JP2005202715A - Classified information transfer system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a classified information transfer system allowing safe transfer of a classified information file while preventing spread of infection of a computer virus between enterprises and individuals. <P>SOLUTION: In this classified information transfer system, when permitting login of a transmitter, a classified information transfer server 1 refers to a recipient list of a recipient list DB 2 and displays a list of a recipient to which a classified information file can be transferred, to the transmitter. When the recipient is selected and receives the classified information file encrypted and transmitted from the transmitter, the file is decrypted and is performed with a virus check. When the file is not infected with the virus, the file is stored in a classified information file storage part 3, and an electronic mail including a storage address of the classified information file is transmitted to the recipient. When infected with the virus, the file is deleted, and the effect is display-outputted to the transmitter. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a confidential information transfer system that transfers confidential information using the Internet, and in particular, confidential information that can safely transfer a data file of confidential information even between individuals while preventing the spread of computer viruses. Regarding the transfer system.

  Conventionally, as the exchange of confidential information using the Internet, a method of encrypting and transferring a data file (confidential information file) containing confidential information on the transmitting side and decrypting the encrypted file on the receiving side Has been done.

Further, as a prior art, there is JP-A-2003-30135 “Information management device” (applicant: Toyota Motor Corporation, inventor: Satoshi Fujiura, etc.) published on January 31, 2003.
The above prior art is realized by using an intranet between affiliated companies, and when transmitting confidential information to a destination person, the destination information is selected and designated from a list registered in advance, When the transmission information including general information, confidential information, and destination information is received, the storage location of the confidential information is specified and stored based on the destination information, and the access information for the destination person to access the confidential information and the above general information Is created and notified to the addressee.
The addressee who received the contact information can access the confidential information by clicking the access information in the contact information and inputting authentication information.

Japanese Patent Laying-Open No. 2003-30135 (page 5-10, FIGS. 1 and 4)

  However, in the above-described conventional method of encrypting and transferring the data file, there is a possibility that the transmission side erroneously transfers the destination. In addition, the receiving side is not necessarily a legitimate recipient, and a malicious third party can be assumed to be a legitimate recipient and receive a data file, so confidential information is legitimate from the legitimate sender. There was a problem that it could not be reliably transferred to the recipient.

In addition, since the above prior art is premised on an intranet, even if a sender selects a recipient from a list, the sender can communicate confidential information within a limited range between departments or affiliated companies. Since correspondence with the receiving side is taken in advance, confidential information can be safely transmitted.
However, on the Internet, which is used by the unspecified majority, the combination of the sender and receiver of confidential information varies from time to time. Therefore, when managing destinations in a list, the destination for transmitting confidential information Changes such as addition / deletion must be made at any time, and in accordance with that, the sender must change the sender at any time, but if these changes are not made frequently, It does not correspond to the variation of the recipient combination.

In the above prior art, if the sender selects a recipient from the list, confidential information can be transmitted to the recipient. However, from the recipient, the sender is identified and the confidential information from the sender is specified. Just can't receive. For this reason, there is a possibility that confidential information may be transmitted to the addressee side from a valid but unexpected sender, and it is necessary to pay attention to the contents of the received confidential information.
Further, the above-described prior art merely registers and manages the sender and the destination person, and does not manage the sender and the destination person in consideration of the frequency of transmission and reception of confidential information.

  In particular, in a confidential information transfer system that handles the transfer of confidential information between companies that are not directly related to each other and between individuals (including individuals in a company) using the Internet, there are many users and Since the contents and transfer methods are diverse, high confidentiality is required. However, the above-described prior art does not sufficiently satisfy confidentiality from the above points, and there is a problem that confidential information cannot be transferred safely between companies and individuals.

  In addition, in the above-described conventional method of transferring data files after encryption, even if a file infected with a computer virus is sent encrypted, the sender can check without being checked whether the file is infected with a computer virus. Since the access information is sent to the addressee specified by the recipient, the addressee may download and decrypt the data file infected by the computer virus. There was a problem that there was a risk of spreading computer virus infection as a result.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a confidential information transfer system capable of safely transferring confidential information files while preventing the spread of computer viruses between companies and individuals.

  The present invention for solving the problems of the above-mentioned conventional example is a confidential information transfer system including a confidential information transfer server that transfers a confidential information file transmitted from a sender apparatus to a receiver apparatus. A receiver list storage unit that associates each sender with a sender that can receive the confidential information file and registers the sender for each sender, and a sender that can transmit the confidential information file. And a confidential information file storage unit for storing a confidential information file, and the confidential information transfer server permits login by user authentication from the sender side device. In response to the transmission request of the confidential information file from the sender device, the receiver corresponding to the sender is read out from the recipient list storage unit and displayed as a list. When a specific recipient is selected from the list, the confidential information file encrypted and transmitted from the sender device is received and decrypted, and it is checked whether the confidential information file is infected with a computer virus. If the confidential information file is not infected with a computer virus, the confidential information file is stored in the confidential information file storage unit and notified to a specific recipient device by e-mail. When login by user authentication is permitted, the confidential information file is read from the confidential information file storage unit and transmitted to the specific recipient device in response to a request to receive the confidential information file from the specific recipient device. If the file is infected with a computer virus, the confidential information file is deleted and the computer window is deleted. It is a confidential information transfer server that displays on the sender's device a message notifying that the confidential information file has been deleted due to a computer virus infection, and uploads only confidential information files that are not infected with a computer virus. Thus, it can be safely transferred to a desired recipient.

  The confidential information transfer system further includes a user storage unit that stores information of a user who can log in to the confidential information transfer server, and the confidential information transfer server authenticates the user from the sender side device. If the login by the sender is permitted, whether or not there is a recipient to be registered in the user information of the user storage unit in response to the registration request of the recipient including the information of the recipient to be registered from the sender side device. Judgment, if the recipient exists, temporarily register the sender and the recipient in association with the recipient list storage unit, notify the recipient device of the registration target by e-mail, When login by user authentication from the receiver side device responding to the e-mail is permitted, the correspondence between the sender and the receiver is associated in the receiver list storage unit in response to the sender registration request from the receiver side device. Is registered as a regular user, and is notified to the sender side device by e-mail. Both the sender and the receiver are pre-registered regular users, and the recipient is also received by a request from the sender. Even when registering in the list, the approval of the authenticated recipient is required, so the confidentiality of the confidential information file transfer can be improved.

  Further, the present invention has a history information storage unit for storing records of transmission and reception of confidential information files as history information together with a sender and a receiver in the confidential information transfer system. Reads history information from the information storage unit, identifies a pair of a sender and a receiver that does not transmit / receive the confidential information file for a predetermined time or more based on the history information, and sends the sender and receiver from the receiver list storage unit It is characterized in that the use suspension process for deleting the pair is periodically performed, and the list can be managed efficiently by deleting useless data according to the frequency of transmission and reception.

  The present invention further includes a history information storage unit for storing records of transmission and reception of confidential information files as history information together with a sender and a receiver in the confidential information transfer system. The user information is read from the storage unit and the history information is read from the history information storage unit, and the user who does not transmit / receive the confidential information file for a predetermined time or more is specified based on the user information and the history information, from the recipient list storage unit It is characterized in that a use suspension process for deleting information related to the user is periodically performed, and the list can be efficiently managed by deleting useless data according to the frequency of transmission and reception.

