JP4000183B1 - File encryption management system and method for implementing the system - Google Patents

Abstract

Provided is a file encryption management technique in which a file included in an e-mail is encrypted and transmitted without being registered in advance in each terminal, and decrypted appropriately at a reception destination.
When a sending terminal creates mail sending event information and sends it to a cipher management device before sending an e-mail containing a file, the mail transmission received by the cipher key generation unit of the cipher management device Based on the event information, an encryption key is generated using at least one encryption key generation type as a terminal specific code of the transmission destination read from the user management table 33. The encryption unit 14 of the terminal encrypts the file using the encryption key sent from the encryption management device. The decryption unit 16 of the terminal that has received the mail including the attached file decrypts the encrypted file included in the received electronic mail using the encryption key created based on its own terminal unique code.
[Selection] Figure 5

Description

  The present invention relates to a technique for encrypting a file included in an electronic mail to be transmitted and appropriately decrypting the encrypted file.

  In order to avoid a file attached to an electronic mail being viewed by a user other than the official mail transmission destination, it has been conventionally performed to encrypt the attached file. For example, a confidential ID is set for the email address that is the source or destination of an email, and the file that you want to keep secret is encrypted with the confidential ID, then sent attached to the email, and this file is received On the side, a technique of decoding with a confidential ID is known (for example, see Patent Document 1). In this technique, it is necessary to set a confidential ID in advance in the mail address, and all the related terminals need to have a confidential ID table associated with the mail address.

  There is provided a management server for transmitting attachment files (lottery tickets) encrypted with encryption keys managed by user email addresses to a large number of user mobile terminals, and a user who goes to the store sends the attachment file from the user mobile terminal to the store terminal. A communication system that contributes to attracting consumers to a store by decrypting and printing out an attached file as a lottery ticket using the encryption key read from the management server by the store terminal is known. For example, see Patent Document 2). In this communication system, it is necessary for the management server to generate and manage encryption keys in advance for every user mail address.

  In addition, when a source user attaches a file to an email, the file is encrypted using a personal key associated with the destination user and registered in the destination table, and the email with the attached file There is also known a file encryption technique in which the transmission destination user who receives the message decrypts the attached file using a password (personal key) registered in the user management table (see, for example, Patent Document 3). In this case, a personal key for each user is registered in the transmission destination table of the terminal that is the mail transmission side, and a password that is a personal key for each user is also registered in the user management table of the terminal that is the mail reception side. As a result, it is necessary to register the personal keys of all users in each terminal.

JP 2003-134296 A (paragraph numbers 0004-0010, FIGS. 9 to 12) JP 2004-266716 A (paragraph number 0008, FIG. 9) JP 2006-31483 A (paragraph numbers 0024-0038, FIGS. 4 and 6)

  In view of the above situation, an object of the present invention is to encrypt a file included in an e-mail and transmit the encrypted file without decrypting the encryption key in each terminal in advance, and to properly decrypt the file at the receiving destination. To provide management technology.

An encryption management device having an encryption key generation unit that generates an encryption key and sends the encryption key to a terminal, and an encryption unit that encrypts a file using the encryption key sent from the encryption management device comprising a terminal and a decoding unit for decoding the attached encrypted file to an e-mail, file encryption management system according to the present invention, in order to solve the above problems, the cryptographic management apparatus, each A user management table for registering a terminal unique code of a terminal is provided, and the terminal reads out a destination unique code relating to transmission from the user management table before sending an e-mail including a file. mail transmission event information generator to create a mail transmission event information including information that can be sent to the cryptographic management device is provided, the encryption key generation It generates the encryption key as at least one encryption key generating species the destination terminal specific code read from the user management table on the basis of the mail transmission event information received from the terminals attempting to send an e-mail including the file The decryption unit decrypts the encrypted file included in the received e-mail using the encryption key created based on its own terminal unique code.

