JP2015084462A - Email transmission method, device, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To transmit emails with attached files having addresses of high security levels and addresses of low security levels by encrypting according to each security level.SOLUTION: By analyzing an address of an email with an attached file, when the security of the address is high, an email whose attached file may easily be decrypted is transmitted, and, when the security is not high, a plurality of the same mails are generated which are transmitted in such a way that the file may not be decrypted unless all the plurality of emails are received.

Description

  The present invention relates to a technique for encrypting an electronic mail attached with an electronic file.

  When an information leakage accident occurs in a company, the damage is not small, so it is necessary to focus on countermeasures. One of the main causes of information leakage accidents is erroneous email transmission.

  According to a report by JIPDEC (Japan Information Economy and Society Promotion Association), it was found that mis-sent emails were the most common cause of accidents in handling personal information. In the future, the importance of measures against information leakage due to erroneous email transmission will increase.

  From the viewpoint of information security, it is known that when a file is sent to a network with low security, it is highly effective to encrypt the file.

  As a related technique, there is a means for realizing encryption of mail transmission to the inside and outside of the company without the awareness of the sender / receiver by installing a public key server that holds the public key. One example is JP-A-2009-130749.

JP2009-130749

  There is a technique for encrypting an electronic file when the electronic file is attached and transmitted by mail. If electronic file encryption software is used, even if an e-mail is leaked to the outside, data is converted according to certain rules (algorithms), so it is not easy to read the contents of the electronic file. Is possible. However, because the problem here is that the electronic file is encrypted and sent to all destinations regardless of the destination, the electronic file was originally encrypted even for destinations that do not need to be sent encrypted. An electronic file has been sent. For this reason, the number of steps for restoring the encrypted electronic file is increased for a recipient who does not require encryption, which is a burden on the user.

  Further, in the invention described in Patent Document 1, by encrypting the user without being aware of the mail transmission / reception, even if the mail is leaked to the outside, the content of the mail can be decrypted by a third party. It is impossible. However, since the recipient's public key must be held in advance, applicable destinations are limited.

  An object of the present invention is to provide a mail transmission technique that improves security by encrypting an electronic mail having an attached file and suppresses a load on the user by the encryption.

  In order to solve the above-described problems, the present invention analyzes the destination of an email with an attached file, and when the security of the destination is high, sends an email that can easily expand the attached file, to a destination with low security. Generates a plurality of mails and sends the mails so that the files cannot be expanded unless the plurality of mails are received.

  According to the present invention, an electronic file is encrypted or transmitted without being encrypted according to a destination, and a burden on a user can be reduced.

It is a figure which shows the system configuration | structure concerning one Example of this invention. It is a figure which shows the structure of mail server A10 concerning one Example of this invention. It is a figure which shows the data structure of the mail information table 407 concerning one Example of this invention. It is a flowchart of the electronic mail transmission concerning one Example of this invention. It is a flowchart of mail information analysis and attachment file encryption according to an embodiment of the present invention. (A)-(c) is a mail structure in each step concerning one Example of this invention. It is a figure which shows the structure of user terminal A11 concerning one Example of this invention. It is a flowchart of the electronic mail transmission concerning one Example of this invention. (A)-(b) is a mail structure in each step concerning one Example of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 shows a configuration example for encrypting in consideration of a destination when an electronic file according to the present embodiment is attached to a mail and transmitted. This configuration example includes an in-house system environment 2 in which a plurality of terminals such as a user terminal A11 and a user terminal B12 are connected to a mail server A10 and a DNS (Demain Name System) server 30, an external mail server B13, and a user terminal C14. The external system environment 1 is connected via the network 20.

  In-house system environment 2 is high security. On the other hand, the network 20 used for connection with the external system environment 3 is assumed to be the Internet, and it is estimated that the security is not as high as in the internal system environment 2. For this reason, the e-mail may be intercepted illegally and information leakage may occur.

  Each user terminal is a terminal operated by a user with an input device, a display device (not shown), and the like, and corresponds to a PC, a tablet, a smart phone, a mobile phone, and the like.

