JP6223667B2 - Mail server and mail transmission / reception method - Google Patents

Mail server and mail transmission / reception method Download PDF

Info

Publication number
JP6223667B2
JP6223667B2 JP2012200462A JP2012200462A JP6223667B2 JP 6223667 B2 JP6223667 B2 JP 6223667B2 JP 2012200462 A JP2012200462 A JP 2012200462A JP 2012200462 A JP2012200462 A JP 2012200462A JP 6223667 B2 JP6223667 B2 JP 6223667B2
Authority
JP
Japan
Prior art keywords
mail
unit
character string
step
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2012200462A
Other languages
Japanese (ja)
Other versions
JP2014056392A (en
Inventor
達哉 芳野
達哉 芳野
Original Assignee
中国電力株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国電力株式会社 filed Critical 中国電力株式会社
Priority to JP2012200462A priority Critical patent/JP6223667B2/en
Publication of JP2014056392A publication Critical patent/JP2014056392A/en
Application granted granted Critical
Publication of JP6223667B2 publication Critical patent/JP6223667B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

  The present invention relates to a mail server and a mail transmission / reception method.

  In recent years, communication by e-mail has been widely established. On the other hand, attacks such as sending malicious emails to individuals or companies are increasing.

  For example, a company may assign an e-mail address (hereinafter simply referred to as an e-mail address) to an employee using the local part of the e-mail address as an employee code or an employee name. In this case, when a brute force attack is performed by the attacker, there is a possibility that emails from the attacker may reach several email addresses. Furthermore, there is a possibility that the user may be damaged by taking an action on the mail received from the attacker.

  In order to deal with such a problem, for example, Patent Document 1 proposes that an e-mail be transmitted using another e-mail address different from the original e-mail address.

JP 2011-041260 A

  However, when a company handles a large number of e-mail addresses, it is burdensome for the administrator to newly assign different e-mail addresses to all employees. It is also difficult to make all employees aware of operations using different email addresses. Therefore, it is desired to simply improve security while using an existing mail address.

  An object of this invention is to provide the mail server and mail transmission / reception method which can improve security simply, utilizing the existing mail address.

  The mail server according to the present invention includes an accepting unit that accepts an e-mail and a transmission request for the e-mail, and an encryption that encrypts a character string in a local part of an e-mail transmission source accepted by the accepting unit A first replacement unit that replaces the local part of the email received by the reception unit with a character string encrypted by the encryption unit, and the local part is replaced by the first replacement unit. Corresponds to the predetermined domain among the transmission unit that transmits the email to the destination of the email, the reception unit that receives the email of the predetermined domain, and the mail address of the destination of the email received by the reception unit A decrypting unit that decrypts a character string in a local part of a mail address to be received, and the local part of the email received by the receiving unit. A second replacement unit that replaces the character string decrypted by the second part, and a storage control unit that stores in the storage unit the e-mail in which the local part is replaced by the second replacement unit. .

  In the mail server of the present invention, the encryption unit concatenates a predetermined character string to a character string in a local part of a mail address of a source of an e-mail accepted by the accepting unit, and the concatenated character string Encryption is performed, and the second replacement unit removes the predetermined character string from the character string decrypted by the decryption unit, and replaces the local part of the email received by the reception unit with the predetermined character string. It is preferable to substitute the character string from which the character string is removed.

  In the mail server of the present invention, it is preferable that the reception unit directly stores the e-mail in the storage unit when the e-mail address of the predetermined domain is included in the received e-mail destination.

  The mail transmission / reception method of the present invention is a mail transmission / reception method for performing transmission / reception of an electronic mail, a reception step of receiving an electronic mail and a transmission request of the electronic mail, and a mail of a transmission source of the electronic mail received in the reception step An encryption step for encrypting a character string in the local part of the address; and a first replacement step for replacing the local part of the email received in the reception step with the character string encrypted in the encryption step; , A transmission step of transmitting the email in which the local part is replaced in the first replacement step to a transmission destination of the email, a reception step of receiving an email of a predetermined domain, and the electronic mail received in the reception step Among the email addresses of email destinations, the message corresponding to the predetermined domain A decoding step for decoding a character string in the local part of the local address, and a second replacement step for replacing the local part of the e-mail received in the receiving step with the character string decoded in the decoding step And a storage control step of storing in the storage unit the electronic mail in which the local part has been replaced in the second replacement step.

  According to the present invention, security can be easily improved while using an existing mail address.

It is a figure which shows the relationship between the mail server which concerns on this embodiment, and a peripheral device. It is a figure which shows the function structure of the mail server which concerns on this embodiment. It is a figure which shows the structure of the encryption part which concerns on this embodiment. It is a figure which shows the structure of the decoding part which concerns on this embodiment. It is a flowchart which shows the flow of the process which concerns on transmission of an email in the mail server which concerns on this embodiment. It is a flowchart which shows the detailed flow of the encryption process of FIG. It is a flowchart which shows the flow of the process which concerns on reception of an email in the mail server which concerns on this embodiment. It is a flowchart which shows the detailed flow of the decoding process of FIG.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram showing the relationship between the mail server 1 and peripheral devices according to the present embodiment. The mail server 1 is connected to one or a plurality of terminals 2 on the first network N1 and a plurality of external devices 3 connected via the second network N2, and transmits and receives electronic mail. The mail server 1 is disposed in a DMZ (De-Militized Zone), and communicates with the external device 3 via a gateway or the like. The first network N1 is, for example, a local area network, and the second network is, for example, the Internet.

