JP2002041523A - Electronic mail retrieval type database system and database retrieving method using electronic mail - Google Patents

Abstract

PROBLEM TO BE SOLVED: To disable a user other than a user, who has access right, to illegally access a database by authenticating the access right by using an electronic mail address. SOLUTION: This electronic mail retrieval type database system 10 is equipped with a data storage means 108 which stores data and mail transmitting and receiving means 104 and 105 which send and receive mail to and from the outside, and can retrieve and obtain desired data through access to the data storage means 108 from the outside through electronic mail and is further equipped with an address extracting means 106 which extracts the transmission source address from received electronic mail, a user address managing means 109 which manages the transmission source addresses of users having the access right, and an authenticating means 110 which decides whether the transmission source address extracted by the means 106 is registered in the user address managing means 109 and decides whether or not the database system can be accessed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a database system and a database search method that can be accessed using electronic mail, and more particularly, to an electronic mail by authenticating an access right using a source electronic mail address. The present invention relates to an e-mail search type database system and a database search method using e-mail, which can exclude unauthorized access to a database by a user other than a user having access right when permitting access to the database using e-mail.

[0002]

2. Description of the Related Art Generally, a method of accessing a database storing and storing predetermined information to search and obtain desired data includes a method of directly connecting to a database and passing a command, and a method of accessing via a WWW browser. In addition to this method, a method of accessing using electronic mail is known. FIG. 15 is a schematic configuration diagram showing a search system capable of accessing a predetermined database via electronic mail.

As shown in FIG. 1, a conventional e-mail access type database system includes a database search / response device 4 between a user 401 and a database 403.
02 is provided, and the search condition and the answer method are written in the e-mail transmitted from the user 401. Then, the database search response device 402 receives the e-mail from the user 401 and searches the database 403 based on the written search condition, and the search result is specified by the user 401 on the side of the e-mail or the like. Answers are made by means.

[0004] Such a database search system via e-mail does not require a dedicated search terminal device, a dedicated information browsing program, or the like, and allows desired information search by e-mail with high versatility. Because it can be performed, it is attracting attention as a simple and inexpensive information retrieval means. Hitherto, as a method of accessing a database using this type of e-mail, Japanese Patent Application Laid-Open No. 11-884 has been proposed.
JP-A-2000-03597, "Method of utilizing data in mobile terminal using e-mail" described in Japanese Patent Publication No.
An "automatic response database search / response apparatus and method by e-mail" disclosed in Japanese Patent Publication No. 0 is known.

[0005]

However, in such an information retrieval system via e-mail, since the e-mail passes through an open network, there is a possibility that its contents may be leaked. For this reason, if the contents accessed to the database using e-mail are leaked,
For example, there has been a problem that a third party who has stolen the e-mail can falsify the contents of the e-mail so that the database can be accessed illegally or the contents of the database can be changed illegally. With respect to such a problem due to the possibility of e-mail leakage, no particular measures have been taken in the database systems so far, including the above-mentioned publications.

Here, when an e-mail is leaked,
A public key cryptosystem represented by PGP (Pretty Good Privacy) or the like is known as a means for protecting the contents from being stolen or falsified. The public key cryptosystem is an encryption system in which the encryption key used to convert a message or data into a ciphertext is different from the decryption key used to restore the ciphertext to the original data or text. In the scheme, the encryption key is made public, but the decryption key is kept secret.

Thus, when sending a message to the creator of the encryption key and the decryption key, the sender only has to create the encryption text using the public encryption key, and even if the cryptanalyst knows the encryption key. The message cannot be read.
As described above, the public key cryptosystem is a cryptosystem in which a cryptographic key can be generated from a decryption key, but not vice versa.
The PGP is described in detail in the document "PGP :: Encrypted Mail and Electronic Signature" (Simson Garfinkel, O'Reilly Japan, Inc., ISBN4-900900-02-8).

However, such an encryption method such as PGP has a problem that an enormous amount of calculation and a storage capacity for storing the same are required to protect the contents of the mail. For this reason, it is difficult to use a terminal having a low calculation speed and a small storage capacity, and there is a fatal problem that it cannot be handled by a small device such as a mobile phone or a mobile terminal used by many users.

The present invention has been proposed in order to solve such problems of the prior art, and authenticates an access right by using an e-mail address of a sender to use an e-mail. It is an object of the present invention to provide an e-mail search type database system and a database search method using e-mail which can exclude unauthorized access to the database by a user other than a user having access right when permitting access to the database.

[0010]

According to a first aspect of the present invention, there is provided an e-mail search database system for transmitting and receiving e-mail to and from a data storage means for storing predetermined data. An e-mail search type database system comprising an e-mail transmitting / receiving means, wherein the data storage means can be searched and obtained by accessing external data via e-mail. , Based on the predetermined transmission source information, determines whether or not the user has an access right to the database system, and determines whether or not to access the database.

More specifically, an electronic mail search database system according to claim 2, wherein the database system includes an address extracting means for extracting a source address from a received electronic mail, and an access right to the database system. User address management means for managing a source address of a user having the following. The authentication means determines whether or not the source address extracted by the address extraction means is registered in the user address management means. Then, it is configured to determine whether or not access to the database system is possible.

