JP6780410B2 - Email forwarding method, email forwarding device and email forwarding program - Google Patents

Description

The present invention relates to a mail forwarding method, a mail forwarding device and a mail forwarding program, and more particularly to a mail forwarding method, a mail forwarding device and a mail forwarding program capable of both checking the contents of an e-mail and encrypting an e-mail.

There is an encryption technology that encrypts mail data such as attachments when sending mail so that the information of the mail data cannot be read by anyone other than the expected destination. As a method of realizing the encryption technology, there is a method in which encryption is executed between mail clients. There is also a method of encrypting the communication path between mail servers instead of performing encryption on the mail data.

For example, TLS (Transport Layer Security) is a method for encrypting a communication path between mail servers. The method of encrypting the communication path is not used unless the mail system used in the mail server supports the method.

In addition, since the method of encrypting the communication path is used, the administrator is required to set the mail system to use the method. That is, even if a method for encrypting a communication path is desired to be introduced, the end user of the mail system cannot respond to the introduction.

For example, S / MIME (Secure Multipurpose Internet Mail Extensions) is a method of performing encryption between mail clients. If a method is used in which encryption is performed between mail clients, each mail client is required to correspond to the method used.

In addition to responding to the method used, the mail client is required to obtain the public key of the communication partner in advance. Since the load of obtaining the public key of each communication partner is heavy for the mail client, there is an operational problem in the method of performing encryption between the mail clients.

Since each of the above two methods has drawbacks as described above, in general, a plurality of files are combined into one (that is, archived) so that the contents cannot be read for the combined files. The method of setting a password for is used. There is also a way to set a password for the encrypted file. Compression software that encrypts files using the above method includes, for example, zip and 7-zip.

When the above method is used, the file is decrypted with the set password. That is, the set password is used as an encryption key for encryption and a decryption key for decryption.

Patent Documents 1 to 3 describe techniques for encrypting an attached file when sending an e-mail and transmitting the e-mail and the encrypted password to a recipient. Patent Document 1 describes an e-mail transmission method that automatically encrypts an attached file when an e-mail is transmitted.

Further, Patent Document 2 describes an attachment file encryption method in which an encryption key is generated by a mail server when an email is transmitted and an attachment file of the email is encrypted. Further, Patent Document 3 describes a mail encryption / decryption control device that encrypts an attached file with a mail server in consideration of the thread to which the mail belongs when the mail is transmitted.

Japanese Unexamined Patent Publication No. 2005-285111 Japanese Unexamined Patent Publication No. 2008-219742 Japanese Patent No. 5339289

In the e-mail transmission method described in Patent Document 1, the password set in each personal computer (PC) of the sender is used for encryption. That is, unless the sender resets the password on the PC, the same password is used for encryption, so there is a high risk of password leakage.

In contrast to the above method, the attached file encryption method described in Patent Document 2 and the mail encryption / decryption control device described in Patent Document 3 encrypt the attached file using a different key for each mail. .. However, the following problems may occur in the operation of the mail system in which the method of encrypting the attached file using a different password for each mail is used.

The first problem is that both the sender and the receiver of encrypted mail (hereinafter, also referred to as encrypted mail) are required to manage the key. When key management is required, as the number of keys increases, the management cost such as the time required for management naturally increases. That is, key management becomes complicated for the sender and the receiver.

For example, the recipient of the encrypted mail holds a decryption key obtained in advance to confirm the contents of the encrypted mail. When holding, the recipient is required to manage the decryption key in association with the encrypted mail to be decrypted.

In the above case, if the decryption key is different for each encrypted mail, the decryption key to be managed increases as the encrypted mail is received many times. That is, since the management cost of the decryption key increases, the management of the decryption key becomes complicated for the receiver.

For example, in the attachment file encryption method described in Patent Document 2, an encryption key is generated for each delivered email, and the attachment file of the email is encrypted. The recipient of the mail is required to access the mail server and obtain the decryption key when decrypting the encrypted file. That is, since the recipient is required to acquire the decryption key for the number of mails and manage the acquired decryption key, the key management becomes complicated for the recipient.

Further, the mail encryption / decryption control device described in Patent Document 3 uses the body of the message transmitted immediately before belonging to the same thread or the information contained in the message transmitted immediately before as the encryption key. That is, since the mail encryption / decryption control device encrypts the attached file using a different key for each mail, the key management becomes complicated for the recipient.

The second problem is that the mail server cannot read the contents of the encrypted mail, and cannot check the contents of the mail or scan the mail for viruses. The mail server is set to check whether the mail contains confidential information as a measure against information leakage, and to scan whether it contains a virus or malware that is malicious software. May be.

Even with the above settings, the mail server cannot decrypt the encrypted mail and cannot read the contents of the mail. That is, since the mail server cannot check the contents of the mail, the confirmation of the existence of confidential information and the virus scan may be omitted. If the set processing is omitted, information leakage or virus infection to the receiving side may occur.

FIG. 13 is a block diagram showing a configuration example of a general mail server device. The mail server device 100 shown in FIG. 13 is an SMTP server device that transfers e-mails by, for example, SMTP (Simple Mail Transfer Protocol).

The mail server device 100 shown in FIG. 13 includes an internal transmission / reception unit 110, an external transmission / reception unit 120, and a confirmation unit 130. Further, the confirmation unit 130 includes a content confirmation unit 131.

Further, as shown in FIG. 13, the internal transmission / reception unit 110 is communicably connected to the internal network 200. The internal network 200 is a communication network within the organization in which the mail server device 100 manages the transmission and reception of mail to and from the outside. The internal network 200 is, for example, an internal network.

