JP6042104B2 - E-mail transmission device and e-mail transmission method - Google Patents

Description

  The present invention relates to an e-mail transmission apparatus and an e-mail transmission method, and more particularly to an e-mail transmission apparatus and an e-mail transmission method that can appropriately limit information to be transmitted by e-mail.

  With the spread of the Internet, the transmission and reception of data using e-mail has increased dramatically. By using e-mail, the convenience of the user is increased, but various risks are likely to occur. For example, when a file is attached to an e-mail and transmitted, the file may contain confidential information that is permitted to be disclosed only to some parties. Inadvertently sending a file attached to an e-mail can spread confidential information. In order to avoid such a risk, there is a technology for safely exchanging e-mails.

  As a simple method that is widely used in general, an e-mail sender sets a password in a file to be attached before transmission. Alternatively, there is a method of encrypting and transmitting a file or an e-mail itself (see, for example, Patent Document 1).

JP 2011-107917 A

  However, in any of the above methods, every time an e-mail is transmitted, it is necessary to set a password for the e-mail or the attached file or perform encryption, which is troublesome. However, if you send a file containing information that is not permitted to be disclosed to a person other than the designated person, you will not be allowed to disclose such e-mail if you forgot to enter or encrypt the password. If you send it to an outsider, there is no way to retrieve the file.

  No matter how important information is, once it is received as an attached file, it is easy to copy it. Therefore, sending a file containing important information attached to an e-mail has a risk that the important information can easily reach anyone. On the other hand, if you set a password in an e-mail or an attached file for anyone, or send it with encryption, even if it is a legitimate recipient of the e-mail, you can enter the password at any time or release the encryption There is a problem that the work such as doing becomes necessary, and the convenience is lowered. Or you may want to avoid unnecessarily spreading a file, even if it is not confidential. For example, if the file is in the process of being created, you do not want to show too many people the draft level.

  Even within the same company, there are cases where people who are allowed to receive attached files are different, such as who is involved in the information contained in the file and who is not allowed to disclose it. is there.

  The present invention has been made in view of the above-mentioned problems, and when transmitting a file attached to an e-mail, it is permitted to disclose it while maintaining convenience and appropriately limiting information to be transmitted. It is an object of the present invention to provide an e-mail transmission apparatus and an e-mail transmission method capable of preventing information from spreading to outsiders who are not.

  In order to solve the above problems, the e-mail transmission apparatus of the present invention provides the following solution.

(1) When receiving a request to transmit e-mail including the destination, the an electronic mail transmitter for transmitting the e-mail to the destination, it is determined whether or not contain attachments to a transmission request of the email , When it is determined that the attached file is included, a security setting unit that automatically sets security of the attached file according to the security level of the destination, and according to the automatically set security, A file transmission unit is included , which transmits an actual file or an alias, which is link information to the actual file, by distinguishing whether the destination is within a group or outside the group .

According to such a configuration, each time an e-mail is transmitted, if it is determined that a file attachment is included in the e-mail transmission request from the user, the file transmission unit attaches according to the security level of the destination. The security level of the file is automatically set, and an alias that is link information to the actual file or the actual file of the attached file is transmitted depending on whether the destination is within the group or outside the group. Therefore, outsiders who are not allowed to disclose by attaching the file to the e-mail while maintaining convenience and appropriately limiting the information to be transmitted depending on whether it is within the group or outside the group It is possible to prevent information from being diffused.

(2) The image processing apparatus further includes a file storage unit that stores a file prepared in advance as the attachment file and an attachment file newly registered each time an e-mail is transmitted .

(3) The e-mail transmission device includes a security level information table that stores information on security levels of all registered destinations, and the security level information table includes domain names of organizations that participate in the intranet and extranet. , FQDN (Fully Qualified Domain Name), and a security level for each department of the organization are stored.

  In the present invention, as a method for sending a file by e-mail, an actual file sending method for sending a real file as an attached file, and link information (hereinafter referred to as “alias”) that can refer to the real file instead of the real file. ) Only in the body of the e-mail, and an alias transmission method is adopted in which the recipient can refer to the file or download it if necessary. Therefore, in this specification, “send attached file” means to send information other than the body of the e-mail as a result, and not only the well-known real file sending method but also the alias. A transmission method is also included.

