JP2007053569A - Electronic mail security device and system therefor - Google Patents

Electronic mail security device and system therefor Download PDF

Info

Publication number
JP2007053569A
JP2007053569A JP2005237104A JP2005237104A JP2007053569A JP 2007053569 A JP2007053569 A JP 2007053569A JP 2005237104 A JP2005237104 A JP 2005237104A JP 2005237104 A JP2005237104 A JP 2005237104A JP 2007053569 A JP2007053569 A JP 2007053569A
Authority
JP
Japan
Prior art keywords
mail
encryption
received
electronic mail
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2005237104A
Other languages
Japanese (ja)
Inventor
Hiroyasu Nakanishi
弘泰 中西
Original Assignee
Matsushita Electric Works Ltd
松下電工株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Works Ltd, 松下電工株式会社 filed Critical Matsushita Electric Works Ltd
Priority to JP2005237104A priority Critical patent/JP2007053569A/en
Publication of JP2007053569A publication Critical patent/JP2007053569A/en
Application status is Pending legal-status Critical

Links

Images

Abstract

PROBLEM TO BE SOLVED: To provide an electronic mail security apparatus for improving mail security and an electronic mail security system including the apparatus and an electronic mail server.
According to the present invention, the data is transmitted and received between the e-mail server 101 and the plurality of e-mail clients 102 by being inserted into transmission paths 13 and 14 between the e-mail server 101 and the plurality of e-mail clients 102. The e-mail security device 11 that relays e-mails and executes processing for ensuring e-mail security communicates with the first communication unit that communicates with the e-mail server 101 and the e-mail client 102. When an e-mail is received by the second communication unit and the second communication unit, the message part and attached file of the e-mail are encrypted, and the encrypted e-mail is transferred to the e-mail server 101 by the first communication unit. And an e-mail encryption unit.
[Selection] Figure 1

Description

  The present invention relates to an electronic mail security apparatus for improving electronic mail security, and an electronic mail security system including the electronic mail security apparatus and an electronic mail server.

  With the recent development of communication technology, a system called e-mail, which exchanges data with recorded messages between computers connected to a network, has become widespread. Note that, in addition to such a system, an email may refer to data in which this message is recorded. In the present specification, the former is hereinafter referred to as an “e-mail system” and the latter is referred to as “mail”. It shall be called.

  FIG. 8 is a diagram showing a conventional electronic mail system. In FIG. 8, a conventional e-mail system 100 includes a plurality of e-mail clients 102 (102-A, 102-B,..., 102-N) serving as mail senders and receivers, and mail senders and receivers. An e-mail server 101 that performs mail management with the main person is provided, and the e-mail server 101 and the e-mail client 102 are connected to each other via a network 103 so that they can communicate with each other. When sending and receiving mail between the email clients 102, the email is first sent from the sending email client 102 to the email server 101 using a transmission protocol, for example, SMTP (Simple Mail Transfer Protocol). 101 is accumulated. Then, the mail is received from the e-mail server 101 by the receiving e-mail client 102 using a receiving protocol such as POP3 (Post Office Protocol ver. 3) or APOP (Authenticated Post Office Protocol).

In the system (not shown) in which there are a plurality of e-mail systems 100 shown in FIG. 8 and each e-mail server 101 of each e-mail system 100 is connected to be communicable with each other via a network, one e-mail system 100 When an email is sent from one email client 102 to an email client 102 of another email system 100, the email sent from the email client 102 of one email system 100 is the electronic mail of the one email system 100. From the mail server 101, for example, it is sequentially transferred by the email server 101 by SMTP, transmitted to the email server 101 of the other email system 100, and received by the email client 102 of the other email system 100 (for example, , Non-special References 1).
Satoshi Funada, "Basics of Internet Fundamentals", 13th to 15th, [online], 1997-2003, CQ Publisher, [Search June 29, 2005], Internet <URL: http // www. cqpub. co. jp / od / rensai / inter / itindex. htm

  By the way, in the conventional electronic mail system 100, in order to ensure confidentiality, integrity, and authentication with respect to the mail, it is necessary for the electronic mail client 102 to execute processing for ensuring these.

  Therefore, there is a disadvantage that this process is troublesome for the user of the e-mail client 102. In addition, there is a disadvantage that it is difficult for a user who has insufficient knowledge about the processing to execute the processing.

  In addition, it is necessary to install software for performing this process for each e-mail client 102, which is disadvantageous in that it is costly.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an electronic mail security apparatus that improves the security of mail by ensuring confidentiality, integrity, or authentication of the mail. And An object of the present invention is to provide an electronic mail security system including such an electronic mail security device and an electronic mail server.

  In general, confidentiality refers to ensuring that a message is not peeped, and integrity, also called authenticity, refers to ensuring that the message is genuine and not falsified, Authentication means ensuring that the sender of the message is the principal.

  As a result of various studies, the present inventor has found that the above object is achieved by the present invention described below. That is, in one aspect according to the present invention, an e-mail inserted in a transmission path between an e-mail server and a plurality of e-mail clients is transmitted / received between the e-mail server and the plurality of e-mail clients. In the electronic mail security device that relays and executes processing for ensuring the security of the electronic mail, a first communication unit that communicates with the electronic mail server and a first communication that communicates with the plurality of electronic mail clients When the electronic mail is received by the two communication units and the second communication unit, the message part and / or the attached file of the received electronic mail is encrypted, and the message part and / or the attached file is encrypted. And an e-mail encryption unit that transfers mail to the e-mail server by the first communication unit.

  In the above-described electronic mail security apparatus, the electronic mail encryption unit includes an electronic mail encryption key for encrypting a message part of the received electronic mail and / or a file encryption for encrypting an attached file of the received electronic mail. The key is obtained from a mail encryption key server that manages a mail encryption key and / or a file encryption key server that manages a file encryption key.

  Further, in the above-described electronic mail security device, when the first communication unit receives an email in which the message part and / or the attached file is encrypted, the message part and / or attachment of the received electronic mail is received. An e-mail decrypting unit that decrypts the file and transfers the e-mail obtained by decrypting the message unit and / or the attached file to the destination e-mail client by the second communication unit is further provided.

  The above-described electronic mail security device further includes an electronic mail signature unit that applies a digital signature to the received electronic mail and / or attached file when the second communication unit receives the electronic mail. Features.

  Further, in the above-described electronic mail security device, the electronic mail signature unit further receives the electronic mail and / or the digitally signed attached file received by the first communication unit. Verifying the digital signature of the e-mail and / or the digital signature of the attached file, and attaching a message to the received e-mail indicating that the verification of the digital signature failed if the verification of the digital signature fails. Features.

  Further, in the above-described electronic mail security apparatus, the electronic mail signature unit may receive an electronic mail verification key for verifying the digital signature of the received electronic mail and / or a file verification key for verifying the digital signature of the attached file. It is obtained from a mail verification key server that manages a verification key and / or a file verification key server that manages a file verification key.

  In the above-described electronic mail security device, the electronic mail client of the electronic mail transmission source is set with the mail encryption setting information indicating whether or not the electronic mail is encrypted in association with the electronic mail address of the electronic mail transmission destination. Further comprising a mail encryption setting information storage unit for storing each set of an identifier and an email address for identifying the email, wherein the email encryption unit includes the identifier and email address at the transmission source of the received email The mail encryption setting information corresponding to the destination email address of the received e-mail is a setting for encrypting the e-mail. Encryption of a message part in electronic mail is performed.

