JP2011097480A - Device for controlling encryption/decryption of e-mail, method of controlling the same, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent information leakage by web-based e-mail to be transmitted to an external network by using data of web-based e-mail of the same thread as a common key in a chain-reaction manner. <P>SOLUTION: When transmitting new web-based e-mail that is not a return e-mail, root e-mail becoming common key data for encrypting and decrypting the new web-based e-mail is generated, and the new web-based e-mail is encrypted using the common key data obtained from the root e-mail. When transmitting web-based e-mail being a return e-mail, the web-based e-mail being a return e-mail is encrypted using common key data obtained from return source e-mail, the web-based e-mail encrypted and transmitted from the outside is decrypted in a chain-reaction manner using root e-mail in an encrypted e-mail thread and the common key data included in the web-based e-mail. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a mail encryption / decryption control device, a control method therefor, and a program, and more particularly to an encryption management technique for web mail.

  With the development of network technology in recent years, the cost of information exchange has dropped dramatically. Individuals and companies can efficiently communicate information by using various services using the Internet such as e-mail and web services. I can do it now.

  Beginning with the enforcement of the Personal Information Protection Law in 2005, organizations such as companies are required to take strict measures for information management. For example, the contents of e-mails sent outside the company as measures against information leakage It is common to introduce a transmission control system that permits information transmission to the outside only when the organization meets predetermined criteria, such as by checking.

  More recently, some organizations use a network computing configuration such as SaaS (Software As A Service). Organizations that want to use Saas have the main purpose of reducing management and operational costs by not having an information system such as a mail system in their organization. Web mail using a web browser can be used instead of conventional e-mail. Often used.

  Even when using webmail, the above-mentioned countermeasures against information leakage are necessary. Possible causes of information leakage include inadvertent transmission by users, intrusion due to webmail service vulnerabilities (for example, login account leakage), and intentional browsing / falsification of internal webmail by internal crimes. One method for preventing information leakage corresponding to such a situation is encrypted mail.

Currently, there are S / MIME, PGP (Pretty Good Privacy), etc. as technologies that can be used as encrypted mail, but it is said that it is used very actively due to reasons such as an increase in operating costs. I want. Under these circumstances, the number of people who use password-protected ZIP archives has increased in recent years. In this method, important documents are stored in a password-protected ZIP archive, the ZIP archive is attached to the first mail and transmitted, and then the password of the ZIP archive is described in the second mail. This is a technique of transmitting to the same destination. In this method,
・ There is a possibility of eavesdropping or tampering unless the password is sent by another route. ・ If the user does not carefully send the second e-mail, there is a high possibility that it will be sent incorrectly.

It is not safe in nature. However, since it can be realized more easily than the introduction of the encrypted mail mechanism as described above, it is actively used in web mail.

  Also, from the viewpoint of preventing information leakage, it is necessary that a person with the correct authority can perform information monitoring (content audit) even when using encrypted mail.

  As a technique for encrypting and transmitting content so as to encrypt such a mail text, there is a technique disclosed in Patent Document 1. This technique discloses a method of decrypting content using a plurality of keys embedded in a plurality of contents received and stored in advance.

JP 2008-165486 A

  When using encrypted mail in web mail, there are conflicting demands for information protection (encryption) and information monitoring (content audit), and moreover, key management costs (operation costs) such as public key cryptography certificate authorities ) As much as possible.

Furthermore, it was difficult to confirm that the webmail was not falsified on a thread basis (it was difficult to guarantee the originality of the webmail on a thread basis). That is, it is difficult to provide a mechanism that can monitor information while suppressing the operating cost of an encrypted mail system and that does not easily leak information even if erroneous transmission to a third party occurs.
Furthermore, it has been difficult to prevent information leakage by making it impossible for a person who provides a webmail service to easily view the contents of a webmail.

  An object of the present invention is to provide a mechanism for preventing information leakage due to webmail sent to an external network by using webmail data of the same thread as a common key.

  The present invention is a mail encryption / decryption control apparatus that can communicate with a webmail server that provides a webmail service and controls encryption and decryption of the webmail, and transmits a new webmail that is not a reply. A root mail generating means for generating a root mail as common key data for encrypting and decrypting the new web mail, and a common key obtained from the root mail generated by the root mail generating means The first encryption means for encrypting the new web mail using data, and the common web key data obtained from the reply source mail when sending the reply web mail, Second encryption means for encryption; storage means for storing the route mail generated by the route mail generation means; and the first encryption When displaying a webmail that is encrypted and transmitted from a webmail server in which the new webmail encrypted by the means and the webmail encrypted by the second encryption means are stored, Extraction to extract the encrypted mail thread by specifying the webmail as the parent of the webmail from the root mail stored in the storage means and the webmail stored in the webmail server up to the root mail And decryption means for decrypting the encrypted and transmitted web mail using the common key data included in the root mail and web mail in the encrypted mail thread extracted by the extraction means, It is characterized by providing.

  Further, the present invention is a control method in a mail encryption / decryption control device that is communicable with a webmail server that provides a webmail service and controls encryption and decryption of the webmail. A root mail generating step for generating a root mail as common key data for encrypting and decrypting the new web mail when transmitting a new web mail that is not a reply, and a first encryption means The first encryption step for encrypting the new web mail using the common key data obtained from the root mail generated in the root mail generation step, and the second encryption means are the return web mail. A second encryption step of encrypting the reply web mail using the common key data obtained from the reply source mail, A storage step for storing the route mail generated by the route mail generation step; and an extraction means for encrypting the new webmail encrypted by the first encryption step and the second encryption step. When displaying a webmail that is encrypted and transmitted from a webmail server in which the encrypted webmail is stored, the webmail that is the parent of the webmail is displayed up to the root mail in the storage step. Extraction means for extracting the encrypted mail thread by specifying from the stored root mail and the webmail stored in the webmail server, and decryption means in the encrypted mail thread extracted by the extraction step Using the common key data included in the root mail and the web mail, the encrypted web mail transmitted is restored. Characterized in that it comprises a decoding step of, a.

  Further, the present invention is a program executable in a mail encryption / decryption control device that can communicate with a webmail server that provides a webmail service and controls encryption and decryption of the webmail, When transmitting a new webmail that is not a reply to the encryption / decryption control device, root mail generation means for generating root mail that is common key data for encrypting and decrypting the new webmail; and The first encryption means for encrypting the new web mail using the common key data obtained from the root mail generated by the root mail generation means, and when sending a reply web mail, from the reply source mail Second encryption means for encrypting the reply web mail using the obtained common key data; and the route mail generator Storage means for storing the root mail generated by the above, web mail storing the new web mail encrypted by the first encryption means and the web mail encrypted by the second encryption means When displaying a webmail that is encrypted and transmitted from a server, the webmail that is the parent of the webmail is stored in the webmail server and the root mail stored in the storage means, up to the root mail. Extracting means for extracting the encrypted mail thread by specifying from the web mail, and using the common key data included in the root mail and the web mail in the encrypted mail thread extracted by the extracting means, It is made to function as a decryption means for decrypting the encrypted web mail transmitted.

  According to the present invention, it is possible to prevent information leakage due to webmail sent to an external network by using webmail data of the same thread as a common key.