  In this system, when an e-mail including a file is transmitted from a terminal on the e-mail transmission side, e-mail transmission event information indicating that is sent to the encryption management apparatus. The encryption key generation unit of the encryption management device sends an encryption key generated using the terminal specific code of the transmission destination derived from the received mail transmission event information as an encryption key generation type to the terminal on the mail transmission side. The terminal on the mail sending side encrypts the file using the sent encryption key and attaches it to the e-mail for transmission. A terminal that has received an electronic mail including an encrypted attached file generates an encryption key using its own terminal-specific code as an encryption key generation seed, and decrypts the attached file with this encryption key. Since a code unique to the mail transmission destination terminal is used as the encryption key generation type used for generating the encryption, the mail receiving terminal that decrypts the encrypted attached file using this encryption key generation type Naturally knows, and as a result, an encryption key can be generated. Therefore, since the user-specific code group for each user, that is, the terminal-specific code group for each terminal, which is the encryption key generation seed for the encryption key generated every time depending on the transmission destination, only needs to be stored in the encryption management device. The above advantages are obtained.

  In order to increase security, it is necessary to make the encryption key generated by the encryption key generation unit of the encryption management device unique (unique). For this purpose, the encryption key generation type should be unique. For this purpose, in one preferred embodiment of the present invention, the mail transmission event information includes a transmission date / time code of the email, and the encryption key generation unit includes the destination terminal unique code and the transmission date / time. The decryption unit generates a cryptographic key using a combination of the code and an encryption key generation seed, and the decryption unit uses a combination of the transmission date / time code read from the received e-mail and its own terminal unique code as a cryptographic key. Decrypt the file using the encryption key generated as the generation seed. Thus, a substantially unique encryption key generation type related to the electronic mail, which is a combination of the transmission date and time of the electronic mail to which the file is attached and the unique information of the transmission destination can be used.

  If the MAC address of the communication device used in the terminal or the serial number of the OS installed in the terminal is used as the terminal specific code, it is not necessary to create a specific terminal specific code. It is.

  When such a file encryption management system is used in a specific organization such as a company or a government office, the security level that should be called the sender's authority level is taken into consideration, and the files sent by the lower party to the upper party are secret. It may be required not to perform encryption for the purpose of retention. In order to address such a demand, in one of the preferred embodiments of the present invention, the encryption key generator is configured such that the security level of the sender of the email is lower than the security level of the recipient of the email. A file encryption unnecessary command is sent to the terminal instead of the encryption key. As a result, the terminal to which the file encryption unnecessary command is sent instead of the encryption key transmits the mail without encrypting the file.

In the present invention , of course, the technology on the client side is also covered by the rights. That is, an e-mail using the encryption key received from the encryption management apparatus having a user management table in which the terminal unique code of each terminal is registered and an encryption key generation unit that generates an encryption key based on the encryption key generation type In a file encryption management method for a terminal that encrypts a file included in the terminal and decrypts the encrypted file, in order to solve the above problem, in the present invention, before sending an e-mail including the file, A mail transmission event information including information from which a terminal specific code of a transmission destination can be read from the user management table is generated and sent to the encryption management device, and the mail transmission event information is read from the management table by sending the mail transmission event information. in the encryption managing device a destination terminal unique code issued as at least one encryption key generation seed The file is encrypted using the encryption key sent made, decrypted using the encryption key generated based on the encrypted files are included in the received e-mail to the own terminal unique code. By carrying out this method, the sending terminal encrypts the attached file with the encryption key sent from the encryption management device by sending the mail sending event information related to the sending of the e-mail containing the file, and sends it. The receiving terminal that has received the encrypted attached file decrypts the file using the encryption key created using its own terminal unique code as the encryption key generation seed. Accordingly, the terminal side only generates an encryption key for decrypting the encrypted file addressed to itself, which is advantageous in terms of security. A file cipher management program for causing a computer to implement such a terminal-side file cipher management method is also proposed in the present invention.