  According to the present invention, when the confidential information transfer server permits login by user authentication from the sender device, the sender information is transmitted from the receiver list storage unit in response to a request for sending the confidential information file from the sender device. The recipients corresponding to the sender are read and displayed in a list, and when a specific recipient is selected from the recipient list, the confidential information file encrypted and transmitted from the sender device is received and decrypted, Check whether the confidential information file is infected with a computer virus. If the confidential information file is not infected with a computer virus, the confidential information file is stored in the confidential information file storage unit and a specific recipient side. If the device is notified by e-mail and login by user authentication from a specific recipient device is permitted, the confidentiality from the specific recipient device In response to a request to receive an information file, the confidential information file is read from the confidential information file storage unit and sent to a specific recipient device. If the confidential information file is infected with a computer virus, the confidential information file is deleted. In addition, since it is a confidential information transfer system that is a confidential information transfer server that displays and outputs on the sender device a message notifying that the confidential information file has been deleted due to computer virus infection, it is not infected with a computer virus. Only the confidential information file can be uploaded and transferred to a desired recipient safely, thereby preventing the spread of computer viruses.

  In addition, according to the present invention, a user storage unit that stores information of a user who can log in to the confidential information transfer server is provided, and the confidential information transfer server permits login by user authentication from the sender side device. In response to the registration request of the receiver including the information on the receiver to be registered from the sender side device, it is determined whether or not the receiver to be registered exists in the user information in the user storage unit, and the reception If the sender exists, the sender and the recipient are temporarily registered in association with the recipient list storage unit, notified to the recipient device of the recipient to be registered by e-mail, and responded to the e-mail. If the login by the user authentication from the receiver side device is permitted, the correspondence between the sender and the receiver is properly registered in the receiver list storage unit in response to the sender registration request from the receiver side device. , Sender side Since it is a confidential information transfer system that notifies by e-mail, both sender and receiver are legitimate users registered in advance, and authentication is also performed when the receiver is registered in the recipient list at the request of the sender It is possible to improve the confidentiality of confidential information file transfer and secure transfer of confidential information files between companies and individuals even on the Internet used by unspecified majority. There is an effect that can be done.

  In addition, according to the present invention, the confidential information transfer server has a history information storage unit that stores records of transmission and reception of the confidential information file as history information together with the sender and the receiver. Read the information, identify the sender / receiver pair that does not send or receive the confidential information file for a specified time or longer based on the history information, and delete the sender / receiver pair from the receiver list storage unit Because it is a confidential information transfer system that periodically performs use suspension processing, it is possible to delete unnecessary data according to the frequency of transmission / reception and manage the list efficiently, reducing the load on the server and effectively using the database. This has the effect of improving the operational efficiency of the entire system.

  According to the present invention, there is also provided a history information storage unit that stores records of transmission and reception of confidential information files as history information together with the sender and the receiver, and the confidential information transfer server receives user information from the user storage unit. And the history information is read from the history information storage unit, the user who does not transmit or receive the confidential information file for a predetermined time or more based on the user information and the history information is specified, and information about the user is received from the recipient list storage unit. Since it is a confidential information transfer system that periodically performs usage suspension processing to be deleted, it is possible to delete unnecessary data according to the frequency of transmission and reception, and to manage the list efficiently, effectively using the database and reducing the load on the server There is an effect that mitigation can be achieved and the operational efficiency of the entire system can be improved.

Embodiments of the present invention will be described with reference to the drawings.
A confidential information transfer system (hereinafter, this system) according to an embodiment of the present invention includes a receiver list in which a sender and a receiver of a confidential information file are registered in association with each other, and a receiver and a confidential information file. The sender list registered in association with the sender is stored, and when the server permits login by the user authentication to the sender of the confidential information file, the confidential information file is referred to with reference to the receiver list. Displays a list of recipients that can be transferred to the sender, and when a recipient is selected from the list of recipients, the sender is referred to the sender list and the sender is selected according to the selected recipient. Confirm that it is registered, and if it is registered, accept the upload of the confidential information file by the sender, and upload the confidential information file when the upload is completed. An e-mail containing the information and the storage address of the confidential information file is sent to the recipient, and when the confidential information file is downloaded by the recipient, an e-mail is sent to the effect that the confidential information file has been downloaded. The confidential information file can be safely transferred between companies and individuals.

  In addition, this system stores a list of recipients registered in association with senders and receivers of confidential information files in the server, and has a computer virus check function, which encrypts from senders permitted to log in. If there is a request for uploading the confidential information file, the confidential information file is decrypted and checked whether the computer virus is included in the data. If the confidential information file contains a computer virus, a message will be displayed on the sender's terminal stating that the upload is not accepted because the virus is infected. Can be prevented.

  Note that the recipient list storage unit in the claims corresponds to the recipient list database in the figure, the sender list storage unit in the sender list database in the figure, the user storage unit in the user information database, and the history information storage. Each corresponds to a history information database.

  First, the configuration of a confidential information transfer system (present system) according to an embodiment of the present invention will be described with reference to FIG. FIG. 1 is a configuration block diagram of this system. As shown in FIG. 1, this system includes a confidential information transfer server 1, a recipient list database (in the figure, a recipient list DB, hereinafter referred to as this notation) 2, a confidential information file storage unit 3, and a sender list. A database (sender list DB in the figure, hereinafter referred to as this notation) 4, a user information database (user information DB in the figure, hereinafter referred to as this notation) 5, and a history information database (in the figure, history information DB, hereinafter referred to as this notation) 6), and a sender PC (Personal Computer) 7 and a receiver PC 9 are connected via the Internet 8.

The configuration of each part of the system will be described below.
The confidential information transfer server 1 is connected to the Internet 8 and provides a confidential information transfer service via the Internet 8. In the confidential information transfer service, the confidential information transfer server 1 specifically includes user login processing, confidential information file upload permission processing, confidential information file storage and readout processing, and e-mail transmission processing to the user. I do.
The confidential information transfer server 1 has the functions of a Web server and a mail server. The function of the Web server provides a confidential information file transfer service on the Web page via the Internet 8 and the function of the mail server. Send an email to the user.

Further, the confidential information transfer server 1 performs registration processing of the sender and receiver of the confidential information file in response to access from the user via the Internet 8.
In addition, the confidential information transfer server 1 periodically checks the transmission / reception status of the confidential information file, and uses the confidential information file transfer service to a user who does not transmit / receive the confidential information file for a specified time. Perform stop processing.
Details of the operation of the confidential information transfer server 1 in the confidential information transfer service, sender and receiver registration processing, and use stop processing will be described later.

Here, the configuration of the confidential information transfer server 1 will be described with reference to FIG. FIG. 2 is a configuration block diagram of the confidential information transfer server 1.
The confidential information transfer server 1 includes a reception unit 11, a control unit 12, and a transmission unit 13. The control unit 12 includes a memory 12a.
In FIG. 2, when receiving data from the Internet 8, the receiving unit 11 performs data format conversion and outputs the data to the control unit 12. By the format conversion by the receiving unit 11, the received data is converted into a data format that can be recognized by the control unit 12.

The control unit 12 controls processing performed in the confidential information transfer server 1.
The memory 12a stores a program for each process and parameters necessary for each process in the confidential information transfer server 1, and reads the program and the parameters by access from the control unit 12. In addition, the memory 12a stores or reads temporary data associated with the control of the control unit 12. Therefore, the control unit 12 reads the program and parameters stored in the memory 12a and executes each process performed by the confidential information transfer server 1.

  The transmission unit 13 performs format conversion on the data output from the control unit 12 and transmits the data to the Internet 8. By the format conversion by the transmission unit 13, the data from the control unit 12 is converted into a data format compatible with TCP / IP (Transmission Control Protocol / Internet Protocol).

  In FIG. 1, a recipient list DB 2 is a database that stores a recipient list of a confidential information transfer service connected to the confidential information transfer server 1. Here, the recipient list is a list in which the sender of the confidential information file and the receiver to which the sender can transmit the confidential information file are associated and registered.

