JP2005303389A - System, method and program for delivering message - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To obtain sufficient security in determination of transfer permission for an originator by preventing the forgery action of the originator. <P>SOLUTION: A service center has an authentication information storage storing authentication information of each originator so that it is correlated with the originator ID, and a transmission permission information storage storing an originator permission list in which originator IDs concerning transmission permission are listed correspondingly to predetermined designated information. The service center accepts a message containing "originator recognizing information and designated information" from an originator B, and acquires the "originator ID" corresponding to the "originator authentication information" contained in the accepted message to specify the originator. Further, the service center acquires the "originator permission list" corresponding to the "designated information" contained in the accepted message from the transmission permission information storage, and permits the transfer of the message on condition that the "originator ID" specified above is contained in the "originator permission list". <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a message delivery system, a message delivery method, and a message delivery program that specify a sender of a message, determine whether the sender is permitted to send a message, and deliver the message to a recipient.

  2. Description of the Related Art Conventionally, for the purpose of eliminating junk mail, there is known a message delivery service for determining whether a message sender is permitted to send a message and delivering the message to a recipient. Techniques applied to such a message delivery service include closed user group communication (CUG communication) and mail communication using conditional addresses.

  Among these, CUG communication is intended to limit combinations of communication terminals that can communicate with each other on a network. Specifically, communication terminals and communication lines are grouped in advance, and a list of addresses and line numbers of communication terminals belonging to the group is stored and managed on the network. Communication between the communication terminals and communication lines in the group. For example, Patent Document 1 (Japanese Patent Laid-Open No. 5-14526) discloses a technique for applying group communication to a pager as a message delivery service.

  In addition, the mail communication using the conditional address is to provide the user with an alias address (conditional address) associated with the valid condition and deliver only the mail satisfying the valid condition. For example, in Patent Document 2 (Japanese Patent Application Laid-Open No. 2003-273934), after determining conditions for a mail addressed to a certain conditional address, a technique for transferring the mail to the real address of the owner of the conditional address, A technique is disclosed in which a source address of a mail sent by a certain user is converted into a conditional address provided to the user and transferred.

Japanese Patent Laid-Open No. 5-14526 JP 2003-273934 A

  By the way, as described below, the conventional technique described above has a problem that it is difficult to prevent so-called address spoofing.

  That is, in the message exchange protocol on the Internet used for e-mail, instant message, etc., the user can arbitrarily set the source address of the message sent by the communication terminal. However, address spoofing such as setting the address of another person as the sender address on its own communication terminal can be easily performed.

  In the above-described conventional CUG communication, even if the addresses of users belonging to the group are specified in the list, it is difficult to prevent this if the address spoofing action described above is performed. There is a problem that sufficient security cannot be obtained, for example, transfer of a message from a sender outside the group is permitted.

  Similarly, in the above-described conventional mail communication using conditional addresses, even if the real address of the sender who is permitted to send is defined as a valid condition, if the address spoofing action described above is performed, this cannot be prevented. It is difficult, and there is a problem that sufficient security cannot be obtained, for example, transfer of a message from a caller who spoofs the caller and satisfies the validity condition.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and is a message that can prevent a spoofing act of a caller and can obtain sufficient security in a transfer permission determination related to the caller. It is an object to provide a delivery system, a message delivery method, and a message delivery program.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 specifies the sender of the message, determines whether the sender is permitted to send the message, and delivers the message to the receiver. An authentication information storage means for storing authentication information for authenticating the caller in association with caller identification information for uniquely identifying the caller, the message delivery system; and the authentication information of the caller A message accepting unit that accepts a message including a message, and a sender identification information corresponding to the authentication information included in the message is acquired from the sender identification information stored in the authentication information storage unit to identify the sender A caller identification unit for performing transmission, a transfer determination unit for determining whether or not transmission is permitted for the caller specified by the caller identification unit, and the transfer determination A transferring unit for transferring the message is permitted transferred by stages to the recipient, and further comprising a.

  Further, in the invention according to claim 2, in the above invention, when the transfer processing unit transfers a message whose transfer is permitted by the transfer determination unit, the authentication information of the caller included in the message is deleted. It is characterized by doing.

  Further, the invention according to claim 3 is the above invention, further comprising a transmission permission information storage means for storing, in association with each predetermined designation information, caller identification information of a caller permitted to transmit the message. The message accepting means accepts a message further including the designation information, and the transfer determination means is designated information included in the message from the sender identification information stored in the call permission information storage means. The message is obtained on the condition that the caller identification information of the caller specified by the caller specifying means is included in the caller identification information acquired from the call permission information storage means. It is characterized by permitting the transfer of.

  The invention according to claim 4 is the above invention, wherein the authentication information storage means stores the real address of each caller as the authentication information in association with the caller identification information. The caller identification means extracts a caller address included in the message as the authentication information, acquires caller identification information associated with the caller address from the caller information storage means, and selects a caller. It is characterized by specifying.

  Further, in the invention according to claim 5, in the above invention, the transfer processing means transfers the source address included in the message by replacing the sender's real address with a public address by a predetermined process. It is characterized by doing.

  According to a sixth aspect of the present invention, in the above invention, the transmission permission information storage unit stores group identification information for uniquely identifying a predetermined group as the specified information, and includes the group identification information in the group identification information. Correspondingly, caller identification information of a caller belonging to the group is stored, and the message accepting unit accepts a message including the group identification information as the designation information.

  The invention according to claim 7 is the above invention, further comprising member information storage means for storing valid member identification information in the group in association with the callee identification information for uniquely identifying the callee. The message accepting means accepts a message including the member identification information instead of the recipient identification information as information for identifying the recipient of the message.

  Further, in the invention according to claim 8, in the above invention, the transmission permission information storage means stores the recipient identification information for uniquely identifying the recipient as the designation information, and the recipient identification information The caller identification information of a caller who is permitted to send a message to the callee is stored, and the message receiving means includes a message including the caller identification information as the designation information. It is characterized by accepting.

  The invention according to claim 9 is the above invention, wherein the call permission information storage means stores the address of the callee's public as the designation information, and associates the callee with the address for public disclosure. The caller identification information of the caller who is permitted to send the message is stored, and the message receiving unit receives a message having the public address as the destination address.

  The invention according to claim 10 is a message delivery method for specifying a sender of a message, determining whether or not outgoing call is permitted for the sender, and delivering the message to the recipient. An authentication information storing step of storing authentication information for authenticating the caller in authentication information storage means in association with caller identification information for identifying the caller, and receiving a message including the caller authentication information A message accepting step, and a caller specifying step of acquiring caller identification information corresponding to the authentication information included in the message from the caller identification information stored in the authentication information storage means and specifying the caller A transfer determination step for determining whether or not transmission is permitted for the caller identified by the caller identification step, and transfer is permitted by the transfer determination step. A transfer processing step of forwarded messages to the recipient, characterized in that it contains.

  In the invention according to claim 11, in the above invention, when the transfer processing step transfers a message whose transfer is permitted by the transfer determination step, the authentication information of the caller included in the message is deleted. It is characterized by doing.

