JP2006157212A - Mail server and program thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To eliminate the risk of eavesdropping in a process of transmitting electronic mail to a client having accessed via a radio LAN. <P>SOLUTION: It is determined whether the client is a client in a terrestrial LAN or a client in the radio LAN on the basis of the address of the access point from the client, and the electronic mail is transmitted in encrypted sentences to the client in the radio LAN. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a server that performs encrypted communication of electronic mail, and more particularly to prevention of eavesdropping in the process of transmitting electronic mail from a mail server to a client.

It has been proposed to encrypt an electronic mail and deliver it safely, or to apply an electronic signature to the electronic mail to confirm the sender and confirm that the electronic mail has not been tampered with (Patent Document 1). , 2). Incidentally, a client may access a mail server from a wireless LAN or the like. In this case, if an e-mail is transmitted to the client in plain text, there is a risk of eavesdropping on the way.
JP 2002-368823 A JP 2003-198632 A

A basic problem of the present invention is to eliminate the risk of eavesdropping when an e-mail is transmitted to a client that is accessed from an insecure environment such as a wireless LAN (claims 1 to 4).
An additional problem in the invention of claim 3 is to be able to promptly send an e-mail to a client accessing from a wireless LAN or the like.

  The mail server according to the present invention is a mail server comprising an e-mail encryption unit and a decryption unit. When the received e-mail is transmitted to the client, the e-mail server transmits the e-mail in plain text based on the access point of the client. And a discriminating means for deciding whether or not to transmit.

  Preferably, the discrimination means discriminates a client accessing at least from the access point through a wireless LAN, and transmits the ciphertext.

  Preferably, a mail box is provided for storing the e-mail received in cipher text in two forms, cipher text and plain text, and the cipher text in the mail box is determined based on the determination by the determination means. Or plain text to the client. However, it is not necessary to store all received e-mails in plaintext and ciphertext in the mailbox. For example, e-mails received in plaintext may be stored in the mailbox only in plaintext. In addition, the plaintext and the ciphertext are stored twice, for example, when there is an access from the destination client and the access point is identified.

  The mail server program according to the present invention is a mail server program comprising e-mail encryption means and decryption means. When the received e-mail is transmitted to the client, the plaintext is based on the access point of the client. And a command for determining whether to transmit in ciphertext.

  In the present invention, it is determined from where the access is based on the access point of the client, and when accessing from an insecure environment such as a wireless LAN, an e-mail is transmitted in ciphertext. For this reason, it is possible to safely send an e-mail to a client using a wireless LAN or the like (claims 1 to 4).

  If the received e-mail is stored in a mailbox in plain text and cipher text in double, it can be sent immediately when the client accesses the mail server and requests transmission.

  In the following, an optimum embodiment for carrying out the present invention will be shown.

  1 to 7 show an embodiment of the encrypted mail server 2 and the program 40 for the encrypted mail server. In FIG. 1, reference numeral 4 denotes a transmission / reception unit for transmitting / receiving e-mails and other files to / from a LAN, for example, and 6 is a WEB server for transmitting / receiving HTML documents and the like by HTTP. Reference numeral 8 denotes an encryption unit, which encrypts the electronic mail. Reference numeral 10 denotes a decryption unit, which decrypts the electronic mail into plain text. Reference numeral 12 denotes an electronic signature unit, which applies an electronic signature to an e-mail. Reference numeral 14 denotes an authentication unit which authenticates the e-mail with the electronic signature, confirms the sender, and has not been tampered with in the communication path. Check if.

  Reference numeral 16 denotes a determination unit that determines, for example, whether to transmit in ciphertext or plaintext, using the access point table 18 depending on where the client is accessing. Reference numeral 20 denotes a mail box, which is divided into, for example, a reception plaintext box 21 and a reception ciphertext box 22, and a transmission plaintext box 23 and a transmission ciphertext box 24.

