid registrant. A decryption key for decrypting the electronic file is read from the storage unit 22 and transmitted to the client terminal 10 via the network 40.

  The access authority management unit 24 uses, for example, an access authority management table 24a as shown in FIG. 8 to receive a recipient (transmission destination) for the designated electronic file (encrypted electronic file) registered by the registration unit 153 of the client terminal 10. The access authority on the side is managed in association with the sender of the encrypted electronic file, and when the receiver-side client terminal determines that the client terminal on the receiver side is a valid destination, The access authority management table 24a is referred to, and only the access corresponding to the access authority set in advance for the receiver is permitted to the client terminal 10 on the receiver side as the access to the encrypted electronic file. .

  In the access authority management means 24 (access authority management table 24a), as shown in FIG. 8, for each recipient of the encrypted electronic file, the access authority for the encrypted electronic file corresponds to the mail address of each recipient. Attached, set and managed. Further, when the receiver is registered in advance as a service user of the file access management server 20, the access authority corresponds to the ID and password set at the time of registration for the receiver (user). Attached and managed.

  Further, when the electronic file is attached to the designated electronic mail at the client terminal 10, the transmission destination of the electronic mail (the destination entered in the To field, CC field, and BCC field) is the service user of the file access management server 20. Whether or not it is registered in advance is determined by the access authority management means 24 based on the mail address of the transmission destination, and if it is registered, attachment of the designated e-mail (encrypted electronic file) is permitted while being registered. If not, the attachment may be prohibited and notification to that effect may be made. Thereby, it is possible to prevent the electronic file from being transmitted to a partner who is not registered as a service user of the file access management server 20 and whose identity is unknown in the file access management. Confidential information and personal information can be reliably prevented from leaking outside through the file.

  The sender determination unit 25 performs the same function as the transmission destination determination unit 23 described above, and is received by the authentication information reception unit 212 when an access authority change request or setting request is received from the client terminal 10. Based on the authentication information, it is determined whether or not the change request is made by the sender of the encrypted electronic file whose access authority is changed, or the setting request is sent to the file access management server 20. It is determined whether or not the registration is made by a valid registered person registered in advance.

  Whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed is determined by the transmission associated with the encrypted electronic file in the access authority management table 24a. Based on the information of the person. Further, whether or not the setting request is made by a valid registrant registered in advance in the file access management server 20 is determined based on whether the user ID and password input at the client terminal 10 are file access. This is performed by determining whether or not the user ID and password registered and stored in advance in the storage unit 22 of the management server 20 match.

  The access authority setting / changing means (access authority setting means) 26 uses the change request means 158 when the sender determination means 25 determines that the change request is made by the sender of the encrypted electronic file. In accordance with the contents of the change request, the access authority setting for the encrypted electronic file managed by the access authority management means 24 is changed, that is, the access authority setting table 24a is rewritten.

  Further, the access authority setting / changing unit 26 of the present embodiment is configured so that the access authority setting unit 159 sets a setting request when the sender determination unit 25 determines that the setting request is made by a valid registrant. According to the contents of the above, the setting of the access authority for the encrypted electronic file managed by the access authority management means 24, that is, the writing of a new access authority to the access authority setting table 24a is performed.

[5] Operation of E-mail System of the Present Embodiment Next, the operation of the e-mail system 1 of the present embodiment configured as described above will be described with reference to FIGS. 4 is a flowchart (steps S100 to S115, S120 to S125, S130 to S133) for explaining the operation of the client terminal 10 of the present embodiment, and FIG. 5 is the operation of the file access management server 20 of the present embodiment. (Steps S200 to S202, S210 to S214, S220 to S224), FIG. 6 and FIG. 7 show examples of window display on the display unit 13 to explain the operation of the client terminal 10 of the present embodiment. 8 and 8 are diagrams showing an example of the access authority management table 24a according to the present embodiment.

  When the user of the client terminal 10 attaches an electronic file to an electronic mail newly created by using the mail function of the client terminal 10, as shown in FIG. The attachment button 13a-1 of the window 13a is clicked with the mouse (input means 11) to display the attachment file setting window 13b, and the add button 13b-1 of the attachment file setting window 13b is clicked with the mouse (input means 11). Then, an additional file addition window 13c is displayed. Then, in this attachment file addition window 13c, an electronic file item (attachment file item) 13c-1 to be attached is clicked with the mouse (designating means 111) to select the electronic file to be attached (designated electronic file). specify.

  When the user performs the attached file designation operation as described above, the client terminal 10 determines that there is an instruction to attach the designated electronic file (YES route in step S100 in FIG. 4). The means 150 determines whether the designated electronic file is a confidential file with reference to the confidential flag (step S101 in FIG. 4).

  If the designated electronic file is a confidential file (YES mail in step S101), the mail address of the e-mail transmission destination is checked to determine whether the e-mail transmission destination is internal or external (FIG. 4). In step S102), if the user is outside the company (NO route in step S102), attachment of the designated electronic file is prohibited and the user is notified of this fact (step S103 in FIG. 4), and the process returns to step S100. On the other hand, when the transmission destination of the e-mail is in-house (YES route in step S102), the process proceeds to step S106.

  If the designated electronic file is not a confidential file (NO route in step S101), the personal information file determining unit 151 determines whether the designated electronic file is a personal information file (step S104 in FIG. 4). (YES route in step S104), the attachment of the designated electronic file is prohibited, the user is notified of this (step S105 in FIG. 4), and the process returns to step S100. On the other hand, if it is not a personal information file (NO route of step S104), the process proceeds to step S106.

  When the designated electronic file is a confidential file with the transmission destination in-house or not a personal information file, the display control unit 14 displays a selection window 13d as shown in FIG. 6 on the display unit 13 (FIG. 4). Step S106). The user refers to the selection window 13d, operates the mouse (selection means 112), and clicks / checks one of the check boxes 13d-1 and 13d-2, so that the designated electronic file is “authorized”. Select whether to attach as “file (encrypted electronic file)” or “original file”.

  When the check box 13d-2 is checked and attachment as an “original file” is selected (NO route in step S107 in FIG. 4), the attachment means 156 keeps the designated electronic file as raw data (original file) as an e-mail. The e-mail attached with “original file” is transmitted by the e-mail transmission means 121 to the transmission destination via the network 40 and the mail server 30 (step S108 in FIG. 4).

  On the other hand, when the check box 13d-1 is checked and attachment as an “authorized file” is selected (YES route in step S107 in FIG. 4), the display control means 14 sets the access authority as shown in FIG. A window 13e is displayed on the display unit 13 (step S109 in FIG. 4). The user refers to the access authority setting window 13e, operates the mouse (selecting means 112), and clicks / checks any of the check boxes 13e-1 to 13e-9, whereby the To column of the e-mail, For each transmission destination entered in the CC column and the BCC column, the access authority on the receiver side for the encrypted electronic file is selected.

