JP2003242092A - Isolation and detecting method of e-mail virus preventive system, mutual authorization method, isolation and detecting program and mutual authorization program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent infection with a virus by providing an e-mail virus preventive system, and preventing intrusion of the virus into a computer of a user of e-mail including the virus by an isolation and detecting preventive measure. <P>SOLUTION: The isolation and detecting preventive measure includes the following step: a step of downloading e-mail by a temporary simulation method (Virtual-copy Format), a step of discriminating whether or not to be the e-mail infected with the virus, and a step of excluding the virus e-mail. An mutual authorization means communicates an identification number of both discussion via mail, and then, executes crossing credit and a mutual analysis, and opens the e-mail when there is no error by confirmation according to a movement time identification number key. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention is applied to the process of sending and receiving electronic mail, and the computer system of the electronic mail recipient distributes it by another person by means of preventive measures for quarantine detection and means of alternate authorization. The present invention relates to a quarantine detection method, an alternate authorization method, a quarantine detection program, and an alternate authorization program for an e-mail virus prevention system that can avoid being infected by a computer virus.

[0002]

BACKGROUND OF THE INVENTION With the spread of computers and the Internet, the round-trip method of mass mail has already been replaced by fast, easy and low cost electronic mail.

However, a computer virus that causes the destruction of computer data and the shutdown of the system has also been spread quickly and widely by e-mail, and computer users have been infected with the virus. When opening an e-mail, the computer will be affected by the virus and will shut down and become unusable, and the computer virus will also issue the virus to other people's computers according to the contents of the contact book in the e-mail software. Therefore, there is a possibility that the network may be disturbed by replicating and distributing a large amount of virus in this way.

At present, virus scanning software is sold in the market, but these software (programs) scan when a computer receives an electronic mail, or a user opens an electronic mail containing a virus. It stops the operation of the virus file when doing so and the user is in a passive situation where he cannot get useful related messages and virus information.

When a virus enters a user's computer system and virus scanning software cannot find a new virus or variant virus,
In particular, when a new virus is created, the virus scanning software provider downloads the new virus code to the user's computer system via the network, but at that time it is already too late. However, they are in a passive position because they will know the outbreak of a new virus later.

Therefore, if a computer engineer of a virus scan company waits 24 hours and its world laboratory detects a new virus, all the relevant engineers immediately carry out a comparative analysis and create a rescue program, It is placed on the network and is available for the client to download, or automatically downloaded to the client computer system. However, within the last few hours, the virus has already spread extensively due to the rapid communication of the network, shutting down a myriad of systems.

Another factor that should not be ignored is that virus makers and network trespassers have a generally professional level in this field and seek out the weaknesses of computer software and virus scanning companies. It means that you can do it and can proceed with the attack.

For example, Microsoft Corporation's computer operating system and application software fully support international networks, and its Windows operation system adopts an all-automated design and is interconnected. , Email receiving software, eg Outlook
When a foreign email is received by (registered trademark) software and the file attached to it contains a virus, this virus enters the Windows operation system as it is, and the network illegal intruder and the mail virus are viruses. It spreads a large amount of virus to each mail address in the contact book in the Outlook (registered trademark) software of the computer infected with the virus, and adversely affects other computer systems as well as international networks.

[0009] The Internet connects all network sites in the world together, and one e-mail can attack another company's server and cause network congestion. Therefore, government agencies and companies are working together to expedite the capture of computer viruses.

Therefore, if a virus can be detected and eliminated before it enters the user's computer, the user can safely read the e-mail and the user's computer can be protected appropriately. become.

[0011]

However, an effective e-mail virus prevention system capable of detecting and eliminating a virus in an e-mail as described above has not yet been developed.

The present invention has been made in view of the above problems, and an object of the present invention is to reliably detect and eliminate a virus contained in an electronic mail and to suitably protect a user's computer environment. An object is to provide a quarantine detection method, an alternate authorization method, a quarantine detection program, and an alternate authorization program for an email virus prevention system.

[0013]

In view of the above-mentioned problems, the inventor of the present invention has repeatedly studied and developed the present invention based on many years of experience in the field.

The present invention provides an e-mail virus prevention system, and adopts a preventive measure for quarantine detection and means of alternate authorization so that a computer system of an e-mail recipient can be infected with a computer virus distributed by another person. You can avoid receiving it.

The quarantine detection method is a method of preventing the occurrence of a virus by downloading one or a plurality of electronic mails by a temporary simulation method,
In addition, it includes a process of determining whether or not these downloaded e-mails contain a virus and eliminating the e-mail containing the virus.

