JP2007281622A - Electronic mail system, and electronic mail relaying apparatus, method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To securely and easily transfer an attached file of electronic mail. <P>SOLUTION: An attached file encryption apparatus 17 of the electronic mail system 1 encrypts an attached file FA of attached file mail MA transmitted from a mail terminal 16 according to an encryption rule, manages an encryption password PC, informs only an authenticated legitimate user about the encryption password PC so as to automatically encrypt the attached file FA and since the attached file encryption apparatus 17 can securely inform the legitimate user about the encryption password PC at less expense in time and labor of the legitimate use, the electronic mail system 1 can utilize the contrivance of mail distribution so as to easily and securely deliver the attached file FA. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an electronic mail system, an electronic mail relay device, an electronic mail relay method, and an electronic mail relay program, and is suitable for application to an electronic mail system that transmits and receives electronic mail between electronic mail terminals, for example.

  In recent years, in an electronic mail system, an electronic mail is transmitted and received between mail terminals via a network, and the number of users and usage frequency are increasing as the Internet spreads.

  Accordingly, in the e-mail system, in addition to general e-mails, there are various e-mails such as important e-mails that cannot be mistaken for contents and secret e-mails that are not desired to be seen by others. In addition, various files and data used by a general computer or the like can be attached and transmitted.

  However, in the electronic mail system, the electronic mail is relayed (transferred) between a plurality of electronic mail servers existing on the network due to its configuration. For this reason, in this e-mail system, when standard transmission / reception is performed, the contents of the e-mail are viewed by a third party (so-called interception or eavesdropping) in the middle of the process, or the contents of the e-mail are illegal. There is a risk of rewriting (so-called falsification), and important contents and secret contents cannot always be transmitted and received safely.

  Therefore, some e-mail systems have a method of ensuring security by encrypting an e-mail on the transmission side and transmitting it, and receiving and decrypting the encrypted e-mail on the reception side. It is done. In practice, various methods such as S / MIME (Secure / Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy) have been proposed as encryption methods applicable to electronic mail.

  However, in a general electronic mail system, an encryption function and a decryption function are not necessarily installed in mail client software (so-called MUA (Mail User Agent)) used in an electronic mail terminal.

  For this reason, in order to actually encrypt and exchange e-mails in the e-mail system, encryption software is required for the e-mail terminal on the sending side, and this e-mail terminal supports this encryption method. There has been a demand for addition / change and complicated operations by the user of the e-mail terminal, such as the need for decryption software.

Therefore, in the e-mail system, the sending side and receiving side e-mail terminals are not equipped with encryption software and decryption software, and the sending side e-mail terminal is connected to the e-mail server on the sending side. There has been proposed an electronic mail encryption process that is performed by a receiving-side e-mail server to which a receiving-side e-mail terminal is connected (see, for example, Patent Documents). 1).
JP 2006-13747 (FIGS. 2 and 5)

  However, in the electronic mail system having such a configuration, not only the transmission-side electronic mail server has an encryption function but also the reception-side electronic mail server needs to have a decryption function. The mail can be decrypted only by an electronic mail server having a decryption function.

  For this reason, in this e-mail system, when the receiving e-mail server does not have the decryption function, the receiving e-mail terminal connected to the e-mail server may not have the decryption function. Since it is expensive, there is a possibility that the received electronic mail cannot be decrypted.

  By the way, in the e-mail system, for example, when the e-mail text is less important but the attached file is more important, only the attached file is encrypted by the e-mail server on the sending side to ensure security. It is also possible.

  However, even in an electronic mail system that encrypts only an attachment file, the encrypted attachment file can be decrypted only by a receiving server having a decryption function, as in the case of encrypting the entire electronic mail. That is no different.

  For this reason, this electronic mail system has a problem that an electronic mail terminal connected to an electronic mail server that does not have a decryption function may not be able to correctly acquire an attached file.

  The present invention has been made in consideration of the above points, and intends to propose an e-mail system, an e-mail relay apparatus, an e-mail relay method, and an e-mail relay program capable of safely and easily delivering an attached file of an e-mail. Is.

  In order to solve this problem, in the electronic mail system of the present invention, an electronic mail system that relays an electronic mail transmitted from a transmission-side electronic mail terminal by an electronic mail relay device and receives the electronic mail by a reception-side electronic mail terminal The e-mail relay device receives the e-mail addressed to the receiving-side e-mail terminal from the sending-side e-mail terminal, and if the attached file is attached to the e-mail, the e-mail relay device uses a predetermined encryption password. An encryption means for generating an encrypted file by encrypting the attached file as an encryption key, and a transmitting means for sending an encrypted file e-mail attached with the encrypted file instead of the attached file to the receiving e-mail terminal Encrypted password inquiry from receiving e-mail terminal that received encrypted file e-mail It received, and so when the user of the receiving-side electronic-mail terminal is authenticated, providing a notification unit for notifying the receiving-side electronic-mail terminal the encrypted password associated with the cryptographic file by a predetermined authentication process.

  As a result, an encrypted file obtained by encrypting the attached file from the transmitting-side e-mail terminal is acquired by the receiving-side e-mail terminal, and the encrypted attached file is encrypted only for a legitimate user of the receiving-side e-mail terminal. The password can be notified, and only the authorized user can acquire the original attached file.

In the electronic mail relay device, the electronic mail relay method, and the electronic mail relay program of the present invention, an electronic mail addressed to the receiving electronic mail terminal is received from the transmitting electronic mail terminal, and an attached file is attached to the electronic mail. In this case, an encrypted file is generated by encrypting the attached file using a predetermined encryption password as an encryption key, and an encrypted file e-mail attached with the encrypted file is sent to the receiving e-mail terminal instead of the attached file When receiving a cipher password inquiry from the receiving e-mail terminal that has received the encrypted file e-mail, if the user of the receiving e-mail terminal is authenticated by a predetermined authentication process, the encrypted file is associated with the encrypted file. The encrypted password is notified to the receiving e-mail terminal.