According to the electronic mail search type database system of the present invention having such a configuration, the access right is authenticated by using the electronic mail address of the sender, so that the proper access registered in advance is performed. Access and search by a database user other than the authorized database user are denied, and unauthorized access to the database by a user other than the authorized user can be reliably eliminated. This makes it possible to simply and reliably prevent unauthorized access to a database in a search method using e-mail without using a special encryption method or the like that requires an enormous amount of calculation and storage capacity. In particular, the present invention can be applied to a small information terminal device such as a mobile phone or a mobile terminal having a limited information capacity.

According to a third aspect of the present invention, in the electronic mail search type database system, the authentication unit performs the encryption based on a predetermined encryption character string assigned to each source address of the electronic mail received from the outside. It is configured to determine whether or not the source address corresponding to the character string is a user who has an access right to the database system, and determine whether or not access to the database system is possible.

More specifically, in the electronic mail search type database system according to the fourth aspect, the database system determines a character string of the source address in accordance with the source address of the electronic mail received from the outside. Encrypting means for converting to an encrypted character string; decrypting means for decrypting the encrypted character string generated by the encrypting means to a character string of the original source address; and Character string extracting means for extracting an encrypted character string generated by the encrypting means, wherein the authentication means decrypts the decryption means based on the encrypted character string extracted by the character string extracting means. It is configured to determine whether or not the specified source address is registered in the user address management means, and determine whether or not access to the database system is possible.

In the electronic mail search database system according to the present invention, when the predetermined encrypted character string is not extracted by the character string extracting means, the authentication means extracts the character string by the address extracting means. A predetermined encrypted character string converted by the encrypting means is added to the source address and transmitted. When the predetermined encrypted character string is extracted by the character string extracting means, the encrypted It is configured to determine whether the character string decoded by the decoding means matches the source address extracted by the address extraction means, and determine whether or not access to the database system is possible.

According to the electronic mail search type database system of the present invention having such a configuration, a predetermined password is sent from the database system to the user in advance, and if the electronic mail does not include the predetermined password, the database is used. Can not be accessed. As a result, even if the e-mail is leaked, access to the database is impossible unless the password is known, and it is possible to prevent the e-mail with an invalid source address from suddenly operating the database system. , It is possible to realize a database system with high performance.

Furthermore, in the electronic mail search type database system according to the present invention, the authentication means may determine that the expiration date is based on predetermined expiration date information provided for each source address of the e-mail received from the outside. The present time is compared with the current time to determine whether or not it has passed, and to determine whether or not access to the database system is possible.

More specifically, in the electronic mail search type database system according to the present invention, the database system sets the expiration date of the electronic mail received from the outside after a certain time from the current time when the electronic mail is received. Expiration date setting means for setting, and time judgment means for extracting the expiration time set in the received e-mail and comparing the expiration time with the current time to determine whether or not the current time has passed. The authentication unit rejects access to the database system for a source address whose expiration time has passed the current time based on the determination result of the time determination unit.

Further, in the electronic mail search type database system according to the present invention, if the authentication means does not extract the expiration time by the time determination means, the authentication means transmits the validity address to the source address of the electronic mail. The expiration date is set by the expiration date setting means and transmitted,
When the expiration time is extracted by the time judgment means, the expiration time extracted by the time judgment means is compared with the current time to judge whether or not the current time has passed, and the judgment result is obtained. Based on the above, it is configured to determine whether or not access to the database system is possible.

According to the electronic mail search type database system of the present invention having such a configuration, in addition to the source address and password of the electronic mail, a certain period of time is required for the authentication of the user having the appropriate access right to the database. By using the expiration date, it is possible to deny access after the expiration date. As a result, even if the e-mail containing the password sent from the database system is stolen, if the password contains information on the expiration date, the password is sent to the database system after the expiration date of the password. Can be denied, and unauthorized access to the database can be more effectively prevented.

On the other hand, a database search method using electronic mail according to claim 9 searches and obtains desired data by externally accessing the database storing predetermined data via electronic mail. A database search method using a possible e-mail, based on predetermined source information of an e-mail received from outside,
This is a method of determining whether or not the user has the right to access the database system and determining whether or not access to the database is possible.

More specifically, a database search method using an e-mail according to claim 10 registers a source address of an e-mail for a user who has an access right to the database, and executes a search from a received e-mail. The source address is extracted, and it is determined whether or not the extracted source address is registered as that of a user who has access to the database. Based on the determination result, whether the database can be accessed is determined. There is a way to decide.

According to the database search method using e-mail of the present invention comprising such a method, the access right is authenticated using the e-mail address of the sender, so that the pre-registered appropriate Access and search by a user other than the database user having a proper access right are denied, and unauthorized access to the database by a user other than the user having the access right can be reliably excluded. This makes it possible to simply and reliably prevent unauthorized access to a database in a search method using e-mail without using a special encryption method or the like that requires an enormous amount of calculation and storage capacity. .

In the database search method using an electronic mail according to the present invention, a predetermined encrypted character string is provided for each source address of an electronic mail received from the outside, and the added encrypted character string is provided. This is a method in which it is determined whether or not a source address corresponding to a column is registered as that of a user who has an access right to a database, and whether access to the database is permitted is determined.

