JP2007233983A - System for protecting cellular telephone mail, and cellular telephone server - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To maintain security of high reliability allowing only a creator to use data corresponding to personal information by authenticating data saved in a cellular telephone terminal per unit of mail transmission, and further increase usability by allowing unlimited use of functions of the cellular telephone terminal. <P>SOLUTION: In this protection system, when a member's cellular telephone terminal 101 makes an encryption/decryption request to a server 102 at a private mail address for encryption/decryption, the request is sent as an email attachment, and the mail sent is encrypted/decrypted per mailing and returned to the member's cellular telephone terminal 101 (encryption/decryption completion). This method allows files to be used only by the member who uses the cellular telephone terminal 101 and be stored extremely securely, in a simple and user-friendly manner, to thereby provide a user-friendly means of personal information protection. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a mobile phone mail protection system and a mobile phone server for facilitating the use of a mobile phone while ensuring high security with respect to personal information protection.

  Mobile phone terminals are no longer useful only for personal contact means such as telephone and e-mail. For example, there are an increasing number of cases where it is used as an alternative record of various cards related to money, such as cash cards and various tickets of financial institutions.

  When it is assumed that a mobile phone terminal will be a means to store important personal information, a means for minimizing the personal damage that can be expected due to the loss or theft of the mobile phone terminal is required. It is inevitable. In addition, we have devised a simple method that is as easy to understand as possible for the weak, such as the elderly, who are most likely to be victims.

  Currently, as an example of a mobile phone terminal equipped with a security function for personal information, there is a method of restricting (locking) all functions of the mobile phone terminal. However, the authentication key is a four-digit number and the security level is fragile, and there is a concern that it may lead to an illegal act for the purpose of misuse of information due to such vulnerability.

  Therefore, mobile phone terminals that can perform user authentication (with a folder lock function) when opening a folder for storing a file group are beginning to be provided. However, like the method of locking all functions of the mobile phone terminal, the authentication key is a 4-digit number, and the security level seems to be insufficient.

Patent Document 1 describes the burden on the user by making the unlocking operation easier in various lock functions of the mobile phone terminal while placing importance on the lock function of the mobile phone terminal against the risk of loss or the like. Have been disclosed for providing a mobile phone terminal, a lock function releasing method, a program, and an information recording medium.
Patent Document 2 also discloses that a memory card that can be used as an external storage area inside a mobile phone terminal is authenticated as a file storage location to prevent unauthorized use of the memory card and as a safe storage medium. The positioning technique is disclosed.
JP-A-2005-354550 JP 2005-309501 A

  The mobile phone locking method described above is intended to ensure security when the security may be relatively low. For example, the purpose is to prevent the misuse of a mobile phone terminal device by a service-minded person such as an infant who does not understand and making a phone call to an acquaintance who has registered a phone number in memory.

The folder lock function is also a security for each folder. In order to secure the lock technology for each mail transmission, it is necessary to review the basic configuration of the mobile phone terminal, such as changing the file format specifications. Solution is difficult.
In this respect, Patent Document 2 registers the data to be secured in the memory card and can authenticate it by the serial number and ID / PW, so the level of security is dramatically improved. It becomes inconvenient to use as an external storage device.

  The present invention is a result that has been considered in view of such circumstances, and is expected to be used in combination with the above-described plurality of security means. Individuals stored in mobile phone terminals by using locks for each transmission unit, without giving time delays to unauthorized users, and by using together with data storage services on memory cards and the Internet The purpose is to contribute to enhancing the security of information.

  A program according to the present invention is a program installed in a server system in which a mobile phone terminal transmits and returns a mail, and each member's e-mail address and a mobile phone terminal to be used at the time of member registration are assigned a serial number and an IP. In addition to the function to store the first information for authentication from the address and the receiving mail address of the server registered for sending the file that each member wants to decrypt, as the second information, the member-specific encryption In the case where a mail is received at the de-registration mail address, a function of decrypting the encrypted file and returning it to the member's mail address is provided.

  The functions of the mobile phone terminal can be used without restriction while maintaining strong security for personal data in the mobile phone terminal, and the usability can be improved.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing a system configuration for access management in an embodiment of the present invention.
This system includes a mobile phone terminal 101 and a server device 102 (hereinafter abbreviated as a server 102) on a network.

  Next, the mobile phone terminal 101 will be described. The mobile phone terminal 101 is an electronic device corresponding to a personal computer, a portable information terminal, a mobile phone terminal, an audio device, and the like, can be connected to the server 102 via the Internet, and can send an e-mail.

  The mobile phone terminal 101 includes a CPU 111 that serves as a control center, a system memory 112 including a RAM, a disk storage device 114 such as a hard disk device, and a network interface 113 for connecting to the Internet. .

