JP4282090B2 - Ticketed closed mail transfer system, method and program - Google Patents

Description

The present invention relates to a ticket-based closed mail transfer system, method, and program, and more particularly, to a ticket-based closed mail transfer system, method, and program capable of sending and receiving e-mail only between members.

In recent years, the spread of electronic mail (hereinafter abbreviated as mail as appropriate) transmitted and received using devices such as personal computers, personal digital assistants, and mobile phones (hereinafter collectively referred to as user terminals) is remarkable. There is. However, a large amount of junk mail is included in transmitted and received e-mails, and there is a reality that a great deal of labor and a large amount of money are spent on the elimination of junk mail. One of the reasons for the increase in spam is that e-mail addresses are generally announced and used. Collected e-mail addresses from vendors are then sent to the collected e-mail addresses at once. A lot of spam mail such as mail may be distributed. Further, the mail address of the trader himself is often misrepresented, and such mass delivery of junk mail reduces the reliability of the electronic mail system and leads to information leakage.

Therefore, in the past, when a high level of confidentiality was required as in an in-house mail system, information leakage was prevented by constructing a virtual private network and sending and receiving e-mail only within that network. At the same time, spam emails from third parties were eliminated. However, the virtual private network has a drawback that it takes a lot of time and money to construct and operate it.

For this reason, even if it is a mail system on the Internet, it is possible to send / receive e-mail without knowing the actual e-mail address of the sender / receiver, and to prevent the third party from sending e-mail Has been proposed (see, for example, Patent Document 1). Such a mail forwarding system refers to the address database and replaces the forwarding email address in the destination header of the received email with the corresponding actual email address, and replaces the actual email address of the sender with the corresponding forwarding email address. By doing so, the actual e-mail address of the sender / receiver can be concealed. In addition, a database for managing permissions is provided, and secret and closed e-mails can be exchanged between members based on the permissions.
JP 2007-233711 A

However, the above-mentioned conventional mail transfer system not only needs to manage e-mail addresses in the address database, but also needs to manage permissions in the permission database, and there is a problem that the mechanism is complicated and the versatility is poor. It was. In particular, the above-mentioned conventional mail transfer system is used for mail transmission / reception between a member and a store in relation to a virtual shopping street on the Internet, and permission is set between arbitrary members. It was not possible to build a closed mail transfer system.

The object of the present invention is to send and receive e-mail without knowing the actual e-mail address (personal e-mail address) of the sender and receiver with a simple mechanism of issuing a ticket to the member in view of the above points. The object is to provide a ticket-based closed mail transfer system in which electronic mail cannot be transmitted from non-members.

Another object of the present invention is a simple mechanism of issuing a ticket to a member, which can send / receive email without knowing the actual email address (personal email address) of the sender / receiver. Is to provide a ticket-based closed mail transfer method that prevents the sending of e-mails.

Furthermore, another object of the present invention is to provide a program for realizing the above-described ticket-based closed mail transfer system.

The ticket-based closed mail transfer system according to claim 1 includes an account database for storing a member's personal mail address and a proxy mail address corresponding to the personal mail address, and a user's personal mail address and proxy mail address. A Web server that provides a user with a ticket, which is an encrypted authentication file, and the personal email address and proxy email address of a member who has acquired the ticket in cooperation with the Web server are registered in the account database. Together with an e-mail address registration means that creates a ticket and passes it to the Web server, and detects whether or not a ticket is attached to the sent e-mail. If no ticket is attached, the e-mail is transferred. Hold and ticket attached Determines whether it is registered in the transmission source mail address and the destination mail address of the destination header of the source header of the electronic mail is the account database as personal mail addresses and proxy e-mail address when the transmission source mail address or destination If the e-mail address is not registered, transfer of the e-mail is suspended, and if the source e-mail address and the destination e-mail address are registered, the personal e-mail address and proxy e-mail address obtained by decrypting the ticket Is registered in the account database, and if the obtained personal email address or proxy email address is not registered, the forwarding of the email is suspended, and the obtained personal email address and proxy email are suspended. The address is registered A mail transfer receiving unit for receiving the transfer of the electronic mail in the case that the personal mail address of the source header of the e-mail received by the mail transfer receiving means to a corresponding proxy mail address, proxy mail address of the destination header A mail address replacing means for deleting the attached ticket, and a mail transfer means for transferring an e-mail to the personal mail address in the destination header replaced by the mail address replacing means. Including a mail transfer server. According to the ticket-based closed mail transfer system according to claim 1, an email for registering a personal email address of a member who is a user who has acquired a ticket as an authentication file and a proxy email address corresponding to the personal email address By providing the address registration means, the user can easily perform member registration independently through the Web server. When it is detected whether or not a ticket is attached to an e-mail sent to the proxy e-mail address. When no ticket is attached, the transfer of the e-mail is suspended and a ticket is attached. By accepting the transfer of the e-mail, the e-mail can be transmitted and received without disclosing the member's actual e-mail address (personal e-mail address) to other members. Also, since e-mails from non-members who are not acquiring tickets and e-mails to non-members are not forwarded, even if a member's proxy e-mail address leaks to a non-member, the non-member will act as a proxy I cannot send e-mail using my e-mail address. Furthermore, by searching for a personal email address stored in the account database using the decrypted personal email address as a key, and if a matching personal email address cannot be found, the forwarding of the email is suspended. It is possible to eliminate the transmission of an e-mail whose source is other than. Furthermore, by using the decrypted proxy email address as a key, the proxy email address stored in the account database is searched, and if the matching proxy email address cannot be searched, the forwarding of the email is suspended, It is possible to eliminate the transfer of an e-mail addressed to a member other than the member.