FIG. 4 is a conceptual diagram of a recipient list in this system. In FIG. 4, the user A of the confidential information transfer service is registered as a sender together with a mail address, and the users X, Y, and Z are associated with the sender A together with the mail address as receivers. It is registered. This means that user A (sender A) can send his / her confidential information file to users X, Y, and Z (receivers X, Y, and Z).
In the receiver list, a pair of a sender of the confidential information file and a receiver who can transmit the file is registered for each sender. The information stored in the recipient list DB 2 is registered by a management PC (not shown) for a set of a sender and a recipient who have been notified in advance.
Although not shown in FIG. 4, the recipient list also includes a registration flag item. By setting the value of the registration flag, the sender / recipient pair is properly registered. In addition, it is possible to register temporarily. This will be described later.

  In FIG. 1, a confidential information file storage unit 3 is a database that is connected to the confidential information transfer server 1 and stores a confidential information file uploaded from a sender and a confidential information management table. Here, the confidential information management table is a table in which information related to the confidential information file stored in the confidential information file storage unit 3 is stored. In the confidential information file storage unit 3, the confidential information file is stored in the confidential information storage unit.

  FIG. 3 is a conceptual diagram of the confidential information management table and the confidential information storage unit in this system. In FIG. 3, the confidential information management table stores, for each confidential information file, information on the storage address, file name, sender, recipient, transmission date / time, and reception date / time of the confidential information file. The storage address indicates an address where the confidential information file is stored in the confidential information storage unit, and the confidential information storage unit has a structure linked to the confidential information management table by the address.

  In this system, every time a new confidential information file is uploaded and stored in the confidential information file storage unit 3, information related to the file is added to the confidential information management table by the confidential information transfer server 1. In addition, when a confidential information file is downloaded, the file itself is deleted from the confidential information storage unit, but information related to the file is not deleted from the confidential information management table for managing the transmission / reception status of the confidential information file. .

  In FIG. 1, the sender list DB 4 is a database that stores a sender list of the confidential information transfer service connected to the confidential information transfer server 1. Here, the sender list is a list in which the receiver of the confidential information file and the sender of the confidential information file that can be received by the receiver are associated and registered.

FIG. 5 is a conceptual diagram of a sender list in this system. In FIG. 5, the user X of the confidential information transfer service is registered as a receiver together with the mail address, and the users A and C are registered as senders in association with the receiver X together with the mail address. ing. This means that user X (receiver X) can receive confidential information files from users A and C (senders A and C).
In the sender list, a set of a receiver of the confidential information file and a sender of the file that can be received by the receiver is registered for each receiver. The information stored in the sender list DB 4 is registered by a management PC (not shown) for a set of a receiver and a sender who have been notified in advance.

In FIG. 1, the user information DB 5 is a database that is connected to the confidential information transfer server 1 and stores information on users who can use the confidential information transfer service. In the user information DB 5, a user name, a user ID, a password, a second password, and the like are stored for each user as user information, and confidential information is stored during the user login process and the use stop process. Referenced by the transfer server 1. Here, the password is required in the login process of the user, and the second password is required in the registration process of the sender or the receiver.
The user information stored in the user information DB 5 is registered by a management PC (not shown) for a user who has previously reported to use the service.

  The history information DB 6 is a database that stores history information on the usage status of the confidential information transfer service connected to the confidential information transfer server 1. In the history information DB 6, the confidential information transfer server 1 stores the confidential information file name, the sender and receiver information, and the transmission and reception records of the confidential information file as history information. Further, the history information is referred to by the confidential information transfer server 1 during the use stop process.

  The sender PC 7 and the receiver PC 9 are PCs connected to the Internet 8. The sender PC 7 and the receiver PC 9 store the user ID and digital certificate of the user of the confidential information service, respectively. The digital certificate is requested at the time of login as proof of the identity of the user in order to prevent impersonation of the user and login to the confidential information transfer server 1. Information about the sender PC 7 and the receiver PC 9 is registered in advance in the user information DB 5 together with information about the user who uses the PC.

  In this system, the sender of the confidential information file can log in to the confidential information transfer server 1 by a WWW (World Wide Web) browser using the user ID and digital certificate stored in the sender PC 7. You can upload information files. In addition, the recipient of the confidential information file can log in to the confidential information transfer server 1 by using the user ID and digital certificate stored in the recipient PC 9 and download the confidential information file using the WWW browser.

Next, the confidential information file transfer operation in this system will be described with reference to FIGS. 6, 7, 11, and 12. FIG. FIG. 6 is an operation explanatory diagram when transmitting a confidential information file in this system, FIG. 7 is an operation explanatory diagram when receiving a confidential information file in this system, and FIG. 11 is a confidential information file in this system. FIG. 12 is an explanatory diagram of a transmission setting screen, and FIG. 12 is an explanatory diagram of a screen after transmission of a confidential information file in this system.
6 and 7, the user information DB 5, the history information DB 6, and the Internet 8 shown in FIG. 1 are not shown for simplicity.

First, the operation when transmitting the confidential information file will be described.
In FIG. 1, the sender of the confidential information file, who is a user of the confidential information transfer service, uses the sender PC 7 to access the confidential information transfer service site provided by the confidential information transfer server 1 on the Web. When accessing the site, the confidential information transfer server 1 displays a login screen on the sender PC 7 and prompts the user information input for using the service.
The sender enters his / her user ID and password on the login screen of the site, selects his / her digital certificate, and logs in to the confidential information transfer server 1 (FIG. 6 (1)).

  When the sender logs in, the user ID, password, and digital certificate (hereinafter, login information) are transmitted to the confidential information transfer server 1 via the Internet 8, and the receiver 11 is further connected in the confidential information transfer server 1. To the control unit 12. In the login process, the login information is encrypted by SSL (Secure Socket Layer) or the like and transmitted to the confidential information transfer server 1.

The controller 12 of the confidential information transfer server 1 first decrypts the input login information. Next, the user information DB 5 is accessed, the stored user information is referred to, it is determined whether or not there is a user corresponding to the input login information, and login authentication is performed.
If it is determined that there is a corresponding user as a result of the login authentication, the control unit 12 recognizes that the sender who has performed the login process is an authorized user, and permits the login. Then, the confidential information transfer service menu screen is displayed to the sender PC 7. The menu screen displays a list of processing contents that can be used by the sender, such as “transmission of confidential information file” and “registration of sender or receiver”, and the sender can select a desired process from the list. .

When the “transmission of confidential information file” is selected by the sender on the menu screen of the confidential information transfer service, the confidential information transfer server 1 sets the transmission setting of the confidential information file as shown in FIG. Display the screen.
In the transmission setting screen of FIG. 11, the transmission destination person in charge column 21 is a pull-down menu, and when a button on the right side is clicked, a list of recipients (recipients) who can transmit the confidential information file is displayed. Specifically, when the button on the right side of the “transmission destination person in charge” is clicked, the control unit 12 of the confidential information transfer server 1 accesses the recipient list DB 2 and refers to the recipient list. (FIG. 6 (2)), it can be realized by reading a list of recipients registered in association with the logged-in sender from the list and displaying it in the destination person in charge column 21 as a destination list.

In FIG. 11, a title column 22 is a column for inputting the title of an e-mail to be notified to the recipient of the confidential information file. The client column 23 is a column for inputting a sender name. When the setting screen is displayed, the sender name or the mail address is input in advance. The communication column 24 is a column for inputting the comment content of the e-mail notified to the recipient.
The upload file name column 25 is a column for selecting a confidential information file to be transmitted. When the upload file name field 25 is clicked, a file selection screen on the sender PC 7 is newly displayed. When the sender selects a desired confidential information file from the selection screen, the file name is input to the upload file name field 25. Is done.

  Then, when the transmission button 26 is clicked in a state where information is input in all the input fields 21 to 25 in FIG. 11, the sender PC 7 reads the confidential information file displayed in the upload file name field 25, The information input in the input fields 21 to 24 is transmitted to the confidential information transfer server 1 via the Internet 8. Information input to the input fields 21 to 24 and the confidential information file (hereinafter referred to as transmission information) are encrypted and transmitted to the confidential information transfer server 1.