  The mail server A10 is a server for sending and receiving mail. In this embodiment, the mail server A10 has a characteristic configuration for implementing the present invention as a server on the transmission side. Details will be described later. In this embodiment, the mail server B13 serves as a receiving server, and a general mail server is also applicable. As a general function, the DNS server 30 has a function of returning an IP address corresponding to a domain in response to an inquiry from a mail server.

  FIG. 2 is a diagram illustrating a configuration example of the mail server A10. The mail server A10 includes a control unit (processor) 401 and a network interface unit 402. As a program in the storage unit 400, a mail transfer function 403, an address analysis function 404, a DNS server connection function 405, and an attached file encryption And a function 406. The mail transfer function 403 and the DNS server connection function 405 are functions that a general mail server (for example, mail server B13) also has. These programs are read on the control unit 401 and perform their functions. The storage unit 400 also stores a mail information table 407.

  The mail transfer function 403 has a function of receiving mail and sorting and sending it by destination. The address analysis function 404 has a function of analyzing mail information transmitted from the user terminal A11 or the user terminal B12 and received by the mail server A10. The DNS server connection function 405 has a function of acquiring a zone file necessary for address analysis by the address analysis function 404 from the DNS server 30 via the network interface unit 402 and discarding it after use. . The attached file encryption function 405 encrypts the mail and performs the operations described later associated therewith.

  FIG. 3 is a diagram showing a data configuration of the mail information table 407 provided in the mail server A10. The mail information table 407 is a table for storing mail information received by the mail server A10 from the user terminal, and is also used when analyzing by the address analysis 404. The mail information table stores an ID (IDentification) 500, a mail number 501, a transmission source address 502, a transmission destination address 503, a status 504, an attached file 505, and a transmission date and time 506 in association with each other. ID 500 stores each record number. The mail number 501 is a number for managing the relevance of each record, and when sent in the same mail, the same number is assigned and stored. The source address 502 stores the address of the side that sent the mail information. The destination address 503 stores the address on the side that receives the mail information. The state 504 stores in which state “TO”, “CC”, and “BCC” is transmitted from the transmission source address 502 with respect to the transmission destination address 503. The attached file 505 stores an attached file name if an attached file exists when a mail is transmitted from the transmission source address 502 to the transmission destination address 503. The transmission date and time 506 is stored in the format “yyyy / mm / dd hh: mm: ss” when the mail information is transmitted. In the present embodiment, necessary information is a transmission destination address 503, an attached file 505, and a transmission date / time 506.

  FIG. 4 is an example of a flow for encrypting in consideration of a destination when an electronic file according to the present embodiment is attached to a mail and transmitted.

  The user terminal A11 designates the user of the user terminal B12 in the company and the user of the user terminal C14 outside the company as destinations, and transmits an email having an attached file to the mail server A (S600).

  In the mail server A10, the mail transfer function 403 receives the mail with the attached file (S601) and stores the mail information in the mail information table 407 (S602).

  Subsequently, mail information analysis / attached file encryption 603 is performed based on the mail information stored in the mail information table. In the mail information analysis, if the destination address is in-house, the attached file is sent without being encrypted, and if it is not (address addressed outside the company), the attached file is sent via the attached file encryption function 406. Is encrypted and sent. The destination address is determined by mail information analysis / attached file encryption 603. A detailed analysis method will be described later.

  When it is determined that the transmission destination address is in-house, the mail transfer function 403 of the mail server A10 performs attachment file transmission 604 to the user terminal B12. Since the user terminal B12 receives the unencrypted attached file 605, the user terminal B12 can expand the file without restoring the file.

  If it is determined that the destination address is outside the mail, the mail transfer function 403 sends the mail server B13 to the mail server B13 after the attached file encryption function 405 encrypts the attached file in the mail information analysis / attached file encryption 603. Attached file transmission 604 is performed. Then, the mail server B13 receives the encrypted attached file (S606). Further, the attached file encryption function 405 generates a PW (Pass Word) as a key for restoring the file at the time of encryption. The PW may be generated randomly based on a predetermined rule. The mail transfer function 403 of the mail server A10 transmits a PW mail in which the PW necessary for restoring the encrypted attached file is transmitted to the mail server B13 (S607), and the mail server B13 receives the PW file reception 608. do. The client terminal C14 receives a mail and a PW mail having a file encrypted by checking its own mailbox of the mail server B13, and restores the encrypted file using the PW.