  In the access authority setting window 13e shown in FIG. 7, level C (check box 13e-3) is selected for the To column, level B (check box 13e-5) is selected for the CC column, and level A (check) is selected for the BCC column. The box 13e-7) is selected, and the user who has completed the selection clicks the completion button 13e-10 to complete the selection of the access authority (YES route in step S110 in FIG. 4).

  When the selection of the access authority is completed, the registration unit 153 sends a registration request (encryption key transmission request) for registering the designated electronic file in the file access management server 20 as an access management target of the file access management server 20. 12 and the file access management server 20 via the network 40, and an access authority setting request selected by the access authority setting means 159 using the access authority setting window 13e is sent via the transmission / reception means 12 and the network 40. Is performed on the file access management server 20 (step S111 in FIG. 4), and in response to the registration request (encryption key transmission request), the encryption key receiving unit 123 sets the encryption key for the designated electronic file to file access. Management server 20 Is received via the network 40 (step S112 in FIG. 4).

  At this time, when the file access management server 20 receives a registration request (encryption key transmission request) from the client terminal 10 (YES route in step S200 in FIG. 5), authentication of the user (registrant / sender) is transmitted. The access authority setting / changing unit 26 performs a new access authority to the access authority setting table 24a in the access authority management unit 24 in accordance with the contents of the setting request by the access authority setting unit 159. Writing is performed as shown in FIG. 8 and access authority registration / setting is performed (step S201 in FIG. 5). Thereafter, the encryption key transmission unit 211 reads the encryption key for the designated electronic file from the storage unit 22 and transmits it via the network 40 to the client terminal 10 that has transmitted the transmission request (step S202 in FIG. 5). .

  In the client terminal 10 of the present embodiment, in parallel with the processing of steps S111 and S112 described above, the designated electronic file is read from the storage unit 16 and converted into a PDF file that is difficult to falsify by the conversion unit 154. (Step S113 in FIG. 4). Then, the encryption means 155 encrypts the designated electronic file converted to PDF using the encryption key received in step S112 (or the encryption key stored in advance in the storage unit 22) (FIG. 4). Step S114).

Thereafter, the encrypted electronic file is attached to the e-mail as an “authorized file” by the attaching means 156, and the e-mail attached with this “authorized file” is sent by the e-mail transmitting means 121 to the network 40 and the mail server 30. It is transmitted to the transmission destination via (step S115 in FIG. 4).
Through the processes in steps S100 to S115 as described above, the designated electronic file is transmitted as an “original file” or “authorized file” attached to the electronic mail.

  On the other hand, when the user of the client terminal 10 accesses the encrypted electronic file (authorized file) attached to the electronic mail received from the other client terminal 10 by the electronic mail receiving means 122, In the client terminal 10, the encrypted electronic file is read from the storage unit 16, and a request for opening the encrypted electronic file is made (NO route in step S100 and YES route in step S120 in FIG. 4).

  When the opening request is made, a login window (not shown) to the file access management server 20 is displayed on the display unit 13, and the user operates the input means (mouse, keyboard) 11 from the login window. A user ID and a password are input as authentication information, and the authentication information is transmitted to the file access management server 20 by the authentication information transmitting unit 124 via the network 40 (step S121 in FIG. 4).

  Then, in the file access management server 20, when the authentication information receiving unit 212 receives the authentication information from each client terminal 10 (authentication information transmitting unit 124) (NO route in step S200 in FIG. 5 and YES in step S210). Route), the transmission destination determination means 23 searches the storage unit 22 by the user ID included in the authentication information from the client terminal 10, reads the registered password corresponding to the user ID from the storage unit 22, The password included in the authentication information is compared with the registered password read from the storage unit 22, and it is determined whether or not these passwords match (client authentication; step S211 in FIG. 5).

  When these passwords match and it is authenticated that the user of the client terminal 10 is a valid registrant (legal transmission destination) (YES route in step S212 in FIG. 5), the decryption key transmission means 213 A decryption key for decrypting the encrypted electronic file is read from the storage unit 22 and transmitted to the client terminal 10 via the network 40 (step S213 in FIG. 5).

  In the client terminal 10, when the decryption key receiving unit 125 receives the decryption key from the file access management server 20 (“decryption key” route in step S 122 in FIG. 4), the decryption unit 18 uses the decryption key. Thus, the encrypted electronic file is decrypted to restore the original electronic file (step S123 in FIG. 4), and the contents are displayed on the display unit 13 by the display control means 14 (step S124 in FIG. 4). As a result, the user can access the electronic file within the range of the access authority set in advance for the user and the electronic file while referring to the display unit 13.

  On the other hand, if it is determined by the transmission destination determination unit 23 of the file access management server 20 that the passwords do not match, or if the registered password corresponding to the user ID is not registered in the storage unit 22, the client terminal It is determined that the ten users are not valid registrants (legal transmission destinations) (NO route in step S212 in FIG. 5), and an error notification is sent from the file access management server 20 to the client terminal 10 via the network 40. (Step S214 in FIG. 5). When the client terminal 10 receives an error notification (“error notification” route in step S122 in FIG. 4), an error display indicating that the error notification has been received is performed on the display unit 13 by the display control means 14 (FIG. 4). Step S125).

  When the user of the client terminal 10 changes the access authority to the encrypted electronic file that has already been set for the file access management server 20, the client terminal 10 uses the input means 11 to change the encryption target to be changed. The encrypted electronic file is designated and a change request for the encrypted electronic file is made (NO route in step S100, NO route in step S120, and YES route in step S130 in FIG. 4).

When a change request is made, a window (not shown) for setting change contents to the file access management server 20 is displayed on the display unit 13, and the user operates the input means (mouse, keyboard) 11. Then, the user ID and password as authentication information are entered from the window and the contents of change are entered (step S131 in FIG. 4).
When the user completes the input of the change content and clicks the completion button (not shown) on the window (YES route in step S132 in FIG. 4), the change request means 158 causes the authentication information, change request, and change content to be Is transmitted to the file access management server 20 via the transmission / reception means 12 and the network 40 (step S133 in FIG. 4).

  In the file access management server 20, when the authentication information, the change request, and the change content are received from each client terminal 10 (change request means 158) by the transmission / reception means 21, the NO route in step S200 in FIG. (NO route in S210 and YES route in step S220), and the sender determination unit 25 determines that the change request is based on the authentication information from the client terminal 10 and the encrypted electronic file to be changed. It is determined whether or not the transmission is performed by the sender (step S221 in FIG. 5).

  When the sender determination means 25 authenticates that the sender is a legitimate sender (YES route in step S222 in FIG. 5), the access authority setting / change means 26 accesses according to the contents of the change request by the change request means 158. The access authority setting table 24a in the authority management means 24 is rewritten, and the access authority setting is changed (step S223 in FIG. 5).

  On the other hand, if the sender judging means 25 judges that the sender is not a legitimate sender (NO route in step S222 in FIG. 5), an error notification is sent from the file access management server 20 to the client terminal 10 via the network 40. (Step S224 in FIG. 5). In the client terminal 10, when an error notification is received, an error display indicating that the error notification has been received is performed on the display unit 13 by the display control means 14.