FIG. 2 is a diagram showing a functional configuration of the mail server 1 according to the present embodiment.
The mail server 1 includes a display unit 10, an input unit 20, a storage unit 30, a communication unit 40, and a control unit 50.

  The display unit 10 includes a display device such as a cathode ray tube (CRT) or a liquid crystal display (LCD). The display unit 10 performs display related to the function of the mail server 1 under the control of the control unit 50.

  The input unit 20 includes a keyboard and a mouse. The input unit 20 receives an input operation from the user of the mail server 1.

  The storage unit 30 includes a memory (RAM, ROM, etc.), a hard disk drive (HDD), an optical disk (CD, DVD, etc.) drive, and the like. The storage unit 30 stores various programs (not shown) for causing the mail server 1 to function. Various programs implement | achieve each function which concerns on this invention in cooperation with the control part 50 by being suitably performed and referred by the control part 50. FIG. Various programs are distributed via a communication line as necessary, or recorded and distributed on a computer-readable medium.

  The storage unit 30 also includes a mail box 31 that stores mail including a predetermined domain as a destination. In addition, the storage unit 30 stores account information corresponding to a mail address of a predetermined domain. The account information includes a user ID and a password. This user ID matches, for example, the local part of the mail address of a predetermined domain. That is, the account information is associated with a mail address of a predetermined domain. The local part refers to a character string before @ among character strings constituting the mail address.

  The communication unit 40 includes, for example, various wired and wireless interface devices. The communication unit 40 transmits / receives data to / from the terminal 2 and the external device 3 under the control of the control unit 50.

  The control unit 50 is configured by a CPU or the like, and controls the entire mail server 1. The control unit 50 includes a transmission request reception unit 51 as a reception unit, an encryption unit 52, a first replacement unit 53, a communication control unit 54 as a transmission unit and a reception unit, a decryption unit 55, and a second A replacement unit 56, a storage control unit 57, and a reception request reception unit 58 are provided.

  The transmission request reception unit 51 receives an electronic mail and a transmission request for the electronic mail from the terminal 2 on the first network N1. Here, it is assumed that the domain of the email address from which the electronic mail is sent is a predetermined domain.

  Further, the transmission request receiving unit 51 refers to the header information of the electronic mail and determines whether or not the destination includes a mail address of a predetermined domain. When the transmission request reception unit 51 determines that the mail address of the predetermined domain is included in the destination, the transmission request reception unit 51 directly stores the electronic mail in the mail box 31 of the storage unit 30. That is, the transmission request receiving unit 51 directly stores the e-mail in the storage unit 30 when a mail address of a predetermined domain is included in the destination of the e-mail that has received the transmission request. As a result, the electronic mail is stored in the storage unit 30 in a state where it is not encrypted by the encryption unit 52.

  Further, the transmission request receiving unit 51 controls not to output the electronic mail to the encryption unit 52 and the first replacement unit 53 when the destination includes only a mail address of a predetermined domain.

  The encryption unit 52 refers to the header information of the email received by the transmission request receiving unit 51, and identifies the email address of the email transmission source. The encryption unit 52 converts the character string by encrypting the character string that forms the local part of the identified mail address of the transmission source.

  Also, the encryption unit 52 refers to the header information of the email received by the transmission request receiving unit 51, and when the email address of the email address of the predetermined domain is included in the email address of the destination of the email, The character string constituting the local part is encrypted, and the character string is converted.

In addition, the encryption unit 52 encrypts the character string that forms the local part of the mail address of the predetermined domain included in the message body of the email received by the transmission request reception unit 51, and Perform conversion. Here, the description will proceed assuming that the local part of the mail address to be encrypted is an integer X i of 20 digits or less (for example, it may be a 6-digit integer).

Hereinafter, the encryption of the encryption unit 52 will be described.
As illustrated in FIG. 3, the encryption unit 52 includes a key generation unit 521, a first encryption unit 522, and a second encryption unit 523.

  The key generation unit 521 generates an encryption key E for encrypting the character string in advance, and stores the encryption key E in the storage unit 30. The key generation unit 521 generates a decryption key F for decrypting the character string encrypted with the encryption key E in advance, and stores the decryption key F in the storage unit 30.

The encryption key E and the decryption key F are generated as follows.
First, a first prime number A and a second prime number B are prepared in advance. The first prime number A and the second prime number B are combinations of prime numbers such that their product N exceeds a predetermined number X. Here, the predetermined number X is, for example, an integer of 20 digits, and is an integer exceeding the range in which the multiplication result can be expressed at once by the register. The predetermined number X is a character string longer than all character strings that can be encrypted. For example, the predetermined number X is a value larger than this integer when information to be encrypted at a time can be expressed as an integer. Note that these prime numbers may be calculated by the key generation unit 521 or may be received via the input unit 20.

