KR101934516B1 - E-mail Processing System for Time of Open Protection - Google Patents

Abstract

The present invention relates to an e-mail processing system for security in opening a mail. More specifically, the present invention provides an e-mail processing system for security in opening a mail which receives a mail transmitted from an external server/terminal in the middle and changes external resource information to server resource information so as to transmit the mail to an internal server/terminal when the external resource information is attached to the mail transmitted from the external server/terminal and the external resource information is set to be automatically loaded even if an action of opening the mail is present. Therefore, the internal server/terminal is prevented from being directly exposed to a malicious code or the like by accessing the server resource information not the external resource information even if automatic loading is performed when the internal server/terminal receiving the mail opens the transmitted mail.

Description

[0001] The present invention relates to an e-mail processing system,

The present invention relates to an e-mail processing system for securing mail reading, and more particularly, to an e-mail processing system for securing an e-mail when an external resource information is attached to a mail transmitted from an external server / If it is set to be loaded, the mail transmitted from the external server / terminal is received in the middle, the external resource information is converted into the server resource information and transmitted to the internal server / terminal, so that when the internal server / The present invention also provides an electronic mail processing system for securing a mail when a user browses a mail, in which an internal server / terminal is not directly exposed to malicious code by accessing server resource information instead of external resource information even if automatic loading occurs.

With the development of the Internet, e-mail accounts for a larger portion of network traffic.

E-mail has the advantage of being able to exchange messages and files quickly and easily irrespective of the physical distance between the sender and the receiver, but there are also disadvantages that it can spread a lot of security threats to multiple servers / terminals in a short time.

Security threats via e-mail are becoming increasingly intelligent and intelligent. For example, the e-mail recipient may send the web site resource information attached to the body of the e-mail message, an attached file, or the like under the subject of an e-mail message that may prompt curiosity of the e-mail recipients, and clicks the resource information or automatically loads the resource information, And downloading the malicious code.

When such a malicious code is infected with a server / terminal, important information stored in the server / terminal may be leaked to the outside, which may be exploited for crimes.

FIG. 1 is a diagram of a conventional e-mail-based document type high-speed malware detection system, which is disclosed in Korean Patent Laid-Open Publication No. 10-2014-0060906 (May 31, 2014).

1, the conventional technology 90 includes a management server 93 for receiving a document file attached to an e-mail from the mail server 91 and determining whether the received document file is the final malicious file, A static analysis server 95 for judging whether a document file provided from the server 93 is malicious through a static analysis and transmitting the static analysis result to the management server 93; A dynamic analysis server 97 for executing a document file and monitoring the behavior information and transmitting the monitoring result to the management server 93; and a virus checker for the document file received from the management server 93 And a vaccine check server 99 for transmitting the result of the vaccine test to the management server 93.

However, according to this conventional technique, when an e-mail is received in the mail server 91, related e-mail information is transmitted to the management server 93, and an e-mail in which a malicious code is detected according to the analysis result transmitted from the management server 93 If it is determined that the e-mail is blocked according to the determination result of malignancy and if the judgment is not performed properly, important e-mail to be received is missing or an e-mail containing malicious code that should not be received is transmitted And the like can be caused.

In general, malicious code is judged based on a database containing information on malicious codes. If the malicious code is not updated in a timely manner, the result of the malicious code is also inaccurate.

Meanwhile, as another method for preventing the spread of malicious code through e-mail, when an e-mail having resource information is received, the user can access the resource information of the e-mail using the virtual machine and read the contents of the e-mail in advance Virtualization simulation system exists.

However, in order to disable the virtualization simulation system, the malicious code spreader predicts the time of reading the mail at the time of mail transmission, and attaches the resource information of the safe site at the predicted time point, so that even if the virtualization simulation system is operated, After escaping, they are guided to be judged to be normal mail, and after a certain period of time, they are trying to attack by modifying to dangerous sites.

For example, it may be possible to acquire personal information of an organization member, send e-mail in non-business hours by including normal resource information in e-mail, pass the intrusion detection system and virtualization simulation system, To allow a computer to infect malicious code when accessing resource information the next day or after a holiday.

In the modern society, if the malicious code is considered to be a major social problem, it can be attributed to the current Internet environment operated by the central server. The current Internet environment is structured to concentrate various security devices and security programs while collecting important information in the central server. In such an Internet environment, a large amount of human and material resources are consumed to maintain the central server When information is concentrated in one place, if a central server is opened by hacking or the like, the information stored in the central server is lost, and all of the information is seriously damaged.

Accordingly, in order to prevent the spread of malicious code through e-mail, an internal server / terminal does not directly receive e-mails transmitted from an external server / terminal and is transmitted to an internal server / terminal through a separate device. It is necessary to shift from a centralized information storage system to a distributed storage system.

Korean Patent Laid-Open No. 10-2014-0060906 (May 2014, 201)

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems,

An object of the present invention is to provide an electronic mail processing system for receiving an electronic mail transmitted from an external server / terminal and transmitting the received electronic mail to an internal server / terminal, When the external resource information is confirmed in the e-mail through the resource information checking unit, changes the external resource information into server resource information of the e-mail processing system and transmits the changed e-mail to the internal server / terminal The terminal server / terminal is not directly exposed to the malicious code or the like, so that the internal server / terminal is not exposed to the malicious code or the like, Provides e-mail processing system for security of e-mail reading to prevent the terminal from being infected It is.

It is a further object of the present invention to provide an information processing apparatus and method in which the resource information verifying unit is configured to check whether or not external resource information exists in the contents of an electronic mail, and when the electronic mail in which the external resource information exists is transmitted, And transmits the changed information to the internal server / terminal, thereby protecting the internal server / terminal.