[6] Effect of the E-mail System of the Present Embodiment Thus, according to the e-mail system 1 as one embodiment of the present invention,
In each client terminal 10, when a designated electronic file to be attached to an e-mail is designated and registered in the file access management server 20 as an access management target, the designated electronic file is encrypted by the file access management server 20. It is encrypted using the key, and the encrypted electronic file is attached to the electronic mail and transmitted / received.

At this time, at least the functions of the encryption key receiving unit 123, the confidential file determination unit 150, the personal information file determination unit 151, the registration unit 153, the conversion unit 154, the encryption unit 155, and the attachment unit 156 are the background of the mail function. Executed by a program that runs on
Since the designated electronic file is automatically handled as an access management target of the file access management server 20, the user simply designates the attached file (electronic file) without special consciousness. The file can be transmitted / received by e-mail while being encrypted under the management of the file access management server 20.

  Therefore, only a legitimate user who is authenticated by the file access management server 20 (a user / legitimate registrant of the client terminal 10 that is a legitimate transmission destination) can access the attached file, and the attached file of the e-mail Thus, it is possible to prevent leakage of confidential information and personal information to the outside extremely easily and surely without any effort or burden on the user or administrator.

  Further, access to the attached file (designated electronic file) is managed by the file access management server 20, and when the encrypted electronic file is accessed at the transmission destination of the encrypted electronic file, the transmission destination is valid. The decryption key is received and the encrypted electronic file is decrypted only when it is determined that it exists (in this embodiment, when the user at the destination client terminal 10 is determined to be a valid registrant). Therefore, inadvertent leakage or leakage of confidential information or personal information contained in the electronic file or unauthorized use of the information is surely prevented. Furthermore, since the designated electronic file is encrypted after being converted to a PDF file that is difficult to tamper with, the electronic file after decryption is prevented from being illegally used by making any tampering. can do.

  In particular, in the file access management server 20, for each encrypted electronic file and each recipient of the encrypted file, the access authority on the receiver side with respect to the encrypted electronic file is set and managed, and the receiver is set. Since only access according to the access authority is permitted, the client terminal 10 cannot perform any access other than the access authority set in advance on the decrypted electronic file, and the confidentiality contained in the electronic file Inadvertent leakage and leakage of information and personal information and unauthorized use of the information can be prevented more reliably. As described above, the access authority is set for each encrypted electronic file and each recipient of the encrypted file, so that it is possible to respond to the user's judgments and requests on an ad hoc basis, which is convenient for the user. Can be increased.

  Furthermore, only when the access authority change request from the client terminal 10 is made by the sender of the encrypted electronic file (the person attached to the e-mail; the registrant) whose access authority is to be changed, file access Since the access authority to the encrypted electronic file under the management of the management server 20 can be changed, the access authority to the encrypted electronic file and the access to the encrypted electronic file can be changed by the sender of the system as well as the system administrator. Can be prohibited (access authority can be revoked). In other words, you can manage the access authority for encrypted electronic files that you send by attaching to an e-mail even after you send the e-mail. It is possible to respond immediately to a case where a change is desired, and the convenience for the user can be improved. The change or cancellation can be performed for each encrypted electronic file or each recipient of the encrypted file.

  The access authority for the encrypted electronic file is set by the user (sender) referring to the access authority setting window 13e displayed on the display unit 13 when attaching the encrypted electronic file on the client terminal 10. This can be done very easily by simply performing a check operation (click operation with the mouse) on the check boxes 13e-1 to 13e-9 in the access authority setting window 13e. At that time, it is possible to set the access authority for each of the To column, CC column, and BCC column of the e-mail to which the encrypted electronic file is attached by the check boxes 13e-1 to 13e-9. The access authority for each transmission destination (recipient) entered in each of the To column, CC column, and BCC column of the electronic mail can be set very easily. Here, for example, the destinations entered in the destination column and CC column are general employees, customers, etc., and the destination entered in the BCC column is often an administrator such as the user's supervisor. As described above, since the access authority corresponding to the transmission destinations having different reliability levels can be easily set in correspondence with the destination column, CC column, and BCC column, the convenience for the user can be improved.

  At this time, the selection window 13d is displayed before the access authority setting window 13e is displayed, and whether or not the designated electronic file is to be managed by the file access management server, that is, the designated electronic file is registered in the file access management 20. Encrypting is executed only when the user wants to encrypt the attached file by letting the user select whether to encrypt the file (whether to attach the specified electronic file as an “authorized file”) If not desired, the designated electronic file can be attached as it is. As a result, for example, when sending an electronic file containing highly confidential information, the electronic file is encrypted and attached. On the other hand, if a distributor or the like wants to send raw data (original file), it is encrypted. It is possible to make a selection according to the situation, such as attaching without making it, and it is possible to improve the convenience for the user.

  Further, it is determined whether or not the designated electronic file is a personal information file, and only an electronic file that is not a personal information file is attached to an e-mail as a management target of the file access management server 20, while an electronic file that is a personal information file By prohibiting attachment to the e-mail, it is possible to reliably prevent the personal information file in the client terminal 10 from being sent outside the client terminal 10 in a state of being attached to the e-mail. Leakage of personal information due to the attached file can be prevented extremely easily and reliably without any effort or load on the user or administrator.

  Further, in the present embodiment, it is determined whether or not the designated electronic file is a confidential file. If the designated electronic file is a confidential file, the designated electronic file is stored in the file access management server only when the destination of the e-mail is in-house. Since it can be attached / sent as 20 management targets, it is possible to reliably prevent a confidential file in the client terminal 10 from being sent outside the client terminal 10 in a state of being attached to an e-mail. In addition, it is possible to prevent the confidential information from being leaked to the outside due to the attached file of the e-mail without any trouble or burden on the user or the administrator, and can be prevented very easily and surely.

  On the other hand, in the first determination method described above, it is possible to determine whether or not the designated electronic file is a personal information file (or a confidential information file) based on a determination value based on the number of appearances of characteristic characters and characteristic character strings. Therefore, the personal information file can be reliably determined in a short time without imposing a special load on the person in charge.

  In the second determination method described above, a character section that does not correspond to any of a telephone number, an e-mail address, and an address and includes an inappropriate character / unsuitable character string is regarded as not relating to personal information. On the other hand, a character section that does not correspond to any of a telephone number, an e-mail address, and an address and does not include an inappropriate character / unsuitable character string is considered to be related to a name. Therefore, for the character section determined to correspond to any one of the telephone number, e-mail address, and address, the determination process is terminated when the determination is made, and any of the telephone number, e-mail address, or address is terminated. Is also checked for inappropriate characters / unsuitable character strings only for character sections determined to be not applicable, and it is determined that even one inappropriate character / unsuitable character string is included in the character section. At that time, the collation process can be terminated, so that the name collation process can be performed at a higher speed than the conventional method that collates with all the name strings included in the name list, that is, the personal information file is determined. Processing can be performed at high speed.