Further, as shown in FIG. 13, the external transmission / reception unit 120 is communicably connected to the external network 300. The external network 300 is a communication network outside the organization in which the mail server device 100 manages the transmission and reception of mail to and from the outside. The external network 300 is, for example, the Internet.

The internal transmission / reception unit 110 has a function of receiving mail transmitted from the outside of the mail server device 100. Further, the internal transmission / reception unit 110 has a function of transmitting mail to the outside of the mail server device 100.

The internal transmission / reception unit 110 receives the mail transmitted from the inside of the organization managed by the mail server device 100. Further, the internal transmission / reception unit 110 receives the mail transmitted from the outside of the organization managed by the mail server device 100 toward the inside of the organization, and transmits the mail to the destination.

The external transmission / reception unit 120 has a function of receiving an email transmitted from the outside of the mail server device 100. Further, the external transmission / reception unit 120 has a function of transmitting an email to the outside of the mail server device 100.

The external transmission / reception unit 120 receives mail transmitted from outside the organization managed by the mail server device 100. Further, the external transmission / reception unit 120 receives the mail transmitted from the inside of the organization managed by the mail server device 100 to the outside of the organization, and transmits the mail to the destination.

The confirmation unit 130 has a function of confirming the contents of the e-mail and confirming whether or not inappropriate contents such as confidential information and viruses are included in the sent e-mail.

The content confirmation unit 131 receives the mail data and confirms whether or not the content of the mail data contains a problem. The mail data received by the content confirmation unit 131 is specifically data including a character string according to the format defined in RFC 822. The email data includes the email header, body, and attachments.

The content confirmation unit 131 receives, for example, an email attachment. The content confirmation unit 131 confirms whether or not a problem is included in the text extracted from the attached file by using, for example, text pattern matching.

In addition, the content confirmation unit 131 may perform text pattern matching on the body of the email. The content confirmation unit 131 may decode the body of the email in order to perform text pattern matching.

As shown in FIG. 13, when the mail is delivered from the inside of the organization, the internal transmission / reception unit 110 receives the mail. Next, the confirmation unit 130 receives the received e-mail and confirms the content of the e-mail. The e-mail whose contents have been confirmed is passed to the external transmission / reception unit 120. Upon receiving the e-mail, the external transmission / reception unit 120 transmits the e-mail to the outside of the organization.

The mail server device 100 shown in FIG. 13 includes a confirmation unit 130 and does not include an encryption unit. That is, the sender of the email (particularly the sender of the organization) is required to encrypt the email in advance by the sender himself. After encryption, the sender sends an email to the mail server device 100. Therefore, the content confirmation unit 131 of the mail server device 100 cannot confirm the content of the encrypted mail (for example, the content of the attached file).

Therefore, there is a demand for a mail server device in which the key management cost is reduced as compared with the key management cost when a different password is set for each mail and encryption is executed. In addition, there is a demand for a mail server device that encrypts an email after confirming the content of the email.

[Purpose of Invention]
Therefore, an object of the present invention is to provide a mail forwarding method, a mail forwarding device, and a mail forwarding program that can reduce the cost of managing an encryption key used for mail encryption, which solves the above-mentioned problems. ..

The mail forwarding method according to the present invention is a mail forwarding method executed in a mail forwarding device that forwards an e-mail whose attached file is encrypted, and is a Message-ID indicating an e-mail that has been forwarded from the mail forwarding device in the past. And the encryption key used to encrypt the attached file of the forwarded e-mail are stored in association with each other, and any one of the Message-IDs included in the References described in the header of the e-mail to be forwarded is stored. The feature is that the encryption key corresponding to is extracted from the stored encryption key, and the attached file of the e-mail to be transferred is encrypted by using the extracted encryption key.

The mail forwarding device according to the present invention is a mail forwarding device that forwards an e-mail whose attached file is encrypted, and has a Message-ID indicating an e-mail forwarded from the mail forwarding device in the past and a forwarded e-mail. A storage unit that stores the encryption key used to encrypt the attached file in association with it, and a code corresponding to any one Message-ID included in References described in the header of the e-mail to be transferred. It is characterized by including an extraction unit that extracts an encryption key from a storage unit and an encryption unit that encrypts an attached file of an e-mail to be transferred by using the extracted encryption key.

The mail transfer program according to the present invention is a mail transfer program executed on a computer that transfers an e-mail whose attached file is encrypted, and has a Message-ID indicating to the computer an e-mail that has been transferred from the computer in the past. A storage process that associates and stores the encryption key used to encrypt the attached file of the forwarded e-mail, and any one Message-included in References described in the header of the e-mail to be forwarded. An extraction process that extracts the encryption key corresponding to the ID from the stored encryption key and an encryption process that encrypts the attached file of the e-mail to be transferred using the extracted encryption key are executed. It is characterized by letting it.

According to the present invention, the cost of managing the encryption key used for encrypting mail can be reduced.