  FIG. 2 shows the configuration of the access point table 18. This table 18 determines whether an e-mail is transmitted to the client in ciphertext or plaintext based on the address of the access point that the client has accessed. In FIG. 2, the transmission form is designated as ciphertext for an access point when accessing via a wireless router or the like from an environment that is not necessarily secure, such as a wireless LAN. In addition, an address is specified when accessing from a terrestrial LAN (LAN that is fixed on the ground and is composed of a safe signal line such as a copper wire or an optical fiber). When accessed from this address, an e-mail is transmitted in plain text. It is stipulated. In FIG. 2, it is defined that an e-mail is transmitted in ciphertext when accessed from an access point other than a wireless LAN or a terrestrial LAN, for example, when accessed from outside the LAN. The configuration of the access point table 18 can be variously changed. For example, only an access point that transmits an e-mail in a ciphertext is described, and if the access point is applicable, the e-mail is transmitted in a ciphertext. You may make it transmit with.

  The determination of whether to send an e-mail to the client in ciphertext or plaintext can also be made using, for example, the account table 30 in FIG. In this table 30, an account, a password, a mail address, and the like are described for the user name, a range of access addresses that allow the user to access the encrypted mail server 2 is defined, and an access address for sending an e-mail in plain text is defined. Specify the range and the range of access addresses to be sent in ciphertext.

  Then, when accessing from the first address range, it is transmitted in plain text, and when accessing from the second address range, for example, the address range corresponding to the wireless LAN, it is transmitted in cipher text. A plurality of pairs of address ranges for which access is permitted and a distinction between plaintext and ciphertext may be described side by side. If the range of addresses that the user is allowed to access is not limited, for example, a range of addresses using a wireless LAN as an access point is specified, and if access is made from addresses within this range, the encrypted text is transmitted. Also good.

  2 and 3 can be transferred to the administrator's terminal of the encrypted mail server 2 via the WEB server 6, and the data edited on the administrator's terminal can be used to store these tables. Can be overwritten. In this way, the administrator can appropriately change the standard for transmission in ciphertext or plaintext. Data communication with the administrator's terminal is not limited to an HTML document, but may be an XML document or the like.

  FIG. 4 shows an example of a program 40 for the encrypted mail server. Reference numeral 41 denotes a conversion command for decrypting an e-mail received in ciphertext into plaintext and converting an e-mail received in plaintext into ciphertext. It is an instruction. The mailbox creation command 24 is a command for managing a normal reception mailbox separately for plaintext and ciphertext. The access point determination instruction 43 creates the access point table 18 or creates a data column in the account table 30 that determines whether to transmit in plain text or cipher text according to the address range of the access point. . The access point determination command 43 further determines whether to transmit in ciphertext or plaintext from the access point accessed by the client. The selection command 44 reads and transmits an e-mail from either the reception plaintext box or the reception ciphertext box according to the determination of whether to transmit in plaintext or ciphertext. When the e-mail after transmission is deleted, it is deleted from both the plaintext box and the ciphertext box.

  FIG. 5 shows the configuration of an electronic mail system using the encrypted mail server 2, 51 is a terrestrial LAN, which is a safe communication path. An Internet facsimile machine 52 is a G3 facsimile transmission / reception and an Internet facsimile transmission / reception in an e-mail format, and is a shared printer and a shared scanner for the LAN 51. The encrypted mail server 2 may be incorporated in the Internet facsimile machine 52. A client 53 is a personal computer or the like. An administrator terminal 54 edits an access point table, an account table, and the like so that a range in which received e-mail is transmitted in ciphertext and a range in which plaintext is transmitted can be changed. 55 is a wireless router, which may be a bridge or the like, and 56 is a client connected via the wireless router 55. A client connected to the LAN 51 via the wireless router 55 is called a wireless client, and when the wireless client and access to the encrypted mail server 2 from outside the LAN 51 are permitted, such a client sends an e-mail. Is to be sent in ciphertext. The wireless client 56 is assumed to have a ciphertext decryption capability because the wireless LAN is not necessarily secure. An e-mail is transmitted in plain text to the client 53 and the like in the LAN 51. 57 is a router, 58 is a mail server outside the LAN 51, and the encrypted mail server 2 relays to / from the mail server 58 as viewed from the Internet facsimile machine 52, clients 53, 56, the terminal 54 of the administrator, etc. It is a server.