Further, the above-mentioned alternate authorization method is means for executing alternate trust and mutual analysis through a personal identification number for both email communications, and then opening the email.

Therefore, a main object of the present invention is to provide an e-mail virus prevention system, and preventive measures for quarantine detection can prevent e-mail containing a virus from invading a user's computer. It becomes possible to prevent virus infection.

Another object of the present invention is to provide a means for alternately authorizing an e-mail virus prevention system, which is confirmed through a consultation secret code of both mail communications and by matching a dynamic time secret code key. Then open the e-mail when there is no mistake.

To achieve the above object, the present invention is realized as follows.

That is, the preventive action for the quarantine detection of the email virus prevention system is a tentative simulation method (Virtual-co
py Format) includes a step of downloading an email, a step of determining whether the email has a virus, and a step of eliminating a virus email.

Further, the means of alternate authorization is to communicate the personal identification number of the bilateral consultation via mail, and then execute cross-credit and mutual analysis, and according to the dynamic time personal identification number key,
Make sure to open the e-mail when there is no mistake.

Hereinafter, the features and effects of the present invention will be clarified by describing the preferred embodiments of the present invention in detail with reference to the accompanying drawings.

[0023]

BEST MODE FOR CARRYING OUT THE INVENTION First, a quarantine detection system of an electronic mail virus prevention system of the present invention will be described.

FIG. 1 is a flow chart for issuing a warning to a computer user, which informs the computer user whether or not the e-mail to be downloaded to their own computer is infected with a virus. I can announce.

The steps of the flow (hereinafter referred to as S) are as follows.

In the preliminary inspection (S102), the computer user first diagnoses the electronic mail beforehand.

In the virus mail discrimination (S104), this quarantine detection system provides one or a plurality of safety rules, which is a basis for judging whether or not the mail is infected with a virus.

In the deletion of virus mail (S106), an electronic mail having a possibility of being infected with a virus is marked with a small figure or a different color so that the computer user deletes the garbage mail or the virus mail and deletes other mail. Hold and read them.

The purpose of this warning (marking) system is not to scan or repair virus mail, but to notify computer users that the e-mail to be opened may have a virus. It also provides users with the option to delete emails that may have viruses.

Since e-mail is fast and convenient and can achieve the purpose of exchanging messages and communicating with others, it is already becoming an alternative to the conventional mail method. In addition, emails can be read by recipients at their leisure, without the immediate distraction of receiving and talking on the phone, and the sender of the email can send similar emails to multiple recipients at once. You can offer it. In addition, document files and other types of files can be sent to the recipient by way of attached files.

FIG. 2 is a flowchart for detecting / deleting virus mail of the quarantine detection system. The steps of this flow are as shown below.

Automation execution (202): The flow for detecting / deleting this virus mail is automatically executed or executed according to a command.

Mail Account Determination (204): The system can determine if the user email account is available and if not, go to step 206 and if so, go to step 208.

Account Setting / Test (206): While the user can set the e-mail account,
Test that email account is available.

Virtual Copy Format (Virtual-
copy Format) (temporary simulation method) (208): Downloads an electronic mail from a mail server in a virtual copy format (temporary simulation method), and a virtual copy format of this electronic mail (temporary simulation method)
You can safely analyze if the content of the email is a virus-infected email, but the email data cannot be executed under this format.

Judgment (210): Judgment is made for each virtual copy format (temporary simulation method) e-mail.

Safety Law (212): The quarantine detection system makes a particular safety law specified by a computer user a standard of judgment. If it is determined that a virus is present, ask if you want to automatically eliminate it. If it is not automatically excluded, step 214 is executed, and if it is automatically excluded, step 216 is executed.

Virus content analysis (214): If the safety law is not specified, the quarantine detection system identifies the attached file of the email, the origin (From Field), the recipient (To Field) and the title (Subject Field) of the email. Judge and analyze whether the email contains a virus.

Virus mail exclusion (216): When a certain safety law is designated, the quarantine detection system uses the designated safety law as a standard for judgment and deletes an email having a virus.

Log File (21)
8): The quarantine detection system stores the excluded mail in the form of log file.

Virus mail display (220): Through step 214 or step 218, the quarantine detection system displays detailed materials of each mail and
Mark emails with viruses.

Delete execution (222): The computer user issues a command to delete one or more e-mails.

Delete Server Mail (224): At the direction of the computer user, the quarantine detection system enters the user's mail server to delete the electronic mail in the server.