  In the above-described electronic mail security device, the mail encryption setting information storage unit further includes a file indicating whether or not to encrypt an electronic mail attachment file in association with an electronic mail address of an electronic mail transmission destination. Encryption setting information is stored for each set of an identifier and an email address for identifying an email client that is an email transmission source, and the email encryption unit is configured to store the identifier at the source of the received email. The file encryption setting information of the set of the email address and the file encryption setting information corresponding to the destination email address of the received email is a setting for encrypting the email The encryption of the attached file in the received electronic mail is executed.

  Furthermore, in the above-described electronic mail security apparatus, the electronic mail encryption setting information storage unit further stores an expiration date of decryption in association with an electronic mail address of an electronic mail transmission destination, and the electronic mail encryption unit Performs the decryption of the message part and / or the attached file in the received e-mail when the expiration date corresponding to the e-mail address of the destination of the received e-mail is within the expiration date. And

  In the above-described electronic mail security device, the electronic mail client of the electronic mail transmission source is used to set the electronic mail signature setting information as to whether or not to digitally sign the electronic mail in association with the electronic mail address of the electronic mail transmission destination. Further comprising a mail signature setting information storage unit for storing each pair of an identifier and an email address for identifying the email signature, the email signature unit including the identifier and email address at the transmission source of the received email The received e-mail when the e-mail signature setting information corresponding to the e-mail address of the destination of the received e-mail is set to apply a digital signature to the e-mail The digital signature is executed.

  In the electronic mail security apparatus described above, the mail signature setting information storage unit further includes a file indicating whether or not to attach a digital signature to an attached file of an electronic mail in association with an electronic mail address of an electronic mail transmission destination. The signature setting information is stored for each set of an identifier and an email address for identifying an email client that is the sender of the email, and the email signature unit includes the identifier at the sender of the received email When the file signature setting information is a set with an e-mail address and the file signature setting information corresponding to the e-mail address of the destination of the received e-mail is a setting for applying a digital signature to the attached file of the e-mail In addition, the digital signature of the attached file of the received e-mail is executed. The features.

  Furthermore, in the above-described electronic mail security apparatus, the electronic mail signature setting information storage unit further stores an expiration date of the digital signature in association with an electronic mail address of an electronic mail transmission destination, and the electronic mail encryption unit includes The digital signature of the message part and / or the attached file in the received e-mail is executed when the expiration date corresponding to the e-mail address of the destination of the received e-mail is within the expiration date To do.

  In another aspect of the present invention, an electronic mail server and a transmission path between the electronic mail server and a plurality of electronic mail clients are inserted between the electronic mail server and the plurality of electronic mail clients. In an email security system comprising an email security device that relays emails sent and received between them and executes processing for ensuring the security of emails, the email security device is one of the above This is an electronic mail security device.

  In the electronic mail security device and the electronic mail security system configured as described above, when an electronic mail transmitted and received between the electronic mail server and the electronic mail client is an electronic mail security device and includes an electronic mail encryption unit, Encrypting and decrypting if an email decryption unit is provided, and if an email signature unit is provided, at least one of digital signature and digital signature verification is performed. Does not have to execute the process for securing the mail each time the mail is sent and received. For this reason, the user is freed from the troublesome process of securing the mail, and even if the knowledge about the process is insufficient, the user can secure the mail.

  In addition, since the process for security of mail is collectively executed by the electronic mail security apparatus, it is not necessary to install software for each electronic mail client, and the cost can be reduced.

Embodiments according to the present invention will be described below with reference to the drawings. In addition, the structure which attached | subjected the same code | symbol in each figure shows that it is the same structure, The description is abbreviate | omitted.
(Configuration of the embodiment)
FIG. 1 is a block diagram showing a configuration of an electronic mail system in the embodiment. FIG. 2 is a block diagram showing the configuration of the electronic mail security apparatus.

  In FIG. 1, an e-mail system 1 includes a plurality of e-mail clients 102 (102-A, 102-B,..., 102-N) that are mail senders and receivers, and a mail sender and receiver. An e-mail server 101 that manages e-mail between them, an e-mail security apparatus 11 that attempts to secure e-mail between the e-mail client 102 and the e-mail server 101 and relays e-mail, and manages public keys The electronic mail security apparatus 11, the electronic mail server 101, and the public key server 12 are communicably connected to each other via a network 13, and the electronic mail security apparatus 11 and the electronic mail are connected to each other. The client 102 is connected to the network 14 so that they can communicate with each other. .

  The networks 13 and 14 may be the same network, such as a LAN (Local Area Network) laid in an apartment house, for example, or the network 14 may be a LAN laid in a dwelling unit and the network 13 may be an external network. Different networks may be used. In this case, the network 14 is a LAN transmission path of a wired medium such as 1000BASE-T, 100BASE-T, or 10BASE-T, or a wireless medium such as infrared rays or radio waves, and data is transmitted using a predetermined communication protocol. . The network 14 forms an intranet using a communication protocol such as HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), SMTP, POP3, and TCP / IP (Transmission Control Protocol / Internet Protocol). To do. The network 13 is, for example, a telephone network, a digital communication network, a wireless communication network, and the like, and data is transmitted using a predetermined communication protocol. The network 13 configures the Internet by using, for example, the Internet protocol group as a communication protocol.

  In the present embodiment, the electronic mail security apparatus 11, the electronic mail server 101, and the public key server 12 are configured to be connected via the network 13, but the electronic mail security apparatus 11, the electronic mail server 101, Or a network connecting the electronic mail security apparatus 11 and the public key server 12 may be configured as separate networks.

  The e-mail server 101 is a server computer that has a communication function and manages mail delivery between the e-mail client 102 on the mail transmission side and the e-mail client 102 on the mail reception side. The e-mail server 101 is configured in the same manner as the background art. For example, the e-mail server 102 distributes mail received from the e-mail client 102 to a mailbox according to the e-mail address, or stores it in another e-mail system 1. A function of forwarding to a mail 101, a function of relaying mail between electronic mail servers 101 of different electronic mail systems 1, a function of transmitting mail in a mailbox in response to a request from the electronic mail client 102, and the like.

  The e-mail client 102 is configured in the same manner as the background art, has a communication function, and generates e-mail software (e.g., e-mail transmission using SMTP, and e-mail reception (e.g., using POP3)). This is a computer equipped with at least a mailer.

  The electronic mail security device 11 is inserted between the network 13 and the network 14 and includes an electronic mail server 101 and a plurality of electronic mail clients 102 (102-A, 102-B,..., 102-N). It is an apparatus that relays mail sent and received between them and executes processing for securing mail in order to ensure mail security. As described above, the electronic mail security device 11 is arranged at a position where mail transmitted and received by the electronic mail client 102 is surely relayed, for example, in a distribution board. For example, as shown in FIG. 2, the electronic mail security device 11 includes an arithmetic processing unit 21, a storage unit 22, and first and second communication interface units 23 and 24.

  The first communication interface unit 23 is an interface circuit that is connected to the network 13 and transmits / receives communication signals to / from the electronic mail server 101 and the public key server 12 via the network 13. A communication signal according to the communication protocol of the network 13 is created based on the data from the network 13 and the communication signal from the network 13 is converted into data in a format that can be processed by the arithmetic processing unit 21. The second communication interface unit 24 is an interface circuit that is connected to the network 14 and transmits / receives communication signals to / from the email client 102 via the network 14, and is based on data from the arithmetic processing unit 21. Thus, a communication signal in accordance with the communication protocol of the network 14 is created and the communication signal from the network 14 is converted into data in a format that can be processed by the arithmetic processing unit 21.

