JP2011197829A - Email processing program, email processing apparatus and email processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simply enhance security of email.SOLUTION: An input means 1a acquires email 2 including text data 2a and an attached file 2b. An encryption means 1b encrypts the text data 2a and the attached file 2b to generate an encrypted file 3, and generates unencrypted text data 4a. An output means 1c generates and outputs email 4 including the text data 4a and the encrypted file 3 as an attached file 4b.

Description

  The present invention relates to an electronic mail processing program, an electronic mail processing apparatus, and an electronic mail processing method for processing electronic mail.

  Conventionally, in order to ensure the confidentiality of data handled by a computer, the data is encrypted and output to a device. For example, there is a technique in which encryption is performed in file units, the file is automatically decrypted when the file is viewed / edited, and the file is automatically encrypted when the file is viewed / edited (see, for example, Patent Document 1). The contents of the encrypted data cannot be referred to without the key for decryption. Therefore, if the data is encrypted when the data is stored in the storage device as described above, the risk of data leakage when the storage device is stolen can be reduced.

  Incidentally, transmission / reception of data using electronic mail is generally performed. However, while e-mail can easily transmit data, there is a high risk of data leakage to a third party due to erroneous transmission. Therefore, for example, the following countermeasure method can be considered.

  As a first method, it is conceivable that a transmission terminal that transmits an e-mail creates an encrypted attached file and attaches it to a normal e-mail (the body is not encrypted). As a second method, it is conceivable that the mail server in the network on the transmission terminal side automatically encrypts and transfers the attached file included in the received electronic mail. However, in the first and second methods, there is a risk that confidential information is leaked because confidential information is included in an unencrypted mail body. As a third method, the sending terminal may create an e-mail including an encrypted mail body according to a format defined by PGP (Pretty Good Privacy), S / MIME (Secure Multipurpose Internet Mail Extension), or the like. It is done.

JP 2008-123049 A

  By the way, in terms of preventing leakage of confidential information, it is desired that an electronic mail including confidential information is appropriately handled even in a receiving terminal that has received the electronic mail. For example, if the receiving terminal can freely copy / move the decrypted plain text mail body or attached file to any storage medium even if the mail body or attached file is initially encrypted, there is a risk of leakage of confidential information. Arise. Therefore, it is conceivable that the receiving terminal also realizes e-mail processing (for example, browsing / replying) in consideration of ensuring confidentiality. However, in this case, in order to easily realize highly secure electronic mail processing by the entire system including the receiving terminal, there is a problem in what format the electronic mail should be transmitted / received.

  The present invention has been made in view of these points, and provides an e-mail processing program, an e-mail processing apparatus, and an e-mail processing method that can easily improve the safety of e-mail. Objective.

  In the present invention, an e-mail processing program is provided to solve the above problems. The e-mail processing program acquires a first e-mail including first body data and a first attached file, and encrypts the first body data and the first attached file to generate an encrypted file. And generating a second body data that is not encrypted and generating and outputting a second electronic mail that includes the second body data and includes the encrypted file as the second attached file. To run.

  In the present invention, an e-mail processing program is provided to solve the above-described problems. The e-mail processing program includes first body data and an encrypted first attachment file, and the first attachment file is an e-mail including the second body data and the second attachment file. Obtaining, decoding the first attachment file, extracting the second body data and the second attachment file, and replacing the first body data as the body data of the obtained e-mail with the second body data In addition to outputting, the computer executes the process of outputting the second attached file instead of the first attached file as an attached file of the e-mail.

  The present invention also provides an electronic mail processing apparatus in order to solve the above-described problems. This electronic mail processing apparatus has input means, encryption processing means, and output means. The input means obtains a first electronic mail including the first text data and the first attached file. The encryption processing means encrypts the first body data and the first attached file to generate an encrypted file, and generates unencrypted second body data. The output means generates and outputs a second electronic mail that includes the second text data and includes the encrypted file as the second attached file.

  The present invention also provides an electronic mail processing apparatus in order to solve the above-described problems. This electronic mail processing apparatus has input means, encryption processing means, and output means. The input unit includes the first body data and the encrypted first attached file, and obtains an electronic mail including the second body data and the second attached file in the first attached file. The encryption processing means decrypts the first attached file and extracts the second body data and the second attached file. The output means outputs the second body data instead of the first body data as the body data of the acquired e-mail, and the second attachment file instead of the first attachment as an attachment file of the e-mail. Output.

  The present invention also provides a computer e-mail processing method for solving the above-mentioned problems. In this electronic mail processing method, the computer acquires the first electronic mail including the first text data and the first attached file, encrypts the first text data and the first attached file, and encrypts the file. Is generated, and second unencrypted text data is generated, and a second electronic mail including the second text data and including the encrypted file as the second attached file is generated and output.

  The present invention also provides a computer e-mail processing method for solving the above-mentioned problems. In this electronic mail processing method, the computer includes the first body data and the encrypted first attached file, and the first attached file includes the second body data and the second attached file. The electronic mail is acquired, the first attached file is decrypted, the second body data and the second attached file are extracted, and the second body data is replaced with the first body data as the body data of the acquired email. In addition to outputting the body data, a second attached file is outputted instead of the first attached file as an attached file of the e-mail.

  According to the electronic mail processing program, the electronic mail processing apparatus, and the electronic mail processing method, it is possible to easily improve the safety of electronic mail.

It is a figure which shows the electronic mail processing apparatus which concerns on 1st Embodiment. It is a figure which shows the structure of the information processing system which concerns on 2nd Embodiment. It is a figure which shows the hardware constitutions of a mail server. It is a figure which shows the function structure of a mail server. It is a figure which shows the function structure of a terminal device. It is a figure which shows the example of a data structure of an encryption process setting table. It is a figure which shows the structural example of an email. It is a figure which shows the structural example of an encryption file. It is a figure which shows the specific example of the encryption block stored in a data storage part. It is a figure which shows the example of a screen display at the time of file opening of an encryption file. It is a figure which illustrates an email content display screen. It is a figure which illustrates a file list screen. It is a figure which illustrates an email content edit screen. It is a figure which shows the operation procedure of the attached file in a mail content edit screen. It is a figure which illustrates an email transmission screen. It is a flowchart which shows the mail transmission process of a mail server. It is a flowchart which shows the mail reception process of a terminal device. It is a flowchart which shows the encryption file update process of a terminal device. It is a flowchart which shows the mail reception process of a mail server.

Hereinafter, the present embodiment will be described in detail with reference to the drawings.
[First Embodiment]
FIG. 1 is a diagram showing an electronic mail processing apparatus according to the first embodiment. The electronic mail processing apparatus 1 processes the electronic mail 2 transmitted by the sender. The electronic mail processing apparatus 1 includes an input unit 1a, an encryption processing unit 1b, and an output unit 1c.

  The input means 1a obtains the electronic mail 2 including the text data 2a and the attached file 2b. The input unit 1a can acquire the electronic mail 2 from a predetermined relay device that relays the electronic mail 2, for example. The input unit 1a outputs the electronic mail 2 to the encryption processing unit 1b.

The encryption processing means 1b encrypts the text data 2a and the attached file 2b to generate an encrypted file 3, and generates unencrypted text data 4a.
The output means 1c generates and outputs an e-mail 4 that includes the text data 4a and includes the encrypted file 3 as an attached file 4b. The destination of the email 4 is the same as that of the email 2. The output unit 1 c outputs the electronic mail 4. The output means 1c outputs the e-mail 4 to a predetermined relay device, for example. Then, the relay apparatus transmits the electronic mail 4 toward the destination.

  According to the electronic mail processing apparatus 1, the electronic mail 2 including the text data 2a and the attached file 2b is acquired by the input unit 1a. Next, the encryption processing means 1b encrypts the body data 2a and the attached file 2b to generate the encrypted file 3, and generates unencrypted body data 4a. Then, the output unit 1c generates and outputs an e-mail 4 including the text data 4a and the encrypted file 3 as the attached file 4b.

  Thereby, the electronic mail 4 including the encrypted file 3 including the entire contents of the electronic mail 2 as the attached file 4b can be transmitted instead of the electronic mail 2. Therefore, even when the sender of the e-mail 2 writes confidential information in the text or attached file, the confidential information can be reliably encrypted and protected. In this way, it is possible to easily improve the safety of electronic mail.

  The function of the electronic mail processing apparatus 1 may be provided in a terminal device for the sender to input and transmit electronic mail. The function of the electronic mail processing apparatus 1 may be provided in a relay apparatus that relays electronic mail.