Further, an e-mail using the encryption key received from the encryption management device having a user management table in which a terminal unique code of each terminal is registered and an encryption key generation unit that generates an encryption key based on an encryption key generation type In a file encryption management module for a terminal that encrypts a file included in the terminal and decrypts the encrypted file, in order to solve the above problem, in the present invention, before sending an e-mail including the file, A mail transmission event information generation unit that generates mail transmission event information including information from which a terminal-specific code of a transmission destination regarding the transmission can be read from the user management table, and sends the mail transmission event information to the encryption management apparatus. At least one of the destination terminal specific code read from the management table by No. key and encryption unit for encrypting the file using the encryption key sent generated in the encryption management device as a product species, encrypted own terminal the file contained in the received e-mail And a decryption unit that decrypts using the encryption key created based on the unique code.

  Such terminal-side technology, that is, file encryption management method, file encryption management program, and file encryption management module as client-side technology, of course, also have the effects described in the previous file encryption management system. Yes, various additional features described above can also be provided.

A basic principle of a file encryption management system according to the present invention for managing encryption and decryption of a file (hereinafter referred to as an attached file) included in an e-mail will be described with reference to FIG.
In FIG. 1, a plurality of terminals 1 serving as client-side computers, a cipher management device 3 serving as a server-side computer, a mail server 4 and the like may be a network (a network within an organization such as a LAN, or the Internet A server / client system connected through 2 is shown. As will be described in detail below, the encryption management device 3 has a function of generating an encryption key for encrypting an attached file in electronic mail communication performed between terminals. The terminal 1 is the encryption management device 3. It has a function of encrypting an attached file to be transmitted using the generated encryption key, and a function of decrypting the received encrypted attached file using its own terminal-specific code.

  When the user who owns the first terminal (sending terminal) 1a tries to send an e-mail attached with a file to the user who owns the second terminal (receiving terminal) 1b, this Mail transmission event information is generated by the first terminal 1a (# 01) and sent to the encryption management device 3 (# 03). This mail transmission event information is a kind of so-called operation log. As shown in FIG. 2, for example, an event ID, an event occurrence terminal ID, an event content, a source address of an attached mail, and an attached mail are transmitted. The destination address, the transmission date / time of the attached mail, the generation date / time of this mail transmission event information, etc. are described.

  The cryptographic management device 3 that has received the mail transmission event information uses a user management table as shown in FIG. 3 from the transmission destination address of the electronic mail to be processed, read from the mail transmission event information. The terminal unique code of the terminal receiving the e-mail is extracted (# 03), and an encryption key is generated using the terminal unique code as an encryption key generation type (# 04). At that time, the relationship between the encryption key generation type and the encryption key may be reversible or irreversible. As the terminal unique code, in consideration of easy acquisition, the MAC address of the communication device used in each terminal, the serial number of the OS installed in the terminal, and the like are adopted. The generated encryption key is sent to the first terminal 1a that is the source of the mail transmission event information (# 05). The first terminal 1a that has received the encryption key from the encryption management apparatus encrypts the attached file of the e-mail to be transmitted with this encryption key (# 06). When the encryption of the attached file is completed, the electronic mail is transmitted to the second terminal 1b which is the transmission destination (# 07).

  When the user who has received the e-mail with the attached file at the second terminal 1b tries to open the attached file, the user's own terminal-specific code is read, and this terminal-specific code is used as an encryption key generation type. An encryption key for decrypting the file is generated (# 08). The attached file to be opened with this encryption key is decrypted (# 09). The decrypted attached file is transferred to an appropriate application program and can be browsed and saved (# 10).