  The key generation unit 521 sets an integer that is one less than the first prime number A as an integer A ′ and an integer that is one less than the prime number B as an integer B ′. Then, the key generation unit 521 is an integer E that is a prime least integer multiple K of an integer A ′ and an integer B ′, and a number (power) that is calculated using the predetermined number X as a base and the integer E as an exponent. An integer E exceeding a predetermined number of digits (where overflow occurs) is generated as the number of digits larger than the number of digits that can be represented by the register. The key generation unit 521 stores the product N of the first prime number A and the second prime number B in the storage unit 30 in advance, and stores the integer E in the storage unit 30 in advance as the encryption key E.

  The key generation unit 521 generates an integer F so as to satisfy the following expression (1) using the integer E and the least common multiple K described above, where m is an arbitrary integer. The key generation unit 521 stores the integer F as a decryption key F corresponding to the encryption key E in the storage unit 30. The integer F may be any number as long as the expression (1) is satisfied.

Further, the key generation unit 521 generates an integer R i used for substitutional encryption and stores it in the storage unit 30 in advance. The integer R i is a positive integer smaller than the predetermined number X selected at random.

The first encryption unit 522 uses an arbitrary positive integer smaller than the predetermined number X, that is, a power that has the integer X i to be encrypted as a base and the integer E as an exponent, as a first prime number A and a second prime number. by calculating the remainder when divided by the product N with B, and calculates the number of encryption Y i an integer X i. That is, the first encryption unit 522 calculates the encryption number Y i of the integer X i represented by the following equation (2). “Mod” shown in the equation (2) is a function for calculating a remainder.

Specifically, the first encryption unit 522 calculates the encryption number Y i of the integer X i using an iterative square method (fast power method). The processing procedure will be described below.

First, the first encryption unit 522 performs binary expansion of an integer E, the multiplication E integers X i, to expand the power of the product of the 2 k integers X i. Here, k is assumed to be an integer from 0 to n, and n corresponds to the largest power among the numbers whose power of 2 should not exceed the integer E. For example, when the integer E is 287, the power of the integer X i to the E power is expressed by the following equation (3). Here, since the power of 2 is the largest number not exceeding the integer E, the power number “8” is n.

Subsequently, the first encryption unit 522, as shown in the following equation (4), the 2 0 square of an integer X i from the remainder when divided by the product N in order, the product of multiplication 2 k integers X i The remainder when dividing by N is calculated. For example, 2 squared integer X i is (4) as shown in the formula and can be calculated simply by using the remainder in the case where two first power of the integer X i is divided by the product N.

Here, since the integer E is generated so that the calculation result of the predetermined number X raised to the E power is larger than the number of digits that can be represented by the register, the integer E is calculated when the integer X i is raised to the 2k power. , Digit overflow may occur. Accordingly, the first encryption unit 522, the integer X i, using the following equation (5), expanded to an integer, which is divided into digit X u and lower digit X d of the upper, the upper digit X u and based on the lower digit X d, it is calculated up to 2 n square of an integer X i.

Where M is the base and Cd is the number of the lower digits in the integer X i . Cd is an integer of 1 or more.

For example, when the base M is 2, the number of digits of the integer X i is 16 digits, and the number of lower digits Cd is 8 digits, the expression (5) is expressed as the following expression (6). .

For example, when the mail server 1 according to the present embodiment includes a 16-bit register CPU, if the value of the integer X i is a decimal number 65532, the exponent is calculated as the exponent in the integer X i . When 2 is used, the integer upper limit value 65535 that can be expressed using a 16-bit register is exceeded. That is, simply when implementing the E-th power of the calculation of the integer X i included in equation (2) on the right side according to conventional calculation method of a power integers X i, there is a case where the value of an accurate power may not be obtained.

On the other hand, when the upper digit and the lower digit are divided as integer parts using the digit division represented by the equation (6), for example, the integer X i is a decimal number 65532, that is, a binary number. 11111111111111100 is divided into an integer 11111111 (decimal 255) included in the upper 8 digits and an integer 11111100 (decimal 252) included in the lower 8 digits. In this case, the two divided numbers are smaller than the square of 255, and therefore fall within an integer range that can be expressed by a 16-bit register. Therefore, it is possible to avoid errors due to overflowing digits.

Further, in the present embodiment, as shown in the equation (5), it is divided into two integers. For example, when the integer X i is 20 digits, as shown in the following equation (7): Alternatively, it may be divided into four integers.

Wherein, X 15 is 20 digit column 16 integer X i, X 10 is 15 digit from 11 digit integer X i, X 5 is 10 digit from 6 digit integer X i, X 0 is the fifth digit from the first digit of the integer X i. When the integer X i is less than 20 digits (predetermined number of digits) (for example, 6 digits), a predetermined character string is concatenated with the upper digits (for example, 1 or until the predetermined number of digits is reached). The number of digits of the integer X i may be increased by zero-filling a plurality of “0” s. By doing in this way, the mail server 1 generates the integer E under the condition that overflow occurs, and then expands the integer X i using the equations (3) to (5) to obtain the encrypted number Y i . By calculating, it is possible to accurately calculate the encryption number Y i while avoiding overflow.
Note that the integer X i is preferably divided so that the number of digits of the integer after division is equal, as in the equations (6) and (7).