It is a block diagram which shows the structural example of the 1st Embodiment of the mail transfer apparatus by this invention. It is a flowchart which shows the operation of the encryption process by the mail transfer apparatus 10 of 1st Embodiment. It is a block diagram which shows the structural example of the 2nd Embodiment of the mail server apparatus by this invention. It is explanatory drawing which shows the example of the thread information stored in the thread information storage part 142. It is explanatory drawing which shows the example of the thread correspondence key information stored in the key storage part 152. It is an activity diagram which shows the whole operation of the mail transmission processing by the mail server apparatus 100 of the 2nd Embodiment. It is an activity diagram which shows the operation of the thread ID acquisition process by the thread management unit 140 of the 2nd Embodiment. It is an activity diagram which shows the operation of the key acquisition process by the key management unit 150 of the 2nd Embodiment. It is an activity diagram which shows the whole operation of the mail reception processing by the mail server apparatus 100 of the 2nd Embodiment. It is explanatory drawing which shows the example of the mail sending process and mail receiving processing by a mail server apparatus 100. It is explanatory drawing which shows the example of the notification mail for notifying the decryption key and the encryption key. It is explanatory drawing which shows the other example of the mail sending process and mail receiving processing by a mail server apparatus 100. It is a block diagram which shows the configuration example of a general mail server apparatus.

Embodiment 1.
Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration example of a first embodiment of the mail transfer device according to the present invention. The mail forwarding device 10 according to the present invention is a mail forwarding device that forwards encrypted e-mails, and has a Message-ID indicating an e-mail that has been forwarded from the mail forwarding device 10 in the past and an encryption of the forwarded e-mails. Included in the storage unit 11 (for example, thread information storage unit 142 and key storage unit 152) that stores the encryption key used for encryption in association with each other, and References described in the header of the e-mail to be transferred. Transfer using the extraction unit 12 (for example, thread acquisition unit 141 and key acquisition unit 151) that extracts the encryption key corresponding to any one of the Message-IDs from the storage unit 11 and the extracted encryption key. It includes an encryption unit 13 (for example, an encryption unit 161) that encrypts the target e-mail.

Hereinafter, the encryption process by the mail transfer device 10 will be described. FIG. 2 is a flowchart showing the operation of the encryption process by the mail transfer device 10 of the first embodiment.

The extraction unit 12 refers to References described in the header of the e-mail to be forwarded (step S1). Next, the extraction unit 12 extracts the encryption key corresponding to any one Message-ID included in the referenced References from the storage unit 11 (step S2).

Next, the extraction unit 12 inputs the extracted encryption key to the encryption unit 13 (step S3). Next, the encryption unit 13 encrypts the e-mail to be forwarded using the input encryption key (step S4). After the encryption, the mail transfer device 10 ends the encryption process.

With such a configuration, the mail transfer device can reduce the cost of managing the encryption key used to encrypt the mail.

Further, the mail forwarding device 10 includes a determination unit (for example, a confirmation unit 130) for determining whether or not the e-mail to be forwarded before being encrypted is a transferable e-mail, and the encryption unit 13 includes a determination unit (for example, a confirmation unit 130). , The e-mail to be forwarded, which is determined by the determination unit to be a transferable e-mail, may be encrypted.

With such a configuration, the mail forwarding device can perform both mail encryption and mail content confirmation.

Further, the mail transfer device 10 includes a decryption unit (for example, decryption unit 162) that decrypts the encrypted attached file of the e-mail, and the storage unit 11 is the attached file encrypted with the encryption key of the e-mail. The decryption key for decrypting the e-mail is stored in association with the encryption key, and the extraction unit 12 stores the decryption key corresponding to any one Message-ID included in References described in the header of the e-mail to be transferred. Extracted from the storage unit 11, the decrypting unit may decrypt the encrypted attached file of the e-mail to be transferred by using the extracted decryption key.

With such a configuration, the mail transfer device can decrypt the encrypted attachment file of the mail by using the decryption key corresponding to the thread to which the received mail belongs.

In addition, the determination unit may determine whether or not the e-mail to be forwarded whose attached file has been decrypted is a transferable e-mail.

With such a configuration, the mail forwarding device can determine whether or not the received mail may be forwarded after confirming the contents.

Further, the mail transfer device 10 may transmit a decryption key for decrypting the attached file to the forwarding destination of the e-mail to be transferred in which the attached file is encrypted.

With such a configuration, the mail forwarding device can provide the recipient of the mail with a decryption key for decrypting the encrypted attachment of the mail.

Further, the mail transfer device 10 may transmit the encryption key stored in the storage unit 11 in association with the decryption key together with the decryption key.

With such a configuration, the mail forwarding device can provide an encryption key used by the mail recipient to reply to the mail.

Embodiment 2.
[Description of configuration]
Next, a second embodiment of the present invention will be described with reference to the drawings. FIG. 3 is a block diagram showing a configuration example of a second embodiment of the mail server device according to the present invention.

The mail server device 100 of the present embodiment reads the information of the mail to be encrypted and searches for the encryption key used for encryption. Further, the mail server device 100 generates an encryption key if the target encryption key does not exist when searching for the encryption key used for encryption. Further, the mail server device 100 reads the information of the mail to be decrypted and searches for the decryption key used for decryption.

Further, the mail server device 100 of the present embodiment is a device that holds an encryption key used for encrypting mail and a decryption key used for decrypting mail for each thread to which the mail belongs.

The mail server device 100 identifies the thread to which the mail to be encrypted belongs. If it is found that the encryption key used for encrypting the target mail is not held after the thread is identified, the mail server device 100 generates the encryption key.

Further, the mail server device 100 specifies the thread to which the mail to be decrypted belongs. If it is found that the decryption key used for decrypting the target mail is not held after the thread is identified, the mail server device 100 generates the decryption key.

The sender who uses the mail server device 100 sends the sent mail to the mail server device 100. The mail system in which the mail server device 100 is used may be a mail system having a mechanism in which the mail sent by the sender to the destination is forwarded to the mail server device 100 without being aware of the sender.