  As a result, an encrypted file obtained by encrypting the attached file from the transmitting-side e-mail terminal is acquired by the receiving-side e-mail terminal, and the encrypted attached file is encrypted only for a legitimate user of the receiving-side e-mail terminal. The password can be notified, and only the authorized user can acquire the original attached file.

  According to the present invention, the reception side e-mail terminal acquires an encrypted file obtained by encrypting the attachment file from the transmission side e-mail terminal, and the encrypted attachment file is only for a legitimate user of the reception side e-mail terminal. Can be notified of the original attachment file only by a legitimate user, and thus an electronic mail system, an electronic mail relay device, an electronic device that can safely and easily deliver an electronic mail attachment file An email relay method and an email relay program can be realized.

  Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.

(1) Configuration of E-mail System In FIG. 1, an e-mail system 1 is configured to be able to send and receive e-mail (hereinafter simply referred to as mail) between mail terminal devices connected to a network as a whole. .

  The electronic mail system 1 is roughly divided into a first network group 2 and a second network group 3, and the first network group 2 and the second network group 3 are mutually connected via the Internet 4. It is connected.

  The first network group 2 is connected to an internal network and an external network (that is, the Internet 4) by a firewall 11 that blocks unnecessary communication and unauthorized access specified in advance and passes only necessary data (packets). Have been separated.

  Further, in the first network group 2, a public network 13 in which access from an external network is partially permitted and access from an external network are almost prohibited by a firewall 12 similar to the firewall 11 inside. It is separated from the internal network 14.

  The public network 13 is connected to a mail server 15 that manages the mail accounts of the mail terminal devices in the first network group 2, and temporarily receives the mail M transmitted from the mail terminal device to be managed. And the mail M is transmitted to an external network or the like according to the destination.

  The mail server 15 receives and accumulates the mail M addressed to each mail terminal device for each mail terminal device to be managed (that is, for each mail account), and is accessed from each mail terminal device. When this is done, the stored mail M is acquired.

  Connected to the internal network 14 are a mail terminal device 16 that transmits and receives mail M based on user operations, and another mail terminal device (not shown) having the same configuration as the mail terminal device 16.

  The mail terminal device 16 has the same configuration as that of a general computer, and by executing mail client software (so-called MUA (Mail User Agent)) on a predetermined OS (Operating System), Transmission and reception can be performed. In addition, the mail terminal device 16 can also transmit an attached file mail MA in which various files are attached to the body BD of the mail M as an attached file FA.

  Further, an attached file encryption device 17 that relays the mail M is connected to the internal network 14. The attached file encryption device 17 encrypts only the attached file FA of the attached file mail MA received from the mail terminal device 16 to form an encrypted file FC and transmits it to the mail server 15 (details will be described later). To do).

  Specifically, the attached file encryption device 17 separates the attached file FA from the body text BD of the attached file mail MA transmitted from the mail terminal device 16, and uses the predetermined encryption key (encryption password PC). An encrypted file FC is generated by encrypting the FA. Subsequently, the attached file encryption device 17 generates an encrypted file mail MC by attaching the encrypted file FC to the body BD, and delivers this to the mail server 15.

  Incidentally, when a normal mail M without an attached file FA is transmitted from the mail terminal device 16, the attached file encryption apparatus 17 delivers the mail M to the mail server 15 without change. ing.

  Also, the attached file encryption device 17 appends inquiry information INF for inquiring the password of the encrypted file FC to the end of the body BD of the original electronic mail, and from the mail terminal device that has received the encrypted file mail MC. Based on the inquiry information INF, an inquiry about the encryption password PC of the encryption file FC is received, the user of the mail terminal device is authenticated by a predetermined authentication process, and the encryption password PC of the encryption file FC is notified to the user It is made to do.

  As described above, the attached file encryption device 17 relays the attached file mail MA transmitted from the mail terminal device 16 and delivers it to the mail server 15. At that time, the attached file of the attached file mail MA is transmitted. By converting the FA into the encrypted file FC, the encrypted file mail MC is transmitted instead of the attached file mail MA.

  Thereafter, the attached file encryption device 17 receives an inquiry about the encryption password PC of the encryption file FC from the mail terminal device that has received the encryption file mail MC, and notifies the user who has been authenticated correctly to the encryption password PC. It can be restored to the original attachment FA.

  On the other hand, the second network group 3 is separated into an inner network 22 and an outer network (that is, the Internet 4) by a firewall 21 having the same configuration as the firewall 11. A mail server 23 having the same configuration as the mail server 15 and a mail terminal device 24 having the same configuration as the mail terminal device 16 are connected to the network 22.

  As described above, in the electronic mail system 1, the mail terminal device 16 and the mail terminal device 24 are connected via various networks including the Internet 4, and data (actually packets) are mutually transmitted via these networks. It can be sent and received.

(2) Transmission / Reception of E-mail with Attachment File (2-1) Encryption and Transmission of Attachment File Next, the attachment file mail MA with the attachment file FA in the e-mail system 1 is sent from the mail terminal device 16. A sequence for transmission to the mail terminal device 24 will be described with reference to FIGS.

  In FIG. 2, the mail terminal device 16 that is the transmission side of the attached file mail MA first attaches the attachment file FA to the body BD based on the user's operation in sequence SQ1 as shown in FIG. A file mail MA is created, and the mail M is transmitted to the attached file encryption apparatus 17 using SMTP (Simple Mail Transfer Protocol).