  The disk storage device 114 in the mobile phone terminal 101 receives authentication key information for obtaining access permission from the server 102 and stores it.

  Next, the server 102 will be described. The server 102 is an information processing apparatus corresponding to a computer or the like, and performs access management of a plurality of mobile phone terminal devices including the mobile phone terminal device 101. This server 102 is, for example, a registration process for information indicating members and terminal devices that can access the server 102 for each mobile phone terminal, a change process thereof, and permission for access to the server 102 of each mobile phone terminal device. / Processing to determine non-permission, encryption processing of files attached to e-mails sent from members, and decryption processing of encrypted files.

  The server 102 includes a CPU 122 that controls the server 102, a system memory 123 including a RAM, a disk storage device 126 such as a hard disk device, and a network interface 121 for connecting to the Internet. . The disk storage device 126 is equipped with electronic mail software 124 used for automatic transmission / reception of mail with a mobile phone terminal, and authentication / encryption software 125 used for member authentication and file encryption, and is registered. It has an area for storing member information, an authentication key issued for each member, and various processing histories such as encryption processing.

  Next, the operation of the system composed of the mobile phone terminal 101 and the server 102 will be described using the flowcharts of FIGS. Here, a member who uses the mobile phone terminal 101 registers with the server 102 as a member, and an operation for encrypting a file stored in the mobile phone terminal 101 after the registration by using the function of the server 102 is performed. explain.

First, with reference to FIG. 2, an operation when the mobile phone terminal 101 is registered in the server 102 will be described.
A member who uses the mobile phone terminal 101 can use the service of the present invention by registering as a member in the server 102. Member registration is performed using the member registration page prepared on the Internet. At the first access (step 201) for member registration, the member uses an ID to be used in addition to the information required for the contract.・ Specify PW, and specify email addresses for member-only encryption and decryption. Based on this registration information, the server 102 performs member registration, stores the registration information in the server (step 202), and specifies the member and the mobile phone terminal 101 used by the member at the next access from the member. As information to access, the IP address and serial number of the mobile phone terminal 101 are accessed and read (step 203) and stored in the server as member information (step 205). In addition, the mail server is set using the e-mail software 124 so that the encryption and decryption mailboxes specified by the member are created in the server, and the setting contents are stored in the server as member information. (Step 205).

  The server 102 generates an authentication key in accordance with the member registration information, transmits it to the member's email address (step 206), generates a one-to-one key corresponding to this key, and stores these keys in the server 102. (Step 207).

Next, with reference to FIG. 3, an operation in which the server 102 encrypts data transmitted from the registered mobile phone terminal 101 and sends it back to the mobile phone terminal 101 will be described.
The server 102 that has received the mail requesting the encryption of the file from the member who is the user of the cellular phone terminal device indicates that the sender of the email is a member who uses the cellular phone terminal 101. Authentication is performed using the IP address and the mail address (step 302).

  If the authentication is successful, the received file is encrypted (step 305), the encrypted file is attached to the mail (step 306), and sent to the member's mail address. If the authentication fails, a message indicating that the authentication has failed is sent to the member's email address. Then, a processing history is created for this encryption processing and stored in the disk storage device 126 (step 308).

Further, with reference to FIG. 4, the operation of releasing the encryption when the encrypted file is stored in the mobile phone terminal 101 in the above-described step 308 will be described.
The server 102 that has received the mail requesting the decryption of the file from the member who is a user of the mobile phone terminal device indicates that the sender of the mail is a member who uses the mobile phone terminal 101. Authentication is performed using the IP address and mail address of the device (step 402).

  If the authentication is successful, the received file is decrypted (step 405), the encrypted file is attached to the mail (step 406), and sent to the member's mail address. If the authentication fails, a message indicating that the authentication has failed is sent to the member's email address. Then, a processing history is created for this encryption processing and stored in the disk storage device 126 (step 408).

In addition, with reference to FIG. 5, the operation when browsing the processing history of encryption and decryption from a cellular phone terminal registered as a member will be described.
When the member accesses the server 102, the server 102 queries the mobile phone terminal 101 for the authentication key transmitted in step 206, and if it matches the authentication key stored in the server 102, the server 102 receives the ID · A PW is requested (step 502). When the ID / PW is input according to the member registration information, the server 102 permits the mobile phone terminal 101 to browse the member-only menu page. (Step 506)

  The member-only menu page is composed of menus such as confirmation and change of member information, encryption / decryption processing history, authentication history, etc., and when encryption / encryption processing history is selected, steps 308 and 408 are performed. The processing history of encryption and decryption to be created is displayed. When an authentication history is selected, the processing history of authentication created in steps 303, 403, and 502 is displayed. Members can monitor unauthorized use of stored information by browsing this menu page periodically.