Mail download (226): Finally,
The quarantine detection system runs a computer user's preset email receiving program to download a secure, virus free email to the user's computer.

Next, the means for alternately authorizing the electronic mail virus prevention system of the present invention will be described.

The e-mail function has the characteristics of immediacy and low cost, so that it can be used for commercial use and is considerably valuable. It is also possible to provide computer users with attached files, such as blueprints, quotations, and receipts, in their e-mails, and all electronic files can be quickly spread by this function.
It will increase the competitiveness of commerciality.

However, for illegal intruders and virus makers, the file attached to the e-mail is the most preferable route for invading the virus into the user's system and infecting and shutting down the system. Others' names can be used to post virus mail to the user's friends and business-traffic partner's computer system via the contents of the address in the contact book of the user's email processing program. In addition, illegal intruders often fake email titles to lure recipients into opening the email, and viruses often attack the user's computer system.

Therefore, if the safety of the attached file of the e-mail can be confirmed by the mutual analysis and the method of cross-credit through the means of alternate authorization, it is possible to provide an absolutely safe environment, for example, for both round trips of the mail. , Buyers and sailors will be able to open emails in mutual trust situations. The alternate authorizing means of the present invention provides a soft interface through which mail senders can easily package their mail and its ancillary files, and then submit the package to the recipient's mailbox. When the mail recipient receives the package, first, the internal identification material is searched and analyzed, and if the identification material can be found, the user is willing to confirm the personal identification number. Here, if the personal identification number and the user's personal identification number match, this soft interface should first mark that this e-mail is a reliable e-mail, and then use the internal "dynamic time PIN code key". ”
Then, the mail communication flow of the means of alternate authorization is completed by performing the encoding process of (1) and adding the arrangement combination of the contents of each part to this reduction process. This allows the mail recipient to open the mail with peace of mind at this time.

FIG. 3 is a diagram showing a simple flow on the sender side. The steps of the flow are as shown below.

Mail creation (302): The user creates an e-mail and completes the attached file.

Email (304): A soft interface may allow the user to subscribe to standard email material.

PIN Input (306): When the user submits a mail via the alternate authorization means, the soft interface requests the PIN input.

Re-combination and conversion (308): A final re-combination and internal conversion code joining process are performed on the personal identification number, the "dynamic time personal identification number key", and the mail package which are input to the soft interface.

Send Mail (310): Finally, send this e-mail according to standard SMTP rules.

In step 308, the dynamic time PIN code means that the soft interface requests the user to enter the PIN code when the sender tries to send out a mail, and at the same time, the internal code Generate PIN code for internal use by using the process. In addition,
This personal identification number is used to join the contents of the mail and the attached file with a mixed conversion code, and is called a dynamic time personal identification number key. This dynamic time PIN code is generated instantaneously at a dynamic time, and an illegal intruder has no possibility of knowing this secret code, and even the sender cannot know it. In addition, each email has a different time-of-day PIN code, which can improve the security and confidentiality of emails, and this method can be used by companies to verify the origins of emails at crossings and Since the contents and attached files are not seen and changed by other people during the mail communication process,
The credibility between the company and the user can be secured, the safety of the email can be improved, and the chance of virus infection to the user's computer can be reduced.

FIG. 4 is a diagram showing a simple flow at the recipient end, and its step flow is as shown below.

E-mail reception (402): The recipient receives e-mail according to standard POP3 rules.

Mail Analysis (404): The soft interface analyzes the electronic mail already received.

Security code input (406): If the mail is an alternate authorization means mail, it is requested to input the security code.

Return Mail Package (408): If the PIN is correct, the system will return the mail package and the mail recipient can open this virus-free mail and its ancillary files.

FIG. 5 is a flowchart showing an example of the transmitting end. The step flow is as shown below.

Mail preparation (502): The user prepares an electronic mail.

Alternate authorization processing (504): Determines whether to perform alternate authorization processing, and proceeds to step 506 if not used and proceeds to step 508 if used.

Recipient designation (506): The recipient is directly designated and then step 514 is executed to send the electronic mail.

Add File (508): Add one or more files according to the process.

PIN input (510): Input the PIN required by the software interface.

Code addition and arrangement (512): The soft interface internally adds the "dynamic time code number key" and then newly adds and arranges the code.

Send e-mail (514): Send an e-mail.

FIG. 6 is a flow chart showing an example of the receiving end. The step flow is as shown below.

E-mail reception (602): A computer user receives an e-mail.