  The encrypted transmission information is output to the control unit 12 via the receiving unit 11 in the confidential information transfer server 1 and decrypted. Then, the control unit 12 of the confidential information transfer server 1 accesses the sender list DB 4 and refers to the sender list, and is registered in association with the receiver selected in the destination person in charge column 21 from the list. It is confirmed whether there is a sender of the confidential information file among the senders (FIG. 6 (3)).

  As a result of the determination by the sender list, if it is determined that the sender of the confidential information file is registered in association with the receiver, the control unit 12 determines that the confidential information file can be transferred to the receiver. Then, upload of the decrypted confidential information file is permitted and stored in the confidential information file storage unit 3 ((4) in FIG. 6).

In storing the confidential information file, the control unit 12 determines an address (storage address) in the confidential information file storage unit 3 for storing the file, and further uses the date and time when the file is stored as the transmission date and time. Along with the file name, sender, and receiver, new registration is performed in the confidential information management table of the confidential information file storage unit 3 as shown in FIG. Then, the file is stored at the storage address of the confidential information file storage unit 3.
Further, the control unit 12 accesses the history information DB 6 and stores a transmission record including the confidential information file name, the sender, the receiver, and the transmission date and time as history information.

After storing the confidential information file, the control unit 12 displays a screen after transmitting the confidential information file as shown in FIG. In the screen of FIG. 12, the addressee, the comment content, and the confidential information file name among the transmission information are displayed, and the fact that the confidential information file has been transmitted is displayed.
In addition, a destination change button 27 and an OK button 28 are displayed on the screen of FIG. When the address change button 27 is clicked, the control unit 12 switches and displays a screen for changing the addressee. The screen displays a list of recipients that can be sent, and the sender can select a recipient from the list and change the recipient only once. When the OK button 28 is clicked, the control unit 12 recognizes that it has been confirmed by the recipient selected on the setting screen in FIG. 11, and transmits a comment e-mail to the recipient PC 9 of the recipient ( FIG. 6 (5)).

In transmitting the e-mail, the control unit 12 creates an e-mail including the title and comment of the transmission information and the storage address of the confidential information file, and outputs the e-mail to the transmission unit 13. The transmission unit 13 transmits the mail to the recipient PC 9 via the Internet 8.
The recipient of the confidential information file can know that the confidential information file has been transmitted from the sender to himself / herself by referring to the electronic mail. The above is the operation when transmitting the confidential information file in this system.

Next, the operation when receiving the confidential information file will be described.
After the electronic mail is transmitted from the confidential information transfer server 1, when the storage address of the confidential information file included in the mail is clicked by the recipient PC 9, a signal indicating that the address is referred to is sent to the confidential information transfer server 1. Send to. When the control unit 12 of the confidential information transfer server 1 detects the signal via the receiving unit 11, the control unit 12 displays a login screen on the receiver PC 9, and inputs user information for using the service in the same manner as when the sender logs in. Prompt.
The receiver inputs his / her user ID and password on the login screen of the site, selects his / her digital certificate, and logs in to the confidential information transfer server 1 (FIG. 7 (6)).

When the recipient logs in, the login information of the user ID, password, and digital certificate is encrypted and transmitted to the confidential information transfer server 1 via the Internet 8, and further within the confidential information transfer server 1, the receiving unit 11. Is output to the control unit 12.
The control unit 12 of the confidential information transfer server 1 decrypts the input login information, then accesses the user information DB 5, refers to the stored user information, and corresponds to the input login information. It is determined whether or not there is a login authentication.

If it is determined that there is a corresponding user as a result of the login authentication, the control unit 12 recognizes that the recipient who performed the login process is a legitimate user, and permits the login. Then, a confidential information file download screen is displayed to the recipient PC 7.
Here, on the download screen, a link of information on the storage address of the button or the confidential information file is displayed, and the download of the confidential information file is started when the recipient clicks the button or the link.

  When the receiver starts downloading on the download screen, the control unit 12 reads the confidential information file from the confidential information file storage unit 3 (FIG. 7 (7)), and the control unit 12 further sends the confidential information file to the transmission unit 13. The data is output and transmitted to the recipient PC 9 via the Internet 8 (FIG. 7 (7 ′)). In transmission via the Internet 8 in FIG. 7 (7 ′), the confidential information file is transmitted after being encrypted by the control unit 12 and decrypted by the recipient PC 9.

When downloading the confidential information file, the control unit 12 updates the corresponding information in the confidential information management table of the confidential information file storage unit 3 with the date and time when the file was read as the reception date and time. In addition, the control unit 12 deletes the read confidential information file from the confidential information file storage unit 3.
In addition, the control unit 12 accesses the history information DB 6 and stores a reception record including the confidential information file name, the sender, the receiver, and the reception date and time as history information.

When the download of the confidential information file is completed, the control unit 12 transmits an e-mail to the sender PC 7 (FIG. 7 (8)). Specifically, the control unit creates an e-mail including a comment indicating that the download has been performed by the receiver, and outputs the e-mail to the transmission unit 13. The transmission unit 13 transmits the mail to the sender PC 7 via the Internet 8.
The sender of the confidential information file can know that the confidential information file has been downloaded by the receiver by referring to the electronic mail addressed to the sender PC 7. The above is the operation when the confidential information file is received in this system.

In this system, a virus check program is stored in the memory 12a of the control unit 12 of the confidential information transfer server 1, and the control unit 12 performs a virus check on the file when uploading the confidential information file. It may be. Further, when a computer virus is detected, the control unit 12 may delete the file and display a message that “a virus error has occurred in the file” to the sender PC 7.
By performing a virus check process on the confidential information file, it is possible to prevent the confidential information file infected by the virus from being transferred, and to improve the reliability of the confidential information transfer service.

If the confidential information file uploaded by the sender and stored in the confidential information file storage unit 3 is not downloaded by the receiver for a certain period, the control unit 12 of the confidential information transfer server 1 does not download the file. You may make it notify a sender | reporting to the effect on an email or Web.
In this case, a time limit for storing the confidential information file is set in the memory 12a of the control unit 12, and the control unit 12 monitors the confidential information management table of the confidential information file storage unit 3, and the confidential information file exceeds the time limit. The above processing can be realized by controlling the confidential information file stored in the storage unit 3 to notify the sender.

  In addition, the control unit 12 confirms whether or not the sender who received the notification that the file is not downloaded is urged to prompt the receiver, and when a request for urgency is received from the sender, You may make it notify to a recipient on an email or Web.

As described above, when uploading the confidential information file, the system refers to the recipient list and the sender list, and the pair of the sender of the confidential information file and the recipient recipient is included in any list. Upload is accepted only when registered, and the confidential information file is stored in the confidential information file storage unit 3.
Therefore, when transmitting a confidential information file, it is necessary that a set of a sender and a receiver of the file is registered in advance in the sender list and the receiver list. On the other hand, the user of the confidential information transfer service may want to add a new sender or receiver.
For this reason, this system can accept the registration process of the sender and the receiver by the access of the user of the confidential information transfer service.

  Next, the operation of registration processing of the sender and receiver of the confidential information file in this system will be described with reference to FIG. FIG. 8 is an operation explanatory diagram of registration processing of the sender and receiver of the confidential information file in this system. Also in FIG. 8, the user information DB 5, the history information DB 6, and the Internet 8 are not shown for the sake of simplicity.

  Assume that the sender of the confidential information file attempts to register a new recipient as the recipient of the confidential information file. In FIG. 8, the sender uses the sender PC 7 to access a confidential information transfer service site provided by the confidential information transfer server 1 on the Web. When the site is accessed, since the confidential information transfer server 1 displays a login screen on the sender PC 7, the sender inputs his / her user ID and password, selects a digital certificate owned by himself / herself, and Login to the information transfer server 1 is performed (FIG. 8 (11)).