Hereinafter, an example in which the electronic mail processing apparatus 1 is applied to a more specific information processing system will be described as an example.
[Second Embodiment]
FIG. 2 is a diagram illustrating a configuration of an information processing system according to the second embodiment. In this information processing system, a mail server 100 and terminal devices 200 and 300 are connected via an intranet 10. Terminal devices 400 and 500 are connected via the Internet 20. The intranet 10 and the Internet 20 are connected via a predetermined communication path. The intranet 10 is a network laid in the same company. The Internet 20 is a network outside the intranet 10.

The mail server 100 is an information processing apparatus having a function of relaying electronic mail transmitted and received by the terminal devices 200, 300, 400, and 500.
The terminal devices 200, 300, 400, and 500 are information processing devices that transmit and receive electronic mail to each other.

  FIG. 3 is a diagram illustrating a hardware configuration of the mail server. A mail server 100 includes a central processing unit (CPU) 101, a read only memory (ROM) 102, a random access memory (RAM) 103, a hard disk drive (HDD) 104, a graphic processing device 105, an input interface 106, and a recording medium reading device. 107 and a communication interface 108.

The CPU 101 controls the entire mail server 100.
The ROM 102 stores a BIOS (Basic Input / Output System) program on the mail server 100 and the like.

  The RAM 103 temporarily stores at least part of an OS (Operating System) program and application software (hereinafter referred to as an application) program to be executed by the CPU 101. The RAM 103 stores various data necessary for processing by the CPU 101.

  The HDD 104 stores an OS program and an application program. The HDD 104 stores various data necessary for processing by the CPU 101. Instead of the HDD 104 (or in combination with the HDD 104), another type of storage device such as an SSD (Solid State Drive) may be used.

The graphic processing device 105 is connected to the monitor 11. The graphic processing device 105 displays an image on the screen of the monitor 11 in accordance with a command from the CPU 101.
The input interface 106 is connected to the keyboard 12 and the mouse 13. The input interface 106 transmits a signal sent from the keyboard 12 or the mouse 13 to the CPU 101.

  The recording medium reading device 107 is a reading device that reads data stored in the recording medium 14. For example, a function that the mail server 100 should have can be realized by causing a computer to execute a program describing the processing content of the function. The program can be recorded and distributed on a computer-readable recording medium 14. Further, the program may be stored in a program distribution server device (not shown) connected to the intranet 10 (or the Internet 20). In this case, the mail server 100 can download the program from the program distribution server device via the intranet 10.

  As the recording medium 14, for example, a magnetic recording device, an optical disk, a magneto-optical recording medium, or a semiconductor memory can be used. Magnetic recording devices include HDDs, flexible disks (FD), magnetic tapes, and the like. Optical disks include CD (Compact Disc), CD-R (Recordable) / RW (ReWritable), DVD (Digital Versatile Disc), DVD-R / RW / RAM, and the like. Magneto-optical recording media include MO (Magneto-Optical disk). Semiconductor memory includes flash memory such as USB (Universal Serial Bus) memory.

The communication interface 108 is connected to the intranet 10. The communication interface 108 performs data communication with other information processing apparatuses via the intranet 10.
Note that the terminal devices 200, 300, 400, and 500 can also be realized by the same hardware configuration as that of the mail server 100.

In the following description, it is assumed that an e-mail is transmitted from the user of the terminal device 200 to the user of the terminal device 400.
FIG. 4 is a diagram showing a functional configuration of the mail server. The mail server 100 includes a control information storage unit 110, a reception unit 120, a holding unit 130, an analysis processing unit 140, an encryption processing unit 150, and a transmission unit 160. These functions are realized by the CPU 101 executing a predetermined program. All or at least a part of these functions may be realized by dedicated hardware.

  The control information storage unit 110 stores a cryptographic processing policy (hereinafter referred to as cryptographic processing setting information) defined for each transmission source and transmission destination. In the encryption processing setting information, for example, an encryption processing target range (information specifying a text, an attached file, etc.) corresponding to a pair of a transmission source and a transmission destination is defined. In the encryption processing setting information, a key for encryption processing (encryption / decryption) is defined according to a combination of a transmission source address and a transmission destination address.

  Here, a common key is used as the key in order to protect the data regardless of the communication path. By transmitting / receiving encrypted data using the common key, it is possible to exchange data securely between terminal devices sharing the common key.

The receiving unit 120 receives the email 600 transmitted by the terminal device 200. The receiving unit 120 outputs the email 600 to the holding unit 130.
The holding unit 130 holds the transmission of the e-mail 600. The electronic mail 600 held by the holding unit 130 can be subjected to a pre-transmission inspection such as mail content audit or virus check. The holding unit 130 outputs the email 600 to the analysis processing unit 140.

In addition, the holding unit 130 acquires the email 800 including the encrypted email 600 from the analysis processing unit 140. The holding unit 130 outputs the electronic mail 800 to the transmission unit 160.
When the e-mail 600 does not include the encrypted file shown below, the analysis processing unit 140 analyzes the e-mail 600 and specifies header information and configuration data (for example, text or attached file data) from the e-mail 600. . The analysis processing unit 140 outputs the email 600 and the analysis result to the encryption processing unit 150. On the other hand, the analysis processing unit 140 does not output information about the mail to the encryption processing unit 150 in order to avoid double encryption processing for the electronic mail including the encrypted file. The analysis processing unit 140 instructs the holding unit 130 to transmit the e-mail including the encrypted file as it is. Here, it is assumed that the e-mail 600 does not include an encrypted file.

  In addition, the analysis processing unit 140 acquires the encrypted file 700 from the encryption processing unit 150. The analysis processing unit 140 generates an e-mail 800 with the header information and the dummy text, and attaches the encrypted file 700 to the e-mail 800. Note that the analysis processing unit 140 may add information for indicating the relay route to the header information.

Then, the analysis processing unit 140 outputs the email 800 to the holding unit 130.
The encryption processing unit 150 encrypts the email 600 based on the header information and encryption processing setting information stored in the control information storage unit 110 to generate an encrypted block. Further, the encryption processing unit 150 generates an encrypted file 700 that stores the encrypted blocks.

The encryption processing unit 150 outputs the encrypted file 700 to the analysis processing unit 140.
The transmission unit 160 transmits the electronic mail 800 acquired from the holding unit 130 to the user of the terminal device 400.

  FIG. 5 is a diagram illustrating a functional configuration of the terminal device. The terminal device 400 includes a key storage unit 410, a reception unit 420, a mailer 430, an encryption processing unit 440, applications 450, 450a, and 450b, and a transmission unit 460. These functions are realized by a predetermined program being executed by the CPU of the terminal device 400. All or at least a part of these functions may be realized by dedicated hardware.

  The key storage unit 410 stores a key for performing encryption processing on data transmitted to and received from the terminal device 200. This key is a common key agreed in advance with the mail server 100. Note that the key storage unit 410 may not be provided when it is not desired to store the key in the terminal device 400 due to security restrictions or when the key cannot be stored in advance due to system environment restrictions.

  The receiving unit 420 receives the e-mail 800 via the mail server 100 or another relay server provided on the Internet 20. The receiving unit 420 outputs the email 800 to the mailer 430.

  The mailer 430 is an application that supports creation of an e-mail. The user can edit the mail content according to a GUI (Graphical User Interface) provided by the mailer 430. However, the encryption processing unit 440 is used for processing the encrypted file 700 attached to the e-mail 800. When the mailer 430 receives an instruction to open the encrypted file 700 attached to the e-mail 800 by a user operation, the mailer 430 delegates the process to the encryption processing unit 440. Alternatively, after the mailer 430 stores the encrypted file 700 in a storage device such as an HDD, the user's open instruction for the encrypted file 700 on the storage device is accepted, and the subsequent processing is transferred to the encryption processing unit 440. Also good.

  When the mailer 430 acquires the encrypted file 700b from the encryption processing unit 440, the mailer 430 provides the user with a reply mail edit screen. An encrypted file 700b is attached to the reply mail. The user operates the editing screen to input a standard text (for example, a message indicating that it is described in an encrypted attached file including the text content) in the text of the reply mail, and inputs a reply destination address be able to. When mailer 430 receives an operation input for a transmission instruction, e-mail 800a is generated based on the content and output to transmission unit 460.

  The encryption processing unit 440 attempts to open the encrypted file 700. Here, the encryption processing unit 440 refers to the key storage unit 410 to check whether a key corresponding to the terminal device 200 (or the domain to which the terminal device 200 belongs) exists. If the key exists, the encrypted file 700 is decrypted with the key. If the key does not exist, the user is prompted to input a password, and the encrypted file 700 is decrypted using the input password as a key (or by generating a key from the input password). The encryption processing unit 440 generates the work file 700a by decrypting the encrypted file 700 with an appropriate key. The work file 700a is in a state where only a part of the encrypted file 700 (for example, management information for identifying contained data) is decrypted.

