JP3863139B2 - Communication method, communication system, and communication program - Google Patents

Description

  The present invention relates to a communication method, a communication system, and a communication system for performing communication between a caller communication terminal and a receiver communication terminal in response to a communication request from the caller communication terminal using a receiver identifier that uniquely identifies the receiver It relates to a communication program.

  Conventionally, in an e-mail system on the Internet, an e-mail address uniquely identifying each user is issued, and when sending an e-mail, an e-mail addressed to the e-mail address of the e-mail recipient is created, A mail server or a transmission server (SMTP server) of the provider is requested to send mail.

  Since the mail requested to be sent in this way reaches the mail server of the destination address or the incoming server (POP server) via the Internet and is stored in the corresponding mailbox, the mail from the mailbox by the incoming user Can be taken out.

  Here, in order to improve the efficiency of address management, the above-mentioned e-mail address is generally given “one per user”. For example, in Patent Document 1, online e-mail service is provided online. One of a plurality of account candidates is given to the applicant.

JP 10-198613 A

  However, in the case of “one user and one e-mail address” in principle as in the prior art, each user's e-mail address is illegally leaked to a third party, so that spam mail is generated for each user. There is a problem. For example, when a user applies for a sweepstakes or applies for mail order on the WEB, an e-mail address is often entered as a contact information, but the e-mail address is propagated to a third party as a mailing list. As a result, direct mail concentrates on the user, and efficient use of the mail address is hindered.

  Therefore, in such a case, the user needs to discard the already acquired mail address and acquire a new mail address. However, it takes time to acquire a new mail address, and the address change is made to an acquaintance. The user must perform an originally unnecessary procedure of notification. For these reasons, when e-mails are used, it is important to suppress junk e-mails associated with e-mail address leakage and diffusion.

  In addition, in order to prevent spam mails due to e-mail address leakage and diffusion, it is possible to use an ad hoc address that is valid only for a certain period of time, but when a user uses a large number of ad hoc mails, It becomes impossible to know which user the address belongs to, and this may cause a mail transmission destination error. For this reason, it is conceivable to directly embed information that identifies the user in the ad hoc address, but if the information that identifies the user is simply embedded, the relationship between the ad hoc address and the user is understood by a third party. As a result, there is a problem that unsolicited e-mails are caused by unauthorized use of ad hoc addresses.

  Therefore, how to realize an email delivery system that enables each user to efficiently grasp the relationship between email addresses and recipients while preventing spam emails caused by unauthorized use of email addresses by third parties. Has become an important issue. Such a problem is a problem that occurs not only when a mail address is targeted but also when various recipient identifiers such as telephone numbers are used.

  The present invention has been made to solve the above-described problems (problems) of the prior art, and each user can receive the receiver identifier and the receiver identifier while preventing unauthorized use of the receiver identifier by a third party. It is an object of the present invention to provide a communication method, a communication system, and a communication program that can efficiently grasp a person's relationship.

  In order to solve the above-described problem, the present invention provides a communication request between a caller communication terminal and a receiver communication terminal in response to a communication request from a caller communication terminal using a receiver identifier that uniquely identifies the receiver. A communication method for performing communication, and generating verification information for a disclosure identifier based on communication condition information indicating communication conditions when communicating with the recipient and the recipient identifier or user information corresponding to the recipient identifier Verification information generating step, and a disclosure identifier generating step for generating a disclosure identifier that can be identified for each receiver including the receiver identifier or user information and communication condition information and the verification information generated by the verification information generation step And when receiving a communication request from the caller communication terminal based on the disclosure identifier generated by the disclosure identifier generation step, based on the verification information. Verifying the validity of the identifier for disclosure, and when the identifier for disclosure is valid by the verification step and the communication condition information included in the identifier for disclosure is satisfied, the communication A communication establishing step for establishing communication between the sender communication terminal and the receiver communication terminal according to the request.

  Further, the present invention is the above invention, wherein the verification information generating step includes delivery condition information indicating a delivery condition of a message to be delivered to a recipient communication terminal and a recipient address that uniquely identifies the recipient or the recipient address. The verification information of the disclosure address is generated based on the user information corresponding to, and the disclosure identifier generation step can be identified for each recipient address including the recipient address or the user information and the delivery condition information and the verification information. A valid disclosure address is generated based on the verification information when the verification step receives a message having the disclosure address generated by the disclosure identifier generation step as a destination address. It is characterized by verifying sex.

Further, the present invention is the above invention, wherein the verification information generating step uses the call condition information used when making a call connection to the recipient telephone terminal and the user identifier corresponding to the recipient telephone number to the recipient telephone terminal. A verification telephone number verification information that is used as a destination telephone number when making a call and is disclosed to a caller is generated, and the disclosure identifier generation step includes a user corresponding to the receiver telephone number. A disclosure telephone number that can be identified for each recipient including the identifier, the call condition information, and the verification information is generated, and the verification step uses the disclosure telephone number generated by the disclosure identifier generation step as a destination telephone number. When a call connection request is received, the validity of the disclosure telephone number is verified based on the verification information.

  Also, in the present invention according to the above invention, the verification information generating step uses a predetermined signature key as a key for the receiver identifier or a character string obtained by combining user information corresponding to the receiver identifier and communication condition information. The verification information is generated by applying a keyed hash function.

  Further, the present invention is the above invention, wherein the verification step includes the signature key for a receiver identifier extracted from the disclosure identifier or a character string obtained by combining user information corresponding to the receiver identifier and communication condition information. The comparison function is generated by applying the keyed hash function using the key as a key, and when the comparison information matches the verification information, the disclosure identifier is verified as valid.

  Further, in the present invention, in the above invention, the communication establishing step may be performed when the disclosure identifier is not valid or the communication condition information included in the disclosure identifier is not satisfied by the verification step. It is characterized by rejecting the request.

  Further, according to the present invention, in the above invention, the communication establishment step extracts the communication condition information from the disclosure identifier and the extracted communication condition only when the disclosure identifier is valid by the verification step. It is characterized by determining whether or not information communication conditions are satisfied.

  In the present invention, the disclosure identifier generating step encrypts the verification information generated by the verification information generating step and the communication condition information by a predetermined encryption logic using a predetermined encryption key. The disclosed identifier including the encrypted data together with the recipient identifier is generated for each recipient, and the verification step is performed by the sender communication terminal based on the disclosure identifier generated by the disclosure identifier generating step. When the communication request is received, the encrypted data included in the disclosure identifier is decrypted by the encryption logic using the decryption key corresponding to the encryption key, and the communication condition information and the verification information are extracted. The validity of the identifier for disclosure is verified based on the extracted verification information.

  Further, according to the present invention, in the above invention, whether the verification step is an effective combination of communication condition types forming the communication condition information obtained by decrypting the encrypted data included in the disclosure identifier. Whether or not the communication condition value forming the communication condition information is within a valid range, and if the combination is not a valid combination or is not within the valid range, the disclosure identifier is invalid. It is characterized by determining.

  The present invention also includes a receiver communication terminal used by the receiver and a caller communication terminal that makes a communication request to the receiver communication terminal, and uses a receiver identifier that uniquely identifies the receiver. A communication system for performing communication between the caller communication terminal and the receiver communication terminal in response to a communication request from the caller communication terminal, wherein the communication condition information indicates a communication condition when communicating with the receiver; and A verification information generating unit that generates verification information of a disclosure identifier based on a receiver identifier or user information corresponding to the receiver identifier, and generated by the receiver identifier or user information and communication condition information and the verification information generating unit A disclosure identifier generating device having a disclosure identifier generating means for generating a disclosure identifier that can be identified for each recipient including the verified verification information, and the disclosure identifier generator A verification unit that verifies the validity of the disclosure identifier based on the verification information when receiving a communication request from the caller communication terminal based on the disclosure identifier generated by the unit, and the verification unit Communication that establishes communication between the sender communication terminal and the receiver communication terminal in accordance with the communication request when the disclosure identifier is valid and the communication condition information included in the disclosure identifier is satisfied. And a filtering device having establishment means.

  Also, in the present invention according to the above invention, the verification information generation means uses a predetermined signature key as a key for a character string obtained by combining the receiver identifier or user information corresponding to the receiver identifier and communication condition information. The verification information is generated by applying a keyed hash function.

  Also, in the present invention according to the above-mentioned invention, the verification means may include the signature key for a recipient identifier extracted from the disclosure identifier or a character string obtained by combining user information corresponding to the recipient identifier and communication condition information. The comparison function is generated by applying the keyed hash function using the key as a key, and when the comparison information matches the verification information, the disclosure identifier is verified as valid.

  Further, the present invention provides the master key table in which a plurality of master keys are registered and the signature key selected from the master key table in response to a request for the signature key from the disclosure identifier generating device. A signature key issuing device having a signature key generating means for generating a key, wherein the verification information generating means corresponds to the receiver identifier or the receiver identifier using a signature key received from the signature key issuing device. The verification information is generated by applying a keyed hash function to a character string obtained by combining user information and communication condition information.

  In addition, the present invention is used in a communication system that performs communication between a caller communication terminal and a receiver communication terminal in response to a communication request from the caller communication terminal using a receiver identifier that uniquely identifies the receiver. Verification information which is a communication program and generates verification information for a disclosure identifier based on communication condition information indicating communication conditions when communicating with the recipient and user information corresponding to the recipient identifier or the recipient identifier A generation identifier, a disclosure identifier generation procedure for generating a disclosure identifier that can be identified for each receiver including the recipient identifier or user information and communication condition information, and verification information generated by the verification information generation procedure, When a communication request from the caller communication terminal based on the disclosure identifier generated by the disclosure identifier generation procedure is received, the verification information A verification procedure for verifying the validity of the disclosure identifier, and when the disclosure identifier is valid by the verification step and satisfies the communication condition information of the communication condition information included in the disclosure identifier, According to a communication request, a computer is caused to execute a communication establishment procedure for establishing communication between the sender communication terminal and the receiver communication terminal.

  Further, the present invention is the above invention, wherein the verification information generation procedure uses a predetermined signature key as a key for a character string obtained by combining the receiver identifier or user information corresponding to the receiver identifier and communication condition information. The verification information is generated by applying a keyed hash function.

  Further, the present invention is the above invention, wherein the verification procedure includes the signature key for a receiver identifier extracted from the disclosure identifier or a character string obtained by combining user information corresponding to the receiver identifier and communication condition information. The comparison function is generated by applying the keyed hash function using the key as a key, and when the comparison information matches the verification information, the disclosure identifier is verified as valid.

  The communication method according to the present invention generates verification information for an identifier for disclosure based on communication condition information indicating a communication condition when communicating with a receiver, and a receiver identifier or user information corresponding to the receiver identifier. When a communication request from a caller communication terminal based on the generated disclosure identifier is received, a disclosure identifier that can be identified for each receiver including a user identifier or user information and communication condition information and verification information is generated. The validity of the disclosure identifier is verified based on the verification information. When the disclosure identifier is valid and the communication conditions of the communication condition information included in the disclosure identifier are satisfied, the sender is requested according to the communication request. Since communication is established between the communication terminal and the receiver communication terminal, even if a third party has tampered with the communication condition information of the disclosure identifier, Because it can verify the presence or absence of forgery (validity), it is possible to prevent unauthorized use of the recipient identifier. Further, since a disclosure identifier that can be identified for each recipient is used, each user can efficiently grasp the relationship between the recipient identifier and the recipient. Furthermore, since the verification information is embedded in the disclosure identifier to check the validity, no problem occurs even if the communication condition information is embedded in the disclosure identifier as it is.

  The communication method according to the present invention is based on delivery condition information indicating delivery conditions of a message delivered to a recipient communication terminal, and a recipient address that uniquely identifies the recipient or user information corresponding to the recipient address. The verification information of the disclosure address is generated, a disclosure address that can be identified for each recipient address including the recipient address or the user information, the delivery condition information, and the verification information is generated, and the generated disclosure address is set as the destination address. Since the validity of the disclosure address is verified based on the verification information when the message is received, the fraud can be corrected even if the communication condition information of the disclosure address is altered by a third party. By using the verification information, it is possible to prevent an unauthorized disclosure address from being used.

In addition, the communication method according to the present invention uses the call condition information when connecting to the recipient telephone terminal and the user identifier corresponding to the recipient telephone number, and the destination telephone number when calling the recipient telephone terminal. It is possible to identify each receiver including the user identifier corresponding to the receiver telephone number , the call condition information, and the verification information. Since a telephone number for disclosure is generated, and when a call connection request with the generated telephone number for disclosure as a destination telephone number is received, the validity of the telephone number for disclosure is verified based on the verification information. Even if a third party falsifies the communication condition information of the disclosure telephone number, the fraud can be confirmed by the verification information, thereby preventing unauthorized use of the disclosure telephone number.