It is a figure which shows the structural example of the system which concerns on embodiment of this invention. It is a figure which shows the hardware constitutions of the webmail client apparatus 100 of embodiment of this invention. It is a block diagram which shows the extended function of the browser which concerns on embodiment of this invention. It is a figure which shows an example of the mail summary of embodiment of this invention. It is a figure which shows the structural example of the encryption mail thread | sled of embodiment of this invention. It is a figure which shows the structural example of the encryption mail thread containing the transfer process of embodiment of this invention. It is a sequence diagram which shows an example when encrypting and transmitting the new webmail which is not a reply. It is a flowchart which shows the initialization process of the browser extended function of embodiment of this invention. It is a flowchart which shows the webmail transmission process of embodiment of this invention. It is a flowchart which shows the parent mail detection process of embodiment of this invention. It is a flowchart which shows the parent mail search condition selection process of embodiment of this invention. It is a flowchart which shows the route mail preparation process of embodiment of this invention. It is a flowchart which shows the mail encryption process of embodiment of this invention. It is a flowchart which shows the route mail transmission process of embodiment of this invention. It is a flowchart which shows the root mail deletion process of embodiment of this invention. It is a flowchart which shows the all-parent thread transmission process of embodiment of this invention. It is a flowchart which shows the parent mail set creation process of embodiment of this invention. It is a flowchart which shows the webmail display process of embodiment of this invention. It is a flowchart which shows the mail decoding process of embodiment of this invention. It is a flowchart which shows the web mail deletion process of embodiment of this invention. It is a flowchart which shows the search condition selection process of embodiment of this invention. It is an example of the rule management part 301 of embodiment of this invention. It is a figure which shows an example of the root mail information of embodiment of this invention. It is a figure which shows the Example of the route mail information of embodiment of this invention. It is a figure which shows the Example of the mail thread | sled of embodiment of this invention. It is a figure which shows the Example of the encryption mail thread | sled of embodiment of this invention.

Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.

FIG. 1 is a diagram showing a system configuration example of a web mail management apparatus showing an embodiment of the present invention.

In FIG. 1, reference numerals 100 and 110 denote web mail client devices. The wide area network 120 is a network including the Internet. Reference numeral 130 denotes a web mail server that provides a web mail service.

The web mail client device 100 includes a web browser 101 and a web browser extension function 102. Similarly, the web mail client device 110 includes a web browser 111 and a web browser extension function 112.

When using the webmail client device 100 to use the webmail service, the user accesses the webmail server 130 using the web browser 101. The difference from the conventional electronic mail (SMTP system) is that the mail body transmitted and received in the web mail service is not stored in the web mail client apparatus 100 but is stored in the web mail server 130. The web browser 101 accesses the web mail server 130 while calling the web browser extension function 102 as necessary. Details of the web browser extension function 102 will be described later.

In the embodiment shown in FIG. 1, an authentication server based on personnel information and a setting information storage server are installed on the intranet (that is, the web mail client devices 100 and 110 side from the wide area network 120). Without being limited to the installation location of the client devices 100 and 110, the user can use a web mail client device that is not being used as appropriate.

FIG. 2 is a block diagram showing a hardware configuration of the webmail client device 100.

In FIG. 2, reference numeral 201 denotes a CPU that controls the entire web mail client device 100 using programs and data stored in the RAM 202 and the ROM 204, and performs each process described later performed by the web mail client device 100.

The RAM 202 is an area for temporarily storing programs and data loaded from the HDD (hard disk drive) 204 and the storage medium drive 206, programs and data received from the outside via the network I / F (interface) 205, and the like. In addition, various areas such as a work area used when the CPU 201 executes various processes can be provided as appropriate.

The ROM 203 stores setting data of the webmail client device 100, a boot program, and the like.

The HDD 204 is used to store an OS (operating system) and programs and data for causing the CPU 201 to execute processes described below performed by the web mail client device 100, and these are appropriately stored in the RAM 202 according to control by the CPU 201. It is loaded and becomes a processing target by the CPU 201.

The network I / F 205 is for connecting the web mail client device 100 to the wide area network 120, and the web mail client apparatus 100 is connected to the wide area network 120 via the network I / F 205. Data communication with the device can be performed.

The storage medium drive 206 reads a program and data recorded on a storage medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, and DVD-RAM, and outputs them to the RAM 202 and the HDD 204. . A part of the information stored in the RAM 202 or the HDD 204 may be recorded on this storage medium.

A keyboard 207 and a pointing device 208 configured with a mouse, a joystick, and the like can input various instructions to the CPU 201 when operated by an operator of the web mail client device 100.

The display unit 209 is configured by a CRT, a liquid crystal screen, or the like, and can display a processing result by the CPU 201 with an image, text, or the like.

The external device connection I / F 210 is an interface for connecting peripheral devices to the webmail client device 100. The web mail client device 100 performs data transmission / reception with the peripheral device via the external device connection I / F 210. The external device connection I / F 210 is configured by USB, IEEE1394, or the like, and usually has a plurality of external device connection I / Fs. The connection form with the peripheral device may be wired or wireless.

The bus 211 connects the above-described units (201 to 210) in a communicable manner.

The hardware configuration of the webmail client device 100 is described as having the configuration shown in FIG. 2, but is not necessarily limited to having the configuration shown in FIG. 2, and is described as processing performed by the webmail client device 100. As long as the following processing can be executed, the configuration of the web mail client device 100 may be modified as appropriate.

The hardware configuration of the webmail client device 110 and the webmail server 130 has a configuration shown in FIG. 2 as is well known since a general computer is applied to them.

FIG. 3 is a block diagram showing the web browser extension function 102. The web browser extension function 102 is called from the web browser 101 as necessary, and performs encryption and decryption of web mail, thread management, and the like.

The web browser extension function 102 includes a mail body changing unit 300, a rule management unit 301, a thread search unit 302, a thread encryption / decryption unit 303, a determination unit 304, a browser connection unit 305, and a mail storage unit 306. A route mail creation unit 307. Further, the browser 308 (web browser 101) is connected through the browser connection unit 305.

When the mail is transmitted by the browser 308, the browser connection unit 305 receives a mail encryption instruction, and the rule stored in the rule management unit 301 indicates whether the mail should be encrypted by the determination unit 304. Judge with reference to. If it is determined that the mail is to be encrypted, if it is a newly created mail, the mail body is encrypted in the thread encryption / decryption unit 303 based on the route mail created by the route mail creation unit 307. The encrypted mail body is replaced by the mail body changing unit 300 and sent to the browser 308 via the browser connection unit 305. Details of the series of mail thread encryption processing will be described later.

When the browser 308 displays the encrypted mail, the browser connection unit 305 receives a mail decryption instruction. In order for the determination unit 304 to acquire a mail thread necessary for decryption, the browser 308 is instructed to acquire necessary mail thread data from the web mail server 130 via the browser connection unit 305, and further, thread encryption Instructs the thread search unit 302 to acquire the route mail stored in the mail storage unit 306 via the decryption unit 303. The thread encryption / decryption unit 303 decrypts the body of the encrypted mail from the acquired mail thread data, is replaced by the mail body change unit 300, and is sent to the browser 308 via the browser connection unit 305. Details of the series of mail thread decoding processes will be described later.

When the browser 308 deletes the encrypted mail, the browser connection unit 305 receives an instruction to delete the mail. In order to acquire the mail affected by the deletion process, the determination unit 304 instructs the browser 308 to acquire necessary mail thread data from the web mail server 130 via the browser connection unit 305. If the instruction is to delete the entire mail thread, the thread search unit 302 is instructed to acquire the root mail stored in the mail storage unit 306 via the thread encryption / decryption unit 303. After creating a list of mails to be deleted, the determination unit 304 displays a warning associated with the deletion via the browser connection unit 305 to the user, and performs deletion processing after obtaining the user's consent. Details of the series of mail thread deletion processing will be described later.