  According to such a configuration, the file transmission unit, instead of transmitting the actual file, link information for the file specified by the transmission request from among the files stored in the file storage unit (file DB 3081 described later). Can only send. In addition, access to the file in the file storage unit can be permitted or not permitted according to the security level associated with the destination. Therefore, even if an alias is attached to an e-mail instead of an actual file, the information is spread to outsiders who are not permitted to disclose it while maintaining convenience and appropriately limiting the information to be transmitted. Can be prevented. Also, even if there is no confidentiality, sending an alias instead of a real file may cause the draft to spread unnecessarily to many people if the real file is a draft, for example. Can be prevented. This is because it is difficult to convey the correction contents to all of the distributors and transferers from the distributors after the actual file has spread.

(4) When it becomes necessary to register a new destination or a new attached file, a screen for prompting input of information necessary for registration is displayed to accept input information from the user, or correction of registered contents, It further includes a management unit that receives a request from a system administrator such as deletion.

  Further, the above e-mail transmission device can also be regarded as the following e-mail transmission method, and has the same effect as the invention of the e-mail transmission device.

(5) An e-mail transmission method for transmitting an e-mail to the destination upon receipt of an e-mail transmission request including a destination, wherein the e-mail transmission method includes an attached file in the e-mail transmission request A step of determining whether or not the attached file is included, a step of automatically setting security of the attached file in accordance with a security level of the destination, and the automatically set security And sending an alias of the attached file as an actual file or link information to the actual file by distinguishing whether the destination is within a group or outside the group .

  According to the present invention, when a file is attached to an e-mail and transmitted, the information is spread to outsiders who are not permitted to disclose the information while restricting the information to be transmitted as appropriate. It is possible to provide an e-mail transmission apparatus and an e-mail transmission method that can prevent this.

It is a figure which shows the outline | summary of the email transmission / reception system containing the email transmission apparatus which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the mail server of the electronic mail transmission / reception system of FIG. FIG. 2 is a functional block diagram illustrating a functional configuration when a mail server of the electronic mail transmission / reception system of FIG. 1 executes automatic security setting transmission processing in cooperation with a file management server. It is a functional block diagram which shows a functional structure in case the web server of the email transmission / reception system of FIG. 1 accepts the access from a client in cooperation with a file management server. 2 is a flowchart when a mail server of the electronic mail transmission / reception system of FIG. 1 executes automatic security setting transmission processing in cooperation with a file management server.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing a configuration example of an electronic mail transmission / reception system according to an embodiment of the present invention. In the e-mail transmission / reception system shown in FIG. 1, an in-house system 10 of company A, an in-house system 20 of company B, and an in-house system 30 of company C are connected to each other. The in-house system 10 of company A and the in-house system 20 of company B are connected via an intranet 40 to which only the same group company can be connected, and send and receive e-mail to each other. On the other hand, the in-house system 30 of company C is connected to the in-house system 10 of company A and the in-house system 20 of company B via a network (hereinafter referred to as “extranet”) 50 and a gateway 60 that allow access from outside the group. And send and receive e-mail to each other.

  Here, it is assumed that company A and company B belong to the same group, and there is no restriction on information exchanged between company A and company B. On the other hand, Company C does not belong to the group of Company A and Company B, and exchanges information with Company A or Company B only for the purpose of acquiring information. Therefore, it is necessary to limit the information provided from Company A or Company B to Company C.

  A company internal system 10 includes a company A terminal 100, a mail server 200, a file management server 300, a web server 400, a network 11 including a LAN (Local Area Network) and the like.

  In the present embodiment, the company A terminal 100 generates an e-mail transmission request to be described later in response to a user operation. When the mail server 200 receives the transmission request for the electronic mail generated by the company A terminal 100, the mail server 200 cooperates with the file management server 300 described later to set the electronic mail with a predetermined security in accordance with the transmission request to the designated destination. Send. The file management server 300 automatically stores, as a database, all files attached to an e-mail, related information thereof, and related information of all destinations. The web server 400 permits or disallows a terminal outside A, for example, a terminal of company B or company C, to access predetermined information contained in the file management server 300.

  The company A terminal 100 generates a mail generation request by a user operation. The mail generation request includes, in addition to information on the presence / absence of an attached file attached to a message, a destination, and an e-mail, if there is an attached file, information specifying the attached file. In the present embodiment, the mail server 200 generates a mail according to the mail generation request and transmits it to the destination. At that time, the mail server 200 determines whether or not an attachment file is included in the mail generation request, and executes the automatic security setting transmission process when determining that the attachment of the file is included.

