JP7014994B2 - Email monitoring device and email monitoring program - Google Patents

Description

The present invention relates to, for example, a device or program that monitors received e-mails and makes only safe e-mails that are not infected with a computer virus available in a company or the like.

Email attachments that are encrypted with a password cannot be checked for viruses by email monitoring devices such as Unified Threat Management devices. This is because even if a virus check is applied to an attached file in an encrypted state, it cannot be properly checked, so the encryption must be decrypted. Therefore, Patent Document 1 described later discloses an invention relating to a mail monitoring device or the like that decrypts an attached file, performs a virus check, and provides an attached file without a problem.

When sending an e-mail with an encrypted attachment, the password for decryption is separately notified to the other party by e-mail, telephone, facsimile, etc. Therefore, in the mail monitoring device disclosed in Patent Document 1, first, when an e-mail with an encrypted attachment is received, only the encrypted attachment is temporarily stored. Then, the mail monitoring device sends a message requesting notification of the link information (link destination information) and password for linking to the save destination of the attached file to the e-mail excluding the temporarily saved attached file. Add and send to the destination (destination).

Then, the mail monitoring device receives a password for decryption from the receiving user of the e-mail who has linked (connected) to the storage destination of the attached file using the link information. The password provided is used to decrypt the stored encrypted attachment file, perform a virus check, and provide only the attachment file without any problem to the receiving device on the receiving user side. In this way, the receiving user of the e-mail with the encrypted attachment will download only the attachment that has been virus-checked and has no problem from the specified link separately from the e-mail to which it was attached. I am trying to be able to do it.

Japanese Unexamined Patent Publication No. 2016-63443

The password for encryption and decryption is changed fluidly each time an e-mail is sent to keep it as confidential as possible, and it is fixedly decided to prevent the password from being lost at a later date. There is. In addition, even when the password is changed in a fluid manner, for example, it may be set completely randomly using a tool that automatically encrypts and compresses the attached file. In addition, there are cases where fixed information such as the date of transmission is used, or where a plurality of passwords are determined in advance and used in rotation.

Here, if the password is decided at random each time an e-mail is sent, it is unavoidable that the receiving side must enter the password for virus check each time an e-mail is received. Is. However, if the password is fixedly set, it is troublesome for the receiving user to enter the password for the attached file for virus check each time the e-mail is received. Further, when a fixed information such as a date is used as a part of the password, or when a plurality of passwords are determined in advance and used in rotation, the password to be used can be predicted by the receiving side. Even if the password can be predicted in this way, it is desirable to avoid entering the password each time an e-mail is received.

In view of the above, the present invention makes it possible to decrypt a file encrypted and attached to an e-mail by preventing the receiving side from inputting a password as much as possible, saving time and effort, and keeping the password confidential. The purpose is to keep the password high.

In order to solve the above problem, the mail monitoring device of the invention according to claim 1 is used.
A storage means for storing the source identification information, the destination identification information, and the password in association with each other,
An encryption determination method for determining whether or not an encrypted file is attached to the received e-mail, and
When it is determined by the encryption determination means that an encrypted file is attached, a first decryption means that obtains a password that can be used from the storage means and performs encryption decryption,
A first updating means for processing the password used in the first decrypting means to update the storage means, and the first updating means.
A first checking means for checking a computer virus for the file that could be decrypted by the first decrypting means, and a first checking means.
If the password that can be used in the storage means is not stored, or if the password stored in the storage means cannot be decrypted , a URL (uniform resource locator) is assigned to the file. A storage method that temporarily saves to a predetermined file storage method,
The file attached to the received e-mail is deleted, a message including the URL is added to the e-mail to the effect that the file is separately saved, and the destination of the e-mail is sent. Providing means to provide to
A reception means for accepting the provision of a password for decrypting the file stored in the file storage means from the destination receiving the e-mail, and a reception means.
The URL is used to access the file temporarily stored in the file storage means, and the password received through the reception means is used to decrypt the file temporarily stored in the file storage means. The second decoding method and
A second updating means for processing the password used in the second decrypting means to update the storage means, and the second updating means.
A second checking means for checking the file that could be decrypted by the second decrypting means regarding a computer virus, and a second checking means.
It is characterized by having.

According to the present invention, by using the password stored in the storage means, it is possible to decrypt the file encrypted and attached to the e-mail so that the receiving side does not enter the password as much as possible. can. As a result, it is possible to save the trouble of the user (user) on the receiving side and keep the password confidentiality high.

It is a block diagram for demonstrating the configuration example of the mail monitoring apparatus of embodiment. It is a figure for demonstrating an example of the stored data of a password storage part. It is a flowchart which shows the mail monitoring process. It is a flowchart following FIG. It is a figure which shows the example of the received e-mail which a message was added. It is a flowchart which shows the provision process of the temporarily saved attachment file. It is a flowchart following FIG. It is a figure which shows the example of the password input screen. It is a figure which shows the example of the deletion notification of an attached file.

Hereinafter, an embodiment of the apparatus and program of the present invention will be described with reference to the drawings.

[Configuration example of mail monitoring device 1]
FIG. 1 is a block diagram for explaining a configuration example of the mail monitoring device of this embodiment. As shown in FIG. 1, for the mail monitoring device 1, a plurality of user PCs (Personal Computers) 2 (1), ..., 2 (n), which are information processing devices via a LAN (Local Area Network) 3. Is connected to configure a mail monitoring system. This mail monitoring system is formed in a company, for example, and each of the user PCs 2 (1), 2 (2), ..., 2 (n) is a business PC used by an employee.

