JP2008219742A - Attached file encryption method and mail server implementing the same method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an attached file encryption technique with which a file contained in electronic mail is encrypted without the need to register an encryption key beforehand, and the file is surely decrypted at a legal receiving side. <P>SOLUTION: An attached file encryption mail server comprises: an encryption key generating section 42 for generating a novel encryption key for encrypting an attached file contained in electronic mail received from a transmission source; an encryption key recording section 47 for recording, as a search key, attribute information, transmission source identification information or transmission destination identification information of the electronic mail or a combination thereof for the encryption key; an encryption section 42 for encrypting the attached file using the encryption key; an encryption key extracting section 48 for extracting, from a transmission destination where the encrypted attached file is received, an encryption key for decrypting the attached file on the basis of attached file operation event information with respect to the attached file; and an encryption key transmitting section 45 for sending the extracted encryption key to the transmission destination. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

The present invention relates to a technique for encrypting a file attached to an e-mail and appropriately decrypting the encrypted file .

  In order to avoid a file attached to an electronic mail being viewed by a user other than the official mail transmission destination, it has been conventionally performed to encrypt the attached file. For example, a confidential ID is set for the email address that is the source or destination of an email, and the file that you want to keep secret is encrypted with the confidential ID, then sent attached to the email, and this file is received On the side, a technique of decoding with a confidential ID is known (for example, see Patent Document 1). In this technique, it is necessary to set a confidential ID in advance in the mail address, and all the related terminals need to have a confidential ID table associated with the mail address. Further, since the relationship between the specific mail address and the confidential ID as the encryption key is fixed, there is a high possibility that the encryption key is overlooked and there is a security problem.

  There is provided a management server for transmitting attachment files (lottery tickets) encrypted with encryption keys managed by user email addresses to a large number of user mobile terminals, and a user who goes to the store sends the attachment file from the user mobile terminal to the store terminal. A communication system that contributes to attracting consumers to a store by decrypting and printing out an attached file as a lottery ticket using the encryption key read from the management server by the store terminal is known. For example, see Patent Document 2). In this communication system, a user who receives an attached file must go to a terminal that gives a decryption encryption key for decryption, and is inconvenient to apply to a general mail system. is there.

In addition, when the sender user attaches a file to the email, the recipient user who received the email with the attached file encrypts the file using a password associated with the recipient user, A file encryption technique for decrypting an attached file using a password as a decryption key is also known. In this technique, a password linked to a user ID is registered in a user management table (see, for example, Patent Document 3). Again, it is necessary to register the user ID and password (encryption key) in advance, and it is practically difficult to change the password (encryption key) frequently, and there is a high possibility that the encryption key will be overlooked. . In addition, the destination user If you forget the password, the decoding of the attached file becomes impossible.

JP 2003-134296 A (paragraph numbers 0004-0010, FIGS. 9 to 12) JP 2004-266716 A (paragraph number 0008, FIG. 9) JP 2006-31483 A (paragraph numbers 0024-0038, FIGS. 4 and 6)

  In view of the above situation, an object of the present invention is to encrypt a file included in an e-mail without burdening the e-mail sending side and / or receiving side and without having to register an encryption key in advance. And providing an attached file encryption technique in which the file is surely decrypted by a legitimate receiver.

  An attached file encryption method according to the present invention for solving the above-described problem is a step of generating a new encryption key for encrypting an attached file included in an e-mail received from a first terminal as a transmission source. Recording the generated encryption key as attribute information, transmission source identification information, transmission destination identification information, or a combination thereof, as a search key, and attaching the generated encryption key with the generated encryption key A step of encrypting a file, a step of transmitting an e-mail including the encrypted attachment file, and an attachment operation event relating to an operation on the attachment file received from a second terminal as a transmission destination of the e-mail The encrypted using the search key created based on information derived from information Extracting an encryption key for decrypting the biasing file, and a step of sending a cryptographic key which has been extracted into the second terminal.