  In this case, it is assumed that the attached file mail MA is addressed to the receiving mail address ADR (that is, the address of the mail terminal apparatus 24) from the transmitting mail address ADS (that is, the address of the mail terminal apparatus 16).

  In response to this, the attached file encryption apparatus 17 receives the attached file mail MA in the sequence SQ11 (FIG. 2), and proceeds to the next sequence SQ12.

  In sequence SQ12, the attached file encryption device 17 generates an encrypted file FC by encrypting the attached file FA using a predetermined encryption password PC (details will be described later), and further, unique to the encrypted file FC. Is assigned to the next sequence SQ13.

  In sequence SQ13, as shown in FIG. 3 (B), the attached file encryption apparatus 17 makes a URL (Uniform Resource Locator) and file identifier FID of the attached file encryption apparatus 17 for inquiring about the password of the encrypted file FC. In addition, the inquiry information INF including the receiving side mail address ADR and the like is added to the end of the body BD, and the encrypted file mail MC is generated by attaching the encrypted file FC instead of the attached file FA, and the process proceeds to the next sequence SQ14. .

  In sequence SQ14 (FIG. 2), the attached file encryption apparatus 17 transmits the encrypted file mail MC to the mail server 23 (FIG. 1) via various networks such as the Internet 4 using SMTP.

  On the other hand, the mail terminal device 24 which is the transmission destination of the encrypted file mail MC acquires the encrypted file mail FC from the mail server 23 (FIG. 1) using the POP (Post Office Protocol) in the sequence SQ21 (FIG. 2). (Receive)

  Here, the delivery of the mail M and the attached file FA is organized with reference to FIG. First, the mail terminal device 16 transmits the attached file mail MA to the attached file encryption device 17. The attached file encryption device 17 converts the attached file mail MA into the encrypted file mail MC by encrypting the attached file FA of the attached file mail MA and replacing it with the encrypted file FC, and transmits this to the mail server 15. To do.

  The mail server 15 transmits the encrypted file mail MC to the mail server 23 via the Internet 4 and temporarily stores it. The mail terminal device 24 acquires the encrypted file mail MC by accessing the mail server 23.

  As described above, in the electronic mail system 1, when the attached file mail MA is transmitted from the mail terminal device 16 to the mail terminal device 24, the encrypted file mail MC is transmitted between the attached file encryption device 17 and the mail terminal device 24. In other words, it is transferred in the state of the encrypted file FC obtained by encrypting the attached file FA.

  For this reason, in the electronic mail system 1, even if the encrypted file mail MC is intercepted (wiretapped) by a third party during the transfer, the encrypted file FC can be obtained by a third party who cannot know the encrypted password PC of the encrypted file FC. Can be almost completely decrypted into the attached file FA, so that the security of the attached file FA can be maintained.

(2-2) Notification of encryption password Thereafter, the mail terminal device 24 operates in the sequence SQ22 (FIG. 2) by the user's operation referring to the inquiry information INF (FIG. 3B) written in the encryption file mail MC. Then, the attached file encryption device 17 is queried for the encryption password PC of the encryption file FC.

  Specifically, the mail terminal device 24 accesses the attached file encryption device 17 via a web browser or the like installed in the mail terminal device 24. At this time, the mail terminal device 24 transmits the receiving side mail address ADR and the file identifier FID, which are user identifiers, to the attached file encryption device 17 based on the inquiry information INF.

  Incidentally, the mail terminal device 24 is configured to access the attached file encryption device 17 by encrypted communication using SSL (Secure Socket Layer) based on the inquiry information INF. It is virtually impossible to be deciphered.

  In response to this, the attached file encryption device 17 performs a user authentication process in which the user of the mail terminal device 24 inputs the inquiry password PI in sequence SQ15, and proceeds to the next sequence SQ16.

  Incidentally, when the user of the mail terminal device 24 is unregistered, the attached file encryption device 17 issues an authentication password PE to the user by performing a predetermined initial authentication registration process. Authentication processing is performed.

  The attached file encryption device 17 compares the inquiry password PI input to the user of the mail terminal device 24 with the registered authentication password PE in sequence SQ16, and if both match, the authentication is considered successful. The encrypted password PC corresponding to the encrypted file FC is transmitted to the mail terminal device 24 based on the file identifier FID.

  In response to this, the mail terminal device 24 receives the encryption password PC corresponding to the encryption file FC in the sequence SQ23, and moves to the next sequence SQ24.

  In the sequence SQ24, the mail terminal device 24 acquires the original attached file FA by decrypting the encrypted file FC using the received encrypted password PC.

  In practice, the encrypted file FC has a format called “ZIP format with password”, and the original attached file FA is compression-encoded using the encrypted password PC as an encryption key. For this reason, for example, if the mail terminal device 24 uses Windows (registered trademark) XP, which is generally widely used as an OS (Operating System), by specifying the correct encryption password PC, the standard of the OS Using this function, the encrypted file FC can be restored to the attached file FA.

  As described above, in the electronic mail system 1, as shown in FIG. 4B, when the attached file encryption device 17 receives an inquiry about the encryption password PC from the mail terminal device 24, the user identifier (that is, the receiving side mail address ADR). ) And the authentication password PE, and only when the authentication is successful, the encrypted password PC is notified to the mail terminal device 24 to decrypt the encrypted file FC.

  For this reason, in the electronic mail system 1, only the user who is a valid recipient of the encrypted file FC can be notified of the encrypted password PC from the attached file encryption device 17, and the encrypted file FC is transmitted by the mail terminal device 24. Can be decrypted to obtain the original attached file FA.