Next, the mail thread will be described with reference to FIGS. 4 and 25. FIG.

FIG. 4 is a diagram showing an example of a mail summary. The mail summary 400 displays a part of web mail stored in the web mail server 130. In addition, a mail thread is an arrangement of a plurality of mails exchanged between a sender and a mail recipient in a time series for one topic.

In the mail summary 400, the mail 402, the mail 403, the mail 404, and the mail 405 based on the mail 401 constitute the first mail thread. Mail 402, mail 403, mail 404, and mail 405 all indicate a reply process to the immediately preceding mail.

The mail 407 and the mail 408 form a second mail thread with the mail 406 as a base point. Note that the mail 408 indicates that the sender hayashi has forwarded the mail 406 to the destination umeda, not the reply process of the mail 407.

Thus, as a first method for determining the configuration of a mail thread composed of a plurality of mails, each header information of Message-ID, In-Reply-To or Reference described in RFC (Request for Comments) 2822 There is a method to refer to.

The first method will be described in detail with reference to FIG. The mail 2501 is an example of a mail, and has a Message-ID header 2502 to identify that the mail 2501 is unique as described in RFC2822. A mail 2503 is an example of a reply mail, and a reply process for the mail 2501 is performed.

As described in RFC2822, in the reply process, it is supposed that the identification information of the mail that is the reply source should be described in the In-Reply-To header. In the mail 2503, the In-Reply-To header 2504 The value of the Message-ID header 2502 of the mail 2501 is described as the value.

The web mail server 130 that has sent the mail 2501 and received the mail 2503 can refer to the header information to know that the reply mail of the mail 2501 is the mail 2503. Therefore, the mail 2501 and the mail 2503 have mail threads. It can be determined that it is configured.

Similarly, in the mail 2506, the value of the In-Reply-To header 2508 is the value of the Message-ID header 2505 of the mail 2503. Therefore, it can be determined that the mail 2506 is also a part of the mail constituting the mail thread.

As a second technique for determining that the mail is a mail thread, there is a technique that uses what is called an arbitrarily attached tag. The tag may be arbitrarily given by the user of the web mail, or may be automatically given by the web mail server 130. In the case of automation by the system, for example, a group of a plurality of senders may be used, or certain specific header information may be assigned to the same.

As a third method for determining the configuration of the mail thread, there is a method of collecting the same subject. In the case of a reply mail or a forward mail, a formal character string such as “Re:” indicating a reply or “Fw:” indicating a transfer is added to the subject of the base mail. Therefore, this is a technique for determining that the same mail having a subject excluding such a character string constitutes a mail thread.

In the second and third methods, since a plurality of mails that meet the conditions are detected, the transmission time in each mail is referred to in order in time series.

The mail summary 410 is an example in which the mail summary 400 is displayed in another format, and is displayed in units of mail threads. The mail thread 411 is a mail thread grouped by the subject “details sending”, and is a display composed of a mail 401, a mail 402, a mail 403, a mail 404 and a mail 405. The mail thread 412 is a display composed of a mail 406, a mail 407, and a mail 408. The number given to the subject indicates the number of mails that make up the mail thread. That is, it can be seen that the mail thread 411 is composed of five mails and the mail thread 412 is composed of three mails.

The mail thread configuration determination method has been described above. In the following examples, the first method (RFC2822) will be mainly described.

Next, an outline of mail thread encryption using the mail thread structure will be described with reference to FIGS.

FIG. 5 shows a part of a configuration example when the first mail thread based on the mail 401 in FIG. 4 is an encrypted mail thread. The encrypted mail structure 502 corresponds to the mail 401, and the encrypted mail structure 505 corresponds to the mail 402. At this time, the mail body part is in an encrypted state (503 and 506).

The decryption process in the mail thread encryption method has a feature that the body part of the parent mail of the mail is used as a common key file (common key data). Accordingly, the decryption key of the encrypted text 506 is the mail text 504 obtained by decrypting the encrypted text 503 of the encrypted mail structure 502 corresponding to the parent mail. In other words, the encrypted body 506 is decrypted using the mail body 504 as a common key file, and the mail body 507 is obtained.

At this time, in order to obtain the mail text 504 that is a common key file, the encrypted text 503 must be decrypted. The decryption key (common key data) is the root mail body 501 of the root mail structure 500. Details of the route mail will be described later.

FIG. 6 shows a part of a configuration example when the second mail thread based on the mail 403 in FIG. 4 is an encrypted mail thread. The encrypted mail structure 602 corresponds to the mail 406, the encrypted mail structure 605 corresponds to the mail 407, and the encrypted mail structure 608 corresponds to the mail 408. The encrypted mail structure 608 has a transfer processing relationship with the encrypted mail structure 602. Therefore, the common key file for decrypting the encrypted body 609 of the encrypted mail structure 608 is the decrypted mail body 604 of the encrypted mail structure 602, and the common key file for decrypting the encrypted body 606 of the encrypted mail structure 605. Is the same.

Thus, in the mail thread encryption method, it is necessary to decrypt the parent mail in a chain in order to decrypt the encrypted body part. Therefore, the encrypted text cannot be decrypted unless all mails constituting the mail thread including the root mail are possessed.

Next, in the mail thread encryption method, a series of flow from connection to the web mail server 130 to new mail creation and transmission processing will be described with reference to FIG.

When the user activates the web browser 101 of the web mail client device 100, the web browser 101 initializes the web browser extension function 102 (step S701). The web browser extension function 102 registers an event handler in the web browser 101 as an initialization process (step S702). The event handler is set to call the web browser extension function 102 for any event in the web browser 101 (for example, when a mouse is clicked, a new home page is loaded, screen drawing is finished, etc.). It is an item.

When the initialization process of the web browser 101 is completed and the user connects to the webmail server 130, a login process to the webmail service is performed (step S703). The web mail server 130 authenticates the login ID and login password of the user and returns a successful login to the web browser 101 (step S704). If the login is successful, a general web mail service acquires a list of mails stored in the web mail server 130 (steps S705 and S706). At this time, a mail list such as the mail summary 400 or the mail summary 410 shown in FIG.

The user can display the content of the mail on the web browser 101 by selecting any mail in the mail summary 400 or the mail summary 410 (step S707). At this time, if the mail is mail encrypted by the mail thread encryption method, the web browser extension function 102 decrypts the body part of the mail and displays it on the web browser 101 (step S708). Details of the decoding process will be described later.

If the user wants to create a new mail that is not a reply (referred to as the first mail), the user operates the web browser 101 to issue an instruction for creating a new mail to the web mail server 130 (step S709), and creates a mail creation screen. Is displayed (step S710). The first mail is created on the mail creation screen (step S711), and when the creation is completed and the web browser 101 issues a transmission instruction to the web mail server 130, the event handler set in step S701 is called to expand the web browser. Processing shifts to function 102 (step S712).

Upon receiving the first mail transmission instruction, the web browser extension function 102 creates and stores a root mail (step S713). Details of the route mail will be described later. The web browser extension function 102 issues a transmission instruction for the created route mail to the web mail server 130 (step S714), and the web mail server 130 returns a transmission completion (step S715). Here, the web browser extension function 102 uses the root mail as a common key file, encrypts the text of the first mail (step S716), and replaces the first mail on the web browser 101 with the encrypted text. (Step S717).