At this time, it is possible to execute the determination process more quickly and efficiently by performing the determination process of the character string in the character section in the order of the light load of the determination process, that is, in the order of telephone number, e-mail address, and address. It becomes possible.
In addition, since all character sections that do not contain inappropriate characters / unsuitable character strings are considered to correspond to names, it is possible to include electronic files that do not contain inappropriate characters / unsuitable character strings for names, that is, name information. It is possible to reliably determine an electronic file that is highly likely to be a personal information file. That is, it is possible to reliably identify an electronic file (suspicious electronic file) that is highly likely to be a personal information file.

  Further, since it is determined whether or not the number of characters in the character section is 1 or more and 6 or less and all the characters in the character section are kanji characters, only the character section that satisfies this character determination condition is the target of verification. Are narrowed down to character sections that are more likely to be names, so that the matching accuracy of names can be improved and the name matching process can be performed at high speed. In addition, since a long character section having more than 6 characters is excluded from the collation target, it contributes to further speeding up the name collating process, that is, further speeding up the personal information file determining process.

[7] Others The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the present invention.
For example, the file access management server 20 of the present embodiment may have a function of acquiring and recording an access history (browsing log) for an encrypted electronic file. When such a function is provided, the system 1 By using this function, the administrator can easily check who has viewed the encrypted electronic file from the console, etc., and easily understand the actions of the authority owner (registrant). Can do.

  Further, in the present embodiment, a selection window 13d as shown in FIG. 6 is displayed, and it is used whether the designated electronic file is attached as an “externally browseable file (encrypted electronic file)” or “original file”. All electronic files attached to e-mails are automatically (forced) attached as “authorized files (encrypted electronic files)” without making such a selection. You may comprise as follows.

  Furthermore, in the present embodiment, a case has been described in which the access authority is selected and set from three types of viewing (Read), printing (Print), and copying (Copy), but the present invention is limited to this. Needless to say, it is possible to set various access authorities such as the authority to extract the original file attached by the container function of the PDF file and the authority to edit the extracted file.

  By the way, the designation means 111, the selection means 112, the transmission / reception means 12, the display control means 14, the confidential file determination means 150, the personal information file determination means 151, the switching means 152, the registration means 153, the conversion means 154 in the client terminal 10 described above. Functions (all or a part of functions) as encryption means 155, attachment means 156, decryption means 157, change request means 158, and access authority setting means 159 are computers (including CPU, information processing device, various terminals). Is implemented by executing a predetermined application program (e-mail transmission / reception program; a program provided as a mailer as mail software). Similarly, the functions (all or a part of functions) as the transmission / reception means 21, the determination means 23, the access authority management means 24, the access authority setting / change means 25, and the sender determination means 26 in the file access management server 20 described above. This is realized by a computer (including a CPU, an information processing device, and various terminals) executing a predetermined application program (file access management server program).

  The program is, for example, a computer such as a flexible disk, CD (CD-ROM, CD-R, CD-RW, etc.), DVD (DVD-ROM, DVD-RAM, DVD-R, DVD-RW, DVD + R, DVD + RW, etc.). It is provided in a form recorded on a readable recording medium. In this case, the computer reads an e-mail transmission / reception program or a file access management server program from the recording medium, transfers it to an internal storage device or an external storage device, and uses it. Further, the program may be recorded in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  Here, the computer is a concept including hardware and an OS (operating system), and means hardware operating under the control of the OS. Further, when the OS is unnecessary and the hardware is operated by the application program alone, the hardware itself corresponds to the computer. The hardware includes at least a microprocessor such as a CPU and means for reading a computer program recorded on a recording medium. The e-mail transmission / reception program and the application program as the file access management server program cause the computer as described above to realize the functions as the means 111, 112, 12, 14, 150-159, 21, 23-26. Contains program code. Also, some of the functions may be realized by the OS instead of the application program.

  Furthermore, as a recording medium in the present embodiment, in addition to the flexible disk, CD, DVD, magnetic disk, optical disk, and magneto-optical disk described above, an IC card, ROM cartridge, magnetic tape, punch card, computer internal storage device (RAM) , A memory such as a ROM), an external storage device, etc., and various computer-readable media such as a printed matter on which a code such as a barcode is printed.

[8] Appendix (Appendix 1) A file access management server that manages access to electronic files;
A plurality of client terminals having a mail function for sending and receiving e-mail;
A network connecting the plurality of client terminals and the file access management server so that they can communicate with each other;
Each client terminal
A designation means for designating an electronic file to be attached to the email;
Registration means for registering in the file access management server an electronic file designated by the designation means (hereinafter referred to as a designated electronic file) as an access management target of the file access management server;
Encryption key receiving means for receiving an encryption key for the designated electronic file registered in the file access management server by the registration means from the file access management server;
Encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means;
An attachment means for attaching an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) to the e-mail;
Authentication information transmitting means for transmitting authentication information about the encrypted electronic file to the file access management server when opening the encrypted electronic file attached to the electronic mail received from another client terminal;
Decryption key receiving means for receiving a decryption key corresponding to the encrypted electronic file from the file access management server;
Decryption means for decrypting the encrypted electronic file using the decryption key received by the decryption key receiving means and restoring the original electronic file;
Change request means for making a request to change the access right to the encrypted electronic file to the file access management server,
The file access management server is
Authentication information receiving means for receiving authentication information about the encrypted electronic file from each client terminal;
Based on the authentication information received by the authentication information receiving means, a transmission destination determination means for determining whether or not the client terminal that has transmitted the authentication information is a valid transmission destination of the encrypted electronic file;
A decryption key transmitting means for transmitting a decryption key for decrypting the encrypted electronic file to the client terminal when the destination determination means determines that the client terminal is a valid destination;
The access authority on the receiver side with respect to the encrypted electronic file for the designated electronic file registered by the registration means of the client terminal is set in advance and managed in association with the sender of the encrypted electronic file In addition, according to the access authority set in advance for the receiver as an access to the encrypted electronic file, the client terminal on the receiver side determined to be a valid destination by the destination determination means An access right management means that allows only access;
When a change request is received from the change request means of the client terminal, it is determined whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed A sender determination means;
When the sender determination unit determines that the change request is made by the sender of the encrypted electronic file, the access authority management unit manages the change request according to the content of the change request by the setting change unit. An e-mail system comprising: an access authority changing means for changing the setting of the access authority for the encrypted electronic file.

(Supplementary note 2) The electronic mail system according to supplementary note 1, wherein in the access authority management means, an access authority to the encrypted electronic file is set for each recipient of the encrypted electronic file.
(Supplementary note 3) The access privilege management means sets and manages the access privilege for the encrypted electronic file in association with the mail address of the recipient of the encrypted electronic file. 2. The e-mail system described in 2.

  (Supplementary Note 4) When each client terminal registers the designated electronic file in the file access management server by the registration unit or attaches the encrypted electronic file to the email by the attachment unit, the encryption is performed. The electronic mail according to claim 1, further comprising access authority setting means for setting access authority on the receiver side for the electronic file in the access authority management means of the file access management server system.