In addition, when the integer X i is less than a predetermined number of digits (for example, 20 digits), the upper digit is padded with zeros to make a character string of the predetermined number of digits, and then encrypted. Not limited to this. For example, the storage unit 30 may store the mail address and the user name (for example, the user's name) of the mail address in association with each other. Then, the encryption unit 52 (first encryption unit 522) concatenates the user name of the mail address as a predetermined character string to the local part of the mail address of the predetermined domain before encryption. The local part character string may be encrypted in a state where the user name is connected. In this case, since the concatenated character strings include character strings other than numbers, the encryption unit 52 performs encryption after converting character strings other than numbers into numbers. Note that the length of the character string after conversion to numbers is made to be a predetermined number of digits or less.

Subsequently, the first encryption unit 522 calculates the remainder of the integer X i that is expanded to the product of the power of 2 to the E power. For example, when the integer E is 287, the remainder of the integer X i raised to the E power is represented by the following equation (8). Therefore, as shown in the equation (4), 2 k of the integer X i obtained in advance. It is possible to easily calculate from the remainder when the power is divided by the product N. In this calculation, the remainder may be calculated by dividing the multiplicand into an upper digit and a lower digit in the same manner as equation (5) so as to avoid overflow.

The second encryption unit 523 uses the key R i stored in the storage unit to perform the substitution encryption of the encrypted number Y based on the following equation (9), and calculates the integer Y i ′ To do.

In the equation (9), Rot (Y i , R i ) is a function for substituting the encrypted number Y i using the key R i as a secret key. Specifically, Rot (Y i , R i ) adds the encrypted number Y i by the value of the key R i within a predetermined number X. If the result of adding the key R i to the encrypted number Y i exceeds the predetermined number X, Rot (Y i , R i ) is determined as an integer Y i ′ by adding R i to Y i The part exceeding the number X, that is, Y i + R i −X is returned.

Further, Rot (Y i, R i), when adding the key R i to encrypt the number Y i, the encryption number Y i, using the following equation (10), the upper digit Y u and An integer part divided into lower digits Y d is generated, and an integer Y i ′ is calculated using the upper digits Y u and the lower digits Y d .

Similar to equation (5), in equation (10), M is the bottom, and Cd is the number of lower digits in the encrypted number Y i . Cd is at least 1.

  Note that the first encryption unit 522 and the second encryption unit 523 may be executed a plurality of times. In this case, the first decryption unit 551 and the second decryption unit 552 described later are executed as many times as the first encryption unit 522 and the second encryption unit 523 are executed.

  The first replacement unit 53 configures a local part of an email address of a predetermined domain among email addresses included in the transmission source, destination, and message body of the email received by the transmission request reception unit 51. The character string to be replaced is replaced with the character string encrypted by the encryption unit 52.

  The communication control unit 54 refers to the header information of the email for the email whose local part has been replaced by the first replacement unit 53, and identifies the domain of the destination email address. And the communication control part 54 transmits the said email to the mail server corresponding to the domain of a transmission destination via the communication part 40. FIG. The e-mail is transmitted directly to a mail server corresponding to the destination domain or transmitted via one or a plurality of external devices.

  Further, the communication control unit 54 receives an e-mail including a mail address of a predetermined domain as a destination from the external device 3 via the communication unit 40.

  The decryption unit 55 refers to the header information of the email received by the communication control unit 54 and identifies the email address of the email destination. The decrypting unit 55 decrypts a character string that constitutes a local part of a mail address corresponding to a predetermined domain among the identified mail addresses, and converts the character string.

  In addition, the decrypting unit 55 decrypts the character string that forms the local part of the mail address of the predetermined domain, which is included in the message body of the e-mail received by the communication control unit 54. Perform conversion.

Hereinafter, the description will be made assuming that the character string constituting the local part of the mail address of the predetermined domain included in the received electronic mail is the integer Y i ′ encrypted by the encryption unit 52.

As shown in FIG. 4, the decoding unit 55 includes a first decoding unit 551 and a second decoding unit 552.
The first decryption unit 551 corresponds to the first encryption unit 522, and the second decryption unit 552 corresponds to the second encryption unit 523. That is, since the decoding by the first decoding unit 551 is performed after the decoding by the second decoding unit 552, the description will be made on the second decoding unit 552 here.

The second decryption unit 552 calculates the encrypted number Y i by substitution decryption from the integer Y i ′ substituted by the second encryption unit 523. Specifically, the second decryption unit 552 performs substitution-style decryption using the following formula (11), and calculates the encrypted number Y i .

The key R i shown in the equation is an integer used as a secret key for substitutional encryption, and is stored in the storage unit 30 as described above.

Rot −1 () returns a value obtained by subtracting the integer Y i ′ by the value of the key R i within a predetermined number X as a return value of the function. 'If the result of the key R i by subtracting the is less than 0, Rot -1 () is the number of encryption Y i, the integer Y i' Integer Y i less than 0 min by subtracting the R i in A value subtracted from the predetermined number X, that is, Y i −R i + X is returned as a return value of the function.