  When the sender logs in, the sender's user ID, password, and digital certificate (login information) are encrypted and transmitted to the confidential information transfer server 1 via the Internet 8. Then, the data is output to the control unit 12 via the reception unit 11. The control unit 12 performs login authentication of the sender based on the login information. Since the login authentication method is the same as that in the transfer process of the confidential information file, detailed description is omitted.

As a result of the login authentication, if it is determined that the user is an authorized user and the login is permitted, the control unit 12 next displays a menu screen of the confidential information transfer service on the sender PC 7. When “registration of sender or receiver” is selected by the sender on the menu screen, the control unit 12 displays a screen prompting the sender PC 7 to input the second password. The second password is required in the registration process of the sender or receiver, and is set for each user of the confidential information transfer service.
Note that the control unit 12 may allow registration of the recipient without requesting the second password.

When the second password of the sender is input on the screen, the second password is encrypted and transmitted to the confidential information transfer server 1 via the Internet 8. In the confidential information transfer server 1, the second password is output to the control unit 12 via the receiving unit 11 and decrypted.
Next, the control unit 12 accesses the user information DB 5 and refers to the user information corresponding to the sender to determine whether or not the input second password is correct. If it is determined that the second password is correct, the control unit 12 displays a screen that prompts the sender PC 7 to input information on the recipient to be registered. Here, examples of information that can be input on the screen include a recipient name and a user ID of the recipient.

When the sender inputs the information of the recipient to be registered, the information is encrypted and transmitted to the confidential information transfer server 1, and the confidential information transfer server 1 via the receiver 11 controls the control unit 12. To be decoded.
Then, the control unit 12 accesses the user information DB 5 and searches whether there is user information corresponding to the input recipient. If it is determined that the corresponding user information is stored in the user information DB 5 as a result of the search, the control unit 12 reads the corresponding user information and then accesses the recipient list DB 2 to transmit the recipient list. The recipient and the email address of the recipient are provisionally registered in association with the recipient (FIG. 8 (12)). In provisional registration, the control unit 12 can perform provisional registration of a receiver by setting a specific value in a registration flag for a pair of a receiver and a sender in the receiver list.
If it is determined that the corresponding user information is not stored in the user information DB 5 as a result of the search, the control unit 12 informs the sender PC 7 that “the relevant receiver is not registered as a user”. A message is displayed, and a screen prompting the recipient to input information again is displayed.

Next, the control unit 12 transmits an electronic mail to the registered recipient (FIG. 8 (13)). In transmitting the e-mail, the control unit 12 creates an e-mail indicating that the e-mail is registered in the recipient list by the sender, and outputs the e-mail to the transmission unit 13. The transmission unit 13 transmits the mail to the recipient PC 9 of the recipient registered via the Internet 8.
The registered recipient can know that he / she is registered in the transmission destination of the confidential information file by referring to the electronic mail.

In addition, the recipient who has received the e-mail performs processing for permitting the sender to register himself / herself. After the e-mail is transmitted from the confidential information transfer server 1, the recipient PC 9 accesses a site of the confidential information transfer service provided on the Web by the confidential information transfer server 1. When accessing the site, the confidential information transfer server 1 displays a login screen on the receiver PC 9 and prompts the user information input for using the service in the same manner as when the sender logs in.
The recipient inputs his / her user ID and password on the login screen of the site, selects a digital certificate owned by himself / herself, and logs in to the confidential information transfer server 1 (FIG. 8 (14)).

  When the recipient logs in, the recipient's user ID, password, and digital certificate (login information) are encrypted and transmitted to the confidential information transfer server 1 via the Internet 8. Then, the data is output to the control unit 12 via the reception unit 11. As in the case of the sender, the control unit 12 performs login authentication of the receiver based on the login information.

As a result of the login authentication, if it is determined that the user is a receiver and the login is permitted, the control unit 12 displays a screen for confirming the registration of the sender on the receiver PC 9. When the receiver selects to register on the screen, the control unit 12 displays a screen prompting the receiver PC 9 to input the second password.
When the second password of the recipient is input on the screen, the second password is encrypted and transmitted to the confidential information transfer server 1 via the Internet 8. In the confidential information transfer server 1, the second password is output to the control unit 12 via the receiving unit 11 and decrypted.

The control unit 12 accesses the user information DB 5 and refers to the information on the user corresponding to the sender to determine whether the input second password is correct. When determining that the second password is correct, the control unit 12 accesses the sender list DB 4 and associates the sender who performed the registration process of the receiver with the receiver in the sender list, The mail address of the sender is registered (FIG. 8 (15)).
In the registration to the sender list, the control unit 12 determines whether the second password of the receiver is correct or not, and then, similar to the case of registration of the receiver, the control unit 12 registers the sender to be registered with the receiver PC 7. A screen that prompts input of information may be displayed, and it may be confirmed whether or not the sender is registered as a user.

After registration in the sender list, the control unit 12 sends an e-mail to the registered sender (FIG. 8 (16)). In transmitting the e-mail, the control unit 12 creates an e-mail that is registered in the sender list by the receiver, and outputs the e-mail to the transmission unit 13. The transmission unit 13 transmits the mail to the sender's sender PC 7 registered via the Internet 8.
The registered sender can know that the receiver has agreed to receive the confidential information file transmitted from him / her by referring to the electronic mail.

  Then, the control unit 12 accesses the recipient list DB 2 to refer to the recipient list, changes the value of the registration flag of the pair of the sender and the recipient temporarily registered in FIG. A pair of the receiver and the receiver is finally registered in the receiver list (FIG. 8 (17)). The sender can transfer the confidential information file to the receiver in a state where the main registration to the receiver list is completed. The above is the operation of the sender and receiver registration processing in this system.

The sender and receiver registration process described above can also be applied to the deletion of the sender and the receiver. In other words, the sender and recipient deletion process notifies the recipient by e-mail when the sender temporarily deletes the recipient from the recipient list. When deletion is performed, the sender is notified by e-mail, and further, the receiver is permanently deleted from the recipient list.
Further, in this system, the sender and the recipient may be deleted without obtaining the consent of the sender or receiver to be deleted.

  Next, the operation of the use suspension process in this system will be described with reference to FIGS. FIG. 9 is a flowchart of the operation of the first usage suspension process in the system, and FIG. 10 is a flowchart of the operation of the second usage suspension process in the system.

In this system, the first and second use stop processes are periodically performed in the confidential information transfer server 1. As the frequency of each stop process, for example, a method of performing the first use stop process once a week or every month and the second use stop process once a day can be considered.
Further, as a specific configuration for performing the use suspension process, a memory 12a of the control unit 12 stores in advance a program for the use suspension process and a management program for managing the execution time of the program, and the control unit 12 Reads the above management program when the confidential information transfer server 1 is started up, etc., constantly operates it, compares the execution time managed by the program with the current time, and stops use when both times match A configuration in which the program is read and executed is conceivable.

  Further, when performing the first and second use stop processing, the memory 12a of the control unit 12 of the confidential information transfer server 1 has a predetermined time value for determining that the confidential information file is not transmitted / received in advance. Is set.

First, the operation of the first usage stop process will be described.
The control unit 12 of the confidential information transfer server 1 accesses the history information DB 6, refers to the history information of transmission and reception of the confidential information file (S11), and transmission / reception of the confidential information file from the history information exceeds a specified time. It is confirmed whether there exists a set of a sender and a receiver that is not performed (S12).

  In the process S12, when there is a set of a sender and a receiver that has not been transmitted and received for a predetermined time or more (in the case of Yes in S12), the control unit 12 stores the receiver list and the sender list DB4 in the receiver list DB2. The corresponding sender / recipient pair is deleted from the sender list (S13), and the first use suspension process is terminated. In process S12, when there is no set of a sender and a receiver that satisfies the above conditions (in the case of No in S12), the control unit 12 ends the first use suspension process.