  The communication method according to the present invention applies a keyed hash function using a predetermined signature key as a key to a receiver identifier or a character string obtained by combining user information and communication condition information corresponding to the receiver identifier. Therefore, the verification information can be efficiently generated using the keyed hash function.

  In addition, the communication method according to the present invention includes the receiver identifier extracted from the disclosure identifier or the key with a signature key as a key for a character string obtained by combining user information and communication condition information corresponding to the receiver identifier. Since the comparison information is generated by applying the hash function and the disclosure identifier is verified to be valid when the comparison information matches the verification information, the validity of the disclosure identifier can be verified quickly and efficiently. Can be verified.

  Further, the communication method according to the present invention is configured to reject the communication request when the disclosure identifier is not valid or when the communication condition of the communication condition information included in the disclosure identifier is not satisfied. Even if there is an unauthorized communication request that has been altered, communication connection to the receiver is not established, and it is possible to prevent a situation in which the receiver is bothered by an unauthorized communication request.

  In addition, the communication method according to the present invention extracts communication condition information from the disclosure identifier only when the disclosure identifier is valid, and determines whether the communication condition of the extracted communication condition information is satisfied. Therefore, it is not necessary to make a determination based on the communication condition information when an injustice is detected at the verification information level, so that the processing efficiency can be improved.

  The communication method according to the present invention also identifies each receiver including encrypted data obtained by encrypting the generated verification information and communication condition information by a predetermined encryption logic using a predetermined encryption key together with the receiver identifier. When a possible disclosure identifier is generated and a communication request from a caller communication terminal based on the generated disclosure identifier is received, the disclosure identifier is converted into the disclosure identifier by the same encryption logic using the decryption key corresponding to the encryption key. Since the encrypted data included is decrypted to extract the communication condition information and the verification information, and the validity of the identifier for disclosure is verified based on the extracted verification information, a user who attempts fraud operates only the verification code Making it impossible to make brute force attacks difficult.

  Further, the communication method according to the present invention determines whether or not the communication condition type forming the communication condition information obtained by decrypting the encrypted data included in the disclosure identifier is an effective combination. It is configured to determine whether the disclosure identifier is invalid if the communication condition value forming the value is within the valid range, and if it is not a valid combination or not within the valid range, The validity of the identifier for disclosure can be determined quickly and efficiently. This is particularly effective when an address is generated by a brute force attack.

  Further, the communication system according to the present invention generates verification information for an identifier for disclosure based on communication condition information indicating communication conditions when communicating with a recipient and the recipient identifier or user information corresponding to the recipient identifier. And a disclosure identifier generating device that generates a disclosure identifier that can be identified for each receiver including the receiver identifier or user information and communication condition information and verification information, and a sender communication terminal based on the generated disclosure identifier. When the communication request is received, the validity of the disclosure identifier is verified based on the verification information, the disclosure identifier is valid, and the communication condition information of the communication condition information included in the disclosure identifier is satisfied. In this case, since the communication between the caller communication terminal and the receiver communication terminal is established according to the communication request, the communication condition information of the identifier for disclosure is provided by a third party. Since even when the tampering can be verified whether the forgery by verification information (validity), it is possible to prevent unauthorized use of the recipient identifier. Further, since a disclosure identifier that can be identified for each recipient is used, each user can efficiently grasp the relationship between the recipient identifier and the recipient. Furthermore, since the verification information is embedded in the disclosure identifier to check the validity, no problem occurs even if the communication condition information is embedded in the disclosure identifier as it is.

  In addition, the communication system according to the present invention applies a hash function with a key using a predetermined signature key as a key to a character string obtained by combining a receiver identifier or user information corresponding to the receiver identifier and communication condition information. Therefore, the verification information can be efficiently generated using the keyed hash function.

  Further, the communication system according to the present invention includes a keyed hash having a signature key as a key for a character string obtained by combining a receiver identifier extracted from a disclosure identifier or user information corresponding to the receiver identifier and communication condition information. Since the comparison information is generated by applying the function, and the disclosure identifier is verified to be valid when the comparison information matches the verification information, the validity of the disclosure identifier can be verified quickly and efficiently. Can be verified.

  Further, the communication system according to the present invention provides a master key table in which a plurality of master keys are registered, and selects a signature key from the master key table in response to a request for the signature key from the disclosure identifier generating device. A signature key issuing device for generating a signature key is provided, and a receiver identifier or a character string obtained by combining user information corresponding to the receiver identifier and communication condition information using the signature key received from the signature key issuing device Since the verification information is generated by applying the keyed hash function, the signature key can be obtained, managed, and updated efficiently.

  The communication program according to the present invention generates verification information for an identifier for disclosure based on communication condition information indicating a communication condition when communicating with a receiver and a receiver identifier or user information corresponding to the receiver identifier. When a receiver identifier that can be identified for each receiver including the receiver identifier or user information and communication condition information and verification information is generated, and a communication request from a caller communication terminal based on the generated identifier for disclosure is received The validity of the disclosure identifier is verified based on the verification information. When the disclosure identifier is valid and the communication condition information of the communication condition information included in the disclosure identifier is satisfied, the caller is requested according to the communication request. Since communication is established between the communication terminal and the receiver communication terminal, the verification information can be obtained even if a third party has altered the communication condition information of the disclosure identifier. Since the can validate the existence (validity) of the counterfeit, it is possible to prevent unauthorized use of the recipient identifier. Further, since a disclosure identifier that can be identified for each recipient is used, each user can efficiently grasp the relationship between the recipient identifier and the recipient. Furthermore, since the verification information is embedded in the disclosure identifier to check the validity, no problem occurs even if the communication condition information is embedded in the disclosure identifier as it is.

  The communication program according to the present invention applies a keyed hash function using a predetermined signature key as a key to a character string obtained by combining a receiver identifier or user information corresponding to the receiver identifier and communication condition information. Therefore, the verification information can be efficiently generated using the keyed hash function.

  Further, the communication program according to the present invention includes a keyed hash having a signature key as a key for a character string obtained by combining a receiver identifier extracted from a disclosure identifier or user information corresponding to the receiver identifier and communication condition information. Since the comparison information is generated by applying the function, and the disclosure identifier is verified to be valid when the comparison information matches the verification information, the validity of the disclosure identifier can be verified quickly and efficiently. Can be verified.

  Embodiments of a communication method, a communication system, and a communication program according to the present invention will be described below in detail with reference to the drawings. In the following first to third embodiments, the present invention is applied to a mail delivery system, and in the fourth embodiment, the present invention is applied to a telephone exchange system.

  FIG. 1 is a diagram illustrating a system configuration of the mail delivery system according to the first embodiment. The mail delivery system shown in FIG. 1 connects a callee terminal 220 and a caller terminal 320 via a destination IP network 200, the Internet 400, and a caller IP network 300, and an incoming call sent from the caller terminal 320. This is a mail delivery system that delivers mail addressed to the recipient address of the recipient 230 to the recipient terminal 220.

  Here, the mail delivery system includes an ad hoc address issuing server 120 that issues an ad hoc address for disclosure based on delivery condition information (context information) indicating delivery conditions of mail delivered to the recipient 230 and the recipient address; When a mail addressed to such an ad hoc address is received, the recipient address is restored from the ad hoc address and the context information is extracted, and if the mail satisfies the delivery condition included in the extracted context information, An ad hoc mail transfer server 110 is provided for transferring the mail by replacing the mail destination with the recipient address restored from the ad hoc address. Although detailed description will be given later, this ad hoc address is characterized in that the user name portion of the recipient address is used as it is and a verification code is added. The reason for using the user name portion of the recipient address as it is (without encryption) is to allow each caller to identify the correspondence between the recipient address and the ad hoc address at a glance. The reason for adding the code is to prevent alteration of context information by a third party.

  In other words, in this mail delivery system, mail is not transferred from the caller terminal 320 to the callee terminal 220 with the callee address itself held by the callee 230 as the destination, but mail is sent using an ad hoc address for disclosure. Is going to transfer. The reason for using such an ad hoc address is that the callee 230 may not want to disclose the original callee address to the caller 330. For example, when the caller 300 is a mail order dealer on the Internet, if the original callee address is unnecessarily disclosed, the callee address is spread to other traders through a mailing list or the like. This is because there may be a situation where a direct mail or the like that is unnecessary is received.

  In addition, even if such an ad hoc address seems to be incapable of grasping the correspondence between the ad hoc address and the recipient at a glance, the use efficiency is bad because the caller 300 makes a wrong address when creating a mail. Then, the user name part of the called party address is embedded in the ad hoc address as it is with the context information, and a verification code is added in consideration of fraud.

  In addition, since this ad hoc address is embedded with context information indicating whether or not mail should be delivered to the callee 230 and the original callee address, the original address only when the delivery condition included in the context information is satisfied. Mail can be delivered using the recipient address, in other words, even if the ad hoc address is propagated to other merchants, etc., if the delivery conditions included in the context information are not met, the merchant can call the recipient. Mail for 230 can be prevented from being delivered to the callee 230.

  The caller terminal 320 shown in FIG. 1 is a terminal device that is used when the caller 330 exchanges mail via the Internet 400. The callee terminal 220 is used by the callee terminal 220 to exchange mail via the Internet 400. It is a terminal device used when performing. The caller terminal 320 and the callee terminal 220 are personal computers (PCs) that are widely used, and are installed with WEB browser software and e-mail software (mailer), and via the router R, the calling party IP network. 300 and the destination IP network 200, respectively. Note that the originating IP network 300 and the terminating IP network 200 are connected to the Internet 400 via the router R, respectively.

  The ad hoc address issuing server 120 is a server device that issues an ad hoc address in response to a request from the callee 230, and includes an HTTP communication unit 121, a signature key 122, a user table 123, and an ad hoc address generation unit 124. Such an ad hoc address issuing server 120 can be realized by installing a program corresponding to these functional units on a commercially available PC or workstation (WS) and storing the signature key 122 in a hard disk device or the like. This ad hoc address issuing server 120 is connected to a LAN 100 connected to the destination IP network 200 via a firewall (FW). The processing of the ad hoc address issuing server 120 corresponds to the verification information generation step and the disclosure identifier generation step of claim 1.

  The HTTP communication unit 121 is a processing unit that performs communication according to HTTP (Hyper Text Transfer Protocol), and the signature key 122 is a signature key used when the ad hoc address issuing server 120 described later generates a verification code. Specifically, this ad hoc address issuing server 120 uses this signature key 122 when generating a verification code using a keyed hash function or the like.

  The user table 123 is a table used when authenticating the access of the called party 230 who is a user who desires to issue an ad hoc mail, and stores a user name and a password in association with each other. FIG. 2 is a diagram illustrating an example of the user table 123 illustrated in FIG. As shown in the figure, in this user table 123, the user name “suzuki” is stored in association with the password “ef34szq5s”, the user name “tanaka” is stored in association with the password “ew4902sa”, and the user name “suzuki” is stored. The password “wf4wsfa3s” is stored in association with “yamada”.

  The ad hoc address generation unit 124 is a processing unit that generates an ad hoc address according to the present invention. Specifically, the ad hoc address generation unit 124 corresponds to the user name portion of the recipient address (hereinafter referred to as “R_N”), the condition code indicating the type / combination of the conditions forming the context information, and the condition code. Information to be disclosed (hereinafter referred to as “W_C”) and a verification code (hereinafter referred to as “W_V”) used for verifying the validity of the user name portion of the recipient address and the context information. Is generated. Although a specific procedure for generating an ad hoc address will be described later, the ad hoc address generation unit 124 uses a predetermined domain name (“@” in this embodiment) to a character string obtained by concatenating R_N, W_C, and W_V with “.”. adhoc.isp-A.ne.jp ") is added as an ad hoc address.

  Next, the configuration of the ad hoc mail transfer server 110 shown in FIG. 1 will be described. When the ad hoc mail transfer server 110 shown in FIG. 1 accepts an ad hoc mail, the ad hoc mail forwarding server 110 restores the recipient address and extracts the context information from the ad hoc mail, and satisfies the delivery condition included in the extracted context information. The server device delivers ad hoc mail to the restored recipient address.