Further, Rot -1 () is 'when subtracting the R i, the integer Y i' Integer Y i for, the expression (10) as well as, divided integer part to the higher digit and lower digit And the encryption number Y i is calculated using the upper and lower digits.

The first decryption unit 551 uses the decryption key F stored in the storage unit 30 to calculate the remainder when the power of the encryption number Y i and the decryption key F as an exponent is divided by the product N. By calculating, the original number of the encrypted number Y i , that is, the integer X i is calculated. That is, the first decryption unit 551 calculates the original integer X i of the encrypted number Y i based on the following equation (12). Similar to the first encryption unit 522, the first decryption unit 551 calculates the original integer X i of the encrypted number Y i by using an iterative square method (fast power method). The detailed processing of the first decryption unit 551 is the same as the processing of the first encryption unit 522, and thus description thereof is omitted.

The decoding unit 55 (first decoding unit 551) removes a predetermined character string from the character string obtained by decoding. That is, the decrypting unit 55 uses a character string obtained by decrypting a character string added by zero padding as a predetermined character string, or a character string corresponding to a user name corresponding to a mail address. By removing, these are converted into a character string before being concatenated. Thereby, the character string from which the predetermined character string is removed, that is, the character string X i before being encrypted is obtained.

The second replacement unit 56 is a character string that constitutes the local part of the email address of the email address of a predetermined domain among the email address received by the communication control unit 54 and the email address included in the message body. Is replaced with the character string X i decrypted by the decrypting unit 55.

  The storage control unit 57 stores the email in which the local part is replaced by the second replacement unit 56 in the mail box 31.

  The reception request reception unit 58 receives an electronic mail reception request from the terminal 2. The reception request includes account information. The reception request reception unit 58 collates the account information included in the reception request with the account information stored in the storage unit 30. Subsequently, when there is matching account information, the reception request receiving unit 58 specifies a mail address of a predetermined domain associated with the account information. Subsequently, the reception request receiving unit 58 extracts an e-mail addressed to the specified e-mail address from the mail box 31, and transmits the e-mail to the terminal 2 that has made the reception request.

Next, a processing flow in the mail server 1 will be described with reference to FIGS.
FIG. 5 is a flowchart showing a flow of processing relating to transmission of an e-mail in the mail server 1 according to the present embodiment.

In step S <b> 1, the control unit 50 (transmission request receiving unit 51) receives an e-mail transmission request from the terminal 2.
In step S <b> 2, the control unit 50 (transmission request receiving unit 51) determines whether a mail address of a predetermined domain is included in the destination. If this determination is YES, the control unit 50 (transmission request receiving unit 51) moves the process to step S3. Moreover, the control part 50 moves a process to step S4, when this determination is NO.

In step S <b> 3, the control unit 50 (transmission request receiving unit 51) stores the e-mail for which a transmission request is made in the mail box 31.
In step S4, the control unit 50 (transmission request receiving unit 51) determines whether or not the mail address included in the destination is only a mail address of a predetermined domain. When this determination is YES, the control unit 50 (transmission request receiving unit 51) ends the processing according to this flowchart. When this determination is NO, the control unit 50 (transmission request receiving unit 51) moves the process to step S5.

  In step S5, the control unit 50 (encryption unit 52) encrypts the character string that forms the local part of the mail address of the predetermined domain included in the e-mail to be transmitted, thereby Perform conversion.

  Specifically, the control unit 50 (encryption unit 52) encrypts a character string that constitutes a local part of a mail address of a transmission source of a transmission target electronic mail. In addition, when the email address of the predetermined domain is included in the destination of the email to be transmitted, the control unit 50 (encryption unit 52) encrypts the character string constituting the local part of the email address. In addition, when the mail body of a predetermined domain is included in the message body of the e-mail to be transmitted, the control unit 50 (encrypting unit 52) encrypts the character string that forms the local part of the mail address. . The encryption process in step S5 will be described in detail with reference to FIG.

  In step S6, the control unit 50 (first replacement unit 53) converts the character string forming the local part of the mail address of the predetermined domain included in the e-mail to be transmitted into the character string converted in step S5. Replace.

  Specifically, the control unit 50 (first replacement unit 53) replaces the character string in the local part of the mail address of the transmission source of the e-mail to be transmitted with the character string converted in step S5. Further, the control unit 50 (first replacement unit 53) converts the character string constituting the local part of the mail address of the predetermined domain included in the destination of the e-mail to be transmitted into the character string converted in step S5. Replace. Further, the control unit 50 (first replacement unit 53) replaces the mail address of the predetermined domain included in the message body of the e-mail to be transmitted with the character string converted in step S5.

  In step S7, the control unit 50 (communication control unit 54) transmits the electronic mail in which the character string of the local part is replaced in step S6 based on the domain of the destination mail address.

  FIG. 6 is a flowchart showing a detailed flow of the encryption process shown in step S5 of FIG.