The first mail replaced with the encrypted text is transmitted to the web mail server 130 (step S718), and the transmission completion is received (step S719).

Next, each process in the web browser extended function 102 will be described in detail.

FIG. 8 shows an initialization process of the web browser extension function 102. When the web browser 101 is activated, this initialization process is called. In step S801, the web browser extension function 102 is initialized. Specifically, it indicates reading of setting information and initialization of internal data. As described above, as long as a server or the like that stores setting information is installed in the intranet, not only the method of reading the setting file stored in the web mail client device 100 but also various settings from the setting information storage server. A method of acquiring information is also possible. In subsequent step S <b> 802, the connection destination to the web browser extension function 102 is registered in the event listener of the web browser 101. The points to be registered are transmission, display and deletion of web mail. With the above processing, the initialization processing of the web browser extension function 102 is completed.

Next, the processing of the connection destination registered in the event listener will be described in detail. Web mail transmission will be described with reference to FIGS. 9 to 17 and FIG. Web mail transmission processing is roughly divided into two types of transmission. One is a process of sending a newly created webmail that is not a reply, and the other is a process of sending a webmail accompanying a reply or transfer. First, the transmission process of a newly created mail that is not a reply (hereinafter referred to as a first mail) will be described in detail with reference to FIG.

FIG. 9 shows a processing flow of web mail transmission in the mail thread encryption method. In step S901, it is confirmed whether the HTTP request is registered in advance. The confirmation method is, for example, whether the destination URL is registered in advance, or whether the HTML DOM structure currently displayed on the web browser 101 matches that registered in advance. It is a method of confirming. If it is determined that the operation is not registered (“No” in step S901), the process proceeds to step S916, and the first mail is transmitted without performing the encryption process.

If “Yes” in step S901, the process advances to step S902 to determine whether the mail is an encryption target mail. FIG. 22 shows an example of operation rules for determination. The operation rule is a management table that describes what operation the system performs in accordance with various conditions such as the contents of the created mail and the destination. For example, the operation rule 2201 indicates “encrypt if the destination includes outside the organization”, the operation rule 2202 indicates “encrypt if the result of keyword inspection includes“ confidential ””, and the operation rule 2203 indicates Indicates “encrypt if there is an attached file”.

Returning to FIG. 9, if “NO” in step S902, that is, if it is determined that the mail is not to be encrypted, the process proceeds to step S916, and the first mail is transmitted without performing the encryption process. .

If it is determined that the first mail is an encryption target (“Yes” in step S902), the process proceeds to step S903, where the first mail is defined as a search mail, and the parent mail detection process is performed in the subsequent step S904. FIG. 10 shows a parent mail detection process, and FIG. 11 shows a parent mail search condition selection flow.

In step S1001 of FIG. 10, a search condition for the parent mail is selected. Moving to FIG. 11, in step S1101, it is confirmed whether the In-reply-to header information exists in the first mail set as the search mail. In the case of the first mail, since there is no In-reply-to header information indicating the reply source, Step S1101 is “No”, and the process proceeds to Step S1103. In step S1103, it is confirmed whether a tag is set. In the case of the first mail, since no tag is specified, step S1103 also becomes “No”, and the process proceeds to step S1105. In step S1105, the search key is set to “subject” and the search range is set to “time (past)”.

Returning to FIG. 10, the mail search is performed with the parent mail search condition set in the parent mail search condition selection (step S1002). The range to be searched for mail is the root mail stored in the mail storage unit 306 and the web mail stored in the web mail server 130. As described above, in the case of the first mail, the search key will be “subject”, but it will be explained that there is no corresponding search result in the first mail. (For the explanation of the flow when there is a search result, send a reply mail. Will be described later as a specific example). The search process of the parent mail in step S1002 may be a process of instructing a search to the web mail server under the condition and acquiring a search result from the web mail server, or a header of each web mail acquired from the web mail server. A process for searching for a parent mail from information (Message-ID, In-Reply-to, etc.) may be used. Which process is executed may be determined according to a webmail server that provides a webmail service. Here, a description will be given of a process for searching for a parent mail from header information (Message-ID, In-Reply-to, etc.) of each webmail acquired from the webmail server.

As a result of the mail search in step S1002, since the corresponding mail does not exist, that is, “No” in step S1003, the parent mail detection process fails. Returning to FIG. 9, since the detection has failed (in the case of “No” in step S905), the process proceeds to step S906.

In step S906, the operation rule 2200 confirms whether the user who created the first mail has permission to create a new thread. For example, in FIG. 22, the action rule 2204 indicates that “users Hayashi and Tanaka have permission for new creation”. If the user does not have permission to create a new thread (in the case of “No” in step S906), the user is notified of this, and transmission processing is terminated as transmission prohibition.

If “Yes” in step S906, that is, if the user has permission to create a new thread, the process advances to step S907 to execute route mail creation processing. As shown in the encrypted mail structure 500 and the encrypted mail structure 600, the root mail is a special mail serving as a base point of the encrypted mail thread, and in the encryption and decryption processing of the body part of the first mail. This email is a common key file.

FIG. 12 shows route mail creation processing (route mail generation processing). In step S1201, a route mail is created. Details of the route mail will be described later. In the subsequent step S1202, the route mail is stored in the mail storage unit 306.

Returning to FIG. 9, route mail transmission is performed in step S908. FIG. 14 shows a flow of route mail transmission processing, and FIG. 15 shows a flow of route mail deletion processing.

In step S1401 of FIG. 14, it is confirmed whether or not automatic transmission of web mail is possible with the web mail service. If automatic transmission is possible (in the case of “Yes” in step S1401), the process proceeds to step S1402, and the created route mail is transmitted. As an automatic transmission method, there are a method of using an API published by a web mail service, and a method of using an SMTP server when an SMTP server is published. Such automatic transmission method and information on whether automatic transmission is possible are preferably described in the management table.

If automatic transmission is impossible (in the case of “No” in step S1401), the process proceeds to step S1404, and an instruction is issued on the web browser 101 to have the route mail transmitted manually. Specifically, the destination, subject, and encrypted text are displayed on a separate screen, and the route mail is manually transmitted from the web mail transmission screen using the copy and paste function of the OS (operating system). Is the method.

When the transmission of the route mail is completed, the process proceeds to step S1403, and the transmitted route mail is deleted from the web mail server 130. Here, the webmail client device issues a deletion instruction to the webmail server 130 to delete the route mail. The root mail is a common key file of the first mail, and leaving it on the web mail server 130 means that the encrypted first mail can be decrypted by a third party. Therefore, the root mail must be deleted from the web mail server 130. As described above, the route mail is stored in the mail storage unit 306 in step S1202 of FIG.

In step S1501 of FIG. 15, it is confirmed whether or not the web mail service can automatically delete the web mail. If automatic deletion is possible (if “Yes” in step S1501), the process advances to step S1502 to delete the route mail. Here, the webmail client device deletes the webmail server by issuing a deletion instruction. As a method of automatic deletion, there are a method of using an API published by a web mail service, a method of transmitting an HTTP request that simulates a deletion command, and the like. Such automatic deletion method and information on whether automatic deletion is possible are preferably described in the management table.

If automatic deletion is impossible (in the case of “No” in step S1501), the process advances to step S1503 to instruct the web browser 101 to manually delete the route mail. Specifically, it is a method of displaying the address, subject, text content, etc. on a separate screen and allowing the user to check the corresponding sent mail list.