  Similar to the ad hoc address issuing server 120, the ad hoc mail transfer server 110 installs programs corresponding to these functional units on a commercially available PC or workstation (WS) and stores the signature key 112 in a hard disk device or the like. realizable. The ad hoc address transfer server 110 is connected to a LAN 100 connected to the destination IP network 200 via a firewall (FW), and includes a mail communication unit 111, a signature key 112, a filter processing unit 113, and a transfer process. Part 114. The processing of the filter processing unit 113 corresponds to the verification process of claim 1 and the processing of the transfer processing unit 114 corresponds to the communication establishment process.

  The mail communication unit 111 is a processing unit that transmits / receives mail to / from other mail servers based on the SMTP standard, and the signature key 112 is the same as the signature key 122 that the ad hoc address issuing server 120 has.

  The filter processing unit 113 accepts an ad hoc mail delivery request (relay request) from another mail server, and based on the context information (delivery conditions) included in the ad hoc address that is the destination of the accepted ad hoc mail, It is a processing part which determines whether it should deliver to a receiver's address of. In other words, the filter processing unit 113 performs a kind of filtering process that sets only ad hoc mail satisfying the delivery condition as a delivery target and excludes other mails from delivery.

  Specifically, the filter processing unit 113 extracts the user name R_N, the context information W_C, and the verification code W_V of the called party address from the ad hoc address that is the destination address, and uses the signature key 112 for the R_N and W_C. A comparison function (hereinafter referred to as “W_T”) is generated by applying a hash function. Then, the comparison code W_T and the verification code W_V are compared to verify whether or not the ad hoc address is a valid address. If it is a valid ad hoc address, whether delivery is possible is determined based on the context condition indicated by the context information. If it is determined that the context condition is satisfied and should be delivered, the recipient address and ad hoc mail extracted from the ad hoc address are transferred to the transfer processing unit 114 and a transfer request is made.

  The transfer processing unit 114 is a processing unit that performs processing to transfer the ad hoc mail determined to be delivered by the filter processing unit 113 to the original recipient address. Is obtained by adding the domain name to the user name R_N extracted from.

  Next, an ad hoc address issuing procedure by the ad hoc address issuing server 120 shown in FIG. 1 will be described. FIG. 3 is a sequence diagram showing an ad hoc address issuing procedure by the ad hoc address issuing server 120 shown in FIG. Here, it is assumed that the issuance of the ad hoc address is realized by HTTP communication, and the URL of the ad hoc address issuance server 120 is notified to the user 230 in advance.

  As shown in the figure, when the recipient 230 inputs the URL of the ad hoc address issuing server 120 to the WEB browser on the recipient terminal 220 and makes an access request to the ad hoc address issuing server 120 (step S110). The ad hoc address issuing server 120 returns a user authentication page to the callee terminal 220 (step S120). FIG. 4 is a diagram illustrating an example of the user authentication page. As shown in the figure, the user authentication page 500 is provided with an input frame for inputting a user name and a password.

  Here, when the called party 230 inputs a user name and password on the user authentication page 500 and makes an authentication request to the ad hoc address issuing server 120 (step S130), the ad hoc address issuing server 120 performs user authentication. (Step S140). Specifically, it is confirmed whether or not the combination corresponding to the received user name and password is registered in the user table 123 shown in FIG.

  If the user is authenticated as valid, the ad hoc address issuing server 120 transmits an ad hoc address issuing page to the callee terminal 230 (step S150). FIG. 5 is a diagram illustrating an example of an ad hoc address issue page. As shown in the figure, this ad hoc address issue page 600 is provided with an input frame for inputting a callee address and delivery conditions. Specifically, when the caller is specified or not, the caller is specified. An input frame for designating a designated address or domain name, presence / absence of an expiration date, and expiration date are provided.

  Here, when the callee 230 inputs the callee address and the delivery condition on the ad hoc address issue page 600 and performs transmission, an ad hoc address request specifying the callee address R and the delivery condition (context information) C is made ad hoc. This is performed for the address issuing server 120 (step S160).

  If the ad hoc address issuing server 120 accepts this ad hoc address request, an ad hoc address generation process using the recipient address R and the delivery condition (context information) C is performed (step S170), and the generated ad hoc address T Is notified to the callee terminal 220 (step S180). If the callee 230 obtains the ad hoc address T, the callee 230 notifies the caller 320 of the ad hoc address T (step S190). The notification of the ad hoc address T may use any information transmission means such as a telephone, mail, and FAX.

  Next, the ad hoc address generation processing procedure shown in step S170 of FIG. 5 will be described more specifically. 6 is a flowchart showing the ad hoc address generation processing procedure shown in step S170 of FIG. 3, FIG. 7 is an explanatory diagram for explaining a condition type embedded in the ad hoc address T as a delivery condition, and FIG. 8 is an ad hoc address. It is a figure which shows the specific example of a production | generation. Here, for convenience of explanation, the recipient address R is “tanaka@mail.isp-A.ne.jp”, and the delivery condition C is the designated sender address “suzuki@mail.isp-B.ne.jp”. And the designated expiration date “August 31, 2003”.

  As shown in FIG. 6, the ad hoc address generation unit 124 sets the user name portion of the callee address R as a character string R_N (step S210). Specifically, as shown in FIG. 8, the user name portion “tanaka” of the recipient address R is R_N.

  Thereafter, the context condition C is encoded to create the character string W_C (step S220). First, the character string W_C. 1 is generated (step S221). As shown in FIG. 7 and FIG. 8, the character string “S” is designated when the sender address is designated, “D” is designated when the domain of the sender address is designated, and “E” is designated when the expiration date is designated. For example, in the case of a combination of a caller address and an expiration date, a character string W_C. 1 becomes “SE”.

  Thereafter, each selected condition is encoded, and the character string W_C. 2 is generated (step S221). Specifically, this character string W_C. 2, when the sender address S is designated, the lower 20 bits of the hash value of the designated origination address S are encoded with BASE32 and a 4-character string W_C. 2. S is generated (step S222.S). In FIG. 8, this character string W_C. 2. S becomes “ab4g”.

  If the originating domain name D is designated, the number of words in the designated originating domain D is 3-bit integer encoded, and then the lower 17 bits of the hash value of the designated originating domain D are added to generate 20 Bit data is encoded with BASE32, and a 4-character string W_C. 2. D is generated (step S222.D). In FIG. 8, there is no designation of the originating domain. The N-bit integer coding means that an integer value from 0 to (2 to the Nth power-1) is expressed by an N-bit binary number. For example, when “7” is 3-bit integer coded, 111 ”, which is“ 00111 ”when 5-bit integer coding is performed.

  Furthermore, if an expiration date is specified, 6 in the order of year (last two digits of the year), month (two digits from 01 to 12), and day (two digits from 01 to 31). Digit number Character string W_C. 2. E is generated (step S222.E). In FIG. 8, the character string W_C. 2. E becomes “030831”.

  A character string indicating each character is concatenated in the order indicated by the combination information of the condition type, and W_C. 2 (step S222-last), the character string W_C. 1 and W_C. 2 are connected to obtain W_C (step S223). In FIG. 8, the character string W_C. 2 becomes “ab4g030831”, and the character string W_C becomes “SE.ab4g030831”.

  After that, a character string in which R_N and W_C are concatenated with “.” Is generated, the value of the keyed hash function of this character string is obtained using the signature key K, and the lower 30 bits of this value are encoded with BASE32. A 6-character string W_V serving as a verification code is generated (step S230). In FIG. 8, the verification code W_V is “aged2a”. Finally, a character string in which R_N, W_C, and W_V are connected by “.” Is generated, and “@ adohoc.isp-A.ne.jp” is added after this character string to generate an ad hoc address T. (Step S240). In FIG. 8, the ad hoc address T is “tanaka.SE.ab4g030831.aged2a@adohoc.isp-A.ne.jp”.

  By performing the above series of processing, the recipient address “tanaka@mail.isp-A.ne.jp”, the designated sender address “suzuki@mail.isp-B.ne.jp” and the designated expiration date “2003” The ad hoc address “tanaka.SE.ab4g030831.aged2a@adohoc.isp-A.ne.jp” can be generated based on the delivery condition (context information) consisting of “August 31st”.

  Next, the ad hoc mail transfer procedure by the ad hoc mail transfer server 110 shown in FIG. 1 will be described. FIG. 9 is a sequence diagram showing ad hoc mail transfer procedures by the ad hoc mail transfer server 110 shown in FIG.

  As shown in the figure, when the caller 330 performs a mail sending operation with the ad hoc address T as the destination using the caller terminal 320 (step S301), the mail is sent to the outgoing mail server 310. (Step S302). Then, the originating mail server 310 makes a mail transmission request to the mail server corresponding to the domain name of the destination address by the normal operation as the mail transfer server (step S303). Here, since the domain name of the ad hoc address is the host name of the ad hoc mail transfer server 110, the mail transmission request is received by the ad hoc mail transfer server 110.

  Then, the ad hoc mail transfer server 110 performs a filtering process using the signature key 112 based on the ad hoc address T that is the destination of the mail transfer request (step S304), and determines whether to accept or reject the mail transmission request. To do. If it is determined that the mail transfer request is accepted by this filtering process, the recipient address R is acquired based on the ad hoc address T that is the destination, and the mail transmission permission is given to the outgoing mail server 310 (step). S305).

  The originating mail server 310 that has received this mail transmission permission transfers the ad hoc mail to the ad hoc mail transfer server 110 (step S306), and the ad hoc mail transfer server 110 receives the incoming call restored from the ad hoc address that is the destination of the ad hoc mail. The domain name of the subscriber address is confirmed to determine the forwarding destination (step S307), and the ad hoc mail is forwarded to the called mail server 210 indicated by the domain name (step S308).

  The callee terminal 220 transmits a mail check request to the callee mail server 220 in response to the arrival mail check operation of the callee 230 (step S309), and the callee mail server 220 responds to the mail check request by the ad hoc. The mail is transmitted to the callee terminal 220 (step S310).

  If it is determined that the mail transfer request is not accepted (rejected) by the filtering process in step S304, the mail reception rejection message is transmitted to the originating mail server 310 and the mail is not forwarded. .

  Next, the filtering process shown in step S304 of FIG. 9 will be specifically described. FIG. 10 is a flowchart showing the filter processing procedure shown in step S304 of FIG. As shown in the figure, the filter processing unit 113 of the ad hoc address transfer server 110 first starts with R_N, W_C. 1, W_C. 2. The character string of W_V is extracted (step S410). Specifically, R_N is extracted from the beginning to immediately before the third dot character, and W_C.1 is extracted from immediately after the third dot character to immediately before the second dot character. 1 from the second dot character to immediately before the first dot character. 2 and the portion immediately after the first dot character to the end is extracted as W_V. Note that the Nth dot character here refers to the Nth dot character “.” Counted from the end of the user name portion. A character string from immediately after the third dot character to immediately before the first dot character is defined as W_C.

  Thereafter, a character string obtained by concatenating R_N and W_C with “.” Is generated, the value of the keyed hash function of this character string is obtained using the signature key 112, and the lower 30 bits of this value are encoded with BASE32. A 6-character string W_T as a comparison code is generated (step S420), and the generated comparison code W_T is compared with the character string W_V extracted from the ad hoc address to determine whether or not they match (step S430). If the two do not match, the process ends with no transfer.

  On the other hand, if the two match, the character string W_C is decrypted (step S440). It should be noted that the byte read position is W_C. The reading position is advanced by that amount every time it is read. Specifically, W_C. 1 includes “S”, the four characters are changed to W_C. 2. S, and 20-bit data obtained by decrypting it with BASE32 is used as a hash value (step S440.S), and W_C. 1 includes “D”, the four characters are changed to W_C. 2. D, and the first 3 bits of the bit string obtained by decoding it with BASE32 are read as the number of words D_N of the domain, the remaining 17 bits of data are used as hash values (step S440.D), and W_C. 1 includes “E”, the six characters are changed to W_C. 2. E is read, and the first two digits are the year, the next two digits are the month, and the next two digits are the day, and the expiration date is set (step S440.E).

  Thereafter, whether transfer is possible is determined based on the context condition W_C (step S450). Specifically, W_C. 1 includes “S”, the lower 20 bits of the hash value of the originating address of the mail are in step S440. It is determined whether or not the hash value obtained in S matches, and if it does not match, transfer is disabled (step S450.S). In addition, W_C. When “D” is included in 1, the D_N word is read from the end of the domain name of the originating address of the mail, and the lower 17 bits of the hash value of this character string is the step S440. It is determined whether or not the hash value obtained in D matches, and if it does not match, transfer is disabled (step S450.D). Furthermore, W_C. 1 includes “E”, step S440. It is checked whether or not the current time is earlier than the expiration date acquired in E, and if it is not earlier, transfer is impossible (step S450.E). If transfer is not possible due to the above determination, transfer is enabled (step S460).