The ticket-based closed mail transfer system according to claim 2 is the ticket-based closed mail transfer system according to claim 1, wherein the ticket is encrypted with a public key of a public key encryption and a member's personal mail address. Information including the public key encryption part for storing information including the mail address, the public key encryption part encrypted with the shared key of the shared key encryption, the hash value of the member's personal mail address, and the mailer name and version of the member And a shared key encryption part for storing. According to the ticket-based closed mail transfer system according to claim 2, since information including the member's personal email address and proxy email address is encrypted with the public key, it is further encrypted with the shared key . There is an effect that information including the personal mail address and the proxy mail address is not easily decrypted. In particular, since the ticket is not decrypted outside the ticket-based closed mail transfer system and there is no need to leak the shared key to the outside, the shared key should be used secretly inside the ticket-based closed mail transfer system. Can improve confidentiality. Furthermore, since there is no possibility that the public key and the private key will leak out of the ticket-based closed mail transfer system, the confidentiality can be further improved.

The ticket-based closed mail transfer system according to claim 3 is the ticket-based closed mail transfer system according to claim 2, wherein the shared key encryption part is used for hash value of a member's personal mail address, member registration. Including the name of the first sending server, the mailer name and version of the member, and the public key encryption part includes the member's personal email address, the member's proxy email address, and the header portion of the email when the member is registered It is characterized by including the whole sentence. According to the ticket-based closed mail transfer system according to claim 3, the sharing includes the hash value of the member's personal email address, the name of the first transmission server used when registering the member , and the mailer name and version of the member. The key encryption part is separated from the member's personal e-mail address, member's proxy e-mail address, and public key encryption part including the full text of the e-mail header part at the time of member registration. Both safety and safety can be achieved.

The ticket-based closed mail transfer system according to claim 4 is the ticket-based closed mail transfer system according to claim 3, wherein the mail transfer acceptance means is a personal mail address in a sender header of the transmitted electronic mail. the resulting hash value is hashed by the hash function, characterized in that the hash value is compared with the hash value of the personal e-mail address in the ticket decoded by the shared key, to hold the transfer of electronic mail to be matched And According to the ticket-based closed mail transfer system according to claim 4, the hash value of the sender header in the transmitted email is compared with the hash value of the sender header in the ticket decrypted with the shared key, If they do not match, the forwarding of the e-mail is suspended, making it easy to send e-mails by third parties (whether they are members or non-members) who have stolen a member's personal e-mail address And can be eliminated quickly.

The ticket-based closed mail transfer system according to claim 5 is the ticket-based closed mail transfer system according to claim 3 or 4, wherein the mail transfer reception means is a mailer in a sender header of the transmitted electronic mail. name and version, as compared to the mailer name and version of the ticket decoded by the shared key, characterized in that it hold the transfer of electronic mail must match. According to the ticket-based closed mail transfer system according to claim 5, the mailer name and version in the sender header of the transmitted email are compared with the mailer name and version in the ticket decrypted with the shared key, If it does not match, the forwarding of the e-mail is suspended, thereby eliminating the e-mail transmission by a third party (whether a member or non-member) who has stolen the member's personal e-mail address can do.

The ticket-based closed mail transfer system according to claim 6 is the ticket-based closed mail transfer system according to any one of claims 3 to 5, wherein the mail transfer acceptance means and characterized in that the transmitting server name of one second in the source header, compared with the 1 th transmission server name in the ticket decoded by the shared key, to hold the transfer of electronic mail to be matched To do. According to the ticket-based closed mail transfer system according to claim 6, the first transmission server in the ticket decrypted with the first transmission server name and the shared key in the transmission source header of the transmitted electronic mail By comparing names with each other and deferring transfer of the e-mail if they do not match, e-mail transmission using a provider (mail server) or the like different from that at the time of member registration can be eliminated.

Ticketed closed mail forwarding system of claim 7, wherein, in the ticketed closed mail transfer system according to any one of claims 3 to 6, wherein the account database and encrypts the public key encryption section A private key corresponding to the public key is stored, and the mail transfer accepting means decrypts the public key encrypted part in the ticket decrypted with the shared key with the private key, and the source header in the decrypted public key encrypted part Is compared with the full text of the sender header of the transmitted email to verify whether the server path of the email is valid. If the server path is not valid, the email characterized by holding the transfer. According to the ticket-based closed mail transfer system of claim 7, the full text of the sender header in the decrypted public key encryption part is compared with the full text of the sender header of the transmitted email, By verifying whether or not the server path of the email is valid, and if the server path is not valid, the forwarding of the email is suspended, thereby bypassing the server path that is significantly different from the server path at the time of member registration. Can eliminate suspicious email forwarding.

The ticket-based closed mail transfer system according to claim 8 is the ticket-based closed mail transfer system according to any one of claims 1 to 6 , wherein the e-mail address replacing unit sets a proxy mail address in a destination header. Instead of replacing with a corresponding personal mail address, a transfer destination header having the destination mail address as a personal mail address is added to the electronic mail. According to the ticket-based closed mail transfer system according to claim 8, instead of replacing the proxy mail address of the destination header with the corresponding personal mail address, the forwarding header having the destination mail address as the personal mail address is converted into an electronic mail. In addition, the e-mail recipient can perform e-mail filtering using the proxy e-mail address in the destination header.