  The file management server 300 includes a file DB (Data Base) that stores a file prepared in advance as an attachment file and an attachment file that is newly registered each time an e-mail is transmitted, and a disclosure level of all files stored in the file DB File management DB for storing related information such as, transmission history DB for storing the transmission history of all files stored in the file DB, and related information such as privilege levels of all destinations to which e-mail transmission is permitted. And a destination management DB for storing.

  FIG. 2 is a block diagram showing a hardware configuration of the mail server 200 of company A for executing an e-mail transmission process in response to such a request. The mail server 200 can be configured by, for example, a general personal computer. The mail server 200 constitutes a file transmission unit.

  The mail server 200 includes a CPU (Central Processing Unit) 201, a ROM (Read Only Memory) 202, a RAM (Random Access Memory) 203, a bus 204, an input / output interface 205, an operation unit 206, and a display unit 207. A storage unit 208, a communication unit 209, and a drive 210. The CPU 201 executes various processes according to a program recorded in the ROM 202 or according to a program loaded from the storage unit 208 to the RAM 203. The RAM 203 also appropriately stores data necessary for the CPU 201 to execute various processes.

  For example, in the present embodiment, a program for realizing a security automatic setting transmission process to be described later is stored in the ROM 202 or the storage unit 208. Further, a program or data for realizing an automatic security setting transmission process to be described later may be provided from the outside via the network 11 and expanded in the RAM 203. Therefore, each function of automatic security setting transmission processing can be realized by the CPU 201 executing processing according to these programs.

  The CPU 201, ROM 202, and RAM 203 are connected to each other via a bus 204. An input / output interface 205 is also connected to the bus 204. An operation unit 206, a display unit 207, a storage unit 208, a communication unit 209, and a drive 210 are connected to the input / output interface 205.

  The operation unit 206 includes a keyboard, a mouse, and the like, and accepts user instruction operations. The display unit 207 is configured with a liquid crystal display or the like, and displays various types of information. The storage unit 208 is composed of a hard disk or the like, and temporarily stores mail generation request data sent from the user. The storage unit 208 also stores various data necessary for mail transmission / reception, for example, mail data, various flag values, threshold values, and the like.

  The communication unit 209 controls communication performed with other devices such as a company B terminal and a company C terminal via the network 11, the intranet 40, and the extranet 50. Further, the communication unit 209 is connected to the terminal 100, the mail server 200, the file management server 300, and the web server 400 via the network 11.

  A removable medium 211 made of a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is appropriately attached to the drive 210. The program read from the removable medium 211 by the drive 210 is installed in the storage unit 208 as necessary. The removable medium 211 can also store various data such as program data stored in the storage unit 208 in the same manner as the storage unit 208.

  A company terminal 100, file management server 300, web server 400, company B terminal 100B, company C terminal 100C, company B mail server 200B, company C mail server 200C, etc. It can be constructed by a personal computer or a server computer, and may have a hardware configuration similar to that of the mail server 200.

  FIG. 3 is a functional block diagram showing a functional configuration when the mail server 200 having the hardware configuration of FIG. 2 executes the automatic security setting transmission process in cooperation with the file management server 300.

  When the mail server 200 receives an e-mail from a terminal inside or outside the company via the network 11 and receives a mail transmission request from the company A terminal 100, the mail server 200 determines whether or not attached information described later is included. When it is determined that the attached information is included, a security setting unit 230 that automatically sets the security of the attached information based on the destination of the transmission e-mail, and the inside and outside the company via the network 11 according to the mail transmission request A mail transmission unit 240 that transmits an electronic mail to the terminal. The mail receiving unit 220, the security setting unit 230, and the mail transmission unit 240 can be realized by the CPU 201 executing a program stored in the RAM 203.

  The security setting unit 230 automatically sets the necessary security for the file based on the destination of the email included in the email transmission request. This reduces the work for the user to perform necessary security processing according to the destination and the attached file. The security setting unit 230 also includes an encryption unit that encrypts the file, and encrypts the file as necessary. The mail transmission unit 240 transmits the electronic mail whose security has been automatically set by the security setting unit 230 via the intranet 40 when inside the group, and via the extranet 50 when outside the group.