(Supplementary note 5) The electronic mail system according to supplementary note 4, wherein the access authority setting means sets the access authority on the receiver side for the encrypted electronic file for each encrypted electronic file.
(Appendix 6) The access authority setting means sets the access authority on the receiver side for the encrypted electronic file for each encrypted electronic file and for each receiver of the encrypted electronic file. The e-mail system according to appendix 4.

(Supplementary note 7) Further, each client terminal further includes display control means for displaying an access authority setting window having a check box for allowing the sender to set access authority on the receiver side for the encrypted electronic file on the display unit. Configured
The access authority setting means sets the access authority on the receiver side for the encrypted electronic file in accordance with the result of the check operation for the check box displayed in the access authority setting window by the display control means. The electronic mail system according to any one of appendix 4 to appendix 6, which is characterized.

(Supplementary Note 8) In the access authority setting window, the access authority for each of the e-mail destination field, CC (Carbon Copy) field, and BCC (Blind Carbon Copy) field to which the encrypted electronic file is attached is transmitted. A check box for the user to set is displayed as the check box,
The access authority setting means sets the access authority for each transmission destination entered in each of the destination column, CC column, and BCC column of the e-mail according to the check operation result for the check box. The electronic mail system according to appendix 7.

  (Supplementary Note 9) Check box for allowing the sender to select whether or not the designated electronic file is to be an access management target of the file access management server before the display control means displays the access authority setting window When the selection electronic file is selected as the access management target of the file access management server by the check operation on the check box displayed in the selection window, 9. The electronic mail system according to appendix 7 or appendix 8, wherein an access authority setting window is displayed on the display unit.

  (Supplementary Note 10) When it is selected that the designated electronic file is not subject to access management of the file access management server by a check operation on the check box displayed in the selection window, the registration means, the encryption key reception The electronic mail system according to appendix 9, wherein the designated electronic file is directly attached to the electronic mail by the attachment means without operating the means and the encryption means.

(Supplementary Note 11) Each client terminal is further configured with personal information file determination means for determining whether or not the designated electronic file is a personal information file having personal information capable of identifying a specific individual,
Supplementary notes 1 to 3, wherein if the personal information file determination means determines that the designated electronic file is not a personal information file, the registration means registers the designated electronic file in the file access management server. The electronic mail system according to any one of appendix 10.

  (Supplementary note 12) When the personal information file determining means determines that the designated electronic file is a personal information file, the attachment means sends the designated electronic file or an encrypted electronic file of the designated electronic file to the electronic mail. The electronic mail system according to claim 11, wherein the electronic mail system is configured to prohibit attachment to the electronic mail system.

(Additional remark 13) Each client terminal is further provided with the conversion means which converts this designated electronic file into a completed document file,
13. The electronic mail system according to any one of appendices 1 to 12, wherein the encryption unit encrypts the completed document file obtained by the conversion unit.
(Supplementary note 14) Each client terminal is configured to operate the registration means, the encryption key receiving means, the encryption means, and the attachment means in the background of the mail function. The electronic mail system according to any one of 1 to appendix 13.

(Supplementary note 15) An information processing apparatus having a mail function for transmitting and receiving an electronic mail and connected to a file access management server for managing access to an electronic file through a network,
A designation means for designating an electronic file to be attached to the email;
Registration means for registering in the file access management server an electronic file designated by the designation means (hereinafter referred to as a designated electronic file) as an access management target of the file access management server;
Encryption key receiving means for receiving an encryption key for the designated electronic file registered in the file access management server by the registration means from the file access management server;
Encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means;
An attachment means for attaching an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) to the e-mail;
Authentication information transmitting means for transmitting authentication information about the encrypted electronic file to the file access management server when opening the encrypted electronic file attached to the e-mail received from another information processing apparatus;
When the file access management server determines that the information processing apparatus is a valid transmission destination based on the authentication information, the decryption key corresponding to the encrypted electronic file is received from the file access management server Decryption key receiving means for
Decryption means for decrypting the encrypted electronic file using the decryption key received by the decryption key receiving means and restoring the original electronic file;
An information processing apparatus comprising: a change request means for making a request to change access authority for the encrypted electronic file to the file access management server.

  (Supplementary Note 16) When the designated electronic file is registered in the file access management server by the registration means or when the encrypted electronic file is attached to the electronic mail by the attachment means, a recipient for the encrypted electronic file 16. The information processing apparatus according to appendix 15, further comprising access authority setting means for setting access authority on the file side to the file access management server.

(Supplementary note 17) The information processing apparatus according to supplementary note 16, wherein the access authority setting means sets the access authority on the receiver side for the encrypted electronic file for each encrypted electronic file.
(Supplementary Note 18) The access authority setting means sets the access authority on the receiver side for the encrypted electronic file for each encrypted electronic file and for each receiver of the encrypted electronic file. The information processing apparatus according to appendix 16.

(Supplementary note 19) Further comprising display control means for displaying an access authority setting window having a check box for allowing the sender to set access authority on the receiver side for the encrypted electronic file on the display unit,
The access authority setting means sets the access authority on the receiver side for the encrypted electronic file in accordance with the result of the check operation for the check box displayed in the access authority setting window by the display control means. The information processing apparatus according to any one of Supplementary Note 16 to Supplementary Note 18, which is characterized.

(Supplementary note 20) In the access authority setting window, the access authority for each of the e-mail destination field, CC (Carbon Copy) field, and BCC (Blind Carbon Copy) field to which the encrypted electronic file is attached is transmitted. A check box for the user to set is displayed as the check box,
The access authority setting means sets the access authority for each transmission destination entered in each of the destination column, CC column, and BCC column of the e-mail according to the check operation result for the check box. The information processing apparatus according to appendix 19.

  (Supplementary Note 21) Check box for allowing the sender to select whether or not the designated electronic file is to be an access management target of the file access management server before the display control means displays the access authority setting window When the selection electronic file is selected as the access management target of the file access management server by the check operation on the check box displayed in the selection window, The information processing apparatus according to appendix 19 or appendix 20, wherein an access authority setting window is displayed on the display unit.

  (Supplementary note 22) When it is selected that the designated electronic file is not subject to access management of the file access management server by a check operation on the check box displayed in the selection window, the registration means, the encryption key reception The information processing apparatus according to appendix 21, wherein the specified electronic file is directly attached to the electronic mail by the attachment means without operating the means and the encryption means.

(Additional remark 23) It further comprises a personal information file determination means for determining whether or not the designated electronic file is a personal information file having personal information capable of identifying a specific individual,
Supplementary notes 15 to 15, wherein when the personal information file determination means determines that the designated electronic file is not a personal information file, the registration means registers the designated electronic file in the file access management server. The information processing apparatus according to any one of appendix 22.