  According to a twelfth aspect of the present invention, in the above-mentioned invention, for each predetermined designation information, the caller identification information of the caller permitted to send the message is associated and stored in the call permission information storage means. A permission information storage step, wherein the message reception step accepts a message further including the designation information, and the transfer determination step includes the sender identification information stored in the transmission permission information storage means, The caller identification information corresponding to the specified information included in the message is acquired, and the caller identification information of the caller specified by the caller specifying step is included in the caller identification information acquired from the call permission information storage unit The transfer of the message is permitted on the condition.

  The invention according to claim 13 is a message delivery program for causing a computer to execute a method for identifying a sender of a message, determining whether the sender is permitted to send a message, and delivering the message to the recipient. An authentication information storing procedure for storing authentication information for authenticating the caller in authentication information storage means in association with caller identification information for uniquely identifying the caller, and the authentication information of the caller From the message reception procedure for receiving a message including message and the sender identification information stored in the authentication information storage means, the sender identification information corresponding to the authentication information included in the message is acquired to identify the sender Caller identification procedure to be performed, and a transfer determination procedure to determine whether or not transmission is permitted for the caller identified by the caller identification procedure , Characterized in that to execute a transfer processing procedure for transferring messages that are permitted transferred by the transfer determination procedure to the recipient, to the computer.

  The invention according to claim 14 is the above invention, wherein the transfer processing procedure deletes the authentication information of the caller included in the message when the message whose transfer is permitted by the transfer determination procedure is transferred. It is characterized by doing.

  Further, in the invention according to claim 15, in the above-mentioned invention, for each predetermined designation information, the outgoing call permission information storing means associates the outgoing caller identification information of the caller permitted to send the message and stores it in the outgoing call permission information storage means. The computer further executes a permission information storage procedure, the message reception procedure receives a message further including the designation information, and the forwarding determination procedure includes a caller identification information stored in the transmission permission information storage means. The caller identification information corresponding to the designation information included in the message is acquired, and the caller identification information of the caller specified by the caller specifying procedure is acquired from the call permission information storage means. The transfer of the message is permitted on condition that it is included in the information.

  According to the invention of claim 1, 10 or 13, since the sender is accurately specified by the authentication information included in the message, it is determined whether or not the sender is permitted to make a call. It is possible to prevent the act and obtain sufficient security in the transfer permission determination relating to the caller.

  According to the invention of claim 2, 11 or 14, the authentication information of the caller is deleted and the message is transferred to the callee, so that leakage of the authentication information of the caller is prevented and the call is sent after the message is transferred. It is possible to ensure the security of the person.

  According to the invention of claim 3, 12 or 15, the caller permission list (list of callers permitted to be transmitted in association with the specified information) is specified by the designation information included in the message, and the message Since it is determined whether or not the caller specified by the authentication information included in the caller is on the caller permission list, it is possible to prevent the spoofing of the caller in the forwarding determination that prepares the caller permission list for each specified information. It will be possible to get enough security.

  According to the invention of claim 4, since the sender's real address (source address) is used as authentication information, the sender does not need to be particularly aware of the operation of including the authentication information in the message. Authentication information can be easily included in a message simply by executing an operation.

  According to the invention of claim 5, even when the sender's real address (source address) is used as authentication information, the message is transferred by replacing the sender's real address with a public address by a predetermined process. Therefore, it is possible to prevent leakage of the real address, which is the authentication information of the called party, and to ensure the security of the calling party after the message is transferred.

  Further, according to the invention of claim 6, since a sender permission list for each group is prepared, even in so-called closed user group communication (CUG communication), a spoofing action of a sender by a sender outside the group is prevented, Sufficient security can be obtained.

  According to the invention of claim 7, since member identification information effective in the group is included in the message as information for specifying the recipient instead of the recipient identification information, the member identification information can be freely used in the group. It is also possible to prevent leakage of the called party identification information.

  Further, according to the invention of claim 8, since the caller permission list associated with the callee identification information is prepared, the caller needs to separately include information for specifying the callee and the designation information in the message. Rather, it is possible to easily include information for specifying the called party and designated information in the message only by performing an operation of including only the called party identification information in the message.

  According to the invention of claim 9, since the caller permission list associated with the callee's public address is prepared, the caller performs an operation of including information for specifying the callee and designation information in the message. There is no need to be particularly conscious, and it is possible to easily include information for specifying the recipient or specified information in the message by simply performing an operation for setting the destination of the message as a public address. In addition, since a caller permission list associated with the callee's public address is prepared instead of the callee identification information, the caller can prepare a caller permission list for each of the public addresses. Various transfer determinations can be made for each address.

  Exemplary embodiments of a message delivery system, a message delivery method, and a message delivery program according to the present invention will be explained below in detail with reference to the accompanying drawings. In the following, after explaining the main terms used in the present embodiment, the concept of message delivery according to the present embodiment will be described, and various embodiments (first to fifth embodiments) will be described in order.

[Explanation of terms]
First, main terms used in this embodiment will be described. The “message” used in the present embodiment is a message transmitted from a user terminal by SMTP (Simple Mail Transfer Protocol), SIP (Session Initiation Protocol), etc., for example, electronic mail such as Internet mail and mobile mail. This includes SIP messages such as mail messages, IP (Internet Protocol) telephone control messages, instant messages, and presence exchange messages.

  In addition, “User B (Caller B)” used in the present embodiment is a user on the side of sending the above message, while “User A (Caller A)” The user who receives the above message. In this embodiment, if the caller B or the callee A is not particularly limited, “user” is used as a concept that can include both.

  Further, the “sender ID (corresponding to“ sender identification information ”described in the claims)” used in the present embodiment is identification information for uniquely identifying the sender. On the other hand, “recipient ID (corresponding to“ recipient identification information ”described in claims)” is identification information for uniquely identifying a recipient. In this embodiment, when the caller ID or the callee ID is not particularly limited, “user ID (user identification information)” is used as a concept that can include both.

  In addition, in the present embodiment, a case where a user name is used as the above-described “user ID (caller ID, callee ID)” will be described, but if each user can be uniquely identified, User numbers and addresses (email addresses and telephone numbers) that correspond one-to-one with users, user identifiers generated using these user names, user numbers, and addresses (for example, encrypted data obtained by encrypting them) ) Can also be used.

  The “recipient identification information” used in the present embodiment is information for uniquely identifying the recipient. For example, the recipient ID itself and the address of the recipient associated with the recipient ID. The group ID (group identification information for uniquely identifying the group) and the member ID (member identification information valid in the group) associated with the callee ID correspond to this.

  Further, “sender authentication information (corresponding to“ authentication information ”described in claims)” used in the present embodiment authenticates that the sender is a legitimate sender who can send the above message. Therefore, it is information known only to each sender and authenticator, for example, the real address or password of the sender that is kept secret.

  In addition, the “real address” used in the present embodiment is for communication originally possessed by the above-mentioned user (sender B or receiver A) regardless of the message delivery service according to the present embodiment. For example, an e-mail address or an IP phone number corresponds to this contact address. However, in this embodiment, it is assumed that these real addresses are kept secret from users other than the address owner.