Further, the mail monitoring device 1 is connected to the communication network 4. The communication network 4 is mainly the Internet, but is a telephone network that connects various information processing devices having communication functions to the Internet, a mobile phone network, and a Wi-Fi (registered trademark) standard wireless LAN (Local Area Network). ) Etc. are also included. That is, various information processing devices having communication functions such as IP telephone terminals, personal computers, tablet PCs (Personal Computers), and high-performance mobile phone terminals called smartphones can be connected to the communication network 4.

Further, a mail server device 5 that mediates the transmission / reception of e-mail is connected to the communication network 4. As is well known, e-mail is transmitted to and stored in a mailbox of a mail server device specified by an e-mail address of a target destination (destination). The user of the other party accesses the mail server device 5 through his / her own information processing device, downloads an e-mail addressed to him / her from his / her own mailbox, and uses it.

Consider, for example, a case where a user of user PC 2 (1) under the control of the mail monitoring device 1 acquires and uses an e-mail addressed to him / her (received e-mail). There are two types of e-mails, one is only the body of the e-mail and the other is the body of the e-mail with an attached file attached. Here, in the case of an e-mail containing only the text without an attached file, although there is something that leads to a malicious Web page, a so-called computer virus (hereinafter, simply referred to as a virus) is easily introduced. Can't be charged in. For this reason, it can be said that e-mail containing only the text is relatively safe.

However, the attached file can contain a virus that can be started just by opening it, so a virus check is required. Some attachments are attached directly to the email if the amount of data is relatively small. Also, in the case of an attached file with a large amount of data, there are some that are attached to an e-mail after the data is compressed. Further, in order to send the data to the other party with higher confidentiality, the data-compressed file is further encrypted and the encrypted compressed file is attached to the e-mail.

For uncompressed attachments, virus checking is possible. Also, in the case of an attached file with data compressed, virus check can be performed appropriately after compression and decompression. Further, in the case of an attached file that has been data-compressed and further encrypted, virus checking cannot be performed properly until after decryption and further compression / decompression.

However, for data-compressed and further encrypted attachments, for proper virus checking, for example, enter a fixed password each time you receive an email with an attachment. It's a hassle to do. Therefore, the mail monitoring device 1 of this embodiment stores a password that may be used in a predetermined recording medium, and uses this to perform decryption without bothering the user as much as possible. I am trying to do it.

Specifically, the user of the user PC 2 (1) is an e-mail with a data-compressed and encrypted attachment file attached from a certain source and an e-mail notifying the password for decryption (without attachment file). Suppose that the email address is sent as the destination. In this example, the two transmitted e-mails are received by the mail server device 5 and stored in the mailbox specified by the user's e-mail address of the user PC 2 (1).

The user of the user PC 2 (1) launches a mailer in the user PC 2 (1) in order to acquire the received e-mail addressed to him / her, and sends an e-mail acquisition request (reception request) addressed to him / her to the mail monitoring device 1. Send. Mailer (mail software) is software used to perform various processes for handling e-mail, such as receiving e-mail addressed to you and creating and sending e-mail to the other party. be.

The mail monitoring device 1 accesses the mail server device 5 in response to an e-mail acquisition request from the user PC 2 (1), and the mail specified by the e-mail address assigned to the user of the user PC 2 (1). Get (download) the received email from the box. Then, the mail monitoring device 1 determines whether or not an encrypted attachment file is attached to the acquired received e-mail.

Then, when an encrypted attached file is attached, a password that can be used is obtained from a predetermined recording medium, decryption is performed, compression / decompression is performed, and a virus check is performed. Then, the attached file having no problem in the virus check is provided to the user of the user PC 2 (1) as the transmission destination. However, it is assumed that the password that can be used for decryption does not exist in the predetermined recording medium, or that the password held in the predetermined recording medium cannot be decrypted.

In this case, as described above, the password notified by another e-mail is provided by the user of the user PC2 (1), the attached file is decrypted, compressed and decompressed, and a virus check is performed. conduct. Then, after confirming that there is no problem, the user PC 2 (1) is provided to the user. In this case, the information about the password used for decryption is updated to a predetermined recording medium. The update in this case will be added if there is no corresponding data, and will be updated if there is. This makes it possible to prepare a password for decrypting encrypted attachments attached to subsequent e-mails.

In addition, even if the attached file can be decrypted using the password held in the predetermined recording medium, the information about the password held in the predetermined recording medium is updated, and the password is updated. You will be able to grasp the usage status of. In this way, the password for decryption and its usage status are managed by the mail monitoring device 1.

A configuration example of the mail monitoring device 1 having such a function will be described. The mail monitoring device 1 includes a connection end 101T to the communication network 4, a communication I / F (interface) 101, and a control unit 102. The communication I / F 101 performs a process of converting data transmitted to the own machine through the communication network 4 into data in a format that can be processed by the own machine and taking in the data. Further, the communication I / F 101 converts the data to be transmitted from the own machine to the other party into data in a format to be transmitted, and performs a process of transmitting the data to the target destination through the communication network 4. Therefore, communication with the server device or the like connected to the communication network 4 is performed through the connection end 101T and the communication I / F 101.

Although not shown, the control unit 102 is a microprocessor in which a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and a non-volatile memory are connected via a CPU bus. The control unit 102 realizes a function of controlling each unit of the mail monitoring device 1. The password storage unit 103 includes a recording medium such as a hard disk and a driver thereof, and stores and holds information about a password for decrypting an encrypted attached file attached to a received e-mail.