  In order to make the encryption key generated by the encryption management device 3 unique, not only the terminal individual code but also the transmission date / time code of the e-mail attached with the file to be encrypted (this transmission) The term date / time code should be interpreted in a broad sense, and it is preferable to add not only the formal transmission date / time code but also a code determined corresponding to such a code). In this case, the transmission date / time code of the email to be processed is included in the mail transmission event information, and the encryption management device 3 generates the encryption key using the combination of the destination terminal specific code and the transmission date / time code as the encryption key generation type. To do. Also, the decryption unit on the terminal side decrypts the file by generating an encryption key using the combination of the transmission date / time code read from the received e-mail and its own terminal unique code as an encryption key generation type. .

  When this system is built in an organization where the security level, which is the authority level, is different for each user, such as a company or a government office, a table in which the authority level (security level) is registered for each user, that is, each terminal It is also preferable that special measures are taken so that the attached file is not encrypted when the security level of the sender of the email is lower than the security level of the recipient of the email.

  A specific system configuration employing the above-described encryption management technique is shown in FIGS. First, in the computer of the terminal 1 (the first terminal 1a and the second terminal 1b are the same), as a function related to the present invention, software or hardware, or both, a mail creating unit 11, a mail A reception unit 12, a mail transmission unit 13, an encryption unit 14 for encrypting a file using an encryption key, a decryption encryption key generation unit 15 for generating an encryption key for decrypting an encrypted received attached file, A decryption unit 16 that decrypts the received attached file encrypted using the generated decryption encryption key, and generates mail transmission event information that describes information related to the electronic mail transmission when the electronic mail with the file attached is transmitted. E-mail transmission event information generation unit 17, transmission / reception of e-mails, transmission of e-mail transmission event information to the encryption management device 3, and encryption key from the encryption management device 3 Such as a network interface 18 for transmitting data to the network 2, such signal is constructed. Reference numeral 19 denotes a terminal unique code description section that describes the MAC address of the communication device used in each terminal as a terminal unique code. When the serial number of the OS is used instead of the MAC address, the serial number of the OS installed in the terminal 1 is described in the terminal unique code description unit 19.

  The mail creation unit 11, the mail reception unit 12, and the mail transmission unit 13 are constructed by starting an application generally called mailer software. The mail creation unit 11 has a function of attaching a separately prepared file to an e-mail. The mail transmission event information generation unit 17 temporarily stops the transmission of the e-mail when the mail transmission unit 13 tries to transmit the e-mail with the file attached, and the e-mail transmission event as shown in FIG. Information is generated and sent to the encryption management device 3. The electronic mail for which the mail transmission event information is generated is transferred to the encryption unit 14 for encryption of the attached file. The encryption unit 14 encrypts the attached file of the electronic mail whose transmission is temporarily stopped by using the encryption key transmitted from the cipher management apparatus 3 by giving the mail transmission event information. When the encryption of the attached file is completed, the mail transmission unit 13 cancels the suspension of the transmission of the electronic mail and transmits it to the transmission destination via the mail server 4.

  When the encrypted file attached to the received e-mail in the mail receiving unit 12 receives a “save” command or an “open” command, the encrypted file is transferred to the decrypting unit 16 for decryption. At the same time, the decryption encryption key generation unit 15 is activated. The activated decryption encryption key generation unit 15 first reads the transmission date / time code from the header of the e-mail, extracts the MAC address of the receiving terminal 1b from the terminal specific code description unit 19, and obtains the obtained transmission date / time code and A cryptographic key is generated as a cryptographic key generation seed by combining MAC addresses. The generated encryption key is given to the decryption unit 16. Since the encryption key generation type of the encryption key generated by the decryption encryption key generation unit 15 is the same as the encryption key generation type of the encryption key generated by the encryption management device 3 for encrypting the attached file, The encrypted file attached to the received e-mail with the generated encryption key can be decrypted. Processing based on the input “save” command and “open” command is executed on the attached file decrypted by the decryption unit 16.

  The encryption management apparatus 3 includes a mail transmission event information analysis unit 31, an encryption key generation unit 32, a user management table 33, and a mail transmission event recording unit 34 as functions related to the present invention in software and / or hardware. A security level determination unit 35, a network interface 36 that performs data transmission with the terminal 1 via the network 2, and the like are constructed.