  In this method, when the mail server receives an e-mail including a file from the terminal side (first terminal), the mail server generates a new encryption key for encrypting the attached file and encrypts the attached file. , Forward to that email destination. At the same time, a data storage unit such as a hard disk using the data based on the attribute information, transmission source identification information, transmission destination identification information, or a combination thereof as a search key so that the generated encryption key is surely read later To be recorded. When the terminal side (second terminal) as the transmission destination receiving this e-mail attempts to decrypt the attached file, the attached file operation event information indicating that is sent to the mail server of the transmission source. . Since the attribute information, sender identification information, and destination identification information of the e-mail are described in the attached file operation event information, the attribute information extracted from the attached file operation event and the sender identification are described on the mail server side. Using the information and destination identification information as a search key, an encryption key for decrypting the attached file is extracted and sent to the terminal side (second terminal). On the terminal side (second terminal), the attached file is decrypted using the received encryption key and can be viewed. Therefore, in this attachment file encryption method, the attachment file is encrypted using an encryption key generated every time an e-mail including the attachment file is received on the mail server side, and this attachment file is received. Since the encryption key is extracted and transmitted based on the request from the terminal side, the management of the encryption key can be entrusted to the mail server side. In addition, since it is possible to avoid using the same encryption key, there is little possibility that the encryption key is overlooked and security is improved. In particular, since an encryption key is recorded using data based on attribute information, transmission source identification information, transmission destination identification information, or a combination thereof as the search key, the highly reliable search and extraction of the encryption key is possible. It becomes possible, and the possibility of passing the encryption key to a third party is low.

  One simple method for generating a new encryption key for encrypting an attached file is generated based on the attribute information, transmission source identification information, transmission destination identification information, or a combination thereof. is there. That is, by using different attribute information, transmission source identification information, and transmission destination identification information for each email as encryption generation seeds, a unique encryption key for the email can be generated.

The data that should be the generation type of the encryption key can be various data included in the attribute information, the transmission source identification information, and the transmission destination identification information. In order to increase the uniqueness of the encryption key, The date and time of mail transmission and the identification code (user ID, MAC address or mail address) of the user or terminal are convenient . This ensures that the generated encryption key, MAC address or both of the sender of the email address or the first terminal, and searchable record (store) that as the e-mail retrieval key transmission date And a unique search and extraction of the stored encryption key is realized. In order to increase security by receiving the search key only from a regular destination terminal of the target email, the attachment operation event includes the transmission date and time of the email and the source Conveniently, a mail address and / or the MAC address of the first terminal and the destination mail address and / or the MAC address of the second terminal may be included.

  The transmission date and time, the transmission source mail address and the transmission destination mail address can be easily extracted from the header of the electronic mail. The MAC address can be read from a specific packet in packet communication, but a table for linking and recording each user's mail address and MAC address may be prepared on the mail server side.

It may be inconvenient if such an attachment file encryption method is applied to all attachment files. In particular, when used in a specific organization such as a company or a government office, considering the security level that should be the sender's authority level, the files sent by the lower party to the upper party are encrypted for the purpose of confidentiality. It is because it is required not to give. Therefore, Ru conveniently der the encryption of the attachment is prohibited on the basis of the encryption prohibition information derived in accordance with the combination of the feed Xinyuan and destination.

  The mail server according to the present invention that implements the above-described attachment file encryption method is an encryption that generates a new encryption key for encrypting an attachment file included in an e-mail received from a first terminal as a transmission source. A key generation unit, an encryption key recording unit that records the generated encryption key as data of search information based on attribute information, transmission source identification information, transmission destination identification information, or a combination thereof of the email. Received from an encryption unit that encrypts the attached file with an encryption key, a mail transfer unit that transmits an email including the encrypted attached file, and a second terminal that is the destination of the email Using the search key created based on information derived from an attachment operation event related to the operation on the attachment Includes an encryption key extraction unit for extracting an encryption key for decrypting the encrypted attached file, an encryption key sending unit for sending a cryptographic key which has been extracted into the second terminal. The attached file encrypted mail server configured in this way also has the operational effects described in the previous attached file encryption method, and can have various additional features described above.

  The present invention also includes an attached file encryption program for realizing the attached file encryption method described above by a computer.

