JP2008042642A - Policy management system, policy management apparatus, policy management method and policy management program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent only one-direction electronic mail delivery from being permitted when determining whether or not electronic mail can be delivered based on the policy of a user. <P>SOLUTION: A policy updating unit 132b of a policy management apparatus 130b adds a mail address of a permitted user on a white list corresponding to a demander based on a policy updating request, a policy synchronization transmission unit 133b then transmits mail addresses of the demander and the permitted user by policy synchronization request mail together with a policy synchronization request, and a policy synchronization receiving unit 134a having received the policy synchronization request adds the mail address of the demander to the white list of permitted users. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a policy management system, a policy management apparatus, a policy management method, and a policy management program for managing permitted caller information, which is information about each caller that allows a user to receive a message, as a policy. The present invention relates to a policy management system, a policy management device, a policy management method, and a policy management program that can prevent the occurrence of a state in which only the transfer of a message transmitted from one user is permitted in the message transfer between them.

  In recent years, it has become a social problem that spam mails such as advertisements reach e-mail users. In addition, annoying incoming communication is a problem not only in electronic mail but also in instant message communication and SIP (Session Initiation Protocol) communication. For this reason, various techniques for preventing annoying incoming communications have been developed.

  For example, a list of communication addresses of callers that are allowed to receive calls (hereinafter referred to as “white list”) is registered as a policy, and a communication request from a caller address that is not registered in the white list is rejected by the relay device. Technology has been developed. According to this technique, the user can receive only communication from a caller who really wants to receive without receiving annoying communication from an unauthorized caller.

  Further, in Patent Document 1, when there are a plurality of business operators that provide an email service, the plurality of business operators are accommodated, and an email message that can relay a message as an email between the business operators is disclosed. In the relay network, the identification information of another specific carrier is registered in the management table of the specific carrier, the identification information is compared with the identification information included in the relay message, and the message is relayed based on the result. The technology to decide whether to regulate is described.

JP-A-7-212394

  However, in such a conventional technique, when one communication address or identification information of a communicator is registered in the white list or management table, the other communication address or identification information is not necessarily registered. For this reason, there is a problem in that one communication is permitted but communication in the opposite direction is rejected, which is inconvenient for the user.

  The present invention has been made to solve the above-described problems of the prior art, and prevents the occurrence of a state in which only transfer of a message transmitted from one user is permitted in message transfer between users. An object of the present invention is to provide a policy management system, a policy management apparatus, a policy management method, and a policy management program.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 is a policy management system for managing permitted caller information, which is information about each caller permitted to receive a message, as a policy. The permitted caller information storage means storing the permitted caller information for one or more callers for each user, and new permitted caller information is sent to the permitted caller information storage means in the message from the caller. Permitted caller information registering means for registering in correspondence with a callee who is permitted to receive a call, and an incoming call which is information relating to the caller corresponding to the caller whose permitted caller information is registered by the permitted caller information registering means And authorized sender information synchronization means for registering the authorized person information as authorized sender information in the authorized sender information storage means.

  In the invention according to claim 2, in the above invention, the permitted caller information registration means registers new permitted caller information and transmits a synchronization request including information on the caller and callee information. The permitted caller information synchronization unit receives the synchronization request transmitted by the permitted caller information registration unit, and stores the permitted caller information as the permitted caller information corresponding to the caller. It is characterized in that it is registered in the means.

  Further, in the invention according to claim 3, in the above invention, the permitted caller information synchronization unit receives and authenticates the synchronization request transmitted by the permitted caller information registration unit, and confirms the validity of the synchronization request. When the call is made, the caller information is registered in the permitted caller information storage means as permitted caller information in association with the caller.

  The invention according to claim 4 is the above invention, wherein the permitted caller information synchronization means inquires of the caller regarding registration of the callee information as permitted caller information, and approval of the caller is obtained. Is obtained, the callee information is registered in the permitted caller information storage means as permitted caller information in association with the caller.

  The invention according to claim 5 is the above invention, wherein the permitted caller information synchronization means registers the callee information as permitted caller information in the permitted caller information storage means and sends a registration notification to the callee. It is characterized by transmitting to.