The ticket-based closed mail transfer method according to claim 9 , wherein the account database includes a member's personal mail address and the personal mail address in the mail transfer method of a mail transfer system comprising an account database, a Web server, and a mail transfer server. storing the corresponding proxy-mail address, the Web server, a ticket is an authentication file which is encrypted include personal mail addresses and proxy mail address of the user to the user, the mail transfer server, the Registering the personal email address and proxy email address of a member who has acquired a ticket in cooperation with the Web server in the account database, creating a ticket and passing it to the Web server, and the transmitted email To Tsu door detects whether it is attached, the ticket is pending the transfer of the e-mail. If it is not attached, the transmission of the transmission based on the header of the e-mail if the ticket is attached based on e-mail It is determined whether the address and the destination email address of the destination header are registered in the account database as a personal email address and a proxy email address. If the source email address or the destination email address is not registered, the email Deferring transfer, if the source email address and destination email address are registered, determine whether the personal email address and proxy email address obtained by decrypting the ticket is registered in the account database, Obtained personal email address or proxy email If the dress is not registered pending the transfer of the e-mail, and a step in the case obtained personal e-mail address and the proxy e-mail address is registered to accept the transfer of the e-mail, accepted electronic Replacing the personal email address of the email sender header with the corresponding proxy email address, replacing the proxy email address of the destination header with the corresponding personal email address, deleting the attached ticket, and the replaced destination header and executes a step of transferring the e-mail to a personal email address. According to the ticket-based closed mail transfer method according to claim 9 , registering a personal email address of a member who is a user who has acquired a ticket as an authentication file and a proxy email address corresponding to the personal email address Thus, the user himself / herself can easily register as a member through the Web server. When it is detected whether or not a ticket is attached to an e-mail sent to the proxy e-mail address. When no ticket is attached, the transfer of the e-mail is suspended and a ticket is attached. By accepting the transfer of the e-mail, the e-mail can be transmitted and received without disclosing the member's actual e-mail address (personal e-mail address) to other members. Also, since e-mails from non-members who are not acquiring tickets and e-mails to non-members are not forwarded, even if a member's proxy e-mail address leaks to a non-member, the non-member will act as a proxy I cannot send e-mail using my e-mail address. Furthermore, by searching for a personal email address stored in the account database using the decrypted personal email address as a key, and if a matching personal email address cannot be found, the forwarding of the email is suspended. It is possible to eliminate the transmission of an e-mail whose source is other than. Furthermore, by using the decrypted proxy email address as a key, the proxy email address stored in the account database is searched, and if the matching proxy email address cannot be searched, the forwarding of the email is suspended, It is possible to eliminate the transfer of an e-mail addressed to a member other than the member.

The ticket-based closed mail transfer method according to claim 10 is the ticket-based closed mail transfer method according to claim 9 , wherein the ticket is encrypted with a public key of a public key encryption and a member's personal mail address and proxy Information including the public key encryption part for storing information including the mail address, the public key encryption part encrypted with the shared key of the shared key encryption, the hash value of the member's personal mail address, and the mailer name and version of the member And a shared key encryption part for storing. According to the ticket-based closed mail transfer method of claim 10, since information including the member's personal email address and proxy email address is encrypted with the public key, it is further encrypted with the shared key . There is an effect that information including the personal mail address and the proxy mail address is not easily decrypted. In particular, since the ticket is not decrypted outside the ticket-based closed mail transfer system and there is no need to leak the shared key to the outside, the shared key should be used secretly inside the ticket-based closed mail transfer system. Can improve confidentiality. Furthermore, since there is no possibility that the public key and the private key will leak out of the ticket-based closed mail transfer system, the confidentiality can be further improved.

Ticketed closed mail transfer method according to claim 11, wherein, in the ticketed closed mail transfer method according to claim 10, wherein the shared key encryption part, the hash value of the personal e-mail address of the member, is used when members of the registration Including the name of the first sending server, the mailer name and version of the member, and the public key encryption part includes the member's personal email address, the member's proxy email address, and the header portion of the email when the member is registered It is characterized by including the whole sentence. According to the ticket-based closed mail transfer method according to claim 11, the sharing including the hash value of the member's personal email address, the first transmission server name used when registering the member , and the mailer name and version of the member The key encryption part is separated from the member's personal e-mail address, member's proxy e-mail address, and public key encryption part including the full text of the e-mail header part at the time of member registration. Both safety and safety can be achieved.

A program according to a twelfth aspect is a program for causing a computer to realize each means of the ticket-based closed mail transfer system according to any one of the first to eighth aspects as a function. According to the program of the twelfth aspect, each unit of the ticket-based closed mail transfer system according to any one of the first to eighth aspects is realized as a function in a computer. It can be easily realized.

Authenticating files to members for the purpose of realizing a mail transfer system in which members can send and receive emails without knowing each other's actual email address (personal email address) and cannot be sent from non-members This is achieved by a simple mechanism of issuing a ticket and sending and receiving the ticket attached to an e-mail.

Hereinafter, a ticket system closed mail transfer system according to an embodiment of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a block diagram illustrating a ticket-based closed mail transfer system 100 according to an embodiment of the present invention. A ticket-based closed mail transfer system 100 according to an embodiment of the present invention includes a Web server 110 that provides a user interface, a mail transfer server 120 that controls the transfer of electronic mail, and an account database 130 that manages member account information. (Corresponding to the mail address storage means of the present invention).

Reference numeral 200 denotes a user terminal such as a user's personal computer, portable information terminal, or mobile phone, and includes a browser 210 for referring to a Web page and a mailer 220 for sending and receiving e-mails. ing. A large number of user terminals 200 are connected to the ticket-based closed mail transfer system 100 via the Internet 300.

The Web server 110 is a server that returns a Web page in response to access from the browser 210 of the user terminal 200, and includes a Web application server function that performs necessary processing. Specifically, when the user accesses the member registration page from the browser 210 of the user terminal 200 and performs a member registration operation, the Web server 110 registers member account information in the account database 130 via the mail transfer server 120. To do.

The mail transfer server 120 is a server that receives an e-mail addressed to a proxy e-mail address and transfers it to a personal e-mail address. The mail transfer server 120 includes an account registration unit 121 (corresponding to the mail address registration unit of the present invention), a mail transfer reception unit 122 (corresponding to the mail transfer reception unit of the present invention), and a mail address replacement unit 123 (of the present invention). And a mail transfer unit 124 (corresponding to the mail transfer means of the present invention).

The account registration unit 121 is a part that registers and manages member account information in the account database 130 in accordance with instructions from the Web server 110. The account registration unit 121 can use, for example, RSA (Rivest, Shamir, Adleman) cipher as public key cipher that encrypts the public key cipher part 141 (see FIG. 7). Further, the account registration unit 121 can use, for example, DES (Data Encryption Standard) encryption as the shared key encryption for encrypting the shared key encryption portion 142 (see FIG. 7) including the public key encryption portion 141.

The mail transfer acceptance unit 122 is a part that determines whether or not to transmit the transmitted electronic mail, accepts the electronic mail to be transferred, and holds the transfer if the electronic mail is not to be transferred.