  The storage unit 22 functionally includes a setting information storage unit 221 that stores setting information and a secret key storage unit 222 that stores a secret key, and includes various programs such as a security program for securing mail, Various data such as data necessary for execution of various programs and data generated during the execution are stored. The storage unit 22 includes, for example, a volatile storage element such as a RAM (Random Access Memory) serving as a so-called working memory of the arithmetic processing unit 21, a non-volatile storage element such as a ROM (Read Only Memory), setting information, EEPROM (Electrically Erasable Programmable Read Only Memory), which is a rewritable non-volatile storage element, and a relatively large capacity storage device according to a capacity sufficient to store data that may be rewritten such as a secret key It is comprised with the hard disk etc. which are.

  FIG. 3 is a diagram showing the configuration of a setting information table corresponding to a set of source e-mail clients and e-mail addresses. FIG. 4 is a diagram showing the configuration of the secret key table.

  The setting information is information indicating the type of processing to be performed for securing the mail transmitted by the e-mail client 102. Types of processing include, for example, processing to be performed on the mail body and processing to be performed on the attached file of the mail. Whether or not to perform a digital signature on the mail, and processing to be performed on the attached file, for example, whether to encrypt the attached file and the attached file Whether or not to perform a digital signature. The setting information is prepared for each set of the e-mail client 102 of the mail transmission source and the e-mail address of the transmission source, and is stored in the setting information storage unit 221 in a table format, for example. A setting information table 30 for registering setting information corresponding to an e-mail client that is a sender of a set of mails and an e-mail address that is a sender of the mails is subject to security as shown in FIG. 3, for example. Target mail field 31 for registering information for identifying and identifying the mail, expiration date field 32 for registering the validity period of the setting information, information on whether or not to encrypt the message part of the mail (mail encryption setting) E-mail encryption setting information field 33 for registering information), digital signature setting information field 34 for registering information (e-mail signature setting information) as to whether or not to digitally sign mail, and encryption for attached files of mail Attached file encryption setting information field for registering information (file encryption setting information) 35, and configured to include the fields of attachment digital signature setting information field 36 for registering information on whether or not performing a digital signature to email attachments (file signatures setting information).

  In the target mail field 31, in the present embodiment, a destination e-mail address is registered, and a mail to be secured is specified by this e-mail address. Therefore, a record is created in the setting information table 30 according to the e-mail address to be secured. The setting information table 30 is associated with a set of an identifier for identifying and identifying the e-mail client 102 and a source e-mail address.

  In the present embodiment, the expiration date is registered, for example, by year / month / date / time. However, the expiration date may be an arbitrary time unit such as year / month / day or year / month / day.

  In the present embodiment, for example, processing of the field is performed on the e-mail encryption setting information field 33, the digital signature setting information field 34, the attached file encryption setting information field 35, and the attached file digital signature setting information field 36. "Valid" is registered when applying, and "Invalid" is registered when not processing the field, but if it is possible to identify and identify whether or not the field is processed, Any code string (including one code) may be used.

  In this embodiment, since the secret key is encrypted and digitally signed, the secret key for decryption (hereinafter referred to as “decryption secret key”) and the secret for digital signature are used. Key (hereinafter referred to as “digital signature private key”). The secret key is stored in the secret key storage unit 222 in a table format, for example. As shown in FIG. 4, for example, the secret key table 40 for registering a secret key includes an e-mail address field 41 for registering an e-mail address, a decryption secret key field 42 for registering a decryption secret key, and a digital key. Each field includes a digital signature private key field 43 for registering a signature private key, and a record is created for each electronic mail address. Here, the secret key is registered in advance in the secret key table 40 from the e-mail client 102 or using the unillustrated input device or setting tool before the e-mail security apparatus 11 is operated.

  Returning to FIG. 2, the arithmetic processing unit 21 includes, for example, a microprocessor and its peripheral circuits, and functionally includes an e-mail filter unit 211 that searches for a mail from a communication signal, and an e-mail filter unit 211. An e-mail encryption / decryption signature unit 212 that encrypts and decrypts the e-mail according to a predetermined condition and performs digital signature and verification of the found e-mail, and counts the year / month / day / time and the e-mail encryption / decryption signature unit 212 A calendar unit 213 that returns the current year / month / date / time in response to the inquiry and a setting unit 214 that stores the predetermined condition in the storage unit 22, and the storage unit 22, the first and second communication interfaces according to the control program. The units 23 and 24 are controlled according to the functions.

  Returning to FIG. 1, the public key server 12 is a server computer that has a communication function, manages the public key, and provides the public key in response to a request from the electronic mail security apparatus 11.

  FIG. 5 is a diagram showing the configuration of the public key table. Since the public key is encrypted and digitally signed in this embodiment, the public key for encryption (hereinafter referred to as “public key for encryption”) and the digital signature are verified. Public key (hereinafter referred to as “digital signature verification public key”). The public key is managed in a table format, for example. For example, as shown in FIG. 5, the public key table 60 for registering the public key includes an e-mail address field 61 for registering an e-mail address, an encryption public key field 62 for registering an encryption public key, and a digital key. Each field includes a digital signature public key field 63 for registering a signature verification public key, and a record is created for each e-mail address.

  The cipher of the present invention may be a common key cipher such as DES (Data Encryption Standard), Triple DES, or AES (Advanced Encryption Standard), but in this embodiment, as described above, for example, RSA (Rivest-Shamir-Adleman). ), Public key cryptography such as EIGamal and Rabin. Note that when the common key encryption is adopted, the public key server 12 is not necessary.

  Here, the arithmetic processing unit 21 of the e-mail security device 11 corresponds to an example of an e-mail encryption unit in claims, corresponds to an example of an e-mail decryption unit in claims, and also an example of an e-mail signature unit It corresponds to. The setting information storage unit 221 in the storage unit 22 of the electronic mail security apparatus 11 corresponds to an example of an email encryption setting information storage unit in claims, and corresponds to an example of an email signature setting information storage unit in claims.

  The public key server 12 corresponds to an example of a mail encryption key server in claims, corresponds to an example of a file encryption key server in claims, corresponds to an example of an email verification key server in claims, This corresponds to an example of a file verification key server. The public key for encryption corresponds to an example of a mail encryption key in claims, and corresponds to an example of a file encryption key in claims. The public key for digital signature verification corresponds to an example of a mail verification key in claims, and corresponds to an example of a file verification key in claims.

Next, the operation of this embodiment will be described.
(Operation of the embodiment)
First, a case where setting information is stored in the setting information storage unit 221 will be described. The user of the email client 102 accesses the email security device 11 from the email client 102 and inputs setting information to the email client 102. For example, the setting unit 214 has a web server function, and when accessed from the web browser of the e-mail client 102, the setting unit 214 displays a page for inputting setting information on the e-mail client 102. Wait for input.

  When the setting information is input, the e-mail client 102 transmits the setting information together with the apparatus identifier and the e-mail address to the e-mail security apparatus 11 in order to register the setting information in the e-mail security apparatus 11.

  When the setting information is received, the setting unit 214 in the arithmetic processing unit 21 of the e-mail security apparatus 11 registers the setting information in the setting information table 30 in association with the set of the device identifier and the e-mail address. The information is stored in the information storage unit 221.

  By operating in this way, setting information can be registered in the electronic mail security apparatus 11 from the electronic mail client 102. For this reason, the user of the e-mail client 102 determines whether to encrypt the mail, whether to digitally sign the mail, whether to encrypt the mail attachment, and the digital signature to the mail attachment. Whether or not to do so can be individually set according to the desire. Then, an expiration date can be set for the process set to execute. Further, by using the web browser as in the above-described example, the user can easily store the setting information in the setting information storage unit 221 of the electronic mail security apparatus 11.