As the operation of the control unit 12 when deleting the transmission / reception pair from the recipient list and the sender list in the first use suspension process, the following method can be considered.
The control unit 12 extracts information that is newer than the specified time value from the history information stored in the history information DB 6. Then, the information of the sender and the receiver is read from each extracted history information and stored as a set in the memory 12a.
Next, the control unit 12 accesses the recipient list DB2 and the sender list DB4, and sets the sender and the receiver registered in the recipient list and the sender list, the sender stored in the memory 12a, and The pair of recipients is checked, it is confirmed whether there is a pair not stored in the memory 12a among the pairs registered in each list, and the corresponding pair is deleted from each list.

As other methods, the following methods are also conceivable.
The control unit 12 extracts history information from the history information stored in the history information DB 6 from the specified time value to a certain period before, and information on the sender and the receiver is extracted from each extracted history information. Are stored in the memory 12a as a set.
Next, the control unit 12 extracts history information that is newer than the specified time value, reads the information of the sender and the receiver, compares the read information with the stored set of the sender and the receiver, and matches them. If there is something to be done, the corresponding one is erased from the stored sender / recipient group, and the remaining group is deleted from the receiver list and sender list.
According to this method, since the set of senders and receivers to be deleted is obtained at a minimum every time in the use stop processing, the confidential information transfer server 1 can perform the use stop processing quickly and stop using The processing load can be reduced.

Next, the operation of the second usage stop process will be described.
The control unit 12 of the confidential information transfer server 1 accesses the user information DB 5, refers to a user who can use the confidential information transfer service, further accesses the history information DB 6, and transmits the confidential information file transmission and reception history information. Reference is made (S21). Then, it is confirmed from the history information whether there is a user who does not transmit / receive the confidential information file for a predetermined time or more (S22).

In the process S22, when there is a user who has not performed transmission / reception for a predetermined time or more (in the case of Yes in S22), the control unit 12 selects the corresponding from the receiver list of the receiver list DB2 and the sender list of the sender list DB4 (S23), and the first use suspension process is terminated. In process S12, when there is no user who satisfies the above conditions (in the case of No in S22), the control unit 12 ends the second use stop process.
As the operation of the control unit 12 when deleting a user from the recipient list and the sender list in the second use suspension process, the same method as in the case of the first use suspension process described above can be used.

The first and second use stop processing only deletes from the recipient list and sender list used when sending / receiving the confidential information file, and does not delete the user registration of the service. . Therefore, even if it becomes a user, if a registration process is performed again, transmission / reception of a confidential information file will be attained.
In this system, the control unit 12 can no longer use the confidential information transfer service for the sender or the receiver deleted by the process S13 of the first use stop process or the process S23 of the second use stop process. In addition, it may be notified that the registration process is prompted again.

A method for deleting information from the recipient list and the sender list in the first and second use stop processing will be described by taking the recipient list of FIG. 4 as an example.
In the first use stop process described above, the deletion is performed for the sender and the receiver. For example, when the confidential information file is not transmitted and received between the sender A and the receiver X for a specified time, the control unit 12 deletes only the pair of the sender A and the receiver X from the receiver list. The pair of the sender A and the receiver Y and the sender A and the receiver Z are left as they are.

In the second use stop process, deletion is performed for each user.
For example, when the confidential information file is not transmitted / received for the user A for a specified time, the control unit 12 deletes the information about the sender A from the receiver list, so that the sender A and the receiver X are transmitted. The group of the sender A and the receiver Y and the sender A and the receiver Z are deleted.

The sender or receiver deleted from each list by the first and second use suspension processing is registered in the sender list and the recipient list again by performing the above-described sender and receiver registration processing, The confidential information file can be transferred.
In addition, with respect to the specified time value used in the use suspension process, the specified time for the second use suspension process in consideration of the fact that the frequency of transmission / reception in a single user is higher than the frequency of transmission / reception between two specific parties. It is desirable to set the value shorter than in the case of the first use suspension process.

  As described above, according to this system, the confidential information transfer server 1 refers to the recipient list from the recipient list DB 2 to the sender of the confidential information file, and lists the recipients who can transfer the confidential information file. When a desired recipient is selected from the list of recipients, the sender is registered with reference to the selected recipient by referring to the sender list from the sender list DB4. If it is confirmed that it is registered, the upload of the confidential information file is accepted by the sender, the confidential information file is stored in the confidential information file storage unit 3, and the confidential information file is uploaded after the storage. And an email containing the storage address of the confidential information file is sent to the recipient, the login is permitted to the recipient by user authentication, and the confidential information is When Airu is downloaded, and transmits the email to the effect that the confidential information file is downloaded to the sender, there is an effect that can be transferred safely confidential information file in B2B and individuals.

  In particular, the system registers the sender of the confidential information file in the receiver list in association with the receiver to whom the sender can transmit the confidential information file, and receives the confidential information file in the sender list. The sender and the sender of the file in which the receiver can receive the confidential information file are registered in association with each other, and the sender and the receiver registered in both the receiver list and the sender list In addition, since the sender and the receiver are users of the confidential information transfer service registered in advance in this system, the sender and the receiver are mutually trusted legitimate senders and The confidential information file can be exchanged with the receiver, and the confidential information file can be safely transferred between companies and individuals.

  Also, according to the present system, when the confidential information transfer server 1 accepts registration of the recipient of the confidential information file from the sender, the confidential information transfer server 1 temporarily registers the sender and the recipient in association with each other in the recipient list. When the recipient is notified of the provisional registration e-mail and the sender's registration is accepted from the recipient, the sender and the recipient are registered in association with the sender list and received. Since the temporary registration of the sender and the receiver in the sender list is reset to permanent registration, the sender is notified by e-mail that the receiver has agreed to receive the confidential information file. The receiver list and the sender list can be updated in response to fluctuations in the combination of senders and receivers at any time, so even on the Internet, which is used by unspecified majority, between companies and individuals. There is an effect that it is possible to safely transfer the information file.

  In addition, according to the present system, the confidential information transfer server 1 monitors the transmission / reception status of the confidential information file for each pair of the sender and the receiver or the user of the confidential information transfer service, and transmits / receives the confidential information file for a specified time. For the group or user that was not performed, the use suspension process to delete from the receiver list and the sender list is periodically performed, so the sender and the receiver reflecting the actual transmission / reception status can be managed, and confidential There is an effect that the confidential information file can be safely transferred between companies and individuals while improving the confidentiality of the information file transfer.

Next, a confidential information transfer system according to another embodiment of the present invention will be described.
In the above example, in order to increase the confidentiality of the information by strictly checking the combination of the sender and the recipient, both the recipient list for the sender and the sender list for the recipient are stored in the confidential information transfer server. However, in another confidential information transfer system, the sender list is omitted and the confidential information file sent from the sender is checked for computer viruses. Thus, only when the computer virus is not infected, the upload is accepted and only the secure file is transferred, and the recipient computer and the confidential information transfer server are prevented from being infected with the computer virus.

  Even if the sender list is omitted, both the sender and the receiver are legitimate users who are registered in advance in the confidential information transfer service, and when registering to the receiver list from the sender side, Unlike the above-mentioned system, not only the sender's authentication but also the receiver who wants to register is authenticated, and the receiver needs to confirm the sender and accept the registration. Therefore, confidentiality in information transfer is sufficiently maintained.

A configuration of a confidential information transfer system according to another embodiment will be described with reference to FIG. FIG. 13 is a configuration block diagram of a confidential information transfer system (another system) according to another embodiment of the present invention.
As shown in FIG. 13, the other system is almost the same as the confidential information transfer system shown in FIG. 1, except that the sender list DB 4 is not provided and the control unit of the confidential information transfer server 1 ′ is provided. 1 except that a computer virus check means (not shown) is provided.