  The operation of the embodiment is shown in FIGS. In the description here, the reference numerals of FIGS. 1 to 5 are used. The encrypted mail server 2 accesses the external mail server 58 using, for example, the account name of the client, inquires about the presence or absence of the received email, and receives the received email from the mail server 58 (step 1). . It is determined whether the received e-mail is ciphertext or plaintext (step 2), and if it is ciphertext, it is stored in the reception ciphertext box, decrypted into plaintext by the decryption unit 10, and also stored in the reception plaintext box. (Step 3 to Step 5). If the e-mail is plaintext, it is stored in the reception plaintext box, encrypted by the encryption unit, and stored in the reception ciphertext box (steps 6 to 8). As a result, regardless of whether the form at the time of reception is ciphertext or plaintext, the e-mail is stored in the mailbox in duplicate with the ciphertext and plaintext.

  When the encrypted mail server 2 is accessed from a client and transmission of a received e-mail is requested (step 11), a client accessing from a wireless LAN or a client accessing from a terrestrial LAN from the access point address Is determined (step 12). An e-mail of the ciphertext stored in the receiving ciphertext box is transmitted to the client accessing from the wireless LAN (step 13), and the receiving e-mail is transmitted to the client accessing from the terrestrial LAN. The electronic mail stored in the plain text box is transmitted (step 14). When the client requests to delete the transmitted e-mail, both of the e-mails stored twice in the receiving plaintext box and the receiving ciphertext box are deleted.

In the embodiment, the following effects can be obtained.
(1) Since an e-mail is transmitted in encrypted text to a client that requests transmission via an insecure communication path such as a wireless LAN, there is no fear of eavesdropping.
(2) When an e-mail is received from an external mail server, the ciphertext and plaintext are stored twice in advance in the mailbox, so that when a request for transmission is made from a client, it can be sent quickly.

  In the embodiment, the encrypted mail server 2 is shown as a mail server that relays between the external mail server 58 and the client. However, the external mail server 58 may not be provided. In the embodiment, when an e-mail is received from the mail server 58, the ciphertext and plaintext are stored in the mailbox twice. However, when the client requests a list of received e-mails, the encryption or Decryption may be performed and stored twice. In extreme cases, encryption or decryption may be performed when there is a transmission request from a client. In particular, in this case, if the client is a client in the terrestrial LAN with an e-mail received in plain text, encryption is not necessary. If the client is accessing from a wireless LAN by e-mail received in ciphertext, decryption is not necessary. Further, in response to an e-mail addressed to a user who has been determined in advance whether to send in plain text or cipher text from the account table 30, e-mail of either cipher text or plain text is sent according to the account table 30. What is necessary is just to store in a box, and it is not necessary to store a ciphertext and a plaintext twice.

Block diagram of the encryption mail server of the embodiment The figure which shows the access point table in an Example typically The figure which shows the account table in an Example typically Block diagram of the program of the embodiment Block diagram of an e-mail system using the encryption mail server of the embodiment The flowchart which shows the process when the encryption mail server of an Example receives an email from an external mail server The flowchart which shows the process at the time of the encryption mail server of an Example transmitting an email to a client

Explanation of symbols

2 Encrypted Mail Server 4 Send / Receive Unit 6 Web Server 8 Encrypting Unit 10 Decrypting Unit 12 Electronic Signature Unit 14 Authentication Unit 16 Discriminating Unit 18 Access Point Table 20 Mail Box 21 Receiving Plain Text Box 22 Receiving Cipher Text Box 23 Sending Plain Text Box 24 Transmission ciphertext box 30 Account table 40 Cryptographic mail server program 41 Conversion command 42 Mailbox creation command 43 Access point discrimination command 44 Selection command 51 Terrestrial LAN
52 Internet facsimile machine 53, 56 Client 54 Administrator terminal 55 Wireless router 57 Router 58 Mail server

Claims (4)

In a mail server provided with e-mail encryption means and decryption means,
A mail server, comprising: a discriminating means for deciding whether to transmit in plain text or cipher text based on an access point of a client when a received electronic mail is transmitted to the client. 2. The mail server according to claim 1, wherein the determination means determines a client that is accessing at least from the access point through a wireless LAN, and transmits the client in ciphertext. Provided with a mailbox for storing e-mail received in ciphertext in two forms, ciphertext and plaintext, and based on the determination by the discrimination means, either ciphertext or plaintext in the mailbox 3. The mail server according to claim 1, wherein the mail server is transmitted to a client. In a program for a mail server provided with an e-mail encryption means and a decryption means,
A program for a mail server, comprising an instruction for deciding whether to send plaintext or ciphertext based on an access point of a client when sending received e-mail to a client .

Images