  In this embodiment, the security setting unit 230 considers not only the destination security level but also the security level of the attached file. This makes it possible to set the security level of the attached file more appropriately. In the present embodiment, the security setting unit 230 determines the attachment file according to the privilege level of the destination of the transmission email stored in the destination management DB 3084 of the file management server 300 and the disclosure level of the attached file stored in the file management DB 3082. Set security automatically. The privilege level corresponds to the security level of the destination, and the public level corresponds to the security level of the attached file.

  The file management server 300 includes a search unit 320 that searches various databases included in the storage unit, and a management unit 330 that registers, modifies, and deletes new data in various databases.

  The search unit 320 receives a request from the mail server 200, the web server 400, etc., executes a search for various databases in the storage unit, and sends back the results. When it becomes necessary to register a new destination or a new attached file, the management unit 330 displays a screen that prompts the user to input information necessary for registration, accepts input information from the user, It accepts requests from system administrators for corrections, deletions, etc., and performs database maintenance. Since this detail is the same as normal database management, the description is omitted. Hereinafter, the principle of the automatic security setting transmission process executed by the mail server 200 in cooperation with the file management server 300 in this embodiment will be described.

  First, in the present embodiment, the file DB 3081 of the file management server 300 stores all attached files as real files, and only the files stored in the file DB 3081 are attached to the transmission e-mail. The file stored in the file DB 3081 is preferably stored as read-only so that the contents are not changed after being transmitted. This is because it is possible to manage the history of what information is sent to where.

  Further, if the file that the user intends to attach and send to the e-mail is a file that does not exist in the file DB 3081, the user must first register the file in the file DB 3081 and then attach it to the e-mail. Become.

  This process is performed when the file transmission server includes the attachment of the file, and the CPU of the file management server determines whether or not the actual file exists in the file DB 3081 as needed. The actual file may be stored in the file DB 3081 and registered.

  The security level of a newly registered file, that is, the public level, may be set by a user or an authorized administrator as needed.

  By storing all the files to be transmitted as attachments in the file DB 3081, it is possible to take a history of who sent what file to which file in the past.

  First, it is stored as read-only so that an accurate record of what information was sent can be left. In addition, by taking a record of who sent it, it is possible to clarify the responsibilities in case that important information is inadvertently sent to outsiders, resulting in the diffusion of important information. Can be prevented. Therefore, the security management of the attached file transmitted with the e-mail can be enhanced. Furthermore, by referring to the history of files sent in the past, useful statistics such as what kind of files are used by which business partners can be used for various purposes such as improving security. Is possible.

  In this embodiment, when sending a file by e-mail, only the actual file transmission method for sending the actual file as an attached file and the link information (alias) that can refer to the actual file are added to the e-mail body. There is an alias transmission method that allows the recipient to refer to the file or download it as necessary. In the electronic mail transmission apparatus according to the present embodiment, when an alias is sent, an actual file that is the main body of the alias is registered in the file DB 3081.

  The file management DB 3082 holds, for example, security level information (information on security levels of all files) shown in Table 1 for all files registered in the file DB 3081.

  In the file name field FN, file names of all files registered in the file DB 3081 are described. If the file is managed in a folder structure, the full path may be described in the file name item. Alternatively, a unique ID number may be described in the file name item FN so that the file is managed with a unique ID number.

  The disclosure level item LD represents the confidentiality of the file. If the lowest level (0 in the present embodiment), it is completely public, and if it is the highest level (9 in the present embodiment), it means the top secret. The file can be transmitted to the destination only when the destination of the transmission e-mail has a privilege level (described later) equal to or higher than the public level. The reference frequency item FR is an example of statistical information accumulated from a transmission record accumulated in the transmission history DB 3083 to be described below. For example, the reference frequency item FR indicates how many times it is referred to every month since registration for the first time.

  In the transmission history DB 3083, in order to acquire the statistical information as described above, each time a file registered in the file DB 3081 is transmitted as an attached file of an e-mail, information such as a destination, a transmission date and time, a sender, and the like is transmitted as a transmission record. Accumulate.

  The destination management DB 3084 holds pre-registered related information related to all outgoing e-mail destinations. The destination management DB 3084 holds, for example, security level information (information on the security levels of all destinations) shown in Table 2 for all destinations registered in the file management DB 3082.