  (Supplementary Note 24) When the personal information file determination means determines that the designated electronic file is a personal information file, the attachment means sends the designated electronic file or an encrypted electronic file for the designated electronic file to the electronic mail. The information processing apparatus according to appendix 23, wherein the information processing apparatus is configured to prohibit attachment to the information processing apparatus.

(Supplementary Note 25) Further comprising conversion means for converting the designated electronic file into a completed document file,
25. The information processing apparatus according to any one of supplementary notes 15 to 24, wherein the encryption means encrypts the completed document file obtained by the conversion means.
(Supplementary note 26) The supplementary notes 15 to 25 are characterized in that the registration means, the encryption key receiving means, the encryption means, and the attachment means are configured to operate in the background of the mail function. The information processing apparatus according to any one of claims.

(Supplementary note 27) An electronic mail transmission / reception program for realizing a mail function for transmitting / receiving an electronic mail by a computer,
A designation means for designating an electronic file to be attached to the e-mail;
Registration means for registering an electronic file designated by the designation means (hereinafter referred to as a designated electronic file) in the file access management server as an access management target of a file access management server that manages access to the electronic file;
Encryption key receiving means for receiving from the file access management server an encryption key for the designated electronic file registered in the file access management server by the registration means;
Encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means;
Attachment means for attaching an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) to the electronic mail;
Authentication information transmitting means for transmitting authentication information about the encrypted electronic file to the file access management server when opening the encrypted electronic file attached to an e-mail received from another computer;
When the file access management server determines that the computer is a valid destination based on the authentication information, the decryption key receives a decryption key corresponding to the encrypted electronic file transmitted from the file access management server Key receiving means,
Decryption means for decrypting the encrypted electronic file using the decryption key received by the decryption key receiving means and restoring the original electronic file; and
An e-mail transmission / reception program that causes the computer to function as change request means for making a change request for access authority to the encrypted electronic file to the file access management server.

  (Supplementary Note 28) When the designated electronic file is registered in the file access management server by the registration means or when the encrypted electronic file is attached to the electronic mail by the attachment means, a recipient for the encrypted electronic file 29. The electronic mail transmission / reception program according to appendix 27, wherein the computer is caused to function as an access authority setting means for setting an access authority on the side to the file access management server.

(Supplementary note 29) The access privilege setting means causes the computer to function so as to set the access privilege on the receiver side for the encrypted electronic file for each encrypted electronic file. 28. The e-mail transmission / reception program according to 28.
(Supplementary Note 30) The access authority setting means sets the access authority on the receiver side for the encrypted electronic file for each encrypted electronic file and for each receiver of the encrypted electronic file. 29. The e-mail transmission / reception program according to appendix 28, which causes a computer to function.

(Supplementary Note 31) The computer is caused to function as display control means for displaying an access authority setting window having a check box for causing the sender to set access authority on the receiver side for the encrypted electronic file on the display unit,
The access authority setting means sets the access authority on the receiver side for the encrypted electronic file in accordance with the check operation result for the check box displayed in the access authority setting window by the display control means. The e-mail transmission / reception program according to any one of appendix 28 to appendix 30, wherein the computer is caused to function.

(Supplementary Note 32) In the access authority setting window, the access authority for each of the destination column, CC (Carbon Copy) column, and BCC (Blind Carbon Copy) column of the email to which the encrypted electronic file is attached is transmitted. A check box for the user to set is displayed as the check box,
The access authority setting means sets the access authority for each transmission destination entered in each of the destination column, CC column, and BCC column of the e-mail according to the check operation result for the check box. The e-mail transmission / reception program according to appendix 31, characterized by causing a computer to function.

  (Additional remark 33) The display control means, before displaying the access authority setting window, a check box for allowing the sender to select whether or not the designated electronic file is an access management target of the file access management server When the selection electronic file is selected as the access management target of the file access management server by the check operation on the check box displayed in the selection window, The e-mail transmission / reception program according to appendix 31 or appendix 32, wherein the computer is caused to function so as to display an access authority setting window on the display unit.

  (Supplementary Note 34) If it is selected by the check operation on the check box displayed in the selection window that the designated electronic file is not subject to access management by the file access management server, the registration means, the encryption key reception 34. The electronic mail transmission / reception program according to appendix 33, wherein the computer is caused to function so that the designated electronic file is directly attached to the electronic mail by the attachment means without operating the means and the encryption means.

(Supplementary Note 35) The computer is caused to function as personal information file determination means for determining whether or not the designated electronic file is a personal information file having personal information capable of identifying a specific individual,
When the personal information file determining means determines that the designated electronic file is not a personal information file, the registration means causes the computer to function so as to register the designated electronic file with the file access management server. The e-mail transmission / reception program according to any one of Supplementary Note 27 to Supplementary Note 34, wherein:

  (Supplementary Note 36) When the personal information file determination means determines that the designated electronic file is a personal information file, the attachment means sends the designated electronic file or an encrypted electronic file of the designated electronic file to the electronic mail. The e-mail transmission / reception program according to appendix 35, wherein the computer is caused to function so as to be prohibited from being attached to the e-mail.

(Supplementary Note 37) The computer is caused to function as conversion means for converting the designated electronic file into a completed document file,
37. The electronic device according to any one of appendixes 27 to 36, wherein the encryption unit causes the computer to function so as to encrypt the completed document file obtained by the conversion unit. Email sending / receiving program.
(Supplementary note 38) The registration means, the encryption key receiving means, the encryption means, and the attachment means are operated in the background of the mail function, according to any one of Supplementary notes 27 to 37 Email sending and receiving program.

(Supplementary Note 39) A file access management server that manages access to electronic files, a plurality of client terminals that have a mail function for sending and receiving electronic mail, and a communication between the plurality of client terminals and the file access management server Each of the client terminals designates an electronic file to be attached to the e-mail, and an electronic file designated by the designation means (hereinafter referred to as a designated electronic file). Registration means for registering in the file access management server as an access management object of the access management server, and receiving an encryption key for the designated electronic file registered in the file access management server by the registration means from the file access management server Encryption key receiving means An encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means; and an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) When opening the encrypted electronic file attached to the e-mail received from another client terminal and the attaching means for attaching to the e-mail, the authentication information about the encrypted electronic file is transmitted to the file access management server. Authentication information transmitting means, decryption key receiving means for receiving a decryption key corresponding to the encrypted electronic file from the file access management server, and using the decryption key received by the decryption key receiving means, Decryption means for decrypting the file and restoring the original electronic file, and a request for changing the access authority to the encrypted electronic file A the file access management server for use in an electronic mail system that is configured to include a change request means for with respect to the file access management server,
Authentication information receiving means for receiving authentication information about the encrypted electronic file from each client terminal;
Based on the authentication information received by the authentication information receiving means, a transmission destination determination means for determining whether or not the client terminal that has transmitted the authentication information is a valid transmission destination of the encrypted electronic file;
A decryption key transmitting means for transmitting a decryption key for decrypting the encrypted electronic file to the client terminal when the destination determination means determines that the client terminal is a valid destination;
The access authority on the receiver side with respect to the encrypted electronic file for the designated electronic file registered by the registration means of the client terminal is set in advance and managed in association with the sender of the encrypted electronic file In addition, according to the access authority set in advance for the receiver as an access to the encrypted electronic file, the client terminal on the receiver side determined to be a valid destination by the destination determination means An access right management means that allows only access;
When a change request is received from the change request means of the client terminal, it is determined whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed A sender determination means;
When the sender determination unit determines that the change request is made by the sender of the encrypted electronic file, the access authority management unit manages the change request according to the content of the change request by the setting change unit. A file access management server comprising access authority changing means for changing the setting of the access authority for the encrypted electronic file.