  The mail transmission event information analysis unit 31 analyzes the description content of the mail transmission event information sent from the mail transmission side terminal 1a, and sends a destination mail address which is data for identifying the terminal 1b on the mail reception side. Reads the transmission date / time code of the email to be processed. Further, the MAC address of the receiving terminal 1b is read from the mail address and MAC address comparison table registered in the user management table 33 using the read transmission destination mail address, and the encryption key generation unit 32 together with the transmission date code is read. To give. The encryption key generation unit 32 generates an encryption key using a combination of the received transmission date / time code and the MAC address as an encryption key generation type. This encryption key is a secret key, and an appropriate one can be adopted from various known algorithms for generating a secret key. The generated encryption key is transmitted via the network 2 to the terminal 1 that has sent the mail transmission event information. Note that mail transmission event information sent from each terminal 1 is stored in the mail transmission event recording unit 34 as an encryption key management log.

  The security level determination unit 35 determines the attachment file in the terminal 1 based on a predetermined determination condition for each mail address recorded in the user management table 33, that is, referring to the information browsing authority level of each user. In order to stop encryption, it has a function of sending an encryption unnecessary command to the encryption unit 14 of the terminal 1 instead of the encryption key. Judgment conditions are determined by the organizational system operating this system. In this embodiment, however, the security level, which is the authority level of the user who sent the email, is lower than that of the recipient of the email. A determination condition in which an encryption unnecessary command is sent instead of the key is adopted. Instead of such a determination condition, it may be determined that the attached file is not encrypted with respect to all e-mails transmitted from a specific user.

Next, the flow from transmission to reception of an electronic mail with a file attached in the encryption management system configured as shown in FIG. 4 will be described with reference to the functional block diagram of FIG. 5 and the flowchart of FIG.
First, since the first terminal 1a transmits a mail with an attached file (hereinafter referred to as an attached mail) to the second terminal 1b, during the work of creating a mail body by entering a destination address and the like (# 20) Designate a file to be attached (# 21). When the creation of the attached mail is completed, a transmission command is given to the mail transmission unit 13 to request transmission of the attached mail (# 22). This transmission command is intercepted by the mail transmission event information generation unit 17, and the transmission of the attached mail is temporarily interrupted, and the mail transmission event information generation unit 17 generates mail transmission event information (# 23). The generated mail transmission event information is sent to the encryption management device 3 (# 24).

  The cryptographic management device 3 that has received the mail transmission event information from the first terminal 1a analyzes the mail transmission event information by the mail transmission information analysis unit 31, and from there, the necessary data, transmission date / time code (or transmission request date / time) Code), sender email address, and recipient email address are read out (# 30). The security level (authority level) of each user having the read source mail address and the destination mail address is retrieved from the user management table 33, and by comparing these, an attachment file of the attached mail to be transmitted is obtained. On the other hand, an encryption determination is made as to whether encryption should be performed (# 31). When the security level of the transmission source user is higher than the security level of the transmission destination user and the encryption of the attached file is selected, the MAC of the transmission destination terminal 1b extracted from the user management table 33 based on the transmission destination mail address The encryption key generation unit 32 generates an encryption key using the combination of the address and the transmission date code as an encryption key generation type (# 32). The generated encryption key is sent to the first terminal 1a for attachment file encryption (# 33).

  The first terminal 1a that has received the encryption key from the encryption management device 3 encrypts the attached file with the encryption unit 14 using the received encryption key (# 40). When the encryption of the attached file is completed, the mail transmitting unit 13 transmits the attached mail whose transmission has been temporarily interrupted (# 41). If non-encryption of the attached file is selected in the encryption determination at step # 31 in the encryption management apparatus 3, a file encryption unnecessary command is sent to the first terminal 1a (# 34). Upon receiving the file encryption unnecessary command, the first terminal 1a immediately transmits the attached mail whose transmission has been temporarily interrupted (# 41).