(3) Detailed Configuration of Attached File Encryption Device (3-1) Circuit Configuration of Attached File Encryption Device First, the circuit configuration of the attached file encryption device 17 will be described. As shown in FIG. 5, the attached file encryption device 17 has substantially the same configuration as a general computer device, and the CPU (Central Processing Unit) 31 of the control unit 30 performs overall control. Has been made.

  The CPU 31 of the attached file encryption device 17 reads out the basic program and OS from the ROM 33 and hard disk drive 34 connected via the bus 32, expands and executes them in the RAM 35, and further encrypts the attached file from the hard disk drive 34. Various programs such as a program and an encryption password notification program are read out and executed on the RAM 35, whereby the attached file FA is encrypted and the encryption password PC is notified.

(3-2) Transmission / Reception of E-mail with Attachment File Next, the functional configuration of the attachment file encryption device 17 will be described. As shown in FIG. 6, when the attached file mail MA is transmitted from the mail terminal device 16, the attached file encryption apparatus 17 receives the attached file mail MA by the mail receiving unit 41, and receives it from the mail determining unit 42. To supply.

  The mail discriminating unit 42 refers to the encryption rule database DB1 stored in advance in the hard disk drive 34 and storing rules for encrypting the attached file FA.

  As shown in FIG. 7, the encryption rule database DB1 stores an encryption keyword KW and a password type TP as encryption rules for each reception mail address ADR in association with the transmission mail address ADS. Yes.

  Here, as the keyword KW, a character string included in the “subject” field of the attached mail MA is stored as a condition for determining whether or not the attached file FA is to be encrypted. In addition to the column, “All” unconditionally encrypts all attached file FAs, “None” not encrypts all attached file FAs at all, and an encryption password with instructions to encrypt attached file FAs Any one of “password:” to be designated is selected in advance.

  Also, as the password type TP, “disposable” that does not generate and reuse a new encrypted password PC every time, “fixed” that uses a pre-designated encrypted password PC every time, “designated every time” that allows the user to designate each time, and One of the four types “None”, which means that the attached file FA is not encrypted, is selected.

  Incidentally, the contents of the encryption rule database DB1 can be freely set by the user of the mail terminal device 16, the administrator of the electronic mail system 1, or the like.

  In practice, the mail discriminating unit 42 uses the encryption rule based on the transmission side mail address ADS (that is, the From: field of the mail header) and the reception side mail address ADR (that is, the To: field of the mail header) of the attached file mail MA. The keyword KW and password type TP corresponding to the attached file mail MA are read out.

  Subsequently, when the keyword is included in the subject field of the attached mail MA (that is, the Subject: field of the mail header) or the keyword is “all”, the mail determination unit 42 sets the password type TP to “disposable”. ", A random encryption password PC is generated. If it is" fixed ", the password specified in advance is used as the encryption password PC. If" specified every time ", the" password "entered in the subject field of the attached mail MA is displayed. The character string following “:” is used as the encryption password PC, and the attached file FA and the encryption password PC are supplied to the attached file encryption unit 43.

  In response to this, the attached file encryption unit 43 generates an encrypted encrypted file FC by converting the attached file FA into the “ZIP format with password” by using the encrypted password PC, and the encrypted file FC is generated. To supply.

  At this time, the mail discriminating unit 42 assigns a unique file identifier FID to the encrypted file FC, and attaches the file identifier FID in association with the encryption password PC, the sender mail address ADS, and the receiver mail address ADR. Store in the file information database DB2.

  Incidentally, the attached file information database DB2 is stored in the hard disk drive 34 (FIG. 5). As shown in FIG. 7B, the file identifier FID includes the encryption password PC, the transmission side mail address ADS, and the reception side mail address ADR. Are stored in association with each other.

  Thereafter, the mail discriminating unit 42 adds the inquiry information INF (FIG. 3B) including the file identifier FID to the original attached file mail MA at the end of the text BD, and further encrypts it instead of the attached file FA. An encrypted file mail MC is generated by attaching the file FC, which is supplied to the mail transmission unit 44, and history information including the date and time, the receiving side mail address ADR, and the like is stored in the log database DB3.

  On the other hand, when the mail M (that is, mail without the attached file FA) is supplied, or when the attached file FA is not encrypted as a result of receiving the attached mail MA and following the encryption rule, the mail determination unit 42 The original mail M or the attached file mail MA is supplied to the mail transmitting unit 44 as it is.

  The mail transmission unit 44 transmits the encrypted file mail MC, the mail M, or the attached file mail MA to the mail server 23 that manages the receiving side mail address ADR.

  In response to this, the mail server 23 receives and temporarily stores the encrypted file mail MC, mail M or attached file mail MA, and responds to the access from the mail terminal device 24, and the encrypted file mail MC, mail M or attached file. The mail MA is transmitted to the mail terminal device 24.

  When the mail terminal device 24 receives the encrypted file mail MC, the web terminal installed in the mail terminal device 24 is operated by a user operation referring to the inquiry information INF (FIG. 3B) of the encrypted file mail MC. The attached file encryption device 17 is accessed via a browser or the like, and the file identifier FID and the receiving side mail address ADR included in the inquiry information INF are transmitted.

  In response to this, the password notification unit 45 of the attached file encryption apparatus 17 refers to the user information database DB4. Here, as shown in FIG. 7C, the user information database DB4 stores the authentication password PE issued in advance to the user of the receiving mail address ADR in association with the receiving mail address ADR. Yes.

  The password notifying unit 45 reads the authentication password PE corresponding to the receiving side mail address ADR transmitted from the mail terminal device 24 from the user information database DB4, and also asks the user for a reference password via the web browser of the mail terminal device 24. Input PI.