  FIG. 5 is an example of a flowchart of mail information analysis / attached file encryption (S603) according to the present embodiment. The mail transfer function 403 of the mail server A10 stores the mail information in the mail information table 407 when the attachment file reception (S601) is confirmed. The address analysis function 404 acquires the “transmission destination address” of the mail information from the mail information table 407 (S700). Then, the acquired transmission destination address 503 is used to determine whether it is an internal address or an external address. First, the process determines 701 whether the domain of the destination address 503 is “@ zzz.com” or “@ ml.zzz.co.jp”, which is an in-house domain.

  If it is determined in the in-house domain in the determination in S701, the attached file can be transmitted without encrypting the attached file (S604). The address is based on the internal domain “@ zzz.com” or “@ ml.zzz.co.jp” used in the mailing list for internal parties, and when the other address is the destination address value, A zone file managed by the DNS server 30 is used to determine whether it is in-house or outside the company. A zone file is a file that manages the names and IP addresses of hosts belonging to a domain. By referring to the domain name described in the zone file of the in-house DNS server, the internal address and external address are determined. Is possible.

  If the internal domain is not determined in S701, the DNS server connection function 405 connects to the internal DNS server 30 (S702), and acquires a zone file managed by the internal DNS server 30 (S703). ). Using the acquired zone file, it is searched whether the transmission destination address is a domain name described in the zone file (S704). If the corresponding description does not exist after the search, it is determined that the address is outside the company. After discarding the zone file 705 and encrypting the attached file 706, the encrypted attached file is sent by mail (S604). If the corresponding description exists after the search, it is determined that the address is a company address. The zone file is discarded 705, file encryption is omitted, and an unencrypted attached file is sent by mail (S604).

  FIG. 6 is a diagram illustrating an example of a mail configuration at each stage when an electronic file according to the present embodiment is attached to a mail and transmitted.

  The mail configuration 801 in FIG. 6A is a mail configuration when being transmitted from the client terminal A11 to the mail server A10 and when being transmitted from the mail server A10 to the client terminal B12. The attached file is not encrypted.

  The mail configuration 802 in FIG. 6B is a mail configuration when it is transmitted from the mail server A10 to the mail server B13. The difference is that the attached file is encrypted with respect to the mail configuration 801 by performing the mail information analysis / attached file encryption 603 in the mail server A10.

  The mail configuration 803 in FIG. 6C is a configuration of PW mail describing PW. In order for the receiver to associate the encrypted electronic file with the PW necessary for restoration without difference, the transmission date and time, the transmission source address, and the attached file name of the mail configuration 803 are described in the mail of the PW file transmission 607. Information indicating the PW mail may be described in the structure 802 of the encrypted mail.

  In this embodiment, the electronic file “patent.doc” is attached from the user terminal A11 to the client terminal C14 via the external mail server B13 in the “TO” state and to the user terminal B12 in the in-house state of “CC”. Suppose you send an e-mail. Mail transmission information is stored in the mail server A10, and mail information analysis 603 is performed. Here, the user terminal B12 whose transmission destination address value is “@ zzz.com” transmits the attached file 604 without encrypting the attached file. However, the mail server B13 outside the company does not have a destination address value of “@ zzz.com” or “@ ml.zzz.co.jp”, so the zone file is acquired after connecting to the DNS server, and the destination address of the mail server B13 is acquired. Search whether the value is described in the zone file. Since the external address is not described in the zone file, the attached file “patent.doc” is encrypted and transmitted to the mail server B13.

  In this embodiment, PW file transmission 607 is performed separately from the attached file transmission. In the PW file, the transmission date and time, the transmission source address, and the attached file name are described in the PW file. Therefore, even when a plurality of encrypted files are transmitted, which PW is associated with which encrypted file is restored. Can be recognized by the recipient without any difference.