As shown in FIG. 3, the mail server device 100 includes an internal transmission / reception unit 110, an external transmission / reception unit 120, a confirmation unit 130, a thread management unit 140, a key management unit 150, and an encryption / decryption unit 160. Be prepared. The internal transmission / reception unit 110, the external transmission / reception unit 120, and the confirmation unit 130 of the present embodiment are the same as the internal transmission / reception unit 110, the external transmission / reception unit 120, and the confirmation unit 130 shown in FIG. 13, respectively.

The thread management unit 140 has a function of acquiring information about threads from mail data and managing the acquired information for each thread. The thread management unit 140 includes a thread acquisition unit 141 and a thread information storage unit 142.

The thread acquisition unit 141 has a function of receiving mail data and determining the thread to which the received mail belongs based on the information described in the mail header. The information described in the mail header used by the thread acquisition unit 141 of the present embodiment to determine the thread is Message-ID and References.

A thread generally means a collection of posts related to a certain topic, such as an electronic bulletin board system or an e-mail. The threads of this embodiment are distinguished based on the References contained in the header of the email.

References contains a list of other emails related to emails whose headers include References in replies and the like. Normally, in References, Message-ID, which is information for identifying emails, is specified for the number of related emails.

For example, server A sends mail A to server B, and then server B sends mail B, which is a reply mail to mail A, to server A. A Message-ID indicating mail A is specified in References of mail B. It is also considered that one new thread was created when the mail B was sent.

Next, the server A sends the mail C, which is a reply mail to the mail B, to the server B. Message-ID indicating mail A and Message-ID indicating mail B are specified in References of mail C, respectively. The thread acquisition unit 141 of the present embodiment refers to References of mail C and determines that mail A and mail B belong to the same thread (referred to as thread a).

Further, the server B sends the mail D, which is a reply mail to the mail C, to the server A. Message-ID indicating mail A, Message-ID indicating mail B, and Message-ID indicating mail C are specified in References of mail D, respectively. The thread acquisition unit 141 determines that the mail C belongs to the thread a by referring to the References of the mail D.

The thread information storage unit 142 has a function of storing thread information indicating the correspondence between the thread and the Message-ID. FIG. 4 is an explanatory diagram showing an example of thread information stored in the thread information storage unit 142.

The thread information shown in FIG. 4 is composed of a Message-ID and a thread ID. The e-mail indicated by the Message-ID included in the thread information shown in FIG. 4 belongs to the thread indicated by the thread ID included in the same thread information.

Further, referring to FIG. 4, it can be seen that the thread ID included in the first thread information from the top and the thread ID included in the third thread information from the top are the same. That is, the e-mail indicated by the Message-ID included in the first thread information from the top and the e-mail indicated by the Message-ID included in the third thread information from the top belong to the same thread.

The key management unit 150 has a function of associating and managing a thread ID, an encryption key, and a decryption key. The key management unit 150 includes a key acquisition unit 151, a key storage unit 152, and a key generation unit 153.

The key acquisition unit 151 has a function of acquiring an encryption key corresponding to the thread ID and a decryption key corresponding to the thread ID from the key storage unit 152. When the key information corresponding to the thread ID is not stored in the key storage unit 152, the key acquisition unit 151 uses the key generation unit 153 to generate the encryption key and the decryption key.

The key storage unit 152 has a function of storing thread-corresponding key information associated with a thread ID, an encryption key, and a decryption key. FIG. 5 is an explanatory diagram showing an example of thread-corresponding key information stored in the key storage unit 152.

The thread-corresponding key information shown in FIG. 5 is composed of a thread ID, an encryption key, and a decryption key. The e-mail belonging to the thread indicated by the thread ID included in the thread-compatible key information shown in FIG. 5 is encrypted with the encryption key included in the same thread-compatible key information.

In addition, the e-mail encrypted with the encryption key included in the thread-compatible key information is decrypted with the decryption key included in the same thread-compatible key information. Note that the thread-compatible key information may include only one key that plays both the role of the encryption key and the role of the decryption key.

The key generation unit 153 has a function of generating a unique pair of an encryption key and a decryption key. The key generation unit 153 generates a pair of encryption key and decryption key corresponding to the thread ID from the key acquisition unit 151 when the key information corresponding to the thread ID is not stored in the key storage unit 152. Receive instructions.

The key generation unit 153 inputs the generated encryption key and decryption key pair and the corresponding thread ID together to the key storage unit 152. The key storage unit 152 stores the input information as thread-compatible key information.

The encryption / decryption unit 160 has a function of receiving the mail data and the encryption key and encrypting the mail data by using the encryption key. Further, the encryption / decryption unit 160 has a function of receiving the encrypted mail data and the decryption key and decrypting the mail data using the decryption key. The encryption / decryption unit 160 includes an encryption unit 161 and a decryption unit 162.

The encryption unit 161 has a function of encrypting mail data by using the encryption key input from the key management unit 150. After encryption, the encryption unit 161 inputs the encrypted mail data to the external transmission / reception unit 120.

The decryption unit 162 has a function of decrypting the encrypted mail data by using the decryption key input from the key management unit 150. After decoding, the decoding unit 162 inputs the decrypted mail data to the confirmation unit 130.

The encryption unit 161 of the present embodiment encrypts the attached file portion of the mail. In the present embodiment, the encryption of the attached file of the mail is also simply referred to as the encryption of the mail. The encryption unit 161 can encrypt not only the attached file portion but also the body of the email.

When encrypting the body of an email, the encryption unit 161 creates a text data file indicating the body. Next, the encryption unit 161 turns the created file into an email attachment. The newly created attached file is the target of encryption by the encryption unit 161.