  The above-mentioned attachment file encryption method, attachment file encryption mail server, and attachment file encryption program are based on the technology on the server side facing the user terminal side in the attachment file encryption server / client system. However, the present invention also covers client-side technology.

  That is, a terminal for exchanging mail through an attached file encryption mail server that encrypts the attached file using an encryption key generated for encrypting the attached file included in the received e-mail and transfers it to a destination mail address. In order to solve the above-described problem, in the attached file encryption method, the present invention includes a step of receiving an electronic mail including the encrypted attached file, and an attached file operation event related to an operation on the attached file. Sending to the file encryption mail server; and the encrypted attachment file extracted using the search key created based on the information extracted from the attachment file operation event in the attachment file encryption mail server Receiving an encryption key for decrypting , And a step of decoding the encrypted attached file using the encryption key. There has also been proposed an attached file encryption program for causing a computer to realize such an attached file encryption method on the terminal side.

Such a user terminal side of the technology, i.e. attachment encryption method as client-side technology, attachments encrypted program is also, of course, advantageous effects mentioned in the accompanying file encryption method in the previous server-side It can also be provided with the various additional features described above.

The basic principle of the technique according to the present invention for managing encryption and decryption of a file (hereinafter referred to as an attached file) included in an e-mail will be described with reference to FIG.
In FIG. 1, a plurality of terminals 1 serving as client-side computers and a mail server 3 serving as a server-side computer may be a network (a network within an organization such as a LAN, or a wide area opened like the Internet. The e-mail system connected through 2 is shown. As will be described in detail below, the mail server 3 generates an encryption key for encrypting an attached file in electronic mail communication performed between terminals in addition to a normal mail processing function, and manages the encryption key. It has a function.

  The user who owns the first terminal 1a activates the installed mailer software, and attaches a file to the user who owns the second terminal 1b (hereinafter referred to as an attached mail). ) Is created (# 01). When the send button of the mailer software is operated, the attached mail is sent to the mail server 3 registered by the user of the first terminal 1a (# 02). The mail server 3 that has received the attached mail extracts the attribute information, the transmission source identification information, and the transmission destination identification information of the attached mail through the attachment mail receiving process (# 03). The attribute information of the attached mail includes the transmission date and time of the attached mail, the sender identification information includes the mail address of the sender, the MAC address of the first terminal, and the destination identification information includes the destination And the MAC address of the second terminal. This term of transmission date / time should be interpreted in a broad sense so as to include the date / time of generation of email transmission event information, and not only a formal transmission date / time code but also a code determined corresponding to such a code. Included. As schematically shown in FIG. 2, the MAC address of the first terminal is obtained by analyzing the contents of a packet used in packet communication, and the transmission date and time of the attached mail, the mail address of the transmission source The destination mail address can be read from the header part of the attached mail. When the MAC address of the second terminal is registered in the user management table linked to the user ID or mail address of the user using this mail system, as shown in FIG. It can be retrieved using the destination email address.

  Based on the transmission date and time of the attached mail, the sender mail address, and further the destination mail address or the destination MAC address, that is, the attached mail attribute information, the sender identification information, and the destination identification information are used as a new encryption code. A key is generated (# 04). At this time, the generated encryption key may be reversible or irreversible in the relationship between the encryption generation type and the encryption key. As schematically shown in FIG. 4, the generated encryption key is data that can identify this attached mail, for example, transmission date and time, transmission source mail address (or transmission source MAC address), transmission destination mail address (or transmission destination) MAC address), that is, in a form in which an encryption key can be searched and extracted using these as search keys, is recorded on a storage medium such as a hard disk (# 05). At the same time, the attached file is encrypted using this encryption key (# 06).

  The encrypted attached mail is sent via the mail server 3 registered by the destination user (directly when the sender and the receiver are registered in the same mail server) (# 07), and finally Is received by the second terminal 1b (# 08).