In step S51, the control unit 50 (first encryption unit 522) performs the binary expansion of an integer E, on the basis of the deployable, the multiplication E integers X i, a power of 2 k of the integer X i Expands to the product of

In step S52, the control unit 50 (first encryption unit 522) sets k to 0.
In step S < b> 53, the control unit 50 (first encryption unit 522) calculates a remainder when the 2 k power of the integer X i is divided by the product N. Specifically, the control unit 50 (the first encryption unit 522) squares the remainder obtained by dividing the 2k -1 power of the integer X i calculated immediately before by the product N, and further multiplies this value. The remainder when dividing by N is calculated. In addition, the control unit 50 (first encryption unit 522) converts the integer X i into a sum of a plurality of integers based on the above equation (5) so that overflow does not occur, and the converted integer based on the squared 2 k integer X i calculates a remainder when divided by the product N.

In step S54, the control unit 50 (first encryption unit 522) adds 1 to k.
In step S55, the control unit 50 (first encryption unit 522) determines whether k is larger than n. If this determination is YES, control unit 50 (first encryption unit 522) moves the process to step S56, and if this determination is NO, the process moves to step S53.

In step S56, the control unit 50 (first encryption unit 522) sets the remainder when the integer X i to the E power is divided by the product N based on the remainder calculated in step S53 as the encrypted number Y i. calculate.

In step S57, the control unit 50 (second encryption unit 523) uses the key R i stored in the storage unit 30 to perform the substitution cipher of the encryption number Y i based on the equation (9). And calculate the integer Y i ′.

  FIG. 7 is a flowchart showing a flow of processing related to reception of an email in the mail server 1 according to the present embodiment.

  In step S11, the control unit 50 (communication control unit 54) receives an e-mail including a mail address of a predetermined domain as a destination from an external device.

  In step S12, the control unit 50 (decryption unit 55) decrypts the character string that forms the local part of the mail address of the predetermined domain included in the electronic mail received in step S11.

  Specifically, the control unit 50 (decryption unit 55) decrypts the character string constituting the local part of the mail address of the predetermined domain included in the destination of the e-mail received by the communication control unit 54. And the character string is converted. In addition, the decrypting unit 55 decrypts the character string that forms the local part of the mail address of the predetermined domain, which is included in the message body of the e-mail received by the communication control unit 54. Perform conversion.

  In step S13, the control unit 50 (second replacement unit 56) obtains the character string constituting the local part of the e-mail address received in step S11 and the e-mail address of the predetermined domain included in the message body, in step S12. Replace with the decrypted character string.

  In step S <b> 14, the control unit 50 (storage control unit 57) stores the e-mail in which the local part is replaced in step S <b> 13 in the mail box 31. The e-mail stored in the mail box 31 is received by the reception request reception unit 58 from the terminal 2 and is transmitted to the terminal 2 when the account information included in the reception request is valid. The

  FIG. 8 is a flowchart showing a detailed flow of the decoding process shown in step S12 of FIG.

In step S121, the control unit 50 (second decryption unit 552) uses the key R i stored in the storage unit 30 to perform substitution by the second encryption unit 523 based on the above-described equation (11). The encryption number Y i is calculated from the formula-encrypted integer Y i ′.

In step S122, the control unit 50 (first decoding unit 551) performs the binary expansion of the encrypted number Y i, on the basis of the deployable, the multiplication F encryption number Y i, the number of encryption Expands to a product of Y i raised to a power of 2 k .

In step S123, the control unit 50 (first decoding unit 551) sets k to 0.
In step S124, the control unit 50 (first decoding unit 551) is raised to the power 2 k encryption number Y i, and calculates a remainder when divided by the product N. Specifically, the control unit 50 (first decryption unit 551) squares the remainder obtained by dividing the 2 k-1 power of the encryption number Y i calculated immediately before by the product N, and further calculates this value. Is calculated by dividing the product by the product N. Further, the control unit 50 (first decryption unit 551) converts the encrypted number Y i into a sum of a plurality of integers based on the above equation (10) so as not to overflow, and the converted number Y i is converted. based on the integer to calculate the remainder in the case where the multiplication 2 k encryption number Y i obtained by dividing the product N.

In step S125, the control unit 50 (first decoding unit 551) adds 1 to k.
In step S126, the control unit 50 (first decoding unit 551) determines whether k is larger than n. When this determination is YES, control unit 50 (first decoding unit 551) moves the process to step S127, and when this determination is NO, the process moves to step S124.

In step S127, the control unit 50 (first decryption unit 551) sets the remainder when the encrypted number Y i is divided by the product N to the integer X i based on the remainder calculated in step S124. Calculate (decode).

  As described above, according to the present embodiment, the mail server 1 encrypts the character string in the local part of the mail address of the transmission source of the e-mail to be transmitted by the encryption unit 52, and transmits by the first replacement unit 53. The local part of the target electronic mail is replaced with the encrypted character string, and the decrypted part 55 receives the character string of the local part of the mail address corresponding to the predetermined domain among the mail addresses of the destination of the received electronic mail. The second replacement unit 56 replaces the local part of the received electronic mail with the decrypted character string.