The mail address replacement unit 123 replaces the sender mail address of the sender header (from header: see FIG. 9) of the electronic mail accepted as to be forwarded with the proxy mail address, and converts the personal mail address to the destination mail address. This is a part to which a transfer destination header (Derived-To header: see FIG. 9) is added. The mail address replacement unit 123 is also a part that deletes the ticket 140 attached to the e-mail.

The mail transfer unit 124 is a part that transfers an e-mail to a transfer destination based on the transfer destination mail address of the transfer destination header.

FIG. 2 is a diagram illustrating a creation screen for a member ID (Identification) displayed by the browser 210 of the user terminal 200 when accessing the Web server 110. In this embodiment, it is assumed that the mail transfer server 120 has a domain name “dairi.jp”. For example, the proxy email address “taro@dairi.jp” corresponding to the member's personal email address “taro@nif.ne.jp” has the member ID “taro” and the domain name “daiiri.jp” of the mail transfer server 120. Are connected by “@”. Although an example in which one proxy email address is provided for each member will be described here, a plurality of proxy email addresses may be provided for each member. For example, a plurality of proxy e-mail addresses may be provided for a personal computer e-mail address, a mobile phone e-mail address, and the like. When the member ID is entered in the member ID column on the management ID creation screen and the “confirm ID that can be used” icon is clicked, it can be confirmed whether or not the input member ID can be used. A personal mail address corresponding to the proxy mail address is also entered in the “personal mail address” field. When the “registration” icon is clicked after the member ID and personal e-mail address are entered, the account information of the member is registered.

FIG. 3 is a diagram illustrating an image authentication screen displayed by the browser 210 of the user terminal 200 at the time of member registration. Here, the character string displayed in the “image” field is read and input in the “character input” field. The password that the member wishes to use in the system is also entered in the “Enter Password” field. After entering the character and password, click the “Authentication” icon to authenticate.

FIG. 4 is a diagram illustrating an e-mail that prompts the user to download a ticket displayed by the mailer 220 of the user terminal 200 at the time of member registration. Here, it is informed that a new proxy email address “taro@dairi.jp” has been created, and is urged to download the ticket 140 from the download site “http://mail.dairi.com/”.

FIG. 5 is a diagram illustrating a screen for downloading the ticket 140. Here, the user is prompted to download the ticket 140 of the new proxy email address “taro@dairi.jp”, and when the “download” icon is clicked, the ticket 140 is downloaded.

The account database 130 is a database for registering and managing account information of each member, and stores a personal mail address and a proxy mail address in association with each other using the member ID as a main key. Specifically, referring to FIG. 6, each account information in the account database 130 includes a member ID that is a unique identifier for a member, a personal email address that is an actual email address of the member, a proxy email address of the member, It includes the full text of the header part of the e-mail at the time of registration (hereinafter referred to as the registration time header part as appropriate), a password, and a secret key for public key encryption.

FIG. 7 shows an example of the structure of the ticket 140. The ticket 140 of this example is a mail transfer key item including a public key encryption part 141 that stores important information encrypted with a public key of a public key encryption, and a public key encryption part 141 encrypted with a shared key. And a shared key encryption part 142 for storing. Specifically, the public key encryption portion 141 includes a member's personal email address, a member's proxy email address, and the full text of the header portion of the email at the time of registration (a header portion at the time of registration). , The public key encryption part 141, the hash value of the member's personal mail address, the name of the first transmission server used at the time of registration, and the mailer name and version of the member. In addition, by including a plurality of public key encryption parts 141 in the shared key encryption part 142 of the ticket 140, it is possible to cope with a case where a plurality of ticket-based closed mail transfer systems 100 cooperate to develop a service. is there.

FIG. 8 is a flowchart illustrating the processing procedure of the ticket-based closed mail transfer system 100.

FIG. 9 is a diagram for explaining the transition of the header content of the mail address in the ticket-based closed mail transfer system 100.

Next, the operation of the ticket-based closed mail transfer system 100 according to this embodiment configured as described above will be described.

<Member registration process>
In order to send an e-mail while concealing a personal mail address using the ticket-based closed mail transfer system 100, the user needs to register as a member in advance in the ticket-based closed mail transfer system 100. That is, it is necessary to obtain the proxy mail address and the ticket 140 from the ticket-based closed mail transfer system 100 in advance. In order to acquire the proxy mail address and the ticket 140, at least one real mail address (personal mail address) owned by the member must be prepared. The personal e-mail address is preferably a reliable account issued by a commercial provider for a fee. It is assumed that a general user can register as a member free of charge and obtain a proxy email address. Hereinafter, referring to FIG. 1 to FIG. 7, a case where Taro (personal mail address “taro@nif.ne.jp”, proxy mail address “taro@dairi.jp”) is registered as a member will be specifically described as an example. explain.

Mr. Taro accesses the Web server 110 of the ticket-based closed mail transfer system 100 from the browser 210 of the user terminal 200 in order to register as a member in the ticket-based closed mail transfer system 100.

Then, the Web server 110 transmits a “member ID creation” screen (see FIG. 2) to the browser 210 of Taro's user terminal 200.

When the “Create Member ID” screen (see FIG. 2) is displayed on the browser 210, Taro enters the desired member ID “taro” in the member ID field and clicks the “Confirm Useable ID” icon. By doing this, it is confirmed whether or not “taro” is a usable member ID. The domain name “dairi.jp” can also be selectively changed. If “taro” is a member ID that can be used, Mr. Taro will enter the personal email address “taro@nif.ne.jp” to be used in association with the proxy email address “taro@dairi.jp” in the personal email address field. Enter and click the "Register" icon.

Then, the mailer 220 creates a member registration email with the transmission email address as the personal email address “taro@nif.ne.jp” and the proxy email address “taro@dairi.jp” as the destination email address, and this member registration. The mail is transmitted to the mail transfer server 120. As a result, the personal mail address “taro@nif.ne.jp”, which is the sender mail address of the member registration mail, and the proxy mail address “taro@dairi.jp” are linked.