  At this time, the password notification unit 45 compares the authentication password PE with the inquiry password PI. If they match, the password notification unit 45 considers that the authentication is successful, that is, the operator of the mail terminal device 24 is a valid user, and the attached file information The encryption password PC associated with the file identifier FID is read from the database DB2 and displayed on the web browser of the mail terminal device 24 to notify the encryption password PC.

  The password notifying unit 45 records the authentication result in the log database DB3 as history information together with the receiving side mail address ADR, date and time, and the history information is sent to the administrator when there is an unauthorized access. It can be referred to.

(3-3) Attachment File Encryption Processing Next, the attachment file encryption processing procedure RT1 in the attachment file encryption device 17 will be described with reference to the flowchart shown in FIG.

  When the power is turned on and the OS is started, the control unit 30 (FIG. 5) of the attached file encryption apparatus 17 starts the attached file encryption processing procedure RT1 by reading and executing the attached file encryption program from the hard disk drive 34. Then, the process proceeds to step SP1.

  In step SP1, the control unit 30 determines whether the mail receiving unit 41 has received the mail M or the attached file mail MA from the mail terminal device 16. If a negative result is obtained here, the control unit 30 waits for the reception of the mail M or the attached file mail MA from the mail terminal device 16 by repeating step SP1 again.

  On the other hand, if a positive result is obtained in step SP1, the control unit 30 moves to the next step SP2. In step SP2, the control unit 30 uses the mail determination unit 42 to determine whether there is an attached file FA, that is, whether an attached file mail MA has been received. If a negative result is obtained here, this means that the mail M without the attached file FA has been received, and therefore it is not necessary to perform processing related to the attached file FA. Control goes to step SP5.

  On the other hand, if an affirmative result is obtained in step SP2, the control unit 30 proceeds to the next step SP3 to perform processing related to the attached file mail FA. In step SP3, the control unit 30 uses the encryption rule database DB1 (FIG. 7 (A)) as an encryption rule based on the sender mail address ADS and the receiver mail address ADR of the attached file mail MA as an encryption rule. The type TP is read out, and the process proceeds to the next step SP4.

  In step SP4, the control unit 30 determines whether to encrypt the attached file FA according to the read encryption rule (that is, the keyword KW and the password type TP). If a negative result is obtained here, this indicates that the original attached file mail MA should be transmitted as it is from the mail transmitting unit 44, and at this time, the control unit 30 proceeds to the next step SP5.

  In step SP5, the control unit 30 causes the mail transmitting unit 44 (FIG. 6) to transmit the mail M or the attached file mail MA to the receiving side mail address, and completes a series of processes related to the mail M or the attached file mail MA. Then, the process returns to step SP1 and waits for the next mail M or the attached file mail MA.

  On the other hand, when a positive result is obtained in step SP4, the control unit 30 proceeds to next step SP6. In step SP6, the control unit 30 encrypts the attachment file FA using the encryption password PC according to the encryption rule (that is, the keyword KW and the password type TP) by the attachment file encryption unit 43 (FIG. 6). Is converted into the encrypted file FC, and the process proceeds to the next step SP7.

  In step SP7, the control unit 30 adds the inquiry information INF (FIG. 3B) to the end of the mail body BD by the mail determination unit 42, and proceeds to the next step SP8.

  In step SP8, the control unit 30 causes the mail determination unit 42 to generate the encrypted file mail MC by attaching the encrypted file FC to the mail body BD, and proceeds to the next step SP9.

  In step SP9, the control unit 30 ends the series of attached file encryption processing by transmitting the encrypted file mail MC from the mail transmission unit 44 to the receiving side mail address ADR, and returns to step SP1 again to return to the next. Waiting for the mail M or the attached mail MA.

  Thereafter, the control unit 30 repeats the attached file encryption processing procedure RT1 until the attached file encryption apparatus 17 is turned off or the attached file encryption program is stopped by an administrator or the like.

(3-4) Encryption Password Notification Processing Procedure Next, the flowchart of FIG. 9 will be described with respect to the encryption password notification processing procedure RT2 when the attached file encryption device 17 receives an inquiry about the encryption password FC from the mail terminal device 24 and notifies it. It explains using.

  When the power is input and the OS is activated, the control unit 30 of the attached file encryption apparatus 17 starts the encryption password notification processing procedure RT2 by reading and executing the encryption password notification program from the hard disk drive 34, and proceeds to step SP11. .

  In step SP11, the control unit 30 determines whether or not the password notification unit 45 (FIG. 6) has received an inquiry regarding the encryption password FC of the encryption file FC attached to the encryption file mail MC from the mail terminal device 24. If a negative result is obtained here, the control unit 30 waits for an inquiry about the encryption password FC from the mail terminal device 24 by repeating step SP11 again.

  On the other hand, if a positive result is obtained in step SP11, the control unit 30 proceeds to the next step SP12. In step SP12, the control unit 30 acquires the file identifier FID and the receiving side mail address ADR from the mail terminal device 24 by the password notification unit 45, and proceeds to the next step SP13.

  In step SP13, the control unit 30 refers to the user information database DB4 by using the password notification unit 45 to acquire the authentication password PE corresponding to the receiving side mail address ADR, and proceeds to the next step SP14.

  In step SP14, the control unit 30 causes the password notification unit 45 to input the inquiry password PI to the user of the mail terminal device 24, and proceeds to the next step SP15.

  In step SP15, the control unit 30 compares the authentication password PE and the inquiry password PI, and determines whether or not they match, that is, whether or not the authentication is successful. If a negative result is obtained here, this means that the user of the mail terminal device 24 may not be a valid user. At this time, the control unit 30 sends a predetermined error message to the mail terminal device 24. , The process related to the notification of the encryption password PC is interrupted, and the process returns to step SP11 again.