  In addition, the “public address” used in this embodiment is a separate address used in the message delivery service of this embodiment, in addition to the above real address, and is a user other than the address owner. This is the address published for. For example, the destination address illustrated in FIG. 6 is such a public address, and mail having this destination is directly delivered from the mail server contracted by the caller B to the mail server contracted by the caller A. Instead, it is delivered via a service center (mail transfer server) according to the present embodiment.

  Such public addresses are not limited to those issued in advance to the user as illustrated in FIG. 6 (which can be associated with the user ID in advance), but also by predetermined processing upon message delivery. This includes what is generated. For example, the source address illustrated in FIG. 7 is such a public address, and is generated by a predetermined process at the time of message delivery. Each user can have a plurality of public addresses.

  Further, the “sender permission list” used in the present embodiment is a list in which sender IDs of senders who are permitted to send a message are listed. For example, group ID, receiver ID, incoming call Prepared for each public address. Note that the information that uniquely specifies the predetermined caller permission list in association with the predetermined caller permission list, such as “group ID, callee ID, and recipient's public address”. In the example, it is called “designated information”.

[Concept of message transfer]
Next, the concept of message delivery according to the present embodiment will be described with reference to FIG. FIG. 1 is a diagram for explaining the concept of message delivery according to the present embodiment.

  In the message delivery according to the present embodiment, as shown in the figure, the service center stores the authentication information of each caller (for example, the real address of the caller that is kept secret) in association with the caller ID. An authentication information storage unit is included. In addition, the service center includes a call permission information storage unit that stores a caller permission list in which caller IDs related to call permission are listed in association with predetermined designation information (for example, group ID).

  Then, the service center accepts a message including “recipient identification information, caller authentication information and designation information” from the caller B. As described above, “recipient identification information” is information for uniquely identifying a recipient (for example, recipient ID), and “caller authentication information” is a legitimate caller. Information (for example, the real address of the sender that is kept secret), and “designated information” is information (for example, a group ID) that uniquely specifies a predetermined caller permission list. .

  Then, as shown in FIG. 1, the service center refers to the authentication information storage unit, acquires the “sender ID” corresponding to the “sender authentication information” included in the received message, and identifies the sender of the message. To do. If the corresponding caller ID does not exist in the authentication information storage unit, the message transfer is rejected.

  Furthermore, as shown in FIG. 1, the service center refers to the transmission permission information storage unit, acquires a “sender permission list” corresponding to “designated information” included in the received message, and specifies the above-described transmission Message transfer is permitted on the condition that the sender's “sender ID” is included in the “sender permission list”. If the “caller ID” of the identified caller is not included in the “caller permission list”, the message transfer is rejected.

  In this way, when the transfer of the message is permitted, the service center deletes the “sender authentication information” included in the reception message permitted to transfer, as shown in FIG. Based on the “recipient identification information” included in the received message, the message recipient A is identified, and the message is transferred to the recipient A.

  Thus, according to the message delivery described above, since the sender is accurately specified by the authentication information included in the message and it is determined whether or not the sender is permitted to send, the spoofing action of the sender Can be prevented, and sufficient security can be obtained in the transfer permission determination for the caller.

  Also, according to the above message delivery, the sender's authentication information is deleted and the message is transferred to the called party, so that the sender's authentication information is prevented from leaking and the sender's security is secured after the message is transferred. It becomes possible to do.

  Further, according to the message delivery described above, the caller permission list is specified by the designation information included in the message, and whether or not the caller specified by the authentication information included in the message is on the caller permission list. Since the determination is made, it is possible to prevent the sender from being misrepresented and obtain sufficient security in the transfer determination in which the sender permission list is prepared for each designated information.

  Next, as a specific example of the message delivery described above, a message delivery system that delivers mail including the real address of the caller B as authentication information and the group ID to which the caller B belongs as designation information (Example 1) ). In the following, the configuration of the message delivery system according to the first embodiment, details of each device in the system, processing procedures from mail transmission to mail arrival, details of various processes will be described in order, and finally the effects of the first embodiment, etc. Will be explained.

[System Configuration (Example 1)]
The configuration of the message delivery system according to the first embodiment will be described with reference to FIG. FIG. 1 is a block diagram illustrating the configuration of the message delivery system according to the first embodiment.

  As shown in the figure, this message delivery system includes a user A terminal 1, a user B terminal 2, a user A mail server 5, a user B mail server 6, a data management server 10, and a mail. The transfer server 20 is configured to be communicably connected via a network (a communication network formed by a user AIP network 3, a user BIP network 4, the Internet 7, a LAN 8, a router R, a firewall FW, etc.). .

  Among these, the user A terminal 1 and the user B terminal 2 (hereinafter referred to as “user terminal” as appropriate) are known personal computers or workstations installed with at least message software such as e-mail software. , A home game machine, Internet TV, PDA, or mobile communication terminal such as a mobile phone or PHS.

  More specifically, the user A terminal 1 is a terminal used by the user A (receiver A) who receives mail sent from the user B (sender B), and is mainly a user A mail server. 5 to receive mail (see FIG. 7) having the real address of the callee A as the call destination from the mail transfer server 20.

  The user B terminal 2 is a terminal used by a user B (sender B) that sends a mail to the user A (recipient A). The user B terminal 2 mainly sends a mail via the user B mail server 6. It has a role of sending mail addressed to the user A (see FIG. 6) to the transfer server 20.

  The user A mail server 5 and the user B mail server 6 are so-called known mail servers. More specifically, the user B mail server 6 mainly has a role of receiving mail (see FIG. 6) from the user B terminal 2 and transferring it to the mail transfer server 20, and the user A mail server 5 is Primarily, it has a role of receiving mail (see FIG. 7) from the mail transfer server 20 and transferring it to the user A terminal 1.

  The data management server 10 is a database device that stores data and programs necessary for various processes performed by the message delivery system according to the first embodiment, and mainly has a role of managing caller authentication information and a caller permission list. Details of the data management server 10 will be described later.

  The mail transfer server 20 is a device such as a message relay company that provides the message delivery service of the first embodiment, as with the data management server 10 described above, and mainly plays a role of receiving mail (see FIG. 6) from the caller B. It has a role of specifying the sender of the received mail, a role of determining whether or not the received mail can be transferred, and a role of transferring the mail permitted to be transferred to the called party A. Details of the mail transfer server 20 will be described later.

[Data Management Server (Example 1)]
As illustrated in FIG. 2, the data management server 10 includes an authentication information storage unit 11 and a transmission permission information storage unit 12 that are closely related to the present invention. The authentication information storage unit 11 corresponds to “authentication information storage unit” recited in the claims, and the transmission permission information storage unit 12 also corresponds to “transmission permission information storage unit”.

  Among these, the authentication information storage unit 11 is a storage unit (database or the like) for storing the sender's authentication information. Specifically, as shown in FIG. The real address is stored as the authentication information of the person. However, in the first embodiment, in order for any user to become the caller B, the real address of each user is stored in association with the user ID.

  In the mail transfer server 20 according to the first embodiment, the real address of the callee A is specified from the callee ID and the mail is transferred. Therefore, the real address stored in the authentication information storage unit 11 is: Naturally, it is also used as a replacement address (replacement destination address) in mail transfer. That is, the authentication information storage unit 11 illustrated in FIG. 3 is used not only as caller authentication information for specifying a caller but also as a replacement address in mail transfer.