  As described above, in the first embodiment, the ad hoc address issuing server 120 generates a verification code based on the delivery condition information (context information) indicating the delivery condition of the mail delivered to the recipient 230 and the recipient address. The ad hoc address for disclosure is issued from the recipient address, the context information, and the verification code, and when the ad hoc mail transfer server 130 receives a mail addressed to the ad hoc address, the ad hoc address is illegal based on the verification code. And verifying whether to deliver mail to the recipient 230 based on the context information extracted from the ad hoc address, while preventing unauthorized use of the recipient address by a third party, Each user efficiently establishes the relationship between the recipient address and the recipient It is possible to grip.

  In the first embodiment, the ad hoc address issuance server 120 issues an ad hoc address. However, an ad hoc address can be generated on the called party side. Also, the address length can be shortened by not embedding the condition value according to the type. Therefore, in the second embodiment, an example is shown in which an ad hoc address is generated on the called party side and the address length can be shortened.

  FIG. 12 is a diagram illustrating a system configuration of the mail delivery system according to the second embodiment. In the figure, instead of the ad hoc address issuing server 120 of the mail delivery system shown in FIG. 1, the ad hoc address generation device 730 is replaced by the receiver side (typically, the receiver terminal 220 and the ad hoc address generation device 730 are the same). And a signing key issuing server 720 are newly provided.

  The signature key issuing server 720 is a device that generates a signature key in response to a request from the ad hoc address generation device 730, and includes an HTTP communication unit 121, a master key table 721, a user table 123, and a signature key generation unit 722. The signing key issuing server 720 corresponds to the signing key issuing device according to the tenth aspect.

  The master key table 721 is a table that stores master keys. Specifically, as shown in FIG. 12, a control keyword Kw, a master key Km, and a time limit Ke are stored in association with each selected index. Here, the control keyword “blue”, the master key “0x34af4532”, and the expiration date “2003/6/30” are associated with the selection index “3”, and the control keyword “green” and the master are associated with the selection index “0”. The key “0x34d2a36b” and the due date “2003/9/30” are associated, and the selection index “1” is associated with the control keyword “grren”, the master key “0xe48ab21f”, and the due date “2003/6/30” and selected. In the index “2”, a control keyword “green”, a master key “0x982f59ae”, and a time limit “2003/6/30” are associated with each other.

  The signature key generation unit 722 is a processing unit that generates a signature key based on the master key table 721. Specifically, the signature key generation unit 722 obtains a selection index from the user name R_N requesting the signature key, and controls the control keyword Kw, The master key Km and the expiration date Ke are acquired from the master key table 721, and the value of the hash function with key for the user name R_N is obtained using the master key Km, and the signature key K is processed. Since the HTTP communication unit 121 and the user table 123 are the same as those shown in FIG. 1, the same reference numerals are given here, and detailed description thereof is omitted.

  The ad hoc address generation device 730 is an ad hoc address generation device arranged on the called party side, and includes a signature key acquisition unit 731, a signature key storage unit 732, and an ad hoc address generation unit 124. This ad hoc address generation device 730 corresponds to the disclosure identifier generation device of claim 8.

  The signature key acquisition unit 731 is a processing unit that acquires a signature key from the signature key issuing server 720 in response to an instruction from the user. Generally, the signing key acquisition unit 731 receives an acquisition instruction that the user performs at a rate of about once every three months. In response, get the signing key. The signature key storage unit 732 is a storage unit that stores the signature key acquired by the signature key acquisition unit 731. As shown in FIG. 13, the signature key storage unit 732 stores a control keyword Kw, a signature key K, and a time limit Ke. Here, the control keyword Kw is “green”, the signature key K is “0x39ab1293”, and the expiration date Ke is “2003/9/30”.

  The ad hoc address generation unit 124 is a processing unit that generates an ad hoc address using the signature key K stored in the signature key storage unit 732, and corresponds to the ad hoc address generation unit 124 included in the ad hoc address issue server 120 illustrated in FIG. Is a processing unit. A specific address generation procedure will be described later.

  Next, the ad hoc mail transfer server 710 shown in FIG. 11 is a server device corresponding to the ad hoc mail transfer server 110 shown in FIG. 1, and a master key table 711, a signature key generation unit 712, and an address table 713 are newly added. Have. The ad hoc mail transfer server 710 corresponds to the filtering device of claim 8.

  The master key table 711 is the same table as the master key table 721 shown in FIG. 12 that the signature key issuing server 720 has, and the signature key generating unit 712 is the same as the signature key generating unit 722 that the signature key issuing server 720 has. A processing unit that performs processing.

  The address table 713 is a table that stores the correspondence between the user ID (R_N) and the address as shown in FIG. Here, the user ID “suzuki” is associated with “suzuki@isp-B.ne.jp”, the user ID “tanaka” is associated with “tanaka@isp-A.ne.jp”, and the user ID “yamada” And “yamada@company-C.com” are associated with each other.

  Next, an address registration procedure for registering the user's address in the address table 713 will be described. FIG. 15 is a sequence diagram showing an address registration procedure for registering the user's address in the address table 713. As shown in the figure, when an access request is made from the ad hoc address generation device 730 to the signature key issuing server 720 by the operation of the recipient 230 (step S510), the signature key issuing server 720 generates an address registration page as an ad hoc address generation. It returns to the apparatus 730 (step S520). FIG. 16 is a diagram showing an example of an address registration page 800. The address registration page 800 is provided with an input frame for inputting a user name, a password, and a registered address.

  Then, when the callee 230 inputs and transmits to the address registration page, an address registration request including the user name R_N, the password, and the address R is made (step S530). The signature key issuing server 720 that has received this address registration request performs user authentication using the user table 123 (step S540), and then performs address registration processing for the address table 713 of the ad hoc mail transfer server 710 (step S550). ), An address registration response is made to the ad hoc address generation device 730 (step S540).

  As described above, when an address registration request is made from the ad hoc address generation device 730, the address can be registered in the address table 713 of the ad hoc mail transfer server 710 via the signature key issuing server 720.

  Next, a processing procedure until the ad hoc address generation device 730 acquires a signature key will be described. FIG. 17 is a sequence diagram illustrating a processing procedure until the ad hoc address generation device 730 acquires a signature key. As shown in the figure, when an access request is made from the ad hoc address generation device 730 to the signature key issuing server 720 by the operation of the recipient 230 (step S610), the signature key issuing server 720 generates a user authentication page as an ad hoc address generation. Return to the device 730 (step S620).

  Then, when the called party 230 inputs and transmits on this user authentication page, the user name R_N, the password, and the address R are transmitted to the signature key issuing server 720 (step S630). Here, the signature key issuing server 720 that has received them performs user authentication with reference to the user table 123 (step S640), and then performs a signature key generation process (to be described later) using the master key table 721 (step S650). ), The generated signature key K, control keyword Kw, and expiration date Ke are notified to the ad hoc address generation device 730 (step S660).

  The ad hoc address generation device 730 that has received the signature key K stores the received signature key K, control keyword Kw, and expiration date Ke in the signature key storage unit 732 (step S670). By performing the above-described series of processing, the ad hoc address generation device 730 can acquire the signature key K necessary for generating the ad hoc address from the signature key issuing server 720 and store it in the signature key storage unit 732. It becomes.

  Next, the signature key generation processing procedure shown in step S650 of FIG. 17 will be described more specifically. FIG. 18 is a flowchart showing the signature key generation processing procedure shown in step S650 of FIG. As shown in the figure, when the signature key issuing server 720 receives the user name R_N, the lower two bits of the hash value of the user name R_N are used as a selection index, the selection index matches in the master key table 721, and the time limit is expired. The newest row is selected, and the control keyword Kw, master key Km, and expiration date Ke of that row are acquired (step S710).

  Thereafter, the value of the hash function with a key for the user name R_N is obtained using the master key Km, which is used as the signature key K (step S720), and the signature key K, the control keyword Kw, and the expiration date Ke are output.

  Next, an ad hoc address generation / notification procedure performed by the ad hoc address generation device 730 illustrated in FIG. 11 will be described. FIG. 19 is a sequence diagram showing an ad hoc address generation / notification procedure by the ad hoc address generation device 730 shown in FIG. 11, and FIG. 20 is a flowchart showing a specific ad hoc address generation processing procedure. FIG. 21 is an explanatory diagram of the concept of ad hoc address generation according to the second embodiment. Here, it is assumed that the signature key K has already been acquired and the user name R_N is “tanaka”.

  As shown in FIG. 19, when the callee 230 designates the user name R_N and context C to the ad hoc address generation device 730 and performs an ad hoc address generation operation (step S810), the ad hoc address generation device 730 receives the signature. An ad hoc address generation process is performed using the signature key stored in the key storage unit 732 (step S820), and the generated ad hoc address T is displayed on the display unit (step S830). Therefore, the callee 230 notifies the caller of the ad hoc address T through some information transmission means such as mail.

  Specifically, as shown in FIG. 20, the ad hoc address generation device 730 encodes the context condition C and creates a character string W_CT (step S910). More specifically, a character string W_C. 1 is created (step S911), and only the information whose values need to be restored at the time of decoding is encoded for each selected condition, and the character string W_C. 2 is created (step S912). That is, when the caller address is specified, the value of the specified caller address is not encoded (step S912.S), and when the caller domain is specified, the number of words in the specified caller domain D Is represented by a single digit, and this is represented by W_C. 2. S. D. If an expiration date is specified, 6 in the order of year (the last two digits of the year), month (a two-digit number from 01 to 12), and day (a two-digit number from 01 to 31). Digit W_C. 2. E is generated (step S912.E). For the condition value in which the encoded data is generated, character strings indicating the condition values are concatenated in the order indicated by the combination information of various types (step S912-last), and the character strings W_C. 1 and W_C. 2 is connected to obtain W_CT (step S913). In the case of FIG. 21, the character string W_C. 1 becomes “SE” and W_C. Since 2 becomes “030831”, the W-CT becomes “SE030831”.

  Thereafter, a character string W_CV is created based on the context condition C (step S920). That is, the value of the designated calling address is set to W_CV. S (step S920.S), and the value of the designated originating domain is W_CV. D (step S920.D). Note that there is no particular character string to be generated for the expiration date (step S920.E). Then, W_CV is generated by concatenating the character strings indicating the condition values in the order indicated by the condition type combination information for the condition values for which data has been generated (step S920.last). In the case of FIG. 21, W_CV is “suzuki@mail.isp-B.ne.jp”.

  After that, a character string obtained by concatenating R_N, W_CT, and W_CV with “.” Is generated, the value of the keyed hash function of this character string is obtained using the signature key K, and the lower 30 bits of this value are encoded with BASE32 The converted character string of 6 characters is set as a verification code W_V (step S930). In the case of FIG. 21, the verification code W_V is “aedasd”.

  Then, a character string in which R_N, W_CT, and W_V are connected by “.” Is generated, “@” is added after the character string, and then the control keyword Kw in the signature key storage unit 732 is added, and then ".Adhoc.isp-A.ne.jp" is added to (step S940), and an ad hoc address T is generated. In the case of FIG. 21, it is “tanaka.SE.030831.aedasd@green.adhoc.isp-A.ne.jp”.

  Next, the ad hoc mail transfer procedure by the ad hoc mail transfer server 710 shown in FIG. 11 will be described. FIG. 22 is a sequence diagram showing an ad hoc mail transfer procedure by the ad hoc mail transfer server 710 shown in FIG.

  As shown in the figure, when the caller 330 performs a mail sending operation to the ad hoc address T using the caller terminal 320 (step S1001), this mail is sent to the outgoing mail server 310 as a mail. (Step S1002). Then, the originating mail server 310 makes a mail transmission request to the mail server corresponding to the domain name of the destination address by a normal operation as a mail transfer server (step S1003). Here, since the domain name of this ad hoc address is the host name of the ad hoc mail transfer server 710, this mail transmission request is received by the ad hoc mail transfer server 710.

  The ad hoc mail transfer server 710 performs filtering using the master key of the master key table 711 based on the ad hoc address T that is the destination of the mail transfer request (step S1004), and accepts or rejects the mail transmission request. Judge whether to do. If it is determined that the mail transfer request is accepted by this filtering process, the recipient address R is acquired based on the ad hoc address T that is the destination, and the mail transmission permission is given to the outgoing mail server 310 (step). S1005).