  On the other hand, if an affirmative result is obtained in step SP15, this indicates that the user of the mail terminal device 24 can be regarded as a legitimate user who has already been registered. At this time, the control unit 30 performs the next step SP16. Move on.

  In step SP16, the control unit 30 refers to the attached file information database DB2 (FIG. 7B) by the password notification unit 45, receives the transmission side mail address ADS corresponding to the file identifier FID transmitted from the mail terminal device 24, and receives it. The side mail address ADR and the encryption password PC are read out, and the process proceeds to the next step SP17.

  In step SP17, the control unit 30 determines whether or not the reception side mail address ADR transmitted from the mail terminal device matches the transmission side mail address ADS or the reception side mail address ADR read from the attached file information database DB2.

  If a negative result is obtained here, this means that the user of the mail terminal device 24 is a user registered in the user information database DB4, but is neither a valid recipient nor a valid sender of the encrypted file FC. At this time, the control unit 30 displays a predetermined error message on the display screen of the mail terminal device 24, interrupts the process related to the notification of the encryption password PC, and returns to step SP11 again.

  On the other hand, if a positive result is obtained in step SP17, this indicates that the user of the mail terminal device 24 is a valid receiver or a valid sender of the encrypted file FC. Control goes to step SP18.

  In step SP18, the control unit 30 transmits the encrypted password PC to the mail terminal device 24, thereby ending the series of processes for notifying the encrypted password PC, and returning to step SP11 again to inquire the next encrypted password PC. Await.

  Thereafter, the control unit 30 repeats this encryption password notification processing procedure RT2 until the power of the attached file encryption device 17 is turned off or the encryption password notification program is stopped by an administrator or the like.

(4) Operation and Effect In the above configuration, when the attached file mail MA is transmitted from the mail terminal device 16, the attached file encryption apparatus 17 of the electronic mail system 1 transmits the sending mail address ADS and the receiving mail address ADR. The attached file FA is encrypted according to the encryption rule associated with the encrypted file FC, and the encrypted file mail MC attached with the encrypted file FC is sent to the receiving side mail address ADR. To receive.

  As a result, the attached file encryption device 17 of the e-mail system 1 can be received by the mail terminal device 24 via various networks in the state of the encrypted file FC obtained by encrypting the attached file FA. Security can be maintained, and there is virtually no possibility that the contents of the original attached file FA will be known or altered by a third party.

  In particular, in the electronic mail system 1, when the keyword of the encryption rule database DB1 (FIG. 7A) is “all”, the attached file encryption device 17 automatically encrypts all attached files FA. Therefore, it is possible to prevent a human error such that the user does not have to perform a troublesome encryption operation, and the user inadvertently forgets the encryption and transmits the attached file FA.

  In addition to this, in the electronic mail system 1, when a character string corresponding to the keyword KW of the encryption rule database DB1 (FIG. 7A) is included in the subject field of the attached mail MA, the encryption permission / inhibition and the password are set. Since the user can also be instructed, for example, when the user does not want to encrypt the attached file FA, or when he / she wants to use a specific encryption password PC, the user can flexibly respond.

  Further, in the electronic mail system 1, when the type of password is “disposable” as the encryption rule, different encryption passwords PC can be generated for each encryption file FC. Even if the encryption password PC is known to a third party, other encryption files FC cannot be decrypted by the encryption password PC, so that information leakage can be minimized.

  On the other hand, the attached file encryption device 17 receives secure access using SSL from the mail terminal device 24 that has received the encrypted file mail MC, and is input to the receiving side mail address ADR of the mail terminal device 24 and the user. The encryption password PC of the encrypted file FC is authenticated only when the user is authenticated based on the inquiry password PI, and the authentication is successful and the user is a valid receiver or sender of the encrypted file FC. To be notified.

  As a result, the attached file encryption device 17 of the e-mail system 1 secures the encryption password PC of the encryption file FC only to the user of the mail terminal device 24 who is a valid recipient or sender of the encrypted file mail MC. Therefore, it is possible to prevent the encryption password PC from being known to a third party, and it is possible to substantially eliminate the risk that the encrypted file FC is illegally decrypted.

  In the electronic mail system 1, since the attached file encryption apparatus 17 manages the encryption password PC when the attached file FA is encrypted by the attached file information database DB2 (FIG. 7B), the original attached file is stored. The user of the mail terminal device 16 that has sent the mail MA is made aware of the encryption password PC, or the user of the mail terminal device 24 is notified of the encryption password PC by another communication means such as mail, mail, telephone, or facsimile. This eliminates the troublesome task of making it happen.

  Further, in the electronic mail system 1, when the encrypted file FC is encrypted by the attached file encryption device 17, the “ZIP format with password” is combined with the ZIP method widely used as the compression method and the encryption by the password. Therefore, when the correct encrypted password PC can be acquired by the mail terminal device 24 that has received the encrypted file mail MC, the mail terminal device 24 can almost certainly restore the original attached file FA.

  According to the above configuration, the electronic mail system 1 encrypts the attachment file FA of the attachment file mail MA transmitted from the mail terminal device 16 by the attachment file encryption device 17 in accordance with the encryption rule and sets the encryption password PC. By managing and notifying the authenticated password PC only to authorized users, the attached file FA can be automatically encrypted, and the encrypted password PC can be safely and securely saved without requiring the user. Since only a legitimate user can be notified, the attached file FA can be delivered safely and easily using a mail delivery mechanism.