  The caller permission information storage unit 12 is a storage unit (such as a database) that stores a caller permission list. Specifically, as illustrated in FIG. 4, each caller permission information storage unit 12 is associated with a group ID as designation information. User IDs (called party IDs) of group members belonging to the group are stored. Here, the significance of enumerating the user IDs of group members belonging to each group is to limit transmission / reception of mail within the group.

[Mail Transfer Server (Example 1)]
As illustrated in FIG. 2, the mail transfer server 20 is closely related to the present invention, and includes a mail transmission / reception unit 21, a caller identification unit 22, a transfer determination unit 23, a transfer processing unit 24 (source) A replacement unit 25 and a destination replacement unit 26). The mail transmitting / receiving unit 21 corresponds to the “mail accepting unit” recited in the claims, the sender specifying unit 22 corresponds to the “sender specifying unit”, and the transfer determining unit 23 is also referred to as the “transfer determining unit”. The transfer processing unit 24 also corresponds to “transfer processing means”.

  Among these, the mail transmitting / receiving unit 21 is a processing unit that receives a mail from the user B terminal 2 and transmits a mail to the user A terminal 1. Specifically, as illustrated in FIG. 6, the real address of the caller B is set as the caller address (FROM), and the public address of the callee A including the callee ID and the group ID is set as the callee address ( (TO) is received from the user B terminal 2.

  Here, the sender address of the received mail, that is, the real address of the sender B is used as “authentication information”. The user name portion in the destination address is a recipient ID, and is used as “recipient identification information”. Further, the first character string of the domain part in the destination address is a group ID and is used as “designated information”.

  The public address of the receiver A includes the above-mentioned “receiver identification information (receiver ID)” and “designated information (group ID)”, and is given a domain name that reaches the mail transfer server 20. Is sufficient, created by caller B on user B terminal 2, or received by caller B after being created by caller A on user A terminal 1, or It may be created in any way, such as the one received by the caller B after being created by a third party (such as an issuance server for public addresses).

  Further, as illustrated in FIG. 6, the mail transmitting / receiving unit 21 sets the real address of the receiver A as the destination address (TO) and transmits the public address of the sender B including the sender ID and the group ID. The mail (transfer mail) to be the original address (FROM) is transferred to the user A terminal 1. The destination address (TO) is an address replaced by a destination replacement unit 26 of the transfer processing unit 24 described later, and the source address (FROM) is replaced by the source replacement unit 25 of the transfer processing unit 24. Address.

  The sender identifying unit 22 is a processing unit that identifies the sender of the received mail. Specifically, the authentication information (that is, the sender address that is the sender's real address) included in the received mail and the authentication described above. A caller is specified using information stored in the information storage unit 11. The sender identification process will be described in detail later with reference to FIG.

  The transfer determination unit 23 is a processing unit that determines whether or not to transfer the received mail. Specifically, whether or not transmission is permitted for the caller specified by the caller specifying unit 22 is determined as described above. The determination is made using the information stored in the transmission permission information storage unit 12. The transfer determination process will be described in detail later with reference to FIG.

  The forwarding processing unit 24 is a processing unit that forwards a mail that is permitted to be forwarded. Specifically, the sender replacing unit 25 replaces the sender address of the received mail with a public address by a predetermined process. Then, the destination replacement unit 26 replaces the destination address of the received mail with the real address of the recipient, and transmits the replaced mail from the mail transmission / reception unit 21. The transfer processing (source address replacement processing and destination address replacement processing) will be described in detail later using FIG. 10 and FIG.

  By the way, the transmission source replacement unit 25 replaces the transmission source address with a public address, but since the transmission source address before replacement is the authentication information of the caller as described above, This corresponds to the process of deleting the authentication information of the sender included in the received mail when transferring the mail. That is, the source address replacement process is also an authentication information deletion process.

  The significance of making the replaced address the same public address as the destination address in the reception mail is that when the user A replies to the forwarded mail, the destination address of the reply mail is This is for the same public address as the above reception mail (see FIG. 12), and for this reply mail, the same processing as the above reception mail (sender identification process, forwarding determination process) , Transfer processing) can be performed.

[Processing procedure from mail sending to mail receiving (Example 1)]
Next, a processing procedure from mail transmission by the caller B to mail reception by the callee A will be described with reference to FIG. FIG. 5 is a sequence diagram showing a processing procedure from mail transmission to mail reception.

  As shown in the figure, from the user B terminal 2, the real address of the caller B is set as the caller address (FROM), and the public address of the callee A including the caller ID and the group ID is set as the callee address. When a mail (TO) is transmitted (step S501), the mail is transferred to the mail transfer server 20 via the user B mail server 6 (step S502).

  In the mail transfer server 20 that has received the mail in this way, the authentication information (that is, the sender address that is the sender's real address) included in the received mail (see FIG. 6) and the authentication information storage unit of the data management server 10 The caller is specified using the information stored in 11 (step S503). The sender identification process will be described in detail later with reference to FIG.

  Then, the mail transfer server 20 determines whether or not transmission is permitted for the caller specified above using the information stored in the transmission permission information storage unit 12 of the data management server 10 (step S504). ). The transfer determination process will be described in detail later with reference to FIG.

  Further, the mail transfer server 20 replaces the sender address of the received mail with a public address by a predetermined process (step S505), and replaces the destination address of the received mail with the actual address of the recipient (step S506). The replaced mail is transferred to the user A mail server 5 (step S507). The transfer processing (source address replacement processing and destination address replacement processing) will be described in detail later using FIG. 10 and FIG.

  The mail transferred in this way (see FIG. 7) is transferred from the user A mail server 5 to the user A terminal 1 by the mail receiving operation by the user A terminal 1 (step S508). Person A terminal 1 receives a mail sent from caller B to callee A (step S509).

[Sender identification processing (Example 1)]
Subsequently, a caller identification process according to the first embodiment will be described. FIG. 8 is a flowchart showing details of the caller identification process.

  As shown in the figure, in the mail transfer server 20, when the mail transmitting / receiving unit 21 receives the mail illustrated in FIG. 6, the caller specifying unit 22 sets the sender address of the received mail (that is, the caller B's address). (Real address) is acquired as sender authentication information (step S801).

  Then, the caller identification unit 22 acquires the user ID (that is, the callee ID) corresponding to the caller authentication information acquired above from the authentication information storage unit 11 of the data management server 10 (step S802). The sender is specified by this sender ID. If the corresponding caller ID does not exist in the authentication information storage unit 11, the mail transfer is rejected.

[Transfer determination process (first embodiment)]
Next, transfer determination processing in the first embodiment will be described. FIG. 9 is a flowchart showing details of the transfer determination process.

  As shown in the figure, in the mail transfer server 20, when the caller identification unit 22 identifies the caller (when the caller ID is acquired), the transfer determination unit 23 starts with the first domain name in the destination address of the received mail. Is acquired as a group ID (designated information) (step S901).

  Further, the transfer determination unit 23 acquires a member list (sender permission list) corresponding to the group ID acquired above from the transmission permission information storage unit 12 of the data management server 10 (step S902). Then, the transfer determination unit 23 determines whether the caller ID acquired in the caller identification process is included in the caller permission list acquired above (step S903).