  Here, in the domain item DM, the domain name of each organization participating in the intranet 40 and the extranet 50, or the right part of @ in the e-mail address, that is, FQDN (Fully Qualified Domain Name) is described. The FQDN may include not only the domain name but also the host name of the destination mail server. Therefore, for example, when the destination organization establishes a mail server for each department, an FQDN for each department may be registered to give a different privilege level (described later) to each department.

  The account item AC describes an e-mail account. The account is the left part of @ in the e-mail address, constitutes an e-mail address together with the above-mentioned FQDN, and becomes an ID when the mail server is used. In the present embodiment, account = * indicates a user whose account is not registered in the domain. If accounts are individually registered, such as users P and Q of company C (C-inc.jp) shown in the example of Table 2, individual privilege levels described later can be given.

  The privilege level item LP indicates the authority of each destination to refer to the file in the file DB 3081. In the example of Table 2, the highest level is given to all users of Company A (A-inc.jp), which is the company. The highest level means that you have permission to view all files. In this embodiment, the highest level is 9. Even within A company and B company of the same group, the privilege level may be different depending on the department or employee by registering for each department or employee. In the example of Table 2, the lowest privilege level 6 is given to all users of company B (B-inc.jp) which is a company in the group. In the present embodiment, if the user is in the group, the privilege level ≧ 6 and the privilege level item LP is referred to determine whether the destination mail address is in the group or outside the group.

  If the domain name or FQDN of the destination electronic mail address is not in the file management DB 3082 (see Table 1), the privilege level of the destination is assumed to be the lowest level. In this embodiment, the minimum level is 0. Furthermore, in the present embodiment, it is assumed that a completely public file (a file with a public level = 0) can be referenced even at the lowest level destination.

  Here, the privilege level is between the highest level and the lowest level, for example, whether the user is in a group or an outsider, whether a transaction with the user has occurred, whether the user is in charge, etc. It can be divided into several stages according to various factors. In the example of Table 2, if the user is in the group, privilege level ≧ 6, outsider, that is, if outside the group, basically the privilege level = 1, and if the user is an employee P specially in charge If the privilege level = 3 and the user is a subordinate Q, the privilege level = 2 may be set.

  For files that are determined to be openable based on the above public level and privilege level, whether or not security processing is necessary may be further determined depending on whether the destination is within the group or outside the group. it can. When the destination is in the group, security processing such as encryption of the attached file is not performed. If the destination is within a group, for example, if the sending mail server 200 and the receiving mail server are both provided in the intranet 40, e-mail transmission / reception is performed within the intranet 40. There is little risk of leaking outside. When all the attached files are encrypted, it is necessary to decrypt the attached files of the in-house e-mail one by one, which is complicated. In this way, when the destination is in a group, such complexity can be reduced by reducing security.

  Furthermore, when transmitting a completely public file, security processing may be unnecessary for all destinations and may be transmitted as they are.

  On the other hand, if the above condition is not satisfied, that is, if a destination is outside the group and a file that is not a fully public file is transmitted, security processing is naturally required. In the present embodiment, in order to determine the necessity of this security process, it is determined that the user is in the group if the privilege level ≧ 6. Details will be described later in the description of FIG.

  When an alias that requires login authentication is sent as a security process to the login ID and login PW (PassWord) items LID and LPW, in order for the e-mail recipient to log in to the web server 400 of company A, which will be described later The login ID and password to be entered are described. For example, when an employee P of company C logs in, if “33333444” is entered in the login ID and “3333” is entered in the login PW, authentication is performed in accordance with the item value of the destination management DB 3084 (Table 2). The target file can be downloaded.

  The encrypted EPW item EPW describes, as a security process, a password to be used by the e-mail recipient to decrypt the file when the encrypted file with the password applied is sent. For example, any employee of Company D (D-inc.jp) can decrypt a file using a password “8888”.

  Here, as an example of mail transmission, let us consider a case where an alias is sent instead of attaching an actual file with an electronic mail addressed to an employee of company C (hereinafter referred to as a “recipient”). The alias is, for example, a link to a web page (hereinafter referred to as “browsing page”) in which an attached file stored in the file DB 3081 can be browsed or downloaded immediately. The security setting unit 230 of the mail server 200 performs a process of rewriting the alias based on the above determination regarding whether authentication is necessary. When it is determined that authentication is unnecessary, the security setting unit 230 adopts the alias as it is. That is, nothing is rewritten. Therefore, after the mail is received, if the recipient opens the alias, the browsing page is opened immediately and the file can be freely viewed or downloaded.