  When the user who has received the attached mail at the second terminal 1b tries to open the encrypted attached file, attached file operation event information is generated (# 09), and the encryption key for decrypting the encrypted attached file is generated. (# 10). This attached file operation event information is a kind of operation log, and as shown in FIG. 5, an event ID, an event occurrence terminal ID, a source mail address (or source MAC address) of the attached mail, The destination mail address (or the destination MAC address) of the attached mail, the date and time of transmission and reception of the attached mail, and the like are described.

  The mail server 3 that has received the attachment file operation event information uses, for example, a search key for searching and extracting an encryption key for decrypting the encrypted attachment file from the data described in the attachment file operation event information. A transmission source address (or transmission source MAC address), transmission destination mail address (or transmission destination MAC address), and transmission date and time of an attached mail are read, and a desired encryption key is searched and extracted using this as a search key ( # 11). The extracted encryption key is sent to the second terminal 1b that is the source of the attached file operation event information (# 12).

  Upon receiving the encryption key for decrypting the attached file from the mail server 3, the second terminal 1b decrypts the attached file to be opened with this encryption key (# 13). The decrypted attached file is transferred to an appropriate application program and can be browsed and stored (# 14).

  In this mail server 3, not only the transmission date and time but also the mail address or MAC address of the transmission source or the transmission destination are used as keywords for extracting the encryption key for decryption. The encryption key for is not extracted and as a result cannot be decrypted. That is, even if an e-mail with an attached file is intercepted and opened at a terminal that is not the destination, the encryption key cannot be obtained unless the destination e-mail address or MAC address matches, which is a security measure. In this way, by checking the attachment source and destination in the mail server 3 managing the encryption key, it is possible to prevent the attachment file from being viewed on an unauthorized third party terminal. This is an important point of the present invention.

  Note that there is a demand in an email system in an organization such as a company or a government office that the attached file is not encrypted due to the relationship between the sender and the receiver. In this case, a table defining whether encryption is possible according to the combination of the transmission source and the transmission destination is prepared in the mail server, and the encryption prohibition information extracted according to the combination of the transmission source and the transmission destination is prepared. Based on this, the encryption of the attached file is prohibited.

A specific system configuration employing the above-described encryption management technique is shown in FIG.
First, in the computer of the terminal 1 (the first terminal 1a and the second terminal 1b are the same), as a function related to the present invention, software or hardware, or both, a mail creating unit 11, a mail The receiver 12, the mail transmitter 13, the decryptor 14 that decrypts the encrypted attached file using the encryption key that can be received from the mail server 3, and the contents of the attached file operation performed in the terminal 1 are described. An operation event information generation unit 15 that generates attachment file operation event information, a network interface 16 that performs transmission and reception of electronic mail and transmission of operation event information to the mail server 3 to the network 2 are constructed.

  The mail creation unit 11, the mail reception unit 12, and the mail transmission unit 13 are constructed by starting an application generally called mailer software. The mail creation unit 11 has a function of attaching a separately prepared file to an e-mail. When the creation of the attached mail is completed, the attached mail is sent to the mail server 3 by clicking the send button of the mailer software. When the operation event information generation unit 15 tries to operate the attached file using a command such as “save” or “open”, the operation event information generation unit 15 converts the data read from the email attached with the attached file into a script. 5 is generated as attachment file operation event information as exemplified in FIG. 5 and is sent to the mail server 3, and may be implemented in the form of a helper application of mailer software together with the decryption unit. The attached file decrypted by the decryption unit 14 using the encryption key for decrypting the attached file sent from the cipher management device 3 by giving the file operation event information is the “save” input in the mailer software. The processing based on the “command” and the “open” command is executed.

  The mail server 3 includes a mail reception unit 31 that accepts an e-mail, which is the original function of the mail server, and a mail transfer that transfers the received mail to another mail server 3 or directly to the terminal 1 by software and / or hardware. In addition to the unit 32 and the network interface 33 that transmits data to and from the terminal 1 via the network 2, functions related to the present invention include an identification information reading unit 41, an encryption key generation unit 42, and an encryption unit 43. , An operation event information analyzing unit 44, an encryption key sending unit 45, a user management table 46, an encryption key recording unit 47, an encryption key extracting unit 48, an encryption determining unit 49, and the like.