  Next, when a member uses the program and information system of this patent, an embodiment of processing will be described using a screen image displayed on the member's mobile phone terminal. Regarding (1) When a member registers member information, (2) When a member sends an encryption request email, (3) When a member receives an email with an encrypted file attached, explanation To do.

First, referring to FIG. 6, (1) a case of registering a mobile phone terminal will be described.
When a member accesses the server 102 for the first time using the mobile phone terminal 101, the member attaches a file to be encrypted and stored in addition to the registered information from the name and reading 601 to the e-mail address 604 of the mobile phone terminal used. Then, the address 605 of the mailbox to be sent and the address 606 of the mailbox to which the file to be decrypted is attached are registered as member information.

  The server 102 that has recognized the input signal of the registration information from the member reads the manufacturing number and IP address information of the mobile phone terminal 101 used by the member in addition to the information registered by the member. In addition, the server 102 automatically creates a system so as to create a mailbox according to the addresses (605 and 606) of the two mailboxes designated by the member and to accept reception from the member. The mailbox addresses (605 and 606) are dedicated to members.

Next, with reference to FIG. 7, (2) a case where a member transmits an encryption request mail will be described.
When the member makes an encryption request to the server 102 using the mobile phone terminal 101, the mail address designated by the member in the above-described step 605 is designated as the destination 701, and the file to be encrypted and stored is an attached file. It designates to 703 and transmits.

The server 102 that has received the mail addressed to the member-dedicated encryption request mail address receives mail from the member who uses the mobile phone terminal 101 from the sender mail address and the sender IP address information as shown in step 302. If the authentication is successful, the encryption is executed as in step 305, the encrypted file is attached to the member as in step 306, and the mail is transmitted to the member.
In the same manner as described above, when the server 102 receives the mail addressed to the member-only decryption request email address, if the authentication is successful, the decryption processing is executed, and the decryption is performed as shown in step 406. Attach a completed file and send an email to the member.

Further, with reference to FIG. 8, (3) a case where a member receives an email with an encrypted file attached will be described.
As described above, when the server 102 is successfully authenticated, the member receives an email with an encrypted file attached from the server 102. The sender email address 802 of this mail is a mail address used exclusively for transmission to the member by the server 102 different from the mail addresses 605 and 606 designated by the member.

Further, “Send processed file” is displayed in the subject column 803 of the inbox of the mobile phone terminal 102 used by the member, and the file encrypted by the server 102 is displayed in the name column 804 of the attached file. It will be attached. Members store this file in the mobile phone terminal or store it in an external storage device such as a memory card.
Note that even when the member receives an email attached with the decrypted file received from the server 102, the member obtains the same screen information of the mobile phone terminal as described above.

It is the block diagram which showed the system configuration | structure of the mobile telephone terminal and the server. It is the flowchart which showed the operation | movement in which member information and a mobile telephone terminal are registered into a server. It is the flowchart which showed the operation | movement which encrypts and transmits the data transmitted from the registered mobile telephone terminal. It is the flowchart which showed the operation | movement which transmits the encrypted file in the registered mobile telephone terminal device to a server, encryption is canceled, and it returns. It is the flowchart which showed the operation | movement in the case of reading the encryption processing log in a server from the registered mobile telephone terminal. It is the image figure which showed the screen displayed on a mobile telephone terminal, when a user registers member information. It is an image figure which showed the screen displayed on a mobile telephone terminal, when a member transmits encryption request | requirement mail. It is an image figure which showed the screen displayed on a mobile telephone terminal, when a member receives the encrypted mail returned from the server.

Claims (5)

  A mobile phone mail that has the function of encrypting data sent from a mobile phone terminal for each transmission unit, sending it back to the mobile phone terminal, and storing the encrypted data in the mobile phone terminal Protection system.   The encrypted file stored in the mobile phone terminal is decrypted only when an email requesting descrambling is transmitted from the mobile phone terminal requested to be encrypted to the server system.   A server system that encrypts a file attached to an e-mail sent from a mobile phone terminal and allows it to be sent back to the mobile phone terminal. Further, only the encryption history is stored in the server. In addition, the cellular phone server is characterized in that only members can use encrypted and decrypted files.   The user who uses the file stored in the mobile phone terminal is the member's e-mail address and IP address of the mobile phone terminal, as well as for encryption only for the member in the server specified by the member at the time of member registration and 4. The cellular phone server according to claim 3, wherein the member can be authenticated by sending a mail to a mail address for decryption.   The member registration information stored in the storage device in the server and the three information such as the serial number and IP address of the mobile phone terminal have an access request from an unauthorized electronic device for each mobile phone terminal and transmission unit. 4. The mobile phone server according to claim 3, wherein the member can grasp the contents from the processing history of the server.

Images