  On the other hand, if it is determined that authentication is necessary, the security setting unit 230 creates a web page (hereinafter referred to as “login page”) that requires input of a login ID and a login PW in order to log in to the browsing page. , Rewrite the alias to a link to the login page. At this time, the login page is stored in the storage unit 308 of the file management server 300 in one-to-one correspondence with the browsing page. Thereby, if login authentication is successful, it can move to a browsing page immediately. Further, the login page is created exclusively for the recipient and includes information on the email address of the recipient. This makes it possible to recognize who has logged in.

  After the mail is received, the recipient opens the alias. As a result, access to the web server 400 of company A occurs, so the functional configuration of the web server 400 will be described here.

  FIG. 4 is a functional block diagram showing a functional configuration when the web server 400 receives access from a client and transmits / receives data. The web server 400 can be configured by, for example, a general personal computer, and the description will be continued here assuming that it has the same hardware configuration as the mail server 200. The web server 400 includes an HTTP (HyperText Transfer Protocol) communication unit 420 that performs communication with a client such as a web browser that operates on the recipient's terminal, and a login authentication unit 430 that performs the above-described login authentication. .

  The HTTP communication unit 420 transmits a web page to the client, accepts an input from the web page, accepts a browsing or download request of the client, transmits a file, and performs all communication processes possible with the HTTP protocol. . The login authentication unit 430 receives an input from the client to the login page via the HTTP communication unit 420 and performs processing necessary for login authentication. The HTTP communication unit 420 is realized by the communication unit of the web server 400, and the login authentication unit 430 is realized by the CPU of the web server 400 executing a program stored in the ROM.

  When the recipient who has received the mail including the alias as the attached file opens the alias, the login authentication unit 430 of the web server 400 transmits a login page to the recipient's terminal via the HTTP communication unit 420. The login ID and the login PW (hereinafter referred to as “input login information”) input by the recipient are received.

  The login authentication unit 430 receives the login ID and login PW (hereinafter referred to as “recipient login ID”) from the destination management DB 3084 via the search unit 320 of the file management server 300 based on the information of the email address of the recipient included in the login page. (Referred to as “reference login information”) and collation is performed to determine whether or not it matches the above-mentioned input login information.

  When the reference login information matches the input login information, the login authentication unit 430 determines that the login authentication is successful, and transmits the above-described browsing page to the receiver's terminal via the HTTP communication unit 420. indicate. The subsequent processing is the same as that described above when the recipient opens an alias that does not require authentication. Specifically, when an attachment file browsing or download request is transmitted from the receiver, the HTTP communication unit 420 reads the file from the file DB 3081 via the search unit 320 of the file management server 300 and transmits the file to the receiver. To do. On the other hand, if the reference login information does not match the input login information, the login authentication unit 430 displays a web page displaying a message such as “login authentication failed” via the HTTP communication unit 420 as a recipient. Send to. The login authentication unit 430 may allow retrying about three times in accordance with the usual case in such a case, and if the authentication still fails, the login authentication unit 430 may reject further retrying. The login authentication unit 430 constitutes an access control unit that permits or disallows access to the file of the recipient who has received the alias.

  The operation of the electronic mail transmitting apparatus configured as described above will be described below with reference to the drawings. FIG. 5 is a flowchart showing an outline of automatic security setting transmission processing executed by the mail server 200. The automatic security setting transmission process is executed under the control of the CPU 201 constituting the mail server 200.

  In the security automatic setting transmission process, a user who is an employee of company A creates a transmission e-mail attached with an alias to the actual file or the file using general e-mail software, and sends it to the mail server 200. Starts with the transmission request command issued.

  In order to facilitate understanding, it is assumed that registration of an attached file or a file designated by an alias in the file DB 3081 has been completed at this point. Further, a link to a web page outside the company is not included in the alias, and hereinafter, only a reference link to the in-house file is referred to as an alias. Further, a transmission e-mail that designates a plurality of destinations is used on a daily basis, but the security processing of an attached file may be different for each destination. Therefore, the following description is limited to the case where there is only one destination. . When there are a plurality of destinations, a process for duplicating the transmission e-mail as many as the number of destinations may be added (the description thereof is omitted).