  Next, a case where the e-mail client 102 transmits mail will be described. The user of the e-mail client 102 creates a mail using the e-mail software of the e-mail client 102 and instructs the e-mail software to transmit the created mail. Upon receiving this instruction, the e-mail software of the e-mail client 102 transmits the created e-mail to the e-mail server 101. This mail is relayed by the electronic mail security apparatus 11 and transmitted to the electronic mail server 101. At the time of this relay, the electronic mail security device 11 performs the following processes on the mail according to the setting information from the electronic mail client 102 by operating as follows.

  FIG. 6 is a flowchart showing the operation of the electronic mail security apparatus when a communication signal is received by the second communication interface unit. In FIG. 6, when the email filter unit 211 in the arithmetic processing unit 21 of the email security device 11 receives a communication signal via the second communication interface unit 24 (S11), the received communication signal is a mail. Whether or not (S12). In this embodiment, this determination is performed by referring to the transmission destination port number of the TCP header, for example. For example, when mail is transmitted by SMTP, the determination is performed based on whether or not the transmission destination port number is 25. Is done. When the transmission destination port number is 25, it is determined that the mail is mail, and when the transmission destination port number is not 25, it is determined that the mail is not mail.

  If the received communication signal is not mail (No) as a result of the determination in step S12, the e-mail filter unit 211 transfers the received communication signal to its destination via the first communication interface unit 23. (S22).

  On the other hand, if the result of determination in step S12 is that the received communication signal is a mail (Yes), the e-mail filter unit 211 notifies the e-mail encryption / decryption signature unit 212 of the received communication signal. Upon receiving this notification, the e-mail encryption / decryption signature unit 212 determines whether or not there is an attached file in the received communication signal (mail) (S13).

  This determination will be explained more specifically. By reading a plaintext identification code (for example, a MIME code) included in the received communication signal (mail), it is determined whether or not there is an attached file in the received communication signal (mail). Is judged.

  If there is no attached file in the received communication signal (email) as a result of the determination in the process S13 (No), the e-mail encryption / decryption signature unit 212 executes a process S18 described later, while the determination results in the reception. If the attached communication signal (mail) includes an attached file (Yes), the e-mail encryption / decryption signature unit 212 determines whether the attached file is a digital signature (S14).

  This determination will be described more specifically. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 first receives a notification in order to identify the setting information table 30 corresponding to the received communication signal (mail). The MAC address is acquired from the transmission source address of the header of the data link layer in the communication signal, and the e-mail address is acquired from the transmission source address of the header of the network layer. Next, the e-mail encryption / decryption signature unit 212 searches the setting information table corresponding to the acquired MAC address and e-mail address. Next, in order to specify the target record in the setting information table 30, the e-mail encryption / decryption signature unit 212 acquires an e-mail address from the transmission destination address in the header of the network layer. Next, the e-mail encryption / decryption signature unit 212 searches for the record registered in the target e-mail field 31 in the retrieved setting information table 30 for the acquired e-mail address of the transmission destination, and attaches it to the retrieved record The file signature setting information is acquired from the file digital signature setting information field 36. Then, the e-mail encryption / decryption signature unit 212 determines whether the acquired file signature setting information is “valid” or “invalid”. As a result of the determination, if the file signature setting information is “invalid”, it is determined that the attached file is not a digital signature target. On the other hand, if the file signature setting information is “valid”, the attached file is digital. Judged to be the subject of signature.

  If the result of determination in step S14 is that the attached file is not the subject of a digital signature (No), the e-mail encryption / decryption signature unit 212 executes step S16 described later. If it is a signature target (Yes), after digitally signing the attached file (S15), the process S16 is executed.

  The digital signature processing of the attached file will be described more specifically. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 first determines the target record in the secret key table 40 in step S13. An e-mail address is acquired from the transmission source address in the header of the network layer in the received communication signal. Next, the e-mail encryption / decryption signature unit 212 searches for a record in which the acquired e-mail address is registered in the e-mail address field 41, and the digital signature secret is obtained from the digital signature private key field 43 in the searched record. Get the key. Then, the e-mail encryption / decryption signature unit 212 digitally signs the attached file using the digital signature private key.

  In the digital signature of the attached file, the e-mail encryption / decryption signature unit 212 may apply a digital signature to the data of the attached file, or obtain a hash value in the attached file data by a one-way hash function. A digital signature may be applied to the hash value.

  As the electronic mail security apparatus 11 operates in this way, a digital signature is applied to the attached file, and the integrity and authentication of the attached file are ensured.

  In step S16, the e-mail encryption / decryption signature unit 212 determines whether the attached file is an encryption target.

  This determination will be described more specifically. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 acquires file encryption setting information from the attached file encryption setting information field 35 in the record searched in step S14. Then, the e-mail encryption / decryption signature unit 212 determines whether the acquired file encryption setting information is “valid” or “invalid”. As a result of this determination, if the file encryption setting information is “invalid”, it is determined that the attached file is not subject to encryption. On the other hand, if the file encryption setting information is “valid”, the attached file is determined. Are determined to be encrypted.

  As a result of the determination in the process S16, when the attached file is not the object of encryption (No), the e-mail encryption / decryption signature unit 212 executes a process S18 to be described later. If the file is to be converted (Yes), the e-mail encryption / decryption signature unit 212 encrypts the attached file (S17), and then executes the process S18.

  More specifically, the process of encrypting the attached file will be described. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 first determines the destination of the network layer header in order to identify the destination of the mail. Get email address from address. Next, the e-mail encryption / decryption signature unit 212 requests the acquired e-mail address and the encryption public key to acquire the encryption public key corresponding to the acquired e-mail address; Is generated, and the public key request signal for encryption is transmitted to the public key server 12 via the first communication interface unit 23.

  When the public key server 12 receives the encryption public key request signal, the public key server 12 searches the public key table 60 for a record in which the e-mail address accommodated in the encryption public key request signal is registered. The encryption public key is acquired from the encryption public key field 62 in the record. Then, the public key server 12 creates a communication signal (encryption public key reply signal) containing the email address accommodated in the encryption public key request signal and the obtained encryption public key. To the electronic mail security device 11.

  When this encryption public key reply signal is received, the e-mail encryption / decryption signature unit 212 in the arithmetic processing unit 21 of the e-mail security apparatus 11 sends the encryption public key contained in the encryption public key reply signal. Encrypt the attached file using the key.

  Thus, by operating the electronic mail security apparatus 11, the attached file is encrypted, and the confidentiality of the attached file is ensured.

  In step S18, the e-mail encryption / decryption signature unit 212 determines whether or not the received communication signal (mail) is a digital signature target.

  This determination will be described more specifically. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 acquires e-mail signature setting information from the digital signature setting information field 34 in the record searched in step S14. Then, the e-mail encryption / decryption signature unit 212 determines whether the acquired mail signature setting information is “valid” or “invalid”. If the mail signature setting information is “invalid” as a result of this determination, it is determined that the received communication signal (mail) is not a digital signature target, while the mail signature setting information is “valid”. The received communication signal (mail) is determined to be the object of the digital signature.

  If the received communication signal (mail) is not the subject of the digital signature (No) as a result of the determination in step S18, the e-mail encryption / decryption signature unit 212 executes step S20 described later, As a result, when the received communication signal (mail) is the subject of the digital signature (Yes), the e-mail encryption / decryption signature unit 212 executes the process S20 after digitally signing the mail (S19).

  More specifically, the processing of the digital signature on the mail will be described. For example, in the present embodiment, the e-mail encryption / decryption signature unit 212 first operates from the private key table 40 by operating in the same manner as the processing S15. Obtain a private key. Then, the e-mail encryption / decryption signature unit 212 digitally signs the mail using the digital signature private key.