When the body of the email is encrypted by the above method, the encryption unit 161 deletes the body from the original email. The external transmission / reception unit 120 generates an e-mail to which a file indicating the body encrypted by the encryption unit 161 is attached, and transmits the generated e-mail. The recipient of the email can check the body of the original email by decrypting the attached file of the sent email.

With the above configuration, the mail server device 100 of the present embodiment can both confirm the contents of the mail and send the encrypted mail. When the mail server device 100 is used, the sender does not have to encrypt the mail. That is, the sender does not have to pay the key management cost to manage the encryption key at the time of transmission.

Further, since the mail server device 100 encrypts the mail, it is possible to prevent the sender from forgetting to encrypt the mail due to omission of work. Further, since the mail data itself is encrypted, data transmission / reception is realized while maintaining confidentiality regardless of whether the mail delivery route is encrypted or not.

[Explanation of operation]
Hereinafter, the operation of the mail server device 100 of the present embodiment when mail is delivered from the inside of the organization using the mail server device 100 to the outside of the organization will be described with reference to FIGS. 6 to 8. FIG. 6 is an activity diagram showing the overall operation of the mail transmission process by the mail server device 100 of the second embodiment.

The sender who uses the mail server device 100 attaches a file to the sent mail. Next, the sender sends the sent mail to the mail server device 100. When sending an email to the mail server device 100, the sender does not perform the encryption work.

The internal transmission / reception unit 110 of the mail server device 100 receives the mail sent from the sender of the organization (step S110). Next, the internal transmission / reception unit 110 passes the received mail to the confirmation unit 130.

Next, the content confirmation unit 131 of the confirmation unit 130 confirms whether or not there is a problem with the content of the transmitted email (step S120). If there is a problem with the content of the sent mail (condition [problem]), the confirmation unit 130 discards the passed sent mail (step S190). After discarding, the mail server device 100 ends the mail transmission process.

If there is no problem with the content of the sent mail (condition [no problem]), the confirmation unit 130 passes the mail data of the passed sent mail to the thread management unit 140.

Next, the thread acquisition unit 141 of the thread management unit 140 acquires the thread ID of the thread to which the sent mail belongs from the thread information storage unit 142 by using the information in the header portion of the passed mail data (step S130). .. Next, the thread management unit 140 passes the acquired thread ID and mail data to the key management unit 150.

Next, the key acquisition unit 151 of the key management unit 150 uses the passed thread ID to obtain an encryption key used for encrypting the outgoing mail and a decryption key used for decrypting the encrypted outgoing mail. Get (step S140). Next, the key management unit 150 passes the acquired key information and mail data to the encryption / decryption unit 160.

Next, the encryption unit 161 of the encryption / decryption unit 160 encrypts the attached file of the outgoing mail included in the passed mail data using the passed encryption key, and generates an encrypted mail (step S150). ). Next, the encryption / decryption unit 160 passes the generated encrypted mail to the external transmission / reception unit 120.

Next, the external transmission / reception unit 120 delivers the encrypted mail passed to the mail address specified as the destination (step S160).

Next, the key management unit 150 confirms whether or not the thread to which the delivered outgoing mail belongs is a new thread newly registered in the thread information storage unit 142 in this process (step S170). If the thread to which the sent mail belongs is not a new thread (condition [continuation thread]), the mail server device 100 ends the mail sending process.

When the thread to which the sent mail belongs is a new thread (condition [new thread]), the mail server device 100 is required to notify the destination of the encryption key and the decryption key corresponding to the thread.

The reason is that when the thread to which the outgoing mail belongs is a new thread, the recipient of the mail does not have the decryption key for decrypting the mail. The reason why the encryption key is also notified is that the recipient needs an encryption key corresponding to the decryption key when encrypting the reply mail.

In the case of a new thread, the key management unit 150 passes the encryption key, the decryption key, and information indicating the mail to which the key is applied to the external transmission / reception unit 120. The information indicating the target mail is, for example, the Message-ID described in the header.

Next, the external transmission / reception unit 120 delivers an email containing an encryption key, a decryption key, and information indicating the email to which the key is applied to the destination of the email (step S180). By the process of step S180, the destination of the mail is notified of the information indicating the encryption key and the decryption key. After delivering the mail, the mail server device 100 ends the mail sending process.

The sub-processes that constitute the mail transmission process will be described below. First, the thread ID acquisition process in step S130 will be described with reference to FIG. FIG. 7 is an activity diagram showing the operation of the thread ID acquisition process by the thread management unit 140 of the second embodiment.

In the thread acquisition unit 141 of the thread management unit 140, when References are described in the mail header of the mail data of the passed outgoing mail, the thread information including each Message-ID included in the References is stored in the thread information storage unit 142. Check if it is registered (step S131).

When at least one thread information including each Message-ID included in References is registered (condition [references value is registered]), the thread acquisition unit 141 sets the thread ID from the thread information storage unit 142. Acquire (step S132). The thread acquisition unit 141 acquires a thread ID included in the same thread information as the registered Message-ID. After the acquisition, the thread acquisition unit 141 performs the process of step S134.

When all the thread information including each Message-ID included in References is not registered (condition [references value is not registered]), the thread acquisition unit 141 newly sets the thread ID of the thread to which the outgoing mail belongs. Number (step S133). After the numbering, the thread acquisition unit 141 performs the process of step S134.

Note that the thread acquisition unit 141 executes the process of step S133 even when References itself is not described in the mail header of the mail data of the passed outgoing mail (condition [there is no References header]).