  In this embodiment, the attached file encrypted mail transmission / reception is performed. Alternatively, the file may be reproduced by dividing the file by the secret sharing method and collecting the divided files. These files become tally files, and a single tally file cannot be reproduced, and can only be reproduced by collecting all (or more than a predetermined number) of tally files divided (tallyed) from the original file. Therefore, when sending mail to a destination outside the domain, the attachment file encryption function of the mail server creates multiple mails from a single mail, attaches the attached files to multiple files, attaches them to each mail, If it is sent to the same destination, the same effect as sending a file encryption and a decompression key such as PW by another mail can be obtained.

  In addition, the sender and the receiver may be notified of which destination has been encrypted and which has not been encrypted. For example, when the mail server A10 performs encryption, a mail describing the presence / absence of encryption for each destination together with information specifying the mail transmitted by the user terminal A11 may be transmitted to the user terminal A11. In addition, for the recipient, the presence or absence of encryption for each destination may be described in the mail with attached file or PW mail that is instructed to be sent, or the presence or absence of encryption for each destination in a different mail. You may let me know.

  In the first embodiment, the mail server A10 encrypts the file attached to the mail. In this embodiment, the user terminal A11 that is the mail transmission source performs encryption.

  As in the first embodiment, the configuration of the present embodiment includes the mail server A10, the user terminal A11, the user terminal B12, the mail server B13, the user terminal C14, the network 20, and the DNS server 30 shown in FIG. Of these, the configuration other than the user terminal A11 may be a conventional configuration.

  FIG. 7 shows the configuration of the user terminal A11. A storage unit 900, a control unit 901, and a network interface 902 are provided. In the storage unit, a mail creation function 903, an address analysis function 904, a mail transmission function 905, an attached file encryption function 906 that function on the control unit as programs, and a domain information table 907 as a database are stored as mail software. ing. In this embodiment, the mail software is stored in the terminal, but it may be a cloud type service application instead.

  The mail creation function 903 creates a mail by creating a mail text or setting a destination in accordance with a user operation. The domain information table 907 stores a domain, and can determine whether it is an in-house domain with reference to this. Other functions are the same as those of the first embodiment.

  FIG. 8 is a flowchart of mail transmission of the user terminal A11 in the present embodiment.

  First, the user terminal A11 creates a mail including a destination, a text, and an attached file by a user operation, and receives a transmission instruction (A1001).

  The address analysis function acquires the address of the mail destination and refers to the domain information table 907 to determine whether the destination is an internal domain or an external domain (S1002).

  When the transmission destination includes the in-house domain, an unencrypted mail is transmitted to the in-house domain destination (S1003, S1004). The mail at this time is shown in FIG. As shown in the mail configuration 801 in FIG. 6, the created mail includes an external domain destination, an internal domain, and an unencrypted attached file. The attached file encryption function 906 is changed as in the mail configuration 1101, and the mail transmission function 905 transmits it to the mail server A10. That is, the destination (TO) of the external domain is deleted and the destination is entered in the mail text. This mail is transmitted to the destination (CC) of the in-house domain.

  The reason for deleting the transmission destination (TO) is that the mail server A10 or the like does not transmit this mail to the external domain. If the mail server A10 performs encryption processing and sends a mail in a different format for each destination, the mail server A10 and the subsequent mail servers are receiving mail servers (POP3 servers) for each domain. You can change the mail format for each domain without problems even if there is a destination that does not send. However, in the present embodiment, since the mail software in the user terminal performs encryption, the transmission mail server (SMTP) sends the same mail to all the destinations. Therefore, a plurality of types of mails are created for each destination, and destinations not targeted for transmission are deleted. Also, in order to tell where the attached file is sent including the encrypted one, send it to the part other than the destination (for example, in the text or newly created attached file) Describe the destination. Further, information regarding whether or not encryption is performed may be added to each destination. As a result, a mail having an attached file that is not encrypted is transmitted only to a destination in the company domain.

