JP2008047003A - Information transmission system, information transmission computer, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a highly safe and convenient information transmission system. <P>SOLUTION: An information management computer stores transmission information correspondence information, and when receiving an authentication request from a second computer, assigns a mail address which is not assigned to any of previously received authentication requests among mail addresses receivable by the information management computer, and stores the mail address in authentication mail address correspondence information. When receiving an electronic mail, the information management computer specifies a sender mail address and a receiver mail address from the received electronic mail, refers to the authentication mail address correspondence information to specify the authentication request corresponding to the specified receiver mail address, refers to the transmission information correspondence information to specify the transmission information corresponding to the specified sender mail address, and transmits the specified transmission information to the second computer sending the specified authentication request. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

The present invention relates to an information transmission system, an information transmission computer, and a program.

As Internet security interest grows, opportunities to encrypt electronic files with passwords and then send them by e-mail are increasing. The user who encrypts the file (hereinafter referred to as “encryptor”) has to transmit the decryption password to the user who decrypts the file (hereinafter referred to as “decryptor”). Conventional main password contact means are e-mail, telephone or mail.

Japanese Patent Publication No. 2005-242993

E-mail as a password communication means has the following problems. When both an encrypted electronic file (hereinafter referred to as an encrypted file) and a password are transmitted by electronic mail, both of them are stored in the same mail server. Then, the administrator of the mail server who is not the original decryptor can acquire the encrypted file and password and decrypt the file. Moreover, the telephone as a password communication means includes a problem that the encryption person cannot transmit the password unless the decryption person answers the telephone. In addition, mail as a password communication means has a problem that the period until the password is transmitted is longer than that of e-mail or telephone.

Patent Document 1 introduces a technique using a telephone caller telephone number in order to solve this problem. However, in the technique of Patent Document 1, the encryptor must know the phone number of the decryptor. Since an electronic file is often delivered by electronic mail, the encryptor knows the decryptor's mail address but may not know the telephone number. In the technique disclosed in Patent Document 1, since the decryption person listens to the password by voice, the decryption person may mistakenly hear the password. Furthermore, the decryptor has the trouble of inputting the heard password into the decryption software using the input device.

The present invention has been made in view of the above problems, and an object thereof is to provide a safe and convenient information transmission system.

One of the representative forms of the present invention is an information management computer connected to a first computer and a second computer via a network, and comprising a processor, a memory, and a network interface. Stores transmission information correspondence information indicating correspondence with the mail address of the recipient of the transmission information, and when an authentication request is received from the second computer, authentication information received previously among the mail addresses that can be received by the information management computer An email address that is not assigned to any of the requests is assigned to the received authentication request, and a correspondence between the received authentication request and the email address assigned to the authentication request is stored in the authentication email address correspondence information. When an e-mail is received, the source e-mail address and destination e-mail are received from the received e-mail. Identify an address, refer to the authentication email address correspondence information, identify an authentication request corresponding to the identified destination email address, refer to the transmission information correspondence information, and identify the specified sender The transmission information corresponding to the mail address is specified, and the specified transmission information is transmitted to the second computer that is the transmission source of the specified authentication request.

One of the representative embodiments of the present invention is an information management computer that is connected to a first computer and a second computer via a network and includes a processor, a memory, and a network interface. The processor includes the first computer and the second computer. From one computer, the mail address of the recipient of the transmission information is received, the correspondence between the transmission information and the received mail address of the recipient is stored in the transmission information correspondence information, and when the electronic mail is received, the received A transmission source mail address is identified from the electronic mail, the transmission information corresponding information is referred to, transmission information corresponding to the specified transmission source mail address is specified, and the specified transmission information is designated as the second transmission information. It transmits to a computer, It is characterized by the above-mentioned.

According to a typical embodiment of the present invention, an encryptor can designate a mail address and transmit information to the owner of the mail address.

In the embodiment of the present invention, the transmitted information (hereinafter, transmitted information) is a decryption password for the encrypted file. However, the transmission information may not be a decryption password for the encrypted file, but may be any information as long as it is electronic information. However, in order to simplify the description, in this embodiment, a user who transmits information is called an encryptor, and a user who receives information is called a decryptor. One user can be either an encryptor or a decryptor. That is, the information transmission system according to the embodiment of the present invention can transmit various electronic information from the encryptor to the decryptor.

Embodiments of the present invention will be described with reference to the drawings.
(First embodiment)
FIG. 1 is a block diagram of the configuration of the information transmission system according to the first embodiment of this invention. The information transmission system of the first embodiment includes a plurality of client computers 1, a plurality of client computers 2, a WEB server 3, and a network 5. The network 5 connects the client computer 1, the client computer 2, and the WEB server 3 to each other. The network 5 is, for example, the Internet. The client computer 1 and the client computer 2 access a WEB site provided by the WEB server 3. The WEB server 3 is an information management computer that manages transmission information. As will be described in detail with reference to FIG. 2, the WEB server 3 provides a WEB site to the client computer 1 and the client computer 2.

The client computer 1 is operated by an encryption person. The client computer 1 is a computer including a CPU, a memory, and a network network interface. Further, the client computer 1 may include an output device such as a display. The client computer 1 may include input devices such as a keyboard and a mouse. The client computer 1 is, for example, a personal computer, a mobile phone, or a PDA (PERSONAL DIGITAL ASSISTANT).

The client computer 2 is operated by a decryptor. The client computer 2 is the same computer as the client computer 1. For convenience of explanation, the client computer 1 and the client computer 2 are different computers, but one computer may be operated by both the encryptor and the decryptor. This is because one user becomes an encryptor when information is transmitted and becomes a decryptor when information is transmitted.

FIG. 2 is a block diagram of a configuration of the WEB server 3 provided in the information transmission system according to the first embodiment. The WEB server 3 includes a CPU 31, a memory 32, and a network interface 39. The network interface 39 is connected to the client computer 1 and the client computer 2 via the network 5. The CPU 31 performs various processes by executing a program stored in the memory 32. The memory 32 stores a program executed by the CPU 31, information required by the CPU 31, and the like. Specifically, the memory 32 stores a password registration program 310, a password disclosure program 320, a WEB site provision program 330, an authentication mail address correspondence table 341, and a transmission information table 342.

The password registration program 310 includes an input information reception subprogram 315 and a transmission information table update subprogram 316. The input information reception subprogram 315 receives information input by the encryptor from the client computer 1. The transmission information table update subprogram 316 updates the transmission information table 342 (FIG. 3) based on the input information received by the input information reception subprogram 315.

FIG. 3 is a configuration diagram of the transmission information table 342 of the WEB server 3 according to the first embodiment. The transmission information table 342 includes a mail address 3422, a file name 3423, and a password 3424. The mail address 3422 is the mail address of the decryption person. The file name 3423 is the name of the encrypted file delivered to the decryptor having the mail address 3422 of the record. The password 3424 is a password for decrypting the encrypted file identified by the file name 3423 of the record.

Returning to FIG. The password disclosure program 320 includes an authentication request reception subprogram 3221, an authentication result request reception subprogram 3222, an authentication request ID generation subprogram 323, an authentication email address generation subprogram 324, a mail reception subprogram 326, and a received mail reading subprogram 327. , An authentication subprogram 328 and a screen generation subprogram 329.

The authentication request reception subprogram 3221 receives an authentication request from the client computer 2.

The authentication result request reception subprogram 3222 receives an authentication result request from the client computer 2.

The authentication request ID generation subprogram 323 generates an authentication request ID. The authentication request ID generation subprogram 323 assigns the created authentication request ID to the authentication request received by the authentication request reception subprogram 3221. The authentication request ID is a unique identifier of the authentication request. If the WEB server 3 receives an authentication request from a plurality of client computers 2 at the same time, a different authentication request ID is assigned to each received authentication request. Further, during processing of the first authentication request, the WEB server 3 may receive the second authentication request from the client computer 2 that is the transmission source of the first authentication request being processed. In this case, the WEB server 3 assigns an authentication request ID different from the first authentication request to the second authentication request. Thereby, the WEB server 3 can simultaneously process a plurality of authentication requests transmitted from the same client computer 2. The authentication request ID generation subprogram 323 generates an authentication request ID based on a random number, an application ID, an authentication request ID generation time, and the like. The application ID is a unique identifier of the password disclosure program 320 installed in the WEB server 3. The application ID is generally known as a license key and will not be described in detail. As a method for generating the authentication request ID, other methods may be used as long as the purpose is achieved.

The authentication mail address generation subprogram 324 newly generates a mail address that can be received by the WEB server 3. Then, the authentication email address generation subprogram 324 assigns the generated email address to the authentication request ID generated by the authentication request ID generation subprogram 323 as the authentication email address. As a result, the relationship between the authentication mail address and the authentication request ID becomes one-to-one. That is, the authentication request is uniquely specified by the authentication mail address. Note that the authentication email address generation subprogram 324 may cancel the assignment of the authentication email address when a predetermined time has elapsed since the authentication email address was assigned to the authentication request ID. Further, when the authentication mail address generation subprogram 324 completes the authentication for the authentication request, the authentication mail address generation subprogram 324 may cancel the assignment of the authentication mail address for the authentication request. Further, the authentication email address generation subprogram 324 may cancel the assignment of the authentication email address to the authentication request at another opportunity. When the assignment of the authentication email address to the authentication request is canceled, the spoofed access by the authentication email address is lost. The time for releasing the allocation of the authentication mail address may be a time after a certain time from the allocation, for example, 10 minutes later. It is left to the practitioner of the present invention to cancel the allocation of the authentication mail address.

Here, a specific method for canceling the assignment of the authentication mail address to the authentication request will be described. For example, the authentication email address generation subprogram 324 discards the authentication email address to be canceled. When the authentication mail address is discarded, the WEB server 3 cannot receive an e-mail with the authentication mail address. Further, for example, the authentication email address generation subprogram 324 generates a record in which the authentication email address to be canceled matches the authentication email address 3412 of the authentication email address correspondence table 341, and the authentication email address correspondence table 341 is selected. Then, the authentication email address generation subprogram 324 deletes the selected record from the authentication email address correspondence table 341. The method for canceling the assignment of the authentication mail address to the authentication request may be other methods as long as the purpose can be achieved. Details of the authentication mail address correspondence table 341 (FIG. 4) will be described later.