  The invention according to claim 6 is the policy management apparatus for managing, as a policy, permitted sender information, which is information relating to each sender that the user permits to receive a message, in the above-mentioned invention. The authorized caller information registering means for registering the caller information in correspondence with the callee who is allowed to receive a message from the caller, and the caller information for which the authorized caller information is registered by the allowed caller information registering means. A synchronization request means for requesting the policy management apparatus that manages the permitted caller information of the caller to register the callee information that is information relating to the callee as the permitted caller information, and another policy management apparatus. And authorized sender information synchronization means for registering authorized sender information requested by the synchronization request means.

  The invention according to claim 7 is the policy management method according to the above-mentioned invention, wherein the permitted caller information, which is information related to each caller for which a user is permitted to receive a message, is managed as a policy. A permitted caller information registration step in which a policy management device that manages information as a policy registers new permitted caller information in correspondence with a callee that allows incoming messages from the caller, and the permitted caller information registration step. Another policy management for managing the permitted caller information of the caller so as to register the caller information as information on the caller as the permitted caller information in association with the caller whose permitted caller information is registered by The synchronization request process for requesting the apparatus and the permitted sender information for registering the permitted sender information by another policy management apparatus requested by the synchronization request process. Characterized in that it includes a step.

  The invention according to claim 8 is the policy management program for managing, as a policy, permitted sender information, which is information related to each sender who allows a user to receive a message. The authorized caller information registration procedure for registering the caller information corresponding to the callee who is allowed to receive a message from the caller, and the caller information for which the authorized caller information is registered by the authorized caller information registration procedure. A synchronization request procedure for requesting the policy management program for managing the permitted caller information of the caller so as to register the callee information as information on the callee as the permitted caller information, and the synchronization of another policy management program Causing the computer to execute a permitted caller information synchronization procedure for registering the permitted caller information requested by executing the requested procedure. It is characterized in.

  According to the invention of claim 1, 6, 7 or 8, the new permitted caller information is registered in correspondence with the callee who is allowed to receive a message from the caller, and the permitted caller information is registered. Since the receiver information is registered as permitted sender information in correspondence with the caller, it is possible to prevent the occurrence of a state in which only the transfer of a message transmitted from one user is permitted in the message transfer between users. be able to.

  According to the invention of claim 2, while registering new permitted caller information and transmitting a synchronization request including information on the caller and the callee information, receiving the transmitted synchronization request, Since the recipient information is registered as permitted sender information corresponding to the caller, the permitted caller information should be synchronized even if the device that manages the permitted caller information differs between the caller and the callee. Can do.

  According to the invention of claim 3, the synchronization request is received and authenticated, and when the validity of the synchronization request is confirmed, the receiver information is registered as permitted sender information in correspondence with the sender. Therefore, it is possible to prevent forgery of the synchronization request by an unauthorized person.

  According to the invention of claim 4, the caller is inquired about registering the callee information as the permitted caller information, and when the caller's approval is obtained, the caller information is associated with the caller. Is registered as permitted sender information, the registration of new permitted sender information can be confirmed with respect to the sender.

  Further, according to the invention of claim 5, since the callee information is registered as the permitted caller information and the registration notification is transmitted to the callee, the caller knows that it has been registered as new permitted caller information. Can do.

  Exemplary embodiments of a policy management system, a policy management apparatus, a policy management method, and a policy management program according to the present invention will be described below in detail with reference to the accompanying drawings. In this embodiment, the case where the present invention is applied to electronic mail will be mainly described.

  First, the system configuration of the mail delivery system according to the present embodiment will be described. FIG. 1 is a diagram illustrating a system configuration of a mail delivery system according to the present embodiment. In the mail transfer system shown in the figure, a communicator A terminal 220 and a communicator B terminal 320 are connected via a communicator A side ISP network 210, the Internet 400, and a communicator B side ISP network 310. A mail addressed to the communicator A230 sent from the communicator B terminal 320 with the B330 as a transmission source is sent to the communicator A via the ISP relay system 100b of the communicator B330 and the ISP relay system 100a of the communicator A230. Delivered to the terminal 220.

  The communicator A terminal 220 and the communicator B terminal 320 are terminal devices used when the communicator A 230 and the communicator B 330 exchange mail via the Internet 400, respectively, and are personal computers (PC), mobile phone terminals, It is a terminal equipped with a mail communication function such as an information appliance.