  In step S1, the security setting unit 230 of the mail server 200 analyzes the transmission e-mail requested to be transmitted from the user, and includes an attached file or an alias (hereinafter referred to as “attachment information” together). Determine whether or not. When the attached information is not included in the transmission e-mail, NO is determined in step S1, and the process proceeds to step S12. The processing after step S11 will be described later. When the attached information is included in the transmission e-mail, it is determined as YES in Step S1, and the process proceeds to Step S2.

In step S2, the security setting unit 230 acquires the destination electronic mail address DA and one or more attached information ATj (1 ≦ j ≦ j _Max (number of attached files)) from the transmitted electronic mail.

  In step S3, the security setting unit 230 requests the search unit 320 of the file management server 300 to search for the privilege level LP of the destination email address DA, and obtains the privilege level LP from the destination management DB 3084 of the storage unit. To do.

  In step S4, the security setting unit 230 sets 1 as the initial value of j.

  In step S5, the security setting unit 230 requests the search unit 320 of the file management server 300 to search the disclosure level LD for the j-th attached information ATj, and sets the disclosure level LD from the file management DB 3082 of the storage unit. get.

  In step S6, the security setting unit 230 determines whether or not the privilege level LP acquired in step S4 is equal to or higher than the public level LD acquired in step S5. If the privilege level LP is less than the disclosure level LD, it is determined as NO in step S6, and the disclosure is prohibited, so the process proceeds to step S7.

  In step S <b> 7, the security setting unit 230 displays a message such as “This e-mail contains information that cannot be disclosed and cannot be sent”, and the process ends abnormally. On the other hand, if the privilege level LP is greater than or equal to the disclosure level LD, YES is determined in step S6, and the process proceeds to step S8.

  In step S8, the security setting unit 230 determines whether security processing is necessary. As described above, if the privilege level LP <6 (in this embodiment, if the privilege level <6, the destination is determined to be outside the group), and if the disclosure level LD> 0, security processing is necessary. In S8, it is determined as YES, and the process proceeds to Step S9.

  In step S9, when the attached information ATj indicates an actual file, the security setting unit 230 encrypts the file, creates an encrypted file, deletes the attached information ATj of the actual file, and attaches the attached information of the encrypted file. Replace with ATj '. In that case, the encrypted PW to be used is acquired from the destination management DB 3084 of the storage unit via the search unit 320 of the file management server 300. If the attached information ATj is an alias, the security setting unit 230 creates a login page dedicated to the destination DA and stores it in the storage unit of the file management server 300. As described above, the login page holds the destination e-mail address DA and is stored in one-to-one correspondence with the attached file browsing page originally indicated by the alias ATj. Thereby, the login authentication unit 430 of the web server 400 can know who has been logged in for what. Then, the security setting unit 230 deletes the attached information ATj (real file alias) and replaces it with new attached information ATj ′ (URL of the login page). Thereafter, the process proceeds to step S10. The processing after step S10 will be described later.

  On the other hand, if the privilege level LP ≧ 6 (in this embodiment, if the privilege level ≧ 6, the destination is determined to be in the group), or if the disclosure level LD = 0, no security processing is required, so step S8. In step S10, the process proceeds to step S10, skipping step S9. That is, whether it is a real file or an alias to a real file, the attached information ATj is left as it is, and security processing is not performed. However, although not particularly illustrated, it may be determined in step S8 whether security measures are necessary even if the confidentiality is zero and the real file is not sent but only the alias is always sent. This is the case when you only want to prevent the file from spreading. In this case, for example, the disclosure level LD = 0.5. In this way, for example, a draft level file without confidentiality and a completed file can have the same security level.

  In step S10, the security setting unit 230 increments j (j = j + 1). Thereafter, the process proceeds to step S11.

  In step S11, the security setting unit 230 determines whether j exceeds the maximum value. If j does not exceed the maximum value, the attached information ATj to be checked still remains, so the process returns to step S5, and the loop process of steps S5 to S11 is repeated. On the other hand, if j exceeds the maximum value, there is no more attached information ATj to be examined, and the process proceeds to step S12.

  In step S <b> 12, the mail transmission unit 240 receives supply of the transmission email that has been (or has not been) subjected to the security processing from the security setting unit 230, and transmits it to the destination email address DA. As a result, the automatic security setting transmission process ends.

  In step S7, if a file that cannot be disclosed is attached, the process immediately ends abnormally. However, an inquiry message may be issued asking the user to determine whether or not to disclose the file. However, in that case, it is also possible to perform user management as to whether or not the user has the authority to change the disclosure level.