FIG. 2 is a diagram for explaining an example of stored data of the password storage unit 103. As shown in FIG. 2, a password, a number of times of use, an update date, and other information are stored for each source address and destination address. The sender address is an e-mail address assigned to the sender (sender) of the e-mail. The destination address is an e-mail address assigned to the recipient (destination) of the e-mail.

Therefore, in the stored data of the password storage unit 103 shown in FIG. 2, the sender address is the sender (sender) who has sent the e-mail to the users of the user PCs 2 (1), ..., 2 (n). Email address. The destination address is an e-mail address assigned to the users of the user PCs 2 (1), ..., 2 (n) under the control of the mail monitoring device 1.

The password is a password used for decrypting an attached file encrypted and attached to an e-mail sent from the sender to the recipient. The number of times of use is the number of times that the password is used for decryption and the decryption is successful. The renewal date indicates the date when the password was added or the number of times of use was renewed. As other information, for example, necessary information such as the date when the password was registered (registration date) and the number of times the encryption decryption failed using the password (number of failures) can be recorded. To be done.

Then, in the case of the example shown in FIG. 2, in the case of an e-mail from the source address "aaaaaa @ ..." to the destination address "bbbbbb @ ...", the password "sakurasaku" is used for encryption of the attached file. It has been shown to be used in a fixed manner. Also, in the case of an e-mail from the sender address "cccccc @ ..." to the destination address "dddddd @ ...", the characters "xxxxx" and the date of the transmission date "last two digits of the Christian era 2" are used to encrypt the attached file. It is shown that the password formed by "digit date 2 digits" is used. Further, in the case of an e-mail from the source address "xxxxxx @ ..." to the destination address "yyyy @ ...", some attachment files are encrypted, such as "password", "stardust", "littlebear", and so on. It is shown that the password of is used repeatedly.

The attached file storage unit 104 includes a recording medium such as a hard disk and a driver thereof, and temporarily stores an attached file that cannot be decrypted. In this case, the attached files are those that could not be decrypted because the password that can be used is not stored in the password storage unit 103, and those that could not be decrypted by the password stored in the password storage unit 103. Includes both.

The compression / decompression unit 105 performs compression / decompression processing on the attached file whose data is compressed without being encrypted, and restores the attached file in the state before data compression. The compressed and decompressed attachments are ready for virus checking. The virus check unit 106 checks whether the attached file is infected with a computer virus.

In the virus check unit 106, the attached files to be checked for virus are originally uncompressed, data-compressed but compressed and decompressed, and data-compressed and encrypted. Includes decrypted, compressed and decompressed ones. Then, the virus check unit 106 provides the attached file that is not infected with the computer virus to the destination, and if the attached file is infected with the computer virus, the attached file is not provided to the destination. Notify the recipient of the reason why it cannot be provided.

Further, the mail monitoring device 1 includes a LAN connection end 107T to the LAN 3 and a LANI / F107. The LANI / F107 performs a process of converting the data transmitted through the LAN 3 into data in a format that can be processed by the own machine and taking the data. Further, the LANI / F107 converts the data provided to the subordinate terminals connected to the LAN3 into data in a format to be transmitted, and performs a process of transmitting the data to the target destination through the LAN3.

The mail monitoring device 1 communicates with each of the user PCs 2 (1), ..., 2 (n) connected to the LAN 3 through the LANI / F107 and the LAN connection end 107T. Then, each of the user PCs 2 (1), ..., 2 (n) is connected to the communication network 4 via the mail monitoring device 1, and can send and receive e-mails via the mail monitoring device 1. It has become.

The mail monitoring device 1 registers and manages what kind of terminal is connected to the LAN 3 in the non-volatile memory in the control unit 102. Specifically, information such as an IP (Internet Protocol) address and a MAC (Media Access Control address) address that can uniquely identify each terminal is associated and managed as a port number and a terminal ID. In addition, information required for sending and receiving e-mail such as mail server name (POP server name, SMTP server name), user name (account name), etc. is also input in advance by the user as mailer setting information, and the non-volatile memory. It is stored in memory.

The encryption determination unit 111 determines whether or not the e-mail (received e-mail) downloaded from the mail server device 5 has an encrypted attachment file attached. When the encryption determination unit 111 determines that the encrypted attachment file is attached, the encryption decryption unit 112 uses the encrypted attachment file stored in the password storage unit. Decrypt using a possible password. Further, in this embodiment, the decryption unit 112 also compresses and decompresses the decrypted attached file so that the virus check can be appropriately performed. The decryption unit 112 will check the attached file that has been decrypted by the virus check unit 106 described above.

The storage processing unit 113 temporarily stores only the encrypted attachment file in the attachment file storage unit 104 when the encrypted attachment file cannot be decrypted by the decryption unit 112. I do. The attached files that could not be decrypted here could not be decrypted because the available password was not stored in the password storage unit 103, and the password stored in the password storage unit 103 could be decrypted. Includes both of those that did not. In addition, the storage processing unit 113 deletes the attached file that could not be decrypted from the e-mail, and provides the e-mail to the destination with a message that the attached file cannot be provided because the virus cannot be checked. It also processes.

The storage file decryption unit 114 decrypts the encrypted attachment file temporarily stored in the attachment storage unit 104 by the storage processing unit 113 by receiving a password from the user to whom the e-mail is sent. I do. Further, in this embodiment, the storage file decryption unit 114 also performs compression / decompression processing on the decrypted attached file so that the virus can be appropriately checked. In the saved file decryption unit 114, the virus check unit 106 described above performs a virus check on the attached file that could be decrypted.