An example of an authentication mail address generation method of the authentication mail address generation subprogram 324 will be described. The authentication email address generation subprogram 324 generates an authentication email address based on the authentication request ID and the domain assigned to the WEB server 3. When the authentication request ID is “0029382” and the domain is “authadd.com”, the authentication mail address generation subprogram 324 generates “0029382@authadd.com” as the authentication mail address. Since the authentication request ID is unique, the authentication mail address is also unique. Note that the method for generating the authentication mail address does not necessarily need to use the authentication request ID as long as the relationship between the authentication mail address and the authentication request ID is 1: 1. As a method for generating the authentication mail address, other methods may be used as long as the purpose is achieved.

The password disclosure program 320 may include an authentication mail address assignment subprogram instead of the authentication mail address generation subprogram 324. In this case, a plurality of mail addresses that can be received by the WEB server 3 are set in advance in the WEB server 3. When the authentication e-mail address assignment subprogram accepts the authentication request ID, the e-mail address assignment subprogram specifies an e-mail address that is not assigned to any of the previously accepted authentication request IDs from e-mail addresses that the WEB server 3 can receive. Then, the authentication mail address assignment subprogram assigns the specified mail address as the authentication mail address to the accepted authentication request ID. In other words, the authentication mail address assignment subprogram does not assign the authentication mail address already assigned to the authentication request ID to other authentication requests. Also in this case, the relationship between the authentication mail address and the authentication request ID is one-to-one. That is, the authentication request is uniquely specified by the authentication mail address. However, the authentication mail address assignment subprogram needs to cancel the assignment of the authentication mail address to the authentication request ID. This is because the mail address assigned to the authentication request ID is insufficient. For example, the authentication mail address assignment subprogram cancels the assignment of the authentication mail address when a predetermined time elapses after the authentication mail address is assigned. When the authentication mail address assignment subprogram completes the authentication for the authentication request, the authentication mail address assignment subprogram cancels the assignment of the authentication mail address for the authentication request. Then, the authentication mail address assignment subprogram can reassign the mail address that has been unassigned to a different authentication request ID using the authentication mail address as the authentication mail address. However, the WEB server 3 cannot authenticate more decryptors than the preset number of email addresses within a predetermined time. This is because if all the mail addresses that can be received by the WEB server 3 have already been assigned to the authentication request ID, the authentication mail address assignment subprogram cannot assign the mail address to the newly accepted authentication request ID. Because. Therefore, it is preferable that the number of mail addresses that can be received by the WEB server 3 is set in advance according to the service provision scale. Note that the specific method for the authentication mail address assignment subprogram to release the assignment of the authentication mail address in response to the authentication request is the same as that of the authentication mail address generation subprogram 324, and thus the description thereof is omitted.

When the authentication e-mail address generation subprogram 324 generates the authentication e-mail address, the received authentication request ID and the generated authentication e-mail address are stored in association with each other. The authentication request ID and the authentication mail address are managed by the authentication mail address correspondence table 341 (FIG. 4).

FIG. 4 is a configuration diagram of the authentication mail address correspondence table 341 of the WEB server 3 according to the first embodiment. The authentication mail address correspondence table 341 includes an authentication request ID 3411, an authentication mail address 3412, and a decryption person mail address 3413. The authentication request ID 3411 is a unique identifier of the authentication request. The authentication request ID 3411 stores the authentication request ID generated by the authentication request ID generation subprogram 323. The authentication e-mail address 3412 is an e-mail address assigned to the authentication request identified by the authentication request ID 3411 of the record. The authentication email address 3412 stores the authentication email address generated by the authentication email address generation subprogram 324. The decryptor mail address 3413 is the mail address of the user who operates the client computer 2 that is the transmission source of the authentication request identified by the authentication request ID 3411 of the record. That is, the decryption person mail address 3413 is the mail address of the decryption person who requests authentication. The decryptor mail address 3413 stores the mail address of the transmission source obtained by the received mail reading subprogram 327 from the electronic mail transmitted from the client computer 2. In the present embodiment, the decryption person's mail address is also used as a unique identifier of the decryption person.

Returning to FIG. The mail reception subprogram 326 receives an electronic mail from the client computer 2. Next, the mail reception subprogram 326 obtains a destination mail address from the received electronic mail. Next, the mail reception subprogram 326 discards the authentication mail address that matches the acquired transmission destination mail address. As a result, the WEB server 3 cannot receive the e-mail addressed to the discarded authentication e-mail address. Note that the mail reception subprogram 326 may determine whether or not the mail address of the transmission source of the received electronic mail has been camouflaged. The received mail reading subprogram 327 performs processing only when the mail receiving subprogram 326 determines that the sender's mail address is not impersonated. For example, the sender's email address impersonation determination technique is DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and SenderID. The email impersonation determination technique may be any method as long as the purpose is achieved.

The received mail reading subprogram 327 acquires the transmission source mail address and the transmission destination mail address from the electronic mail received by the mail reception subprogram 326. Subsequently, the received mail reading subprogram 327 selects, from the authentication mail address correspondence table 341, a record in which the acquired transmission destination mail address matches the authentication mail address 3412 of the authentication mail address correspondence table 341. Next, the received mail reading subprogram 327 stores the acquired transmission source mail address in the decryption person mail address 3413 of the selected record.

The authentication subprogram 328 acquires an authentication request ID from the authentication result request received by the authentication result request reception subprogram 3222. The authentication subprogram 328 selects, from the authentication mail address correspondence table 341, a record in which the acquired authentication request ID matches the authentication request ID 3411 of the authentication mail address correspondence table 341. Subsequently, the authentication subprogram 328 extracts the decryptor mail address 3413 from the selected record. As a result, the authentication subprogram 328 can specify the decryptor who issued the authentication request. The authentication subprogram 328 determines that authentication is not possible when the decryption person e-mail address cannot be extracted. Next, the authentication subprogram 328 selects, from the transmission information table 342, a record in which the extracted decryption person mail address matches the mail address 3422 of the transmission information table 342 (FIG. 3). Next, the authentication subprogram 328 extracts the file name 3423 and the password 3424 from the selected record. Note that the authentication subprogram 328 selects a plurality of records when a plurality of records having the same mail address can be selected.

The screen generation subprogram 329 generates an authentication WEB page (FIG. 8) based on the authentication email address generated by the authentication email address generation subprogram 324 and the authentication request ID generated by the authentication request ID generation subprogram 323. Generate. The screen generation subprogram 329 generates a password disclosure WEB page (FIG. 9) based on the file name 3423 and the password 3424 extracted by the authentication subprogram 328. Details of the authentication WEB page and the password disclosure WEB page will be described later.

The WEB site providing program 330 provides a WEB site to the client computer 1 and the client computer 2. The WEB site providing program 330 is the same as that stored in a normal WEB server. Specifically, the WEB site providing program 330 transmits information requested to the client computer 1 or 2 to the requesting client computer 1 or 2.

Next, information transmission processing according to the first embodiment will be described with reference to the drawings. The information transmission process according to the first embodiment includes a process in which an encryptor registers a password in the WEB server 3 (FIG. 5) and a process in which a decryptor browses the password from the WEB server 3 (FIG. 6). Here, a process (not shown) in which the encryptor delivers the encrypted file to the decryptor and a process (not shown) in which the decryptor receives the encrypted file from the encryptor will also be described.

First, a process (not shown) in which an encryptor delivers an encrypted file to a decryptor will be described.

The encryption person encrypts the electronic file by an encryption function attached to the encryption software or the word processing software. The encryptor also stores a decryption password for decrypting the encrypted file. Then, the encryptor delivers the encrypted file to the decryptor. For example, the encryptor transmits an e-mail attached with the encrypted file to the decryptor. In addition, the encryptor gives, for example, an electromagnetic recording medium storing the encrypted file to the decryptor. The means for delivering the encrypted file may be any means. When the decryptor does not know the URL of the WEB server 3 in advance, the encryptor needs to notify the decryptor of the URL of the WEB server 3.

Note that the encryption person may perform the process of registering the password in the WEB server 3 (FIG. 5) before or after delivery of the encrypted file.

Next, a process (FIG. 5) in which an encryptor registers a password in the WEB server 3 will be described.

FIG. 5 is a sequence diagram of a process in which an encryptor registers a password in the WEB server 3. The client computer 1 sends a password registration WEB page request to the WEB server 3 via the network 5 in response to the decryption person's operation (S101). The password registration WEB page request is a request for a password registration WEB page (FIG. 7).

FIG. 7 is an explanatory diagram of a password registration WEB page according to the first embodiment. The password registration WEB page includes a decryptor mail address field, an encrypted file name field, a password field, and a send button. In the decryptor mail address field, the decryptor mail address is entered. In the encrypted file name field, the name of the encrypted file is entered. In the password field, a decryption password is entered. When the send button is operated, the client computer 1 sends the information input in the decryptor mail address field, the encrypted file name field, and the password field to the WEB server 3. In the decryption person mail address field, mail addresses of a plurality of decryption persons may be input. As a result, the encryptor can register the same password for a plurality of decryptors in a single process.

Returning to FIG. The WEB site providing program 330 receives a password registration WEB page request from the client computer 1. Then, the WEB site providing program 330 transmits the requested password registration WEB page to the client computer 1 (S102).

The client computer 1 receives the password registration WEB page from the WEB server 3. Next, the client computer 1 displays the received password registration WEB page on the display device. Next, the client computer 1 accepts an input of a decryptor's mail address, an input of an encrypted file name, and an input of a decryption password from the encryptor. When the transmission button on the password registration WEB page is operated by the encryptor, the client computer 1 transmits the decryptor mail address, the name of the encrypted file, and the decryption password to the WEB server 3 (S103). The client computer 1 does not have to send the decryption password to the WEB server 3. In this case, the WEB server 3 generates a decryption password and transmits the generated decryption password to the client computer 1. Then, the client computer 1 encrypts the file so that it can be decrypted with the received decryption password.