  These terminals are connected to the communicator A side ISP network 210 and the communicator B side ISP network 310 via the router R, respectively. The communicator A side ISP network 210 and the communicator B side ISP network 310 are respectively It is connected to the Internet 400 via the router R. In addition, it is assumed that the address of the relay device 120a is set as the SMTP server address in the communicator A terminal 220, and the address of the relay device 120b is set as the SMTP server address in the communicator B terminal 320.

  The ISP relay system 100a of the communicator A230 accepts the mail transmitted from the communicator A terminal 220 and transmits it to the mail destination, and receives the mail to the communicator A terminal 220 to the communicator A terminal 220. The ISP relay system 100b of the communicator B330 accepts the mail transmitted from the communicator B terminal 320 and transmits it to the mail destination, and receives the mail to the communicator B terminal 320 to receive the communicator B. Transmit to terminal 320.

  For convenience of explanation, only two terminal devices and a relay system are shown here, but this mail delivery system is composed of a large number of terminal devices and relay systems. The user is a user of an email service such as an ISP email service or a cellular phone email service. Accordingly, the user's IP network is not necessarily the wired Internet service provider's IP network, but may be an IP network for a mobile phone carrier's mobile mail service.

  In the ISP relay system 100a of the communicator A230, a policy storage device 110a that stores a white list as a policy, a relay device 120a that relays mail according to a policy, and a policy management device 130a that manages the policy are connected by a LAN 140a. Composed. The relay device 120a and the policy management device 130a are connected to the communicator A side ISP network 210 via the router R. Since the ISP relay system 100b of the communicator B330 has the same functional configuration as the ISP relay system 100a of the communicator A, only the relay system 100a will be described here.

  The policy storage device 110a includes a policy storage unit 111a that stores a white list as a policy. This policy storage unit 111a is realized as a table on a relational database management system (RDBMS). FIG. 2 is a diagram illustrating an example of the policy storage unit 111a realized as a table on the RDBMS. As shown in the figure, for each user, this table stores a user's mail address and an authorized communication person's mail address in association with each other.

  The relay device 120a includes a filter unit 121a and a relay unit 122a. The filter unit 121a is a processing unit that determines whether mail can be transferred based on the policy stored in the policy storage unit 111a. That is, the filter processing unit 121a determines whether or not the sender address of the received mail is included in the white list corresponding to the destination address, and determines that the received mail can be transferred when it is included in the white list. If it is not included in the white list, it is determined that the incoming mail cannot be transferred.

  The relay unit 122a is a processing unit that relays mail based on the determination result by the filter unit 121a. That is, the relay unit 122a transfers the mail determined by the filter processing unit 121a to be transferable to the destination, and discards the mail determined to be untransferable. Here, an alias address is used as the mail address. Therefore, the relay unit 122a transfers the mail that the filter unit 121a determines to be transferable by replacing the alias address with the real address. However, the real address may be used as the mail address, and the mail that the filter unit 121a determines to be transferable may be transferred by the relay unit 122a as the real address.

  The policy management apparatus 130a includes a policy update receiving unit 131a, a policy update unit 132a, a policy synchronization transmission unit 133a, and a policy synchronization reception unit 134a.

  The policy update accepting unit 131a is a processing unit that accepts a request for adding an authorized communicator (policy update request) from the requester. The policy update accepting unit 131a receives the requester's email address and the email address of the authorized communicator and passes them to the policy updater 132a. Here, the policy update request is received from the requester, but the policy update receiving unit 131a can also receive the policy update request automatically generated by the mail delivery system.

  The policy update unit 132a is a processing unit that receives the mail address of the requester and the mail address of the permitted communicator from the policy update reception unit 131a, and updates the white list stored in the policy storage device 110a. The policy storage device 110a is requested to designate the mail address of the permitted communicator and add the mail address of the permitted communicator to the white list corresponding to the requester.

  The policy synchronization transmission unit 133a is a processing unit that transmits a policy synchronization request (policy synchronization request) to the ISP relay system to which the synchronization target person belongs. Here, the synchronization target person is a permitted communicator whose mail address is added to the white list by the policy updating unit 132a, and the policy synchronous transmission unit 133a includes the mail address of the permitted communicator in the requester's white list. A request is made to the ISP relay system to which the permitted communicator belongs together with the mail addresses of the permitted communicator and the requester so that the mail address of the requester is added to the whitelist of the permitted communicator in synchronization with the registration.