  The identification information reading unit 41 includes attribute information such as the transmission date and time of the attached mail from the attached mail received from the first terminal (sender) 1a, and the sender such as the sender mail address and the first terminal MAC address. The identification information and the transmission destination identification information such as the mail address of the transmission destination and the MAC address of the second terminal are read. Since the user management table 46 stores a table in which the mail address and the MAC address are compared, the MAC address of the transmission source is read from the mail address of the transmission source, and the MAC address of the transmission destination is read from the mail address of the transmission destination. It is possible. The encryption key generation unit 42 generates an encryption key using a combination of the transmission date and time of the attached mail given from the identification information reading unit 41 and the transmission destination MAC address (or transmission destination mail address) as an encryption generation type. This encryption key is a secret key, and an appropriate one can be adopted from various known algorithms for generating a secret key. The generated encryption key is recorded in the encryption key recording unit 47 in a form linked to the transmission date and time, the transmission source MAC address (or transmission source mail address), and the transmission destination MAC address (or transmission destination mail address). At the same time, since the encryption key is given to the encryption unit 43, the attached file is encrypted using this encryption key. When the attached file is encrypted, the attached mail is sent to the other mail server 3 or directly to the terminal 1 as the mail received through the mail transfer unit 32.

  The operation event information analysis unit 44 determines the transmission source address (or transmission source MAC address), transmission destination mail address (or transmission destination MAC address) and attachment from the attached file operation event information received from the second terminal (transmission destination) 1b. The mail transmission date and time is read and given to the encryption key extraction unit 48. The encryption key extraction unit 48 uses the transmission source address (or transmission source MAC address), the transmission destination mail address (or transmission destination MAC address), and the transmission date and time of the attached mail as a search key to perform a desired encryption on the encryption key recording unit 47. Search and extract keys. The extracted encryption key is sent to the second terminal 1b through the encryption key sending unit 45. The operation event information analysis unit 44 checks the validity of the attached file operation event information sent, and the MAC address of the extracted transmission destination and the packet of the attached file operation event information sent through the network. It also has a function of collating with the MAC address of the transmission source read directly from. If the two MAC addresses are different, it is determined that the attached file operation event information sent is invalid.

  The encryption determination unit 49 is included in the received attached mail using the determination condition defined in the user management table 46 that defines whether encryption is possible or not according to the combination of the transmission source and the transmission destination. Decide if you want to encrypt the files you have. For example, if the security level, which is the authority level of the user who sent the attached email, is lower than that of the recipient of the email, issue an encryption unnecessary command for the attached file, generate an encryption key, and encrypt the attached file. May be prohibited.

Next, a flow from transmission to reception of an attached mail in the attached file encrypted mail system configured as shown in FIG. 5 will be described with reference to a flowchart of FIG.
First, in order to transmit an attached mail to the second terminal 1b from the first terminal 1a, a file to be attached is designated while creating a mail body by entering a destination address (# 20) ( # 21). When the creation of the attached mail is completed, the attached mail is sent to the mail server 3 by giving a send command to the mail sending unit 13 (# 22).

  When the attached mail is received by the mail server 3 (# 30), the attribute information and the transmission source identification information (the date and time of transmission of the attached mail, the mail address of the transmission source, the first terminal) MAC address and the like and destination identification information (e-mail address of the destination) are read (# 31). Next, based on the rules defined in the user management table 46, the attached file of the attached mail to be transmitted is encrypted based on the rules defined in the user management table 46 from the combination of the user having the read source mail address and the user having the destination mail address. Encryption determination is made as to whether or not to perform encryption (# 32). When encryption of the attached file is selected, the encryption key generation unit 32 encrypts the combination of the destination MAC address extracted from the user management table 33 based on the destination mail address and the transmission date and time as the encryption generation type. A key is generated (# 33). The generated encryption key is recorded in the encryption key recording unit 47 in a form linked to the transmission date and time, the transmission source MAC address (or transmission source mail address), and the transmission destination MAC address (or transmission destination mail address). At the same time, the encryption unit 43 given the encryption key encrypts the attached file using this encryption key (# 35). The attached mail including the encrypted attached file is transferred to the transmission destination (# 36). If non-encryption of the attached file is selected in the encryption determination at step # 32 in the mail server 3, a file encryption unnecessary command is issued (# 36), and this attached mail is immediately sent to the destination. Transferred (# 36).