The input information receiving subprogram 315 of the password registration program 310 receives the decryptor mail address, the name of the encrypted file, and the decryption password from the client computer 1. Then, the transmission information table update subprogram 316 updates the transmission information table 342 based on the decryptor mail address, the name of the encrypted file, and the decryption password received by the input information reception subprogram 315 (S104). . Specifically, the transmission information table update subprogram 316 generates a new record in the transmission information table 342. Next, the transmission information table update subprogram 316 stores the decryption person mail address received by the input information reception subprogram 315 in the mail address 3422 of the generated new record. Next, the transmission information table update subprogram 316 stores the name of the encrypted file received by the input information reception subprogram 315 in the file name 3423 of the generated new record. Next, the transmission information table update subprogram 316 stores the decryption password received by the input information reception subprogram 315 in the password 3424 of the generated new record.

As described above, the encryptor can register the decryption password in the WEB server 3.

Next, a process (FIG. 6) in which the decryptor browses the password from the WEB server 3 will be described. First, the decryptor receives authentication from the WEB server 3 by the mail address used by the decryptor.

FIG. 6 is a sequence diagram of a process in which the decryptor browses the password from the WEB server 3. The client computer 2 sends an authentication request to the WEB server 3 via the network 5 in response to the decryption person's operation (ST111).

Then, the authentication request reception subprogram 3221 receives an authentication request from the client computer 2 (S112). Next, the authentication request reception subprogram 3221 requests the authentication request ID generation subprogram 323 to generate an authentication request ID.

Upon receiving the request for generating the authentication request ID, the authentication request ID generation subprogram 323 generates an authentication request ID (S113). Next, the authentication request ID generation subprogram 323 delivers the generated authentication request ID to the authentication mail address generation subprogram 324.

The authentication e-mail address generation subprogram 324 accepts the authentication request ID from the authentication request ID generation subprogram 323. Next, the authentication e-mail address generation subprogram 324 generates an authentication e-mail address (S114). Next, the authentication e-mail address generation subprogram 324 generates a new record in the authentication e-mail address correspondence table 341. Next, the authentication mail address generation subprogram 324 stores the authentication request ID accepted from the authentication request ID generation subprogram 323 in the authentication request ID 3411 of the created new record. Next, the authentication email address generation subprogram 324 stores the generated authentication email address in the authentication email address 3412 of the created new record (S115). Next, the authentication e-mail address generation subprogram 324 delivers the generated authentication e-mail address and the authentication request ID accepted from the authentication request ID generation subprogram 323 to the screen generation subprogram 329.

The screen generation subprogram 329 accepts the authentication mail address and the authentication request ID from the authentication mail address generation subprogram 324. Next, the screen generation subprogram 329 generates an authentication WEB page (FIG. 8) based on the accepted authentication mail address and authentication request ID.

FIG. 8 is an explanatory diagram of an authentication WEB page according to the first embodiment. The authentication WEB page includes an authentication e-mail address, an authentication request ID, and an authentication result request button. However, the authentication request ID does not necessarily have to be displayed on the display device of the client computer 2. When the authentication result request button is operated by the decryptor, the client computer 2 transmits an authentication result request to the WEB server 3. The authentication result request is a request for disclosure of a password. If the authentication result is good, the WEB server 3 transmits a decryption password corresponding to a decryptor with a good authentication result to the client computer 2. Note that the authentication WEB page may not include the authentication result request button. In this case, the client computer 2 transmits an authentication result request to the WEB server 3 at predetermined time intervals.

Returning to FIG. The WEB site providing program 330 transmits the authentication WEB page generated by the screen generation subprogram 329 to the client computer 2 via the network 5 (S116).

The client computer 2 receives the authentication WEB page from the WEB server 3 (S117).

The client computer 2 transmits an e-mail addressed to the authentication e-mail address via the network 5 in response to the decryption person's operation (S118).

Then, the mail reception subprogram 326 receives an electronic mail from the client computer 2 (S119). Next, the mail reception subprogram 326 obtains a destination mail address from the received electronic mail. Next, the mail reception subprogram 326 discards the authentication mail address that matches the acquired transmission destination mail address. At this time, the mail reception subprogram 326 may determine whether or not the mail address of the transmission source of the received electronic mail has been camouflaged. The received mail reading subprogram 327 performs processing only when the mail receiving subprogram 326 determines that the sender's mail address is not impersonated.

Subsequently, the received mail reading subprogram 327 acquires the transmission source mail address and the transmission destination mail address from the electronic mail received by the mail reception subprogram 326. Next, the received mail reading subprogram 327 selects, from the authentication mail address correspondence table 341, a record in which the acquired transmission destination mail address matches the authentication mail address 3412 of the authentication mail address correspondence table 341. Next, the received mail reading subprogram 327 stores the acquired mail address of the sender in the decryptor mail address 3413 of the selected record (S120).

On the other hand, the client computer 2 transmits an authentication result request including the authentication request ID to the WEB server 3 via the network 5 (S121).

Then, the authentication result request reception subprogram 3222 receives the authentication result request from the client computer 2 (S122). When receiving the authentication result request, the authentication result request reception subprogram 3222 requests the authentication subprogram 328 for authentication.

Subsequently, when receiving a request for authentication, the authentication subprogram 328 acquires an authentication request ID from the authentication result request received by the authentication result request reception subprogram 3222. Next, the authentication subprogram 328 selects, from the authentication mail address correspondence table 341, a record in which the acquired authentication request ID matches the authentication request ID 3411 of the authentication mail address correspondence table 341. Subsequently, the authentication subprogram 328 extracts the decryptor mail address 3413 from the selected record. Note that the authentication subprogram 328 determines that authentication cannot be performed when the decryption person e-mail address 3413 cannot be extracted. If it is determined that authentication is impossible, the authentication subprogram 328 hands over the authentication impossible to the screen generation subprogram 329 as an authentication result. On the other hand, if the decryption person e-mail address 3413 cannot be extracted, the authentication subprogram 328 determines that authentication is possible. Then, the authentication subprogram 328 selects, from the transmission information table 342, a record in which the extracted decryption person mail address 3413 matches the mail address 3422 of the transmission information table 342 (S123). When the record having the same mail address cannot be selected from the transmission information table 342, the authentication subprogram 328 delivers to the screen generation subprogram 329 that the registered decryption password does not exist.

On the other hand, when the authentication subprogram 328 can select a record in which the extracted decryption person mail address 3413 matches the mail address 3422 of the transmission information table 342, a decryption password is registered. Therefore, the authentication subprogram 328 extracts the file name 3423 and the password 3424 from the selected record. The authentication subprogram 328 then passes the extracted file name 3423 and password 3424 to the screen generation subprogram 329. When the authentication subprogram 328 can select a plurality of records, the authentication subprogram 328 extracts the file name 3423 and the password 3424 included in all the records. Then, the authentication subprogram 328 passes all the extracted file names 3423 and passwords 3424 to the screen generation subprogram 329.

The screen generation subprogram 329 accepts the file name and password from the authentication subprogram 328. The screen generation subprogram 329 generates a password disclosure WEB page (FIG. 9) based on the accepted file name and password.

FIG. 9 is an explanatory diagram of a password disclosure WEB page according to the first embodiment. The password disclosure WEB page includes a file name extracted by the authentication subprogram 328 and a password extracted by the authentication subprogram 328.

Returning to FIG. The WEB site providing program 330 transmits the password disclosure WEB page generated by the screen generation subprogram 329 to the client computer 2 via the network 5 (S124).

The client computer 2 receives the password disclosure WEB page from the WEB server 3. Then, the client computer 2 displays the received password disclosure WEB page on the display device (S125).

Thereby, the decryption person can browse the decryption password from the WEB server 3. That is, the decryptor can receive the decryption password.

Based on the file name, the decryptor selects a password for decrypting the encrypted file from the decryption password browsed from the WEB server 3. Then, the decryptor decrypts the encrypted file by the decryption function attached to the decryption software or word processing software.

Next, a process (not shown) in which the decryptor receives an encrypted file from the encryptor will be described.

The decryptor receives the encrypted file from the encryptor by e-mail or the like. The decryptor may perform the process of browsing the decryption password from the WEB server 3 (FIG. 6) before or after receiving the encrypted file.

As described above, the encryption person can transmit information to the owner of the mail address by designating the mail address.

According to the present embodiment, even if the encrypted file is delivered by e-mail, the decryption password is not delivered by e-mail. Therefore, the administrator of the e-mail server and the administrator of the e-mail routing device cannot obtain both the encrypted file and the decryption password. That is, the administrator of the e-mail server and the administrator of the e-mail routing device cannot decrypt the encrypted file.

In addition, the encryptor can complete the password passing action without contacting the decryptor by telephone.

Also, the decryption password is transmitted early compared to mail.

Also, e-mail takes a longer time for reviewing the response content than telephone. For this reason, the mail address is easier to be disclosed to others than the telephone number. Therefore, an information transmission system using a mail address is easier to spread than a system using a telephone number.

As one of information transmission systems using a WEB server, a member-based bulletin board has been conventionally known. In the membership system bulletin board, an information transmitter (encryptor) can limit members to be disclosed when posting information. In this case, the information viewer (decryptor) needs to register as a member of the bulletin board service. However, according to the information transmission system of the present embodiment, since the viewer is confirmed to be a valid owner of the e-mail address, membership registration is not required. Since there is no burden of member registration on the viewer, the communicator can use the information transmission system of the present invention without hesitation. Further, the communicator need only know the e-mail address of the viewer. The communicator can transmit information even if the member number is not known in advance from the viewer. Therefore, the information transmission system of the present invention is easy to spread compared with the conventional information transmission system.

In the present embodiment, the WEB server 3 is configured by a single device, but may be configured by a plurality of devices depending on the scale of the service to be provided. In this case, the devices constituting the WEB server 3 are connected to each other via an appropriate data transfer path. Moreover, the WEB server 3 may be comprised with a some apparatus according to a function. For example, the WEB server 3 generates an authentication e-mail address, receives an e-mail, and a decryptor e-mail address, a file name, a decryption password, an authentication request and an authentication result request, and receives an authentication e-mail address. And a device for transmitting the decryption password. Also in this case, the devices constituting the WEB server 3 are connected to each other via an appropriate data transfer path. Information including an authentication e-mail address and an e-mail e-mail address is delivered between apparatuses via the data transfer path.