According to the database search method using e-mail of the present invention comprising such a method, a predetermined password is sent from the database system to the user in advance, and the e-mail including the predetermined password is sent to the user. Otherwise, access to the database cannot be performed. As a result, even if the e-mail is leaked, access to the database is impossible unless the password is known, and it is possible to prevent the e-mail with an invalid source address from suddenly operating the database system. , It is possible to realize a database system with high performance.

Further, in the database search method using e-mail according to the twelfth aspect, predetermined expiration date information is added to each source address of the e-mail received from the outside, and the assigned expiration date is set to the present time. This is a method of determining whether or not the expiration date has passed by comparing with the time and determining whether or not access to the database is possible.

According to the database search method using e-mail of the present invention comprising such a method, the authentication of a user having an appropriate access right to the database is performed in addition to the source address of the e-mail and the predetermined password. hand,
An expiration date of a fixed period can be used, and access to an e-mail whose expiration date has passed can be denied.
As a result, even if the e-mail containing the password sent from the database system is stolen, the password contains the information on the expiration date,
After the expiration date of the password, access to the database system can be denied, and unauthorized access to the database can be more effectively prevented.

[0028]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a preferred embodiment of a database system according to the present invention will be described with reference to the drawings. In each of the embodiments described below, a means by which a user of the database accesses the database via e-mail is referred to as a "client system", and a means on the database side for processing e-mail from the client system is referred to as a "database system". And

[First Embodiment] First, a first embodiment of an electronic mail search type database system of the present invention will be described with reference to FIGS. FIG. 1 is a block diagram showing a database system (and a client system) according to the first embodiment of the present invention. FIG.
It is a flowchart figure which shows the data search method in the database system concerning this embodiment. Note that, in the figure, arrows indicate the flow of data. That is, it indicates that data flows in the direction of the arrow.

In the embodiment shown in these figures, the database system 10 and the client system 1 that accesses the database system 10 via electronic mail
1 for authenticating whether or not to permit access to the database system 10 by referring to the source address of the e-mail from the client system 11 side.

More specifically, the client system 11 includes a user interface unit 101, a mail transmitting unit 102, and a mail receiving unit 103, as shown in FIG. User interface means 1
01 receives an operation from a database user and displays the result of the operation. The mail transmitting means 102 transmits an e-mail to the database system 10, and the mail receiving means 103 transmits the e-mail to the database system 1.
The e-mail is received from 0. In addition,
As the client system 11, a personal computer, a mobile phone, a portable terminal, or the like is generally used, but any type of terminal or device having an e-mail transmission / reception function may be used.

On the other hand, the database system 10
As shown in FIG. 1, the mail receiving unit 104 and the mail transmitting unit 105, and the address extracting unit 106, the data extracting unit 107, the data storing unit 108, the user address managing unit 109, the authenticating unit 110, and the accessing unit 111 are provided. I have. The mail receiving unit 104 receives an electronic mail from the client system 11, and the mail transmitting unit 105 transmits the electronic mail to the client system. The address extracting means 106 extracts a source address of the electronic mail from the received electronic mail.
The data extraction unit 107 extracts information and data necessary for accessing the data storage unit 108 from the received e-mail. Then, the data storage unit 108 stores predetermined data to be searched.

The user address management means 109 registers and stores in advance the source address of the e-mail of a user who has access to the database system 10. The authentication unit 110 determines whether or not the source address of the e-mail extracted by the address extraction unit 106 is registered in the user address management unit, and determines that the source address of the e-mail is an access right to the database system 10. Authentication is performed to determine whether the user belongs to the user.

As a result of the authentication processing by the authentication means 110, when it is determined that the received e-mail belongs to a user who has an access right to the database system 10, the e-mail is sent to the data storage means 108. Is allowed, and data and information in the data storage unit 108 can be accessed via the access unit 111. On the other hand, as a result of the authentication processing of the authentication means 110, when it is determined that the e-mail is not of the user having the access right to the database system 10, the access of the e-mail to the data storage means 108 is rejected. You. The access unit 111, based on the access information extracted by the data extraction unit 107, when the received e-mail is determined to belong to a user having an appropriate access right as a result of the authentication process of the authentication unit 110, This is a search unit for accessing the storage unit 108.

Next, a search method using an electronic mail for the database system according to the present embodiment having the above-described configuration will be described with reference to the flowchart shown in FIG. First, a user of the database creates an e-mail using the user interface unit 101 of the client system 11 (step 501) and sends it to the database system using the mail transmission unit 102.
(Step 502). The e-mail sent in step 502 is sent to the e-mail receiving means 1 of the database system.
04 (step 503).

Mail receiving means 10 that has received an electronic mail
4 is an address extracting means 106 and a data extracting means 107
(Step 504). The address extracting unit 106 extracts the source address from the received mail (step 505), and the data extracting unit 107 extracts data necessary for accessing the data storage unit 108 (step 506).

At the same time, the authentication means 110 receives the source address from the address extraction means 106 (step 507), and checks whether this address is registered in the user address management means 109 (step 508). Here, if this address is not registered in the user address management means 109, it is not an e-mail of a user having an appropriate access right, so access is denied and the failure of authentication is transmitted in the form of e-mail. The means 105 is notified (step 509).
Then, the e-mail sending means 105 sends the result in the form of an e-mail to the e-mail receiving means 103 of the client system 11 (step 510), and the e-mail receiving means 103 of the client system 11 sends the received e-mail to the user. The result is passed to the interface means 101 (step 511), and the user interface means 101 displays this result (step 512).