  Specifically, the virus check means is an anti-virus program stored in a memory in the control unit of the server 1 ′, and the control unit activates the program to perform virus check and infected file deletion processing.

Also, the confidential information file upload permission processing in the confidential information transfer server 1 'is partially different from that in the system of FIG.
In addition, about the part to which the same name and code | symbol as FIG. 1 was attached | subjected, it has the structure and operation | movement similar to the system shown in FIG.

Next, an operation at the time of transmitting a confidential information file, which is a characteristic part of another system, will be described with reference to FIG. FIG. 14 is an operation explanatory diagram showing an operation at the time of transmission of a confidential information file in another system.
As shown in FIG. 14, first, the sender uses the sender PC 7 to input his / her user ID and password on the site login screen, select a digital certificate, and send it to the confidential information transfer server 1 ′. Is logged in (FIG. 14 (1)).

  When the sender logs in, the login information of the user ID, password, and digital certificate is encrypted by the sender PC 7 and transmitted to the confidential information transfer server 1 ′ via the Internet 8, and the confidential information transfer server 1 ′. Inside, it is output to the control unit 12 ′ via the receiving unit 11.

Then, after decrypting the login information, the control unit 12 of the confidential information transfer server 1 ′ accesses the user information DB 5, refers to the stored user information, and corresponds to the input login information. It is determined whether or not there is a login authentication.
If it is determined that there is a corresponding user as a result of the login authentication, the control unit 12 ′ recognizes that the sender who performed the login process is an authorized user, and permits login. Then, the confidential information transfer service menu screen is displayed to the sender PC 7.

When the “transmission of confidential information file” is selected by the sender on the menu screen of the confidential information transfer service, the confidential information transfer server 1 ′ sets the transmission setting of the confidential information file shown in FIG. Display the screen.
Then, the control unit 12 ′ of the confidential information transfer server 1 accesses the recipient list DB 2 to refer to the recipient list (FIG. 14 (2)), and registers it in association with the logged-in sender from the list. The received list of recipients is read out and displayed in the destination person in charge column 21 as a destination address list.

  When the receiver is selected on the transmission setting screen displayed on the sender PC 7, the title is input, the confidential information file to be transmitted is selected, and the transmission button is clicked, the sender PC 7 The designated confidential information file is read out and transmitted to the confidential information transfer server 1 ′ along with other input information via the Internet 8. The transmission information is encrypted and transmitted to the confidential information transfer server 1 ′.

  The encrypted transmission information is output to the control unit 12 ′ via the receiving unit 11 in the confidential information transfer server 1 ′ and decrypted. Up to this point, the processing is the same as that in the system shown in FIG. Then, in the control unit 12 ′ of the confidential information transfer server 1 ′, the virus checking means performs a virus scan on the decrypted confidential information file to determine whether or not it is infected with a computer virus (FIG. 14 (3)). )).

  If it is determined as a result of the virus check that the confidential information file is not infected with a computer virus, the control unit 12 'of the confidential information transfer server 1' can transfer the confidential information file to the recipient. And uploading of the decrypted confidential information file is permitted.

  When the upload of the confidential information file is permitted, the control unit 12 ′ of the confidential information transfer server 1 ′ determines the address (storage address) in the confidential information file storage unit 3 in the same manner as the transmission operation shown in FIG. Then, it is stored in the confidential information file storage unit 3 (FIG. 14 (4)). Further, the transmission date and time, confidential information file name, sender, and receiver are newly registered in the confidential information management table of the confidential information file storage unit 3 shown in FIG.

  Then, the control unit 12 ′ of the confidential information transfer server 1 ′ sends the transmission information to the recipient PC 9 of the recipient who is input as the transmission information or the recipient who has been changed on the screen after the confidential information file transmission shown in FIG. An e-mail including the title and comment and the storage address of the confidential information file is transmitted (FIG. 14 (5)).

  If the control unit 12 'of the confidential information transfer server 1' determines that the confidential information file input as transmission information is infected with a computer virus in the virus check in FIG. The control unit 12 ′ of the information transfer server 1 ′ deletes (discards) the confidential information file immediately without storing it in the confidential information file storage unit 3, and notifies the sender PC 7 that there is a risk of virus infection. Therefore, a pop-up screen including a message such as “The file has been deleted” is displayed (FIG. 14 (5 ′)). In this way, processing at the time of transmission in another system is performed.

As a result, even if the sender does not realize that his / her PC is infected with a computer virus and has sent the confidential information file to the receiver, the confidential information transfer server 1 ′ ensures that the infected file is transmitted. It is possible to eliminate the virus infection on the confidential information transfer server 1 ′ and the recipient PC 9.
Further, the sender can recognize that his / her computer is infected with a virus from the display screen from the confidential information transfer server 1 'and can take a quick countermeasure.

  When the confidential information file is infected with a virus, the control unit 12 ′ of the confidential information transfer server 1 ′ accesses the history information DB 6 and discards the date, the confidential information file name, the sender, and the reception You may make it memorize | store the data containing a person.

  Further, the operation at the time of reception of another system is the same as the operation of this system shown in FIG.

Furthermore, the procedure for registration in the recipient list DB 2 in another system will be described with reference to FIG. FIG. 15 is an explanatory diagram of the operation of registration processing in the recipient list DB 2 in another system.
As shown in FIG. 15, (11) to (14) in FIG. 15 are the same as (11) to (14) in FIG. 8 as in FIG. 8, but the sender DB 4 is provided in another system. Therefore, the process of registering in the sender DB 4 in association with the receiver is not performed for the sender that has performed the receiver registration process described in (15) of FIG.

  That is, when the sender's mail address is provisionally registered in the recipient list DB 2 by the sender who has been authenticated by login (FIG. 15 (11)) and further authenticated by the second password (FIG. 15 (12)), The control unit 12 of the confidential information transfer server 1 ′ transmits an e-mail addressed to the receiver (FIG. 15 (13)), the receiver accesses the confidential information transfer service site, is authenticated for login, and is registered by the sender. If it is selected to confirm the password and further authenticated by the second password, the control unit 12 transmits an e-mail for registration confirmation to the sender (FIG. 15 (15)), and also transmits the transmission to the recipient list DB2. The recipient's mail address is fully registered in association with the recipient (FIG. 15 (16)). In this way, registration in the recipient list DB2 is performed.

  Further, the use suspension process in another system is performed only for the recipient list of the recipient list DB2, and the processing method is the same as that of the above-described system.

  According to the confidential information transfer system according to another embodiment of the present invention, the confidential information transfer server 1 ′ is provided with virus checking means for checking the presence or absence of a computer virus. The sender list DB2 refers to the recipient list and displays a list of recipients to whom the confidential information file can be transferred to the sender. The sender PC 7 selects the recipient from the list of recipients. When the selected information is encrypted and transmitted, the confidential information transfer server 1 ′ decrypts the received information to determine whether the confidential information file is infected with a computer virus. If not, the confidential information file is uploaded by the sender and stored in the confidential information file storage unit 3. Send an e-mail containing the delivery address to the specified recipient, permit login to the recipient by user authentication, and send the e-mail to that effect when the confidential information file is downloaded Therefore, only safe confidential information files that are not infected with computer viruses can be transferred, and even if the sender sends the confidential information files without noticing the virus infection, There is an effect that it is possible to prevent a virus from spreading to an information transfer server or the like and spreading damage.

  In the above-described system and another system described above, the sender PC and the receiver PC are described as being directly connected to the Internet. However, a plurality of senders / receivers connected to the Internet via an in-house LAN. The PC may access the confidential information transfer server. In this case, the confidential information transfer system can also be used for communication between employees in the company.