The password updating unit 115 performs a process in the decryption unit 112 or in the storage file decryption unit 114 to update the information regarding the password used for decryption to the password storage unit 103. If the decryption is successful in the decryption unit 112, it means that the encryption can be decrypted using the password of the password storage unit 103. Therefore, the number of times the corresponding data of the password storage unit 103 is used and the update date are updated. do.

If the decryption is unsuccessful in the decryption unit 112, it is the case that the encryption cannot be decrypted by using the password of the password storage unit 103. In this case, if the number of decryption failures is managed for the corresponding data of the password storage unit 103, the number of failures and the update date are updated.

If the storage file decryption unit 114 succeeds in decrypting the encryption, it means that the encryption can be decrypted by the password provided by the user of the user PC2 (1), ..., 2 (n). Therefore, the password updating unit 115 refers to the stored data of the password storage unit 103 using the source address, the destination address, and the password as key information. Then, when the corresponding data does not exist, the password update unit 115 supplements the usage count and the update date, additionally records the data, and when the corresponding data exists, the usage count and the update. Performs the process of updating the date.

If the save file decryption unit 114 does not succeed in decryption, it means that the encryption cannot be decrypted by the password provided by the user of the user PC2 (1), ..., 2 (n). .. In this case, there is a high possibility that the password notified by the user is incorrect, and the user will be required to enter the correct password. Therefore, if the save file decryption unit 114 does not succeed in decryption, the password is not updated.

As described above, the mail monitoring device 1 exists between the mail server device 5 and the user PCs 2 (1), ..., 2 (n) used by the destination user. Then, the mail monitoring device 1 also performs a virus check on the encrypted attachment file after appropriately decrypting the encrypted attachment file, deletes the attachment file infected with the computer virus, and has no problem with the attachment file. Is provided to the destination.

[Details of email monitoring process]
3 and 4 are flowcharts for explaining the mail monitoring process performed by the mail monitoring device 1. It is assumed that the mailer is started up by the subordinate user PCs 2 (1), ..., 2 (n) connected to the mail monitoring device through the LAN 3, and the e-mail reception request is transmitted. In this case, in the mail monitoring device 1 that has received the reception request, the control unit 102 mainly functions to execute the processing shown in the flowcharts of FIGS. 3 and 4. In the following, for the sake of simplicity, the user PC2 (1), ..., 2 (n) will be collectively referred to as the user PC2 unless it is necessary to distinguish them from each other.

The control unit 102 accesses the mail server device 5 and acquires the received e-mail for which the reception request has been made (step S101). Specifically, the control unit 102 receives an e-mail having an e-mail address assigned to the user of the requesting user PC2 stored in its own non-volatile memory as a destination address as a mail server. Obtained from device 5. Then, the control unit 102 determines whether or not the attached file is attached to the acquired received e-mail (step S102).

When it is determined in the determination process of step S102 that an attached file is attached to the acquired received e-mail, the control unit 102 determines whether or not the attached file is data-compressed (step S103). When it is determined in the determination process of step S103 that the attached file is data-compressed, the encryption determination unit 111 functions under the control of the control unit 102 to determine whether or not the attached file is encrypted. Is determined (step S104).

When it is determined in the determination process of step S104 that the attached file is not encrypted, the compression / decompression unit 105 executes the compression / decompression process for the attached file attached to the received e-mail, and attaches the attached file before data compression. Restore the file (step S105). After that, the virus check unit 106 executes a virus check on the compressed and decompressed attached file (step S106), and determines whether or not the file is infected with a virus (step S107).

When it is determined in the determination process of step S107 that the virus is not infected, the virus check unit 106 provides the received e-mail to which the attached file is attached to the destination as it is (step S108). Further, when it is determined in the determination process of step S107 that the virus is infected, the virus check unit 106 deletes the attached file from the received e-mail and provides the received e-mail to the destination. (Step S109). In step S109, since the attached file is infected with a virus, the destination is notified that the attached file has been deleted.

Further, when it is determined in the determination process of step S102 that the attached file is not attached to the acquired received e-mail, the control unit 102 performs the process from step S108 and provides the received e-mail to the destination. To do. Further, when it is determined in the determination process of step S103 that the attached file is not data-compressed, the control unit 102 checks the attached file for a virus (step S107). If there is no problem in the virus check, the e-mail is provided to the destination as it is (step S108), and if there is a problem, the attached file is deleted from the e-mail and the e-mail is sent to the destination . Provided (step S109).

Then, in the determination process of step S104, when it is determined that the attached file is encrypted, the control unit 102 performs the process from step S110 of FIG. In this case, the decryption unit 112 functions under the control of the control unit 102. Then, the decryption unit 112 refers to the stored data of the password storage unit 103 using the e-mail address of the sender of the received e-mail and the e-mail address of the destination as key information, and stores the available password. It is determined whether or not the password is present (step S110).

In step S110, first, it is confirmed whether or not there is password data in which the sender's e-mail address and the destination's e-mail address match and the number of times of use is equal to or greater than a predetermined threshold value. For example, since it is considered that a password that has been used 10 times or more is used fixedly, it is confirmed whether or not a password that has been used 10 times or more exists.

If there is no password data that has been used more than a predetermined threshold, it is confirmed whether or not there is a password that can be predicted from the password data that matches the e-mail address of the sender and the e-mail address of the destination. .. For example, if the transmission address in FIG. 2 is "cccccc @ ..." and the destination address is "dddddd @ ...", the password is predicted to be the transmission date "last two digits of the Christian era, two digits of the month, two digits of the day" in "XXXXX". Since it can be done, it can be determined that a predictable password exists.