  By doing in this way, the mail server 1 can transmit an electronic mail including an existing mail address after encrypting the local part when transmitting it to an external device via the Internet. Thereby, for example, even if the local part of the existing mail address has a short number of digits (for example, 6 digits), the character string in the local part can be converted into a character string with a long number of digits by encryption. Therefore, the mail server 1 can easily improve security while using an existing mail address.

  Further, the mail server 1 uses the encryption unit 52 to concatenate a predetermined character string to the local character string of the mail address of the transmission source of the e-mail received by the transmission request receiving unit 51, and Encryption is performed, the second replacement unit 56 removes the predetermined character string from the character string decrypted by the decryption unit 55, and the local part of the email received by the communication control unit 54 is replaced with the predetermined character string. Replace the string with the column removed.

  In this way, the mail server 1 performs more complicated encryption by adding a step of concatenating character strings as compared with the case of encrypting a character string of a predetermined number of digits as it is, Address security can be increased.

  Further, the mail server 1 causes the transmission request receiving unit 51 to directly store the e-mail in the storage unit 30 when the received e-mail destination includes a mail address of a predetermined domain.

  When a mail address of a predetermined domain is included as a destination, it is an in-house mail. In this case, since the e-mail is stored in the storage unit 30 without converting the e-mail address as usual, the mail server 1 causes the user as the destination, that is, the in-house user to use the e-mail as usual. be able to.

  The embodiment of the present invention has been described above, but the present invention is not limited to the present embodiment, and modifications, improvements, and the like within the scope that can achieve the object of the present invention are included in the present invention.

  In the embodiment described above, the mail server 1 encrypts and decrypts the local part of the mail address, but the present invention is not limited to this. For example, the local part of the mail address may be encrypted and decrypted in the gateway server.

DESCRIPTION OF SYMBOLS 1 Mail server 10 Display part 20 Input part 30 Storage part 40 Communication part 50 Control part 51 Transmission request reception part 52 Encryption part 521 Key generation part 522 1st encryption part 523 2nd encryption part 53 1st substitution part 54 Communication Control unit 55 Decoding unit 551 First decoding unit 552 Second decoding unit 56 Second replacement unit 57 Storage control unit 58 Reception request receiving unit

Claims (4)

  1. A reception unit that receives an e-mail and a transmission request to an arbitrary destination of the e-mail;
    If the e-mail received by the receiving portion address including an email address other than the predetermined domain, the e-mail transmission source of the destination string of local portions of the e-mail address corresponding to the predetermined domain of the email address It does not depend on the information that can specify a preset predetermined encryption rows Utotomoni, the e-mail address of the predetermined domain email address corresponding local portion of the character string of the predetermined encryption of the email performs reduction, intends further wherein when a mail address corresponding to the e-mail the predetermined domain message body contains the row the predetermined encryption string in the local portion of the email address corresponding to the predetermined domain An encryption unit;
    Among the transmission source mail address of the e-mail received by the receiving unit, a local portion of the email address corresponding to the predetermined domain, as well as replacing the encrypted string by the encryption unit, the electronic mail The local part of the mail address corresponding to the predetermined domain is replaced with the character string encrypted by the encryption part, and further corresponds to the predetermined domain included in the message body of the e-mail A first replacement unit that replaces the local part of the e-mail address with the character string encrypted by the encryption unit;
    The sender by the first replacement unit, the destination, and an e-mail local part of the e-mail address corresponding to the predetermined domain is replaced among the mail address included in the message body to the destination of the electronic mail A transmission unit for transmission;
    A receiver for receiving an e-mail of the predetermined domain,
    The predetermined domain included in the message body of the e-mail, while decrypting the character string of the local part of the e-mail address corresponding to the predetermined domain among the e-mail destination e-mail addresses received by the receiving unit A decryption unit that decrypts a character string in the local part of the email address corresponding to
    The local part of the mail address corresponding to the predetermined domain is replaced with the character string decrypted by the decryption part among the mail addresses of the destination of the electronic mail received by the reception unit , and the email A second replacement unit that replaces the local part of the mail address corresponding to the predetermined domain among the mail addresses included in the message body with the character string decrypted by the decryption unit;
    A storage control unit for storing in the storage unit the e-mail in which the local unit is replaced by the second replacement unit;
    A mail server with
  2. The encryption unit concatenates a predetermined character string to the local character string of the email address of the e-mail received by the accepting unit, encrypts the concatenated character string,
    The second replacement unit removes the predetermined character string from the character string decrypted by the decryption unit, and the predetermined character string removes the local part of the email received by the receiving unit. Replace with the specified string,
    The mail server according to claim 1.
  3. When the reception unit includes a mail address of the predetermined domain in a destination of the received email, the reception unit directly stores the email in the storage unit,
    The mail server according to claim 1 or 2.
  4. A mail sending / receiving method for sending and receiving e-mail,
    An accepting step for accepting an e-mail and a transmission request to an arbitrary destination of the e-mail;
    Wherein if the accepted e-mail address in the reception step comprises an email address other than the predetermined domain, the e-mail the destination string of local portions of the e-mail address corresponding to the predetermined domain of the transmission source mail address of It does not depend on the information that can specify a preset predetermined encryption rows Utotomoni, the e-mail address of the predetermined domain email address corresponding local portion of the character string of the predetermined encryption of the email performs reduction, intends further wherein when a mail address corresponding to the e-mail the predetermined domain message body contains the row the predetermined encryption string in the local portion of the email address corresponding to the predetermined domain An encryption step;
    Wherein one of said transmission source mail address of the e-mail reception in the reception step, a local portion of the email address corresponding to the predetermined domain, as well as replacing the encrypted string in the encrypting step, the electronic mail The local part of the mail address corresponding to the predetermined domain is replaced with the character string encrypted in the encryption step, and further corresponds to the predetermined domain included in the message body of the email A first replacement step of replacing the local part of the mail address to be replaced with the character string encrypted in the encryption step;
    The source in the first replacement step, the destination, and an e-mail local part of the e-mail address corresponding to the predetermined domain is replaced among the mail address included in the message body to the destination of the electronic mail A sending step to send;
    A receiving step of receiving an e-mail of the predetermined domain,
    The predetermined domain included in the message body of the e-mail, while decrypting the local character string of the e-mail address corresponding to the predetermined domain among the e-mail destination e-mail addresses received in the receiving step A decryption step for decrypting the character string in the local part of the email address corresponding to
    The local part of the mail address corresponding to the predetermined domain is replaced with the character string decrypted in the decryption step among the mail addresses of the destination of the electronic mail received in the reception step. A second replacing step of replacing the local part of the mail address corresponding to the predetermined domain among the mail addresses included in the message body with the character string decrypted in the decrypting step;
    A storage control step of storing in the storage unit the email in which the local part is replaced in the second replacement step;
    Email sending and receiving method including.
JP2012200462A 2012-09-12 2012-09-12 Mail server and mail transmission / reception method Active JP6223667B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2012200462A JP6223667B2 (en) 2012-09-12 2012-09-12 Mail server and mail transmission / reception method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2012200462A JP6223667B2 (en) 2012-09-12 2012-09-12 Mail server and mail transmission / reception method