(Appendix 40) A file access management server that manages access to electronic files, a plurality of client terminals that have a mail function for sending and receiving electronic mail, and the plurality of client terminals and the file access management server can communicate with each other Each of the client terminals designates an electronic file to be attached to the e-mail, and an electronic file designated by the designation means (hereinafter referred to as a designated electronic file). Registration means for registering in the file access management server as an access management object of the access management server, and receiving an encryption key for the designated electronic file registered in the file access management server by the registration means from the file access management server Encryption key receiving means An encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means; and an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) When opening the encrypted electronic file attached to the e-mail received from another client terminal and the attaching means for attaching to the e-mail, the authentication information about the encrypted electronic file is transmitted to the file access management server. Authentication information transmitting means, decryption key receiving means for receiving a decryption key corresponding to the encrypted electronic file from the file access management server, and using the decryption key received by the decryption key receiving means, Decryption means for decrypting the file and restoring the original electronic file, and a request for changing the access authority to the encrypted electronic file As the file access management server for use in an electronic mail system that is configured to include a change request means for with respect to the file access management server, a program for causing a computer to function,
Authentication information receiving means for receiving authentication information about the encrypted electronic file from each client terminal;
Based on the authentication information received by the authentication information receiving means, a transmission destination determination means for determining whether or not the client terminal that has transmitted the authentication information is a valid transmission destination of the encrypted electronic file;
Decryption key transmission means for transmitting to the client terminal a decryption key for decrypting the encrypted electronic file when the transmission destination determination means determines that the client terminal is a valid transmission destination;
The access authority on the receiver side with respect to the encrypted electronic file for the designated electronic file registered by the registration means of the client terminal is set in advance and managed in association with the sender of the encrypted electronic file In addition, according to the access authority set in advance for the receiver as an access to the encrypted electronic file, the client terminal on the receiver side determined to be a valid destination by the destination determination means Access authority management means to allow only access,
When a change request is received from the change request means of the client terminal, it is determined whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed Sender determination means, and
When the sender determination unit determines that the change request is made by the sender of the encrypted electronic file, the access authority management unit manages the change request according to the content of the change request by the setting change unit. A file access management server program that causes the computer to function as an access authority changing means for changing the setting of the access authority for the encrypted electronic file.

It is a block diagram which shows the structure of the electronic mail system as one Embodiment of this invention. It is a block diagram which shows the function structure of the client terminal (information processing apparatus) of this embodiment. It is a block diagram which shows the function structure of the file access management server of this embodiment. It is a flowchart for demonstrating operation | movement of the client terminal (information processing apparatus) of this embodiment. It is a flowchart for demonstrating operation | movement of the file access management server of this embodiment. It is a figure which shows the example of a window display in a display part in order to demonstrate operation | movement of the client terminal (information processing apparatus) of this embodiment. It is a figure which shows the example of a window display (an example of an access authority setting window) in a display part in order to demonstrate operation | movement of the client terminal (information processing apparatus) of this embodiment. It is a figure which shows an example of the access authority management table of this embodiment.

Explanation of symbols

1 E-mail system 10 Client terminal (information processing device)
11 Input means (keyboard, mouse)
DESCRIPTION OF SYMBOLS 111 Specification means 112 Selection means 12 Transmission / reception means 121 Electronic mail transmission means 122 Electronic mail reception means 123 Encryption key reception means 124 Authentication information transmission means 125 Decryption key reception means 13 Display part (display)
13a New mail creation window 13a-1 Attachment button 13b Attachment file setting window 13b-1 Add button 13c Attachment file addition window 13c-1 Attachment file item 13d Selection window 13d-1, 13d-2 Check box 13e Access authority setting window 13e- 1 to 13e-9 Check box 13e-10 Completion button 14 Display control means 150 Confidential file determination means 151 Personal information file determination means 152 Switching means 153 Registration means 154 Conversion means 155 Encryption means 156 Attached means 157 Decryption means 158 Change request Means 159 Access authority setting means 16 Storage unit 20 File access management server 21 Transmission / reception means 211 Encryption key transmission means 212 Authentication information reception means 213 Decryption key sender Stage 22 Storage unit (encryption key / decryption key storage unit)
23 transmission destination determination unit 24 access authority management unit 24a access authority management table 25 sender determination unit 26 access authority setting / changing unit (access authority setting unit)
30 mail server 40 network

Claims (9)