  In the second terminal 1b that has received the attached mail from the first terminal 1a (# 50), when an operation by the “save” command or “open” command is requested for the attached file (# 51), It is checked whether or not the requested command operation target attached file is encrypted (# 52). If the attached file is encrypted due to the encryption management device 3, the execution of the operation command is temporarily stopped, and the attached file is transferred to the decryption unit 16 for decryption, and decrypted. The encryption key generation unit 15 is activated (# 53). When the decryption encryption key generation unit 15 is activated, the transmission date code is read from the header of the received e-mail (# 54), and the MAC address of the receiving terminal 1b is extracted from the terminal unique code description unit 19 (# 55). ). The decryption encryption key generation unit 15 generates an encryption key as an encryption key generation seed by combining the obtained transmission date code and the MAC address (# 56). The decryption unit 16 decrypts the attached file using the generated encryption key (# 57). The attached file decrypted by the decryption unit 16 is subjected to processing based on the “Save” command and “Open” command requested previously (# 58). If it is determined in step # 52 that the attached file has not been encrypted due to the encryption management device 3, the requested file operation command is immediately executed (# 58).

[Another embodiment]
In the previous embodiment, the encryption key for decrypting the encrypted attached file was generated by the decryption encryption key generation unit 15 that is always installed in the terminal 1, but in this another embodiment, When encrypting the attached file by the encryption unit 14, an executable decryption encryption key generation file is embedded in the encrypted attached file, and automatically when the encrypted attached file received by the destination terminal 1b is operated. When the decryption encryption key generation decryption file is executed, a decryption encryption key is generated, and the attached file is decrypted using the generated encryption key. In other words, in this alternative embodiment, the decryption encryption key generation unit 15, the terminal unique code description unit 19, and the decryption unit 16 can be executed to generate a decryption encryption key embedded in the encrypted attached file. It is a mechanism that is implemented each time by a file. For this reason, the terminal 1 has the advantage that it is not necessary to mount the fixed decryption encryption key generation unit 15, the terminal unique code description unit 19, and the decryption unit 16 in advance. As a modified example, the executable file incorporated in the encrypted attached file may have only a function of generating a decryption encryption key and giving it to the decryption encryption key generation unit 15. In this case, it is not necessary to mount the fixed decryption encryption key generation unit 15 and the terminal unique code description unit 19 in advance in the terminal 1, and the decryption unit 16 is mounted in advance.

  In the above-described embodiment, the attached file is encrypted to the e-mail. However, the encrypted file should be interpreted in a broad sense, and the cipher management technique according to the present invention is an e-mail main body. It is possible to include various types of data such as a data portion incorporated in the file or a file as data transmitted separately from the electronic mail main body.

Schematic diagram explaining the basic principle of a file encryption management system for managing encryption and decryption of attached mail according to the present invention Explanatory drawing which shows an example of mail transmission event information Explanatory drawing which shows an example of a user management table Functional block diagram of encryption management apparatus and terminal according to the present invention Explanatory drawing explaining the function in the encryption management apparatus and terminal by this invention Flow chart showing the flow of encryption and decryption of attached files

Explanation of symbols

1: Terminal 1a: First terminal (transmission side terminal)
1b: Second terminal (receiving terminal)
2: Network 3: Cryptographic management device 4: Mail server 11: Mail creation unit 12: Mail reception unit 13: Mail transmission unit 14: Encryption unit 15: Decryption unit 16: Decryption encryption key generation unit 17: Mail transmission event Information generation unit 31: Mail transmission event information analysis unit 32: Encryption key generation unit 33: User management table 35: Security level determination unit

Claims (8)