  The originating mail server 310 that has accepted this mail transmission permission transfers the ad hoc mail to the ad hoc mail transfer server 710 (step S1006), and the ad hoc mail transfer server 710 obtains the incoming address R corresponding to R_N from the address table 713. The destination is taken out to determine the forwarding destination (step S1007), and the ad hoc mail is forwarded to the destination mail server 210 indicated by the domain name of the incoming address R (step S1008).

  The callee terminal 220 transmits a mail check request to the callee mail server 220 in response to the arrival mail check operation of the callee 230 (step S1009), and the callee mail server 220 responds to the mail check request by the ad hoc. The mail is transmitted to the callee terminal 220 (step S1010).

  If it is determined by the filtering process in step S1004 that the mail transfer request is not accepted (rejected), a mail reception rejection message is transmitted to the originating mail server 310, and the mail is not forwarded. .

  Next, the filtering process shown in step S1004 of FIG. 22 will be specifically described. FIG. 23 is a flowchart showing the filtering process procedure shown in step S1004 of FIG. As shown in the figure, the filter processing unit 113 of the ad hoc address transfer server 710 first starts with R_N, W_C. 1, W_C. 2. The character string of W_V is extracted (step S1110). Specifically, R_N is extracted from the beginning to immediately before the third dot character, and W_C.1 is extracted from immediately after the third dot character to immediately before the second dot character. 1 from the second dot character to immediately before the first dot character. 2 and the portion immediately after the first dot character to the end is extracted as W_V. Note that the Nth dot character here refers to the Nth dot character “.” Counted from the end of the user name portion. A character string from immediately after the third dot character to immediately before the third dot character is defined as W_CT.

  Thereafter, the character string W_CT is decoded (step S1120). It should be noted that the byte read position is W_C. The reading position is advanced by that amount every time it is read. Specifically, W_C. 1 does not read in particular when “S” is included (step S1120.S), W_C. When “D” is included in 1, a one-character number is read and used as the number of domain words D_N (step S 1120 .D), and W_C. 1 includes “E”, the six characters are changed to W_C. 2. E is read, and the first two digits are the year, the next two digits are the month, and the next two digits are the day, and the expiration date is set (step S1120.E).

  Then, based on the context condition W_CT, it is first determined whether transfer is possible (step S1130). Specifically, W_C. 1 includes “S”, step S1120. It is checked whether or not the current time is a date before the expiration date acquired in E. If it is not an earlier date, transfer is not possible.

  On the other hand, if transfer is possible as a result of the primary determination, a signature key K is generated (step S1140). Specifically, a character string from the beginning of the domain name portion of the destination address to immediately before the first dot character is acquired as a control keyword Kw (step S1141), and the lower 2 bits of the hash value of R_N are used as a selection index ( Step S1142). Further, a row that matches the control keyword Kw acquired from the master key table 711 and the selection index is selected, the master key Km of the row is acquired (step S1143), and the value of the keyed hash function of R_N is the master key Km. The signature key K is obtained (step S1144).

  Thereafter, a character string W_CV is created based on the context condition W_CT (step S1150). Specifically, the value of the FROM address of the incoming mail is set to W_CV. S (step S1150.S), D_N words from the end of the domain name of the FROM address of the incoming mail are W_CV. D (step S1150.D). Note that there is no character string to be generated for the expiration date (step S1150.E). Then, for the condition value in which the data is generated, a character string indicating each condition value is concatenated in the order indicated by the condition type combination information to generate W_CV (step S1150.last).

  After that, a character string obtained by concatenating R_N, W_CT, and W_CV with “.” Is generated, the value of the keyed hash function of this character string is obtained using the signature key K, and the lower 30 bits of this value are encoded with BASE32 And a 6-character string W_T as a comparison code is generated (step S1160). Then, it is checked whether or not the comparison code W_T matches W_V (step S1170). If it does not match, it is determined that transfer is impossible, and if it matches, it is determined that transfer is possible.

  As described above, in the second embodiment, the signature key issuing server 720 issues a signature key in response to a request from the ad hoc address generation device 730, and the ad hoc address generation device 730 uses the issued signature key to generate an ad hoc address. The sign key can be managed, issued, and updated efficiently, and the ad hoc address generation device 730 is a device closer to the recipient 230 (for example, integrated with the recipient terminal 220). be able to.

  By the way, in the first and second embodiments, it is necessary to lengthen the verification code to some extent in preparation for a case where a brute force attack is made by changing only the verification code portion by a user who attempts fraud. However, there is a problem that the ad hoc address must be long. Therefore, in the third embodiment, a mail delivery system that can cope with a brute force attack using an encryption method and can reduce the address length will be described. Since the system configuration and the like are the same as those in the first and second embodiments, the description thereof is omitted here.

  In the mail delivery system according to the third embodiment, after the verification code is generated, the verification code and the context information are encrypted and embedded in the ad hoc address. At the time of filtering, after the encrypted verification code and the context information are decrypted, It is determined whether or not the decrypted context information (combination of conditions or expiration date) is within a valid range, and when a value that is not within the valid range is restored, it is detected as an invalid ad hoc address.

  Specifically, the ad hoc address issuing server 120 shown in FIG. 1 is provided with an encryption key and the ad hoc mail transfer server 110 is provided with a decryption key corresponding to the encryption key, and the ad hoc address issuing server 120 has an ad hoc address generation unit. 124a encrypts the verification code and the context information using the encryption key after generating the verification code, adds the encrypted data to the user name R_N, and then adds the domain name to make an ad hoc address. On the other hand, when the filter processing unit 113 of the ad hoc mail transfer server 110 extracts a character string from the user name portion of the destination address, the filter processing portion 113 decrypts the encrypted data portion using the decryption key and includes the decrypted context information in the decrypted context information. Filter based on the context conditions The verification using the verification code is performed in the same manner as in the first embodiment.

  Thus, instead of the ad hoc address “tanaka.SE.ab4g030831.aged2a@adhoc.isp-A.ne.jp” shown in FIG. Because it is possible to generate an ad hoc address in which context information and verification code are encrypted as a single block, such as “ne.jp”, a user who attempts fraud can attack the entire block in a brute force attack. It becomes necessary to do. In other words, the two fields of context information and verification code are not provided independently, but are encrypted as a block, making it impossible for a user who attempts fraud to operate only the verification code, making a brute force attack Can be difficult.

  Next, the ad hoc address generation in the third embodiment will be specifically described. FIG. 24 is an explanatory diagram for explaining the data structure of binary data before encryption forming the user name portion of the ad hoc address, and FIG. 25 is a diagram showing a correspondence relationship between the condition combination pattern and the code. Here, binary data B.B before encryption that forms the user name portion of the ad hoc address. The data length of p is 64 bits, the most significant bit of this binary data is “b63”, and the least significant bit is “b0”.

  As shown in FIG. 24, in 8 bits from positions “b63” to “b56”, values obtained by encoding conditions and combinations are set according to the code table shown in FIG. In the 16 bits up to “b40”, when an expiration date is specified, the expiration date is set by 16-bit integer encoding of the number of days from January 1, 2000 to the expiration date. In addition, when the sender address S is designated in the 20 bits from the positions “b39” to “b20”, 20-bit data is generated and set from the designated address S as described above. If the sender domain D is designated, 20-bit data is generated and set from the sender domain as described above. Further, a verification code is set in 20 bits from positions “b19” to “b0”. Specifically, a data string obtained by connecting the data from b63 to b20 to the character code string of R_N is created, and the value of the keyed hash function of this data string is obtained using the signature key K. Generate the lower 20 bits of the value.

  In this way, binary data B.I. If p is generated, it is encrypted with a predetermined encryption logic using the encryption key and encrypted data B.P. c is generated. As this encryption logic, a public encryption system or a common encryption system known encryption logic can be used. Thereafter, the encrypted data B.I. 65-bit data obtained by padding 1 bit into c is BASE32-encoded to generate a 13-character string P, and R_N and P are concatenated with “.” to generate the user name portion of the ad hoc address. An ad hoc address T (for example, tanaka.ege8bes378sac.aged2a@adhoc.isp-A.ne.jp) is generated by appending the domain name to.

  Next, decoding / filtering of an ad hoc address according to the third embodiment will be specifically described. First, when a mail addressed to an ad hoc address is received, the user name portion of the ad hoc address is extracted and separated into a character string R_N and a character string P, and then 65-bit data obtained by BASE32 decoding the character string P. 1 bit is deleted and 64-bit data B. Get c.

  Thereafter, filtering is performed. Specifically, data B.I. If the positions “b63” to “b56” of p are bit patterns that are not defined in the code table shown in FIG. 25, the ad hoc address is considered to be invalid. In addition, data B. If the expiration date indicated by the positions “b55” to “b40” of p is earlier than the current date or more than 1000 days after the current date, the ad hoc address is an invalid or illegally generated address. Consider it. At this stage, most of the addresses generated by the brute force attack can be eliminated.

  Thereafter, the validity of the verification code is confirmed. Specifically, B.B. Create a data string obtained by connecting the data from the positions “b63” to “b20” of p, obtain the value of the keyed hash function of this data string using the signature key K, and calculate the lower 20 bits of this value The comparison code T is the data B. If it does not match the verification code at the positions “b19” to “b0” of p, it is regarded as an ad hoc address generated illegally. Typically, fraudulent ad hoc addresses created by changing the username portion of a valid ad hoc address are eliminated at this stage. Thereafter, filtering is performed in the same manner as in the first embodiment, the validity of the caller address and the originating domain is determined, and whether transfer is possible is determined.

  As described above, in the third embodiment, after the verification code is generated, the verification code and the context information are encrypted and embedded in the ad hoc address, and at the time of filtering, the encrypted verification code and the context information are decrypted. Because it is configured to determine whether or not the decrypted context information (combination of conditions or expiration date) is in a valid range, and when a value that is not in a valid range is restored, it is detected as an invalid ad hoc address. It is possible to make a brute force attack difficult by making it impossible for a user who attempts fraud to operate only the verification code.

  In the first to third embodiments, the present invention is applied to the mail delivery system. However, the present invention is not limited to this and is applied to other message services such as instant messaging. be able to. In the case of such an instant message, it is different from the case where the recipient starts like a mail in that the trigger of message delivery to the recipient is performed on the server side, but otherwise the same as the case of the email Therefore, it can be applied similarly.

  By the way, although the case where this invention was applied to the mail delivery system was shown in the said Examples 1-3, this invention is not limited to this, It can also be applied to a telephone switching system. In the fourth embodiment, a case where the present invention is applied to a telephone exchange system will be described.

  FIG. 26 is a diagram illustrating the system configuration of the telephone exchange system according to the fourth embodiment. The telephone switching system shown in FIG. 1 forms a telephone switching network by the destination side subscriber accommodation exchange 820, the originating side subscriber accommodation exchange 830 and the relay exchange 850, and also receives the called party telephone terminal 910 used by the called party 920. This is a system in which a caller telephone terminal 940 accommodated in a subscriber subscriber exchange 820 and used by a caller 950 is accommodated in a subscriber subscriber exchange 830. These exchanges 820, 830, and 850 are connected to a control signal transfer network 840 and a control device 810. The control device 810 issues an exchange instruction related to an ad hoc telephone number, which will be described later.

  The control device 810 is connected to an ad hoc telephone number issuing server 860 via a closed IP network 870, and the ad hoc telephone number issuing server 860 issues an ad hoc telephone number. Since this ad hoc telephone number issuing server 860 is connected to the called party PC 930 used by the called party 920 via the Internet 880, the called party 920 communicates with the ad hoc telephone number issuing server 860 via the Internet 880. You can request a phone number. The processing performed by the control device 810 corresponds to the verification step and the communication establishment step of claim 1, and the processing performed by the ad hoc telephone number issuing server 860 corresponds to the verification information generation step and the disclosure identifier generation step of claim 1. To do.

  Here, such a telephone exchange system is based on call connection condition information indicating call connection conditions when a call is connected to the callee telephone terminal 910 in the ad hoc telephone number issuing server 860 and the callee telephone number of the callee telephone terminal 910. When the control device 810 receives a call connection request using the ad hoc phone number, it restores the called party phone number from the ad hoc phone number and extracts the call connection condition information. When the call connection request satisfies the call connection condition included in the extracted call connection condition information, the calling side subscriber accommodation switch 830 that forms a telephone switching network to connect the callee telephone terminal 910 and the caller telephone terminal 940 by call. It is configured to instruct.