When the root mail transmission process and the root mail deletion process are completed, the process returns to FIG. 9 and the first mail is encrypted using the root mail as a common key in step S909. FIG. 13 shows mail encryption processing.

In step S1301, the mail text that is the encryption target of the first mail is extracted. In the following step S1302, the mail body extracted from the root mail as a common key file (root mail body 1304) is encrypted. At this time, by specifying the use of the passphrase 1306 when creating the root mail, the user can input the passphrase to improve the encryption strength. Details of the route mail including the pass phrase will be described later.

In the following step S1303, the encrypted mail body is converted into a text string so that it can be processed by the mail server, and replaced with the body of the first mail. In addition, an In-reply-to (or Reference header) based on RFC2822 is added to the header portion of the first mail in order to indicate that it is chained from the root mail. The value assigned is a Message-ID identifier assigned to the root mail.

Depending on the web mail service, it may be difficult to provide the header information as described above even if the text can be replaced. In such a case, a method of preparing header information to be added as a text file and transmitting it as an attached file of the first mail is used. At this time, it is desirable that the name of the attached file is constant (for example, CryptoThreadHeader.dat), and the processing is performed by the web browser extension function on the receiving side. Details of the chain relationship based on these route mails will be described later.

Returning to FIG. 9, the first mail encrypted in step S <b> 910 is transmitted via the web browser 101, and the web mail transmission process of the newly created mail that is not a reply is terminated.

Here, the route mail generated in step S1201 of FIG. 12 will be described.

As described above, the root mail is the base point of the mail thread encryption method, and is automatically created when the first mail is created. At the time of creating the route mail, the route mail includes one or more of the following information. (1) Information relating to the mail identifier (2) Auxiliary information for encryption (3) Information relating to the mail thread management method (4) Information proving the transmission information of the first mail For such route mail information, FIG. FIG. 24 shows an embodiment.

The route mail information 2300 in FIG. 23 shows an example of route mail information described in the route mail. The root mail identifier 2301 and the first mail identifier 2302 are information regarding the mail identifier. The root mail identifier 2301 is arbitrary character string information for determining that the root mail is unique, and corresponds to the Message-ID of RFC2822. The first mail identifier 2302 indicates the Message-ID of the first mail created by the web browser 101, for example.

In FIG. 24, route mail 2400 shows an example of route mail. Header information 2401 (Message-ID) is an example of the root mail identifier 2301, and header information 2402 (X-CryptThread-Mail) is an example of the first mail identifier 2302.

The encryption auxiliary character string 2303 describes a random character string in advance in order to strengthen the encryption strength when the root mail itself is used as a common key file. In FIG. 24, an encryption auxiliary character string 2403 is an example of the encryption auxiliary character string 2303. The encryption auxiliary character string 2303 is described in the mail body area.

The root mail identifier 2301, the first mail identifier 2302, and the encryption auxiliary character string 2303 are essential items as root mail information.

The mail thread management information includes a disclosure range 2304, an expiration time 2305, and a passphrase 2306. These pieces of information are information related to mail thread management based on the first mail, and are optional items. The open range 2304 limits mail transmission outside the range specified in advance. This is used in a reply or transfer process from an encrypted mail thread to be described later. The expiration time 2305 designates the expiration time of the encrypted mail thread.

The passphrase 2306 forces the user to input a passphrase in mail encryption and decryption processing. For example, in the process of encrypting the mail body in step S1302, if the root mail of the encrypted mail thread has a passphrase described, the input of the passphrase is compelled and the input passphrase and the root mail are described. If the passphrases do not match, the encryption process will fail. In the passphrase 2306, the passphrase to be input is not described as it is, but for example, the value of the hash function including SHA (Secure Hash Algorithm) is described, and the input passphrase A method of comparing with a hash value is desirable.

There are a certificate 2307 and a transmission time 2308 as information to prove the transmission information of the first mail. The certificate 2307 proves the sender of the first mail, and the transmission time 2308 indicates information (time stamp) that proves the transmission time of the first mail. Since the proof information increases the management cost as described above, it is an optional item so that it can be used in consideration of the balance between the security and reliability of the encryption system.

In FIG. 24, an area 2404 is an example of the mail thread management information and the information related to the certificate. An area 2404 is a mail text, and is distinguished from the encryption auxiliary character string 2403 with a blank line in between. In the example of FIG. 24, the disclosure range is set to * @ example. co. It is limited to jp, the passphrase is validated, and the expiration time, sender certificate and transmission time certificate are not set. In other words, the encrypted mail thread based on the root mail 2300 needs to input a passphrase for the encryption / decryption processing, and the example. co. It is managed that transmission to other than the jp domain is not possible.

Here, an example of an encrypted mail thread based on the root mail 2300 is shown in FIG. A mail 2601 is a route mail 2300. The mail 2601 is assigned header information 2602 (Message-ID) which is a mail identifier. Since the mail 2601 is a root mail, the header information 2603 indicating the first mail identifier is given, and the value thereof is the same as the value of the header information 2605 that is the mail identifier of the mail 2604.

Further, the mail 2604 has header information 2606 (In-reply-to) for indicating a mail thread based on the root mail 2601. The value of the header information 2606 is the same as the value of the root mail identifier 2602. In the same manner, the mail 2607 and the mail 2608 and the encrypted mail thread are configured in the same manner.

In addition, when the value of the header information 2609 (Content-type) is application / x-cryptthread-mail, the header information 2609 indicates that it is an encrypted mail constituting an encrypted mail thread.

As described above, depending on the web mail service, even if the text can be replaced, it may be difficult to add or change the header information of the route mail. In such a case, a method of preparing header information to be added as a text file and transmitting it as an attached file of the route mail is used. At this time, it is desirable that the name of the attached file is constant (for example, CryptoThreadHeader.dat), and the processing is performed by the web browser extension function on the receiving side.

Next, the flow in FIG. 9 will be described with respect to the transmission of mail accompanying reply or transfer.

Even in the case of sending a mail accompanying a reply or transfer, steps S901, S902, and S903 are the same as those in the case of the first mail, and thus description thereof is omitted. In subsequent step S904, a parent mail detection process is performed. FIG. 10 shows a parent mail detection process, and FIG. 11 shows a parent mail search condition selection flow.

In step S1001 of FIG. 10, a search condition for the parent mail is selected. Moving to FIG. 11, in step S1101, it is confirmed whether the In-reply-to header information exists in the reply source mail set as the search mail. In the case of a mail accompanying a reply, since there is In-reply-to header information indicating the reply source, “Yes” is determined in step S1101, the process proceeds to step S1102, and an In− indicating the Message-ID value of the parent mail as a search key. Set the reply-to value. In this case, since the reply source mail is uniquely specified, there is no specification of the search range.

In addition, in the case of mail accompanying transfer, since there is no In-reply-to header information indicating the transfer source, Step S1101 is “No”, and the process proceeds to Step S1103. In step S1103, it is confirmed whether a tag is set. In the case of a forwarded mail, if a tag is set (ie, if “Yes” in step S1103), the process proceeds to step S1104, where the search key is set to “tag” and the search range is set to “time (past)”. . If no tag is set (if “NO” in step S1103), the process advances to step S1105. In step S1105, the search key is set to “subject” and the search range is set to “time (past)”.

Returning to FIG. 10, in step S1002, a mail search is performed using the set parent mail search conditions. The target of the mail search is web mail stored in the mail storage unit 306 and the web mail server 130.