  In the second terminal 1b that has received the attached mail from the first terminal 1a via the mail server 3 (# 40), an operation by the “save” command or “open” command is requested for the attached file. (# 41), it is checked whether the requested attached file for command operation is encrypted (# 42). If the attached file is encrypted by the mail server 3, the execution of the operation command is temporarily stopped, and the operation event information creating unit 15 generates attached file operation event information based on the command operation (# 43). The generated attached file operation event information is sent to the mail server 3 (# 44).

  The mail server 3 that has received the attached file operation event information from the second terminal 1b analyzes the attached file operation event information by the operation event information analysis unit 44, and from there, the necessary data, transmission date and time, transmission source mail address The destination mail address is read out (# 50). Further, the operation event information analysis unit 44 additionally receives the MAC address of the transmission destination extracted from the user management table 46 based on the read transmission destination mail address and the attached file operation event transmitted through the network. A collation check is performed with the MAC address of the transmission source from the information packet (# 51). If the verification check is not satisfied, it is determined that the received attachment operation event information is invalid, and the subsequent processing is not performed. If the verification check is successful, the received attachment operation event information is valid, and the read transmission date and time, the source MAC address (or mail address), and the destination MAC address (or mail address) are encrypted as search keys. The key extraction unit 48 extracts the encryption key (# 52). The extracted encryption key is sent to the second terminal 1b for decrypting the attached file (# 53).

  The second terminal 1b that has received the encryption key from the mail server 3 uses the received encryption key to decrypt the attached file with the decryption unit 14 (# 60). When the encryption of the attached file ends, the operation command that has been paused is executed (# 61). When it is determined in step 42 that the attached file is not encrypted by the mail server 3, the requested file operation command is immediately executed (# 61).

  In the above-described embodiment, the encryption management technique according to the present invention is encrypted with respect to the attached file to the e-mail, but this encrypted file should be interpreted in a broad sense, and the e-mail body It is possible to include various types of data such as a data portion incorporated in the file or a file as data transmitted separately from the electronic mail main body.

Schematic diagram illustrating the basic principle of the technique for managing encryption and decryption of attached mail according to the present invention Explanatory drawing which shows an example which reads attribute information, transmission origin identification information, and transmission destination identification information from an attached mail Schematic diagram schematically showing an example of the user management table Schematic diagram schematically showing the recording format of the encryption key Schematic diagram schematically showing an example of attached file operation event information Functional block diagram of mail server and client according to the present invention Flow chart showing the flow of encryption and decryption of attached files

Explanation of symbols

1: terminal 1a: first terminal 1b: second terminal 2: network 3: mail server 11: mail creation unit 12: mail reception unit 13: mail transmission unit 14: decryption unit 15: operation event information generation unit 32 : Mail transfer unit 41: identification information reading unit 42: encryption key generation unit 43: encryption unit 44: operation event information analysis unit 45: encryption key sending unit 46: user management table 47: encryption key recording unit 48: encryption key extraction Unit 49: Encryption determination unit

Claims (11)