On the other hand, if the address is registered in the user address management means 109 in step 508,
The e-mail is determined to be an e-mail from a user having an appropriate access right, and the authentication unit 110 notifies the access unit 111 that authentication has been successful (step 513). In the access unit 111, the data extraction unit 107 executes step 50
The data extracted in step 6 is obtained (step 514), and the data storage unit 108 is accessed using this data (step 515), and the result of the access is passed to the mail transmission unit 105 (step 516). Then, the e-mail transmitting unit 105 transmits the search result to the mail receiving unit 103 of the client system 11 in the form of an e-mail (Step 517).

In the mail receiving means 103 of the client system 11, the electronic mail is passed to the user interface means 101 (step 518), and the user interface means 101 displays the electronic mail (step 519). Thus, the user can search and acquire desired data and information.

As described above, according to the e-mail search type database system and the e-mail-based database search method according to the present embodiment, the access right is authenticated using the source e-mail address. Therefore, access and search by anyone other than the database user having the proper access right registered in advance can be securely denied, and unauthorized access to the database by anyone other than the user having the access right can be reliably eliminated. As a result, without using a special encryption method that requires an enormous amount of calculation and storage capacity,
It is possible to easily and reliably prevent unauthorized access to the database in the search method using e-mail,
In particular, the present invention can be applied to a small information terminal device such as a mobile phone or a mobile terminal having a limited information capacity.

[Second Embodiment] Next, a second embodiment of the database system according to the present invention will be described with reference to FIGS. FIG. 3 shows a database system (and a client system) according to the second embodiment of the present invention.
FIG. FIG. 4 is a flowchart illustrating a method for obtaining a password in the database system according to the present embodiment. 5 and 6 are flowcharts showing a data search method in the database system according to the present embodiment. FIG. 7 is an explanatory diagram showing an example of a case where a password is generated by encrypting the source address of an e-mail in the database system according to the present embodiment. FIG. 8 is an explanatory diagram showing an example of an e-mail when accessing the database system using a password obtained by encrypting the source address of the e-mail in the database system according to the present embodiment.

The present embodiment shown in these figures is a modification of the above-described first embodiment, in which a predetermined password is created from the source address of the e-mail received from the user, and the password is transmitted together with the source address. The authentication is performed to determine whether the user has an appropriate access right with reference to FIG. That is, in the present embodiment, the user of the database first obtains a predetermined password from the database system, and at the time of access, sends an e-mail including the previously obtained password to access the database. For e-mails whose passwords and source addresses do not match, authentication automatically fails and access is denied.

The specific configuration is as shown in FIG. 3. First, the configuration of the client system 11 is the same as that of the client system 11 of the first embodiment shown in FIG. On the other hand, the database system 10 of the present embodiment
As shown in FIG. 3, a character string extraction unit 201 is added to the database system 10 in the first embodiment, and the authentication unit 110 is replaced with an authentication unit 204. The character string extracting unit 201 extracts the password character string when the e-mail transmitted from the user includes a predetermined password generated by the encrypting unit 202, which will be described later, and outputs the character string to the authentication unit 204. It has become.

The authentication means 204 includes the encryption means 203 and the decryption means 2 in the authentication means 110 in the first embodiment.
03 is added. Encryption means 203
Is configured to receive the source address extracted by the address extracting unit 106 having the same configuration as that of the first embodiment, and to encrypt the input source address into a predetermined character string. Has become. Here, as an aspect in which the encryption means 203 generates a password (encrypted character string) from a source address, for example, there is a case as shown in FIG. On the other hand, decoding means 203
Is configured to receive the password extracted by the above-described character string extracting unit 201, and to decrypt the input password to the original source address.

In the authentication means 204 of this embodiment, when a predetermined password (encrypted character string) is extracted by the character string extraction means 201 in the e-mail received from the user, the password is decrypted by the decryption means. In step 203, it is determined whether or not it matches the source address extracted by the address extraction unit 106 to determine whether or not access to the database system 10 is possible. On the other hand, if the received e-mail does not include a password, a predetermined password (encrypted character string) converted by the encryption unit 202 is added to the source address extracted by the address extraction unit 106. And send it to the user by e-mail. Thus, in the present embodiment, a user who has already been given a password is authenticated by the password as to whether or not access to the database is possible. For a user who has not been given a password, a password is received when an e-mail is received. Is generated and sent back.

Next, a search method using an electronic mail for the database system of the present embodiment having the above-described configuration will be described with reference to flowcharts shown in FIGS. First, a case where a user acquires a password from the database system of the present embodiment will be described with reference to FIG. The user of the database is the user interface unit 1 of the client system 11.
In step 601, an e-mail is created using the E.01 (step 601), and transmitted to the database system using the mail transmission unit 102 (step 602).

The electronic mail transmitted in step 602 is sent to the mail receiving means 104 of the database system 10.
(Step 603), the mail receiving means 104 having received the e-mail
(Step 604). The address extracting means 106 extracts the source address from the received e-mail (step 605) and outputs it to the authentication means 204. The authentication means 204 receives the source address from the address extraction means 106 (step 606), and checks whether or not this address is registered in the user address management means 109 (step 607).