As a result of the mail search in step S1002, when the search of the reply source or the transfer source mail is successful (in the case of “Yes” in step S1003), the process proceeds to step S1004. In the case of a mail accompanying a reply, since the search key is an In-reply-to value, “Yes” is obtained in step S1004, and the parent mail is successfully detected. In the case of mail accompanying transfer, since the search key is not an In-reply-to value, “No” is determined in step S1004, and the process proceeds to step S1005. At this time, since there is a possibility that a plurality of candidates are included in the search result, in step S1005, the latest search result is selected, and this is used as the parent mail, and the parent mail detection process is successful.

Returning to FIG. 9, if the parent mail is successfully detected in step S904, “Yes” is determined in step S905, and the process advances to step S911 to encrypt the reply (or forwarded) mail with the detected parent mail. FIG. 13 shows mail encryption processing.

In step S1301, the mail text that is the encryption target of the reply (or transfer) mail is extracted. In step S1302, the mail body extracted from the parent mail as a common key file (parent mail body 1305) is encrypted. In order to obtain the parent mail text 1305, it is necessary to perform the mail decrypting process shown in FIG. The mail decryption process will be described later. At this time, by specifying the use of the passphrase 1306 recorded in the root mail of the encrypted mail thread including the parent mail (by specifying the root mail of the encrypted mail thread by executing the mail decryption process) The details can be described later), and the user can input a passphrase to improve the encryption strength. Details of the route mail including the pass phrase will be described later.

In the subsequent step S1303, the encrypted mail body is converted into a text string so that it can be processed by the mail server, and replaced with the body of the reply (or forwarded) mail. In the case of forwarded mail, there is no In-reply-to (or Reference header) for indicating that the mail is chained from the parent mail. As mentioned above, it is possible to specify the parent mail by using the tag and subject, but if you want to specify the parent mail more accurately, you can intentionally add an In-reply-to header, This can be dealt with by assigning unique specific header information, or determining the parent mail from a part of the reference information described in the forwarded mail text.

Returning to FIG. 9, after the reply (or transfer) mail is encrypted in step S911, the process proceeds to step S912. Here, it is confirmed whether the address of the reply (or transfer) mail has increased from the address of the reply source or the mail of the transfer source, that is, the address described in the parent mail. If there is no change in the destination (“No” in step S912), the process proceeds to step S915, the encrypted reply (or transfer) mail is transmitted from the web browser 101, and the process ends.

If there is a change in the destination (“Yes” in step S912), the process proceeds to step S913, and all parent thread transmission processing is performed. The encrypted mail thread according to the present invention has a feature of encrypting a mail body in a chain from a root mail. Therefore, recipients added from the middle of an encrypted mail thread will receive encrypted mail as long as they only receive encrypted mail, but do not have an encrypted mail thread including the previous root mail. Cannot be decrypted. The all-parent thread transmission process is a process corresponding to such a situation. FIG. 16 shows a flow of all parent thread transmission processing.

First, in step S1601 to step S1603, the operation rule is confirmed for the added destination. In step S1602, it is determined whether the destination is an encryption target. If the destination is not the encryption target (“NO” in step S1602), the all-parent thread transmission process fails.

If the destination is an encryption target (“YES” in step S1603), the process advances to step S1603. In step S1603, it is determined whether all parent threads can transmit. If the all-parent thread transmission is prohibited (“No” in step S1603), the all-parent thread transmission process fails.

An example of the operation rule 2200 referred to in the above determination is shown in FIG. 22 as described above. An operation rule 2206 will be described as an example of this step. The operation rule 2206 indicates “users Hayashi, Tanaka, and Umeda are permitted to receive all parent threads”. Therefore, when the added destination is a destination included in the operation rule 2206, all parent threads can be transmitted.

When the confirmation of all the added destinations is completed, the process proceeds to step S1604. Here, the reply (or forward) mail is set as the search mail, and the parent mail set creation processing is performed in the subsequent step S1605. FIG. 17 shows a flow of creating a parent mail set.

Parent mail set creation processing refers to all mail from the root mail to the parent mail (that is, all mail that has been exchanged in the mail thread so far) in the encrypted mail thread to which the mail belongs, starting from any mail ) Is detected. In step S1701, a stack initialization process for storing the parent mail set is performed. In subsequent step S1702, the parent mail of the reply (or forward) mail set as the search mail is detected. The flow of the parent mail detection process is shown in FIG. 10 and has been described in step S904 in FIG.

If the parent mail cannot be detected (“No” in step S1703), the parent mail set creation process fails. If the parent mail has been successfully detected (“Yes” in step S1703), the process advances to step S1704 to push the parent mail detected in the mail stack. In step S1705, it is confirmed whether the parent mail detected is a root mail. If it is a root mail (“Yes” in step S1705), since all the parent mails have been detected, the parent mail set creation process is successful. If it is not the root mail (“No” in step S1705), the process proceeds to step S1706, the parent mail as the search result is set in the search mail, and the process returns to step S1702 to detect the parent mail recursively. .

Returning to FIG. 16, when the parent mail set creation process fails (in the case of “No” in step S1606), the all parent thread transmission process fails. If the parent mail set creation process is successful (“Yes” in step S1606), the process advances to step S1607 to transmit all mails detected in the parent mail set process to the added destination.

Returning to FIG. 9, if the all-parent thread transmission process fails (“No” in step S <b> 914), the web mail transmission process is terminated with transmission prohibited. If the all-parent thread transmission process is successful (“Yes” in step S914), the process proceeds to step S915, the encrypted reply (or transfer) mail is transmitted from the web browser 101, and the process ends.

Next, web mail display, which is processing of the connection destination registered in the event listener, will be described in detail with reference to FIGS.

When browsing a web mail stored in the web mail server 130 by the mail thread encryption method, it is necessary to trace the mail thread to the root mail and decrypt it in a chained manner as described above. FIG. 18 shows a flow of web mail display.

There are the following three types of webmail stored in the webmail server 130. (1) Route mail addressed to the user (2) Encrypted mail (3) Normal mail (normal mail that is not encrypted)

The web mail display process is called when the web browser 101 displays the text of the web mail, and performs a process corresponding to the three types of web mail described above.

In step S1801, it is determined whether the displayed web mail is a root mail. Specifically, the determination is made based on whether or not a unique item name (header information 2402 in FIG. 24: X-CryptThread-Mail etc.) exists in the header information. Alternatively, as described above, determination may be made based on whether equivalent information is included from an attached file having a certain attached file name.

As described above, the root mail is a mail that is transmitted prior to the first mail when a new mail thread is created and exists only in the user's local file. Therefore, the presence of the root mail on the web mail server 130 means that the root mail has been transmitted from another person to the user. If it is determined that the mail to be displayed is a root mail (“Yes” in step S1801), the process proceeds to step S1802, and the root mail is stored in the mail storage unit 306 as a local file. Subsequently, the root mail stored on the web mail server 130 is deleted (step S1803), and in step S1804, a notification of the completion of storing the root mail is displayed to the user. Note that the root mail is control information in the mail thread encryption method and does not require readability, so the web mail display process may be terminated without notification.

If the web mail to be displayed is not a root mail (“No” in step S1801), the process advances to step S1805 to determine whether the mail is an encrypted mail. Specifically, as in the case of the root mail, a unique item name (header information 2609 in FIG. 26: Content-type, etc.) and its value (application / x-cryptthread-mail) are included in the header information. Judgment is made based on whether or not it is shown. Alternatively, as described above, determination may be made based on whether equivalent information is included from an attached file having a certain attached file name.