Here, the maximum feature of this embodiment will be described. As described above, the client computer 2 transmits an e-mail addressed to the authentication e-mail address. Then, the WEB server 3 receives an electronic mail. The WEB server 3 can specify the password to be disclosed based on the mail address of the transmission source of the received electronic mail. Then, the WEB server 3 specifies an authentication request ID that is a unique identifier of the authentication request from the transmission destination of the received electronic mail. That is, the WEB server 3 can specify the correspondence between the authentication request and the password disclosed for the authentication request. Next, the WEB server 3 receives an authentication result request from the client computer 2. The WEB server 3 identifies the client computer 2 based on the authentication request ID included in the received authentication result request. Thus, according to the present embodiment, the WEB server 3 can disclose a specific password to a specific client computer 2.

By the way, the WEB server 3 stores the decryption password input in the password registration WEB page (FIG. 7). However, the WEB server 3 may generate a decryption password. In this case, the client computer 1 encrypts the file so that the file is decrypted by the decryption password generated by the WEB server 3. In this case, the WEB server 3 transmits a password WEB page (FIG. 10) to the client computer 1 instead of the password registration WEB page.

FIG. 10 is an explanatory diagram of the password WEB page according to the first embodiment. The password WEB page includes a decryptor mail address field, an encrypted file name field, a decryption password, and a send button. The decryptor mail address field, the encrypted file name field, and the send button are the same as those included in the password registration WEB page, and thus description thereof is omitted. The decryption password is a decryption password generated by the WEB server 3. The decryption password generated by the WEB server 3 is preferably an irregular character string that can withstand password cracking. However, the decryption password generated by the WEB server 3 may be any character string as long as it is a character string. If the encryption software and the decryption software have an encryption function and a decryption function using a bit string, the decryption password generated by the WEB server 3 may be a bit string.

The WEB server 3 receives a password WEB page request from the client computer 1 instead of the password registration WEB page request. The password WEB page request is a request for a password WEB page. Then, the WEB server 3 generates a decryption password. Next, the WEB server 3 generates a password WEB page including the generated decryption password. Then, the WEB server 3 transmits the generated password WEB page to the client computer 1. The client computer 1 receives the password WEB page from the WEB server 3. Next, the client computer 1 displays the received password WEB page on the display device. Next, the client computer 1 accepts an input of the decryptor's mail address and an input of the name of the encrypted file from the encryptor. Then, the client computer 1 receives an instruction to transmit the input information from the encryption person. Then, the client computer 1 transmits the decryptor mail address, the name of the encrypted file, and the decryption password generated by the WEB server 3 to the WEB server. The WEB server 3 receives from the client computer 1 the decryptor mail address, the name of the encrypted file, and the decryption password. The WEB server 3 updates the transmission information table 342 based on the received information.

The WEB server 3 may store the decryption password when the decryption password is generated. In this case, the WEB server 3 does not need to receive the decryption password from the client computer 1.

In this embodiment, the authentication mail address transmission subprogram 325 receives the authentication mail address generated by the authentication mail address generation subprogram 324 and the authentication request ID generated by the authentication request ID generation subprogram 323. Sent to the client computer 2. However, the authentication mail address transmission subprogram 325 may transmit only the authentication mail address generated by the authentication mail address generation subprogram 324 to the client computer 2. In this case, the authentication request ID 3411 in the authentication mail address correspondence table 341 can be omitted. That is, the authentication mail address is also used as an identifier for identifying the authentication request. Then, the client computer 2 transmits an authentication result request including an authentication mail address to the WEB server 3 instead of the authentication request ID. Then, the authentication subprogram 328 acquires an authentication e-mail address from the authentication result request. Next, the authentication subprogram 328 selects, from the authentication mail address correspondence table 341, a record in which the acquired authentication mail address matches the authentication mail address 3412 of the authentication mail address correspondence table 341. Then, the authentication subprogram 328 extracts the decryptor mail address 3413 from the selected record. In addition, a part of the authentication mail address may be used as an identifier for identifying the authentication request instead of the entire authentication mail address.

In the present embodiment, the client computer 2 receives the authentication mail address from the WEB server 3 and transmits an e-mail to the received authentication mail address. However, it may be as follows. The client computer 2 displays the authentication mail address received from the WEB server 3 on the display device. Subsequently, the decryptor may send an e-mail addressed to the authentication e-mail address from a second client computer different from the client computer 2 displaying the authentication e-mail address. In this case, the disclosed password is a password corresponding to the source email address of the email transmitted from the second client computer. That is, the encryption person designates the mail address of the second client computer as the mail address of the decryption person. Then, the client computer 2 receives the decryption password included in the authentication result from the WEB server 3. For example, the client computer 2 that displays an authentication mail address is a personal computer, and the second client computer that transmits an e-mail is a mobile phone that is connected to the Internet and capable of transmitting an e-mail.

Moreover, it may be as follows. The WEB server 3 may not send the authentication mail address to the client computer 1 by communication such as HTTP. Instead, the WEB server 3 transmits an electronic mail including the authentication mail address to the mail address of the decryption person. For example, the e-mail has an authentication e-mail address written in the text or subject. In addition, the e-mail is sent from an authentication e-mail address. Thereby, the WEB server 3 can notify either the client computer 2 or the second client computer of the authentication mail address. In this case, the client computer 2 or the second client computer that has been notified of the authentication mail address can send an e-mail addressed to the authentication mail address with a simple operation by the user.

By the way, since the security against the impersonation of the present invention depends on the strength against the impersonation of the e-mail, the impersonation of the e-mail will be described.

First, the case where the sender of the e-mail is camouflaged will be described. If the forged person impersonates the sender of the electronic mail and is authenticated by the WEB server 3 of the first embodiment, the forged person can impersonate the original decryptor holding the forged e-mail address. Therefore, the mail reception subprogram 326 may include a function for determining the forgery of the sender's mail address such as DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), or SenderID. The spoofed mail detection technology employed by the mail reception subprogram 326 may be another method as long as the purpose is achieved.

Next, a case where an electronic mail transmission destination is camouflaged will be described. Even if the camouflager impersonates the destination of the e-mail and is authenticated by the WEB server 3 of the first embodiment, it cannot impersonate the other person. Rather, others impersonate impersonators. The other person who impersonates a camouflage is a person who operates the client apparatus that has received the same mail address as the mail address for fake transmission as an authentication mail address. Therefore, even if the camouflager disguises the transmission destination of the e-mail, no profit can be obtained. Further, since the authentication email address is generated by a random number or the like, the camouflaged email address rarely matches the authentication email address.

Next, a modification of the first embodiment will be described.

In the first embodiment described above, the encryptor designates the decryptor's mail address and registers the decryption password. However, the encryptor may register the decryption password by designating the SIP user agent address of the decryptor. In this case, the decryptor who operates the client computer 2 uses communication by SIP (Session Initiation Protocol) to receive authentication. The client computer 2 has the function of a SIP user agent. The WEB server 3 has a SIP user agent function and a SIP server function. Then, the WEB server 3 generates an authentication SIP user agent address instead of the authentication mail address. The SIP user agent address for authentication is an address for the WEB server 3 to receive communication based on SIP. Since the address system is the same as that of electronic mail, detailed description is omitted. The method for generating the authentication SIP user agent address may be the same as the method for generating the authentication mail address. The WEB server 3 associates the generated authentication request ID with the generated authentication SIP user agent address and stores them in the authentication mail address correspondence table. The client computer 2 transmits signaling to the authentication SIP user agent address by SIP in response to the operation of the decryptor. The WEB server 3 receives signaling from the client computer 2. The WEB server 3 extracts the source SIP user agent address and the destination SIP user agent address from the received signaling. Next, the WEB server 3 selects, from the authentication mail address correspondence table, a record in which the extracted destination SIP user agent address matches the authentication SIP user agent address in the authentication mail address correspondence table. Next, the WEB server 3 stores the extracted SIP user agent address of the transmission source in the user agent address of the decryptor of the selected record. Thereby, the WEB server 3 stores the correspondence between the decryption person's SIP user agent address and the authentication request ID in the authentication mail address correspondence table. On the other hand, the client computer 2 transmits an authentication result request including the authentication request ID to the WEB server 3. The WEB server 3 receives the authentication result request from the client computer 2. The WEB server 3 extracts an authentication request ID from the received authentication result request. Next, the WEB server 3 selects a record in which the extracted authentication request ID matches the authentication request ID in the authentication mail address correspondence table from the authentication mail address correspondence table. Next, the WEB server 3 extracts the decryption person's SIP user agent address from the selected record. Here, the WEB server 3 determines whether or not the decryption person's SIP user agent address has been extracted from the authentication mail address correspondence table. If it can be extracted, the WEB server 3 determines that authentication is possible. Then, the WEB server 3 can specify the password to be disclosed from the transmission information table. Specifically, the WEB server 3 extracts a user ID from the selected record. Then, the WEB server 3 specifies that the issuer of the authentication request identified by the extracted authentication request ID is the disclosure destination of the specified password. In all the embodiments, as in the present description, SIP communication may be used instead of e-mail.

As described above, the encryptor can designate the SIP user agent address and transmit the information to the decryptor who is the owner of the SIP user agent address.

Note that the protocol is not necessarily SIP. In the information transmission system of the present invention, the communication protocol used for authentication of the information recipient is a protocol in which the sender and receiver of the communication are specified by an identifier such as a SIP user agent address or an e-mail address. Any protocol can be used.

Note that similar modifications are conceivable with respect to embodiments other than the first embodiment.

(Second Embodiment)
Although the information transmission system of 2nd Embodiment is demonstrated below, the description which abbreviate | omits the information transmission system of 1st Embodiment is abbreviate | omitted by using the same code | symbol. The information transmission system according to the second embodiment is different from the information transmission system according to the first embodiment in the process in which an encryptor registers a password in the WEB server 3.

The information transmission system according to the second embodiment of the present invention includes a plurality of client computers 1, a plurality of client computers 2, a WEB server 3, and a network 5. Since the configuration of the information transmission system of the second embodiment is the same as that of the information transmission system of the first embodiment, description thereof is omitted.