(5) Other Embodiments In the above-described embodiment, encryption rules corresponding to the sender mail address ADS and the receiver mail address ADR are defined by the encryption rule database DB1 (FIG. 7A). Although the present invention is not limited to this, the present invention is not limited to this. For example, the encryption rule is determined only in accordance with the transmission side mail address ADS regardless of the reception side mail address ADR, or on the contrary, the transmission side mail address. The encryption rule may be determined according to only the reception side mail address ADR regardless of the ADS, and further, the only encryption rule may be determined regardless of the transmission side mail address ADS and the reception side mail address ADR.

  In the above-described embodiment, the case where the inquiry information INF is added to the end of the mail body BD (FIG. 3B) has been described. However, the present invention is not limited to this, for example, specific reception is performed. The inquiry information INF is not added to the body BD of the encrypted file mail MC for the side mail address ADR, or the inquiry information INF is not added when the password type TP (FIG. 7A) is “fixed”. For example, the inquiry information INF may not be added to the text BD depending on various conditions.

  Thereby, it is possible to prevent the third party who has intercepted the encrypted file mail MC from knowing that there is a means for obtaining the encrypted password PC.

  Furthermore, in the above-described embodiment, as the encryption rule keyword (FIG. 7A), any one of a character string that becomes a keyword, “all”, “none”, or “password:” is selected in advance. However, the present invention is not limited to this. For example, “None” cannot be selected, or “password:” is unconditionally set, and the selection target may be limited.

  In addition to the subject field of the attached file mail MA, various keywords such as the beginning and end of the body text BD or the destination field may be used as the keyword description location.

  Further, in the above-described embodiment, the password type TP (FIG. 7A) of the encryption rule is any one of four types of “disposable”, “fixed”, “designated every time”, and “none”. Although the case where the selection is made has been described, the present invention is not limited to this. For example, the selection target may be limited such that “None” cannot be selected, or “Disposable” is unconditionally set. good.

  Furthermore, in the above-described embodiment, the case where the attached file FA is encrypted is converted to the encrypted file FC of “ZIP format with password”. However, the present invention is not limited to this, and the attached file FA is not limited thereto. The file FA may be converted into an encrypted file FC having various file formats. In this case, it is desirable that an arbitrary encryption password PC can be designated as the encryption key, and that the encrypted file FC can be decrypted easily and reliably by the mail terminal device 24.

  Furthermore, in the above-described embodiment, a case where a unique file identifier FID in the attached file information database DB2 (FIG. 7B) is assigned to the attached file FA by the mail discriminating unit 42 (FIG. 6) will be described. However, the present invention is not limited to this. For example, the encrypted file FC may be specified by using “Message-Id” that is included in the mail header and is unique in nature.

  Furthermore, in the above-described embodiment, the case where secure communication using SSL is used via a web browser when accessing the attached file encryption device 17 from the mail terminal device 24 has been described. The present invention is not limited to this. For example, the encryption password PC may be notified by secure communication combining telnet and SSL, secure communication combining FTP (File Transfer Protocol) and SSL, or the like.

  Further, in the above-described embodiment, the case where the attached file encryption device 17 notifies the encryption password PC has been described. However, the present invention is not limited to this, for example, a user separately from the attached file encryption device 17. An encryption password notification server having the information database DB4 and capable of accessing the attachment file DB of the attachment file encryption device 17 is prepared, and the encryption password notification server performs the encryption password notification processing procedure RT2 (FIG. 9). The encryption password PC may be notified to the mail terminal device 24. In this case, it is desirable that security is ensured for communication between the attached file encryption device 17 and the encryption password notification server.

  Further, in the above-described embodiment, the case where the attached file encryption apparatus 17 is connected to the internal network 14 in the first network group (FIG. 1) as an independent apparatus has been described. For example, the attachment file encryption program and the encryption password notification program are installed in the mail server 15 and the attachment file encryption processing procedure RT1 (FIG. 8) and the encryption password notification processing procedure RT2 (FIG. 9) are executed. The attachment file encryption processing procedure RT1 (FIG. 8) and the encryption password notification processing procedure RT2 () are performed on various information processing apparatuses on the network, such as mounting the function of the attachment file encryption device 17 on the mail server 15. The function of the attached file encryption device 17 is implemented by executing FIG. It may be so that.

  In this case, the information processing apparatus in which the function of the attached file encryption apparatus 17 is implemented may have a circuit configuration as shown in FIG. 5 such as a general computer apparatus or server apparatus.

  Furthermore, in the above-described embodiment, the attached file FA encryption process and the encryption process of the attached file FA are performed by software by executing the attached file encryption process procedure RT1 (FIG. 8) and the encrypted password notification process procedure RT2 (FIG. 9) in the control unit 30. Although the case where the notification process of the encryption password PC is executed has been described, the present invention is not limited to this. For example, the mail reception unit 41, the mail determination unit 42 (FIG. 6), the attached file encryption unit 43, the mail transmission The unit 44 and the password notification unit 45 may be realized by hardware, so that the encryption process of the attached file FA and the notification process of the encryption password PC may be executed.

  Further, in the above-described embodiment, the case where the attached file encryption program and the encryption password notification program are stored in the hard disk drive 34 has been described. However, the present invention is not limited to this, and the attached file encryption program and encryption program are not limited thereto. The password notification program is stored in advance in the ROM 33, for example, and is read out from a removable storage medium such as a CD-ROM (Compact Disc-Read Only Memory) or a small memory card (not shown), or the network interface 36 or a USB (not shown). The attached file encryption program and the encryption password notification program may be acquired from the outside and executed, for example, received from an external computer via a (Universal Serial Bus) interface.