  The policy synchronization receiving unit 134a is a processing unit that performs policy synchronization, and requests a policy synchronization request from another relay system (a requesting communicator in another relay system) and a permitted communicator (requested in another relay system). The policy storage device 110a is requested to add the email address of the permitted communicator to the white list of the synchronization target person.

  As described above, the policy synchronization transmission unit 133a makes a policy synchronization request to the relay system of the ISP to which the permitted communicator belongs so that the requester's mail address is added to the permitted communicator's white list. By receiving the policy synchronization request from the relay system and performing policy synchronization, it is possible to prevent a situation in which only one-way mail is permitted to be delivered.

  The policy storage device 110a, the relay device 120a, and the policy management device 130a can be realized by installing a program corresponding to the functional unit of each device in a general-purpose server computer.

  Next, a policy update operation by the mail delivery system according to the present embodiment will be described. FIG. 3 is a sequence diagram illustrating the policy update operation by the mail delivery system according to the present embodiment. Note that, here, the operation when the communicator B330 is the requester and the communicator A230 is the synchronization target person and the two parties' policies are synchronized will be described.

  Further, the mail address of the communication person B330 is userB0@isp-B.jp, and the mail address of the communication person A230 is userA0@isp-A.jp. The policy update request and the policy synchronization request are transmitted and received by e-mail, and the policy update request destination is the update @ domain name, and the policy synchronization request destination is the synch @ domain name.

  The policy update receiving unit 131b is realized by a software program that receives and processes an email addressed to the address (update @ domain name, that is, update@isp-B.jp) of the policy update request. The policy synchronization receiving unit 134b is realized by a software program that receives and processes mail addressed to the address (synch @ domain name, ie, synch@isp-B.jp) of the policy synchronization request. The policy synchronization transmission unit 133b is realized by a software program that transmits mail to the destination address (synch@isp-A.jp) of the policy synchronization request of the relay system 100a.

  As shown in FIG. 3, the communicator B terminal 320 transmits a policy update request mail based on the request from the communicator B330 (step S110). FIG. 4 is a diagram showing the format of the policy update request mail. As shown in the figure, the policy update request mail includes the mail address of the requester in the From header, and includes the mail address of the synchronization target person as a word after the add in the Subject header. The destination is update@isp-B.jp. Thus, by setting the destination domain name as the domain name of the ISP to which the communicator B330 belongs, the ISP relay system 100b to which the communicator B330 belongs can receive the policy update request mail.

  Returning to FIG. 3, the policy update acceptance unit 131b of the ISP relay system 100b to which the communicator B330 belongs receives and analyzes the policy update request mail (step S120). That is, the policy update accepting unit 131b acquires the requester's email address from the From header of the policy update request email, acquires the email address of the synchronization subject from the Subject header, and uses these email addresses as arguments to the policy update unit 132b. Start up.

  Then, the policy update unit 132b requests the policy storage device 110b to update the policy by adding the mail address of the synchronization target person as an allowed communicator corresponding to the communicator B330 (step S130). When the update is completed, the policy update unit 132b activates the policy synchronization transmission unit 133b with the requester's mail address and the synchronization target person's mail address as arguments.

  Then, the policy synchronization transmission unit 133b creates and transmits a policy synchronization request mail from the mail address of the requester and the mail address of the synchronization target person (step S140). FIG. 5 is a diagram showing a format of a policy synchronization request mail. As shown in the figure, the policy synchronization request mail includes the mail address of the synchronization target person after target = in the Subject header, and the address of the requester after from =. Further, the destination is assumed to be the user name portion of the mail address of the synchronization subject replaced with “synch”. As a result, the policy synchronization request mail is received by the policy synchronization receiving unit 134a in the domain of the synchronization target person.

  Returning to FIG. 3, the policy synchronization reception unit 134a of the synchronization target person's domain, that is, the policy synchronization reception unit 134a of the ISP policy management apparatus 130a to which the communicator A230 belongs receives and analyzes the policy synchronization request mail (step S150). That is, the policy synchronization receiving unit 134a acquires the requester's email address and the synchronization subject's email address from the Subject column of the policy synchronization request email. Then, the policy updating unit 132a is activated with the acquired requester and synchronization target person's mail addresses as arguments.

  Then, the policy update unit 132a updates the policy by adding the mail address of the requester, that is, the communication person B330 as the permitted communication person corresponding to the synchronization target person, that is, the communication person A230 (step S160).