  When the cryptographic processing unit 440 receives an operation on a file included in the work file 700a, the cryptographic processing unit 440 decrypts the file (referred to as a decrypted file) and activates an application necessary for processing the decrypted file. Then, the encryption processing unit 440 delegates the processing for the decrypted file to the activated application.

  Also, the encryption processing unit 440 obtains an edited file for the decrypted file from the application, encrypts the edited file, and generates an encrypted block. The encryption processing unit 440 inserts the generated encrypted block into the encrypted file 700, and generates the encrypted file 700b. The encryption processing unit 440 outputs the encrypted file 700b to the mailer 430. Alternatively, the encryption processing unit 440 may store the encrypted file 700b in the HDD 104 according to a predetermined operation instruction from the user.

  The applications 450, 450a, and 450b are installed in advance on the terminal device 400 in order to realize predetermined functions. For example, an application for displaying text contents, an application for performing spreadsheets, and an application for displaying images. The applications 450, 450a, and 450b are called by the encryption processing unit 440. The applications 450, 450a, and 450b accept user operations on the decrypted file. The applications 450, 450a, and 450b process the decrypted file in accordance with a user operation. The edited file for the decrypted file by the applications 450, 450a, and 450b is acquired by the encryption processing unit 440. For example, when the applications 450, 450 a, and 450 b try to save the edited file, the edited file is acquired by the encryption processing unit 440.

The transmission unit 460 transmits the e-mail 800a acquired from the mailer 430 to a designated destination.
The reception unit 420 and the transmission unit 460 may be realized by the function of the mailer 430.

  FIG. 6 is a diagram illustrating an example of the data structure of the encryption processing setting table. The encryption processing setting table 111 is stored in advance in the control information storage unit 110. The contents of the encryption processing setting table 111 are defined in advance by the system administrator. The encryption processing setting table 111 includes items of item number, transmission source, transmission destination, encryption processing target, expiration date, file update, execution format, and key. Information arranged in the horizontal direction of each item is associated with each other to indicate one encryption policy.

  In the item number, an identification number indicating a record is set. In the transmission source, a mail address (transmission source address) of the transmission source (From) is set. As the transmission destination, a mail address (transmission destination address) of the transmission destination (To, cc, Bcc) is set. Information indicating which range is encrypted in the configuration data of the e-mail is set as the encryption processing target. In the expiration date, information indicating the expiration date of the encrypted file generated by each policy is set. When the expiration date is exceeded, the encrypted file cannot be referred to. In the file update, information (updability flag) indicating whether or not the contents of the text file and attached file stored in the encrypted file can be updated is set. In the execution format, information indicating whether or not the encrypted file is an execution format file is set. Here, the execution format file is a file in which a program for performing encryption processing (function corresponding to the encryption processing unit 440) is added to the file. By making the encrypted file an executable file to which an encryption processing program is added, the encrypted file can be handled even if the function of the encryption processing unit 440 is not introduced in the terminal device on the receiving side. . The key for encryption processing is set as the key.

  In the encryption processing setting table 111, for example, the item number is “1”, the transmission source is “*@*.xxx.com”, the transmission destination is “*@**.xxx.com”, the encryption processing target, the expiration date, Information that file update, execution format, and key is “−” (no setting) is set. This indicates that encryption processing is not performed for electronic mail transmitted / received between the domains “* .xxx.com”. Here, “*” indicates a wild card. That is, an arbitrary character string indicating a subdomain can be applied.

  In the encryption processing setting table 111, for example, the item number is “2”, the transmission source is “*@*.xxx.com”, the transmission destination is “*@*.yyy.com”, and the encryption processing target is “ Information such as “all”, the expiration date “2010/3/31”, the file update “impossible”, the execution format “unnecessary”, and the key “K1” is set. This indicates that the mail transmitted from the domain “* .xxx.com” to the domain “* .yyy.com” encrypts the information “all” of the e-mail with the key “K1”. It also indicates that the encrypted file generated by the encryption need not be in an executable format. Further, it is indicated that file update included in the encrypted file is “impossible”. It also indicates that the expiration date of the encrypted file is “2010/3/31”.

Here, it is assumed that the users of the terminal devices 200 and 300 use an address including the domain “* .xxx.com”. This is an internal domain within the intranet 10.
It is assumed that the user of the terminal device 400 uses an address including the domain “* .yyy.com”. It is assumed that the user of the terminal device 500 uses an address including the domain “* .zzz.com”. These domains are domains connected via the Internet 20 and are external domains.

  Here, for example, transmission of the e-mail 600 from the user of the terminal device 200 to the user of the terminal device 400 is transmission to an external domain. Therefore, as in the example of the encryption processing setting table 111, security can be improved by encrypting the entire mail with the encryption processing setting corresponding to the item number “2”.

  On the other hand, for example, transmission of the e-mail 600 from the user of the terminal device 200 to the user of the terminal device 300 is transmission in the internal domain. In this case, as in the example of the encryption processing setting table 111, it is possible to prevent the mail from being encrypted by the encryption processing setting corresponding to the item number “1”.

  In the encryption processing setting table 111, in addition to the setting contents exemplified, for example, when an input of a password is requested when an encrypted file is opened, an upper limit of the number of times the password is input can be set. Further, for example, a predetermined compression format such as a zip with a password can be designated as a file encryption method.

FIG. 7 is a diagram illustrating a configuration example of an e-mail. (A) shows a configuration example of the e-mail 600. (B) shows a configuration example of the e-mail 800.
(A) The e-mail 600 is an e-mail that does not include an encrypted file. The e-mail 600 has a header part 610, a boundary part 620, a text storage part 630, a boundary part 640, and an attached file storage part 650.

  The header portion 610 is a field in which information indicating a transmission source address, a transmission destination address, and the like of the e-mail 600 is described. The boundary portion 620 is a field in which information indicating the boundary between the header portion 610 and the text storage portion 630 is described. The analysis processing unit 140 can detect that the text is described in the subsequent fields with reference to the boundary portion 620. The text storage unit 630 is a field in which the text of the electronic mail is described. The boundary portion 640 is a field in which information indicating the boundary between the text storage unit 630 and the attached file storage unit 650 is described. The analysis processing unit 140 can detect that the attached file is stored in the subsequent fields with reference to the boundary unit 640. The attached file storage unit 650 is a field for storing actual data of the attached file.

  When there are a plurality of attachment files, a boundary portion indicating that the second attachment file exists is further provided after the attachment file storage portion 650, and an attachment file storage portion is provided after the boundary portion. . Thereafter, the boundary part and the attached file storage part are repeated.

  (B) The e-mail 800 is an e-mail including an encrypted file. The e-mail 800 has a header part 810, a boundary part 820, a text storage part 830, a boundary part 840, and an attached file storage part 850. Since these parts are the same as those described with the same names in (A), the description is omitted.

  When the mail server 100 generates the e-mail 800 for the e-mail 600, a dummy text prepared in advance is set in the text storage unit 830. The dummy text is, for example, a character string indicating that it is described in an attached file that is encrypted including the content of the text. An encrypted file is set in the attached file storage unit 850.

FIG. 8 is a diagram illustrating a configuration example of an encrypted file. (A) shows a configuration example in the case where the execution format is not used. (B) shows a configuration example in the case of an execution format.
(A) The encrypted file 700 includes a management information storage unit 720, a data storage unit 730, a data definition information storage unit 740, and a file control information storage unit 750.

The management information storage unit 720 is a data area for storing file management information used in the OS file system. The management information storage unit 720 is a data area that is not encrypted.
The data storage unit 730 is a data area for storing encrypted blocks.

  The data definition information storage unit 740 is a data area for storing data definition information indicating information for identifying an encrypted block in the data storage unit 730 (for example, a relative address position in the file of the encrypted block). is there. When there are a plurality of encrypted blocks in the data storage unit, the start position and end position of each encrypted block can be specified by the data definition information. In addition, the data definition information is associated with information for identifying each encrypted block, and attribute information of the file included in the encrypted block (for example, mail subject, file name, data size, update date, storage date, etc. ) Can be set. In this way, it is possible to obtain a list of files contained in the encrypted block before decrypting the file body in the encrypted block.