  The mail is composed of a header part that contains header information and a message part that contains a message. In the digital signature of this mail, the e-mail encryption / decryption signature part 212 applies a digital signature to the data in the message part. Alternatively, a hash value in the message part data may be obtained by a one-way hash function, and a digital signature may be applied to the obtained hash value.

  By operating the electronic mail security apparatus 11 in this way, the digital signature is applied to the mail, and the integrity and authentication of the mail are ensured.

  In process S20, the e-mail encryption / decryption signature unit 212 determines whether or not the communication signal (e-mail) is an object to be encrypted.

  This determination will be described more specifically. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 acquires e-mail encryption setting information from the e-mail encryption setting information field 33 in the record searched in step S14. Then, the e-mail encryption / decryption signature unit 212 determines whether the mail encryption setting information is “valid” or “invalid”. As a result of the determination, if the mail encryption setting information is “invalid”, it is determined that the received communication signal (mail) is not an object of encryption, while the mail encryption setting information is “valid”. In some cases, it is determined that the received communication signal (mail) is an object to be encrypted.

  If the received communication signal (mail) is not subject to encryption (No) as a result of the determination in step S20, the e-mail encryption / decryption signature unit 212 notifies the e-mail filter unit 211 of the communication signal, and the electronic The mail filter unit 211 executes processing S <b> 22 and transfers the received communication signal (mail) to the electronic mail server 101 via the first communication interface unit 23.

  On the other hand, if the received communication signal (mail) is to be encrypted as a result of the determination in step S20 (Yes), the email encryption / decryption signature unit 212 encrypts the message part of the email (S21). ), Process S22 is executed.

  More specifically, the process of encrypting the message part of the mail will be described. For example, in the present embodiment, the e-mail encryption / decryption signature unit 212 first operates in the same manner as the process S17, so that the public key server 12 Get public key for encryption from. Next, the e-mail encryption / decryption signature unit 212 encrypts the message part of the e-mail using the encryption public key. Then, the e-mail encryption / decryption signature unit 212 notifies the e-mail filter unit 211 of the communication signal (mail).

  As the electronic mail security device 11 operates in this manner, the message part of the mail is encrypted, and the confidentiality of the mail is ensured.

  In process S <b> 22, the e-mail filter unit 211 transfers a communication signal (email) to the e-mail server 101 via the first communication interface unit 23.

  Since the e-mail security apparatus 11 operates in this way, the user of the e-mail client 102 does not need to execute encryption or digital signature on the e-mail or attached file every time e-mail is transmitted. The mail security apparatus 11 encrypts the mail and the attached file according to the setting desired by the user and applies a digital signature. For this reason, the user is freed from troublesome processing for performing encryption and digital signature, and can perform encryption and digital signature even if knowledge about this processing is insufficient.

  In addition, since encryption and digital signature are collectively executed by the electronic mail security apparatus 11, it is not necessary to individually install software for performing encryption and digital signature on the electronic mail client 102, and costs can be reduced. .

  Next, a case where the e-mail client 102 receives mail will be described. The user of the e-mail client 102 instructs the e-mail software of the e-mail client 102 to receive mail. Upon receiving this instruction, the e-mail software of the e-mail client 102 receives e-mail from the e-mail server 101. This mail is relayed by the electronic mail security apparatus 11 and transmitted from the electronic mail server 101 to the electronic mail client. At the time of this relay, the electronic mail security device 11 operates as follows.

  FIG. 7 is a flowchart showing the operation of the electronic mail security apparatus when a communication signal is received by the first communication interface unit. In FIG. 7, when the email filter unit 211 in the arithmetic processing unit 21 of the email security device 11 receives a communication signal via the first communication interface unit 23 (S31), the received communication signal is a mail. Whether or not (S32). In this embodiment, this determination is executed by referring to the transmission source port number of the TCP header, for example, and is executed depending on whether or not the transmission source port number is 110 when mail is received by POP3, for example. Is done. When the transmission source port number is 110, it is determined that the mail is mail, and when the transmission source port number is not 110, it is determined that the mail is not mail.

  If the received communication signal is not a mail as a result of the determination in step S32 (No), the e-mail filter unit 211 transfers the received communication signal to its destination via the second communication interface unit 24. (S42).

  On the other hand, if the result of determination in step S32 is that the received communication signal is a mail (Yes), the e-mail filter unit 211 notifies the e-mail encryption / decryption signature unit 212 of the received communication signal. Upon receiving this notification, the e-mail encryption / decryption signature unit 212 determines whether or not the communication signal (mail) is digitally signed (S33).

  If the result of determination in step S33 is that a digital signature has not been applied to the communication signal (mail) (No), the e-mail encryption / decryption signature unit 212 executes step S35 described later. On the other hand, if the result of this determination is that a digital signature is applied to the communication signal (mail) (Yes), the e-mail encryption / decryption signature unit 212 verifies the digital signature and determines whether the verification is successful. Judgment is made (S34). Specifically, the determination is made by reading an identification code in plain text.

  More specifically, the e-mail encryption / decryption signature unit 212 uses the acquired e-mail address and digital signature verification public key to acquire the digital signature verification public key corresponding to the acquired e-mail address. A communication signal (digital signature verification public key request signal) containing information requesting is generated, and this digital signature verification public key request signal is transmitted to the public key server 12 via the first communication interface unit 23. To do.

  When the public key server 12 receives this digital signature verification public key request signal, the public key server 12 searches the public key table 60 for a record in which the electronic mail address accommodated in the digital signature verification public key request signal is registered, The digital signature verification public key is obtained from the digital signature public key field 63 in the retrieved record. The public key server 12 then transmits a communication signal (digital signature verification public key reply signal) containing the electronic mail address accommodated in the digital signature verification public key request signal and the acquired digital signature verification public key. Is sent back to the electronic mail security device 11.

  When the digital signature verification public key reply signal is received, the e-mail encryption / decryption signature unit 212 in the arithmetic processing unit 21 of the e-mail security apparatus 11 receives the digital signature contained in the digital signature verification public key reply signal. The digital signature of the mail is verified using the verification public key.

  That is, when the digital signature is applied to the data of the message part, the e-mail encryption / decryption signature part 212 decrypts the digital signature of the mail with the public key for digital signature verification, and the decrypted data and the message part Compare the data with. As a result of this comparison, the e-mail encryption / decryption signature unit 212 determines that the digital signature verification is successful if it completely matches, and determines that the digital signature verification fails if it does not match completely. . When the digital signature is applied to the hash value in the message part data, the e-mail encryption / decryption signature part 212 decrypts the mail digital signature with the digital signature verification public key and A hash value is obtained, and the decrypted data is compared with the obtained hash value. As a result of this comparison, the e-mail encryption / decryption signature unit 212 determines that the digital signature verification is successful if they are equal, and determines that the digital signature verification has failed if they are not equal. Further, if the current time is not within the expiration date, it is determined that the digital signature verification has failed.

  As a result of the determination in step S34, if the verification of the digital signature is successful (Yes), the e-mail encryption / decryption signature unit 212 executes the processing S35, while if the verification of the digital signature fails (No). The e-mail encryption / decryption signature unit 212 executes step S51.

  In step S51, the e-mail encryption / decryption signature unit 212 attaches a message indicating that the digital signature verification has failed (verification failure message) to the e-mail, and notifies the e-mail filter unit 211 of the e-mail with the verification failure message attached. Then, the e-mail filter unit 211 executes the process S42 and transfers the received communication signal (verification failure message attached e-mail) to the e-mail client 102 of the transmission destination via the second communication interface unit 24.

  The user of the e-mail client 102 that has received this mail can know that the verification of the digital signature has failed by referring to the attached verification failure message.