When the member registration mail is received via the mail transfer server 120, the Web server 110 instructs the mail transfer server 120 to register the account information based on the member registration mail.

In response to the instruction from the Web server 110, the mail transfer server 120 creates an account information entry with the member ID “taro” in the account database 130 by the account registration unit 121, the member ID “taro”, and the personal mail address “taro”. @ Nif.ne.jp ”, the proxy mail address“ taro@dairi.jp ”, and the full text of the header part of the member registration mail (the header part at the time of registration) are registered.

When registration of the member ID and the like by the account registration unit 121 of the mail transfer server 120 is completed, the Web server 110 transmits an “image authentication” screen (see FIG. 3) to the browser 210 of the user terminal 200 of Taro.

When the “image authentication” screen (see FIG. 3) is displayed on the browser 210, Taro reads the character string of the image displayed in the “image” field, and reads the corresponding image authentication character string, for example, “BJJ6JCXT”. Enter the text in the "Enter text" field, enter the "Password you want to use in the system" in the "Enter password" field, and click the "Authentication" icon.

The mailer 220 then creates an authentication email with the proxy email address “taro@dairi.jp” as the destination email address and the subject or body text containing the image authentication character string “BJJ6JCXT”, “the desired password to be used in the system”, etc. The authentication mail is transmitted to the mail transfer server 120.

When the authentication mail is received via the mail transfer server 120, the Web server 110 is the same as the user who is accessing the Web server 110 by the user of the authentication mail based on the image authentication character string “BJJ6JCXT” of the received authentication mail. It authenticates whether it is. If authenticated as the same user, the Web server 110 instructs the mail transfer server 120 to register a password.

In response to an instruction from the Web server, the mail transfer server 120 prepares a secret key and a public key for public key encryption by the account registration unit 121, and uses the public key for the member's personal email address, member proxy email address, electronic Encapsulate and encrypt important information such as a header part at the time of e-mail registration to generate a public key encryption part 141, and store a password and a secret key in the account database 130 together with other account information etc. have). The public key is discarded because it is no longer necessary after encryption. Further, since the private key is concealed within the mail transfer server 120 and does not flow out of the mail transfer server 120, it is extremely difficult to decrypt the public key encryption part 141.

Further, the mail transfer server 120 includes the public key encryption part 141 and the less important mail transfer key items (the hash value of the member's personal mail address, the first transmission server name at the time of registration, the member's mailer name and version). ) And is encrypted using a shared key encryption shared key to create a shared key encryption part 142, which is passed to the Web server 110 as a ticket 140. Since the shared key is stored in the ticket-based closed mail transfer system 100 and is not delivered to the user terminal 200, the shared key encryption 142 of the ticket 140 is illegally decrypted outside the ticket-based closed mail transfer system 100. There is almost no fear.

The Web server 110 creates a download page for the ticket 140 (see FIG. 5), and returns the page address “http://mail.dairi.com/” of the download page to the mail transfer server 120.

The mail transfer server 120 includes an e-mail including a proxy mail address “taro@dairi.jp” and a page address “http://mail.dairi.com/” of the download page received from the Web server 110 as a hyperlink (FIG. 4). Reference) and return to the user terminal 200.

In the user terminal 200, the mailer 220 receives an email (see FIG. 4) including a proxy email address “taro@dairi.jp” and a download page address “http://mail.dairi.com/” as hyperlinks. Receive.

When the mailer 220 receives an e-mail (see FIG. 4), the user accesses a designated “page address download” screen (see FIG. 5) by clicking a hyperlink described in the received e-mail. To do.

Then, the Web server 110 transmits a “page address download” screen (see FIG. 5) to the browser 210 of the user terminal 200 of Taro.

When the “download page address” screen (see FIG. 5) is displayed on the browser 210, the user downloads the ticket 140 by clicking the “download” icon. The downloaded ticket 140 is incorporated into the mailer 220 together with the add-in program. Thus, when an e-mail addressed to the proxy e-mail address is created using the mailer 220, the ticket 140 is automatically attached to the e-mail.

Thus, a series of member registration processes from the acquisition of the proxy email address “taro@dairi.jp” to the acquisition of the ticket 140 is completed.

In the above description of the member registration process, the case where Taro obtains the proxy email address “taro@dairi.jp” has been described as an example, but Hanako (personal email address: hanako@son.ne.jp) It goes without saying that the same operation is performed when the proxy mail address “hanako@dairi.jp” is acquired.

As a result, the account information of the member IDs “taro” and “hanako” is registered in the account database 130 as shown in FIG.

The member can freely change the personal e-mail address once registered by using an account information management Web page (not shown). For this reason, members can freely change their personal e-mail address without changing their e-mail address in appearance, so long as they do not disclose their e-mail address to the general public but only the proxy e-mail address. It becomes possible to do. If the personal e-mail address can be changed freely, for example, if there is an existing provider in the moving apartment, and the resident can obtain an e-mail account for free or at a low price, the conventional provider The e-mail address of the apartment can be discarded, and the e-mail address of the existing provider of the apartment itself can be changed to a personal e-mail address to make the provider's fee free or cheap. Even in this case, it is not necessary to change the public proxy email address, and it is not necessary to notify the sender who sends the email using the proxy email address as the destination email address. In addition, in mobile number portability of mobile phones, it is generally not possible to carry the mail address of the mobile phone carrier before the change as the email address of another mobile phone carrier after the change. By applying this ticket system closed mail transfer system, the member can change the secret personal mail address without changing the public proxy mail address. Also in this case, there is no need to change the public proxy email address, and it is not necessary to notify the sender who sends the email using the proxy email address as the destination email address.

<Mail forwarding process>
A member who has acquired the ticket 140 can use the ticket-based closed mail transfer system 100 to send an e-mail to another member's proxy e-mail address. Here, referring to FIG. 8 and FIG. 9, using the ticket-based closed mail transfer system 100 having the domain name “dairi.jp”, Mr. Taro (personal mail address: taro@nif.ne.jp, proxy) Consider a case where an e-mail address is sent to Hanako (personal e-mail address: hanako@son.ne.jp, proxy e-mail address: hanako@dairi.jp).