Next, the thread acquisition unit 141 stores the acquired thread ID or the generated thread ID in the thread information storage unit 142 in association with the Message-ID indicating the sent mail (step S134).

Next, the thread acquisition unit 141 returns the acquired thread ID or the generated thread ID and the mail data of the passed outgoing mail to the key management unit 150 (step S135). After returning, the thread management unit 140 ends the thread ID acquisition process.

Next, the key acquisition process in step S140 will be described with reference to FIG. FIG. 8 is an activity diagram showing the operation of the key acquisition process by the key management unit 150 of the second embodiment.

The key acquisition unit 151 of the key management unit 150 confirms whether or not the thread-corresponding key information including the thread ID passed to the key storage unit 152 is registered (step S141).

When the thread-compatible key information including the thread ID is registered (condition [information is registered]), the key acquisition unit 151 uses the encryption key and the decryption key included in the registered thread-compatible key information. Is obtained (step S142). After the acquisition, the key acquisition unit 151 performs the process of step S145.

When the thread-corresponding key information including the thread ID is not registered (condition [information is not registered]), the key acquisition unit 151 uses the key generation unit 153 to pass the encryption key for the thread ID. , And a new decryption key is generated (step S143).

Next, the key acquisition unit 151 adds the generated encryption key and decryption key to the key storage unit 152 in association with the passed thread ID (step S144). After the addition, the key acquisition unit 151 performs the process of step S145.

Next, the key acquisition unit 151 requests the acquired encryption key and decryption key, or the generated encryption key and decryption key, and the mail data of the transmitted outgoing mail, which is the request source of the encryption / decryption unit 160. Return to (step S145). After returning, the key management unit 150 ends the key acquisition process.

Hereinafter, the operation of the mail server device 100 of the present embodiment when mail is delivered from the outside of the organization to the address of the terminal inside the organization that uses the mail server device 100 will be described with reference to FIG. FIG. 9 is an activity diagram showing the overall operation of the mail reception process by the mail server device 100 of the second embodiment.

Senders outside the organization attach files to outgoing emails. Next, the sender sends the sent mail to the mail server device 100. When sending an email to the mail server device 100, the sender encrypts the attached file of the sent email using the key notified from the mail server device 100 as an encryption key.

The external transmission / reception unit 120 of the mail server device 100 receives the mail transmitted from the sender outside the organization (step S210). Next, the external transmission / reception unit 120 passes the mail data of the received mail (hereinafter, referred to as received mail) to the thread management unit 140.

Next, the thread acquisition unit 141 of the thread management unit 140 acquires the thread ID of the thread to which the received mail belongs from the thread information storage unit 142 by using the information in the header part of the mail data of the passed received mail ( Step S220).

In the thread ID acquisition process of step S220, the thread ID acquisition process shown in FIG. 7 is executed in the same manner as the mail transmission process. After the thread ID acquisition process is executed, the thread management unit 140 passes the acquired thread ID and the mail data of the received mail to the key management unit 150.

Next, the key acquisition unit 151 of the key management unit 150 acquires the decryption key used for decrypting the encrypted received mail and the encryption key corresponding to the decryption key by using the passed thread ID ((). Step S230).

In the key acquisition process of step S230, the key acquisition process shown in FIG. 8 is executed in the same manner as the mail transmission process. After the key acquisition process is executed, the key management unit 150 passes the acquired key information and the mail data of the received mail to the encryption / decryption unit 160.

Next, the decryption unit 162 of the encryption / decryption unit 160 decrypts the attached file of the received mail included in the passed mail data using the passed decryption key (step S240). Next, the encryption / decryption unit 160 passes the mail data of the received mail whose attached file has been decrypted to the confirmation unit 130.

Next, the content confirmation unit 131 of the confirmation unit 130 confirms whether or not the received mail is a mail that can be received by a terminal inside the organization without any problem (step S250). If there is a problem in the mail (condition [problem]), the confirmation unit 130 discards the mail data of the received mail passed (step S270). After discarding, the mail server device 100 ends the mail receiving process.

If there is no problem in the mail (condition [no problem]), the confirmation unit 130 passes the mail data of the received mail to the internal transmission / reception unit 110.

Next, the internal transmission / reception unit 110 delivers the decrypted received mail to the mailbox for the terminal inside the organization to which the received mail is addressed (step S260). After delivering the received mail, the mail server device 100 ends the mail receiving process.

As described above, if the sender outside the organization encrypts the mail by using the encryption key corresponding to the thread ID, the mail server device 100 can decrypt the mail at the time of reception. Further, the mail server device 100 can execute a content confirmation process such as a virus scan on the mail decrypted before being delivered to the destination.

Hereinafter, based on the mail transmission process and the mail reception process by the mail server device 100 described above, a case where the mail server device 100 of the present embodiment is used by both the sending side organization and the receiving side organization will be considered.

FIG. 10 is an explanatory diagram showing an example of a mail sending process and a mail receiving process by the mail server device 100. The mail server device 100A shown in FIG. 10 is a device used by the sending organization. The mail server device 100B shown in FIG. 10 is a device used by the organization on the receiving side.

Hereinafter, the mail transmission process by the mail server device 100A and the mail reception process by the mail server device 100B will be described with reference to FIG. After the sent mail is received, the thread management unit 140A of the mail server device 100A on the sending side acquires the thread ID of the thread to which the sent mail belongs (step S11).

Next, the key management unit 150A acquires the encryption key and the decryption key corresponding to the acquired thread ID (step S12). Next, the encryption unit 161A encrypts the sent mail using the acquired encryption key and creates an encrypted mail (hereinafter, also referred to as mail X) (step S13).