Here, if the address is not registered in the user address management means 109, the failure of the authentication is notified to the mail transmitting means 105 (step 608), and the electronic mail transmitting means 105 transmits this notification to the electronic mail. It is sent to the mail receiving means 103 of the client system 11 in the form (step 609). User side mail receiving means 10
3 passes the returned e-mail to the user interface means 101 (step 610), and the user interface means 101 displays it (step 611) and notifies the user.

On the other hand, if the result of determination in step 607 is that the address has been registered in user address management means 109, authentication means 204 outputs the source address obtained in step 606 to encryption means 202 (step 607). 612). The encryption means 202 encrypts this address into a predetermined character string (see FIG. 7), and generates a password (step 613). The authentication means 204 acquires the generated password from the encryption means (step 61).
4), which is output to the mail transmitting means 105 (step 6)
15) The result is transmitted from the mail transmitting means 105 to the mail receiving means 103 of the client system 11 in the form of an e-mail (step 616). In the mail receiving means 103 on the user side, the e-mail is output to the user interface means 101 (step 617), and a password is displayed to the user by the user interface means 101 (step 618). This allows the user to obtain his password.

Next, the case of accessing the database system of this embodiment using the password obtained by the above method will be described with reference to the flowcharts shown in FIGS. First, as shown in FIG. 5, the database user creates an e-mail using the user interface unit 101 of the client system 11 (step 701). At this time, the e-mail is sent to the user interface unit 101 in step 618 (FIG. 4).
Fill in the password displayed in. FIG. 8 shows an example of an e-mail in which a password has been entered.

Then, an e-mail in which necessary items including a password are entered is transmitted to the database system 10 using the mail transmission means 102 (step 702). The e-mail transmitted in step 702 is received by mail receiving means 104 of database system 10 (step 703). The mail receiving unit 104 outputs the received electronic mail to the address extracting unit 106, the data extracting unit 107, and the character string extracting unit 201, respectively.
(Step 704).

The address extracting means 106 extracts the source address from the received mail (step 705).
The data extraction unit 107 extracts information and data necessary for accessing the data storage unit 108 (step 706), and the character string extraction unit 201 extracts a password (step 707). Then, authentication means 2
04 receives the source address from the address extraction means 106 (step 708), and checks whether or not this address is registered in the user address management means 109 (step 709).

If the received address is not registered in the user address management means 109, the failure of the authentication is notified to the mail transmission means 105 (step 7).
10), the e-mail sending means 105 sends this notification in the form of e-mail to the mail receiving means 103 of the client system 11 (step 711). The mail receiving means 103 on the user side transfers the mail to the user interface means 101 (step 712), and the user interface means 101 displays this (step 713).

On the other hand, if the result of step 709 indicates that the address has been registered in the user address management means 109, the password extracted in step 707 is output to the decryption means 203 by the authentication means 204 (step 7).
14). In the decrypting means 203, the password is decrypted into the original address character string (step 715),
04 obtains this decrypted source address
(Step 716). Then, the authentication means 204 compares the character string decrypted from the password with the source address of the e-mail obtained in step 708 (FIG. 6).
Step 717).

If the decrypted character string does not match the e-mail address, the authentication means 204
The mail sending means 105 is notified that the authentication has failed.
(Step 718) The mail sending means 105 sends this notification to the mail receiving means 103 of the client system 11 in the form of an electronic mail (Step 719). The mail receiving means 103 on the user side passes the mail to the user interface means 101 (step 720), and the user interface means 101 displays this (step 72).
1).

On the other hand, if the result of determination in step 718 is that the decrypted character string matches the source address of the e-mail, the authentication means 204 notifies the access means 111 that authentication has been successful ( Step 722).
In response to the notification, the access unit 111 acquires the data extracted in step 706 from the data extraction unit 107 (step 723 in FIG. 6), and makes a predetermined access to the data storage unit 108 using this data (step 72).
4) The result of the access is passed to the mail transmitting means 105 (step 725).

The e-mail sending means 105 sends this search result in the form of an e-mail to the mail receiving means 103 of the client system 11 (step 726). The mail receiving means 103 on the user side passes the received e-mail to the user interface means 101 (step 72).
7) The user interface means 101 displays the contents of the e-mail to the user (step 728). Thus, the user can search and acquire desired data.

As described above, according to the electronic mail search type database system and the database search method using electronic mail according to the present embodiment, the predetermined password is sent from the database system to the user in advance, and The only way to access the database is to send an e-mail containing the password. As a result, access to the database is not possible unless the password is leaked, and it is possible to reliably prevent the database system from being suddenly operated by an e-mail with an invalid source address, and to provide a more secure database system. It can be realized.

In this embodiment, the encryption means 202
Since the decryption means 203 is provided on the database system 10 side, it is impossible for the user side to judge by what method the source address is encrypted / decrypted. Therefore, it is extremely difficult for a malicious third party or the like to analyze or change the password, and a more secure database system can be realized.