  In this determination, when the caller ID is included in the caller permission list (Yes at Step S903), the transfer determination unit 23 determines that transfer is possible (Step S904). On the other hand, when the caller ID is not included in the caller permission list (No at Step S903), the transfer determination unit 23 determines that transfer is not possible (Step S905). In this way, the transfer permission determination is performed for the caller accurately identified by the authentication information (the caller's real address) included in the received mail.

[Source Address Replacement Processing (Example 1)]
Next, a source address replacement process (authentication information deletion process) in the first embodiment will be described. FIG. 10 is a flowchart showing details of the transfer process (source address replacement).

  As shown in the figure, in the mail transfer server 20, when the transfer determination unit 23 determines that the received mail can be transferred, the caller replacement unit 25 of the transfer processing unit 24 uses the caller ID acquired in the caller specifying process. An address having “user name” and the same domain name as the destination address of the received mail is generated as the sender's public address (step S1001).

  Then, the transmission source replacement unit 25 replaces the transmission source address of the forwarded mail to be transferred to the callee A with the public address (see FIG. 7) generated above (step S1002). In this way, the sender's authentication information (sender's real address) is deleted and replaced with a public address similar to the destination address in the received mail.

[Destination Address Replacement Processing (Example 1)]
Next, the destination address replacement process in the first embodiment will be described. FIG. 11 is a flowchart showing details of the forwarding process (recipient address replacement).

  As shown in the figure, in the mail transfer server 20, when the transfer determination unit 23 determines that the received mail can be transferred, the incoming call destination replacement unit 26 of the transfer processing unit 24 displays the user name part in the incoming address of the received mail. Obtained as the user ID (receiver ID) of the recipient (step S1101).

  Furthermore, the called party replacing unit 26 acquires the real address of the called party corresponding to the user ID (called party ID) acquired from the authentication information storage unit 11 of the data management server 10 (step S1102).

  Then, the called party replacing unit 26 replaces the called party address of the forwarded mail to be transferred to the called party A with the real address (see FIG. 7) of the called party acquired above (step S1103). In this way, the destination address of the mail is replaced from the public address of the recipient A with the real address, and the mail can be transferred to the recipient A.

[Effects of Example 1]
As described above, according to the first embodiment, it is determined whether or not transmission is permitted for the caller after the caller is accurately specified by the authentication information (actor's real address) included in the mail. Therefore, it is possible to prevent the spoofing act of the sender and to obtain sufficient security in the transfer permission determination relating to the sender.

  Further, according to the first embodiment described above, since the sender's real address (source address) is used as authentication information, the sender does not need to be particularly aware of the operation of including the authentication information in the mail. Authentication information can be easily included in an email simply by performing an operation.

  Further, according to the first embodiment described above, even when the sender's real address (source address) is used as authentication information, the sender's real address is replaced with a public address by a predetermined process, and mail is transferred. Therefore, it is possible to prevent leakage of the real address that is the authentication information of the called party, and to ensure the security of the calling party after the mail is transferred.

  In addition, according to the first embodiment described above, since a caller permission list for each group is prepared, even in so-called closed user group communication (CUG communication), a spoofing action by a caller outside the group is prevented, Sufficient security can be obtained.

  Each user (recipient) can also own a plurality of public addresses as illustrated in FIG. That is, when a certain user belongs to a plurality of groups, the user owns a plurality of public addresses for each group to which the user belongs.

  Next, as another version of the first embodiment described above, a message delivery system (second embodiment) in the case where a member ID is used instead of a callee ID (user ID) in a public address will be described.

  FIG. 13 is a block diagram illustrating the configuration of the message delivery system according to the second embodiment. As shown in the figure, this message delivery system is characterized in that the data management server 10 is newly provided with a member ID storage unit 13 as compared with the message delivery system according to the first embodiment. The member ID storage unit 13 corresponds to “member information storage unit” recited in the claims.

  Here, the member ID storage unit 13 is a storage unit (database or the like) that stores information on group members (group members). Specifically, as illustrated in FIG. The ID and the user ID (sender ID, callee ID) are stored in association with each other. Note that this member ID is identification information that can uniquely identify each member in the group, so there is no problem even if it is common to the member IDs of members in other groups.

  Then, the mail transfer server 20 according to the second embodiment accepts a mail having a public address in which the member ID is used instead of the callee ID (user ID) as shown in FIG. Process. Here, the group ID included in the destination address is used as “designated information”, and the combination of the member ID and the group ID included in the destination address is used as “recipient identification information”.

  Incidentally, in the second embodiment, the flow of the processing procedure from mail transmission to mail arrival, the details of the caller identification process, and the details of the transfer determination process are the same as in the first embodiment. Only the mail transfer process (source address replacement, destination address replacement), which is different in detail from 1, will be described.

[Source Address Replacement Processing (Example 2)]
Subsequently, a source address replacement process (authentication information deletion process) in the second embodiment will be described. FIG. 17 is a flowchart showing details of the transfer process (source address replacement).

  As shown in the figure, in the mail transfer server 20, when the transfer determination unit 23 determines that the received mail can be transferred, the caller replacement unit 25 of the transfer processing unit 24 sets the caller ID and the caller ID acquired in the caller specifying process. The member ID corresponding to the group ID acquired in the transfer determination process is acquired from the member ID storage unit 13 of the data management server 10 (step S1701).

  Thereafter, the sender replacement unit 25 generates an address having the member ID acquired above as “user name” and the domain name of the destination address of the received mail as “domain name” as the sender's public address. (Step S1702).

  Then, the transmission source replacement unit 25 replaces the transmission source address of the forwarded mail to be transferred to the callee A with the public address (see FIG. 16) generated above (step S1703). In this way, the sender's authentication information (sender's real address) is deleted, and the public address similar to the destination address in the received mail, that is, the member ID is replaced with the receiver ID (user ID). Replaced with the public address used.

[Destination Address Replacement Processing (Example 2)]
Next, destination address replacement processing in the second embodiment will be described. FIG. 18 is a flowchart showing details of the transfer process (recipient address replacement).

  As shown in the figure, in the mail transfer server 20, when the transfer determination unit 23 determines that the received mail can be transferred, the incoming call destination replacement unit 26 of the transfer processing unit 24 displays the user name part in the incoming address of the received mail. Obtained as the member ID of the called party (step S1801).

  Subsequently, the destination replacement unit 26 acquires the user ID (the called party ID) corresponding to the member ID acquired above and the group ID acquired in the transfer determination process from the member ID storage unit 13 of the data management server 10. (Step S1802).

  Thereafter, the called party replacing unit 26 acquires the real address of the called party corresponding to the user ID (called party ID) acquired from the authentication information storage unit 11 of the data management server 10 (step S1803).

  Then, the called party replacing unit 26 replaces the called party address of the forwarded mail to be transferred to the called party A with the real address (see FIG. 16) of the called party acquired above (step S1804). In this way, the destination address of the mail is replaced from the public address of the recipient A with the real address, and the mail can be transferred to the recipient A.