  The file control information storage unit 750 is a data area for storing information related to the policy specified when generating the encrypted block. Specifically, the file control information storage unit 750 stores file control information indicating the expiration date of the encrypted file, whether the file can be updated, the encryption processing target, and the like. Each terminal device can handle the encrypted file based on the policy indicated by the information by referring to the file control information storage unit 750.

The data storage unit 730, the data definition information storage unit 740, and the file control information storage unit 750 are data areas to be encrypted.
(B) The encrypted file 700c includes an execution unit 710, a management information storage unit 720, a data storage unit 730, a data definition information storage unit 740, and a file control information storage unit 750.

The execution unit 710 is a data area for storing an application for decrypting the encrypted file 700. The execution unit 710 is an unencrypted (plaintext) data area.
When the e-mail is transmitted to the terminal device into which the application for decrypting the encrypted file has not been installed, the encryption processing unit 150 includes the execution unit 710 in the encrypted file 700 and generates the encrypted file 700. Thus, even if the terminal device does not have the function of the encryption processing unit 440, the function of the encryption processing unit 440 is realized by executing the application stored in the execution unit 710 when the encrypted file 700 is opened. Can do.

  The management information storage unit 720, the data storage unit 730, the data definition information storage unit 740, and the file control information storage unit 750 are the same as those described with the same name and the same reference numerals in the encrypted file 700. Is omitted.

  The encrypted file 700 is different from the encrypted file 700c in that the execution unit 710 does not exist. As described above, when there is no possibility that a decryption application is transmitted to a terminal device that has not been installed in a series of e-mail exchanges, the execution unit 710 is not added, and the file is more than the encrypted file 700c. The size can be reduced.

FIG. 9 is a diagram illustrating a specific example of the encryption block stored in the data storage unit. The data storage unit 730 includes encryption blocks 731, 732, 733,.
The encryption block 731 is obtained by encrypting the electronic mail 600 (denoted as first-time transmission mail data) first transmitted from the terminal device 200 to the terminal device 400. The target data to be included in the encryption block 731 can be all or part of the e-mail 600 (only one of the text or attached file). For example, the initial transmission mail data stores data obtained by encrypting the text and the attached file (including data of the header portion 610 and the boundary portions 620 and 640). However, the header portion 610 may not be included.

Since the encryption block 731 is an encryption block that is first inserted into the data storage unit 730, the encryption block 731 is provided at the forefront of the data storage unit 730.
The encryption block 732 is obtained by encrypting the mail content (represented as reply mail data) generated when the terminal apparatus 400 sends a reply to the electronic mail 600 to the terminal apparatus 200. In the reply mail data, for example, data obtained by encrypting the text and the attached file is stored.

Since the encryption block 732 is an encryption block inserted into the data storage unit 730 next to the encryption block 731, it is provided following the last part of the encryption block 731.
The encryption block 733 is obtained by encrypting the mail contents (represented as re-reply mail data) generated when the terminal apparatus 200 re-replies to the terminal apparatus 400 according to the mail contents of the reply mail data. In the reply mail data, for example, data obtained by encrypting the text is stored. This is because only the body text exists in the re-replyed e-mail, and the attached file does not exist.

Since the encryption block 733 is an encryption block inserted into the data storage unit 730 next to the encryption block 732, the encryption block 733 is provided after the last part of the encryption block 732.
In this way, the encrypted blocks are inserted into the data storage unit 730 in the order in which the encrypted blocks are added (in time series).

  FIG. 10 is a diagram illustrating a screen display example when the encrypted file is opened. (A) illustrates a password input screen 910. (B) illustrates the operation selection screen 920. Hereinafter, the case where a file open is attempted in the terminal device 400 will be described.

  (A) The password input screen 910 is a screen for inputting a password instead of a key. The cryptographic processing unit 440 displays the password input screen 910 on the monitor connected to the terminal device 400 when the key corresponding to the terminal device 200 (or the domain to which the terminal device 200 belongs) does not exist in the key storage unit 410. To do.

  The password input screen 910 includes a password input unit 911, an OK button 912, and a cancel button 913. The password input unit 911 is a text box for inputting a password. The OK button 912 is a button for confirming the password input to the password input unit 911. A cancel button 913 is a button for canceling file opening. The user can operate the pointer P1 displayed on the monitor screen with a pointing device such as a mouse to select a text box or press a button, and can also input a password by operating a keyboard.

  The encryption processing unit 440 can attempt to decrypt the encrypted file using the password determined on the password input screen as a key (or using a key generated from the password).

When the decryption is successful and the work file 700a is generated, the encryption processing unit 440 displays the operation selection screen 920 on a monitor connected to the terminal device 400.
(B) The operation selection screen 920 is a screen for selecting an operation screen to be used when performing an operation on the encrypted file 700.

  The operation selection screen 920 has a mail content display button 921 and a file list button 922. The mail content display button 921 is a button for accepting selection of the mail content display screen. The file list button 922 is a button for accepting selection of a file list screen. The user can operate any one of the buttons by operating the pointer P1. When the encryption processing unit 440 receives an operation of pressing any button, the encryption processing unit 440 receives selection of a screen corresponding to the button. Then, the encryption processing unit 440 displays a screen corresponding to the selected button.

  FIG. 11 is a diagram illustrating a mail content display screen. In the mail content display screen 930, when the mail content display button 921 is pressed on the operation selection screen 920, the encryption processing unit 440 further decrypts the text data included in the latest electronic mail included in the encrypted file 700. And displayed on a monitor connected to the terminal device 400.

  For example, the encryption processing unit 440 can determine that the encrypted block located at the end of the data storage unit 730 corresponds to the latest electronic mail. For example, by setting the storage time of each email in the data definition information storage unit 740, the latest email can be determined from the time series of each email.

  The mail content display screen 930 shows the mail content of the electronic mail 600 (subject name “estimate matter”). The mail content display screen 930 includes an address display section 931, a text display section 932, an attached file display section 933, a check box 934, and a reply mail creation button 935.

The address display unit 931 is an area for displaying a transmission source address and a transmission destination address of the e-mail 600.
The text display unit 932 is an area for displaying the content of the text of the e-mail 600.

  The attached file display unit 933 is an area for displaying an attached file attached to the e-mail 600. By clicking the icon of each attached file with the pointer P1, the corresponding attached file can be decrypted and the contents thereof can be referred to. The attached file can also be stored in a desired directory by dragging and dropping the attached file icon displayed on the attached file display unit 933 with the pointer P1.

  However, in the case of the encrypted file 700 generated by the mail server 100 as “impossible” to update the file according to the setting contents of the encryption processing setting table 111, even if the file can be referred to, the attached file is updated or the other directory It cannot be stored.

The check box 934 is a button for selecting whether or not to include the attached file attached to the mail as an attached file in the reply mail.
The reply mail creation button 935 is a button for accepting the start of creating the reply mail content. The user can operate the pointer P1 to press the reply mail creation button 935. When the encryption processing unit 440 receives an operation of pressing the reply mail creation button 935, the encryption processing unit 440 displays a screen for editing the mail content of the reply mail (mail content editing screen). Details of the mail content editing screen will be described with reference to FIG.

  Here, when the encryption processing unit 440 receives an operation of pressing the reply mail creation button 935 with the check box 934 turned on, the encryption processing unit 440 encrypts the attached file displayed on the attached file display unit 933 in advance and attaches it. Then, display the mail content editing screen of the reply mail. When the cryptographic processing unit 440 accepts a pressing operation of the reply mail creation button 935 with the check box 934 being off, the encryption processing unit 440 displays the mail content editing screen of the reply mail without attaching the attached file.

Next, a display example of the file list screen will be described.
FIG. 12 is a diagram illustrating a file list screen. The file list screen 940 is displayed on a monitor connected to the terminal device 400 by the encryption processing unit 440 when the file list button 922 is pressed on the operation selection screen 920. The file list screen 940 is a screen for referring to a list of files included in the encrypted file. The cryptographic processing unit 440 can generate the file list screen 940 by referring to the data definition information included in the encrypted file 700 and acquiring information on each encrypted block. The file list screen 940 includes a button display portion 941, a subject name display portion 942, a file information display portion 943, a check box 944, and a reply mail creation button 945.

  The button display unit 941 is an area for displaying a button group that receives selection of an operation for each file. The user can perform a predetermined operation on the currently selected file by clicking on any button displayed on the button display unit 941 with the pointer P1. For example, if an “add button” is pressed, a dialog for adding an encrypted file to the currently displayed mail can be displayed. If the “delete button” is pressed, the currently selected file can be deleted from the displayed mail. If the “decryption button” is pressed, the currently selected file can be decrypted and stored in a predetermined directory. Furthermore, if the “Decrypt All” button is pressed, all files included in the currently displayed mail can be decrypted and stored in a predetermined directory.