Further, by providing the encrypting means 202 and the decrypting means 203 in the database system 10 as described above, the encryption / decryption method of the source address can be freely changed on the database side. It is possible to more reliably prevent unauthorized access. For example, if your email is stolen and you discover that your password is or could be parsed,
At that point, by changing the encryption / decryption method on the database system 10 side, it is possible to prevent subsequent unauthorized access, and even if the password is analyzed again, the access to the database will be continued for a certain period of time. Unauthorized access can be prevented. Further, by periodically changing the encryption / decryption method, it is possible to effectively make the analysis of the password impossible, and to more reliably eliminate unauthorized access.

Third Embodiment A third embodiment of the database system according to the present invention will be described with reference to FIGS. FIG. 9 is a block diagram showing a database system (and a client system) according to the third embodiment of the present invention. FIG. 10 is a flowchart illustrating a method of acquiring a password with an expiration date set in the database system according to the present embodiment. FIGS. 11 and 12 are flowcharts showing a data search method in the database system according to the present embodiment. FIG. 13 is an explanatory diagram showing an example of a case where a password is generated by encrypting the source address and expiration date of an e-mail in the database system according to the present embodiment. FIG. 14 is an explanatory diagram showing an example of an e-mail at the time of accessing the database system using the password obtained by encrypting the source address of the e-mail and the expiration date in the database system according to the present embodiment. .

The present embodiment shown in these figures is a modification of the above-described first and second embodiments, in which an expiration date is set for a password given by encrypting a source address, and Authentication is performed with reference to a password created from the source address of the mail and the expiration date of the password. That is, in the present embodiment, the user of the database first obtains a predetermined password from the database system, and sends an e-mail including the previously obtained password to the database system at the time of access.
At this time, the expiration date of the password is determined, and if the expiration date set in the password has passed, authentication automatically fails and access is denied.

The specific configuration is as shown in FIG. 9. First, the configuration of the client system 11 is the same as in the first and second embodiments. On the other hand, as shown in FIG. 9, the database system 10 of the present embodiment is different from the authentication unit 20 of the database system 10 in the second embodiment.
4 is replaced with an authentication means 303. The authentication unit 303 of this embodiment has a configuration in which a time determination unit 301 and an expiration date setting unit are added to the authentication unit 204 of the second embodiment. Time determination means 301
Is configured to compare the current time at which the e-mail is received with the time of the expiration date set by the expiration date setting unit 302, which will be described later, and determine whether the expiration date has passed. The expiration date setting means 302 is configured to set an expiration date for a predetermined period from the time of receiving an e-mail from a user and to give the e-mail a predetermined expiration date.

Further, in this embodiment, the encryption means 20
In step 2, a character string including both the source address of the e-mail and the expiration date is encrypted to generate a predetermined password (encrypted character string), and the decryption means 203 decrypts the password including the expiration date. (See FIG. 13). Then, in the authentication means 204, the decrypted character string matches the source address, and
It is determined whether the expiration date has passed. That is, in the present embodiment, the e-mail sent from the user is transmitted only when the password matches the source address and the expiration date has not passed.
Access to the database is permitted, and passwords whose expiration date has passed are denied access to the database.

Next, a search method using electronic mail for the database system of the present embodiment having the above-described configuration will be described with reference to flowcharts shown in FIGS. First, a case where a user acquires a password including an expiration date from the database system of the present embodiment will be described with reference to FIG. The user of the database creates an e-mail using the user interface unit 101 of the client system 11.
(Step 801), and send it to the database system using the mail sending means 102 (Step 802).

The electronic mail transmitted in step 802 is sent to the mail receiving means 104 of the database system 10.
Receiving the e-mail (step 803), the mail receiving means 104
(Step 804). The address extracting means 106 extracts the source address from the received e-mail (step 805) and outputs it to the authentication means 303. The authentication means 303 receives the source address from the address extraction means 106 (step 806), and checks whether or not this address is registered in the user address management means 109 (step 807).

Here, if the received e-mail address does not exist in the user address management means 109, the failure of the authentication is notified to the mail transmission means 105 (step 808). It is sent to the mail receiving means 103 of the client system 11 in the form of an electronic mail (step 809). The mail receiving means 103 on the user side passes the sent e-mail to the user interface means 101 (step 810), and the user interface means 101 displays it (step 811).

On the other hand, if the result of determination in step 807 is that an address has been registered in the user address management means 109, the authentication means 303 acquires an expiration date from the expiration date setting means 202 (step 812), and performs encryption. Means 202
Then, the source address acquired in step 606 and the expiration date acquired in step 812 are output (step 813). The encryption means 202 encrypts the address and the expiration date (see FIG. 13) and generates a password.
(Step 814). The authentication unit 303 acquires the generated password from the encryption unit (step 815), outputs the password to the mail transmission unit 105 (step 816), and outputs the result from the mail transmission unit 105 to the client in the form of an e-mail. It is sent to the mail receiving means 103 of the system 11 (step 817). In the mail receiving means 103 on the user side, the e-mail is transmitted to the user interface
01 (step 818), and the password is displayed to the user by the user interface unit 101.
(Step 819). This allows the user to obtain his password.

Next, the case of accessing the database system of the present embodiment using the password including the expiration date obtained by the above method will be described with reference to the flowcharts shown in FIGS. First, as shown in FIG. 11, a database user creates an e-mail using the user interface unit 101 of the client system 11 (step 901). At this time, the password displayed on the user interface means 101 in step 814 (FIG. 10) is entered in the e-mail. FIG. 14 shows an example of an e-mail in which a password has been entered.