  As described above, the policy synchronization transmission unit 133b of the policy management device 130b transmits a policy synchronization request, and the policy synchronization reception unit 134a of the policy management device 130a receives the policy synchronization request and performs policy synchronization. It is possible to prevent the situation where only the mail transfer is permitted.

  Next, a mail relay operation by the mail delivery system according to the present embodiment will be described. FIG. 6 is a sequence diagram showing a mail relay operation by the mail delivery system according to the present embodiment. Here, the operation when the correspondent B330 transmits mail to the correspondent A230 will be described. The filter unit 121a is realized by a software program that determines whether mail can be transferred using a white list.

  As shown in FIG. 6, the communicator B terminal 320 transmits a mail addressed to the communicator A230 based on an instruction from the communicator B330 (step S210). Then, since the address of the relay device 120b is set as the SMTP server address in the communicator B terminal 320, the relay device 120b receives this mail (step S220).

  Then, since the destination of the received mail is the address of the communicator A230, the mail relay apparatus 120b acquires the address of the relay apparatus 120a in the domain of the communicator A230 by DNS, and the relay apparatus 120a in the domain of the communicator A230. The mail is transferred to (step S230).

  Then, the relay unit 122a of the mail relay device 120a receives the mail (step S240), and activates the filter unit 121a using the received mail as an argument. Then, the filter unit 121a determines whether or not the mail can be transferred by referring to the white list stored in the policy storage unit 111a (step S250), and when the filter unit 121a determines that the mail can be transferred, the relay unit 122a The mail is transferred to the communicator A terminal 220 (step S260), and when the filter unit 121a determines that the mail cannot be transferred, the relay unit 122a discards the mail.

  Instead of transferring the mail to the terminal of the communicator A230, a relay server 122a may transfer the mail to the mail host by separately installing a server that provides the mail host function of the terminal of the communicator A230. . In this case, the address of the mail host is set as the POP server address in the terminal of the communicator A230, and the terminal of the communicator A230 periodically acquires mail from the mail host by POP.

  Next, the process procedure of the filter process by the filter unit 121a will be described. FIG. 7 is a flowchart showing the processing procedure of the filter processing by the filter unit 121a. Here, the address specified as the destination by the SMTP protocol is the user address U, and the address in the From header of the mail to be transferred is determined as the sender address S.

  As shown in FIG. 7, the filter unit 121a acquires a white list corresponding to the user address U, that is, a list (RL) of allowed communicators from the policy storage unit 111a (step S251). Then, it is determined whether or not the sender address S is included in the acquired list RL (step S252). If included, the determination result is transferable, and if not included, the determination result is not transferable. .

  In this way, the filter unit 121a determines whether mail can be transferred using the white list, so that the user can prevent incoming spam mail.

  As described above, according to this embodiment, after the policy update unit 132b of the policy management apparatus 130b adds the email address of the permitted communication person to the white list corresponding to the requester based on the policy update request, the policy synchronization is performed. The transmission unit 133b transmits the mail address of the requester and the permitted communicator in the policy synchronization request mail together with the policy synchronization request, and the policy synchronization reception unit 134a that receives the policy synchronization request assigns the requester's mail address to the whitelist of the permitted communication person Therefore, it is possible to synchronize the policy between the requester and the permitted communicator, and to prevent the situation where only one-way mail transfer is permitted.

  Note that the policy synchronization reception unit 134a may authenticate whether or not the policy synchronization request mail has arrived from the valid policy synchronization transmission unit, and discard the unauthorized synchronization request. By adding such an authentication function to the policy synchronization receiving unit 134a, it is possible to prevent policy synchronization from starting when an unauthorized person forges and transmits a policy synchronization request.

  As a specific authentication method, by authenticating the intra-domain mail transmission terminal in each domain by a method such as password authentication, the policy synchronization receiving unit 134a confirms the validity of the originating domain of the policy synchronization request mail, The validity of the policy synchronization request mail can be authenticated.

  As a method for authenticating the legitimacy of the originating domain, domain spoofing prevention techniques such as SenderID and DomainKeys can be used. With SenderID, each domain publishes the address of a legitimate mail sending server in DNS, and the domain of the mail receiving server matches the address published by the domain of the mail From address. To prevent domain spoofing. Also, in DomainKeys, the public key of each domain can be obtained by DNS, and the mail transmission side inserts a signature into the mail with a secret key corresponding to the public key at the time of mail transmission. The mail receiving side acquires the public key of the originating domain with DNS and verifies the validity of the signature in the received mail.