When Taro creates an email using the mailer 220 of the user terminal 200 and sends it to Hanako, the sender email address in the sender header (from header) of the email is as shown in FIG. , Taro @ nif. ne. jp, and the destination mail address in the destination header (to header) is hanako @ dairi. jp. The mailer 220 automatically attaches the acquired ticket 140 to the e-mail. Note that the ticket 140, which is an authentication file, can be hidden as a security file so that it cannot be seen directly from the mailer 220.

When Taro sends an e-mail from the mailer 220 of the user terminal 200, the ticket-based closed mail transfer system 100 passes through Taro's first transmission server (domain name “nif.ne.jp”) (not shown). An e-mail is transmitted to the mail transfer server 120.

When the mail transfer server 120 receives the e-mail (S100 in FIG. 8), the mail transfer reception unit 122 determines whether the ticket 140 is attached to the e-mail (S101 in FIG. 8). If the ticket 140 is not attached to the e-mail (S101 of FIG. 8: No), the mail transfer accepting unit 122 is an e-mail transmitted to the domain name “@ dairi.jp” of the mail transfer server 120. Also, it is determined that the electronic mail has not been transmitted from the member, and the transfer of the electronic mail is suspended (rejected) (S117 in FIG. 8).

If the ticket 140 is attached to the e-mail (S101 in FIG. 8: Yes), the e-mail transfer accepting unit 122 uses the e-mail transmission source e-mail address “taro@nif.ne.jp” as a key to store the account database 130. A search is performed to determine whether a matching personal mail address is registered (S102 in FIG. 8). If the personal mail address matching the transmission source mail address “taro@nif.ne.jp” is not registered (S102: No in FIG. 8), it is not the electronic mail transmitted from the member. 122 suspends (rejects) the transfer of the e-mail (S117 in FIG. 8).

If a personal mail address matching the transmission source mail address “taro@nif.ne.jp” is registered (S102: Yes in FIG. 8), the mail transfer reception unit 122 will send the e-mail destination mail address “hanako @ The account database 130 is searched using “dairi.jp” as a key to determine whether or not a matching proxy mail address is registered (S103 in FIG. 8). If the proxy email address that matches the destination email address “hanako@dairi.jp” is not registered (S103: No in FIG. 8), it is not an email to be sent to the member. Is suspended (rejected) (S117 in FIG. 8).

If the proxy email address that matches the destination email address “hanako@dairi.jp” is registered (S103: Yes in FIG. 8), the email transfer acceptance unit 122 uses the ticket-based closed email transfer system 100 to store the ticket 140. Decryption is performed using the stored shared key (S104 in FIG. 8).

Next, the mail transfer accepting unit 122 obtains a hash value (a) by hashing the source mail address of the electronic mail with a specific hash function (S105 in FIG. 8).

Subsequently, the mail transfer acceptance unit 122 hashes the hash value a obtained by hashing the e-mail source mail address with a specific hash function, and the hash value a of the personal mail address in the ticket 140 decrypted with the shared key. Are compared (S106 in FIG. 8). If the hash values a do not match (S106 of FIG. 8: No), the e-mail is not from the e-mail address of the user who acquired the correct ticket 140, so the e-mail transfer acceptance unit 122 suspends e-mail transfer. (Reject) (S117 in FIG. 8).

If the hash values a match (S106 in FIG. 8: Yes), the mail transfer acceptance unit 122 sends the mailer name and version in the e-mail sender header and the mailer name in the ticket 140 decrypted with the shared key. And the version are compared (S107 in FIG. 8). If the mailer name and version do not match (S107: No in FIG. 8), it is an email sent from the mailer 220 having a different mailer name and version from that at the time of member registration. The mail transfer is suspended (rejected) (S117 in FIG. 8).

If the mailer name and version match (S107 in FIG. 8: Yes), the mail transfer accepting unit 122 sets the first transmission server name “nif.ne.jp” in the transmission source header of the e-mail, The first transmission server name in the ticket 140 decrypted with the shared key is compared (S108 in FIG. 8). If the first transmission server name does not match (S108: No in FIG. 8), the mail transfer accepting unit 122 uses an e-mail transmitted via a provider (mail server) different from that at the time of member registration. It is determined that there is, and the transfer of the electronic mail is suspended (rejected) (S117 in FIG. 8).

If the first transmission server name matches (S108 in FIG. 8: Yes), the mail transfer acceptance unit 122 uses the public key encryption unit 141 with the secret key registered in the member entry information of the account database 130. Decryption is performed (S109 in FIG. 8), and the account database 130 is searched using the decrypted personal mail address “taro@nif.ne.jp” in the public key encryption unit 141 as a key (S110 in FIG. 8). If the same personal e-mail address is not registered (S110 in FIG. 8: No), the e-mail is transferred to a proxy e-mail address other than the member, so the e-mail transfer acceptance unit 122 holds the e-mail transfer on hold ( (Reject) (S117 in FIG. 8).

If the same personal e-mail address “taro@nif.ne.jp” is registered (S110: Yes in FIG. 8), the e-mail transfer accepting unit 122 transmits the proxy e-mail address “decrypted in the public key encryption unit 141” The account database 130 is searched using “taro@dairi.jp” as a key (S111 in FIG. 8). If the same proxy e-mail address is not registered (S111: No in FIG. 8), the non-member ticket 140 is attached to the e-mail, so the e-mail transfer accepting unit 122 transfers the e-mail. It is suspended (rejected) (S117 in FIG. 8).

If the same proxy e-mail address is registered (S111: Yes in FIG. 8), the mail transfer accepting unit 122 includes the server path in the e-mail source header and the public key encryption unit 141 decrypted with the private key. The registration header portion (including the server route) is checked to determine whether the server route is valid (S112 in FIG. 8). If the server route is significantly different and not valid (S112 in FIG. 8: No), there is a high possibility of spam, and the mail transfer acceptance unit 122 suspends (rejects) the email (see FIG. 8). 8 S117).