FIG. 11 is a block diagram of a configuration of the WEB server 3 provided in the information transmission system of the second embodiment. The memory 32 stores a password registration program 350, a password disclosure program 320, a WEB site provision program 330, an authentication mail address correspondence table 341, a transmission information table 342, and a registration mail address table 343.

Since the password disclosure program 320, the WEB site provision program 330, the authentication mail address correspondence table 341, and the transmission information table 342 are the same as those in the first embodiment, description thereof is omitted.

The registration mail address table 343 is a table used for the WEB server 3 to store the decryption password. Details of the registration mail address table 343 will be described with reference to FIG.

The password registration program 350 includes a registration mail address request reception subprogram 351, a password generation subprogram 352, a registration mail address generation subprogram 353, a registration mail reception subprogram 354, a registration mail reading subprogram 355, and a registration mail. An address table update subprogram 357, a transmission information table update subprogram 358, and a screen generation subprogram 359 are included.

The registration mail address request reception subprogram 351 receives a registration mail address request from the client computer 1. The registration email address request is a request for a registration email address. The registration mail address is used by the WEB server 3 to obtain the name of the encrypted file and the decryption person's mail address from the encryption person. Details of the registration e-mail address will be described later. The password generation subprogram 352 generates a decryption password. The registration e-mail address generation subprogram 353 newly generates a registration e-mail address. The registration mail reception subprogram 354 receives an electronic mail from the client computer 1. The registration mail reading subprogram 355 reads the transmission destination mail address and attached file name from the electronic mail received by the registration mail reception subprogram 354. The registration mail reading subprogram 355 selects a registration mail address from the read transmission destination mail addresses. Further, the registration mail reading subprogram 355 extracts the decryption password from the registration mail address table based on the selected registration mail address. The registration email address table update subprogram 357 updates the registration email address table 343 based on the decryption password generated by the password generation subprogram 352 and the registration email address generated by the registration email address generation subprogram 353. To do. The transmission information table update subprogram 358 is extracted by the name of the attached file read by the registration mail reading subprogram 355, the decryptor mail address selected by the registration mail reading subprogram 355, and the registration mail reading subprogram 355. The transmission information table 342 is updated based on the decryption mail address. The screen generation subprogram 359 generates a registration email address WEB page based on the decryption password generated by the password generation subprogram 352 and the registration email address generated by the registration email address generation subprogram 353.

FIG. 12 is a configuration diagram of the registration mail address table 343 of the WEB server 3 according to the second embodiment. The registration mail address table 343 includes a registration mail address 3431 and a password 3432. The registration email address 3431 is a registration email address generated by the registration email address generation subprogram 353. The password 3432 is a decryption password generated by the password generation subprogram 352.

Next, information transmission processing according to the second embodiment will be described with reference to the drawings. The information transmission process according to the second embodiment includes a process in which an encryptor delivers an encrypted file to a decryptor, a process in which the WEB server 3 stores a password, and a process in which the decryptor browses the password from the WEB server 3 (see FIG. 6). In addition, since the process (FIG. 6) in which a decryption person browses a password from the WEB server 3 is the same as that of 1st Embodiment, description is abbreviate | omitted. In the information transmission system of the second embodiment, the process in which the encryptor delivers the encrypted file to the decryptor and the process in which the WEB server 3 stores the password are a series of processes. These processes will be described as one process.

FIG. 13 is a sequence diagram of a process in which an encryptor delivers an encrypted file to a decryptor and a process in which the WEB server 3 stores a password. The client computer 1 transmits a request for a registration mail address to the WEB server 3 via the network 5 in response to the operation of the encryptor (S201).

The registration mail address request reception subprogram 351 of the WEB server 3 receives a registration mail address request from the client computer 1. Then, the password generation subprogram 352 generates a decryption password (S202). The password generation subprogram 352 generates a random character string as a decryption password. The decryption password generated by the password generation subprogram 352 is preferably an irregular character string that can withstand password cracking. However, the decryption password generated by the password generation subprogram 352 may be any character string as long as it is a character string. If the encryption software and the decryption software have an encryption function and a decryption function using a bit string, the decryption password generated by the password generation subprogram 352 may be a bit string.

Next, the registration e-mail address generation subprogram 353 newly generates a registration e-mail address (S203). The registration e-mail address is an e-mail address that can be received by the WEB server 3. At this time, the registration e-mail address generation subprogram 353 generates a registration e-mail address that does not overlap with the previously generated registration e-mail address. That is, the registration e-mail address is unique.

Here, an example of a registration mail address generation method of the registration mail address generation subprogram 353 will be described. The registration e-mail address generation subprogram 353 generates a unique character string that does not overlap with a previously generated character string, based on a time stamp or the like when the registration e-mail address request is received. The registration mail address generation subprogram 353 generates a registration mail address based on the generated character string and the domain assigned to the WEB server 3. When the generated character string is “39202095” and the domain is “regiadd.com”, the registration e-mail address generation subprogram 353 generates “39202095@regiadd.com” as a registration e-mail address. Since the character string to be generated is unique, the e-mail address for registration is also unique. The method for generating the registration email address may be other methods as long as the registration email address is unique.

Returning to FIG. Next, the registration mail address table update subprogram 357 is based on the decryption password generated by the password generation subprogram 352 and the registration mail address generated by the registration mail address generation subprogram 353. 343 is updated (S204). Specifically, the registration e-mail address table update subprogram 357 generates a new record in the registration e-mail address table 343. Next, the registration mail address table update subprogram 357 stores the registration mail address generated by the registration mail address generation subprogram 353 in the registration mail address 3431 of the generated new record. Next, the registration mail address table update subprogram 357 stores the decryption password generated by the password generation subprogram 352 in the password 3432 of the generated new record.

Next, the screen generation subprogram 359 generates a registration email address WEB page (based on the decryption password generated by the password generation subprogram 352 and the registration email address generated by the registration email address generation subprogram 353). 14) is generated (S205).

FIG. 14 is an explanatory diagram of a registration e-mail address WEB page according to the second embodiment. The registration mail address WEB page includes the decryption password generated by the password generation subprogram 352 and the registration mail address generated by the registration mail address generation subprogram 353.

Returning to FIG. Next, the WEB site providing program 330 transmits the registration mail address WEB page generated by the screen generation subprogram 359 to the client computer 1 (S206).

The client computer 1 receives the registration e-mail address WEB page from the WEB server 3 (S207). Then, the client computer 1 displays the received registration mail address WEB page on the display device.

The client computer 1 encrypts the electronic file according to the operation of the encryptor (S208). The encryptor instructs the encryption software to perform encryption so that the encrypted file is decrypted by the decryption password displayed on the display device of the client computer 1. For example, when using encryption software in which the encryption password and the decryption password use the same encryption method, the encryptor uses the decryption password displayed on the display device of the client computer 1 as the encryption password. Enter in the encryption software.

Next, the client computer 1 generates an e-mail for delivering the encrypted file to the decryptor in accordance with the operation of the encryptor. The electronic mail includes an encrypted file as an attached file. Further, the transmission destination of the electronic mail includes a decryptor mail address and a registration mail address. Note that there may be a plurality of decryption person email addresses. Next, the client computer 1 transmits the generated electronic mail triggered by the operation of the encryptor (S209).

The registration mail reception subprogram 354 of the WEB server 3 receives an electronic mail from the client computer 1 (S210). Then, the registration mail reading subprogram 355
Reads the destination mail address and the name of the attached file from the electronic mail received by the registration mail receiving subprogram 354 (S211). Next, the registration mail reading subprogram 355 selects a registration mail address from the read transmission destination mail addresses. Further, the registration mail reading subprogram 355 selects the decryption person mail address from the read transmission destination mail addresses. Then, the registration mail reading subprogram 355 extracts the decryption password from the registration mail address table 343 based on the selected registration mail address (S212). Specifically, the registration mail reading subprogram 355 selects, from the registration mail address table 343, a record in which the selected registration mail address matches the registration mail address 3431 of the registration mail address table 343. Then, the registration mail reading subprogram 355 extracts the password 3432 from the selected record.

By the way, the registration mail reading subprogram 355 needs to distinguish the registration mail address from the decryption person mail address among the read transmission destination mail addresses. The distinction method is, for example, domain reference. A mail address including a domain that can be received by the WEB server 3 is a registration mail address.

The registration mail reading subprogram 355 preferably deletes the email received by the registration mail receiving subprogram 354 after reading the destination mail address and the attached file name. By doing so, the administrator of the WEB server 3 cannot obtain both the encrypted file and its decryption password. Therefore, the administrator of the WEB server 3 who is not the original decryptor cannot decrypt the encrypted file.

Returning to FIG. The transmission information table update subprogram 358 includes the decryptor's mail address read by the registration mail reading subprogram 355, the name of the attached file read by the registration mail reading subprogram 355, and the registration mail reading subprogram 355. The transmission information table 342 is updated based on the extracted decryption password (S213). Specifically, the transmission information table update subprogram 358 generates a new record in the transmission information table 342. Next, the transmission information table update subprogram 358 stores the decryption person's mail address read by the registration mail reading subprogram 355 in the mail address 3422 of the generated new record. Next, the transmission information table update subprogram 358 stores the name of the attached file read by the registration mail reading subprogram 355 in the file name 3423 of the generated new record. Next, the transmission information table update subprogram 358 stores the decryption password extracted by the registration mail reading subprogram 355 in the password 3424 of the generated new record. If there are a plurality of decryption person mail addresses read by the registration mail reading subprogram 355, the transmission information table update subprogram 358 repeats the same processing for each decryption person mail address.

As described above, the WEB server 3 can store the decryption password.

The decryptor browses the decryption password as in the information transmission system of the first embodiment.

Therefore, the WEB server 3 receives mail by the registration mail address and the authentication mail address. The WEB server 3 needs to distinguish between a case where a mail is received by a registration mail address and a case where a mail is received by an authentication mail address. The distinction method is distinguished by, for example, the domain of the registration mail address and the domain of the authentication mail address. The distinction method is distinguished by providing different rules for the registration mail address and the authentication mail address, for example. As a rule, for example, the start character of the registration mail address is “3”, and the start character of the authentication mail address is “0”.