Then, an e-mail in which necessary items including a password are entered is sent to the database system 10 using the mail sending means 102 (step 902). The e-mail transmitted in step 902 is received by mail receiving means 104 of database system 10 (step 903). The mail receiving unit 104 outputs the received electronic mail to the address extracting unit 106, the data extracting unit 107, and the character string extracting unit 201, respectively.
(Step 904).

The address extracting means 106 extracts the source address from the received mail (step 905),
The data extraction means 107 extracts data necessary for accessing the data storage means 108 (step 90).
6) Further, the character string extracting means 201 extracts a password (step 907). Then, the authentication unit 303
Receives the source address from the address extracting means 106 (step 908), and
Check if this address is registered in 9
(Step 909).

If the received address is not registered in the user address management means 109, the failure of the authentication is notified to the mail transmission means 105 (step 9).
10), the e-mail sending means 105 sends this notification in the form of e-mail to the mail receiving means 103 of the client system 11 (step 911). The mail receiving means 103 on the user side transfers the mail to the user interface means 101 (step 912), and the user interface means 101 displays the mail (step 913).

On the other hand, if the address is registered in the user address management means 109 as a result of step 909, the password extracted in step 907 is output to the decryption means 203 by the authentication means 204 (step 9).
14). In the decrypting means 203, the password is decrypted (step 915), and the authentication means 303 acquires a character string including the decrypted source address and the expiration date.
(Step 916). Then, the authentication unit 303 first extracts the character string of the source address from the source address and the expiration date included in the decrypted character string in step 90.
Compare with the source address of the e-mail obtained in step 8
(Step 917 in FIG. 12).

If the combined character string does not match the e-mail address, the authentication means 303 notifies the mail transmission means 105 that the authentication has failed.
(Step 918) The mail transmitting unit 105 transmits this notification to the mail receiving unit 103 of the client system 11 in the form of an electronic mail (Step 919). The mail receiving means 103 on the user side passes the mail to the user interface means 101 (step 920), and the user interface means 101 displays it (step 92).
1).

On the other hand, if the result of determination in step 917 is that the decrypted character string matches the source address of the e-mail, the authentication means 204 determines the expiration date extracted in step 915 in FIG. Output to 301
(Step 922). The time determination means 301 determines whether the expiration date is earlier or later than the current time, and returns the result to the authentication means 303 (step 923). Then, the authentication unit 303 makes a determination based on the result (step 924), and when the expiration date is earlier than the current time, notifies the mail transmission unit 105 that the authentication has failed (step 925). Then, the e-mail sending means 105 sends this notification in the form of e-mail to the mail receiving means 103 of the client system (step 926). The mail receiving means 103 on the user side passes the mail to the user interface means 101 (step 927), and the user interface means 101 displays it (step 92).
8).

On the other hand, if the result of determination in step 924 is that the expiration date is later than the current time,
03 notifies the access means 111 that the authentication has succeeded (step 929). In response to this notification, the access unit 111 acquires the data extracted in step 706 from the data extraction unit 107 (step 930), and makes a predetermined access to the data storage unit 108 using this data.
(Step 931), the result of the access is sent to the mail transmitting means
05 (step 932).

The electronic mail transmitting means 105 sends the access result in the form of an electronic mail to the mail receiving means 103 of the client system 11 (step 933). The mail receiving means 103 on the user side passes the received e-mail to the user interface means 101 (step 9).
34), the user interface means 101 displays the contents (step 935). Thus, the user can search and acquire desired data.

As described above, according to the e-mail search type database system and the e-mail-based database search method according to the present embodiment, transmission of an e-mail is performed to authenticate a user having an appropriate access right to the database. In addition to the original address and the predetermined password, an expiration date for a fixed period is set, and after the expiration date, access is rejected. As a result, even if the e-mail containing the password sent from the database system is stolen, the password contains information on the expiration date. Is denied and unauthorized access can be prevented.

[0079]

As described above, according to the e-mail search type database system and the e-mail-based database search method of the present invention, the access right is authenticated by using the source e-mail address. When permitting access to the database using electronic mail, unauthorized access to the database by a user other than the user having the access right can be eliminated.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a database system (and a client system) according to a first embodiment of the present invention.

FIG. 2 is a flowchart illustrating a data search method in the database system according to the first embodiment of the present invention.

FIG. 3 is a block diagram showing a database system (and a client system) according to a second embodiment of the present invention.

FIG. 4 is a flowchart illustrating a method for obtaining a password in a database system according to a second embodiment of the present invention.

FIG. 5 is a flowchart illustrating a data search method in a database system according to a second embodiment of the present invention.

FIG. 6 is a flowchart illustrating a data search method in the database system according to the second embodiment of the present invention continued from FIG. 5;

FIG. 7 is an explanatory diagram showing an example of a case where a source address of an e-mail is encrypted to generate a password in the database system according to the second embodiment of the present invention.

FIG. 8 is an explanatory diagram showing an example of an electronic mail when accessing a database system using a password acquired in the database system according to the second embodiment of the present invention.

FIG. 9 is a block diagram showing a database system (and a client system) according to a third embodiment of the present invention.

FIG. 10 is a flowchart illustrating a method for acquiring a password with an expiration date set in the database system according to the third embodiment of the present invention.