[Effects of Example 2 and the like]
As described above, according to the second embodiment, a member ID that is valid in the group is included in the mail as information for specifying the recipient instead of the recipient ID, so that the member ID can be freely set in the group. It is also possible to prevent leakage of the callee ID while defining.

  In the second embodiment, each user (recipient) can also own a plurality of public addresses as illustrated in FIG. That is, when a certain user belongs to a plurality of groups, the user defines a member ID for each group to which the user belongs and owns a plurality of public addresses.

  In the first embodiment described above, the case where the caller permission list is prepared for each group has been described. However, the present invention is not limited to this, and the caller permission list may be prepared for each recipient. Therefore, as a third embodiment, a message delivery system in the case where a caller permission list is prepared for each recipient will be described.

  FIG. 19 is a block diagram illustrating the configuration of the message delivery system according to the third embodiment. As shown in the figure, this message delivery system is characterized in that the data management server 10 includes another transmission permission information storage unit 14 as compared with the message delivery system according to the first embodiment. The authentication information storage unit 11 is the same as that of the first embodiment as illustrated in FIG.

  Here, the call permission information storage unit 14 is a storage means (database or the like) for storing a caller permission list for each caller. Specifically, as shown in FIG. A caller permission list in which caller IDs (user IDs) of callers who are permitted to send mail to the callee are stored in association with the caller ID (user ID).

  Then, in the mail transfer server 20 according to the third embodiment, as illustrated in FIG. 22, the group ID is not used, and the mail having the public address using only the callee ID as the destination address is received and processed. Do. Here, the callee ID included in the callee address is used as “designated information” and also used as “callee identification information”.

  As shown in FIG. 23, the public address generated by the sender address replacement process is not the group ID, but only the recipient ID, as is the case with the public address of the reception mail described above. Public address.

  By the way, in the third embodiment, the flow of the processing procedure from the mail transmission to the mail reception, the details of the caller specifying process, and the details of the mail transfer process (source address replacement, destination address replacement) are described in the first embodiment. In the following, only the transfer determination process, which is different in details from the first embodiment, will be described.

[Transfer determination processing (third embodiment)]
Next, transfer determination processing according to the third embodiment will be described. FIG. 24 is a flowchart illustrating details of the transfer determination process.

  As shown in the figure, in the mail transfer server 20, when the caller identification unit 22 identifies the caller (when the caller ID is acquired), the transfer determination unit 23 determines the user name portion of the destination address of the received mail. Obtained as the callee ID (designated information) (step S2401).

  Further, the transfer determination unit 23 acquires the caller permission list corresponding to the callee ID (designated information) acquired above from the call permission information storage unit 14 of the data management server 10 (step S2402). Then, the transfer determination unit 23 determines whether the caller ID acquired in the caller identification process is included in the caller permission list acquired above (step S2403).

  In this determination, when the caller ID is included in the caller permission list (Yes at Step S2403), the transfer determination unit 23 determines that transfer is possible (Step S2404). On the other hand, when the caller ID is not included in the caller permission list (No at Step S2403), the transfer determination unit 23 determines that transfer is not possible (Step S2405). In this way, transfer permission determination based on a caller permission list prepared for each caller is performed for the caller specified accurately by the authentication information (actor's real address) included in the received mail.

[Effects of Example 3 and the like]
As described above, according to the third embodiment, since the caller permission list associated with the callee ID (user ID) is prepared, the caller has information for specifying the callee and the designation information. It is not necessary to separately include the recipient ID in the email, and it is possible to easily include the information for specifying the recipient and the designated information in the email only by performing an operation of including only the recipient ID in the email.

  In the above-described third embodiment, the case where the caller permission list is prepared for each callee has been described. However, the present invention is not limited to this, and caller permission is set for each address (public address) of the callee. A list may be prepared. That is, if the recipient has a plurality of public addresses, a caller permission list may be prepared for each public address. Therefore, as a fourth embodiment, a message delivery system in the case where a caller permission list is prepared for each address (public address) of a callee will be described.

  FIG. 25 is a block diagram illustrating the configuration of the message delivery system according to the fourth embodiment. As shown in the figure, in this message delivery system, as compared with the message delivery system according to the third embodiment described above, the data management server 10 includes another outgoing call permission information storage unit 15 and a recipient information storage unit. 16 is newly provided. The authentication information storage unit 11 is the same as that in the first embodiment.

  Here, this call permission information storage unit 15 is a storage means (database or the like) for storing a caller permission list for each public address of the callee. Specifically, as shown in FIG. The sender ID (user ID) of the sender who is permitted to send mail to the public address in association with the public address as information (more specifically, the user name portion of the public address) Is stored in the caller permission list.

  The recipient information storage unit 16 is a storage means (database or the like) for storing information of recipients having a public address. Specifically, as shown in FIG. 27, the recipient's public address More specifically, the recipient ID (user ID) of the recipient who owns the public address is stored in association with the user name portion of the public address. The call permission information storage unit 15 and the callee information storage unit 16 may be integrated and configured by associating with the callee's public address.

  In the mail transfer server 20 according to the fourth embodiment, as illustrated in FIG. 28, a group ID, a callee ID, or the like is not used, and a public address whose user name portion is an arbitrary character string is used as a callee address. Receive emails to be processed. Here, the public address (more specifically, the user name portion of the public address) is used as “designated information” and as “recipient identification information”.

  Note that the public address generated in the transmission source address replacement process is a public address in which the user ID of the sender is used, as illustrated in FIG. However, when the sender ID (user ID) of the sender who owns the public address is stored in association with the sender's public address, it is the same as the public address of the reception mail described above. A public address may be created in which the user name portion is an arbitrary character string without using the user ID.

  By the way, in the fourth embodiment, the flow of the processing procedure from mail transmission to mail arrival, the details of the sender identification process, and the details of the sender address replacement in the mail transfer process are the same as in the first embodiment. In the following, destination address replacement in transfer determination processing and mail transfer processing, which are different from those in the second embodiment, will be described.

[Transfer determination process (Example 4)]
Next, transfer determination processing according to the fourth embodiment will be described. FIG. 30 is a flowchart showing details of the transfer determination process.

  As shown in the figure, in the mail transfer server 20, when the caller identification unit 22 identifies a caller (when the caller ID is acquired), the transfer determination unit 23 receives the incoming address of the received mail (public address, A caller permission list corresponding to the designation information) is acquired from the call permission information storage unit 15 of the data management server 10 (step S3001).

  Then, the transfer determination unit 23 determines whether the caller ID acquired in the caller identification process is included in the caller permission list acquired above (step S3002). In this determination, when the caller ID is included in the caller permission list (Yes at Step S3002), the transfer determination unit 23 determines that transfer is possible (Step S3003).

  On the other hand, when the caller ID is not included in the caller permission list (No at Step S3002), the transfer determination unit 23 determines that transfer is not possible (Step S3004). In this way, transfer permission determination based on the caller permission list prepared for each caller's public address is performed for the caller specified accurately by the authentication information (caller's real address) included in the received mail. Done.

[Destination Address Replacement Processing (Example 4)]
Subsequently, a destination address replacement process in the fourth embodiment will be described. FIG. 31 is a flowchart showing details of transfer processing (destination address replacement).