  However, these operations cannot be performed in the case of the encrypted file 700 generated by the mail server 100 as “impossible” to update the file according to the setting contents of the encryption processing setting table 111.

  The subject display portion 942 is an area for displaying a list of subject names of mails included in the encrypted file. The user can display a list of files included in the mail on the file information display unit 943 by selecting the subject of the mail displayed on the subject display unit 942 with the pointer P1. In the subject name display section 942, two subject names are written so that it can be easily understood that a plurality of subject names can be selected.

  The file information display section 943 is an area for displaying a list of files included in the mail with the subject selected by the subject display section 942. The user can decrypt the file by performing a predetermined click operation (for example, double-clicking) on the file displayed on the file information display unit 943 with the pointer P1. Then, a predetermined application can be activated to refer to the contents of the file. In the file information display section 943, for example, a file (“estimation matter.txt”) in which the text is described and an attached file (“estimation_01.file”, etc.) are displayed. The user can refer to the content of the text from the file list screen 940 by clicking on the file in which the text is described.

  The check box 944 corresponds to the check box 934 of the mail content display screen 930 shown in FIG. The check box 944 is a button for selecting whether or not to include the attached file attached to the mail as an attached file in the reply mail.

  The reply mail creation button 945 corresponds to the reply mail creation button 935 on the mail content display screen 930 shown in FIG. The reply mail creation button 945 is a button for accepting the start of creating a reply mail that stores the contents of the reply mail. The user can operate the pointer P1 to press the reply mail creation button 945. When the encryption processing unit 440 receives an operation of pressing the reply mail creation button 945, the encryption processing unit 440 displays a screen for editing the mail content of the reply mail (mail content editing screen).

  Here, when the encryption processing unit 440 receives an operation of pressing the reply mail creation button 945 with the check box 944 turned on, the encryption processing unit 440 encrypts the attached file displayed on the attached file display unit 943 and attaches it in advance. Then, display the mail content editing screen of the reply mail. When the encryption processing unit 440 accepts an operation of pressing the reply mail creation button 945 with the check box 944 turned off, the encryption processing unit 440 displays the mail content editing screen of the reply mail without attaching the attached file.

  FIG. 13 is a diagram illustrating a mail content editing screen. The mail content editing screen 950 is a screen for accepting an editing operation for the content of the reply mail. When the encryption processing unit 440 receives an operation of pressing a reply mail creation button 935 provided on the mail content display screen 930 or a reply mail creation button 945 provided on the file list screen 940, the encryption processing unit 440 displays the mail content edit screen 950 on the monitor. .

The mail content editing screen 950 includes a save button 951, a check box 952, a text input unit 953, and an attached file display unit 954.
The save button 951 is a button for confirming the content input on the mail content editing screen 950 and instructing the encryption processing unit 440 to generate an encrypted block. The user can operate the pointer P1 to press the save button. When receiving the pressing operation of the save button 951, the encryption processing unit 440 generates, for example, an encryption block 732 based on the email content input on the email content editing screen 950 and inserts it into the encrypted file 700.

  A check box 952 is a check for accepting a selection as to whether or not to keep the mail contents received this time (or all the mail contents accumulated so far in the data storage section 730) in the data storage section 730. Is a box. The user can switch on / off the check box 952 by operating the pointer P1.

  When the encryption processing unit 440 receives a pressing operation of the save button 951 in a state where the check box 952 is off, the encryption processing unit 440 encrypts a block corresponding to the latest mail content stored in the current data storage unit 730 (or an existing encryption). Delete all of the blocks). Then, an encrypted block corresponding to the mail content input on the mail content editing screen 950 is added.

  On the other hand, when the encryption processing unit 440 receives a pressing operation of the save button 951 with the check box 952 turned on, the encryption processing unit 440 continues to the last part of the encryption block corresponding to the latest mail content stored in the data storage unit 730. Thus, an encrypted block corresponding to the mail content input on the mail content editing screen 950 is added.

  Note that it may be possible to select by radio buttons whether to delete the previous mail content or to delete all stored mail contents after accepting the check box for whether deletion is necessary or not. Thus, by making it possible to delete past contents, the file size of the encrypted file 700 can be reduced.

The body input unit 953 is an area for inputting body text. The user can input a character string into the text input unit 953 by operating a keyboard, for example.
The attached file display unit 954 is an area for displaying an attached file. For example, the user can add a desired file to the mail content in an encrypted state by dragging and dropping the desired file to the attached file display unit 954 using the pointer P1. Alternatively, the attachment of the attached file can be canceled upon receiving a press of the “Delete” key on the keyboard.

The mail content editing screen 950 may further include a text box for inputting a mail subject.
Here, an operation on the attached file displayed on the attached file display unit 954 will be described.

  FIG. 14 is a diagram showing an operation procedure for an attached file on the mail content editing screen. The user can open the attached file by clicking (for example, double-clicking) an icon of a desired attached file displayed on the attached file display unit 954.

  At this time, the cryptographic processing unit 440 performs the following processing. That is, when the encryption processing unit 440 receives a click operation on the icon of the attached file, the encryption processing unit 440 decrypts the attached file and generates a decrypted file. The encryption processing unit 440 delegates the processing of the file to the application 450 that processes the decrypted file.

  More specifically, it is assumed that the encryption processing unit 440 receives a click operation on the attached file “estimate_01.file” on the mail content editing screen 950. Then, the encryption processing unit 440 decrypts the attached file. Then, the process is delegated to the application 450.

  The application 450 newly displays a decrypted file operation screen 950a on the monitor and accepts an operation by the user. The application 450 accepts the saving of the edited file and the end of the operation from the operation screen 950a.

  The encryption processing unit 440 acquires the edited file from the application 450 and encrypts it. Then, the encryption processing unit 440 replaces the attached file “estimate_01.file” included in the mail content being edited on the mail content editing screen 950 with the encrypted edited file.

As described above, the encryption processing unit 440 can also make the attached mail encrypted when the reply mail is edited, except when referring to the contents of the attached file.
Here, in the past, when editing the encrypted attachment in the received mail and including it in the reply mail, there is a method of attaching the attachment file to the reply mail after saving the attachment file locally and performing decryption / update etc. It was general.

  However, in that case, the attached file is stored in plain text on the other party's local device, and there is a problem that the attached file containing the confidential information may not be handled appropriately. In addition, it is difficult to force the other party to ensure the security on the transmission side.

  On the other hand, the encryption processing unit 440 attaches the attached file included in the received mail to the reply mail in an encrypted state, and edits the content. For this reason, the risk that the attached file is stored in plain text in the local device of the terminal device 400 can be reduced.

  When the editing of the mail content is completed by the operation described above, the user presses the save button 951 with the pointer P1. When the encryption processing unit 440 receives an operation of pressing the save button 951, the encryption processing unit 440 generates an encryption block for the reply mail based on the content input on the mail content editing screen 950, and stores the data storage unit of the encrypted file 700. Then, the encrypted file 700b is generated. In addition, information indicating the storage position of the encrypted block in the data storage unit 730 is added to the data definition information stored in the data definition information storage unit 740. Further, attribute information necessary for displaying the file list screen 940 (for example, information such as storage time, file name, or subject) can be added to the data definition information. In the example of the encrypted file 700, as shown in FIG. 6, since the encryption processing target is “all”, the mail body and the attached file are all encrypted.

  Then, the encryption processing unit 440 causes the mailer 430 to display a mail transmission screen. At this time, the encryption processing unit 440 can display the mail transmission screen with the encrypted file attached in advance. Note that the user may operate the mailer 430 to display a mail transmission screen.

  If there is content that is not encrypted, the content that is not encrypted can be output to the mailer 430 separately from the encrypted file. For example, when the attached file is not an object to be encrypted, the encrypted file storing the text and the attached file can be output to the mailer 430.

  FIG. 15 is a diagram illustrating a mail transmission screen. The mail transmission screen 960 is displayed on the monitor by the mailer 430. The mail transmission screen 960 includes a destination input unit 961, a subject input unit 962, a dummy text input unit 963, an attached file display unit 964, and a send button 965.

  The destination input unit 961 is a text box for inputting a transmission destination. The encryption processing unit 440 can cause the mailer 430 to input the From address and cc address of the received mail in advance.