  Further, in the above-described system and another system, three types of authentication information including a user ID, a password, and a digital certificate are required as login information for receiving the service of the confidential information transfer system. Login is possible only when all of the logged-in information matches the registered information. However, the authentication method at the time of login can be changed step by step according to the creditworthiness of the user.

  For example, assuming a case where a plurality of sender / recipient PCs connected via an in-house LAN access a confidential information transfer server, a USB key (USB Tokens) (first authentication method). This is because an employee (user) registered in advance in the confidential information transfer service has a USB key storing his / her user ID, and when using the confidential information transfer service, the user must By accessing the site after being inserted into the sender / recipient PC, the service site can be accessed only by authentication with the user ID. Note that the device identifier of the USB key may be used as authentication information instead of the own user ID.

  The authentication with only the USB key can be, for example, an employee of a customer (company) who has a high degree of trust for the operating company of the confidential information transfer service. That is, the possession of the USB key itself increases the user's trust. Authentication using a USB key does not require the user to input a user ID each time, allows easy login to the site, and improves operability.

  As a method of authentication at the time of logging in to the service site, a method of inputting a user ID and a password (second authentication method) or a method of inputting a USB key, a user ID and a password (third method) As an even more stringent method, authentication using a USB key, user ID, password, and digital certificate (fourth authentication method) can be considered.

  For example, even if a person works in the same company, a regular employee can access the service site by authentication using only a USB key, and a temporary employee can access when authenticated by a method of entering a user ID and password. Can be used.

  And when changing an authentication method according to a user, at the time of user registration, which authentication method is authenticated for each user is registered, and the user name and user ID are registered in the user information DB. This is stored together with a password, a digital certificate, and the like. When the device identifier of the USB key is used, the device identifier information is also stored in the user information DB in association with the user. When there is an access from the user, authentication is performed by a registered method and login is permitted.

  As described above, according to the confidential information transfer system according to the embodiment of the present invention, by preparing a plurality of authentication methods with gradually changing severity, authentication at the time of login according to the user's trustworthiness The method can be changed, and the operability of a highly reliable user can be improved while maintaining confidentiality.

  INDUSTRIAL APPLICABILITY The present invention is suitable for a confidential information transfer system that can safely transfer confidential information data files while preventing the spread of computer viruses in exchange of confidential information data files between companies and individuals using the Internet.

1 is a configuration block diagram of a confidential information transfer system according to an embodiment of the present invention. 3 is a block diagram showing the configuration of a confidential information transfer server 1. FIG. It is a conceptual diagram of the confidential information management table and confidential information storage part in the confidential information transfer system which concerns on embodiment of this invention. It is a conceptual diagram of a recipient list in the confidential information transfer system according to the embodiment of the present invention. It is a conceptual diagram of a sender list in the confidential information transfer system according to the embodiment of the present invention. It is operation | movement explanatory drawing at the time of transmission of the confidential information file in the confidential information transfer system which concerns on embodiment of this invention. It is operation | movement explanatory drawing at the time of reception of the confidential information file in the confidential information transfer system which concerns on embodiment of this invention. It is operation | movement explanatory drawing of the registration process of the sender and receiver of a confidential information file in the confidential information transfer system which concerns on embodiment of this invention. It is a flowchart figure of operation | movement of the 1st use stop process in the confidential information transfer system which concerns on embodiment of this invention. It is a flowchart figure of the operation | movement of the 2nd utilization stop process in the confidential information transfer system which concerns on embodiment of this invention. It is explanatory drawing of the setting screen of the confidential information file transmission in the confidential information transfer system which concerns on embodiment of this invention. It is explanatory drawing of the screen after confidential information file transmission in the confidential information transfer system which concerns on embodiment of this invention. It is a block diagram of the configuration of a confidential information transfer system (another system) according to another embodiment of the present invention. It is operation | movement explanatory drawing which shows the operation | movement at the time of transmission of the confidential information file in another system. It is operation | movement explanatory drawing of the registration process to the recipient list DB2 in another system.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1, 1 '... Confidential information transfer server, 2 ... Recipient list database, 3 ... Confidential information file storage part, 4 ... Sender list database, 5 ... User information database, 6 ... History information database, 7 ... Sender PC, 8 ... Internet, 9 ... Recipient PC, 11 ... Receiving unit, 12, 12 '... Control unit, 13 Transmitting unit

Claims (7)

In the confidential information transfer system including the confidential information transfer server that transfers the confidential information file transmitted from the sender device to the receiver device,
A receiver list storage unit that registers a sender of the confidential information file and a receiver capable of receiving the confidential information file in association with each other;
A confidential information file storage unit for storing confidential information files is provided.
When the confidential information transfer server permits login by user authentication from the sender device, the sender information storage server sends the confidential information file to the sender in response to a request for transmission of the confidential information file from the sender device. Are read out and displayed in a list, and when a specific recipient is selected from the list of recipients, the confidential information file encrypted and transmitted from the sender side device is received and decrypted. And checking whether the confidential information file is infected with a computer virus. If the confidential information file is not infected with a computer virus, the confidential information file is stored in the confidential information file storage unit and the specified To the recipient side device by e-mail and permitting login by user authentication from the specific recipient side device, Serial in response to receiving the request of the confidential files from specific receiver side apparatus, and transmits read the confidential information file from said secret information file storage unit to the specific receiver side apparatus,
If the confidential information file is infected with a computer virus, the confidential information file is deleted and a message notifying that the confidential information file has been deleted due to a computer virus infection is displayed on the sender side device. A confidential information transfer system characterized by being a confidential information transfer server.   2. The confidential information transfer server, when receiving a comment in response to a transmission request for a confidential information file from a sender-side apparatus, notifies the comment by including the comment in an e-mail to the receiver-side apparatus. The confidential information transfer system described.   The confidential information transfer server determines a storage address of the confidential information file in the confidential information file storage unit, stores the confidential information file in the storage address, and notifies the storage address in an e-mail to the recipient apparatus. 3. The confidential information transfer system according to claim 1, wherein when the recipient device accesses the storage address, a login by user authentication is accepted. A user storage unit that stores information on users who can log in to the confidential information transfer server;
When the confidential information transfer server permits login by user authentication from the sender device, the user storage unit responds to a registration request of the receiver including information on the recipient to be registered from the sender device. Whether or not the recipient to be registered exists in the user information, and if the recipient exists, temporarily registers the sender and the recipient in association with each other in the recipient list storage unit. , Notify the recipient device of the recipient to be registered by e-mail,
When login by user authentication from the receiver side device responding to the e-mail is permitted, the sender and the sender are stored in the receiver list storage unit in response to the registration request of the sender from the receiver side device. 4. The confidential information transfer system according to any one of claims 1 to 3, wherein the correspondence with the recipient is registered correctly and notified to the sender apparatus by e-mail.   The confidential information transfer server requests a registration password from the sender or the receiver when registering the receiver and the sender, and performs the registration process when the password is input. The confidential information transfer system according to claim 4, wherein: A history information storage unit that stores the transmission and reception records of the confidential information file as history information together with the sender and the receiver,
The confidential information transfer server reads history information from the history information storage unit, identifies a pair of a sender and a receiver that does not transmit or receive a confidential information file for a predetermined time or more based on the history information, and receives a list of recipients 6. The confidential information transfer system according to any one of claims 1 to 5, wherein a use suspension process for deleting the set of the sender and the receiver from the storage unit is periodically performed. A history information storage unit that stores the transmission and reception records of the confidential information file as history information together with the sender and the receiver,
The confidential information transfer server reads the user information from the user storage unit and reads the history information from the history information storage unit, and the user who does not transmit / receive the confidential information file based on the user information and the history information for a predetermined time or more The confidential information transfer system according to any one of claims 4 to 6, wherein a use suspension process is performed periodically for identifying the user and deleting information related to the user from the recipient list storage unit.