Alternate email authorization (604): The soft interface analyzes this email to determine if it is an alternate authorization email, and if not, proceeds to step 606, otherwise proceeds to step 608.

Read POP3 mail (606): Read POP3 mail according to normal processing and the computer user reads this e-mail according to step 614.

Security code input (608): The software interface requests the security code input, and if the security code does not correspond, the process proceeds to step 606, but if the security code does correspond, the process proceeds to step 612.

PIN Confirmation (610): The soft interface confirms the correctness of the PIN.

Confirmation of dynamic PIN code (612): The inside of the dynamic PIN code is confirmed again.

Read e-mail (614): The computer user reads the e-mail that has been alternately authorized.

FIG. 7 is a flow chart showing an example of the receiving end connecting the isolation detection system and the alternate authorization means. The step flow is as shown below.

E-mail reception (702): A computer user receives an e-mail.

Email inspection (704): The software interface inspects the contents of the email and the file chuck.

Internal encryption (706): This mail is analyzed and judged whether or not it has an internal encryption, and if not, step 708.
If there is, go to step 718.

Virtual copy format (temporary simulation method) (708): If there is no internal code, it is judged as an ordinary mail, and the software (program) downloads the electronic mail from the mail server by the virtual copy format (temporary simulation method). Then, although the contents of the e-mail in this virtual copy format (temporary simulation method) are not executed, it is analyzed whether or not the e-mail is safely virus-borne.

Attached file (710): It is judged whether or not another attached file is attached to this electronic mail. If not attached, the process proceeds to step 712, but if attached, the process proceeds to step 714.

Content display (712): The software directly displays the content.

Delete mail (714): The software deletes this mail. This is because the sending end cannot be used or is a junk mail.

Recording file (716): The mail to be deleted is saved as a recording file.

PIN Input (718): If the soft interface analyzes and confirms that the external email has an internal cipher, it requests the computer user to enter the PIN.

PIN confirmation (720): If the PIN confirmation step does not correspond to the PIN confirmation step, the process proceeds to step 708. If the PIN number corresponds to the identification number, the process proceeds to step 722.

Confirmation of dynamic PIN code (722): The software internally confirms the dynamic PIN code again, and this dynamic PIN code is generated at the moment when the sender sends out the mail, and is unique. Have.

E-mail return (724): The e-mail contents and attached files are returned.

Confirm that the mail is non-virus mail (72
6): As a result of cross-confirmation of this e-mail, the computer user is notified by the confirmation figure and the color that it does not contain a virus.

Mail download (728): This mail is downloaded to the electronic mail processing software of the computer user. For example, Microsoft company Outl
Download to ook (R) Inbox.

[0092]

As described above, the preventive treatment for sequestration detection of the present invention has the following steps.

That is, it includes a process of downloading an electronic mail by a temporary simulation method, determining whether it is a virus mail, and excluding the virus mail, and
The means for altering authorization generates a secret code to be discussed by both parties of the mail communication, and then cross-credit and mutual analysis, and match the dynamic time secret code key, and open the e-mail when it is confirmed to be correct, When using the present invention, the user is protected only when the user's computer is prevented from being attacked by an illegal intruder and an e-mail virus, and the primary means is taken to confirm that the e-mail contains no virus. Because it has the inventiveness and inventive step and meets the statutory requirements of the patent, we file a patent application in accordance with the law.

The preferred embodiments of the present invention are described above, but their configurations do not limit the scope of the practice of the present invention, and any person skilled in the art will be within the spirit and scope of the present invention. Although minor changes and modifications can be made without departing from the above, equivalent changes and modifications carried out within the spirit of the present invention should be included in the scope of the claims of the present invention, and the limitation thereof should be claimed. It should follow the range.

[Brief description of drawings]

FIG. 1 is an explanatory diagram showing a simple flow for issuing a warning to a computer user.

FIG. 2 is an explanatory diagram showing a flow of detecting and deleting a mail in the quarantine detection system.

FIG. 3 is an explanatory diagram showing a simple flow of a transmitting end.

FIG. 4 is an explanatory diagram showing a simple flow of a receiving end.

FIG. 5 is an explanatory diagram showing a flow regarding a paradigm of a transmitting end.

FIG. 6 is an explanatory diagram showing a flow regarding an example of a receiving end.

FIG. 7 is an explanatory diagram showing a flow regarding a paradigm of a receiving end when the isolation detection system and the alternate authorization means are combined.