  The subject input unit 962 is a text box for inputting a subject. The encryption processing unit 440 allows the mailer 430 to input in advance a character string in which a character string such as “Re:” is added to the subject of the received mail. Note that the subject input unit 962 may be provided on the mail content editing screen 950. In that case, the subject set on the mail content editing screen 950 can be taken over by the subject input unit 962. Alternatively, different subject lines may be input for both.

  The dummy text input unit 963 is a text box for inputting a dummy text. The encryption processing unit 440 can input a fixed text prepared in the dummy text input unit 963 in advance.

The attached file display unit 964 is an area for displaying an attached file. The encryption processing unit 440 can make the encrypted file 700b attached to the mailer 430 in advance.
The send button 965 is a button for instructing the mailer 430 to send the mail. The user can press the transmission button 965 with the pointer P1. When the mailer 430 receives an operation of pressing the send button 965, the mailer 430 generates an e-mail 800a with the input contents and transmits the e-mail 800a to a designated destination.

  Note that the encryption processing unit 440 may cause the dummy text input unit 963 to input in advance the text input by the text input unit 953 of the mail content editing screen 950 when the text is not encrypted according to the policy. Similarly, if the attached file is not encrypted according to the policy, the encryption processing unit 440 attaches the attached file set in the attached file display unit 954 of the mail content editing screen 950 to the attached file display unit 964 in advance. Can be made.

  Next, the procedure of the cryptographic process realized by the above configuration will be described. First, an encryption procedure when the mail server 100 transmits the email 600 received from the terminal device 200 will be described.

FIG. 16 is a flowchart showing mail transmission processing of the mail server. In the following, the process illustrated in FIG. 16 will be described in order of step number.
[Step S11] The receiving unit 120 receives the e-mail 600 transmitted by the terminal device 200. The receiving unit 120 outputs the email 600 to the holding unit 130. The holding unit 130 outputs the email 600 to the analysis processing unit 140.

  [Step S12] The analysis processing unit 140 determines whether or not the e-mail 600 includes an encrypted file. If the encrypted file is not included, the process proceeds to step S13. When the encrypted file is included, the reservation unit 130 is notified that the electronic mail is transmitted as it is, and the process proceeds to step S19.

  [Step S13] The analysis processing unit 140 analyzes the email 600 and identifies header information and configuration data. The analysis processing unit 140 outputs the e-mail 600 to the encryption processing unit 150 together with the analysis result (information for specifying header information and configuration data).

  [Step S14] Based on the header information acquired from the analysis processing unit 140, the encryption processing unit 150 refers to the encryption processing setting table 111 stored in the control information storage unit 110 and acquires the encryption processing setting. Specifically, the cryptographic processing unit 150 acquires cryptographic processing settings from the cryptographic processing setting table 111 using the transmission source address (From) and the transmission destination address (To, cc, bcc) included in the header information as keys. . For example, in the example of the e-mail 600, the transmission source address (From) is “taro@g1.xxx.com”, and the transmission destination address (To) is “hanako@g2.yyy.com”. That is, the transmission source corresponds to “*@*.xxx.com”, and the transmission destination corresponds to “*@*.yyy.com”. Therefore, the cryptographic processing unit 150 identifies the record of the item number “2” in the cryptographic processing setting table 111 for the electronic mail addressed to the To address. On the other hand, the destination address (cc) is “fuji-g@g1.xxx.com”. That is, “*@*.xxx.com” and the transmission destination correspond to “*@**.xxx.com”. Therefore, the cryptographic processing unit 150 identifies the record of the item number “1” in the cryptographic processing setting table 111 for the electronic mail addressed to the cc address.

  [Step S15] The cryptographic processing unit 150 determines whether there is an encryption target as a result of specifying the cryptographic processing setting in step S14. If there is an encryption target, the process proceeds to step S16. If there is no encryption target, the suspension unit 130 is notified that the electronic mail is to be transmitted as it is, and the process proceeds to step S19.

  For example, since it is necessary for the encryption processing unit 150 to encrypt all the mail contents regarding the encryption processing setting of the To address specified in step S14, the processing proceeds to step S16.

  [Step S16] The encryption processing unit 150 generates an encrypted file 700 encrypted for the e-mail 600 based on the header information and the encryption setting information specified in step S14. The encryption processing unit 150 stores the encrypted block 731 generated by encrypting the mail content of the email 600 in the data storage unit 730 of the encrypted file 700. The encryption processing unit 150 uses a key included in the encryption setting information for encryption. The encryption processing unit 150 outputs the encrypted file 700 storing the encryption block 731 to the analysis processing unit 140. At this time, for example, as described above, a destination that should be encrypted and a destination that should not be encrypted are mixed. In this case, the encryption processing unit 150 instructs the analysis processing unit 140, for example, the destination to be encrypted (the To address) and the destination not to be encrypted (the cc address).

  [Step S17] The analysis processing unit 140 generates an e-mail 800 addressed to a user who uses the terminal device 400 based on the header information and the default dummy text. Here, the analysis processing unit 140 adds the encrypted file 700 to the electronic mail 800 as an attached file. The analysis processing unit 140 outputs the generated email 800 to the holding unit 130. When the analysis processing unit 140 receives a notification of the destination to which the e-mail 600 is to be transmitted as it is from the encryption processing unit 150, the analysis processing unit 140 notifies the reservation unit 130 of the fact and the destination.

  [Step S18] When the e-mail 800 is obtained from the analysis processing unit 140, the holding unit 130 outputs the e-mail 800 to the transmission unit 160 instead of the e-mail 600. Note that the output timing may be, for example, the timing when the e-mail 600 passes the audit or the timing when the virus check is completed. Since the destination of the e-mail 800 indicates the domain of the user of the terminal device 400, the transmission unit 160 transmits the e-mail 800 to a predetermined relay server in the external domain.

  Here, the holding unit 130 outputs the e-mail 600 to the transmission unit 160 when receiving the notification of the destination to which the e-mail 600 should be transmitted as it is from the analysis processing unit 140. The transmission unit 160 transmits the e-mail 600 for the destination to a predetermined relay server in the internal domain. If the mail server 100 has a mailbox for each user, the e-mail 600 is stored in the corresponding mailbox. Then, the process is completed.

  [Step S19] Upon receiving an instruction from the analysis processing unit 140 or the encryption processing unit 150 to transmit the e-mail as it is, the holding unit 130 outputs the e-mail to the transmission unit 160. Note that the output timing may be a timing at which the audit is passed or a virus check is completed. The transmission unit 160 transmits the electronic mail to a predetermined relay server. Then, the process is completed.

  As described above, the mail server 100 specifies whether or not the electronic mail is encrypted, the encryption range, and the like according to the transmission source address and the transmission destination address of the electronic mail. In the encryption range, the entire contents including the body of the electronic mail and the attached file can be designated.

  For example, if the entire contents of the e-mail 600 are encrypted for each e-mail to be sent to the external domain, all information about the e-mail 600 can be known on a predetermined relay server or communication path through which the e-mail 600 reaches the external domain. There is no. Even if an erroneous transmission destination is entered, the terminal device of the erroneous transmission destination cannot refer to the text / attached file of the e-mail 600, so that no information is known in the same manner.

For this reason, even if confidential information is described in a mail text / attached file and transmitted, the confidential information can be appropriately protected.
In step S15, there may be a plurality of destination addresses that should use different keys. In that case, the encryption processing unit 150 can generate a plurality of encrypted files using a corresponding key for each address. In this case, the analysis processing unit 140 generates a plurality of e-mails including encrypted files for each destination, and outputs them to the holding unit 130. The transmission unit 160 can transmit each electronic mail toward a corresponding destination.

  Next, the mail reception process procedure of the terminal device 400 will be described. Note that the e-mail 800 transmitted by the mail server 100 is stored in a predetermined mail server including a user's mailbox using the terminal device 400 via a predetermined relay server in the external domain. .

FIG. 17 is a flowchart showing the mail reception process of the terminal device. In the following, the process illustrated in FIG. 17 will be described in order of step number.
[Step S21] The receiving unit 420 receives the e-mail 800 from the mail server. The receiving unit 420 outputs the received electronic mail 800 to the mailer 430. The mailer 430 presents the contents of the email 800 to the user. The content of the e-mail 800 includes a dummy text and an attached encrypted file 700. The mailer 430 receives an instruction to open the encrypted file 700 by a user operation input. The mailer 430 delegates the operation on the encrypted file 700 to the encryption processing unit 440. In a terminal device that does not have the function of the encryption processing unit 440, the execution unit 710 is added to the encrypted file 700, and the execution format is set. In this case, the execution unit 710 is executed by the CPU of the terminal device, whereby the function of the encryption processing unit 440 is realized by the terminal device.