  As shown in the figure, in the mail transfer server 20, when the transfer determination unit 23 determines that the received mail can be transferred, the incoming call destination replacement unit 26 of the transfer processing unit 24 receives the incoming address (public address) of the received mail. Is acquired from the callee information storage unit 16 of the data management server 10 (step S3101).

  Furthermore, the called party replacing unit 26 acquires the real address of the called party corresponding to the user ID (called party ID) acquired from the authentication information storage unit 11 of the data management server 10 (step S3102).

  Then, the called party replacing unit 26 replaces the called party address of the forwarded mail to be transferred to the called party A with the real address (see FIG. 29) of the called party acquired above (step S3103). In this way, the destination address of the mail is replaced from the public address of the recipient A with the real address, and the mail can be transferred to the recipient A.

[Effects of Example 4 and the like]
As described above, according to the fourth embodiment, the caller permission list associated with the callee's public address is prepared, so that the caller includes information for specifying the callee and designated information in the mail. There is no need to be particularly conscious of the operation, and it is possible to easily include information for specifying the recipient and designated information in the mail only by performing an operation of setting the mail destination as a public address.

  Further, according to the fourth embodiment, the caller permission list associated with the callee's public address, not the callee ID, is prepared. Can be used to make various transfer determinations for each public address.

  Although the message delivery systems according to the first to fourth embodiments have been described so far, the present invention may be implemented in various different forms other than the embodiments described above. Therefore, various different embodiments will be described below as (1) to (5) as the message delivery indication system according to the fifth embodiment.

(1) Message In the above embodiment, the case where mail as a message is delivered has been described. However, the present invention is not limited to this, and in addition to electronic mail messages such as Internet mail and mobile mail, IP The present invention can be similarly applied when delivering a message transmitted from a user terminal by SMTP, SIP, or the like, such as a SIP message such as a telephone control message, an instant message, or a presence exchange message.

(2) Authentication information In the above embodiment, the case where the sender's real address is used as the authentication information has been described. However, the present invention is not limited to this, for example, only each sender and the authenticator know. If it is information for authenticating that it is a legitimate caller, such as a secret password, it can be used as authentication information.

  That is, in this case, as illustrated in FIG. 32, the real address and password (sender authentication information) are stored in the authentication information storage unit 11 in association with each user ID for each user. Note that the real address in this case is not used as authentication information, but is used as a destination address after replacement, and thus does not necessarily have to be kept secret.

  Then, as shown in FIG. 33, the mail transfer server 20 accepts a mail in which a password as authentication information is entered in the subject (SUBJECT) and identifies the sender. Also, after deleting the password entered in the subject, the mail is forwarded to the recipient. Note that the input portion of the authentication information is not necessarily limited to the “subject”, and may be included in the message in any manner, for example, added to the head of the destination address.

(3) Transfer availability determination In the above-described embodiment, the case where the transfer permission determination is performed using the caller permission list associated with the designation information has been described. However, the present invention is not limited to this, A transfer condition (for example, transfer permission period, transfer permission time limit) may be prepared in association with the caller ID, and the transfer may be permitted when the transfer condition is also satisfied.

  On the other hand, the above-described caller permission list and transfer conditions are not necessarily essential to the present invention, and transfer may be permitted only by acquiring the caller ID in the caller identification process. That is, the transfer may be permitted only by determining whether or not the caller authentication is successful (whether or not the caller ID corresponding to the authentication information storage unit 11 exists).

(4) User ID
In the above embodiment, a case has been described in which various types of information (such as authentication information and real address) are stored in association with the user ID under the relationship of “user ID = caller ID = caller ID”. However, the present invention is not limited to this, and when the user is either the callee A or the caller B, the caller ID and the caller ID are clearly distinguished from each other. May be stored separately (authentication information, real address, etc.).

(5) Destination address of forwarded mail In the above embodiment, the case where the destination address (TO address) in the mail header of forwarded mail is replaced with the real address of the recipient A has been explained. Is not essential, for example, when the mail address is transferred to the user A mail server 5 while the destination address in the mail header of the forwarded mail remains the public address. By specifying that the mail forwarding destination is the real address of the user A in the protocol, the destination A can be sent to the recipient A without replacing the destination address in the mail header of the forwarding mail with the real address of the recipient A. You may make it transmit a forwarding mail.

(6) System configuration etc. In addition, among the processes described in the above embodiments, all or a part of the processes described as being automatically performed can be performed manually or manually. All or part of the processing described as being performed can be automatically performed by a known method. In addition, information including the processing procedure, control procedure, specific name, various data and parameters shown in the document and drawings (for example, information stored in the authentication information storage unit and the transmission permission information storage unit) About can be changed arbitrarily unless otherwise specified.

  In addition, each component of each device illustrated in the above embodiment (for example, the data management server 10 and the mail transfer server 20 illustrated in FIG. 2) is functionally conceptual, and is not necessarily physically illustrated as illustrated. It doesn't need to be configured. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

  In the above-described embodiments, each device (for example, the mail transfer server 20) that implements the present invention has been described in terms of functions. However, each function of each device executes a program on a computer such as a personal computer or a workstation. It can also be realized. That is, the various processing procedures described in the above embodiments can be realized by executing a prepared program on a computer. These programs can be distributed via a network such as the Internet. Further, these programs can be recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD, and can be executed by being read from the recording medium by the computer. In other words, for example, a CD-ROM storing the mail transfer server program as shown in the first embodiment is distributed, and each computer reads out and executes the program stored in the CD-ROM. Also good.

  As described above, the message delivery system, the message delivery method, and the message delivery program according to the present invention specify the sender of a message, determine whether the sender is permitted to send, and deliver the message to the recipient. This is useful in the case of, and in particular, is suitable for preventing a spoofing act of a sender and obtaining sufficient security in a transfer permission determination related to the sender.

It is a figure for demonstrating the concept of the message delivery based on a present Example. 1 is a block diagram illustrating a configuration of a message delivery system according to Embodiment 1. FIG. It is a figure which shows the information memorize | stored in an authentication information storage part. It is a figure which shows the information memorize | stored in a transmission permission information storage part. It is a sequence diagram which shows the process sequence from mail transmission to mail incoming. It is a figure which shows the receiving address of a reception mail, and a transmission origin address. It is a figure which shows the incoming call destination address and transmission origin address of a forwarding mail. It is a flowchart which shows the detail of a sender | caller identification process. It is a flowchart which shows the detail of a transfer determination process. It is a flowchart which shows the detail of a transfer process (source address replacement). It is a flowchart which shows the detail of a transfer process (destination address replacement). It is a figure which shows the incoming call destination address and transmission origin address of a forwarding mail. It is a block diagram which shows the structure of the message delivery system which concerns on Example 2. FIG. It is a figure which shows the information memorize | stored in a member ID memory | storage part. It is a figure which shows the receiving address of a reception mail, and a transmission origin address. It is a figure which shows the incoming call destination address and transmission origin address of a forwarding mail. It is a flowchart which shows the detail of a transfer process (source address replacement). It is a flowchart which shows the detail of a transfer process (destination address replacement). It is a block diagram which shows the structure of the message delivery system which concerns on Example 3. FIG. It is a figure which shows the information memorize | stored in an authentication information storage part. It is a figure which shows the information memorize | stored in a transmission permission information storage part. It is a figure which shows the receiving address of a reception mail, and a transmission origin address. It is a figure which shows the incoming call destination address and transmission origin address of a forwarding mail. It is a flowchart which shows the detail of a transfer determination process. It is a block diagram which shows the structure of the message delivery system which concerns on Example 4. FIG. It is a figure which shows the information memorize | stored in a transmission permission information storage part. It is a figure which shows the information memorize | stored in a callee information storage part. It is a figure which shows the receiving address of a reception mail, and a transmission origin address. It is a figure which shows the incoming call destination address and transmission origin address of a forwarding mail. It is a flowchart which shows the detail of a transfer determination process. It is a flowchart which shows the detail of a transfer process (destination address replacement). It is a figure which shows the information memorize | stored in the authentication information memory | storage part in another Example. It is a figure which shows the incoming call destination address of the reception mail in another Example, a transmission origin address, and a subject.