  That is, conventionally, unless the callee 920 uses the nuisance call rejection service or sets the call rejection setting using the call rejection function of the callee telephone terminal 910 itself, the caller 950 does not receive the caller 950. When a call connection request is made to the telephone terminal 910, the ringing tone of the called party telephone terminal 910 always sounds, and the called party 920 must respond to this ringing tone. In the case of spreading, there is a problem that the called party 920 is chased for the telephone. For this reason, in this telephone exchange system, by providing an ad hoc telephone number issuing server 860 that gives an ad hoc telephone number, when the called party 920 applies for a sweepstakes or applies for mail order on the WEB, The ad hoc telephone number is transmitted instead of the telephone number of the called party, so that an unwanted call to the original called party telephone number is prevented. In addition, by providing the control device 810, when a call connection request using an ad hoc telephone number is made, the call connection condition included in the ad hoc telephone number is not used instead of connecting to the call receiver terminal 910 all. By connecting the call to the called party telephone terminal 910 only when the condition is satisfied, unnecessary incoming calls to the called party telephone terminal 910 are eliminated, thereby preventing annoying calls. In particular, the user ID and context information itself are embedded in the ad hoc telephone number, and a tamper-proof code is included.

  Next, each device forming the telephone exchange system shown in FIG. 26 will be described. The caller telephone terminal 940 is a telephone that is used when the caller 950 makes a call with another subscriber (called party 920). The called party telephone terminal 910 is a phone that the called party 920 uses with another subscriber (caller). 950). The called party PC 930 is a personal computer equipped with a WEB browser, and is connected to the Internet 880 via the router R.

  The originating side subscriber accommodation switch 830 and the destination side subscriber accommodation switch 820 are existing telephone exchanges, and the telephone number (ad hoc telephone number T) including the service special number “0320” for the ad hoc telephone number is set as the destination telephone number. When a call connection request is received, the call connection request message is transferred to the control device 810, a service instruction message that is a response to the message is received from the control device 810, and the called party telephone terminal 910 indicated by the service instruction message is received. And the caller telephone terminal 940 are exchange-connected. The relay switch 850 is a switch interposed between the calling subscriber accommodating switch 830 and the called subscriber accommodating switch 820, and establishes a line between the called party telephone terminal 910 and the calling party telephone terminal 940. Make an exchange connection.

  The ad hoc phone number issuing server 860 is a server device that issues an ad hoc phone number according to the present invention in response to a request from the callee PC 930, and includes a user table 861, a hash key table 862, an ad hoc phone number generation unit 863, and An HTTP communication unit 864 is included.

  Such an ad hoc telephone number issuing server 860 can be realized by installing a program corresponding to these functional units on a commercially available PC or workstation (WS) and storing each table in a hard disk device or the like. The ad hoc telephone number issuing server 860 is connected to the Internet 880 via the router R.

  The user table 861 is a table used at the time of performing access authentication of a user who wishes to issue an ad hoc telephone number and at the time of generating an ad hoc telephone number, and includes a user name, a user ID (ID_R), and a telephone number (R). And the password are stored in association with each other. FIG. 27 is a diagram showing an example of the user table 861 shown in FIG. 26. As shown in FIG. 27, the user table 161 includes a user name “suzuki”, a user ID “2344”, and a telephone number “0422- 59-2345 ”and password“ ef34szq5s ”are stored in association with each other, the user name“ tanaka ”is stored in association with user ID“ 2345 ”, telephone number“ 0422-59-1234 ”, and password“ ew4902sa ”. The user ID “2344”, the telephone number “03-5205-3421”, and the password “wf4wsfa3s” are stored in association with the name “yamada”.

  Here, the user name and password are used for authentication (identity confirmation) when the user accesses the ad hoc phone number issuing server 860, and the user ID (ID_R) is the call connection condition information embedded in the ad hoc phone number. Used as part. That is, if the telephone number (R) itself is part of the call connection condition information, the data length of the call connection condition information becomes long. Therefore, the user ID (ID_R) is used instead of the telephone number (R). The control device 810 described later also uses the same user table 811 as the user table 861. This is because it is necessary to be able to specify the telephone number (R) corresponding to the user ID (ID_R).

  The hash key table 862 stores the hash key (K) necessary for generating the falsification prevention code and the base date (TT) of the expiration date of the ad hoc telephone number in association with the key ID (ID_K). It is a table. FIG. 28 is a diagram showing an example of the hash key table 862. As shown in the figure, in this hash key table 862, the key “0x34d2a36b” and the base date “2003/4/1” are stored in association with the key ID 23, the key “0xe48ab21f”, the base date “2003/4” / 1 ”is stored in association with the key ID 24, the key“ 0xab46fc9a ”and the base date“ 2003/7/1 ”are stored in association with the key ID 25, the key“ 0xe6a3b13b ”, the base date“ 2003/7/1 ” Is associated with the key ID 26 and stored.

  Here, the reason for storing the base date (TT) is that, in the fourth embodiment, the expiration date of the ad hoc telephone number is not directly specified by the date, but is the day, week or month from the base date. This is because it was decided to specify.

  The ad hoc telephone number generation unit 863 is a processing unit that generates an ad hoc telephone number according to the present invention, and includes a condition code table 863a as illustrated. Specifically, the ad hoc telephone number generation unit 863 supports the user ID (ID_R) corresponding to the callee telephone number, the condition code indicating the type / combination of the conditions forming the call connection condition information, and the condition code. An ad hoc telephone number for disclosure is generated from the call connection condition information to be disclosed. Although a specific procedure for generating an ad hoc telephone number will be described later, the ad hoc telephone number generation unit 863 uses the key of the hash key table 862 to add a user ID (ID_R) and communication connection condition information to the ad hoc telephone number. Embed.

  The condition code table 863a included in the ad hoc telephone number generation unit 863 is a table in which condition codes indicating types and combinations of call connection conditions forming the call connection condition information are stored. FIG. 29 is a diagram showing an example of the condition code table 863a. As shown in the figure, in this condition code table 863a, a combination pattern of call connection conditions and a combination code are stored in association with each other.

  The pattern “S” in the figure means that the caller telephone number is included in the call connection condition information as a call connection condition, and the combination code of this pattern is “000”. The patterns “M”, “W”, and “D” all mean that they are included in the call connection condition information as the expiration date call connection condition, and the combination code of “M” indicating the month accuracy is “001”. The combination code of “W” indicating the week accuracy is “010”, and the combination code of “D” indicating the day accuracy is “011”. The pattern “T” means that the incoming call time zone is included in the call connection condition information as a call connection condition, and the combination code of this pattern is “100”. The pattern “ST” means that the caller telephone number of the pattern S and the incoming time zone of the pattern T are included in the call connection condition information as a call connection condition, and the combination code of this pattern is “101”. The pattern “SM” means that the caller telephone number of the pattern S and the month precision expiration date of the pattern M are included in the call connection condition information as a call connection condition, and the combination code of this pattern is “110”. . The pattern “SW” means that the caller telephone number of the pattern S and the weekly precision expiration date of the pattern W are included in the call connection condition information as a call connection condition, and the combination code of this pattern is “111”. . Here, for convenience of explanation, a case where only these patterns are used will be described, but other patterns may be provided.

  By embedding a combination code corresponding to one of these combination patterns in the ad hoc telephone number, it is possible to grasp what call connection condition information is embedded in the ad hoc telephone number. Here, the caller telephone number, the expiration date (monthly accuracy, weekly accuracy, daily accuracy) and the incoming time zone are shown as the call connection conditions forming the call connection condition information, but the present invention is not limited to this. However, it is also possible to target call connection conditions other than these. In this case, a combination code corresponding to the call connection condition may be registered in the condition code table 863a.

  The HTTP communication unit 864 is a processing unit that performs communication according to HTTP (Hyper Text Transfer Protocol), and is executed by the ad hoc telephone number issuing server 860 as a WEB server program. The user table 811 and the hash key table 812 are synchronized with the user table 861 and the hash key table 862, respectively, but communication for this data synchronization is realized by a closed IP network of an ad hoc telephone number communication service provider. Is done.

  Next, the configuration of the control device 810 shown in FIG. 26 will be described. As described above, when receiving a call connection request using an ad hoc phone number, the control device 810 shown in FIG. 26 restores the called party phone number from the ad hoc phone number and extracts the call connection condition information. When the call connection request satisfies the call connection condition included in the extracted call connection condition information, the calling subscriber who forms the telephone switching network to call-connect the called party telephone terminal 910 and the calling party telephone terminal 940 This is a device that instructs the accommodation switch 830.

  Similar to the ad hoc address issuing server 860, the control device 810 installs programs corresponding to these functional units on a commercially available PC or workstation (WS), and stores the user table 811 and the hash key table 812 in a hard disk device or the like. This can be realized by storing. The control device 810 is connected to each of the exchanges 820, 830, 850, the control signal transfer network 840, and the closed IP network 870, and includes a user table 811, a hash key table 812, a filter processing unit 813, and a call connection. It comprises an instruction unit 814 and a control signal transmission / reception unit 815.

  The user table 811 is a table used when the recipient telephone number is extracted from the ad hoc telephone number, and is the same as the user table 861 described with reference to FIG. 27 held by the ad hoc telephone number issuing server 860. The user table 811 may have necessary information (a user name that is a key at the time of data operation, a user ID and a telephone number that are necessary for call control). That is, since the user ID corresponding to the callee telephone number is embedded in the ad hoc telephone number, not the callee telephone number itself, the caller telephone number is reversely looked up from the user ID using the user table 811. It is. The hash key table 812 is the same as the hash key table 862 held by the ad hoc telephone number issuing server 860.

  The filter processing unit 813 receives a call connection request using an ad hoc phone number, and determines whether or not the call connection request is to be exchanged based on call connection condition information included in the received ad hoc phone number Part. In other words, the filter processing unit 813 performs a kind of filtering processing that sets only a call connection request using an ad hoc telephone number satisfying the call connection condition as an exchange connection target, and discards the other.

  Specifically, in this filter processing unit 813, the result of applying the hash function with a character using the hash key stored in the hash key table 812 is compared with the falsification prevention code to check whether or not falsification has occurred. If not, it is determined whether or not the call connection request is to be exchanged using the call connection condition included in the call connection condition information included in the ad hoc telephone number.

  The call connection instructing unit 814 is a processing unit that instructs the exchange 830 to establish a line between the called party telephone terminal 910 and the calling party telephone terminal 940 for a call connection request that the filter processing unit 813 determines to be exchange connected. is there. Specifically, a callee telephone number corresponding to the user ID is acquired using the user table 811 and a line is established between the callee telephone terminal 910 having the acquired callee telephone number and the caller telephone terminal 940. In this manner, the exchange 830 is instructed to perform exchange connection.

  The control signal transmission / reception unit 815 is a processing unit that transmits and receives a call control signal message (connection request message, service instruction message) to / from each of the exchanges 820, 830, and 850. For example, the control signal transmission / reception unit 815 performs exchange connection from the call connection instruction unit 814. If the instruction is accepted, a connection request message corresponding to the exchange connection instruction is transmitted to the exchange 830.

  Next, a procedure for issuing an ad hoc telephone number by the ad hoc telephone number issuing server 860 shown in FIG. 26 will be described. FIG. 30 is a sequence diagram showing a procedure for issuing an ad hoc telephone number by the ad hoc telephone number issuing server 860 shown in FIG. Here, it is assumed that the issuance of the ad hoc telephone number is realized by HTTP communication, and the URL of the ad hoc telephone number issuance server 820 is notified to the callee 920 in advance.

  As shown in the figure, when the called party 920 inputs the URL of the ad hoc phone number issuing server 860 to the WEB browser on the called party PC 930 and makes an access request to the ad hoc phone number issuing server 860 (step S1210). The ad hoc telephone number issuing server 860 returns a user authentication page to the callee PC 930 (step S1220). FIG. 31 is a diagram illustrating an example of a user authentication page. As shown in the figure, the user authentication page 1000 is provided with an input frame for inputting a user name and a password.

  Here, when the called party 920 inputs the user name and password on the user authentication page 1000 and makes an authentication request to the ad hoc telephone number issuing server 860 (step S1230), the ad hoc telephone number issuing server 860 authenticates the user. Is performed (step S1240). Specifically, it is confirmed whether or not the combination corresponding to the received user name and password is registered in the user table 861 shown in FIG.