If it is determined that the mail to be displayed is an encrypted mail ("Yes" in step S1805), the process proceeds to step S1806, the web mail is set as the search mail, and the mail decryption process is performed (step S1807). ). The mail decryption process will be described later in detail.

If the mail decrypting process in step S1807 is successful (“Yes” in step S1808), the process advances to step S1809, and the decrypted webmail is displayed on the web browser 101. If the mail decryption process has failed (if “NO” in step S1808), the process advances to step S1810 to display to the user that decryption has failed.

If it is not determined that the web mail is an encrypted mail (“No” in step S1805), since the web mail is determined to be a normal mail, the process proceeds to step S1811, and the web mail is processed as usual. Is displayed.

Here, the web mail decrypting process will be described in detail with reference to FIG. The mail decryption process called from step S1807 in FIG. 18 recursively traces the encrypted mail thread to the root mail, and then performs the decryption process in a chained manner from the body part of the root mail to the web mail. Go.

In step S1901, a mail to be decrypted is set as a search mail, a parent mail set creation process is performed, and the entire encrypted mail thread of the mail is acquired (step S1902). If the parent mail set creation process fails (in the case of “No” in step S1903), the mail decryption process fails. If the parent mail set creation process is successful (in the case of “Yes” in step S1903), in step S1904, the root mail is extracted from the mail thread created in the parent mail set creation process (the pop operation because the mail stack is a stack structure). In step S1905, it is checked whether the encryption conditions (publication range, expiration time, etc.) described in the root mail are valid. If the encryption condition is invalid (“No” in step S1905), the mail decryption process fails. When the encryption condition is valid (in the case of “Yes” in step S1905), in the subsequent step S1906, the body part of the route mail extracted in step S1904 is set in the common key file, and from step S1907 to step S1911, Decrypt encrypted mail threads in a chain.

In step S1907, the mail stack created in the parent mail set process is confirmed, and if there is a mail in the mail stack, it is extracted (step S1908). In the following step S1909, the body text decryption processing of the mail taken out from the mail stack is performed. At this time, the common key file for decryption is the root mail body 1912 set in step S1906. If the passphrase input is valid for the root mail, the passphrase 1914 is input. If decryption fails (“No” in step S1910), the mail decryption process fails.

If the decryption is successful (“Yes” in step S1910), the body part of the decrypted mail is set in the common key file (step S1911), and the process returns to step S1907. Thereafter, similarly, the mail is extracted from the mail stack, and the mail body is decrypted based on the information set in the common key file (the common key file in step S1909 becomes the parent mail body 1913).

If the mail stack becomes empty in step S1907, that is, if the decryption process is completed up to the parent mail of the mail to be decrypted, the process proceeds to step S1915 to decrypt the mail to be decrypted. The common key file used at this time is the root mail 1912 when the decryption target mail is the first mail, and the parent mail 1913 otherwise. If the decryption process in step S1915 is successful (in the case of “Yes” in step S1916), the process ends as the decryption target mail has been successfully decrypted. If the decryption process has failed (“No” in step S1916), the process ends as a decryption failure.

Next, web mail deletion, which is the process of the connection destination registered in the event listener, will be described in detail with reference to FIGS.

When deleting a web mail stored in the web mail server 130 using the mail thread encryption method, if the mail is deleted, the encrypted mail after the mail cannot be decrypted due to the chain characteristics of the encrypted mail thread. Thus, it becomes impossible to view or reply to the mail after the mail. Therefore, in web mail deletion processing, it is necessary to display warning and user consent to the user at the time of execution of the mail deletion, or to select and delete the entire encrypted mail thread, and to display warning to the user and user consent processing. It becomes.

First, in step S2001, an email to be deleted is set as a search email. In the subsequent step S2002, when only the mail to be deleted is deleted (in the case of “No” in step S2002), the process proceeds to step S2003, and search condition selection processing is performed.

FIG. 21 shows a flow of search condition selection processing. The search condition selection process is a process for extracting a child mail set of a certain mail while the parent mail set of the mail having the parent mail set creation process described above is created.

In step S2101 in FIG. 21, it is confirmed whether the Message-ID identifier exists in the mail (in this case, the mail to be deleted). When the Message-ID identifier exists (in the case of “Yes” in step S2101), the process proceeds to step S2102. The Message-ID value is set in the search key, the search range is not set, and the search condition selection process is terminated.

If the Message-ID identifier does not exist (“No” in step S2101), the process proceeds to step S2103 to check whether a tag is set for the mail. If a tag has been set (if “Yes” in step S2103), the process proceeds to step S2104. A tag is set in the search key, and the search condition selection process is terminated with the future range from the time information of the mail as the search range.

If the tag does not exist (in the case of “No” in step S2103), the process proceeds to step S2105, and the subject of the mail (excluding prefixes such as “Re:” indicating reply and “Fw:” indicating forwarding). Is set as the search key, and the search condition selection process is terminated with the future range from the time information of the mail as the search range, as in the case of the tag.

Referring back to FIG. 20, in step S2004, an email search is performed using the search key and search range set in the search condition selection process. The mail search is targeted for the web mail stored in the mail storage unit 306 and the web mail server 130. Similarly to step S1002, the search process of step S2004 may be a process of instructing a search to the webmail server under the condition (search key) and acquiring a search result from the webmail server, or from the webmail server. Processing for searching for the parent mail from the header information (Message-ID, In-Reply-to, etc.) of each acquired web mail may be used. Which process is executed may be determined according to a webmail server that provides a webmail service.

As a result of the search, if there is no mail corresponding to the search condition (“No” in step S2005), there is no encrypted mail (child mail) that is affected after the deletion of the mail to be deleted. This means that the process proceeds to step S2008. If there is an email corresponding to the search condition (in the case of “Yes” in step S2005), it means that there is an encrypted email (child email) that is affected after the deletion target. Then, the user is warned to delete the encrypted mail that cannot be decrypted (step S2006). If the user does not want to execute the deletion process (“No” in step S2007), the web mail deletion process fails and ends. When the user accepts the deletion process (in the case of “Yes” in step S2007), the process proceeds to step S2008.

In step S2008, a list of emails to be deleted acquired by the email search is created. In subsequent step S2009, it is determined whether or not the deleted mail indicates the first mail (specifically, as described above with reference to FIG. 26, the Message- that matches the In-reply-to value of the mail). It is only necessary to know that the mail having the ID identifier is the root mail, that is, having the X-CryptThread-Mail header information). When it is determined that it is the first mail (in the case of “Yes” in step S2009), it is necessary to add the root mail of the encrypted mail thread including the deleted mail to the deletion list (step S2010). This means that if the first mail is designated as a deletion mail, all encrypted mail threads are deleted, but only the root mail that is the parent mail of the first mail is not included in the deletion target. . If it is determined in step S2009 that the deleted mail is not the first mail, step S2010 is skipped.

At this point, the email list to be deleted has been created and the user's consent has been obtained, so the deletion process can be carried out, but other recipients with the encrypted email thread to be deleted will further There is a possibility of sending a reply mail using a categorized mail thread. Here, if the user deletes the encrypted mail thread, the sent reply mail cannot be decrypted. In such a case, in step S2011, the end mail (that is, the newest mail) in the deletion list (the mail sent and / or received at the last date and time in the mail thread) is decrypted in the mail storage area 306. Save (memorize) the state. At this time, a retention period may be set separately, and a terminal mail that has passed a certain period may be deleted from the mail storage area 306.