  Further, in the above-described embodiment, the mail receiving unit 41 and the mail discriminating unit 42 as the receiving unit, the attached file encryption unit 43 and the mail discriminating unit 42 as the encrypting unit, and the mail transmitting unit 44 as the transmitting unit. The case where the attached file encryption device 17 as the electronic mail relay device is configured by the mail determination unit 42 and the password notification unit 45 as the notification means has been described, but the present invention is not limited to this, and other various circuits An electronic mail relay device may be configured by the electronic mail receiving means, the encryption means, the transmission means, and the notification means.

  The present invention can also be used in various networks using electronic mail.

It is a block diagram which shows the whole structure of an electronic mail system. It is a sequence chart which shows the transmission / reception sequence of a mail and an attached file. It is a basic diagram which shows the example of the content of mail. It is a basic diagram which shows the flow of an email and an attached file. It is a block diagram which shows the circuit structure of an attached file encryption apparatus. It is a block diagram which shows the function structure of an attached file encryption apparatus. It is a basic diagram which shows the structure of a database. It is a flowchart which shows an attachment file encryption processing procedure. It is a flowchart which shows an encryption password notification process procedure.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... E-mail system 16, 24 ... Mail terminal device, 17 ... Attached file encryption device, 30 ... Control part, 31 ... CPU, 34 ... Hard disk drive, 41 ... Mail receiving part, 42 ...... Mail discriminating unit, 43 …… Attached file encryption unit, 44 …… Mail sending unit, 45 …… Password notifying unit, M …… Mail, MA …… Attached file mail, MC …… Encrypted file mail, FA… ... Attached file, MA ... Encrypted file, PC ... Encrypted password, INF ... Inquiry information, ADS ... Sender mail address, ADR ... Receiver mail address, FID ... File identifier, PE ... Authentication password , PI …… Password for inquiry, DB1 …… Encryption rule database, DB2 …… Attached file information database, DB4 …… User Multi-address database.

Claims (10)

An e-mail system that relays an e-mail transmitted from a sending-side e-mail terminal by an e-mail relay device and receives the e-mail by a receiving-side e-mail terminal,
The above e-mail relay device
Receiving means for receiving an e-mail addressed to the receiving e-mail terminal from the transmitting e-mail terminal;
An encryption means for generating an encrypted file by encrypting the attached file using a predetermined encryption password as an encryption key when the attached file is attached to the e-mail;
A transmitting means for transmitting an encrypted file e-mail attached with the encrypted file instead of the attached file to the receiving e-mail terminal;
In response to the encryption password inquiry from the receiving e-mail terminal that has received the encrypted file e-mail, if the user of the receiving e-mail terminal is authenticated by a predetermined authentication process, it is associated with the encrypted file An e-mail system comprising: notifying means for notifying the encryption password to the receiving e-mail terminal. Receiving means for receiving an e-mail addressed to the receiving-side e-mail terminal from the sending-side e-mail terminal;
An encryption means for generating an encrypted file by encrypting the attached file using a predetermined encryption password as an encryption key when the attached file is attached to the e-mail;
A transmitting means for transmitting an encrypted file e-mail attached with the encrypted file instead of the attached file to the receiving e-mail terminal;
Corresponds to the encrypted file when the user of the receiving e-mail terminal is authenticated by a predetermined authentication process when receiving the cipher password inquiry from the receiving e-mail terminal that has received the encrypted file e-mail An e-mail relay apparatus comprising: a notifying means for notifying the received e-mail terminal of the attached encrypted password. The transmission means is
The e-mail relay apparatus according to claim 2, wherein information related to the inquiry of the encryption password is added to the body of the encrypted file e-mail and transmitted to the receiving e-mail terminal. The encryption means is
The electronic mail relay apparatus according to claim 2, wherein the encryption password that is different for each attached file is generated and encrypted. The encryption means is
The encryption rule indicating a condition for encrypting the attached file is provided for each of the receiving-side e-mail terminals, and the attached file is encrypted according to the encryption rule. E-mail relay device. The above encryption rule is
6. The e-mail relay device according to claim 5, wherein the e-mail relay device is a keyword for designating necessity of encryption of the attached file, which is described at a predetermined location of the e-mail to which the attached file is attached. . The above encryption rule is
6. The e-mail relay apparatus according to claim 5, wherein an encryption password itself used for encrypting the attached file or a method for selecting the encryption password is instructed. The notification means is
When the user of the receiving e-mail terminal is authenticated, the cipher associated with the cipher file only when the user confirms that the user is a legitimate receiver or legitimate sender of the cipher file. The e-mail relay device according to claim 2, wherein the e-mail terminal is notified of a password. A receiving step of receiving an e-mail addressed to the receiving-side e-mail terminal from the sending-side e-mail terminal;
An encryption step of generating an encrypted file by encrypting the attached file using a predetermined encryption password as an encryption key when the attached file is attached to the e-mail;
A sending step of sending an encrypted file e-mail attached with the encrypted file instead of the attached file to the receiving e-mail terminal;
Corresponds to the encrypted file when the user of the receiving e-mail terminal is authenticated by a predetermined authentication process when receiving the cipher password inquiry from the receiving e-mail terminal that has received the encrypted file e-mail And a notification step of notifying the receiving e-mail terminal of the attached encrypted password. For information processing equipment
A receiving step of receiving an e-mail addressed to the receiving-side e-mail terminal from the sending-side e-mail terminal;
An encryption step of generating an encrypted file by encrypting the attached file using a predetermined encryption password as an encryption key when the attached file is attached to the e-mail;
A sending step of sending an encrypted file e-mail attached with the encrypted file instead of the attached file to the receiving e-mail terminal;
Corresponds to the encrypted file when the user of the receiving e-mail terminal is authenticated by a predetermined authentication process when receiving the cipher password inquiry from the receiving e-mail terminal that has received the encrypted file e-mail And a notification step of notifying the received e-mail terminal of the attached encrypted password.

Images