  If the user is authenticated as valid, the ad hoc telephone number issuing server 860 transmits an ad hoc telephone number issuing page to the callee PC 930 (step S1250). FIG. 32 is a diagram showing an example of an ad hoc telephone number issuance page. As shown in the figure, this ad hoc phone number issuance page 1100 is provided with an input frame for inputting a callee phone number and call connection conditions. Specifically, a caller number (caller phone number) designation is specified. An input box for selecting whether to specify presence / absence, whether to specify an expiration date, whether to specify an incoming time zone, and an input frame for specifying a specified telephone number, expiration date, incoming start time, and incoming end time are provided. It has been.

  Here, when the callee 920 inputs the callee telephone number and the call connection condition on the ad hoc phone number issuance page 1100 for transmission, an ad hoc phone number request specifying the callee telephone number R and the call connection condition C is made. Is performed on the ad hoc telephone number issuing server 860 (step S1260).

  If the ad hoc telephone number issuing server 860 accepts the ad hoc telephone number request, an ad hoc telephone number generation process using the called party telephone number R and the call connection condition C is performed (step S1270), and the generated ad hoc telephone is generated. The number T is notified to the callee PC 930 (step S1280). When the callee 920 obtains the ad hoc telephone number T, the callee 920 notifies the caller 950 of the ad hoc telephone number T (step S1290). The ad hoc telephone number T may be notified by any information transmission means such as a telephone, mail, FAX.

  Next, the ad hoc telephone number generation processing procedure shown in step S1270 of FIG. 30 will be described more specifically. FIG. 33 is a flowchart showing the ad hoc phone number generation processing procedure shown in step S1270 of FIG. 30, and FIG. 34 is a diagram showing a specific example of ad hoc phone number generation. Here, for convenience of explanation, the recipient telephone number R is “0422-59-1234”, the call connection condition C is the calling number designation (S) “03-5205-5678” and the weekly precision expiration date designation (W ) It shall be “August 31, 2003”. In FIG. 34, “B” indicates binary data (binary data), and “D” indicates decimal notation.

  As shown in FIG. 33, the ad hoc telephone number generation unit 863 refers to the user table 861 to acquire the user name (ID_N) and user ID (ID_R) corresponding to the callee telephone number R (step S1310), and ID_N And ID_R are input to an arbitrary hash function, the hash key table 862 is referenced using the lower 8 bits of the value obtained as a key, and the hash key (K) and the start date (TT) are obtained. (Step S1320). Specifically, as shown in FIG. 34, after obtaining the user ID (ID_R) “2345” corresponding to the callee telephone number R from the user table 861, the user ID (ID_R) “2345” is encoded. Binary data ID_R. p “0000,1001,0010,1001” is acquired.

  Thereafter, the context condition (C) is encoded to generate context data (data B1) (step S1330). Specifically, referring to the condition code table 863a, a code indicating a combination of context conditions is acquired and used as combination data (data B11) (step S1331), and each selected condition is encoded to establish a call connection. Condition data (data B12) is generated (step S1332). Specifically, when the calling number is specified, a value obtained by dividing the hash value of the specified calling number S by 32 is encoded as a 5-bit integer (step S1332.S), and the date precision expiration date is specified. If it is, the number of days from the starting date TT to the designated deadline is 7-bit integer encoded (step S1332.D), and if the week precision expiration date is designated, the next Sunday after the designated deadline is the starting date TT. The number of times Sunday falls from this is encoded into a 5-bit integer (step S1332.W), and if the month precision expiration date is specified, the number of times from the starting date TT is the end of the specified expiration date. Is calculated by 4-bit integer coding (step S1332.M), and when the incoming time zone is specified, the time is expressed with time accuracy, and the incoming call start time (7-22) Range 4) are encoded (bit end time-arrival start time-1) (step S1332.T), and finally the data B11 and B12 are concatenated to obtain the context condition data B1. (Step S1333). Since the length of the data B11 differs depending on the combination of conditions, if the maximum length of 12 bits of B12 (the length when the designated calling number and the date precision expiration date are combined) is not satisfied, an arbitrary rule (for example, Padding with 1).

  34, the condition code table 863a is examined for the combination “SW” to obtain B11 = “B: 111”, and the hash value of the designated calling number is encoded to obtain B12. S = “B: 1,0101” is acquired, the specified expiration date is encoded, and B12. Since W = “B: 0,1001” is obtained, B1 = “B: 111,1010,1010,0111” is obtained by padding the end of B12 with 1.

  Next, a falsification preventing code (data B2) is generated (step S1340). Specifically, integer encoded data (ID_R.p) of the user ID (ID_R) is generated (step S1341), and the data ID_R. p and data B1 (encoded data of the context condition) are concatenated, and data B2. h (step S1342), data B2. An output of a keyed hash function of a character string obtained by encoding h with BASE32 is obtained, and the lower 5 bits are set as a falsification preventing code (data B2).

  In FIG. 34, ID_R. p = “B: 0000,1001,0010,1001” and data B1 are concatenated and B2. h = "B: 000,0100,1001,0100,1111,1010,1010,0111" is obtained, the hash value with this key is obtained, and the lower 5 bits B2 = "B: 1,1011" are tamper-proof codes It is said.

  Thereafter, data B1 (encoded data of the context condition) and data B2 (tamper prevention code) are concatenated to generate data B (step S1350), and this data B (call connection condition and tamper prevention code) is represented in decimal. To the user ID (ID_R) to generate a lower digit T1 of the ad hoc telephone number (step S1360), and to create the ad hoc telephone number T by concatenating the service special number “0320”, ID_R and T1. (Step S1370). FIG. 34 shows an example in which an ad hoc telephone number T = “0320-2345-1004795” is generated.

  By performing the above series of processing, the call connection conditions consisting of the recipient's phone number “0422-59-1234”, calling number designation “03-5205-5678” and weekly accuracy date “August 31, 2003” are met. Based on this, an ad hoc telephone number “0320-2345-1004795” can be generated. Looking at this ad hoc telephone number, the user ID in the user table 861 is maintained, so it can be seen at a glance that the telephone number is the user name “tanaka”.

  Next, the exchange connection control procedure by the control device 810 shown in FIG. 26 will be described. FIG. 35 is a sequence diagram showing an exchange connection control procedure in response to a call connection request by an ad hoc telephone number by the control device 810 shown in FIG.

  As shown in the figure, when a caller 950 dials an ad hoc telephone number using the caller telephone terminal 940 to perform a call operation (step S1401), a call connection request reaches the calling subscriber accommodation switch 830. (Step S1402). Here, if the calling side subscriber accommodation switch 830 refers to the upper four digits of the telephone number for which a call connection request is made and detects that the service special number is “0320”, it responds to this call connection request. A service instruction request is transmitted to the control device 810 (step S1403).

  Receiving this service instruction request, control device 810 extracts call connection condition information from the ad hoc telephone number, and whether or not the call connection request is subject to exchange connection based on the call connection condition included in the extracted call connection condition information. Service processing is determined (step S1404), and if it is to be exchanged and connected, a service instruction indicating exchange connection is issued to the calling subscriber accommodating exchange 830 (step S1405). Specifically, the control device 810 issues a service instruction including the callee telephone number of the callee telephone terminal 910.

  Thereafter, a connection instruction is issued from the calling subscriber accommodating switch 830 to the called subscriber accommodating switch 820 via the relay switch 850 according to the connection sequence of the existing telephone switching network (step S1406). An incoming call notification is made (step S1407), the ringing tone of the callee telephone terminal 910 rings (step S1408), and the caller telephone terminal 940 is also notified of the call (step S1409). Makes a ringing tone (step S1410). When the callee 920 goes off-hook from the callee telephone terminal 910, a connection response is made to make a call connection, and a call is started.

  Next, the service process determination (filter process) shown in step S1404 of FIG. 35 will be specifically described. FIG. 36 is a flowchart showing the service process determination (filter process) procedure shown in step S1404 of FIG. As shown in the figure, first, a number string T1 having a lower digit than the service special number “0320” of the ad hoc telephone number T is acquired (step S1510), and then a hash key (k) is acquired (step S1520). Specifically, the upper 4 digits of T1 are acquired and set as a user ID (ID_R) (step S1521), the user table 811 is searched using this ID_R as a search key, and the user name (ID_N) and telephone number (R) are set. Obtain (step S1522). Then, a character string obtained by concatenating ID_N and ID_R is input to the hash function used when issuing the ad hoc telephone number, and the hash key table 862 is referenced using the lower 8 bits of the obtained value as a key, and the hash key ( K) and the starting date (TT) are acquired (step S1523).

  Then, the fifth and subsequent digits of T1 are acquired and converted into binary numbers to create control data (data B) (step S1530), and then the data is verified (step S1540). Specifically, a value obtained by converting ID_R into a binary number is set to ID_R. p (step S1541), and this ID_R. p and the value obtained by concatenating the upper 11 bits of data B are B2. h (step S1542). And this data B2. The output of the keyed hash function of the character string obtained by encoding h with BASE32 is obtained, and the lower 5 bits are compared with the lower 5 bits of data B (step S1543). In this way, the presence / absence of falsification is determined (step S1550). If falsification has been made, rejection of the connection request is used as a service instruction (step S1590), and the process is terminated.

  On the other hand, if no alteration has been made, the context condition C is acquired (step S1560). Specifically, a condition combination (B11) is acquired from the upper 3 bits of data B (step S1561), and the conditions included in the combination are decoded (step S1562). Note that the bit reading position is the fourth bit of B1 in the initial state, and the reading position is advanced by that amount each time it is read. If the calling number designation is included, 5 bits are read as a calling number limit value (step S1562.S), and if the month precision deadline is included, 4 bits are read as an integer N, and the Nth time from the starting date The end of the month is set as the expiration date (step S1562.M). If the week precision deadline is included, 5 bits are read as an integer N, the Nth weekend from the starting date is set as the expiration date (step S1562.W), and if the day precision deadline is included, 7 bits are read. Is read as an integer N, the Nth day from the starting date is set as the expiration date (step S1562.D), and when the incoming time zone is included, 4 bits are read as an integer N1, 7 + N1 is set as the incoming call start time, Further, 4 bits are read as an integer N2, and the incoming call start time + 1 + N2 is set as the incoming call end time (step S1562.T).

  Thereafter, it is determined whether or not connection is possible based on the context condition C (step S1570). Specifically, when calling number designation is included, a hash value is obtained from the calling number S as an input, and this hash value is obtained in step S1562. It is determined whether or not it matches the value acquired in S, and if it does not match, connection is impossible (step S1571). When the expiration date designation is included in the context condition C, the current time t is set to step S1562. It is determined whether or not the expiration date acquired at T has passed, and if it has elapsed, connection is impossible (step S1572). If the time condition designation is included in the context condition C, the current time is determined in step S1562. It is determined whether or not it is within the specified time zone in the context condition acquired at T, and if it is outside the specified time zone, connection is impossible (step S1573). In any of the above condition determinations, connection is possible if connection is not possible. (Step S1574).

  If it is determined that the connection is possible, the connection to the telephone number (R) acquired in step S1522 is used as a service instruction (step S1580). If the connection is impossible, the connection request is rejected. A service instruction is set (step S1590).

  As described above, in the fourth embodiment, an ad hoc telephone number falsification preventing code for disclosure is generated based on call connection condition information indicating a call connection condition to the callee telephone terminal 910 and the callee telephone number. Since the ad hoc phone number is formed from the callee telephone number, the call connection condition information and the falsification prevention code and the presence / absence of falsification is detected by this falsification prevention code, the caller's phone number and ad hoc phone number are The correspondence relationship can be easily grasped, and the falsification problem caused by this can be corrected by the falsification prevention code.

  As a one-way function for obtaining a hash value, a well-known algorithm such as MD5 or SHA-1 can be used. Further, in the above-described embodiment 4, the case where the caller telephone number, the expiration date or the incoming time zone or a combination thereof is used as the call connection condition is shown, but the present invention is not limited to this, The content can also be used as a call connection condition. In this case, information regarding these designated types and combinations may be registered in the condition code tables 863a and 813a.

  In the first to fourth embodiments, the mail distribution system and the telephone exchange system are described from the functional aspect. However, in reality, each device such as the ad hoc telephone number issuing server 860 and the control device 810 is commercially available. Since it can be realized by a computer, it is only necessary to install a program on each of these computers. This program may be loaded not only from a secondary recording medium such as a hard disk device or a ROM but also from a recording medium such as a CD-R. For example, when a program is loaded from a CD-R, an ad hoc telephone number issuing server 860 program, a control device 810 program, and the like are stored in a CD-R (may be a separate CD-R for each device). In addition, this CD-R is loaded into the CD-R reader of each device, and the program is loaded.