  [Step S22] The encryption processing unit 440 attempts to open the encrypted file 700. If the encryption processing unit 440 can be opened, it provides the user with the contents of the work file 700a. Then, the encryption processing unit 440 updates the encrypted file 700 in accordance with a user operation. As a result, the encryption processing unit 440 generates an encrypted file 700b. The encryption processing unit 440 outputs the encrypted file 700b to the mailer 430.

  [Step S23] The mailer 430 displays a mail transmission screen 960 on the monitor. In the mail transmission screen 960, the encrypted file 700b can be set in advance as an attached file.

  [Step S24] When the mailer 430 receives an operation of pressing the send button 965, the mailer 430 generates an e-mail 800a based on the input content of the e-mail transmission screen 960 and outputs the e-mail 800a to the transmission unit 460. The transmission unit 460 transmits the e-mail 800a to the address set in the destination input unit 961. Then, the process is completed.

  As described above, the terminal device 400 receives the update of the encrypted file 700 included in the received e-mail 800 and generates the encrypted file 700b. Then, the terminal device 400 attaches the encrypted file 700b to the e-mail 800a and transmits it to a designated transmission destination address such as a user of the terminal device 200.

Next, the procedure for updating the encrypted file 700 shown in step S22 will be described.
FIG. 18 is a flowchart showing encrypted file update processing of the terminal device. In the following, the process illustrated in FIG. 18 will be described in order of step number.

[Step S31] The encryption processing unit 440 starts to open the encrypted file 700.
[Step S32] The cryptographic processing unit 440 determines whether or not the key storage unit 410 can acquire a key corresponding to the transmission source domain. If the encryption processing unit 440 cannot obtain the password, the encryption processing unit 440 displays the password input screen 910 on the monitor and accepts the password input. The encryption processing unit 440 determines whether or not an appropriate key has been acquired with reference to the key storage unit 410 or based on the password input on the password input screen 910. If it can be obtained, the process proceeds to step S33. If it cannot be obtained, the process is completed.

  [Step S33] The encryption processing unit 440 decrypts the data stored in the data definition information storage unit 740 and the file control information storage unit 750 included in the encrypted file 700 using the acquired key. For example, if the encryption processing unit 440 decrypts a predetermined length part storing the data definition information storage unit 740 and the file control information storage unit 750 from the end of the encrypted file 700, it can appropriately decrypt these data.

[Step S34] The cryptographic processing unit 440 displays the operation selection screen 920 on the monitor.
[Step S35] The encryption processing unit 440 receives a pressing operation on each button on the operation selection screen 920. If a press operation on the mail content display button 921 is accepted, the process proceeds to step S36. If a pressing operation on the file list button 922 is accepted, the process proceeds to step S39.

  [Step S36] The encryption processing unit 440 obtains the mail content of the latest e-mail from the data storage unit 730 included in the encrypted file 700. For example, the encryption processing unit 440 can determine that the encrypted block located at the end of the data storage unit 730 corresponds to the latest electronic mail. For example, by setting the storage time of each email in the data definition information storage unit 740, the latest email can be determined from the time series of each email. The encryption processing unit 440 decrypts the text included in the latest electronic mail and displays the mail content display screen 930 on the monitor.

  [Step S37] The encryption processing unit 440 accepts a click operation (for example, double-click) on the attached file icon displayed on the attached file display unit 933 of the mail content display screen 930. Then, the encryption processing unit 440 decrypts the corresponding attached file and generates a decrypted file. The encryption processing unit 440 identifies an application (any one of the applications 450, 450a, and 450b) for referring to the decrypted file, and delegates the process to the decrypted file to the application 450.

  If editing of the decrypted file by the application 450 is allowed, the encryption processing unit 440 acquires the edited decrypted file when the application 450 attempts to save the edited decrypted file. Then, the encryption processing unit 440 reflects the contents in the corresponding encryption block (encryption block storing the attached file).

[Step S38] The cryptographic processing unit 440 accepts an operation of pressing the reply mail creation button 935 on the mail content display screen 930. Then, the process proceeds to step S42.
[Step S39] The encryption processing unit 440 displays the file list screen 940 on the monitor.

  [Step S40] The encryption processing unit 440 receives a click operation on the file displayed on the file information display unit 943 of the file list screen 940, and the like. Then, the cryptographic processing unit 440 executes processing according to the corresponding operation. For example, the encryption processing unit 440 receives a click operation (for example, double click) on the file displayed on the file information display unit 943. Then, the corresponding file is decrypted to generate a decrypted file, an application for referring to the decrypted file is specified, and processing for the decrypted file is delegated to the application. The process when editing the decrypted file is allowed is the same as step S37. The other processes are as described in FIG.

[Step S41] The cryptographic processing unit 440 accepts a pressing operation of the reply mail creation button 945 on the file list screen 940. Then, the process proceeds to step S42.
[Step S42] The encryption processing unit 440 displays the mail content editing screen 950 on the monitor.

  [Step S43] The encryption processing unit 440 accepts an operation for editing mail contents by the user. The cryptographic processing unit 440 can accept, for example, an operation of turning on / off the check box 952, an input of text to the body input unit 953, and an attachment operation of an attached file to the attached file display unit 954.

  [Step S44] The cryptographic processing unit 440 accepts a pressing operation of the save button 951 by the user. Then, the encryption processing unit 440 generates an encryption block 732 based on the content input on the mail content editing screen 950 and stores it in the data storage unit 730 of the encrypted file 700. The encryption block generation method corresponding to the input content of the mail content editing screen 950 is as described with reference to FIG. As a result, the encryption processing unit 440 generates an encrypted file 700b. The encryption processing unit 440 outputs the encrypted file 700b to the mailer 430. Then, the process is completed.

  In this way, the terminal device 400 generates the encrypted file 700b in which the mail content of the reply mail is stored in the encrypted file 700. The encrypted file 700b can store the entire mail including the mail text and attached file.

  In the above example, all the contents of the mail sent back by the terminal device 400 are encrypted, so any information about the mail contents on a predetermined relay server or communication path that passes through until reaching the external domain is displayed. Not known. Further, even if an erroneous transmission is made, the content of the mail cannot be referred to by the terminal device of the erroneous transmission destination, so that no information is known in the same manner.

For this reason, the terminal device 400 can appropriately protect confidential information described in the mail text and attached file.
In addition, even if the confidential data is encrypted and transmitted as an attached file as in the prior art, the receiver does not always properly handle the confidential data as the confidential data. For example, there is a possibility that it will be attached to a response mail without proper encryption of the confidential data, and will be returned / transferred. For this reason, it has been difficult to guarantee the risk of data leakage due to erroneous transmission of the recipient's response mail.

  On the other hand, the mail server 100 can appropriately handle the encrypted data even in the terminal device that has received the mail including the encrypted file or has received the subsequent transfer. For example, it is assumed that the e-mail 800a is transferred from the terminal device 400 to a user who uses the terminal device 500. In that case, the encrypted file 700b is similarly handled in the terminal device 500. That is, when the terminal device 500 cannot properly obtain the key, the contents of the encrypted file 700b cannot be referred to. On the other hand, when the terminal device 500 can properly obtain the key, the contents of the encrypted file 700b can be referred to. Then, when replying to the contents from the terminal device 500, the contents of the mail can be appropriately encrypted and returned and transferred.

  In this way, the mail server 100 can improve the security of not only the first transmission but also the electronic mail transmitted by the receiving terminal device and the subsequent transfer destination terminal device.

Therefore, the risk of leakage of data transmitted by electronic mail can be further reduced as compared with the conventional technology.
In steps S32 to S34, the operation selection screen 920 is displayed after the key has been acquired. On the other hand, after accepting the key, the operation selection screen 920 may not be displayed, and the screen may transit to either the mail content display screen 930 or the file list screen 940. Alternatively, both the mail content display screen 930 and the file list screen 940 may be displayed without displaying the operation selection screen 920.

  Further, the processes in steps S37, S40, and S43 are executed in response to a user operation, and are not always executed. That is, depending on the content of the user's operation, the process may proceed from step S36 to step S38. Similarly, the process may proceed from step S39 to step S41. Similarly, if there is no need to edit the content displayed on the mail transmission screen 960, the process may proceed from step S42 to step S44.

  In step S44, the encryption processing unit 440 may store the encrypted file 700b in the HDD 104 according to a user instruction. In that case, the user can create a new mail attached with the encrypted file 700 b stored in the HDD 104 by operating the mailer 430.