As described above, the encryption person can specify the mail address and transmit the information to the owner of the mail address.

The encrypted file is delivered by e-mail, but the decryption password is not delivered by e-mail. Therefore, the administrator of the e-mail server and the administrator of the e-mail routing device cannot obtain both the encrypted file and the decryption password.

In addition, the information transmission system of the second embodiment includes not only the effect of the information transmission system of the first embodiment but also the convenience that the effort of the encryptor is small. The process of transferring the encrypted file to the decryptor by the encryptor and the process of storing the password by the WEB server 3 are simultaneously performed by one e-mail.

Next, a modification of the second embodiment will be described.

In the second embodiment described above, the WEB server 3 acquires the name of the encrypted file and the e-mail address of the decryption person by e-mail. The WEB server 3 may acquire the name of the encrypted file and the user agent address of the decryption person by communication using SIP. In this case, the WEB server 3 generates a registration user agent address instead of the registration mail address. The registration user agent address is a SIP user agent address at which the WEB server 3 can receive communication by SIP. The client computer 1 transmits the encrypted file to the client computer 2 and the WEB server 3 in response to an operation by the encryptor.

Note that the protocol is not necessarily SIP. In the information transmission system of the present invention, the protocol used for the WEB server 3 to acquire the name of the encrypted file and the decryption mail address is based on an identifier such as a SIP user agent address or an electronic mail address. Any protocol may be used as long as it includes a function for identifying the recipient and a function for attaching an electronic file.

(Third embodiment)
In the information transmission system of the first embodiment, the password is transmitted via the WEB server 3. However, an encrypted file may be transmitted via the WEB server 3 instead of the encrypted password. In the information transmission system of the third embodiment, the encrypted file is transmitted via the WEB server.

The information transmission system according to the third embodiment of the present invention includes a plurality of client computers 1, a plurality of client computers 2, a WEB server 3, and a network 5. Since the block diagram of the configuration of the information transmission system of the third embodiment is the same as the block diagram of the configuration of the information transmission system of the first embodiment, a description thereof will be omitted.

Next, in the information transmission system according to the third embodiment, a process in which an encryptor registers an encrypted file in the WEB server 3 will be described.

The client computer 1 transmits a file registration WEB page request to the WEB server 3. The request for the file registration WEB page is a request for the file registration WEB page. The client computer 1 receives the file registration WEB page from the WEB server 3. The file registration WEB page (not shown) includes a decryptor mail address field, a file designation input field, and a send button. Since the decryptor mail address field and the send button are the same as those included in the password registration WEB page of the first embodiment, the description thereof is omitted. In the file designation input field, an encrypted file to be transferred is designated. When the send button included in the file registration WEB page is operated, the client computer 1 sends the decryptor mail address entered in the decryptor mail address field and the encrypted file designated in the file designation input field to the WEB. Send to server 3.

The WEB server 3 receives the decryptor mail address and the encrypted file. The WEB server 3 stores the received encrypted file. Further, the WEB server 3 reads the name of the received encrypted file. Next, the WEB server 3 generates a download URL for downloading the encrypted file. The download URL is a URL for downloading an encrypted file from the WEB server 3. The download URL is different for each encrypted file. The WEB server 3 according to the first embodiment stores the decryptor mail address, the encrypted file name, and the decryption password in the information transmission table 342. However, the WEB server 3 of the third embodiment stores the decryptor mail address, the encrypted file name, and the download URL in the information transmission table 342. For this reason, the information transmission table 342 of the third embodiment includes a download URL instead of the decryption password.

As described above, the encryptor can register the encrypted file in the WEB server 3.

Next, in the information transmission system according to the third embodiment, a process in which a decryptor browses a download URL will be described. In the information transmission system of the third embodiment, the decryption person's download URL browsing process is the same as the decryption person's decryption password browsing process in the information transmission system of the first embodiment.

As in the first embodiment, the client computer 2 is authenticated by the WEB server 3 by electronic mail. Then, the WEB server 3 extracts the download URL from the information transmission table 342 instead of the decryption password. Then, the WEB server 3 creates a download URL disclosure WEB page (FIG. 15) including the extracted download URL. Next, the WEB server 3 transmits the created download URL disclosure WEB page to the client computer 2. Then, the client computer 2 displays the received download URL disclosure WEB page on the display device of the client computer 2.

FIG. 15 is an explanatory diagram of a download URL disclosure WEB page. The download URL disclosure WEB page includes a file name and a download URL.

As described above, the decryptor can browse the download URL.
The decryptor selects the download URL with reference to the file name. The client computer 2 transmits a request for downloading the encrypted file to the WEB server 3 by the operation of the decryptor. Then, the client computer 2 receives the encrypted file from the WEB server 3.

As described above, the encryptor can designate the mail address and transmit the encrypted file to the owner of the mail address.

On the other hand, the client computer 1 transmits the decryption password to the client computer 2 by the operation of the encryptor. The client computer 2 receives the decryption password. The decryptor can receive the decryption password.

As described above, the encryption person can specify the mail address and transmit the information to the owner of the mail address.

The decryption password is delivered by e-mail, but the encrypted file is not delivered by e-mail. Therefore, the administrator of the e-mail server and the administrator of the e-mail routing device cannot obtain both the encrypted file and the decryption password.

In the third embodiment, the transmission information is an encrypted file. However, the transmission information may be a simple electronic file that is not encrypted. The electronic file is delivered without being stored in the e-mail server.

The transmission information in the first embodiment and the second embodiment is a decryption password. In addition, the transmission information in the third embodiment is an encrypted file. The transmission information is not limited to these. Any information that can be handled by the WEB server 3 may be used. The encryption person can transmit electronic information by designating an electronic mail address without using electronic mail.

(Fourth embodiment)
Although the information transmission system of 4th Embodiment is demonstrated below, the description which abbreviate | omits the information transmission system of 1st Embodiment is abbreviate | omitted by using the same code | symbol. The information transmission system according to the fourth embodiment is different from the information transmission system according to the first embodiment in that the decryption person browses the password from the WEB server 3.

The information transmission system according to the fourth embodiment of the present invention includes a plurality of client computers 1, a plurality of client computers 2, a WEB server 3, and a network 5. Since the configuration of the information transmission system of the fourth embodiment is the same as that of the information transmission system of the first embodiment, description thereof is omitted.

In the information transmission system according to the fourth embodiment, the encryptor registers the password in the WEB server 3 (FIG. 5), the encryptor delivers the encrypted file to the decryptor (not shown), and the decryptor encrypts Since the process (not shown) for receiving the encrypted file from the encryptor is the same as that of the information transmission system of the first embodiment, description thereof is omitted.

In the information transmission system of the fourth embodiment, a process in which a decryptor browses a password from the WEB server 3 will be described.

The client computer 2 transmits an address input page request to the WEB server 3. Then, the WEB server 3 transmits the requested address input page to the client computer 2. The client computer 2 receives the address input page from the WEB server 3. The address input page (not shown) includes a mail address field and a send button. In the mail address column, the mail address of the decryptor is entered. When the send button is operated, the client computer 2 sends the mail address input in the mail address field to the WEB server 3. In the present embodiment, the client computer 2 transmits the mail address to the WEB server 3, but may transmit information unique to the decryptor other than the mail address. In this case, the WEB server 3 stores the correspondence between the decryptor's unique information and the decryptor's mail address. Thereby, the WEB server 3 can specify the decryption person's mail address based on the received unique information of the decryption person.

The WEB server 3 receives a mail address from the client computer 2. Then, the WEB server 3 creates a one-time URL. The one-time URL is a URL for the client computer 2 to request a password disclosure WEB page (FIG. 9) from the WEB server. One-time URLs expire. The revocation condition of the one-time URL is, for example, to accept a specified number of accesses. The revocation condition of the one-time URL is that a certain time elapses from the generation. Here, an example of a one-time URL is shown. An example of the one-time URL is “http://www.authadd.com/pass.php?rnd=9856245484”. The character string after rnd is a random character string. The WEB server 3 generates this random character string. Then, the WEB server 3 stores the random character string and the mail address received from the client computer 2 in association with each other. Next, the WEB server 3 generates a password disclosure request page. The password disclosure request page includes the generated one-time URL and a mail address that can be received by the WEB server 3. In addition, the password disclosure request page describes that a password disclosure WEB page request should be transmitted to the displayed one-time URL after an email is transmitted to the displayed email address. Then, the WEB server 3 transmits the generated password disclosure request page.

Then, the client computer 2 receives the password disclosure request page from the WEB server 3. Next, the client computer 2 sends an e-mail addressed to the e-mail address included in the password disclosure request page in response to the decryption person's operation. However, if the email address of the second client computer other than the client computer 2 is registered as the decryption person email address, the second client computer sends an email addressed to the email address included in the password disclosure request page. . Then, the WEB server 3 receives an electronic mail. Next, the WEB server 3 extracts a sender mail address from the received electronic mail. Next, the WEB server 3 stores the correspondence between the extracted mail address of the transmission source and the time when the electronic mail is received. On the other hand, the client computer 2 transmits a password disclosure WEB page request to the one-time URL included in the password disclosure request page in response to a user operation.

The WEB server 3 receives a password disclosure WEB page request from the client computer 2. The WEB server 3 acquires a character string after rnd from the one-time URL that received the password disclosure WEB page request. And the WEB server 3 specifies the mail address memorize | stored corresponding to the acquired character string. Next, the WEB server 3 specifies the time when the electronic mail having the specified mail address as the transmission source is received. Then, the WEB server 3 determines whether or not the difference between the specified reception time and the current time is within a predetermined time. If the difference is greater than the predetermined time, the WEB server 3 does not permit disclosure of the requested password. Therefore, the WEB server 3 transmits the password disclosure request page to the client computer 2 again. Note that the WEB server 3 does not permit disclosure of a password even when an e-mail having a specified e-mail address as a transmission source has not been received. On the other hand, if the difference is within the predetermined time, the WEB server 3 permits disclosure of the requested password. Therefore, the WEB server 3 selects from the transmission information table 342 a record in which the identified mail address matches the mail address 3422 of the transmission information table 342. Next, the WEB server 3 extracts the file name 3423 and the password 3424 of the selected record. Then, the WEB server 3 generates a password disclosure WEB page (FIG. 9) based on the extracted file name 3423 and password 3424. Next, the WEB server 3 transmits the generated password disclosure WEB page to the client computer 2.