  As described above, a communication method, a communication system, and a communication program according to the present invention are provided in response to a communication request from a caller communication terminal using a receiver identifier that uniquely specifies a receiver. It is suitable for communication methods, communication systems and communication programs for communicating with the receiver communication terminal, and in particular, each user can receive the receiver identifier and the receiver's It is suitable for a communication method, a communication system, and a communication program that can efficiently grasp the relationship.

1 is a diagram illustrating a system configuration of a mail delivery system according to a first embodiment. It is a figure which shows an example of the user table shown in FIG. It is a sequence diagram which shows the issue procedure of the ad hoc address by the ad hoc address issue server shown in FIG. It is a figure which shows an example of a user authentication page. It is a figure which shows an example of an ad hoc address issue page. It is a flowchart which shows the ad hoc address production | generation process procedure shown to FIG.5 S170. It is explanatory drawing for demonstrating the correspondence of a character and condition classification. It is a figure which shows the specific example of ad hoc address generation. It is a sequence diagram which shows the transfer procedure of the ad hoc mail by the ad hoc mail transfer server shown in FIG. 10 is a flowchart showing a filtering process procedure shown in step S304 of FIG. 9. It is a figure which shows the system configuration | structure of the mail delivery system which concerns on the present Example 2. FIG. It is a figure which shows an example of the master key table shown in FIG. It is a figure which shows an example of the memory content of the signature key memory | storage part shown in FIG. It is a figure which shows an example of the address table shown in FIG. It is a sequence diagram which shows the address registration procedure which registers a user's address into an address table. It is a figure which shows an example of an address registration page. It is a sequence diagram which shows the process sequence until an ad hoc address generation apparatus acquires a signature key. It is a flowchart which shows the signature key generation process procedure shown to step S650 of FIG. It is a sequence diagram which shows the production | generation / notification procedure of the ad hoc address by the ad hoc address production | generation apparatus shown in FIG. It is a flowchart which shows the production | generation procedure of an ad hoc address. It is explanatory drawing which shows the concept of the ad hoc address generation which concerns on the present Example 2. FIG. It is a sequence diagram which shows the transfer procedure of the ad hoc mail by the ad hoc mail transfer server shown in FIG. It is a flowchart which shows the filter processing procedure shown by step S1004 of FIG. It is explanatory drawing for demonstrating the data structure of the binary data before the encryption which makes the user name part of the ad hoc address which concerns on the present Example 3. FIG. It is a figure which shows the correspondence of the condition combination pattern and code | cord | chord used in the present Example 3. It is a figure which shows the system configuration | structure of the telephone switching system which concerns on the present Example 4. It is a figure which shows an example of the user table shown in FIG. It is a figure which shows an example of the hash key table shown in FIG. It is a figure which shows an example of the condition code table shown in FIG. FIG. 27 is a sequence diagram showing a procedure for issuing an ad hoc telephone number by the ad hoc telephone number issuing server shown in FIG. 26. It is a figure which shows an example of a user authentication page. It is a figure which shows an example of an ad hoc telephone number issue page. It is a flowchart which shows the ad hoc telephone number generation | occurrence | production process procedure shown to step S1270 of FIG. It is a figure which shows the specific example of ad hoc telephone number generation. FIG. 27 is a sequence diagram showing a call connection procedure by the control device shown in FIG. 26. It is a flowchart which shows the service process judgment (filter process) procedure shown by step S1404 of FIG.

Explanation of symbols

100 LAN
DESCRIPTION OF SYMBOLS 110 Ad hoc mail transfer server 111 Mail communication part 112 Signature key 113 Filter process part 114 Transfer process part 120 Ad hoc address issue server 121 HTTP communication part 122 Signature key 123 User table 124 Ad hoc address generation part 200 Callee side IP network 210 Callee side mail server 220 Caller Terminal 230 Callee 300 Calling IP Network 310 Calling Mail Server 320 Caller Terminal 330 Caller 500 User Authentication Page 600 Ad Hoc Address Issue Page 710 Ad Hoc Mail Transfer Server 711 Master Key Table 712 Signature Key Generation Unit 720 Signature Key Issuing server 721 Master key table 722 Signature key generation unit 730 Ad hoc address generation device 731 Signature key acquisition unit 732 Signature key storage unit 810 Control device 81 User table 812 Hash key table 813 Filter processing unit 813a Condition code table 814 Transfer determination unit 815 Control signal transmission / reception unit 820 Destination subscriber accommodation exchange 830 Originating subscriber accommodation exchange 840 Control signal transfer network 850 Relay exchange 860 Ad hoc telephone number Issuing server 861 User table 862 Hash key table 863 Ad hoc address generation unit 863a Condition code table 864 HTTP communication unit 870 Closed IP network 880 Internet 910 Callee telephone terminal 920 Callee 930 Callee PC
940 Caller telephone terminal 950 Caller 1000 User authentication page 1100 Ad hoc phone number issue page

Claims (16)

A communication method for performing communication between the caller communication terminal and the receiver communication terminal in response to a communication request from the caller communication terminal using a receiver identifier that uniquely identifies the receiver,
A verification information generating step of generating verification information of a disclosure identifier based on communication condition information indicating communication conditions when communicating with the receiver and user information corresponding to the receiver identifier or the receiver identifier;
A disclosure identifier generating step for generating a disclosure identifier that can be identified for each recipient including the receiver identifier or user information and communication condition information and the verification information generated by the verification information generation step;
When receiving a communication request from the caller communication terminal based on the disclosure identifier generated by the disclosure identifier generation step, a verification step of verifying the validity of the disclosure identifier based on the verification information;
When the verification identifier is valid by the verification step and the communication condition information of the communication condition information included in the disclosure identifier is satisfied, the sender communication terminal and the receiver communication terminal are in accordance with the communication request. And a communication establishment step for establishing communication.   The verification information generating step is for disclosure based on delivery condition information indicating a delivery condition of a message to be delivered to a recipient communication terminal, and a recipient address that uniquely identifies the recipient or user information corresponding to the recipient address. Address verification information is generated, and the disclosure identifier generation step generates a disclosure address that can be identified for each recipient address including the receiver address or user information and delivery condition information and the verification information, and the verification The step of verifying the validity of the disclosure address based on the verification information when a message having a disclosure address generated by the disclosure identifier generation step as a destination address is received. Item 4. The communication method according to Item 1. The verification information generating step is used as a destination telephone number when making a call to the recipient telephone terminal, using call condition information when connecting to the recipient telephone terminal and a user identifier corresponding to the recipient telephone number. And a disclosure telephone number verification information disclosed to a caller is generated, and the disclosure identifier generation step includes a user identifier and call condition information corresponding to the receiver telephone number and the verification information. Including a disclosure telephone number that can be identified for each recipient including the verification step when a call connection request is received with the disclosure telephone number generated by the disclosure identifier generation step as a destination telephone number ; The communication method according to claim 1, wherein validity of the telephone number for disclosure is verified based on the verification information.   The verification information generation step applies a keyed hash function using a predetermined signature key as a key to a character string obtained by combining the receiver identifier or user information corresponding to the receiver identifier and communication condition information. 4. The communication method according to claim 1, wherein the verification information is generated.   In the verification step, the hash function with a key using the signature key as a key for a character string obtained by combining a receiver identifier extracted from the disclosure identifier or user information corresponding to the receiver identifier and communication condition information is used. 5. The communication method according to claim 4, wherein comparison information is generated by applying the verification information, and the disclosure identifier is verified as valid when the comparison information matches the verification information.   The communication establishment step rejects the communication request when the disclosure identifier is not valid by the verification step or when the communication condition of the communication condition information included in the disclosure identifier is not satisfied. Item 6. The communication method according to any one of Items 1 to 5.   The communication establishment step extracts communication condition information from the disclosure identifier only when the disclosure identifier is valid by the verification step, and whether or not the communication condition of the extracted communication condition information is satisfied. The communication method according to claim 1, wherein the communication method is determined.   The disclosure identifier generation step includes encrypted data obtained by encrypting the verification information generated in the verification information generation step and the communication condition information by a predetermined encryption logic using a predetermined encryption key together with the receiver identifier. Including a disclosure identifier that can be identified for each recipient including the verification step when receiving a communication request from the caller communication terminal based on the disclosure identifier generated by the disclosure identifier generation step. The communication logic information and the verification information are extracted by decrypting the encrypted data included in the disclosure identifier by the encryption logic using the decryption key corresponding to the encryption key, and the disclosure based on the extracted verification information The communication method according to claim 1, wherein the validity of the service identifier is verified.   The verification step forms the communication condition information whether or not the types of communication conditions forming the communication condition information obtained by decrypting the encrypted data included in the disclosure identifier is a valid combination. The communication condition value is examined whether or not it is within a valid range, and if it is not a valid combination or not within a valid range, it is determined that the disclosure identifier is invalid. The communication method according to 8. From a sender communication terminal using a receiver identifier having a receiver communication terminal used by a receiver and a sender communication terminal that makes a communication request to the receiver communication terminal, and uniquely identifying the receiver A communication system for communicating between the caller communication terminal and the receiver communication terminal in response to the communication request of
Verification information generating means for generating verification information of a disclosure identifier based on communication condition information indicating communication conditions when communicating with the receiver and user information corresponding to the receiver identifier or the receiver identifier, and the reception A disclosure identifier generating device having a disclosure identifier generating means for generating a disclosure identifier that can be identified for each recipient, including a person identifier or user information and communication condition information, and verification information generated by the verification information generating means; ,
When receiving a communication request from the caller communication terminal based on the disclosure identifier generated by the disclosure identifier generation means, verification means for verifying the validity of the disclosure identifier based on the verification information; If the verification identifier is valid by the verification means and the communication condition information of the communication condition information included in the disclosure identifier is satisfied, the sender communication terminal and the receiver communication terminal are in accordance with the communication request. A communication system comprising: a filtering device having communication establishment means for establishing communication.   The verification information generation means applies a keyed hash function using a predetermined signature key as a key to a character string obtained by combining the receiver identifier or user information corresponding to the receiver identifier and communication condition information. The communication system according to claim 10, wherein verification information is generated.   The verification means includes the keyed hash function using the signature key as a key for a receiver identifier extracted from the disclosure identifier or a character string obtained by combining user information and communication condition information corresponding to the receiver identifier. 12. The communication system according to claim 11, wherein comparison information is generated by application, and the disclosure identifier is verified as valid when the comparison information matches the verification information.   A master key table in which a plurality of master keys are registered; and a signature key generation unit that generates a signature key by selecting a signature key from the master key table in response to a request for a signature key from the disclosure identifier generating device. The verification information generation unit combines the receiver identifier or user information corresponding to the receiver identifier and communication condition information using the signature key received from the signature key issuing device. The communication system according to claim 11, wherein the verification information is generated by applying a keyed hash function to the character string. A communication program used in a communication system that performs communication between the caller communication terminal and the receiver communication terminal in response to a communication request from the caller communication terminal using a receiver identifier that uniquely identifies the receiver,
A verification information generation procedure for generating verification information of a disclosure identifier based on communication condition information indicating communication conditions when communicating with the receiver and user information corresponding to the receiver identifier or the receiver identifier;
A disclosure identifier generation procedure for generating a disclosure identifier that can be identified for each recipient including the receiver identifier or user information and communication condition information and verification information generated by the verification information generation procedure;
A verification procedure for verifying the validity of the disclosure identifier based on the verification information when receiving a communication request from the caller communication terminal based on the disclosure identifier generated by the disclosure identifier generation procedure;
When the verification identifier is valid by the verification step and the communication condition information of the communication condition information included in the disclosure identifier is satisfied, the sender communication terminal and the receiver communication terminal are in accordance with the communication request. A communication program for causing a computer to execute a communication establishment procedure for establishing communication.   The verification information generation procedure applies a keyed hash function using a predetermined signature key as a key to a character string obtained by combining the receiver identifier or user information corresponding to the receiver identifier and communication condition information. The communication program according to claim 14, wherein verification information is generated. The verification procedure includes the keyed hash function with the signature key as a key for a receiver identifier extracted from the disclosure identifier or a character string obtained by combining user information and communication condition information corresponding to the receiver identifier. 16. The communication program according to claim 15, wherein the communication information is applied to generate comparison information, and the disclosure identifier is verified as valid when the comparison information matches the verification information.

Images