  Also, as another method, the public key of the policy synchronization transmission unit 133b is disclosed by DNS, and when the policy synchronization transmission unit 133b transmits a policy synchronization request mail, a signature is created with a private key corresponding to the public key Then, it may be included in the policy synchronization request mail. In this case, the policy synchronization reception unit 134a acquires the public key of the policy synchronization transmission unit 133b by DNS, verifies the signature included in the policy synchronization request mail, and authenticates the validity of the policy synchronization request.

  Further, the policy synchronization receiving unit 134a includes means for transmitting an approval request mail to the synchronization target person and means for receiving an approval response as a response to the approval request mail from the synchronization target person, and the policy in step S160 of FIG. You may make it obtain approval from a synchronous subject before updating. In other words, the approval request is transmitted at the stage of receiving the policy synchronization request in step S150, the approval response is waited, and the policy is updated when the approval response is received.

  Specifically, the approval request is a mail of the format shown in FIG. 8, and means for transmitting the approval request is realized by a software program that transmits the mail to the synchronization target person. In the Subject column of this mail, the address of the requester and a hash value for message authentication are included after syounin. The hash value for message authentication is generated by a publicly known keyed hash function with the address of the synchronization subject and the address of the requester as arguments.

  The approval response mail is a mail generated by a reply process to the approval request mail, and includes the contents of the Subject line of the approval request mail. The means for receiving the approval response is realized by a software program that receives this approval response mail, acquires the address of the requester from the Subject line, and acquires the address of the synchronization target person from the From line.

  The means for receiving the approval response updates the policy using the acquired requester address and synchronization target address as arguments. In this case, by including a means for verifying the message authentication hash value in the Subject line by using a method for verifying the message authentication hash value, it is possible to realize a countermeasure against fraud in which a malicious acknowledgment response mail is forged and sent. .

  Also, a means for notifying the requester of the completion of policy synchronization may be realized. Specifically, the policy synchronization transmission unit 133a generates a synchronization completion notification in mail format after step S160 of FIG. 3 is completed, and transmits it to the policy synchronization reception unit 134b of the requester's domain. When the policy synchronization reception unit 134b receives the synchronization completion notification, the policy synchronization reception unit 134b generates an update completion notification in a mail format and transmits it to the address of the requester. It should be noted that the synchronization completion notification includes the communication address of the requester and the synchronization target person. Further, the policy synchronization transmission unit 133a obtains the destination address of the synchronization completion notification by replacing the user name portion of the requester's address with synch. The policy synchronization receiving unit 134b sets the destination of the update completion notification as the requester's communicator address.

  Further, in this embodiment, an example of application to electronic mail has been described. However, the present invention is not limited to this, and transfer of IP telephone control messages using SIP, exchange of instant messages, presence exchange, etc. The same can be applied to other message communications. These message communications adopt the same format as the e-mail address as the address format, and it is possible to accept a message with an alias address and transfer it to the real address as well as the e-mail, so it is disclosed in this embodiment A method of applying the embodiment described above to these message communications can be easily analogized.

  In this embodiment, the relay system has been described from the functional aspect. However, in reality, the policy storage device, the relay device, and the policy management device can be realized by commercially available computers. You will need to install each program. Each program may be loaded not only from a secondary recording medium such as a hard disk device or ROM to the CPU, but also from a recording medium such as a CD-R or from another computer via a network.

  Further, in this embodiment, the case where the relay system is configured using the policy storage device, the relay device, and the policy management device has been described. However, the present invention is not limited to this, for example, the relay device and the policy management. The present invention can be similarly applied to the case of using a different number of devices, for example, realizing the device with a single device.

  In this embodiment, the case where the white list is stored as a policy has been described. However, the present invention is not limited to this, and the present invention is similarly applied to the case where other information about the user is stored as a policy. can do.

  As described above, the policy management system, the policy management apparatus, the policy management method, and the policy management program according to the present invention are useful for message delivery systems such as an electronic mail system, and are particularly suitable for preventing incoming junk messages. ing.