Subsequently, in step S2012, the mail described in the deletion list is deleted from the mail storage area 306 and the web mail server 130, and the web mail deletion process is terminated. Here, the mail deletion instruction (deletion request) described in the deletion list is deleted by sending it to the web mail server 130.

On the other hand, the case of “Yes” in step S2002, that is, the case of deleting the entire encrypted mail thread will be described.

In step S2013, a parent mail set creation process using the search mail as a deletion target mail is performed. If the creation process fails (if “No” in step S2014), the web mail deletion process fails and ends. If the creation process is successful (“Yes” in step S2014), the parent mail acquired in the parent mail set creation process is added to the deletion list (step S2015). Subsequently, a deletion target mail is set as the search mail (step S2016), and search condition selection processing is performed (step S2017). An email search is performed using the selected search key and search range (step S2018), and the acquired email is added to the deletion list (step S2019). At this stage, the entire encrypted mail thread including the deletion target mail is registered in the deletion list.

In step S2020, a warning is displayed to the user that “the entire encrypted mail thread is to be deleted”, and when the consent to the deletion process is obtained (in the case of “Yes” in step S2021), the process proceeds to step S2011. As described above, the termination mail of the encrypted mail thread is saved, the mail deletion process is performed (step S2012), and the web mail deletion process is terminated. If the user's consent is not obtained (“No” in step S2021), the web mail deletion process fails and ends.

As mentioned above, although one embodiment has been described, the present invention can take an embodiment as, for example, a system, apparatus, method, program, recording medium, or the like. However, the present invention may be applied as a dedicated system, or may be applied to a system including a plurality of devices.

It should be noted that the configuration and contents of the various data described above are not limited to this, and it is needless to say that they are configured with various contents according to applications and purposes.

Needless to say, the present invention can also be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading out a recording medium storing a program represented by software for achieving the present invention to the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

Furthermore, by downloading and reading a program represented by software for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. It becomes possible.

In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

According to the present invention, web mail can be encrypted in a chained manner by the mail thread encryption method, and the originality of each mail thread can be ensured. In addition, when an erroneous transmission occurs, the contents cannot be viewed unless the erroneous transmission destination has the entire mail thread, so that information security can be ensured. Furthermore, the mail thread encryption method reduces the key management cost because the body part of the web mail is a common key file. Furthermore, by managing only the root mail as a local file, it becomes impossible to decrypt the main body of the web mail stored on the web mail service, and the web mail service can be used safely. In addition, the information described in the route mail has an effect that information management including transmission / reception of web mail can be performed in mail thread units.

DESCRIPTION OF SYMBOLS 100 Webmail client apparatus 101 Web browser 102 Web browser extended function 110 Webmail client apparatus 111 Web browser 112 Web browser extended function 120 Wide area network 130 Webmail server 201 CPU
202 RAM
203 ROM
204 HDD
205 Network I / F
206 Storage medium drive 207 Keyboard 208 Pointing device 209 Display unit 210 External device connection I / F
211 Bus

Claims (6)

A mail encryption / decryption control device capable of communicating with a webmail server providing a webmail service and controlling encryption and decryption of the webmail,
Root mail generating means for generating a root mail serving as common key data for encrypting and decrypting the new web mail when transmitting a new web mail that is not a reply;
First encryption means for encrypting the new web mail using common key data obtained from the root mail generated by the root mail generation means;
A second encryption means for encrypting the reply webmail using the common key data obtained from the reply source mail when sending the reply webmail;
Storage means for storing the route mail generated by the route mail generation means;
Webmail sent encrypted from a webmail server storing the new webmail encrypted by the first encryption means and the webmail encrypted by the second encryption means In the case of display, an encrypted mail is specified by specifying, from the root mail stored in the storage means and the web mail stored in the web mail server, the web mail serving as the parent of the web mail up to the root mail. Extraction means for extracting threads;
Decryption means for decrypting the encrypted and transmitted web mail using the common key data included in the root mail and web mail in the encrypted mail thread extracted by the extraction means;
A mail encryption / decryption control apparatus comprising: A determination means for determining whether a mail address that is not set as a destination of the reply source mail and a sender is newly added to a destination of the reply web mail when transmitting the reply web mail;
When the determination unit determines that the mail address is added to the destination of the reply webmail, the transmission unit transmits the encrypted mail thread extracted by the extraction unit to the added destination. When,
The mail encryption / decryption control apparatus according to claim 1, further comprising: When receiving an instruction to delete the webmail in the encrypted mail thread extracted by the extraction means, the decryption means further transmits the webmail transmitted or received at the last date and time in the encrypted mail thread, Decrypt using the common key data included in the root mail and web mail in the encrypted mail thread,
The mail encryption / decryption control apparatus according to claim 1, wherein the storage unit further stores a webmail transmitted at the final date and time decrypted by the decryption unit. When an instruction to delete a webmail in the encrypted mail thread extracted by the extracting unit is received, an email transmitted and / or received after the webmail instructed to be deleted is included in the encrypted mail thread. Identification means to identify from,
Warning means for outputting a warning when an e-mail transmitted and / or received after the web mail instructed to be deleted is specified by the specifying means;
The mail encryption / decryption control apparatus according to claim 1, further comprising: A control method in a mail encryption / decryption control device that is communicable with a webmail server that provides a webmail service and controls encryption and decryption of the webmail,
When the route mail generation means transmits a new webmail that is not a reply, a route mail generation step for generating a route mail that is common key data for encrypting and decrypting the new webmail;
A first encryption step, wherein the first encryption means encrypts the new web mail using common key data obtained from the root mail generated in the root mail generation process;
A second encryption step of encrypting the reply webmail using the common key data obtained from the reply source mail when the second encryption means transmits the reply webmail;
A storage step of storing the route mail generated by the route mail generation step;
The extracting means encrypts and transmits the new webmail encrypted in the first encryption step and the webmail encrypted in the second encryption step from the stored webmail server. When displaying the incoming webmail, the webmail that is the parent of the webmail is identified from the root mail stored in the storing step and the webmail stored in the webmail server up to the root mail. Extracting means for extracting the encrypted mail thread,
A decryption step of decrypting the encrypted web mail transmitted by using the common key data included in the root mail and the web mail in the encrypted mail thread extracted by the extraction step; ,
A control method in a mail encryption / decryption control apparatus comprising: A program that is communicable with a webmail server that provides a webmail service, and that can be executed in a mail encryption / decryption control device that controls encryption and decryption of the webmail,
The mail encryption / decryption control device;
Root mail generating means for generating a root mail serving as common key data for encrypting and decrypting the new web mail when transmitting a new web mail that is not a reply;
First encryption means for encrypting the new web mail using common key data obtained from the root mail generated by the root mail generation means;
A second encryption means for encrypting the reply webmail using the common key data obtained from the reply source mail when sending the reply webmail;
Storage means for storing the route mail generated by the route mail generation means;
Webmail sent encrypted from a webmail server storing the new webmail encrypted by the first encryption means and the webmail encrypted by the second encryption means In the case of display, an encrypted mail is specified by specifying, from the root mail stored in the storage means and the web mail stored in the web mail server, the web mail serving as the parent of the web mail up to the root mail. Extraction means for extracting threads;
Using the common key data included in the root mail and the web mail in the encrypted mail thread extracted by the extraction means to function as a decryption means for decrypting the encrypted web mail transmitted program.

Images