Before transmitting the mail X to the mail server device 100B on the receiving side, the mail server device 100A notifies the mail server device 100B of the acquired decryption key and encryption key by mail (step S14). FIG. 11 is an explanatory diagram showing an example of a notification email for notifying the decryption key and the encryption key.

As shown in FIG. 11, the format of the notification email may be predetermined. In the example shown in FIG. 11, the character string "AABBCCDD" following "enckey:" is the encryption key. The character string "EEFFGGHH" following "deckey:" is the decryption key. The character string following "Message-ID:" is the Message-ID indicating the encrypted mail to be sent later.

After the notification mail is received, the thread management unit 140B of the mail server device 100B on the receiving side acquires or generates a thread ID corresponding to the Message-ID indicating the encrypted mail (that is, mail X) (step S15). ).

Next, the key acquisition unit 151B of the key management unit 150B stores the notified encryption key and decryption key in the key storage unit 152B together with the thread ID obtained in step S15 (step S16). Using the stored information, the mail server device 100B can decrypt the encrypted mail belonging to the same thread as the mail X.

Next, the mail server device 100A transmits the mail X, which is an encrypted mail, to the mail server device 100B (step S17). Next, the thread management unit 140B of the mail server device 100B acquires the thread ID corresponding to the mail X again (step S18).

Since the decryption key for decrypting the encrypted mail is already stored in the key storage unit 152B, the key acquisition unit 151B acquires the decryption key using the acquired thread ID (step S19). Next, the decoding unit 162B decodes the mail X using the acquired decryption key (step S20). After being decrypted, the contents of the mail X are confirmed and delivered.

If the encrypted mail arrives before the notification mail, the mail server device 100B cannot decrypt the encrypted mail. If only the notification mail has not arrived, the mail server device 100B may return a temporary error for the arrived encrypted mail to the mail server device 100A. When a temporary error is returned, the mail server device 100A resends the encrypted mail after a while.

Next, the mail transmission process by the mail server device 100B and the mail reception process by the mail server device 100A will be described with reference to FIG. FIG. 12 is an explanatory diagram showing another example of the mail sending process and the mail receiving process by the mail server device 100.

Unlike the example shown in FIG. 10, in the example shown in FIG. 12, the organization that uses the mail server device 100A is the organization on the receiving side. Further, the organization that uses the mail server device 100B becomes the organization on the transmitting side.

The recipient of the mail X replies the mail to the mail X. Mail Y, which is a reply mail to mail X, belongs to the same thread as mail X. That is, the mail Y is a mail encrypted with the encryption key stored in the key storage unit 152B of the mail server device 100B.

After the mail Y is received, the thread management unit 140B of the mail server device 100B on the sending side acquires the thread ID of the thread to which the mail Y belongs (step S21). Next, the key management unit 150B acquires the encryption key corresponding to the acquired thread ID (step S22).

Next, the encryption unit 161B encrypts the mail Y using the acquired encryption key and creates an encrypted mail (step S23). After being encrypted, the mail Y is delivered to the mail server device 100A (step S24).

After the mail Y is received, the thread management unit 140A of the mail server device 100A acquires the thread ID corresponding to the mail Y (step S25). Since the decryption key corresponding to the thread ID of the thread to which the mail Y belongs is already stored in the key storage unit 152A of the mail server device 100A, the key acquisition unit 151A uses the acquired thread ID to obtain the decryption key. Obtain (step S26).

Next, the decoding unit 162A decrypts the mail Y using the acquired decryption key (step S27). As described above, the mail server device 100A on the receiving side can decrypt the encrypted reply mail and can confirm the contents of the decrypted mail.

As described above, since both organizations have the encryption key and the decryption key information held by the key storage unit, the mail encryption on the sending side and the mail decryption on the receiving side can be executed without any problem. To. Since encryption and decryption are performed together, both the sender and the receiver can check the contents of the email.

Further, if the mail decrypted by the mail server device on the receiving side is delivered to the recipient, the recipient does not have to perform the decryption operation on the received mail. That is, the key management cost of the recipient is reduced.

[Explanation of effect]
The mail server device of the present embodiment generates an encryption key used for encrypting the outgoing mail and a decryption key used for decrypting the encrypted mail, encrypts the mail data at the time of sending the mail, and encrypts the mail data together with the decryption key. Send the encryption mail to the destination.

The mail server device generates a key only when the thread to which the mail belongs is created. After the thread is created, the mail server device uses the same key for mail belonging to the same thread. By encrypting the mail by the mail server device, it is possible to reduce the encryption cost on the sending side and prevent forgetting to encrypt the mail. Further, by using the same key for the mails belonging to the same thread, the management cost of the decryption key on the receiving side is reduced when the mail exchange for one theme continues.

As described above, since the mail server device of the present embodiment uses a unique password for the mail for each thread, the e-mail transmission method described in Patent Document 1 is used for the risk of password leakage. It can be reduced more than if it were.

Moreover, since one decryption key is used for each thread, the number of decryption keys to be managed is reduced. That is, when the mail server device of the present embodiment is used, the attached file encryption method described in Patent Document 2 is used, or the mail encryption / decryption control device described in Patent Document 3 is used. Key management costs are reduced compared to when this is done.

The mail server device of the present embodiment includes a key management unit that generates an encryption key used for encryption and a decryption key used for decryption, and an encryption / decryption unit that encrypts a mail at the time of transmission. To be equipped. The key management unit generates a unique key for each thread to which the mail belongs. That is, the key management unit generates an encryption key and a decryption key when the thread is created. In addition, the key management unit uses the same key for mails belonging to the same thread after the thread is created. With the above configuration, the above-mentioned two problems are solved.