It is a figure which shows the system configuration | structure of the mail delivery system which concerns on a present Example. It is a figure which shows an example of the policy memory | storage part implement | achieved as a table on RDBMS. It is a sequence diagram which shows the policy update operation | movement by the mail delivery system which concerns on a present Example. It is a figure which shows the format of a policy update request mail. It is a figure which shows the format of a policy synchronous request | requirement mail. It is a sequence diagram which shows the mail relay operation | movement by the mail delivery system concerning a present Example. It is a flowchart which shows the process sequence of the filter process by a filter part. It is a figure which shows an example of the approval request | requirement mail of a policy addition.

Explanation of symbols

100a, 100b Relay system 110a, 110b Policy storage device 111a, 111b Policy storage unit 120a, 120b Relay device 121a, 121b Filter unit 122a, 122b Relay unit 130a, 130b Policy management device 131a, 131b Policy update reception unit 132a, 132b Policy update Units 133a and 133b Policy synchronization transmission units 134a and 134b Policy synchronization reception unit 210 Communicator A side ISP network 220 Communicator A terminal 230 Communicator A
310 communicator B side ISP network 320 communicator B terminal 330 communicator B
400 Internet

Claims (8)

A policy management system for managing permitted caller information, which is information about each caller that allows a user to receive a message, as a policy,
A permitted caller information storage means for storing the permitted caller information for one or more callers for each user;
Permitted caller information registration means for registering new permitted caller information in correspondence with a caller who permits incoming messages from a caller to the permitted caller information storage means;
Permitted transmission for registering, in the permitted sender information storage means, recipient information, which is information related to the called party, corresponding to the sender whose authorized sender information is registered by the authorized sender information registering means. Person information synchronization means,
A policy management system characterized by comprising: The permitted caller information registration means registers a new permitted caller information and transmits a synchronization request including information on the caller and callee information,
The permitted caller information synchronization unit receives the synchronization request transmitted by the permitted caller information registration unit, and associates the caller information with the caller information as permitted caller information corresponding to the caller. The policy management system according to claim 1, wherein the policy management system is registered.   The permitted caller information synchronization means receives and authenticates the synchronization request transmitted by the permitted caller information registration means, and when the validity of the synchronization request is confirmed, the caller information is synchronized with the caller. The policy management system according to claim 2, wherein information is registered in the permitted sender information storage means as permitted sender information.   The permitted caller information synchronization means makes an inquiry to the caller regarding registration of the callee information as permitted caller information, and if the caller's approval is obtained, the caller is associated with the caller. 4. The policy management system according to claim 1, 2, or 3, wherein information is registered in the permitted sender information storage means as permitted sender information.   5. The authorized caller information synchronization means registers the recipient information as authorized caller information in the authorized caller information storage means and transmits a registration notification to the recipient. The policy management system according to any one of the above. A policy management device that manages permitted caller information, which is information about each caller that allows a user to receive a message, as a policy,
A permitted caller information registration means for registering new permitted caller information in correspondence with a callee who is allowed to receive a message from the caller;
The permitted caller information of the caller is registered so as to register the caller information as the caller information corresponding to the caller whose permitted caller information is registered by the permitted caller information registration means. A synchronization request means for requesting a policy management device for managing
Permitted sender information synchronization means for registering permitted sender information requested by the synchronization request means provided in another policy management device;
A policy management apparatus comprising: A policy management method for managing permitted caller information, which is information about each caller that allows a user to receive a message, as a policy,
A policy management device that manages the permitted caller information as a policy, a permitted caller information registration step of registering new permitted caller information in correspondence with a callee that allows a caller to receive a message;
The permitted caller information of the caller is registered so as to register the caller information as the caller information corresponding to the caller whose permitted caller information is registered in the permitted caller information registration step. A synchronization request process for requesting another policy management device for managing
A permitted sender information synchronization step in which another policy management device requested by the synchronization request step registers authorized sender information;
A policy management method characterized by including: A policy management program for managing permitted caller information, which is information about each caller that allows a user to receive a message, as a policy,
A procedure for registering a permitted caller information for registering new permitted caller information in correspondence with a callee who is allowed to receive a message from the caller,
The permitted caller information of the caller is registered so as to register the caller information as the caller information corresponding to the caller whose permitted caller information is registered by the permitted caller information registration procedure. A synchronization request procedure for requesting a policy management program for managing
An authorized caller information synchronization procedure for registering requested authorized caller information by executing another policy management program synchronization request procedure;
A policy management program for causing a computer to execute

Images