  In step S35, the e-mail encryption / decryption signature unit 212 determines whether the e-mail is encrypted. This determination is executed by reading a plaintext identification code (for example, MIME code) included in the received communication signal (mail).

  If the result of determination in step S35 is that the mail is not encrypted (No), the e-mail encryption / decryption signature unit 212 executes step S37 described later. On the other hand, if the result of this determination is that the email is encrypted (Yes), the email encryption / decryption signature unit 212 decrypts the email (S36), and then executes the process S37.

  The process S36 will be described more specifically. For example, in this embodiment, the e-mail encryption / decryption signature unit 212 first acquires an e-mail address from the transmission destination address in the header of the network layer. Next, the e-mail encryption / decryption signature unit 212 searches for a record in which the acquired e-mail address is registered in the target e-mail field 31 in the setting information table 30 in order to determine the validity period of the decryption, and The expiration date is acquired from the expiration date field 32. Next, the e-mail encryption / decryption signature unit 212 inquires of the calendar unit 213 and acquires the current time. Next, the e-mail encryption / decryption signature unit 212 compares the acquired expiration date with the current time, and determines whether or not the current time is within the expiration date.

  If the current time is within the validity period, the e-mail encryption / decryption signature unit 212 then uses the acquired e-mail address to acquire the decryption private key corresponding to the acquired e-mail address. The record registered in the e-mail address field 41 in the secret key table 40 is searched, and the decryption secret key is obtained from the decryption secret key field 42 in the searched record. Then, the e-mail encryption / decryption signature unit 212 decrypts the mail message part using the decryption secret key, and executes the process S37. On the other hand, if the current time is not within the expiration date, the e-mail encryption / decryption signature unit 212 executes the process 37 without decrypting the message part of the mail.

  In process S37, the e-mail encryption / decryption signature unit 212 determines whether or not there is an attached file in the e-mail. As a result of the determination, if there is no attached file in the mail (No), the e-mail encryption / decryption signature unit 212 notifies the e-mail filter unit 211 of the e-mail, and the e-mail filter unit 211 executes the process S42. The received communication signal (mail) is transferred to the destination e-mail client 102 via the second communication interface unit 24.

  On the other hand, if the result of the determination is that there is an attached file in the mail (Yes), the e-mail encryption / decryption signature unit 212 determines whether or not the attached file is digitally signed (S38).

  If the result of determination in step S38 is that a digital signature has not been applied to the attached file (No), the e-mail encryption / decryption signature unit 212 executes step S40 described later. On the other hand, if the result of this determination is that the attached file has a digital signature (Yes), the e-mail encryption / decryption signature unit 212 verifies the digital signature and determines whether the verification is successful ( S39).

  More specifically, for example, in this embodiment, the e-mail encryption / decryption signature unit 212 operates in the same manner as the process S34, thereby setting the expiration date corresponding to the e-mail address of the e-mail transmission destination. To determine whether it is within the expiration date. If it is within the validity period, the digital signature verification public key is acquired from the public key server 12, and the e-mail encryption / decryption signature unit 212 uses the acquired digital signature verification public key to Verify digital signature.

  That is, when the digital signature is applied to the data of the attached file, the e-mail encryption / decryption signature unit 212 decrypts the digital signature of the attached file with the public key for digital signature verification, and attaches the decrypted data to the attached data. Compare the data in the file. As a result of the comparison, the e-mail encryption / decryption signature unit 212 determines that the digital signature verification is successful if the two match completely, and determines that the digital signature verification fails if the two do not match completely. To do. When the digital signature is applied to the hash value in the attached file data, the e-mail encryption / decryption signature unit 212 decrypts the digital signature of the attached file with the public key for digital signature verification, and the attached file data. The hash value is obtained, and the decrypted data is compared with the obtained hash value. As a result of this comparison, the e-mail encryption / decryption signature unit 212 determines that the digital signature verification is successful if they are equal, and determines that the digital signature verification has failed if they are not equal. Further, if the current time is not within the expiration date, it is determined that the digital signature verification has failed.

  If the digital signature verification is successful as a result of the determination in step S39 (Yes), the e-mail encryption / decryption signature unit 212 executes step S40, whereas if the digital signature verification fails (No). The e-mail encryption / decryption signature unit 212 executes step S52.

  In step S52, the e-mail encryption / decryption signature unit 212 attaches a message indicating that the digital signature verification has failed (attached file verification failure message) to the e-mail, and e-mail filters the e-mail attached with the attached file verification failure message. The e-mail filter unit 211 executes step S42, and sends the received communication signal (attached file verification failure message attached mail) via the second communication interface unit 24 to the destination e-mail. Transfer to client 102.

  The user of the e-mail client 102 receiving this mail can know that the verification of the digital signature of the attached file has failed by referring to the attached attached file verification failure message.

  In process S40, the e-mail encryption / decryption signature unit 212 determines whether or not the attached file is encrypted. This determination is executed by reading a plaintext identification code (for example, MIME code) included in the received communication signal (mail).

  If it is determined in step S40 that the attached file is not encrypted (No), the e-mail encryption / decryption signature unit 212 notifies the e-mail filter unit 211 of the e-mail, and the e-mail filter unit 211 performs processing. Step S42 is executed, and the received communication signal (mail) is transferred to the destination e-mail client 102 via the second communication interface unit 24.

  On the other hand, if the result of determination in process 40 is that the attached file is encrypted (Yes), the e-mail encryption / decryption signature unit 212 decrypts the attached file (S41).

  More specifically, for example, in the present embodiment, the e-mail encryption / decryption signature unit 212 operates in the same manner as the process S36, so that the current time is within the expiration date after determining the expiration date of the decryption. In this case, the decryption secret key corresponding to the e-mail address of the mail transmission destination is acquired from the secret key table 40. Then, the e-mail encryption / decryption signature unit 212 decrypts the attached file using the acquired decryption private key. On the other hand, when the current time is not within the expiration date, the e-mail encryption / decryption signature unit 212 does not decrypt the attached file.

  After the process S41, the e-mail encryption / decryption signature unit 212 notifies the e-mail filter unit 211 of the e-mail, and the e-mail filter unit 211 executes the process S42 via the second communication interface unit 24. The received communication signal (mail) is transferred to the destination e-mail client 102.

  Since the e-mail security apparatus 11 operates in this way, the user of the e-mail client 102 does not have to execute e-mail or attachment decryption or digital signature verification each time a e-mail is received. The e-mail security device 11 decrypts the mail and attached file and verifies the digital signature as necessary.

  In the above-described embodiment, encryption is performed with the encryption public key corresponding to the destination e-mail address and decryption is performed with the decryption private key corresponding to the destination e-mail address. You may comprise so that it may encrypt with the public key for encryption corresponding to an electronic mail address, and may be decrypted with the private key for decryption corresponding to the electronic mail address of a transmission source. Similarly, in the above-described embodiment, the digital signature is digitally signed with the digital signature private key corresponding to the transmission source e-mail address and the digital signature verification public key corresponding to the transmission source e-mail address is verified. The digital signature may be configured to be digitally signed with the digital signature private key corresponding to the e-mail address and verified with the digital signature verification public key corresponding to the destination e-mail address.

  In the above-described embodiment, the encryption and decryption of the message part of the mail and the encryption and decryption of the attached file of the mail are both performed using the public key for encryption and the private key for decryption. The encryption and decryption of the file and the encryption and decryption of the attached file may be executed with separate public and private keys. Similarly, in the above-described embodiment, the digital signature and verification of the mail message part and the digital signature and verification of the attached file of the mail are performed together with the digital signature private key and the digital signature public key. The digital signature of each part and the verification thereof and the digital signature of the attached file and the verification thereof may be executed with separate private keys and public keys.