The client computer 2 receives the password disclosure WEB page from the WEB server 3. Then, the client computer 2 displays the received password disclosure WEB page on the display device.

As described above, the encryption person can transmit information to the owner of the mail address by designating the mail address. Note that the WEB server 3 may notify the client computer 1 operated by the encryption person of a one-time URL and an e-mail address that can be received by the WEB server 3. Specifically, when the information transfer table 342 is updated (S104), the WEB server 3 creates a one-time URL including a random character string. Next, the WEB server 3 stores the correspondence between the received decryptor mail address and a random character string. Next, the WEB server 3 transmits the created one-time URL and a mail address that can be received by the WEB server 3 to the client computer 1. Then, the client computer 1 receives the one-time URL and the mail address. Then, the encryptor delivers the one-time URL and mail address received by the client computer 1 together with the encrypted file to the decryptor. After that, the client computer 2 sends an e-mail addressed to the delivered mail address in response to the decryption person's operation. Further, the client computer 2 transmits a password disclosure WEB page request to the delivered one-time URL in response to the decryption person's operation. Since the subsequent processing is the same, the description thereof is omitted.

Moreover, it may be as follows. The WEB server 3 notifies only the one-time URL to the client computer 1 operated by the encryption person. Specifically, when the information transfer table 342 is updated (S104), the WEB server 3 creates a one-time URL including a random character string. Next, the WEB server 3 stores the correspondence between the received decryptor mail address and a random character string. Then, the WEB server 3 transmits the created one-time URL to the client computer 1. Then, the client computer 1 receives a one-time URL. Then, the encryptor delivers the one-time URL received by the client computer 1 together with the encrypted file to the decryptor. Thereafter, the client computer 2 sends a password disclosure WEB page request to the delivered one-time URL, triggered by the decryption person's operation. At this time, the WEB server 3 has not received an e-mail from the decryptor within a predetermined time. Therefore, the WEB server 3 transmits a password disclosure request page to the client computer 2 instead of the password disclosure WEB page. In this case, the password disclosure request page includes a mail address that can be received by the WEB server 3 and a one-time URL at which the client computer 2 has transmitted the password disclosure WEB page request. The password disclosure request page may include a button for transmitting a password disclosure WEB page request to the one-time URL instead of the one-time URL. The client computer 2 receives the password disclosure request page from the WEB server 3. Next, the client computer 2 transmits an e-mail to a mail address that can be received by the WEB server 3 included in the mail transmission request page in response to the operation of the decryptor. Next, the client computer 2 sends a request for a password disclosure WEB page to the WEB server 3 in response to the operation of the decryptor. Since the subsequent processing is the same, the description thereof is omitted.

By the way, the process in which the decryptor in the second embodiment browses the password from the WEB server 3 can be replaced with the process described above. In the third embodiment, the process of browsing the download URL by the decryptor can be replaced with the process described above. In this case, the one-time URL is an ULR for the client computer 2 to request the download URL disclosure WEB page from the WEB server 3.

It is a block diagram of the composition of the information transmission system of a 1st embodiment. It is a block diagram of the structure of the WEB server 3 with which the information transmission system of 1st Embodiment is equipped. It is a block diagram of the transmission information table 342 of the WEB server 3 of 1st Embodiment. It is a block diagram of the authentication mail address corresponding | compatible table 341 of the WEB server 3 of 1st Embodiment. It is a sequence diagram of the process in which the encryption person in the information transmission system of 1st Embodiment registers a password in the WEB server. It is a sequence diagram of the process in which the decryption person in the information transmission system of 1st Embodiment browses a password from the WEB server. It is explanatory drawing of the password WEB page of 1st Embodiment. It is explanatory drawing of the web page for authentication of 1st Embodiment. It is explanatory drawing of the password disclosure WEB page of 1st Embodiment. It is explanatory drawing of the password WEB page of 1st Embodiment. It is a block diagram of the structure of the WEB server 3 with which the information transmission system of 2nd Embodiment is equipped. It is a block diagram of the registration mail address table 343 of the WEB server 3 of 2nd Embodiment. It is a sequence diagram of the process in which the encryption person in the information transmission system of 2nd Embodiment delivers an encryption file to a decryption person, and the process in which the WEB server 3 memorize | stores a password. It is explanatory drawing of the mail address WEB page for registration of 2nd Embodiment. It is explanatory drawing of the download URL disclosure WEB page of 3rd Embodiment.

Explanation of symbols

1 Client computer 2 Client computer 3 WEB server 5 Network 31 CPU
32 memory 39 network interface 310 password registration program 315 input information reception subprogram 316 transmission information table update subprogram 320 password disclosure program 323 authentication request ID generation subprogram 324 authentication mail address generation subprogram 325 authentication mail address transmission subprogram 326 Mail reception subprogram 327 Received mail reading subprogram 328 Authentication subprogram 329 Screen generation subprogram 330 WEB site provision program 341 Authentication mail address correspondence table 342 Transmission information table 343 Registration mail address table 350 Password registration program 351 Registration mail address Request reception subprogram 352 Password generation sub Program 353 Registration mail address generation subprogram 354 Registration mail reception subprogram 355 Registration mail reading subprogram 357 Registration mail address table update subprogram 358 Transmission information table update subprogram 359 Screen generation subprogram 3221 Authentication request reception subprogram 3222 Authentication result request reception subprogram 3411 Authentication request ID
3412 E-mail address for authentication 3413 Decryptor e-mail address 3422 E-mail address 3423 File name 3424 Password 3431 E-mail address for registration 3432 Password

Claims (38)