If there is neither a password that has been used more than the threshold nor a predictable password, it is confirmed whether or not there is password data that matches the sender's e-mail address and the destination's e-mail address. For example, there are cases where some fixed passwords are used in rotation, as in the case where the transmission address in FIG. 2 is "xxxxxx @ ..." and the destination address is "yyyy @ ...". ..

Then, when it is determined in the determination process of step S110 that the available password is stored, the cryptanalysis unit 112 acquires the available password (step S111). That is, if the sender's e-mail address and the destination's e-mail address match and there is password data whose number of uses is equal to or greater than a predetermined threshold value, the password is acquired.

If there is no password data that has been used more than a predetermined threshold, if there is a password that can be predicted from the password data that matches the e-mail address of the sender and the e-mail address of the destination, the predictable password is used. get. Therefore, in the case of the example shown in FIG. 2, the cryptanalysis unit 112 generates and acquires a password consisting of today's date (last two digits of the Christian era, two digits of the month, two digits of the day) in "XXXXXX". If neither of them exists, the decryption unit 112 acquires a password in which the sender's e-mail address and the destination's e-mail address match.

Next, under the control of the control unit 102, the decryption unit 112 decrypts the attached file attached to the received e-mail to be provided to the destination by using the password acquired in step S111, and further. Perform compression / decompression processing (step S112). If the decryption and compression / decompression are properly performed by the process of step S112, the attached file in a state where the virus check can be properly performed is restored.

Then, the control unit 102 controls the password update unit 115 to perform a process of updating the information about the password used this time to the password storage unit 103 (step S113). The update process of step S113 is performed not only when the decryption is successful but also when the decryption fails. After that, the control unit 102 determines in step S112 whether or not the decryption and compression / decompression are properly performed (step S114). When it is determined in the determination process of step S114 that the decryption and compression / decompression are not properly performed, the process from step S110 is repeated, and if there is a password that can be used next, the decryption and compression are used. Try to decompress.

When it is determined in the determination process of step S114 that the decryption and compression / decompression have been performed appropriately, the process from step S106 of FIG. 3 is performed. Therefore, a virus check is performed on the attached file that has been decrypted and compressed / decompressed in step S112 (step S106). Then, as a result of the virus check in step S106, it is determined whether or not the virus is infected (step S107).

When it is determined that the virus is not infected as a result of the determination process in step S107, the virus check unit 106 provides the e-mail to which the attached file is attached to the destination as it is (step S108). Further, when it is determined as a result of the virus check in step S106 that the virus is infected, the virus check unit 106 deletes the attached file from the e-mail and provides the e-mail to the destination (step). S109). After the process of step S108 and after the process of step S109, the processes of FIGS. 3 and 4 are terminated.

Further, in the determination process of step S110 shown in FIG. 4, it is assumed that the decryption unit 112 determines that there is no usable password. In this case, the control unit 102 controls the storage processing unit 113 to temporarily store only the attached file that could not be decrypted by the password stored and held in the password storage unit 103 in the attached file storage unit 104 (step S115). ). A URL (uniform resource locator) is assigned to the attached file temporarily stored in the attached file storage unit 104 by the storage processing unit 113, and access is made possible by the URL.

After that, the storage processing unit 113 deletes the attached file from the received e-mail (step S116). Then, the storage processing unit 113 adds a message to the effect that the attached file has been deleted because the virus check cannot be performed in the body of the received e-mail, and provides this to the destination (step S117). , The process shown in FIG. 4 is terminated.

FIG. 5 is a diagram showing an example of a received e-mail to which a message is added in step S117 of FIG. The first half of the received e-mail is the same as what was described in the body of the original e-mail. Then, the message after "***** from the mail monitoring device ***" is the message added by the mail monitoring device 1. The message states that the attached file is encrypted and cannot be decrypted, so that the mail monitoring device 1 temporarily holds the attached file.

Then, it is described that it is necessary to access a predetermined URL when downloading the attached file. The URL is assigned to the attached file temporarily stored by the storage processing unit 113 as described above. Therefore, the user of the destination who received the received e-mail with the message added as shown in FIG. 5 accesses the URL described in the received e-mail and performs the process of downloading the attached file. become.

As described above, by the processing shown in FIGS. 3 and 4, in principle, the encryption is decrypted using the password stored in the password storage unit 103. Therefore, it is assumed that the attached file can be decrypted with the password stored in the password storage unit 103 or with the password predicted from the password stored in the password storage unit 103. In this case, the user of the user PC2 provides the body of the e-mail and the attached file attached to it, which has been checked for virus and confirmed to be safe, as usual without entering a password at all. You can receive and use it.

However, the encrypted attached file can be decrypted by the decryption unit 112 with the password stored in the password storage unit 103 or the password predicted from the password stored in the password storage unit 103. Suppose it wasn't. In this case, only the attached file is temporarily held in the attached file storage unit 104. Then, as described below, when the user of the user PC 2 provides the password to the mail monitoring device 1, the attached file is deciphered and compressed and decompressed, and after the virus check, there is no problem. Will be able to receive the offer.

[Provision processing of temporarily saved attachments]
6 and 7 are flowcharts for explaining the process of providing an attached file that cannot be decrypted by the decryption unit 112, is not provided to the destination, and is temporarily stored in the attached file storage unit 104. The flowchart shown in FIGS. 6 and 7 is a mail monitoring device when the e-mail headquarters to which the message of the aspect shown in FIG. 5 is added is provided to the destination in the process of step S117 of the flowchart of FIGS. 3 and 4. It is mainly executed by the control unit 102 of 1.