  A step of generating a new encryption key for encrypting an attached file included in the electronic mail received from the first terminal as the transmission source, and the generated encryption key using the attribute information of the electronic mail or the transmission source Recording data based on identification information or transmission destination identification information or a combination thereof as a search key, encrypting the attached file with the generated encryption key, and an electronic including the encrypted attached file Using the search key created based on information extracted from the attached file operation event information related to the operation on the attached file received from the second terminal as the e-mail transmission destination; Extracting an encryption key for decrypting the encrypted attachment; and the extraction Attachment encryption method comprising the step of sending the encryption key to the second terminal.   2. The attachment file encryption according to claim 1, wherein an encryption key for encrypting the attachment file is generated based on the attribute information, the transmission source identification information, the transmission destination identification information, or a combination thereof. Method.   The sender identification information of the electronic mail includes the mail address of the sender, the MAC address of the first terminal, or both, and the attribute information includes the transmission date and time of the electronic mail. The attachment according to claim 1 or 2, wherein the transmission destination identification information of the electronic mail includes the mail address of the transmission destination and / or the MAC address of the second terminal. File encryption method.   The attached file operation event includes the transmission date and time of the e-mail, the e-mail address of the transmission source and / or the MAC address of the first terminal, and the e-mail address of the transmission destination or the second terminal. The attachment file encryption method according to any one of claims 1 to 3, wherein the MAC address or both are included.   4. The encryption key is recorded so as to be searchable by using a transmission key of the transmission source and / or a MAC address of the first terminal, and a transmission date and time of the electronic mail as a search key. The attached file encryption method described.   The attached file according to any one of claims 1 to 5, wherein encryption of the attached file is prohibited based on encryption prohibition information extracted according to a combination of a transmission source and a transmission destination. Encryption method.   A function for generating a new encryption key for encrypting an attached file included in the electronic mail received from the first terminal as the transmission source, and the generated encryption key using the attribute information or the transmission source of the electronic mail A function for recording data based on identification information or destination identification information or a combination thereof as a search key, a function for encrypting the attached file with the generated encryption key, and an electronic device including the encrypted attached file The cipher using the search key created based on a function for transmitting mail and information derived from an attached file operation event related to an operation on the attached file received from a second terminal as a destination of the electronic mail A function of extracting an encryption key for decrypting the attached file, and extracting the extracted encryption key into the second The attached file encryption program for realizing a function to send to the end of the computer.   An encryption key generating unit for generating a new encryption key for encrypting an attached file included in the e-mail received from the first terminal as a transmission source, and the generated encryption key for the attribute information of the e-mail Or an encryption key recording unit that records data based on transmission source identification information or transmission destination identification information or a combination thereof as a search key, an encryption unit that encrypts the attached file with the generated encryption key, and encryption Created on the basis of information drawn from an attached file operation event relating to an operation on the attached file received from a second terminal as a destination of the e-mail Key extraction unit for extracting an encryption key for decrypting the encrypted attachment using the search key Attachments encrypted electronic mail server comprising the encryption key sending unit for sending a cryptographic key which has been extracted into the second terminal. For a terminal that exchanges mail through an attached file encryption mail server that encrypts the attached file using an encryption key generated for encrypting the attached file included in the received e-mail and forwards it to a destination e-mail address In the attachment encryption method,
Receiving an encrypted email including the attached file; sending an attached file operation event related to an operation on the attached file to the attached file encrypted mail server; and Receiving an encryption key for decrypting the encrypted attachment extracted using the search key created based on information derived from the attachment operation event; and using the encryption key to encrypt the encryption A method for encrypting an attached file, comprising: decrypting the attached file. For a terminal that exchanges mail through an attached file encryption mail server that encrypts the attached file using an encryption key generated for encrypting the attached file included in the received e-mail and forwards it to a destination e-mail address In the attached file encryption program,
A function of receiving an electronic mail including the encrypted attached file, a function of sending an attached file operation event related to an operation on the attached file to the attached file encrypted mail server, and the attached file encrypted mail server A function of receiving an encryption key for decrypting the encrypted attached file extracted using the search key created based on information extracted from an attachment operation event; and the encryption using the encryption key Attached file encryption program for causing a computer to realize the function of decrypting the attached file. For a terminal that exchanges mail through an attached file encryption mail server that encrypts the attached file using an encryption key generated for encrypting the attached file included in the received e-mail and forwards it to a destination e-mail address In the attachment encryption module,
A mail receiving unit for receiving an electronic mail including the encrypted attached file, an attached file operation event sending unit for sending an attached file operation event related to an operation on the attached file to the attached file encrypted mail server, and the attached A file encryption mail server receives an encryption key for decrypting the encrypted attachment file extracted using the search key created based on information extracted from the attachment file operation event, and the encryption key An attachment file encryption module comprising: a decryption unit for decrypting the encrypted attachment file using

Images