[Simple explanation of symbols]

102 Prospecting 104 Virus mail discrimination 106 Virus mail deletion 202 Automation execution 204 Mail account determination 206 Account setting / testing 208 Virtual copy format (provisional simulation method) 210 Analysis 212 Safety law 214 Virus presence analysis 216 Virus mail exclusion 218 Record File 220 Virus mail display 222 Delete execution 224 Server mail delete 226 Mail download 302 Mail creation 304 E-mail 306 PIN code input 308 Re-combination and conversion 310 Mail transmission 402 E-mail reception 404 Mail analysis 406 PIN code input 408 Mail package reduction 502 mail Preparation 504 Alternate authorization processing 506 Recipient designation 508 File subscription 510 PIN input 512 Code subscription and distribution 514 E-mail transmission 602 E-mail reception 604 Alternate authorization mail 606 POP3 e-mail reading 608 PIN code input 610 PIN confirmation 612 Dynamic PIN confirmation 614 E-mail reading 702 E-mail reception 704 E-mail inspection 706 Internal encryption 708 Virtual copy format (temporary simulation) 710 Attached file 712 Contents display 714 Delete mail 716 Record file 718 Input password 720 Check PIN 722 Dynamic PIN confirmation 724 E-mail reduction 726 Non-virus mail confirmation 728 Mail download

Claims (19)

[Claims] 1. An e-mail virus prevention system comprising: a step of downloading an e-mail by a provisional simulation method; a step of judging whether it is a virus e-mail; and a step of excluding a virus e-mail. Quarantine detection method. 2. The quarantine detection method for an electronic mail virus prevention system according to claim 1, wherein an electronic mail containing no virus can pass through the processing in each of the steps. 3. The quarantine detection method for an e-mail virus prevention system according to claim 1, wherein an e-mail containing no virus is loaded into an e-mail processing program. 4. The quarantine detection method for an e-mail virus prevention system according to claim 1, wherein it is determined whether or not the e-mail downloaded by the provisional simulation method is a safe e-mail. 5. A method for determining whether or not an e-mail contains a virus by analyzing an attached file of the e-mail, a place where the e-mail is sent and a place where the e-mail is received, and a title of the e-mail. Claim 1
Quarantine detection method of the email virus prevention system described in. 6. The quarantine detection method for an e-mail virus prevention system according to claim 1, wherein a safety law is set. 7. An alternate authorization method for an e-mail virus prevention system, comprising the steps of inputting a personal identification number set and the step of generating a dynamic time personal identification number key. 8. The email virus prevention according to claim 7, wherein the personal identification number set is used for decrypting an email that is authorized by the recipient after being input by the sender and is confidential. Alternate system authorization method. 9. The dynamic time PIN code key is automatically generated by a program.
Alternate authorization method for the email virus prevention system described in. 10. The alternate authorization method for an electronic mail virus prevention system according to claim 7, wherein the program includes a process of re-encoding an electronic mail to be transmitted. 11. The alternate authorizing method for an electronic mail virus prevention system according to claim 7, wherein the electronic mail after confirmation of the personal identification number is restored to a normal mail format on the recipient side. 12. An electronic mail which causes a computer to function as a means for downloading an electronic mail by a tentative simulation method, a means for determining whether or not the electronic mail is a virus electronic mail, and a means for excluding a virus electronic mail. Quarantine detection program for virus prevention system. 13. The e-mail virus prevention system according to claim 12, wherein the computer realizes a distinction as to whether or not the e-mail downloaded by the temporary simulation method is a safety mail. Quarantine detection program. 14. A computer determines the attached file of the electronic mail, the origin and destination of the electronic mail, and the title of the electronic mail to determine whether the electronic mail contains a virus. The quarantine detection program of the electronic mail virus prevention system according to claim 12, which is executed. 15. An alternate authorization program for an electronic mail virus prevention system, which causes a computer to function as a means for inputting a personal identification number set and a means for generating a dynamic time personal identification number key. 16. The computer according to claim 15, wherein the personal identification number set is caused to function as a means for decrypting an electronic mail which is authorized by the recipient and is confidential after the input by the sender. Alternate authorization program for email virus prevention system. 17. The alternation authorization program for an electronic mail virus prevention system according to claim 15, wherein the computer is caused to function as a means for automatically generating the dynamic time secret code key. 18. The alternation authorization program for an electronic mail virus prevention system according to claim 15, which causes a computer to function as means for including a process of encoding again an electronic mail to be transmitted. 19. The alternation of the e-mail virus prevention system according to claim 15, wherein the computer functions as a means for restoring the e-mail after confirmation of the personal identification number to the normal mail format on the recipient side. Authorization program.