First, the control unit 102 accepts the access to the URL described in the received e-mail to which the message is added (step S201), and determines whether or not the access to the URL is accepted (step S202). When it is determined in the determination process of step S202 that the access to the URL is not accepted, the process from step S201 is repeated.

When it is determined in the determination process of step S202 that the access to the URL has been accepted, the control unit 102 provides the password input screen to the user PC2 which is the access source (step S203), and accepts the input of the password and the like (step). S204). FIG. 8 is a diagram showing an example of a password input screen. On the password input screen, the reception date, sender (sender), destination (destination), subject, and attachment file name of the received e-mail to which the attachment file that the user of the user PC2 is trying to download is attached is displayed. Will be done.

Further, the password input screen is provided with a password input field, a "delete" button, an "end" button, and an "OK" button. As described above, the password notified by a separate e-mail or facsimile is entered in the password input field. The "Delete" button is an operation button for instructing the deletion of the temporarily saved attached file, and the "Exit" button is an operation button for ending the password input process through the password input screen. The "OK" button is an operation button for confirmation input for confirming the input or button operation after inputting the password or operating the "Delete" button or the "Exit" button.

Then, when the "OK" button is operated in step S204, the control unit 102 determines whether or not the operation to be confirmed is an operation of inputting a password in the password input field (step S205). When it is determined in the determination process of step S205 that the operation to be confirmed is not a password input operation, the control unit 102 determines whether or not the operation to be confirmed is a selection operation of the "end" button. Determination (step S206).

In the determination process of step S206, when it is determined that the operation to be confirmed is the selection operation of the "end" button, a predetermined end process is executed (step S207), and the processes shown in FIGS. 6 and 7 are executed. To finish. The predetermined termination process performed in step S207 controls the user PC 2 (1) so as to erase the password input screen shown in FIG. 5 and return to the display state before displaying the input screen, and the connected link. It is a series of processes such as disconnecting.

Further, in the determination process of step S206, when it is determined that the operation to be confirmed is not the selection operation of the "end" button, the control unit 102 selects the "delete" button for the operation to be confirmed. It is determined whether or not it is an operation (step S208). In the determination process of step S208, when it is determined that the operation to be confirmed is not the selection operation of the "Delete" button, it is determined that no valid operation that can be confirmed has been performed, and the process from step S204 is repeated. ..

It is assumed that in the determination process of step S208, it is determined that the operation to be confirmed is the selection operation of the "delete" button. In this case, the control unit 102 executes a predetermined deletion process (step S209), and ends the process shown in FIGS. 6 and 7. In step S209, the user PC 2 (1) is controlled so as to delete the attached file to be downloaded from the attached file storage unit 104, erase the password input screen, and return to the original display state, and connect the linked link. A series of processes such as disconnection are performed.

Further, when it is determined in the determination process of step S205 that the operation to be confirmed is the password input operation, the control unit 102 proceeds to the process of step S210 of FIG. The control unit 102 reads the attached file requested by the access source user PC 2 (1) from the attached file storage unit 104 (step S210), and supplies this to the storage file decryption unit 114.

Under the control of the control unit 102, the saved file decryption unit 114 decrypts and decompresses the attached file supplied to the file by using the password from the user received in step S204 (step S211). ). Then, the control unit 102 determines in the storage file decryption unit 114 whether or not the attached file to be processed is appropriately decrypted and compressed / decompressed (step S212). It is assumed that in the determination process of step S212, it is determined that the encryption is not properly decrypted and compressed / decompressed. In this case, since there is a high possibility that the password input is incorrect, the control unit 102 forms and provides a message requesting that the password be input again (step S213), and from step S203 shown in FIG. Repeat the process of.

On the other hand, it is assumed that in the discrimination process of step S212, it is determined that the encryption has been appropriately decrypted and compressed / decompressed. In this case, the control unit 102 controls the password update unit 115, forms password data (FIG. 2) related to the password provided by the user of the user PC 2 (1) this time, and adds this to the password storage unit 103. (Step S214). After that, the control unit 102 supplies the attached file that has been decrypted and decompressed by the storage file decryption unit 114 to the virus check unit 106 to execute a virus check (step S215), and is infected with a virus. Whether or not it is determined (step S216).

When it is determined in the determination process of step S216 that the virus is not infected, the virus check unit 106 provides the attached file to the access source user PC2 and performs processing such as opening the connected link. (Step S217). Further, it is assumed that it is determined that the virus is infected in the determination process of step S216. In this case, the virus check unit 106 deletes the attached file from the attached file storage unit 104, provides a deletion notification to the access source user PC2, and performs processing such as opening the connected link (). Step S219). After the process of step S217 and the process of step S219, the control unit 102 ends the process shown in FIGS. 6 and 7.

FIG. 9 is a diagram showing an example of the deletion notification of the attached file provided to the access source in step S219. As shown in FIG. 9, the notification of deletion of the attached file includes the date, sender, address, subject, and attachment of the received e-mail to which the attached file to be downloaded and used by the user of the user PC 2 (1) is attached. The file name is displayed. In addition, a message is displayed to the effect that the virus has been detected in the attached file and has been deleted.

As a result, the user of the destination user PC2 (1) can clearly know when and where the e-mail attachment file came from was infected with the virus. This makes it possible to take measures such as requesting the sender (sender) to resend an important attached file that is not infected with a virus.