An encryption management device having an encryption key generation unit that generates an encryption key and sends the encryption key to a terminal, and an encryption unit that encrypts a file using the encryption key sent from the encryption management device In a file encryption management system comprising a terminal having a decryption unit for decrypting an encrypted file attached to an e-mail,
The encryption management device is provided with a user management table in which the terminal unique code of each terminal is registered, and before sending an e-mail including a file, the terminal receives a terminal unique code related to this transmission. A mail transmission event information generation unit that generates mail transmission event information including information that can be read from the user management table and sends the information to the encryption management device is provided, and the encryption key generation unit transmits an email including a file. the encryption key is generated as at least one encryption key generating species the destination terminal specific code read from the user management table on the basis of the mail transmission event information received from the terminal that is the, the decoding unit is self Encrypted in an email received using an encryption key created based on the device's unique code File encryption management system characterized by decoding the file.   The email transmission event information includes a transmission date / time code of the email, and the encryption key generation unit uses a combination of the destination terminal specific code and the transmission date / time code as an encryption key generation type to generate an encryption key. The decryption unit decrypts the file using the encryption key generated using the combination of the transmission date / time code read from the received e-mail and the terminal unique code as an encryption key generation seed. The file encryption management system according to claim 1, wherein:   3. The file encryption management system according to claim 1, wherein the transmission destination terminal unique code is a serial number of an OS installed in the terminal.   The encryption key generation unit sends a file encryption unnecessary command to the terminal instead of the encryption key when the security level of the sender of the email is lower than the security level of the recipient of the email. Item 4. The file encryption management system according to any one of Items 1 to 3. Included in the e-mail using the encryption key received from the encryption management device having the user management table in which the terminal unique code of each terminal is registered and the encryption key generation unit that generates the encryption key based on the encryption key generation type In a file encryption management method for a terminal that encrypts a file and decrypts the encrypted file,
Before sending an e-mail containing a file, create a mail transmission event information including information from which a terminal-specific code of a transmission destination relating to this transmission can be read out from the user management table, and send it to the encryption management device. Encrypting the file using the encryption key generated and sent by the encryption management device with the destination terminal unique code read from the management table by sending event information as at least one encryption key generation seed , A file cipher management method, comprising: decrypting an encrypted file included in a received electronic mail using an encryption key created based on its own terminal unique code. Included in the e-mail using the encryption key received from the encryption management device having the user management table in which the terminal unique code of each terminal is registered and the encryption key generation unit that generates the encryption key based on the encryption key generation type In a file cipher management program for a terminal that encrypts a file and decrypts the encrypted file,
A function of creating a mail transmission event information including information from which a terminal-specific code of a transmission destination related to the transmission can be read from the user management table before sending an e-mail including a file to the encryption management apparatus; The file is encrypted using the encryption key generated and sent by the encryption management device with the destination terminal unique code read from the management table as the at least one encryption key generation type by sending the mail transmission event information A file cipher management program that causes a computer to realize a function for converting and a function for decrypting an encrypted file included in received e-mail using an encryption key created based on its own terminal-specific code. Included in the e-mail using the encryption key received from the encryption management device having the user management table in which the terminal unique code of each terminal is registered and the encryption key generation unit that generates the encryption key based on the encryption key generation type In a file encryption management module for a terminal that encrypts a file and decrypts the encrypted file,
Mail transmission event information that creates mail transmission event information including information that can read out the terminal-specific code of the transmission destination relating to this transmission from the user management table before sending the e-mail including the file, and sends it to the encryption management apparatus Using the encryption key generated and sent by the encryption management device with the generation unit and the destination terminal unique code read from the management table by sending the mail transmission event information as at least one encryption key generation type And an encryption unit that encrypts the file, and a decryption unit that decrypts the encrypted file included in the received e-mail using an encryption key created based on its own terminal-specific code. File encryption management module. The information which can read the terminal specific code of the transmission destination included in the mail transmission event information from the user management table is a transmission destination mail address. The cryptographic management system described.

Images