  Furthermore, when the mail server 100 includes an encrypted file in the received mail from the external domain to the internal domain, the mail server 100 may automatically decrypt the encrypted file. Below, the procedure of the reception process in that case is demonstrated. In the following, it is assumed that the e-mail 800a is transmitted to a user who uses the terminal device 200.

FIG. 19 is a flowchart showing mail reception processing of the mail server. In the following, the process illustrated in FIG. 19 will be described in order of step number.
[Step S51] The receiving unit 120 receives an e-mail 800a from an external domain. The receiving unit 120 outputs the email 800a to the holding unit 130. The holding unit 130 outputs the email 600 to the analysis processing unit 140.

  [Step S52] The analysis processing unit 140 refers to the header information and detects that the e-mail 800a is received from an external domain. The analysis processing unit 140 further analyzes the e-mail 800a and detects that the encrypted file 700b is included in the attached file.

[Step S53] The analysis processing unit 140 acquires the header information and the encrypted file 700b from the e-mail 800a and outputs the header information and the encrypted file 700b to the encryption processing unit 150.
[Step S54] The cryptographic processing unit 150 refers to the cryptographic processing setting table 111 stored in the control information storage unit 110 based on the header information, and acquires the cryptographic processing setting. The cryptographic processing unit 150 acquires cryptographic processing settings from the cryptographic processing setting table 111 using the transmission source address and transmission destination address included in the header information as keys. In this case, it is only necessary to search the encryption processing setting table 111 using a key obtained by replacing the transmission source address and the transmission destination address to obtain the encryption processing setting. For example, in the e-mail 800a, the transmission source address (From) is “hanako@g2.yyy.com”, the transmission destination address (To) is “taro@g1.xxx.com”, and the transmission destination address (cc) is “cc”. “Fuji-g@g1.xxx.com”. That is, the transmission source corresponds to “*@*.yyy.com” and the transmission destination corresponds to “*@*.xxx.com”. Therefore, the transmission source and the transmission destination are switched, and a record having the transmission source “*@**.xxx.com” and the transmission destination “**@*.yyy.com” is acquired.

  [Step S55] The encryption processing unit 150 decrypts the encrypted file 700b using the key included in the acquired encryption processing setting. As a result, the encryption processing unit 150 acquires the text and attached file included in the encrypted file 700b and outputs them to the analysis processing unit 140.

  [Step S56] The analysis processing unit 140 generates a new e-mail addressed to the user who uses the terminal device 200 based on the text and the content of the attached file. This e-mail is a normal e-mail that does not include an encrypted file. Then, the analysis processing unit 140 outputs the generated e-mail to the holding unit 130.

  [Step S57] The holding unit 130 outputs the e-mail acquired from the analysis processing unit 140 to the transmission unit 160 instead of the e-mail 800b. Note that the output timing can be the timing when the e-mail passes the audit or the timing when the virus check is completed, as in the case of transmission. The transmission unit 160 transmits the electronic mail acquired from the holding unit 130 toward the terminal device 200.

  As described above, when the mail received to the internal domain includes an encrypted file, the mail server 100 acquires a key corresponding to the terminal device 400 in the external domain and decrypts the encrypted file 700b. Can be replaced with regular email.

  Here, since security measures are sufficiently taken in the intranet 10, there may be a case where there is no need to make the user aware of mail encryption. In addition, since the user of the internal domain is a source of confidential information, there may be a case where there is no need to encrypt the confidential information directed to the internal domain. In such a case, by automatically replacing the e-mail from the external domain to the internal domain with a normal e-mail, it is possible to reduce the labor of the internal domain user when handling the mail.

  Note that the encryption processing function of the mail server 100 described in the second embodiment may be provided in a terminal device that transmits electronic mail. For example, when the terminal device 200 has the encryption processing function of the mail server 100, the terminal device 200 automatically generates an encrypted file based on the electronic mail when transmitting the electronic mail. Next, the terminal device 200 automatically generates an e-mail in which the encrypted file is set as an attached file. Then, the terminal device 200 transmits the electronic mail toward the destination address.

Thereby, even in an environment where the mail server 100 cannot be used, the same effect as that obtained by the mail server 100 can be obtained.
As described above, the e-mail processing program, e-mail processing apparatus, and e-mail processing method of the present invention have been described based on the illustrated embodiments. However, the present invention is not limited thereto, and the configuration of each unit has the same function. Any configuration can be substituted. Moreover, other arbitrary structures and processes may be added. Further, any two or more configurations (features) of the above-described embodiments may be combined.

DESCRIPTION OF SYMBOLS 1 E-mail processing apparatus 1a Input means 1b Encryption processing means 1c Output means 2, 4 E-mail 2a, 4a Body data 2b, 4b Attached file 3 Encrypted file

Claims (12)

Obtaining a first email including first body data and a first attachment;
Encrypting the first body data and the first attached file to generate an encrypted file, and generating unencrypted second body data;
Generating and outputting a second e-mail including the second text data and including the encrypted file as a second attached file;
An e-mail processing program for causing a computer to execute processing.   When the encrypted file is generated, the encrypted file is used as a file to be added by the receiving device by adding the body data input by the receiving device that receives the second e-mail and the data obtained by encrypting the attached file. The e-mail processing program according to claim 1, wherein the e-mail processing program is generated.   When the encrypted file is generated, it is stored in a storage unit that stores control information defining a key used when generating the encrypted file in association with a combination of a source address and a destination address of an e-mail. Based on the control information, a key corresponding to a source address and a destination address of the first electronic mail is obtained, and the first electronic mail is encrypted with the key to generate the encrypted file. The e-mail processing program according to claim 1, wherein the e-mail processing program is performed. In the control information, information indicating whether it is necessary to add a predetermined application program that performs encryption processing on the encrypted file in association with the combination is defined,
When it is necessary to add the predetermined application program to the encrypted file based on the control information stored in the storage unit when the encrypted file is generated, the predetermined file is added to the encrypted file. Add application programs in plaintext,
The e-mail processing program according to claim 3.   In the receiving device that receives the second e-mail when the encrypted file is generated, an update that indicates a time limit that allows the data included in the encrypted file to be referred to and an update that indicates whether or not the data can be updated 5. The e-mail processing program according to claim 1, further comprising policy information including a permission flag. An electronic mail including a first body data and an encrypted first attachment, wherein the first attachment includes the second body data and the second attachment;
Decrypting the first attached file to extract the second body data and the second attached file;
The second body data is output instead of the first body data as the body data of the acquired e-mail, and the second attachment is replaced as the attachment file of the e-mail instead of the first attachment file. Output a file,
An e-mail processing program for causing a computer to execute processing. Receiving third body data and a third attached file for responding to the e-mail;
The third body data and the data generated by encrypting the third attached file are added to the predetermined encrypted file acquired as the second attached file, and the fourth body data which is not encrypted is added. Produces
Generating and outputting a response e-mail including the fourth body data and the encrypted file as a fourth attached file;
7. The e-mail processing program according to claim 6, further causing the computer to execute processing.   Input whether to delete data currently included in the encrypted file before adding the data generated by encrypting the third body data and the third attached file to the encrypted file The electronic mail processing program according to claim 7, wherein the data is deleted when an input to delete the data is received. Input means for obtaining a first e-mail including first body data and a first attached file;
An encryption processing unit configured to generate an encrypted file by encrypting the first body data and the first attached file, and to generate unencrypted second body data;
Output means for generating and outputting a second e-mail including the second text data and including the encrypted file as a second attached file;
An e-mail processing apparatus comprising: An input unit including first body data and an encrypted first attached file, wherein the first attached file acquires an e-mail including the second body data and the second attached file;
Encryption processing means for decrypting the first attached file and extracting the second body data and the second attached file;
The second body data is output instead of the first body data as the body data of the acquired e-mail, and the second attachment is replaced as the attachment file of the e-mail instead of the first attachment file. An output means for outputting a file;
An e-mail processing apparatus comprising: A computer email processing method comprising:
The computer is
Obtaining a first email including first body data and a first attachment;
Encrypting the first body data and the first attached file to generate an encrypted file, and generating unencrypted second body data;
Generating and outputting a second e-mail including the second text data and including the encrypted file as a second attached file;
An e-mail processing method characterized by the above. A computer email processing method comprising:
The computer is
An electronic mail including a first body data and an encrypted first attachment, wherein the first attachment includes the second body data and the second attachment;
Decrypting the first attached file to extract the second body data and the second attached file;
The second body data is output instead of the first body data as the body data of the acquired e-mail, and the second attachment is replaced as the attachment file of the e-mail instead of the first attachment file. Output a file,
An e-mail processing method characterized by the above.

Images