Publications (2)

Publication Number Publication Date
JP2014056392A JP2014056392A (en) 2014-03-27
JP6223667B2 true JP6223667B2 (en) 2017-11-01

Family

ID=50613654

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2012200462A Active JP6223667B2 (en) 2012-09-12 2012-09-12 Mail server and mail transmission / reception method

Country Status (1)

Country Link
JP (1) JP6223667B2 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4548914B2 (en) * 2000-08-24 2010-09-22 秀治 小川 E-mail server device, e-mail service method, as well as, the information recording medium
JP2003196216A (en) * 2001-12-27 2003-07-11 Nobuhiko Ido Electronic mail address processing system
JP2005010879A (en) * 2003-06-17 2005-01-13 Nec Commun Syst Ltd Electronic mail system and electronic mail server
JP2006244318A (en) * 2005-03-04 2006-09-14 Murata Mach Ltd Electronic mail relay device
JP2008139926A (en) * 2006-11-30 2008-06-19 Database Consultants Corp Email server apparatus and email server program

Also Published As

Publication number Publication date
JP2014056392A (en) 2014-03-27

Similar Documents

Publication Publication Date Title
US9106426B2 (en) Username based authentication and key generation
US20130046986A1 (en) Electronic data communication system
US20110307707A1 (en) Method and system for securing a file
US20070180230A1 (en) Bcencryption (BCE) - a public-key based method to encrypt a data stream
US20030138105A1 (en) Storing keys in a cryptology device
US8284933B2 (en) Encrypting variable-length passwords to yield fixed-length encrypted passwords
US7979696B2 (en) System and method of providing security
CN105122721B (en) For managing the method and system for being directed to the trustship of encryption data and calculating safely
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
US8694467B2 (en) Random number based data integrity verification method and system for distributed cloud storage
US20070028088A1 (en) Polymorphic encryption method and system
ES2445535T3 (en) Cryptographic system, cryptographic communication method, encryption device, key generation device, decryption device, content server, program, and storage medium
CN1455341A (en) Method for long-distance changing of communication cipher code
US9754114B2 (en) Automated contact list matching with improved privacy
US9461817B2 (en) Method and system for encrypting JavaScript object notation (JSON) messages
KR20050034238A (en) Security system using RSA algorithm and method thereof
JP2006504362A (en) Secure communication
US8560843B1 (en) Encrypted universal resource identifier (URI) based messaging
US8934625B2 (en) Method and system for securing communication
KR100636232B1 (en) Method and apparatus for checking proximity between devices using hash chain
KR101267109B1 (en) Cryptographic primitives, error coding, and pseudo-random number improvement methods using quasigroups
Hussain et al. An efficient approach for the construction of LFT S-boxes using chaotic logistic map
US7190791B2 (en) Method of encryption using multi-key process to create a variable-length key
Pachghare Cryptography and information security
US20070195952A1 (en) Method And System For Computational Transformation

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20150826

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20160714

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20160719

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160831

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20161025

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20161212

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20170112

A911 Transfer of reconsideration by examiner before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20170131

A912 Removal of reconsideration by examiner before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A912

Effective date: 20170217

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20170809

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20170830

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20171004

R150 Certificate of patent or registration of utility model

Ref document number: 6223667

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150