  Furthermore, although the public key server 12 is in the network 13 in the above-described embodiment, it may be in the network 14.

  In the above-described embodiment, the public key server 12 uses the public key infrastructure (PKI) public key infrastructure (CA) that issues the public key certificate for the decryption public key and the digital signature verification public key (CA). , Certification authority).

  In the above-described embodiment, the decryption public key and the digital signature verification public key may be stored in the electronic mail security apparatus 11.

  Furthermore, in the above-described embodiment, after encrypting with a temporarily generated shared key, the shared key may be encrypted with an encryption public key.

It is a block diagram which shows the structure of the electronic mail system in embodiment. It is a block diagram which shows the structure of an electronic mail security apparatus. It is a figure which shows the structure of the setting information table corresponding to an email client and email address of 1 set of transmission origins. It is a figure which shows the structure of a secret key table. It is a figure which shows the structure of a public key table. It is a flowchart which shows operation | movement of the electronic mail security apparatus when a communication signal is received in the 2nd communication interface part. It is a flowchart which shows operation | movement of the electronic mail security apparatus when a communication signal is received in the 1st communication interface part. It is a figure which shows the conventional electronic mail system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1,100 E-mail system 11 E-mail security apparatus 12 Public key server 13, 14, 103 Network 21 Arithmetic processing part 22 Storage part 23 First communication interface part 24 Second communication interface part 30 Setting information table 40 Private key table 60 Public key table 101 E-mail server 102 E-mail client 211 E-mail filter unit 212 E-mail encryption / decryption signature unit 213 Calendar unit 214 Setting unit 221 Setting information storage unit 222 Secret key storage unit

Claims (13)

  1. Relaying e-mail that is inserted in a transmission path between the e-mail server and a plurality of e-mail clients and transmitted / received between the e-mail server and the plurality of e-mail clients, In the electronic mail security device that executes the process for securing,
    A first communication unit for communicating with the electronic mail server;
    A second communication unit for communicating with the plurality of email clients;
    When the second communication unit receives an electronic mail, the message part and / or the attached file of the received electronic mail is encrypted, and the electronic mail obtained by encrypting the message part and / or the attached file is sent to the first communication part. An e-mail security device comprising: an e-mail encryption unit that transfers to the e-mail server by a communication unit.
  2. The e-mail encryption unit includes a mail encryption key that encrypts a message part of the received e-mail and / or a file encryption key that encrypts an attached file of the received e-mail, and a mail encryption key that manages the e-mail encryption key. The electronic mail security apparatus according to claim 1, wherein the electronic mail security apparatus is obtained from a file encryption key server that manages a key server and / or a file encryption key.
  3. When the first communication unit receives an email in which the message unit and / or the attached file is encrypted, the message unit and / or the attached file of the received email is decrypted, and the message unit and / or the The e-mail security according to claim 1, further comprising: an e-mail decrypting unit that transfers the e-mail obtained by decrypting the attached file to a destination e-mail client by the second communication unit. Device.
  4. The electronic mail signature part which performs a digital signature on the received electronic mail and / or an attached file when the electronic mail is received by the second communication part is further provided. The electronic mail security apparatus according to claim 1.
  5. The electronic mail signature unit further receives the digital signature and / or the attached file of the received electronic mail when receiving the electronic mail digitally signed by the first communication unit and / or the digitally signed attached file. 5. The electronic mail according to claim 4, wherein the digital signature is verified, and if the verification of the digital signature fails, a message indicating that the verification of the digital signature has failed is attached to the received electronic mail. Security device.
  6. The e-mail signature unit includes a mail verification key for verifying a digital signature of the received e-mail and / or a file verification key for verifying a digital signature of the attached file, a mail verification key server for managing a mail verification key, and / or The electronic mail security apparatus according to claim 5, wherein the electronic mail security apparatus is obtained from a file verification key server that manages a file verification key.
  7. E-mail encryption setting information indicating whether or not to encrypt the e-mail in association with the e-mail address of the e-mail destination is an identifier for identifying the e-mail client that is the e-mail sender and the e-mail address. A mail encryption setting information storage unit for storing each group;
    The e-mail encryption unit corresponds to the e-mail address of the destination of the received e-mail, which is the e-mail encryption setting information of the set of the identifier and e-mail address in the transmission source of the received e-mail The message part encryption in the received e-mail is executed when the e-mail encryption setting information is a setting for encrypting an e-mail. The electronic mail security device described in 1.
  8. The mail encryption setting information storage unit further sets file encryption setting information on whether or not to encrypt an attachment file of an email in association with an email address of an email transmission destination as an email transmission source. Store for each pair of identifier and email address for identifying the email client,
    The e-mail encryption unit corresponds to the e-mail address of the destination of the received e-mail, which is the file encryption setting information of the set of the identifier and e-mail address in the transmission source of the received e-mail The electronic mail security apparatus according to claim 7, wherein when the file encryption setting information is a setting for encrypting an electronic mail, encryption of an attached file in the received electronic mail is executed.
  9. The mail encryption setting information storage unit further stores an expiration date of decryption in association with an email address of an email destination,
    The e-mail encryption unit decrypts the message part and / or the attached file in the received e-mail when the expiration date corresponding to the e-mail address of the destination of the received e-mail is within the expiration date. The electronic mail security apparatus according to claim 7, wherein the electronic mail security apparatus is executed.
  10. E-mail signature setting information indicating whether or not to apply a digital signature to an e-mail in association with the e-mail address of the e-mail destination is an identifier for identifying the e-mail client that is the e-mail sender and the e-mail address. An email signature setting information storage unit for storing each pair;
    The e-mail signature unit is the e-mail signature setting information of a set of the identifier and e-mail address in the source of the received e-mail, and corresponds to the e-mail address of the destination of the received e-mail The electronic signature according to any one of claims 4 to 6, wherein the digital signature of the received email is executed when the email signature setting information is a setting for applying a digital signature to the email. Email security device.
  11. The mail signature setting information storage unit further stores file signature setting information as to whether or not to attach a digital signature to the attached file of the e-mail in association with the e-mail address of the e-mail transmission destination. Store for each pair of identifier and email address to identify the mail client,
    The e-mail signature unit is the file signature setting information of the set of the identifier and the e-mail address in the transmission source of the received e-mail, and corresponds to the e-mail address of the destination of the received e-mail 11. The electronic mail security according to claim 10, wherein when the file signature setting information is a setting for applying a digital signature to an attached file of an electronic mail, the digital signature of the attached file of the received electronic mail is executed. apparatus.
  12. The mail signature setting information storage unit further stores an expiration date of the digital signature in association with the email address of the email destination,
    The e-mail encryption unit, when an expiration date corresponding to an e-mail address of a destination of the received e-mail is within an expiration date, a digital signature of a message part and / or an attached file in the received e-mail The electronic mail security apparatus according to claim 11, wherein the electronic mail security apparatus is executed.
  13. An electronic mail server and an electronic mail that is inserted in a transmission path between the electronic mail server and a plurality of electronic mail clients and is transmitted and received between the electronic mail server and the plurality of electronic mail clients and relays the electronic mail In an e-mail security system comprising an e-mail security device that executes processing for ensuring e-mail security,
    The electronic mail security system according to any one of claims 1 to 12, wherein the electronic mail security apparatus is the electronic mail security apparatus according to any one of claims 1 to 12.
JP2005237104A 2005-08-18 2005-08-18 Electronic mail security device and system therefor Pending JP2007053569A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2005237104A JP2007053569A (en) 2005-08-18 2005-08-18 Electronic mail security device and system therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2005237104A JP2007053569A (en) 2005-08-18 2005-08-18 Electronic mail security device and system therefor