If the server path is not significantly different and appropriate (S112 in FIG. 8: Yes), the mail address replacement unit 123, as shown in FIG. 9, sends the sender mail address of the sender header (from header) of the email. Is rewritten from the personal mail address “taro@nif.ne.jp” to the corresponding proxy mail address “taro@dairi.jp” in the account database 130 (S113 in FIG. 8), and the forwarding mail address is the proxy that is the destination mail address. A forwarding header (Delivered-To) having a personal mail address “hanako@son.ne.jp” in the account database 130 corresponding to the mail address “hanako@dairi.jp” is added (S114 in FIG. 8). The proxy mail address “hanako@dairi.jp” of the destination header (to header) is left behind because the mailer 220 of Hanako's user terminal 200 that received the email is the proxy mail address of the destination header (to header). This is because filtering etc. can be performed using “hanako@dairi.jp”. Instead of adding a forwarding header with the destination email address as the personal email address “hanako@son.ne.jp”, the proxy email address “hanako@dairi.jp” of the destination header is associated with the corresponding personal email address “hanako”. @ Son.ne.jp "may be substituted.

Next, the e-mail address replacing unit 123 deletes the ticket 140 attached to the e-mail (S115 in FIG. 8). The reason for deleting the ticket 140 is to conceal the ticket 140 issued to the e-mail transmission source member so as not to be abused by the e-mail transfer destination member.

Finally, the mail transfer unit 124 transfers the e-mail to the transfer destination mail address “hanako@son.ne.jp” (S116 in FIG. 8).

The e-mail transferred from the mail transfer server 120 to the transfer destination mail address “hanako@son.ne.jp” is sent to Hanako via Hanako's mail server (domain name “son.ne.jp”) (not shown). Received by the mailer 220 of the user terminal 120. When the e-mail arrives at mailer 220 of Hanako's user terminal 200, the sender email address in the sender header (from header) is Taro's proxy email address “taro@dairi.jp”, and the destination header (to The destination email address in the header) is Hanako's proxy email address “hanako@dairi.jp”, and the forwarding email address in the forwarding header (Derived-To header) is Hanako ’s personal email address “hanako @ son”. .Ne.jp ". Since the sender email address is Taro's proxy email address “taro@dairi.jp”, Hanako cannot know Taro's personal email address “taro@nif.ne.jp”. Further, since Taro's ticket 140 is not attached to the received mail, Hanako's ticket 140 is not likely to be misused by Hanako or the like.

Here, the case where an e-mail is transmitted from Mr. Taro to Mr. Hanako has been described as an example, but it goes without saying that the same processing is performed when an e-mail is transmitted from Mr. Hanako to Mr. Taro.

The above is the basic operation of the ticket-based closed mail transfer system 100 according to the present embodiment.

By the way, if it is a sender (special member) who has obtained a prior permission from the ticket-based closed mail transfer system 100 according to the present embodiment, an e-mail (for example, an advertisement) with the contents of a sender header (From header) registered in advance. It may be possible to perform a special operation such that a large amount of (mail) is simultaneously delivered to a member's proxy email address. In this way, the ticket-based closed mail transfer system 100 according to the present embodiment is applied to an advertisement distribution business in which a special member is rated and a usage fee is collected according to the rating of the special member (advertiser). be able to. Even in this case, it is desirable not to perform mail transfer operations other than basic operations and special operations.

The ticket-based closed mail transfer system 100 according to the present embodiment constructs a closed mail transfer system in a form included in a conventional mail system, and is inconsistent with the conventional mail system. It is not a thing. Therefore, it goes without saying that transmission / reception of electronic mails between individual mail addresses between members and between members and non-members is not prohibited.

According to the ticket-based closed mail transfer system 100 according to the present embodiment, when a general user registers as a member, the members can safely exchange e-mails. Members can use their proxy email address to send emails to other members in a concealed manner, so members must publish only their proxy email address without releasing their personal email address. This allows members to exchange emails with confidence without knowing each other's personal email addresses.

In addition, according to the ticket-based closed mail transfer system 100 according to the present embodiment, since both the sender and the receiver have to register as members, only those who have registered as members can use them in a limited manner. It is possible to construct a mail network only with good members by blocking members from sending and receiving e-mails. For example, the ticket-based closed mail transfer system 100 that can be used only by registered company persons can be easily constructed without using a virtual private network or the like.

Furthermore, according to the ticket-based closed mail transfer system 100 according to the present embodiment, if the personal mail address is concealed, the unlicensed trader has no meaning to deliver the advertisement mail, greatly reducing the spam mail. be able to. Further, when advertising mail to members is granted to non-members, it is possible to surely eliminate traders that send spam mails by examining the distributors of the advertisement mail. For this reason, it is possible to greatly reduce the labor and cost of the entire mail system that is required to eliminate spam mail.

It should be noted that only 100% reliable information should be sent to e-mails from proxy e-mail addresses, but if there are suspicious e-mails from proxy e-mail addresses, the ticket system is closed It is also possible to notify the operating service company of the mail transfer system 100 and eliminate it.

As mentioned above, although the Example of this invention was described, this is only an illustration, this invention is not limited to this, Based on the knowledge of those skilled in the art, unless it deviates from the meaning of a claim Various changes are possible.

For example, the present invention is not limited to the use of a ticket-based closed mail transfer system alone, but a membership-based community such as a virtual shopping street on the Internet, an auction system, a mail order system, a social networking service (SNS), and the like. It can be additionally applied to similar services on the Internet.

The block diagram which shows the structure of the ticket system closure type mail transfer system of this invention. The figure which illustrates the creation screen of member ID. The figure which illustrates the screen of image authentication. The figure which illustrates the email which prompts the download of a ticket. The figure which illustrates the screen of ticket download. The figure which illustrates the contents of an account database. The figure explaining the relationship between the public key encryption part of a ticket, and a shared key encryption part. The flowchart which illustrates the process in a mail transfer server. The figure which illustrates the transition of the header content of an e-mail address.