An information management computer connected to a first computer and a second computer via a network and comprising a processor, a memory and a network interface,
The processor is
Storing transmission information correspondence information indicating correspondence between the transmission information and the mail address of the recipient of the transmission information;
When receiving an authentication request from the second computer,
Of the email addresses that the information management computer can receive, assign an email address that is not assigned to any of the previously received authentication requests to the received authentication request,
Storing the correspondence between the received authentication request and the email address assigned to the authentication request in the authentication email address correspondence information;
When an email is received, the source email address and the destination email address are identified from the received email,
With reference to the authentication email address correspondence information, an authentication request corresponding to the specified destination email address is identified,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified sender email address,
An information management computer, wherein the specified transmission information is transmitted to the second computer that is a transmission source of the specified authentication request. The processor is
Receiving the transmission information and the mail address of the recipient of the transmission information from the first computer;
2. The information management computer according to claim 1, wherein the correspondence between the received transmission information and the received mail address is stored in the transmission information correspondence information. The processor is
Receive an email address from the first computer,
Create communication information,
The information management computer according to claim 1, wherein the correspondence between the created transmission information and the received mail address is stored in the transmission information correspondence information.   The information management computer according to claim 3, wherein the processor transmits the created transmission information to the client computer 1. The processor is
Generate communication information,
Of the email addresses that can be received by the information management computer, assign an email address that is not assigned to any of the previously generated transmission information to the generated transmission information,
Storing the correspondence between the generated transmission information and the mail address assigned to the transmission information in a registration mail address table;
The generated transmission information and the mail address assigned to the transmission information are transmitted to the first computer,
When receiving an email, specify multiple destination email addresses from the received email,
Referring to the registration e-mail address table, among the specified plurality of destination e-mail addresses, identify the transmission information corresponding to the e-mail address that can be received by the information management computer,
A correspondence between the identified transmission information and an email address that cannot be received by the information management computer among the identified plurality of destination email addresses is stored in the transmission information correspondence information. The information management computer according to claim 1.   The information management computer according to claim 1, wherein the transmission information is a character string, a bit string, or an electronic file. The processor is
When a predetermined time has elapsed since the email address was assigned to the authentication request, the email address assignment is canceled,
The information management computer according to claim 1, wherein the mail address that has been deallocated is reassigned to another authentication request. The processor is
Create a new email address that the management computer can receive,
By assigning the generated new mail address to the received authentication request, among the mail addresses that can be received by the information management computer, a mail address that is not assigned to any of the previously received authentication requests. 2. The information management computer according to claim 1, wherein the information management computer is assigned to the received authentication request.   The processor cancels the assignment of the created email address by invalidating the created email address when a predetermined time has elapsed since the email address was newly created. The information management computer according to claim 8. An information management computer connected to a first computer and a second computer via a network and comprising a processor, a memory and a network interface,
The processor is
Receiving the email address of the recipient of the transmission information from the first computer;
The correspondence between the transmission information and the received recipient's email address is stored in the transmission information correspondence information,
When the email is received, the sender email address is identified from the received email,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified sender email address,
An information management computer, wherein the specified transmission information is transmitted to the second computer. The processor is
From the first computer, the transmission information and the mail address of the recipient of the transmission information are received,
11. The information management computer according to claim 10, wherein the correspondence between the received transmission information and the received recipient's mail address is stored in the transmission information correspondence information. The processor is
Create communication information,
11. The information management computer according to claim 10, wherein a correspondence between the created transmission information and the received mail address of the recipient is stored in the transmission information correspondence information.   The information management computer according to claim 12, wherein the processor transmits the created transmission information to the client computer 1. The processor,
Generate communication information,
Of the email addresses that can be received by the information management computer, assign an email address that is not assigned to any of the previously generated transmission information to the generated transmission information,
Storing the correspondence between the generated transmission information and the mail address assigned to the transmission information in a registration mail address table;
The generated transmission information and the mail address assigned to the transmission information are transmitted to the first computer,
When receiving an email, specify multiple destination email addresses from the received email,
Referring to the registration e-mail address table, among the specified plurality of destination e-mail addresses, identify the transmission information corresponding to the e-mail address that can be received by the information management computer,
A correspondence between the identified transmission information and an email address that cannot be received by the information management computer among the identified plurality of destination email addresses is stored in the transmission information correspondence information. The information management computer according to claim 10.   The information management computer according to claim 10, wherein the transmission information is a character string, a bit string, or an electronic file. A first computer having a processor, a memory, and a network interface; a second computer having a processor, a memory, and a network interface; and a processor, a memory, and a network interface, connected to the first computer and the second computer via a network An information management system, comprising: an information management computer,
The information management computer is
Storing transmission information correspondence information indicating correspondence between the transmission information and the mail address of the recipient of the transmission information;
When receiving an authentication request from the second computer,
Of the email addresses that the information management computer can receive, assign an email address that is not assigned to any of the previously received authentication requests to the received authentication request,
Storing the correspondence between the received authentication request and the email address assigned to the authentication request in the authentication email address correspondence information;
When an email is received, the source email address and the destination email address are identified from the received email,
With reference to the authentication email address correspondence information, an authentication request corresponding to the specified destination email address is identified,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified sender email address,
An information transmission system, wherein the specified transmission information is transmitted to the second computer that is a transmission source of the specified authentication request. A first computer having a processor, a memory, and a network interface; a second computer having a processor, a memory, and a network interface; and a processor, a memory, and a network interface, connected to the first computer and the second computer via a network An information management system, comprising: an information management computer,
The information management computer is
Receiving the email address of the recipient of the transmission information from the first computer;
The correspondence between the transmission information and the received recipient's email address is stored in the transmission information correspondence information,
When the email is received, the sender email address is identified from the received email,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified sender email address,
The information transmission system, wherein the specified transmission information is transmitted to the second computer. A program connected to a first computer and a second computer via a network and executed by an information management computer comprising a processor, a memory and a network interface,
Storing transmission information correspondence information indicating correspondence between the transmission information and a mail address of a recipient of the transmission information;
Receiving an authentication request from the second computer;
Assigning, to the received authentication request, an email address that is not assigned to any of the previously received authentication requests among the email addresses that can be received by the information management computer;
Storing the correspondence between the received authentication request and the email address assigned to the authentication request in the authentication email address correspondence information;
Receiving an email, identifying a source email address and a destination email address from the received email; and
Referring to the authentication email address correspondence information, identifying an authentication request corresponding to the identified destination email address;
Referring to the transmission information correspondence information, identifying the transmission information corresponding to the identified sender email address;
Transmitting the specified transmission information to the second computer that is the transmission source of the specified authentication request. A program connected to a first computer and a second computer via a network and executed by an information management computer comprising a processor, a memory and a network interface,
Receiving the email address of the recipient of the transmission information from the first computer;
Storing correspondence between the transmission information and the received recipient's email address in the transmission information correspondence information;
Receiving an email, identifying a source email address from the received email; and
Referring to the transmission information correspondence information, identifying the transmission information corresponding to the identified sender email address;
Transmitting the specified transmission information to the second computer. An information management computer connected to a first computer and a second computer via a network and comprising a processor, a memory and a network interface,
The processor is
Storing the transmission information correspondence information indicating the correspondence between the transmission information and the user agent address of the recipient of the transmission information;
When receiving an authentication request from the second computer,
Of the user agent addresses that can be received by the information management computer, assign a user agent address that is not assigned to any of the previously received authentication requests to the received authentication request,
Storing the correspondence between the received authentication request and the user agent address assigned to the authentication request in the authentication user agent address correspondence information;
When receiving the signaling, the source user agent address and the destination user agent address are identified from the received signaling,
Referring to the authentication user agent address correspondence information, specify an authentication request corresponding to the specified destination user agent address,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified source user agent address,
An information management computer, wherein the specified transmission information is transmitted to the second computer that is a transmission source of the specified authentication request. The processor is
Receiving the transmission information and the user agent address of the recipient of the transmission information from the first computer;
21. The information management computer according to claim 20, wherein a correspondence between the received transmission information and the received user agent address is stored in the transmission information correspondence information. The processor is
Receiving a user agent address from the first computer;
Create communication information,
21. The information management computer according to claim 20, wherein a correspondence between the created transmission information and the received user agent address is stored in the transmission information correspondence information.   The information management computer according to claim 22, wherein the processor transmits the created transmission information to the client computer 1. The processor is
Generate communication information,
Of the user agent addresses that can be received by the information management computer, assign a user agent address that is not assigned to any of the previously generated transmission information to the generated transmission information,
The correspondence between the generated transmission information and the user agent address assigned to the transmission information is stored in a registration user agent address table,
Transmitting the generated transmission information and the user agent address assigned to the transmission information to the first computer;
Upon receiving the signaling, a plurality of destination user agent addresses are identified from the received signaling,
Referring to the registration user agent address table, among the identified plurality of destination user agent addresses, identify transmission information corresponding to a user agent address that can be received by the information management computer,
A correspondence between the identified transmission information and a user agent address that cannot be received by the information management computer among the plurality of identified destination user agent addresses is stored in the transmission information correspondence information. The information management computer according to claim 20.   21. The information management computer according to claim 20, wherein the transmission information is a character string, a bit string, or an electronic file. The processor is
When a predetermined time has elapsed since the user agent address was assigned to the authentication request, the assignment of the user agent address is canceled,
21. The information management computer according to claim 20, wherein the released user agent address is reassigned to another authentication request. The processor is
Create a new user agent address that can be received by the management computer,
By assigning the generated new user agent address to the received authentication request, a user who has not been assigned to any of the previously received authentication requests among user agent addresses that can be received by the information management computer. 21. The information management computer according to claim 20, wherein an agent address is assigned to the received authentication request.   The processor cancels the assignment of the created user agent address by invalidating the created user agent address when a predetermined time has elapsed since the user agent address was newly created. 28. The information management computer according to claim 27, characterized in that: An information management computer connected to a first computer and a second computer via a network and comprising a processor, a memory and a network interface,
The processor is
Receiving the user agent address of the recipient of the transmission information from the first computer;
Storing the correspondence between the transmission information and the received user agent address of the recipient in the transmission information correspondence information;
When the signaling is received, the source user agent address is identified from the received signaling,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified source user agent address,
An information management computer, wherein the specified transmission information is transmitted to the second computer. The processor is
Receiving the transmission information and a user agent address of a recipient of the transmission information from the first computer;
30. The information management computer according to claim 29, wherein the correspondence between the received transmission information and the received user agent address of the recipient is stored in the transmission information correspondence information. The processor is
Create communication information,
30. The information management computer according to claim 29, wherein a correspondence between the created transmission information and the received user agent address of the recipient is stored in the transmission information correspondence information.   32. The information management computer according to claim 31, wherein the processor transmits the created transmission information to the client computer. The processor,
Generate communication information,
Of the user agent addresses that can be received by the information management computer, assign a user agent address that is not assigned to any of the previously generated transmission information to the generated transmission information,
The correspondence between the generated transmission information and the user agent address assigned to the transmission information is stored in a registration user agent address table,
Transmitting the generated transmission information and the user agent address assigned to the transmission information to the first computer;
Upon receiving the signaling, a plurality of destination user agent addresses are identified from the received signaling,
Referring to the registration user agent address table, among the identified plurality of destination user agent addresses, identify transmission information corresponding to a user agent address that can be received by the information management computer,
A correspondence between the identified transmission information and a user agent address that cannot be received by the information management computer among the plurality of identified destination user agent addresses is stored in the transmission information correspondence information. The information management computer according to claim 29.   30. The information management computer according to claim 29, wherein the transmission information is a character string, a bit string, or an electronic file. A first computer having a processor, a memory, and a network interface; a second computer having a processor, a memory, and a network interface; and a processor, a memory, and a network interface, connected to the first computer and the second computer via a network An information management system, comprising: an information management computer,
The information management computer is
Storing the transmission information correspondence information indicating the correspondence between the transmission information and the user agent address of the recipient of the transmission information;
When receiving an authentication request from the second computer,
Of the user agent addresses that can be received by the information management computer, assign a user agent address that is not assigned to any of the previously received authentication requests to the received authentication request,
Storing the correspondence between the received authentication request and the user agent address assigned to the authentication request in the authentication user agent address correspondence information;
When receiving the signaling, the source user agent address and the destination user agent address are identified from the received signaling,
Referring to the authentication user agent address correspondence information, specify an authentication request corresponding to the specified destination user agent address,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified source user agent address,
An information transmission system, wherein the specified transmission information is transmitted to the second computer that is a transmission source of the specified authentication request. A first computer having a processor, a memory, and a network interface; a second computer having a processor, a memory, and a network interface; and a processor, a memory, and a network interface, connected to the first computer and the second computer via a network An information management system, comprising: an information management computer,
The information management computer is
Receiving the user agent address of the recipient of the transmission information from the first computer;
Storing the correspondence between the transmission information and the received user agent address of the recipient in the transmission information correspondence information;
When the signaling is received, the source user agent address is identified from the received signaling,
Referring to the transmission information correspondence information, identify the transmission information corresponding to the identified source user agent address,
The information transmission system, wherein the specified transmission information is transmitted to the second computer. A program connected to a first computer and a second computer via a network and executed by an information management computer comprising a processor, a memory and a network interface,
Storing transmission information correspondence information indicating correspondence between the transmission information and a user agent address of a recipient of the transmission information;
Receiving an authentication request from the second computer;
Assigning to the received authentication request a user agent address that is not assigned to any of the previously received authentication requests among user agent addresses that can be received by the information management computer;
Storing the correspondence between the received authentication request and the user agent address assigned to the authentication request in authentication user agent address correspondence information;
Receiving the signaling, identifying the source user agent address and the destination user agent address from the received signaling; and
Identifying an authentication request corresponding to the specified destination user agent address with reference to the authentication user agent address correspondence information;
Identifying the transmission information corresponding to the identified source user agent address with reference to the transmission information correspondence information;
Transmitting the specified transmission information to the second computer that is the transmission source of the specified authentication request. A program connected to a first computer and a second computer via a network and executed by an information management computer comprising a processor, a memory and a network interface,
Receiving from the first computer the user agent address of the recipient of the transmission information;
Storing the correspondence between the transmission information and the received user agent address of the recipient in the transmission information correspondence information;
Receiving the signaling, identifying a source user agent address from the received signaling; and
Identifying the transmission information corresponding to the identified source user agent address with reference to the transmission information correspondence information;
Transmitting the specified transmission information to the second computer.