When the mail server device of the present embodiment is used, the same key is used for the mail belonging to the same thread, so that the total number of keys used is reduced when the mail exchange continues. That is, the key management cost on the receiving side is reduced, so that the first problem is solved.

Further, since the mail server device of the present embodiment includes an encryption unit, the sender does not have to perform encryption for each mail. Therefore, the mail data at the time of being sent to the mail server device is not encrypted. That is, the mail server device can confirm the contents of the mail before sending. The second problem is solved because the confirmation unit of the mail server device can execute confirmation processing for the presence or absence of confidential information and viruses on the sent mail before sending.

The mail transfer device 10 and the mail server device 100 of each embodiment are realized by, for example, a CPU (Central Processing Unit) that executes processing according to a program stored in a storage medium. That is, the storage unit 11, the extraction unit 12, the encryption unit 13, the internal transmission / reception unit 110, the external transmission / reception unit 120, the confirmation unit 130, the thread management unit 140, the key management unit 150, and the encryption / decryption unit 160 are, for example, programs. It is realized by the CPU that executes processing according to control.

Further, each part of the mail transfer device 10 and the mail server device 100 of each embodiment may be realized by a hardware circuit. As an example, the storage unit 11, the extraction unit 12, the encryption unit 13, the internal transmission / reception unit 110, the external transmission / reception unit 120, the confirmation unit 130, the thread management unit 140, the key management unit 150, and the encryption / decryption unit 160, respectively. It is realized by LSI (Large Scale Integration). Further, they may be realized by one LSI.

Since the present invention handles confidential information and personal information, the present invention is suitably applied to a mail system used by an organization that is required to confirm all the contents of mail sent to the outside.

10 Mail transfer device 11 Storage unit 12 Extraction unit 13 Encryption unit 100, 100A, 100B Mail server device 110 Internal transmission / reception unit 120 External transmission / reception unit 130 Confirmation unit 131 Content confirmation unit 140, 140A, 140B Thread management unit 141 Thread acquisition unit 142 Thread information storage unit 150, 150A, 150B Key management unit 151, 151A, 151B Key acquisition unit 152, 152A, 152B Key storage unit 153 Key generation unit 160 Encryption / decryption unit 161, 161A, 161B Encryption unit 162, 162A, 162B Decryptor 200 Internal network 300 External network

Claims (10)

A mail forwarding method performed by a mail forwarding device that forwards encrypted emails with attachments .
A Message-ID indicating an e-mail forwarded from the mail forwarding device in the past and an encryption key used for encrypting an attached file of the forwarded e-mail are stored in association with each other.
The encryption key corresponding to any one Message-ID included in References described in the header of the e-mail to be forwarded is extracted from the stored encryption keys.
A mail forwarding method characterized in that an attached file of the e-mail to be forwarded is encrypted by using an extracted encryption key. Determine if the email to be forwarded before the attachment is encrypted is a forwardable email,
The mail forwarding method according to claim 1, wherein an attachment file of an e-mail to be forwarded, which is determined to be a forwarding e-mail , is encrypted. A decryption key for decrypting an attached file encrypted with an e-mail encryption key is stored in association with the encryption key.
The decryption key corresponding to any one Message-ID included in References described in the header of the e-mail to be forwarded is extracted from the stored decryption keys.
The mail forwarding method according to claim 1 or 2, wherein the encrypted attachment file of the e-mail to be forwarded is decrypted by using the extracted decryption key. The mail forwarding method according to claim 3, wherein it is determined whether or not the email to be forwarded whose attached file has been decrypted is a forwardable email. The mail forwarding method according to claim 3 or 4, wherein a decryption key for decrypting the attached file is transmitted to a forwarding destination of the e-mail to be forwarded in which the attached file is encrypted. The mail forwarding method according to claim 5, wherein the encryption key stored in association with the decryption key is transmitted together with the decryption key. An email forwarding device that forwards encrypted emails with attachments
A storage unit that stores a Message-ID indicating an e-mail forwarded from the mail forwarding device in the past and an encryption key used for encrypting an attached file of the forwarded e-mail in association with each other.
An extraction unit that extracts the encryption key corresponding to any one Message-ID included in References described in the header of the e-mail to be forwarded from the storage unit, and an extraction unit.
A mail transfer device including an encryption unit that encrypts an attached file of the e-mail to be transferred by using an extracted encryption key. It is equipped with a determination unit that determines whether or not the e-mail to be forwarded before the attached file is encrypted is a transferable e-mail.
The mail transfer device according to claim 7, wherein the encryption unit encrypts an attached file of an e-mail to be forwarded, which is determined to be an e-mail that can be forwarded by the determination unit. An email forwarding program that runs on a computer that forwards encrypted emails with attachments .
On the computer
A storage process that stores a Message-ID indicating an e-mail transferred from the computer in the past and an encryption key used for encrypting an attached file of the transferred e-mail in association with each other.
An extraction process that extracts the encryption key corresponding to any one Message-ID included in References described in the header of the e-mail to be forwarded from the stored encryption keys, and the extracted encryption. A mail forwarding program for executing an encryption process that encrypts an attached file of the e-mail to be forwarded using an encryption key. On the computer
A judgment process for determining whether or not the e-mail to be forwarded before the attached file is encrypted is a transferable e-mail, and a transfer target for which the e-mail is determined to be forwardable by the determination process. The mail forwarding program according to claim 9, wherein an encryption process for encrypting an attached file of an e-mail is executed.

Images