Explanation of symbols

100 Ticket-based closed mail transfer system 110 Web server 120 Mail transfer server 121 Account registration unit (mail address registration means)
122 Mail transfer acceptance section (Mail transfer acceptance means)
123 Mail address replacement part (Mail address replacement means)
124 Mail forwarding part (mail forwarding means)
130 Account database (mail address storage means)
200 User terminal 210 Browser 220 Mailer 300 Internet

Claims (12)

An account database for storing a member's personal email address and a proxy email address corresponding to the personal email address;
A web server that provides the user with a ticket that is an encrypted authentication file including the user's personal email address and proxy email address;
E-mail address registering means for registering a member's personal e-mail address and proxy e-mail address of a user who has acquired a ticket in cooperation with the Web server in the account database and creating a ticket and passing it to the Web server; Whether or not a ticket is attached to the received e-mail. If no ticket is attached, the transfer of the e-mail is suspended, and if a ticket is attached , the sender header of the e-mail It is determined whether the sender email address and the recipient email address in the recipient header are registered as the personal email address and the proxy email address in the account database, and if the sender email address or the recipient email address is not registered Hold transfer of the email When the sender email address and the destination email address are registered, it is determined whether the personal email address and proxy email address obtained by decrypting the ticket are registered in the account database, and the obtained individual If the e-mail address or proxy e-mail address is not registered, the e-mail transfer is suspended. If the obtained personal e-mail address and proxy e-mail address are registered, the e-mail transfer accepts the e-mail transfer. Replacing the personal mail address of the sender header of the e-mail received by the receiving means and the mail transfer receiving means with the corresponding proxy mail address, replacing the proxy mail address of the destination header with the corresponding personal mail address, and attached To delete a ticket Ticketed closed mail forwarding system characterized by comprising: a dress substituting means, and the mail transfer server and a mail transfer means for transferring e-mail to a personal email address of the destination header substituted by the email address replacement means . A public key encryption part for storing information including a member's personal email address and proxy email address encrypted with a public key of the public key encryption, and the public key encrypted with the shared key of the shared key encryption 2. The ticket-based closed mail transfer system according to claim 1, comprising an encryption part , a hash value of a member's personal mail address, and a shared key encryption part for storing information including a member's mailer name and version . The shared key encryption part includes the hash value of the member's personal email address, the first transmission server name used when registering the member , and the member's mailer name and version. 3. The ticket-based closed mail transfer system according to claim 2, comprising a personal mail address, a member's proxy mail address, and a full text of a header portion of an e-mail at the time of member registration. The mail transfer accepting unit hashes a personal mail address in the transmission source header of the transmitted electronic mail with a hash function to obtain a hash value, and the personal mail address in the ticket obtained by decrypting the hash value with the shared key 4. The ticket-based closed mail transfer system according to claim 3, wherein the electronic mail is suspended if it does not match with the hash value of. The mail transfer acceptance means compares the mailer name and version in the sender header of the transmitted email with the mailer name and version in the ticket decrypted with the shared key. The ticket-based closed mail transfer system according to claim 3 or 4, wherein the transfer is suspended. The mail transfer acceptance means compares the first transmission server name in the transmission source header of the transmitted electronic mail with the first transmission server name in the ticket decrypted with the shared key, and matches. 6. The ticket-based closed mail transfer system according to claim 3, wherein if not, the transfer of the electronic mail is suspended. The account database stores a secret key corresponding to the public key obtained by encrypting the public key encryption part, and the mail transfer accepting unit uses the secret key to convert the public key encryption part in the ticket decrypted with the shared key. Deciphering and comparing the full text of the source header in the decrypted public key encryption part with the full text of the source header of the sent e-mail, to determine whether the server path of the e-mail is valid verified, ticketed closed mail transfer system according to any one of claims 3 to 6 suspends the transfer of the electronic mail if not reasonable server route. The email address substitution means, instead of replacing a proxy mail address of the destination header in the corresponding personal mail addresses, one of the claims 1 to 6 to add a forwarding header to private email address destination mail address to the e-mail The ticket-based closed mail transfer system according to claim 1. In a mail transfer method of a mail transfer system including an account database, a Web server, and a mail transfer server,
The account database stores a member's personal email address and a proxy email address corresponding to the personal email address;
The Web server provides the user with a ticket that is an encrypted authentication file including the user's personal email address and proxy email address;
The mail transfer server registers the personal email address and proxy email address of a member who has acquired a ticket in cooperation with the web server in the account database and creates a ticket and passes it to the web server; , to detect whether or not the ticket is attached to the sent e-mail, the ticket is pending the transfer of the e-mail in the case that has not been attached, case of the e-mail is that the ticket is attached It is determined whether the source email address of the source header and the destination email address of the destination header are registered as the personal email address and proxy email address in the account database, and the sender email address or the destination email address is not registered. In the case of the email Determine whether or not the personal email address and proxy email address obtained by decrypting the ticket are registered in the account database when the sending email address and the destination email address are registered, When the obtained personal email address or proxy email address is not registered, the transfer of the email is suspended, and when the obtained personal email address and proxy email address are registered, the email is forwarded. And the received e-mail sender header personal email address is replaced with the corresponding proxy email address, the destination header proxy email address is replaced with the corresponding personal email address, and the attached ticket is deleted And the replaced destination header Ticketed closed mail transfer method which is characterized in that and a step to forward e-mail to people who e-mail address. A public key encryption part for storing information including a member's personal email address and proxy email address encrypted with a public key of the public key encryption, and the public key encrypted with the shared key of the shared key encryption 10. The ticket-based closed mail transfer method according to claim 9 , comprising an encryption part , a hash value of a member's personal mail address, and a shared key encryption part for storing information including a member's mailer name and version . The shared key encryption part includes the hash value of the member's personal email address, the first transmission server name used when registering the member , and the member's mailer name and version. The ticket-based closed mail transfer method according to claim 10 , comprising a personal mail address, a member's proxy mail address, and the full text of the header part of the email at the time of member registration. A program for causing a computer to realize each means of the ticket-based closed mail transfer system according to any one of claims 1 to 8 as a function.

Images