Then, by the processing of the flowcharts of FIGS. 6 and 7, even if the password stored in the password storage unit 103 cannot be decrypted, the user who is the destination of the e-mail provides the password and decrypts the encryption. However, compression and decompression are also possible. Moreover, the password used for decryption and successfully decrypted is updated in the password storage unit 103. This makes it possible to prepare for automatic decryption, compression and decompression when an encrypted attachment is attached to the e-mail received after this.

[Effect of embodiment]
According to the mail monitoring device 1 of the above-described embodiment, when an encrypted attachment file is attached to the received e-mail, first, the password stored in the password storage unit 103 is used. Cryptanalysis is performed. That is, the encryption is decrypted by the password stored in the password storage unit 103 or by the password that can be predicted from the password stored in the password storage unit 103. As a result, if the encryption can be decrypted according to the password stored in the password storage unit 103, the recipient of the e-mail performs a virus check without entering the password, and the security is confirmed. You can get the attachment along with the email body.

Further, when the encryption cannot be decrypted according to the password stored in the password storage unit 103, the mail monitoring device 1 temporarily stores only the attached file that could not be encrypted. Then, the mail monitoring device 1 receives the password provided by the user of the user PC2 who is the receiver, performs decryption, compression / decompression, and virus check, and provides the original recipient with the attached file without any problem. can. Since the password used in this case is updated in the password storage unit 103, it can be useful when decrypting the attached file encrypted in the e-mail from the same sender (sender).

Further, at the destination , the chance of inputting the password can be reduced as much as possible, so that the trouble of receiving the e-mail can be saved and the confidentiality of the password can be kept high.

[Modification example]
In the above-described embodiment, the encrypted and data-compressed attached file is decrypted, compressed and decompressed, virus-checked, and even if it is confirmed to be safe, it is encrypted and data-compressed. It is provided to the destination user in the state. Therefore, at the destination, the attached file is decrypted, compressed and decompressed before use. However, it is not limited to this.

For example, once the encryption has been decrypted, the data-compressed attachment can be attached to an e-mail without encryption, or the attachment can be provided alone. That is, the safety is ensured because the user PCs 2 (1), ..., 2 (n) under the mail monitoring device 1 pass through the LAN 3. At the destination, the attached file will be compressed and decompressed before use.

If there is no problem with the transfer speed, it is also possible to provide the attached file that has been decrypted, compressed and decompressed from the mail monitoring device 1 to the user PCs 2 (1), ..., 2 (n) under it. be.

In addition, when an attached file is attached to the body of the e-mail provided to the recipient, the e-mail is decrypted, compressed and decompressed, and virus-checked to confirm that there is no problem. You may add a message to the effect that the attached file is attached. As a result, the user of the destination can use the attached file with peace of mind. Further, even if the temporarily saved attached file cannot be decrypted by using the password of the password storage unit 103, the same notification is sent from the mail monitoring device 1 to the destination. You may.

Further, as described above, even when the decrypted e-mail is provided to the destination, the mail monitoring device 1 notifies the destination that the encrypted attached file is decrypted and provided. You may do so. In this case, the user of the destination can prevent the user from misunderstanding that the message has been transmitted without being encrypted.

Further, in the above-described embodiment, among the passwords stored in the password storage unit 103, it is determined that the password that has been used a predetermined number of times (for example, 10 times) or more can be used. The number of times of use in this case can be set by the operator of the mail monitoring device 1 as appropriate. It is also possible to change the threshold of the number of times of use between the source and the destination.

Further, the password type may be managed for each source and destination, and this may be used. In this case, the password type is whether a password that changes every time is used, a fixed password is used, a password such as a combination of dates is used, or multiple passwords are used. Indicates the difference between. Depending on the password type, for example, the processes of steps S110 and S111 shown in FIG. 4 can be simplified.

Further, when a plurality of passwords having the same source and destination but different passwords are registered in the password storage unit 103, a priority may be set for these. Then, when the priority is set, the password with the highest priority can be used in order to perform decryption. Further, when the number of failed decryptions is updated, the password with the smallest number of failures can be used in order.

Further, the password stored in the password storage unit 103 may be deleted by setting a condition. For example, a password that has been used 30 times or more can be erased, and each user can be urged from the mail monitoring device 1 to determine a new password through the user PC 2. Similarly, the password registration date is also managed by the password storage unit 103, the password used for a certain period or more is deleted, and each user is urged from the mail monitoring device 1 to determine a new password through the user PC 2. can. Further, the password that has not been updated for a predetermined period can be deleted from the password storage unit 103.

Further, in the above-described embodiment, for the sake of simplicity, the description is made assuming that there is only one destination, but as is well known, e-mail has a so-called "CC (Carbon Copy)" function or "C". It is possible to use the "BCC (Blind Carbon Copy)" function. When these functions are used, the destinations to which e-mails are sent by these functions are managed separately, and the destinations to which e-mails are sent by these functions are also virus-checked attachments. You can make it serve a file.

Further, the mail monitoring function of the above-mentioned mail monitoring device 1 may be installed in a unified threat management device called a UTM (Unified Threat Management) device as one of a plurality of different security functions of the UTM device. can.

Further, in the above-described embodiment, the encrypted attachment file has been described as being data-compressed, but the present invention is not limited to this. Attachments that are encrypted and attached to e-mail without data compression can be processed in the same way. In this case, the compression / decompression process is not performed.