FIG. 11 is a flowchart illustrating a data search method in a database system according to a third embodiment of the present invention.

FIG. 12 is a flowchart illustrating a data search method in the database system according to the third embodiment of the present invention, which is continued from FIG. 11;

FIG. 13 is an explanatory diagram showing an example of a case where a source address and an expiration date of an e-mail are encrypted to generate a password in the database system according to the third embodiment of the present invention.

FIG. 14 is an explanatory diagram showing an example of an electronic mail when accessing the database system using the password acquired in the database system according to the third embodiment of the present invention.

FIG. 15 is a schematic configuration diagram showing a conventional database search system using electronic mail.

[Explanation of symbols]

 Reference Signs List 10 database system 11 client system 101 user interface means 102 mail transmission means 103 mail reception means 104 mail reception means 105 mail transmission means 106 address extraction means 107 data extraction means 108 data storage means 109 user address management means 110 authentication means 111 access means 201 Character string extraction means 202 Encryption means 203 Decryption means 204 Authentication means 301 Time determination means 302 Expiration date determination means 303 Authentication means

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 12/58

Claims (12)

[Claims] 1. A data storage means for storing predetermined data, and a mail transmission / reception means for transmitting / receiving an e-mail to / from an external device. An e-mail search type database system capable of searching and acquiring the data of the e-mail, based on predetermined source information of an e-mail received from outside, determining whether the user has an access right to the database system, An e-mail search type database system comprising an authentication means for determining whether or not access to the database is possible. 2. The database system according to claim 1, further comprising: address extraction means for extracting a source address from the received e-mail; and user address management means for managing a source address of a user who has access to the database system. 2. The authentication unit according to claim 1, wherein the authentication unit determines whether the source address extracted by the address extraction unit is registered in the user address management unit, and determines whether access to the database system is possible. E-mail search type database system. 3. The method according to claim 1, wherein the authenticating means transmits a source address corresponding to the encrypted character string to the database system based on a predetermined encrypted character string assigned to each source address of an e-mail received from the outside. 3. The electronic mail search type database system according to claim 2, wherein it is determined whether or not the user has the right to access, and whether or not access to the database system is permitted is determined. 4. An encrypting means for converting a character string of the source address into a predetermined encrypted character string in accordance with a source address of an e-mail received from the outside, Decryption means for decrypting the encrypted character string generated in the above into a character string of the original source address; and character string extraction for extracting the encrypted character string generated by the encryption means from the received e-mail. Means, wherein the authentication means has registered in the user address management means a source address decrypted by the decryption means based on the encrypted character string extracted by the character string extraction means. 4. The electronic mail search type database system according to claim 3, wherein a determination is made as to whether or not access to the database system is possible. 5. When the authentication means does not extract a predetermined encrypted character string by the character string extraction means, the authentication means converts the source address extracted by the address extraction means by the encryption means. When the predetermined encrypted character string is extracted and extracted by the character string extracting means, the character string obtained by decrypting the encrypted character string by the decrypting means is transmitted. 5. The electronic mail search type database system according to claim 4, wherein it is determined whether the source address extracted by the address extracting means matches the source address, and whether the database system can be accessed is determined. 6. An authentication unit according to claim 1, wherein said authentication unit determines whether said expiration date has passed as compared with a current time based on predetermined expiration date information assigned to each source address of an e-mail received from outside. 6. The electronic mail search database system according to claim 2, wherein the determination is made to determine whether or not access to the database system is possible. 7. An expiration date setting means for setting an expiration date of a predetermined time after the current time received from an externally received e-mail, the database system comprising: Extracting a time limit, comparing the validity time with the current time to determine whether or not the current time has passed. 7. The electronic mail search type data system according to claim 6, wherein access to the database system is rejected for a source address whose expiration time has passed the current time. 8. When the expiration time is not extracted by the time determination means, the authentication means sets the expiration time in the expiration time setting means and transmits the e-mail to the source address of the electronic mail. When the expiration time is extracted by the time determination unit, the extracted expiration time is compared with the current time by the time determination unit to determine whether or not the current time has passed. 8. The electronic mail search type data system according to claim 7, wherein whether to access said database system is determined based on a result of the determination. 9. A database search method using an e-mail capable of searching for and obtaining desired data by accessing a database storing predetermined data from the outside via an e-mail. Judge whether or not the user has the right to access the database system based on the predetermined source information of the e-mail received from the e-mail, and decide whether or not to access the database. Database search method. 10. A user having an access right to a database registers a source address of an e-mail, extracts a source address from a received e-mail, and stores the extracted source address in the access to the database. 10. The database search method using electronic mail according to claim 9, wherein it is determined whether or not the user is registered as an authorized user, and whether to access the database is determined based on a result of the determination. 11. A predetermined encrypted character string is provided for each source address of an e-mail received from outside, and the source address corresponding to the provided encrypted character string is:
11. The database search method using electronic mail according to claim 10, wherein it is determined whether or not the user is registered as a user having an access right to the database, and whether access to the database is permitted is determined. 12. A predetermined expiration date information is assigned to each source address of an e-mail received from the outside, and the assigned expiration date is compared with a current time to determine whether the expiration date has passed. 12. The database search method using electronic mail according to claim 10, wherein the determination is made as to whether or not the database can be accessed.