A file access management server for managing access to electronic files;
A plurality of client terminals having a mail function for sending and receiving e-mail;
A network connecting the plurality of client terminals and the file access management server so that they can communicate with each other;
Each client terminal
A designation means for designating an electronic file to be attached to the email;
Registration means for registering in the file access management server an electronic file designated by the designation means (hereinafter referred to as a designated electronic file) as an access management target of the file access management server;
Encryption key receiving means for receiving an encryption key for the designated electronic file registered in the file access management server by the registration means from the file access management server;
Encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means;
An attachment means for attaching an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) to the e-mail;
Authentication information transmitting means for transmitting authentication information about the encrypted electronic file to the file access management server when opening the encrypted electronic file attached to the electronic mail received from another client terminal;
Decryption key receiving means for receiving a decryption key corresponding to the encrypted electronic file from the file access management server;
Decryption means for decrypting the encrypted electronic file using the decryption key received by the decryption key receiving means and restoring the original electronic file;
Change request means for making a request to change the access right to the encrypted electronic file to the file access management server,
The file access management server is
Authentication information receiving means for receiving authentication information about the encrypted electronic file from each client terminal;
Based on the authentication information received by the authentication information receiving means, a transmission destination determination means for determining whether or not the client terminal that has transmitted the authentication information is a valid transmission destination of the encrypted electronic file;
A decryption key transmitting means for transmitting a decryption key for decrypting the encrypted electronic file to the client terminal when the destination determination means determines that the client terminal is a valid destination;
The access authority on the receiver side with respect to the encrypted electronic file for the designated electronic file registered by the registration means of the client terminal is set in advance and managed in association with the sender of the encrypted electronic file In addition, according to the access authority set in advance for the receiver as an access to the encrypted electronic file, the client terminal on the receiver side determined to be a valid destination by the destination determination means An access right management means that allows only access;
When a change request is received from the change request means of the client terminal, it is determined whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed A sender determination means;
When the sender determination unit determines that the change request is made by the sender of the encrypted electronic file, the access authority management unit manages the change request according to the content of the change request by the change request unit. And an access authority changing means for changing the setting of the access authority for the encrypted electronic file .
When each client terminal registers the designated electronic file in the file access management server by the registration means or attaches the encrypted electronic file to the email by the attachment means, the reception of the encrypted electronic file is received. the access Shah side, characterized in that it further includes a configuration access authority setting means for setting to the access right management means of the file access management server, e-mail system. Each client terminal is further provided with a display control means for displaying an access authority setting window having a check box for allowing the sender to set the access authority on the receiver side for the encrypted electronic file on the display unit,
The access authority setting means sets the access authority on the receiver side for the encrypted electronic file in accordance with the result of the check operation for the check box displayed in the access authority setting window by the display control means. The electronic mail system according to claim 1 , wherein the electronic mail system is characterized. In the access authority setting window, the sender is allowed to set the access authority for each of the e-mail destination column, CC (Carbon Copy) column, and BCC (Blind Carbon Copy) column to which the encrypted electronic file is attached. Check box is displayed as the check box,
The access authority setting means sets the access authority for each transmission destination entered in each of the destination column, CC column, and BCC column of the e-mail according to the check operation result for the check box. The e-mail system according to claim 2 . Before the display control means displays the access authority setting window, a selection window having a check box for allowing a sender to select whether or not the designated electronic file is an access management target of the file access management server Is displayed on the display unit, and when the designated electronic file is selected as an access management target of the file access management server by a check operation on the check box displayed in the selection window, the access authority setting window the characterized in that to be displayed on the display unit, the electronic mail system according to claim 2 or claim 3. If it is selected by the check operation on the check box displayed in the selection window that the designated electronic file is not subject to access management of the file access management server, the registration means, the encryption key receiving means, and the encryption 5. The electronic mail system according to claim 4 , wherein the designated electronic file is directly attached to the electronic mail by the attachment means without operating the conversion means. Each client terminal is further configured with personal information file determination means for determining whether or not the designated electronic file is a personal information file having personal information capable of identifying a specific individual,
The registration means registers the designated electronic file in the file access management server when the designated electronic file is judged not to be a personal information file by the personal information file judging means. The electronic mail system according to claim 5 . When the personal information file determination means determines that the designated electronic file is a personal information file, the attachment means attaches the designated electronic file or an encrypted electronic file for the designated electronic file to the electronic mail. characterized in that it is configured so as to prohibit the electronic mail system according to claim 6, wherein. An e-mail transmission / reception program for realizing a mail function for transmitting / receiving e-mail by a computer,
A designation means for designating an electronic file to be attached to the e-mail;
Registration means for registering an electronic file designated by the designation means (hereinafter referred to as a designated electronic file) in the file access management server as an access management target of a file access management server that manages access to the electronic file;
Encryption key receiving means for receiving from the file access management server an encryption key for the designated electronic file registered in the file access management server by the registration means;
Encryption means for encrypting the designated electronic file using the encryption key received by the encryption key receiving means;
Attachment means for attaching an electronic file encrypted by the encryption means (hereinafter referred to as an encrypted electronic file) to the electronic mail;
Authentication information transmitting means for transmitting authentication information about the encrypted electronic file to the file access management server when opening the encrypted electronic file attached to an e-mail received from another computer;
When the file access management server determines that the computer is a valid destination based on the authentication information, the decryption key receives a decryption key corresponding to the encrypted electronic file transmitted from the file access management server Key receiving means,
Decoding means to restore the decrypted original electronic file to the encrypted electronic file using the decoded key received by the decoding key reception means,
Change request means for making a request to change the access right to the encrypted electronic file to the file access management server ; and
When the designated electronic file is registered in the file access management server by the registration means or when the encrypted electronic file is attached to the email by the attachment means, access on the receiver side to the encrypted electronic file authority, as the access authority setting means for setting to the file access management server, characterized in that to function the computer, e-mail sending and receiving program. A file access management server that manages access to an electronic file, a plurality of client terminals having a mail function for sending and receiving electronic mail, and a network that connects the plurality of client terminals and the file access management server so that they can communicate with each other A program for an e-mail system configured with
An e-mail transmission / reception program for realizing the mail function by each client terminal computer;
A file access management server program for causing the server computer to function as the file access management server,
The e-mail transmission / reception program
Designation means to specify the electronic file to be attached to the e-mail,
Electronic file (hereinafter, referred to specified electronic file) designated by said designating means registration means to register to the file access management server as the access management target of the file access management server,
Encryption key receiving means to receive an encryption key for the specified electronic file registered in the file access management server from the file access management server by said registration means,
Encryption catheter stage of encrypting the designated electronic file using the encryption key received by the encryption key reception means,
The dark Goka means by encrypted electronic file (hereinafter, encryption of electronic files) to attach the accompanying hand stage in the e-mail to,
When opening dark Goka electronic file attached to the electronic mail received from the other client terminal, authentication information transmitting means to transmit the authentication information about the encrypted electronic file to the file access management server,
When the file access management server determines that the computer is a valid destination based on the authentication information, the decryption key receives a decryption key corresponding to the encrypted electronic file transmitted from the file access management server key reception hand stage,
Decryption means for decrypting the encrypted electronic file using the decryption key received by the decryption key receiving means and restoring the original electronic file ; and
The change request of the access rights to the dark Goka electronic file as a change request hand stages performed on the file access management server, cause the computer to function for each client terminal,
The file access management server program is
Authentication information receiving means for receiving authentication information about the encrypted electronic file from each client terminal;
Based on the authentication information received by the authentication information receiving means, a transmission destination determination means for determining whether or not the client terminal that has transmitted the authentication information is a valid transmission destination of the encrypted electronic file;
Decryption key transmission means for transmitting to the client terminal a decryption key for decrypting the encrypted electronic file when the transmission destination determination means determines that the client terminal is a valid transmission destination;
The access authority on the receiver side with respect to the encrypted electronic file for the designated electronic file registered by the registration means of the client terminal is set in advance and managed in association with the sender of the encrypted electronic file In addition, according to the access authority set in advance for the receiver as an access to the encrypted electronic file, the client terminal on the receiver side determined to be a valid destination by the destination determination means Access authority management means to allow only access,
When a change request is received from the change request means of the client terminal, it is determined whether or not the change request is made by the sender of the encrypted electronic file whose access authority is to be changed Sender determination means, and
When the sender determination unit determines that the change request is made by the sender of the encrypted electronic file, the access authority management unit manages the change request according to the content of the change request by the change request unit. The server computer functions as an access authority changing means for changing the setting of the access authority for the encrypted electronic file ,
Further, the e-mail transmission / reception program includes:
When the designated electronic file is registered in the file access management server by the registration means or when the encrypted electronic file is attached to the email by the attachment means, access on the receiver side to the encrypted electronic file authority, as the access authority setting means for setting to the access right management means of the file access management server, and wherein the Rukoto cause the computer to function for each client terminal, the program for an electronic mail system.

Images