Explanation of symbols

1 User A Terminal 2 User B Terminal 3 User AIP (Internet Protocol) Network 4 User BIP Network 5 User A Mail Server 6 User B Mail Server 7 Internet 8 LAN (Local Area Network)
DESCRIPTION OF SYMBOLS 10 Data management server 11 Authentication information memory | storage part 12 Transmission permission information memory | storage part 20 Mail transfer server 21 Mail transmission / reception part 22 Caller identification part 23 Transfer determination part 24 Transfer processing part 25 Originator replacement part 26 Incoming destination replacement part

Claims (15)

A message delivery system that identifies a sender of a message, determines whether the caller is permitted to make a call, and delivers the message to the recipient,
Authentication information storage means for storing authentication information for authenticating the caller in association with caller identification information for uniquely identifying the caller;
Message accepting means for accepting a message containing authentication information of the caller;
Out of the caller identification information stored in the authentication information storage means, the caller identification means for acquiring the caller identification information corresponding to the authentication information included in the message and identifying the caller;
Transfer determination means for determining whether or not transmission is permitted for the caller identified by the caller identification means;
Transfer processing means for transferring a message whose transfer is permitted by the transfer determination means to the called party;
A message delivery system comprising:   2. The message delivery system according to claim 1, wherein when transferring a message whose transfer is permitted by the transfer determination unit, the transfer processing unit deletes the authentication information of the caller included in the message. . For each predetermined designation information, further comprising a transmission permission information storage means for storing the caller identification information of a caller permitted to transmit the message in association with each other,
The message receiving means receives a message further including the designation information;
The transfer determination means acquires caller identification information corresponding to the designation information included in the message from the caller identification information stored in the call permission information storage means, and is specified by the caller identification means. 3. The message according to claim 1, wherein transfer of the message is permitted on condition that the sender identification information of the sender is included in the sender identification information acquired from the transmission permission information storage means. Delivery system. The authentication information storage means stores the real address of each caller as the authentication information in association with the caller identification information,
The caller identification means extracts a caller address included in the message as the authentication information, acquires caller identification information associated with the caller address from the caller information storage means, and selects a caller. The message delivery system according to claim 1, wherein the message delivery system is specified.   5. The message delivery system according to claim 4, wherein the transfer processing means replaces a sender address included in the message with a public address by a predetermined process from the real address of the sender. . The transmission permission information storage means stores group identification information for uniquely identifying a predetermined group as the designation information, and is associated with the group identification information and is associated with the group identification information. Which remembers
The message delivery system according to claim 1, wherein the message accepting unit accepts a message including the group identification information as the designation information. A member information storage means for storing member identification information valid in the group in association with the recipient identification information for uniquely identifying the recipient;
The message delivery system according to claim 6, wherein the message accepting unit accepts a message including the member identification information instead of the recipient identification information as information for specifying the recipient of the message. . The call permission information storage means stores callee identification information for uniquely identifying a callee as the specified information, and is associated with the callee identification information and is allowed to send a message to the callee. Storing the caller identification information of the caller,
The message delivery system according to claim 3, wherein the message accepting unit accepts a message including the recipient identification information as the designation information. The transmission permission information storage means stores the recipient's public address as the designation information, and associates it with the public address, and identifies the sender identification information of the sender who is permitted to send a message to the recipient. Which remembers
6. The message delivery system according to claim 3, wherein the message accepting unit accepts a message having the public address as a destination address. A message delivery method for identifying a sender of a message, determining whether the caller is permitted to make a call, and delivering the message to the recipient,
An authentication information storage step for storing authentication information for authenticating the caller in the authentication information storage means in association with caller identification information for uniquely identifying the caller;
A message receiving step for receiving a message including authentication information of the caller;
From the sender identification information stored in the authentication information storage means, a sender identification step for acquiring the sender identification information corresponding to the authentication information included in the message and identifying the sender;
A transfer determination step for determining whether or not transmission is permitted for the caller identified by the caller identification step;
A transfer processing step of transferring a message whose transfer is permitted by the transfer determination step to the called party;
A message delivery method comprising:   11. The message delivery method according to claim 10, wherein the transfer processing step deletes the authentication information of the sender included in the message when the message whose transfer is permitted by the transfer determination step is transferred. . A transmission permission information storage step of storing in the transmission permission information storage means in association with the caller identification information of the caller permitted to transmit the message for each predetermined designation information;
The message accepting step accepts a message further including the designation information,
The transfer determination step acquires caller identification information corresponding to the designation information included in the message from the caller identification information stored in the call permission information storage means, and is specified by the caller identification step. 12. The message according to claim 10, wherein transfer of the message is permitted on condition that the sender identification information of the sender is included in the sender identification information acquired from the transmission permission information storage means. Shipping method. A message delivery program for identifying a sender of a message, determining whether transmission is permitted for the sender, and causing a computer to execute a method of delivering a message to a recipient,
An authentication information storage procedure for storing authentication information for authenticating the caller in the authentication information storage means in association with caller identification information for uniquely identifying the caller;
A message acceptance procedure for accepting a message including authentication information of the caller;
From among the caller identification information stored in the authentication information storage means, a caller identification procedure for acquiring the caller identification information corresponding to the authentication information included in the message and identifying the caller;
A transfer determination procedure for determining whether or not transmission is permitted for the caller identified by the caller identification procedure;
A transfer processing procedure for transferring a message whose transfer is permitted by the transfer determination procedure to the called party;
A message delivery program for causing a computer to execute.   14. The message delivery program according to claim 13, wherein the transfer processing procedure deletes the authentication information of the caller included in the message when the message whose transfer is permitted by the transfer determination procedure is transferred. . For each predetermined designation information, the computer further executes a transmission permission information storage procedure for storing in the transmission permission information storage means in association with the caller identification information of the caller permitted to transmit the message,
The message reception procedure receives a message further including the designation information,
The transfer determination procedure acquires the caller identification information corresponding to the designation information included in the message from the caller identification information stored in the call permission information storage means, and is specified by the caller identification procedure. 15. The message according to claim 13, wherein transfer of the message is permitted on condition that the sender identification information of the sender is included in the sender identification information acquired from the transmission permission information storage means. Delivery program.

Images