[others]
As can be seen from the description of the above-described embodiment, the configuration means of the email monitoring device according to the claim and the configuration portion of the email monitoring device 1 of the embodiment are associated with each other as follows. The function of the storage means is realized by the password storage unit 103 of the mail monitoring device 1, and the function of the encryption determination means is realized by the encryption determination unit 111 of the mail monitoring device 1. Further, the function of the first decryption means is realized by the decryption unit 112 of the mail monitoring device 1, and the function of the first update means is realized by the password update unit 115 of the mail monitoring device 1, and the first check is realized. The function of the means is realized by the virus check unit 106 of the mail monitoring device 1.

Further, the function of the storage means is realized by the storage processing unit 113 of the mail monitoring device 1, and the function of the reception means is realized by the LAN connection end 107T and the LANI / F107 of the mail monitoring device 1. Further, the function of the second decryption means is realized by the storage file decryption unit 114 of the mail monitoring device 1, and the function of the second updating means is realized by the password updating unit 115 of the mail monitoring device 1. Further, the function of the second checking means is realized by the virus check unit 106 of the mail monitoring device 1.

Further, one embodiment of the mail monitoring program of the present invention is applied to the program that executes the processing performed by the mail monitoring device 1 shown in the flowcharts of FIGS. 3 and 4. Therefore, the functions of the compression / decompression unit 105, the virus check unit 106, the encryption determination unit 111, the encryption decryption unit 112, the storage processing unit 113, the storage file decryption unit 114, and the password update unit 115 shown in FIG. 1 are It can also be realized as a function of the control unit 102 by a program executed by the control unit 102.

1 ... mail monitoring device, 101T ... connection end to communication network, 101 ... communication I / F, 102 ... control unit, 103 ... password storage unit, 104 ... attached file storage unit, 105 ... compression / decompression unit, 106 ... virus check Unit, 107 ... LANI / F, 107T ... LAN connection end, 111 ... encryption determination unit, 112 ... encryption decryption unit, 113 ... storage processing unit, 114 ... storage file decryption unit, 115 ... password update unit, 2 ... user PC, 3 ... LAN, 4 ... communication network, 5 ... mail server device

Claims (5)

A storage means for storing the source identification information, the destination identification information, and the password in association with each other,
An encryption determination method for determining whether or not an encrypted file is attached to the received e-mail, and
When it is determined by the encryption determination means that an encrypted file is attached, a first decryption means that obtains a password that can be used from the storage means and performs encryption decryption,
A first updating means for processing the password used in the first decrypting means to update the storage means, and the first updating means.
A first checking means for checking a computer virus for the file that could be decrypted by the first decrypting means, and a first checking means.
If the password that can be used in the storage means is not stored, or if the password stored in the storage means cannot be decrypted , a URL (uniform resource locator) is assigned to the file. A storage method that temporarily saves to a predetermined file storage method,
The file attached to the received e-mail is deleted, a message including the URL is added to the e-mail to the effect that the file is separately saved, and the destination of the e-mail is sent. Providing means to provide to
A reception means for accepting the provision of a password for decrypting the file stored in the file storage means from the destination receiving the e-mail, and a reception means.
The URL is used to access the file temporarily stored in the file storage means, and the password received through the reception means is used to decrypt the file temporarily stored in the file storage means. The second decoding method and
A second updating means for processing the password used in the second decrypting means to update the storage means, and the second updating means.
A second checking means for checking the file that could be decrypted by the second decrypting means regarding a computer virus, and a second checking means.
A mail monitoring device characterized by being equipped with. The mail monitoring device according to claim 1 .
The first updating means can update the number of times of use used for decryption for each information in which the source identification information, the destination identification information, and the password are associated with each other.
The first decryption means is a mail monitoring device characterized in that the password having been used more than a predetermined value is acquired as the usable password and the encryption is decrypted. The mail monitoring device according to claim 1 .
The first decryption means is characterized in that when a plurality of information having only the password different from each other exists in the storage means, the plurality of existing passwords are used in order to find a password that can be decrypted. Email monitoring device. The mail monitoring device according to claim 1 .
When the storage means has a plurality of information different only from the password, the first decryption means predicts the password based on the plurality of information and uses the predicted password as a usable password. A featured email monitoring device. An email monitoring program executed by a computer installed in an email monitoring device.
An encryption determination step that determines whether an encrypted file is attached to the received e-mail, and an encryption determination step.
When it is determined in the encryption determination step that an encrypted file is attached, a password that can be used is acquired from a storage means that stores the source identification information, the destination identification information, and the password in association with each other. The first decryption step to decrypt the code,
A first update step for processing the password used in the first decryption step to update the storage means, and the first update step.
A first check step for checking the file decrypted in the first decryption step for a computer virus, and a first check step.
If the password that can be used in the storage means is not stored, or if the password stored in the storage means cannot be decrypted, a URL (uniform resource locator) is assigned to the file. A save step that temporarily saves to a given file storage means,
The file attached to the received e-mail is deleted, a message including the URL is added to the e-mail to the effect that the file is separately saved, and the destination of the e-mail is sent. With the provision steps provided to
A reception step for accepting the provision of a password for decrypting the file stored in the file storage means from the destination receiving the e-mail, and a reception step.
The URL is used to access the file temporarily stored in the file storage means, and the password received through the reception step is used to decrypt the file temporarily stored in the file storage means. The second decryption step and
A second update step for processing the password used in the second decryption step to update the storage means, and the second update step.
A second check step for checking the file that could be decrypted by the second decryption step regarding a computer virus, and a second check step.
An email monitoring program characterized by having.

Images