  Next, when the transmission destination includes an external domain, the mail and the PW mail in which the attached file is encrypted are transmitted to the external domain destination (S1005, S1006, S1006). The mail at this time is shown in FIG. The created mail is as shown in the mail configuration 801 in FIG. 6A. The attached file encryption function 906 is changed to the mail configuration 1101 and the mail transmission function 905 is changed to the mail server A10. Send. That is, the destination (CC) of the in-house domain is deleted from the attached file, and the destination is entered in the mail text. This mail is transmitted to the destination (TO) of the external domain. This is because an unencrypted mail is sent to the address in the company domain, and it is not necessary to send this mail. Similarly, the initial transmission destination is described. Further, information regarding whether or not encryption is performed may be added to each destination.

  Further, as in the first embodiment, the PW mail described in the mail configuration 803 in FIG. 6C is transmitted.

  As in the first embodiment, a plurality of tally files that are tallyed by the secret sharing method may be attached to a plurality of e-mails in place of the encrypted mail and the PW mail. The sender and receiver may be notified of the presence or absence of encryption for each destination.

  By doing so, a conventional mail server can be used, and mail can be sent with the attached file encrypted according to the destination by mail software.

  DESCRIPTION OF SYMBOLS 1 ... Outside system environment, 2 ... In-house system environment, 10 ... Mail server A (in-house), 11 ... User terminal A (transmission source), 12 ... User terminal B (transmission destination) , 13 ... mail server B (outside), 14 ... user terminal C, 20 ... network, 30 ... DNS server, 400 ... storage unit, 401 ... control unit, 402. Network interface 403... Program 404 address analysis function 405 DNS server connection function 406 attachment file encryption function 407 mail information table

Claims (9)

An address determination unit for determining whether the address of the first mail having the attached file corresponds to either the first address or the second address;
The mail transmitting unit transmits the second mail to the destination when the determined destination is the first destination, and when the determined destination is the second destination, 4 and generating and sending to the destination,
The attached file attached to the first mail can be expanded based on the second mail, the attached file can be expanded based on the third mail and the fourth mail, and the first A mail transmission method characterized in that the attached file cannot be expanded in one of the third mail and the fourth mail. In claim 1,
The third mail has the encrypted attachment;
The mail transmission method according to claim 4, wherein the fourth mail has key information for decompressing the encrypted attached file. In claim 1,
The third mail and the fourth mail each have a part of the attached file divided into a plurality of parts. In any one of Claims 1 thru | or 3,
The mail transmission method, wherein the second mail includes the attachment file that is not encrypted. In any one of Claims 1 thru | or 4,
The first mail has a destination determined as the first destination and a destination determined as the second destination,
The mail transmission method, wherein the mail transmission unit transmits the second mail, the third mail, and the fourth mail to the first mail. In any one of Claims 1 thru | or 5,
Before the destination determining step, the mail receiving unit includes a receiving step of receiving the first mail having the attached file,
The mail transmission method, wherein the mail reception unit, the destination determination unit, and the mail transmission unit are provided in a mail server. In any one of Claims 1 thru | or 5,
Before the destination determination step, the mail creation unit includes a mail creation step of creating a first mail having the destination and the attached file,
The mail transmission method, wherein the mail creation unit, the destination determination unit, and the mail transmission unit are provided in a user terminal or a server connected thereto. An address determination unit for determining whether the address of the first mail having the attached file corresponds to the first address or the second address;
When the determined destination is the first destination, the second mail is transmitted to the destination, and when the determined destination is the second destination, the third mail and the fourth mail are sent. And a mail transmission unit that generates and transmits to the destination,
The attached file attached to the first mail can be expanded based on the second mail, the attached file can be expanded based on the third mail and the fourth mail, and the first An information processing apparatus characterized in that the attached file cannot be expanded on one of the third mail and the fourth mail. Computer resources,
An address determination function for determining whether the address of the first mail having the attached file corresponds to the first address or the second address;
When the determined destination is the first destination, the second mail is transmitted to the destination, and when the determined destination is the second destination, the third mail and the fourth mail are sent. Function as an email sending function to generate and send to the destination,
The attached file attached to the first mail can be expanded based on the second mail, the attached file can be expanded based on the third mail and the fourth mail, and the first An information processing program characterized in that the attached file cannot be expanded in one of the third mail and the fourth mail.

Images