Publications (1)

Publication Number Publication Date
JP2007053569A true JP2007053569A (en) 2007-03-01

Family

ID=37917711

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2005237104A Pending JP2007053569A (en) 2005-08-18 2005-08-18 Electronic mail security device and system therefor

Country Status (1)

Country Link
JP (1) JP2007053569A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007088899A (en) * 2005-09-22 2007-04-05 Fuji Xerox Co Ltd Network facsimile transmission device, program, and method, and network facsimile repeating device, program, and method
JP2007221373A (en) * 2006-02-15 2007-08-30 Canon Inc Communication device and communication control method therein
JP2009205430A (en) * 2008-02-27 2009-09-10 Murata Mach Ltd Electronic mail-relaying device and electronic mail-relaying method
JP2009278269A (en) * 2008-05-13 2009-11-26 Fujitsu Broad Solution & Consulting Inc E-mail relay device, e-mail relay program, and e-mail relay method
JP2009296209A (en) * 2008-06-04 2009-12-17 Nippon Telegr & Teleph Corp <Ntt> Key delivery method, key delivery system, client device, key server, and their programs
JP2010081432A (en) * 2008-09-26 2010-04-08 Nakayo Telecommun Inc E-mail relay apparatus and method of relaying e-mail
US8122025B2 (en) 2008-03-24 2012-02-21 Fujitsu Limited Method of managing locations of information and information location management device
JP2013182482A (en) * 2012-03-02 2013-09-12 Nec System Technologies Ltd Attached file relay device, method for relaying attached file, and program
KR101777698B1 (en) * 2015-10-27 2017-09-12 라인 가부시키가이샤 User terminal, method and computer for receiving and sending messages

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07162407A (en) * 1993-12-03 1995-06-23 Fujitsu Ltd User support device for ciphering communication in network system
JP2000183951A (en) * 1998-12-18 2000-06-30 Pfu Ltd Encipherment system and recording medium
JP2002009815A (en) * 2000-06-20 2002-01-11 Nec Office Systems Ltd Electronic mail system with security function
JP2002024147A (en) * 2000-07-05 2002-01-25 Nec Corp System and method for secure mail proxy and recording medium
JP2002164884A (en) * 2000-11-02 2002-06-07 Internatl Business Mach Corp <Ibm> Proxy server, electronic signature system, electronic signature verification system, network system, electronic signature method, electronic signature verification method, recording medium and program transmission device
JP2004266559A (en) * 2003-02-28 2004-09-24 Kyocera Mita Corp Push type scanner, its control method, its control program, and push type scanner system
JP2005018143A (en) * 2003-06-23 2005-01-20 Sharp Corp System for changing setting of portable terminal using e-mail, method for changing setting, program for generating data to change setting, program for changing setting item, and recording medium with these programs recorded thereon
JP2005107935A (en) * 2003-09-30 2005-04-21 Ntt Software Corp Program for electronic mail processor, and electronic mail processor
JP2006080805A (en) * 2004-09-09 2006-03-23 Murata Mach Ltd Encrypter

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07162407A (en) * 1993-12-03 1995-06-23 Fujitsu Ltd User support device for ciphering communication in network system
JP2000183951A (en) * 1998-12-18 2000-06-30 Pfu Ltd Encipherment system and recording medium
JP2002009815A (en) * 2000-06-20 2002-01-11 Nec Office Systems Ltd Electronic mail system with security function
JP2002024147A (en) * 2000-07-05 2002-01-25 Nec Corp System and method for secure mail proxy and recording medium
JP2002164884A (en) * 2000-11-02 2002-06-07 Internatl Business Mach Corp <Ibm> Proxy server, electronic signature system, electronic signature verification system, network system, electronic signature method, electronic signature verification method, recording medium and program transmission device
JP2004266559A (en) * 2003-02-28 2004-09-24 Kyocera Mita Corp Push type scanner, its control method, its control program, and push type scanner system
JP2005018143A (en) * 2003-06-23 2005-01-20 Sharp Corp System for changing setting of portable terminal using e-mail, method for changing setting, program for generating data to change setting, program for changing setting item, and recording medium with these programs recorded thereon
JP2005107935A (en) * 2003-09-30 2005-04-21 Ntt Software Corp Program for electronic mail processor, and electronic mail processor
JP2006080805A (en) * 2004-09-09 2006-03-23 Murata Mach Ltd Encrypter

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007088899A (en) * 2005-09-22 2007-04-05 Fuji Xerox Co Ltd Network facsimile transmission device, program, and method, and network facsimile repeating device, program, and method
JP2007221373A (en) * 2006-02-15 2007-08-30 Canon Inc Communication device and communication control method therein
JP2009205430A (en) * 2008-02-27 2009-09-10 Murata Mach Ltd Electronic mail-relaying device and electronic mail-relaying method
JP4760839B2 (en) * 2008-02-27 2011-08-31 村田機械株式会社 E-mail relay device and e-mail relay method
US8122025B2 (en) 2008-03-24 2012-02-21 Fujitsu Limited Method of managing locations of information and information location management device
JP2009278269A (en) * 2008-05-13 2009-11-26 Fujitsu Broad Solution & Consulting Inc E-mail relay device, e-mail relay program, and e-mail relay method
JP2009296209A (en) * 2008-06-04 2009-12-17 Nippon Telegr & Teleph Corp <Ntt> Key delivery method, key delivery system, client device, key server, and their programs
JP2010081432A (en) * 2008-09-26 2010-04-08 Nakayo Telecommun Inc E-mail relay apparatus and method of relaying e-mail
JP2013182482A (en) * 2012-03-02 2013-09-12 Nec System Technologies Ltd Attached file relay device, method for relaying attached file, and program
KR101777698B1 (en) * 2015-10-27 2017-09-12 라인 가부시키가이샤 User terminal, method and computer for receiving and sending messages
US10230697B2 (en) 2015-10-27 2019-03-12 Line Corporation User terminals, and methods and computer-readable recording mediums storing computer programs for transmitting and receiving messages

Similar Documents

Publication Publication Date Title
US6389533B1 (en) Anonymity server
US6363480B1 (en) Ephemeral decryptability
US6247127B1 (en) Method and apparatus for providing off-line secure communications
US7996673B2 (en) System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient
JP5313311B2 (en) Secure message system with remote decryption service
JP5047291B2 (en) Method and system for providing authentication services to Internet users
US6134327A (en) Method and apparatus for creating communities of trust in a secure communication system
JP4907895B2 (en) Method and system for recovering password-protected private data over a communication network without exposing the private data
US8340283B2 (en) Method and system for a PKI-based delegation process
US7376835B2 (en) Implementing nonrepudiation and audit using authentication assertions and key servers
US7421079B2 (en) Method and apparatus for secure key replacement
US5774552A (en) Method and apparatus for retrieving X.509 certificates from an X.500 directory
US7739508B2 (en) Secure instant messaging system
US20050268100A1 (en) System and method for authenticating entities to users
JP5860815B2 (en) System and method for enforcing computer policy
US7697692B2 (en) Cryptographic communication system and method
US20090055642A1 (en) Method, system and computer program for protecting user credentials against security attacks
US20050259824A1 (en) Information processing apparatus, information processing method, and information processing program
US7640427B2 (en) System and method for secure electronic communication in a partially keyless environment
US7774411B2 (en) Secure electronic message transport protocol
US20020087862A1 (en) Trusted intermediary
US7233997B1 (en) Data communications
US6229894B1 (en) Method and apparatus for access to user-specific encryption information
EP0992145B1 (en) Method of operating an authenticating server system and such a system
US7489783B2 (en) Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20080410

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20101227

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20110105

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20110426