  Thus, according to the present embodiment, each time an e-mail is transmitted, if it is determined that a file attachment is included in the e-mail transmission request from the user, the file transmission unit is associated with the destination. The file is transmitted to the destination by a technique in which security is enhanced according to a combination of a security level and a security level of the attached file. Thus, for example, when an email is sent to an outsider who is not permitted to disclose, the file is automatically sent with security depending on the security level assigned to the outsider. become. Therefore, when sending a file attached to an e-mail, the information is spread to outsiders who are not permitted to disclose it while maintaining convenience and appropriately limiting the information to be transmitted. Can be prevented.

  Furthermore, since the mail server adds a password to the file and sends it according to the security level associated with the destination, for example, when an e-mail is sent to an outsider who is not permitted to disclose This will prevent you from forgetting to enter your password.

  In addition, when an attachment of a file is included in the e-mail transmission request, it is stored in the file storage unit, so that the history of the transmitted file can be collected and managed. If necessary, it can be stored with the information of the sender of the file, so that the sender should not be sent to an outsider who is not allowed to inadvertently disclose it. Can call attention. Therefore, it is possible to prevent important information from spreading.

  In addition, as a method of sending a file by e-mail, send the real file as an attached file as it is, send only the link information (alias) that can refer to the real file, and send it to the recipient. An alias transmission method is employed in which the file is referred to or downloaded as necessary. Instead of transmitting the actual file, the mail server can transmit link information for the file specified by the transmission request from the file stored in the file storage unit. In addition, access to the file in the file storage unit can be permitted or not permitted according to the security level associated with the destination.

  Therefore, even if an alias is attached to an e-mail instead of an actual file, the information is spread to outsiders who are not permitted to disclose it while maintaining convenience and appropriately limiting the information to be transmitted. Can be prevented.

  The embodiments of the present invention have been described in detail with reference to the drawings. In addition, the above-mentioned embodiment is an essentially preferable illustration, Comprising: It does not intend restrict | limiting the range of this invention, its application thing, or its use. In the present specification, the step of describing the program recorded on the recording medium is not limited to the processing performed in chronological order according to the order, but is not necessarily performed in chronological order, either in parallel or individually. The process to be executed is also included.

10 A company system 11 A company network 20 B company system 30 C company system 40 Intranet 50 Extranet 60 Gateway 100, 100B, 100C Terminal 200, 200B, 200C Mail server (mail transmission device)
201 CPU
202 ROM
203 RAM
204 Bus 206 Operation unit 207 Display unit 208 Storage unit 209 Communication unit 210 Drive 211 Removable media 300 File management server 400 Web server 420 HTTP reception unit 430 Login authentication unit (access control unit)

Claims (5)

When an e-mail transmission request including an address is received, an e-mail transmission device that transmits an e-mail to the address,
Determines whether includes an attachment to the transmission request of the e-mail, when it is determined to contain a said attachment, automatically sets the security of the attachment according to the security level of the destination A security setting section;
An e-mail including a file transmission unit that transmits an actual file of the attached file or an alias, which is link information to the actual file, according to the automatically set security, by distinguishing whether the destination is within a group or outside the group Transmitter device.   The e-mail transmission device according to claim 1, further comprising a file storage unit that stores a file prepared in advance as the attachment file and an attachment file newly registered each time an e-mail is transmitted.   A security level information table that stores information on security levels of all registered destinations, the security level information table including the domain name of each organization participating in the intranet and extranet, FQDN (Fully Qualified Domain Name), and The electronic mail transmitting device according to claim 1, wherein a security level for each department of the organization is stored.   When it becomes necessary to register a new address or new attachment, a screen prompting you to enter the information required for registration is displayed, accepting input information from the user, or modifying or deleting the registered contents The e-mail transmission device according to any one of claims 1 to 3, further comprising a management unit that receives a request from a system administrator. When an e-mail transmission request including an address is received, an e-mail transmission method for transmitting an e-mail to the address,
The e-mail transmission method determines whether or not an attachment file is included in the e-mail transmission request; and
If it is determined that the attachment is included , automatically setting security of the attachment according to the security level of the destination;
And transmitting an alias as a link information to the actual file or the link to the actual file in accordance with the automatically set security depending on whether the destination is within the group or outside the group, Transmission method.

Images