It is a further object of the present invention to provide a method and a system for managing the contents of an electronic mail by constructing the contents to include a body of an e-mail or an attachment file so that external resource information exists in the body of the e- When a user wishes to check by clicking, automatic loading or the like, a problem that an internal server / terminal may be exposed to a malicious code or the like is changed to server resource information and transmitted to an internal server / And to provide an e-mail processing system for security of the time.

It is a further object of the present invention to provide an information processing apparatus, wherein the resource information changing section comprises: a content deletion module for removing all contents other than the text text from the received e-mail source; The server resource generation module may include a plurality of contents including external resource information, and the server resource generation module may classify and generate server resource information corresponding to each of the removed contents The present invention also provides an e-mail processing system for securing the security of the mail reading, in which the contents output through the server resource information are implemented in the same manner as the original contents, while the removed contents and the server resource information correspond exactly with each other.

It is a further object of the present invention to provide an information processing apparatus and a data processing method which are configured by a storage unit for storing data and an identification code generating unit for generating an identification code for data stored in the storage unit, And an e-mail processing system for security at the time of reading a mail is provided so that it can be stored on the system so that it can be extracted if necessary, and an identification code is given to the stored data to prevent the stored data from being altered or the like so as to verify the integrity of the data .

It is still another object of the present invention to provide an information processing apparatus and method in which the above-described data is configured to include content and an e-mail file, stores the content and the e-mail file in a storage unit, generates an identification code And to provide an e-mail processing system for securing the security of the e-mail, which prevents tampering of stored contents and e-mail files.

It is still another object of the present invention to provide a content storage module for accessing external resource information to download content and a mail storage module for storing an e-mail file transmitted from an external server / The e-mail processing system provides a direct access to the e-mail processing system, thereby preventing an internal server / terminal from being infected by malicious code or the like.

It is still another object of the present invention to provide a content storage module in which content is downloaded by accessing external resource information upon completion of mail reception and / or access to server resource information from an internal server / terminal, When the connection from the internal server / terminal receiving the e-mail changed to the server resource information to the server resource information is attempted, the identification code (a) of the content downloaded immediately after completion of the mail reception, The present invention provides an electronic mail processing system for securing the security of the mail reading by comparing the identification code (b) of the downloaded content with the electronic mail.

It is a further object of the present invention to provide a mail storage module in which an e-mail file is stored immediately upon receipt of an e-mail message, and an attachment file or the like can be extracted from an original e- And to provide an e-mail processing system for securing an e-mail when reading the e-mail.

It is still another object of the present invention to provide an information processing apparatus, wherein the identification code generation unit includes: a content identification code generation module that generates an identification code for a content downloaded by the content storage module; An e-mail processing system for securing a mail reading is provided, which allows a mail identification code generating module for generating a code to be easily identified even if the identification codes of the data are merely compared with each other .

It is still another object of the present invention to provide an e-mail providing system in which a data tracking unit for analyzing data and feeding back to an internal server / terminal is provided to determine whether the data is dangerous, In case of non-dangerous data, only when the identification code is matched, the corresponding data is transmitted to the internal server / terminal, thereby protecting the internal server / terminal from malicious code and the like. And to provide an e-mail processing system.

It is still another object of the present invention to provide an information processing apparatus and a data processing method in which the data tracking unit comprises a determination module for determining whether a data is dangerous and whether an identification code is matched, And an alarm module for transmitting a notification message to the internal server / terminal when the data is determined to be in danger or inconsistent with the identification code through the determination module, And transmits the data requested by the extraction module to the internal server / terminal only when there is no risk and the identification code matches, and when the risk or inconsistency is detected, the warning message is transmitted through the alarm module, In order to ensure that the terminal is safe from malicious codes, etc., And to provide a work processing system.

It is still another object of the present invention to provide a data communication system in which the determination module compares an identification code of data stored immediately after receiving a mail and an identification code of data stored in connection with server resource information in an internal server / Since the mail processing system is communicatively coupled to the external server / terminal, the data stored in the electronic mail processing system and / or the internal server / terminal may be altered by hacking or the like, And to provide an e-mail processing system for securing an e-mail when the e-mail reading is performed, which protects an internal server / terminal from a data modulation attack or the like.

It is still another object of the present invention to provide an electronic mail processing system in which an electronic mail file stored through the mail storage module and an identification code generated through the mail identification code generation module are stored in a server multiplexed with the electronic mail processing system Each of the multiplexed servers checks the identification code transmitted with the original e-mail file, and only when the identification code of the received e-mail file matches the transmitted identification code, the server And a warning message indicating that the multiplexing server itself is likely to be tampered with when the identification code of the received e-mail file does not match the transmitted identification code, And an e-mail processing system for security.

Yet another object of the present invention is to provide an e-mail processing system for securing the security of a mail, which enables the identification code to be encrypted so that the operation of the identification code is prevented, .

In order to achieve the above object, the present invention is implemented by the following embodiments.

According to an embodiment of the present invention, there is provided an electronic mail processing system for receiving an electronic mail transmitted from an external server / terminal and transmitting the received electronic mail to an internal server / terminal, A resource information checking unit for checking whether or not the resource information is present; and a control unit for changing the external resource information into server resource information of the electronic mail processing system when the external resource information is confirmed in the electronic mail through the resource information checking unit, / ≪ / RTI > to the terminal.

According to another embodiment of the present invention, the present invention is characterized in that the resource information confirmation unit confirms whether external resource information exists in the content of the electronic mail.

According to another embodiment of the present invention, the present invention is characterized in that the content includes a body of an electronic mail or an attachment file.

According to another embodiment of the present invention, the resource information change unit may include: a content deletion module for removing all contents other than the text text to the received e-mail source; And a server resource generation module for generating server resource information for the server.

According to another embodiment of the present invention, the electronic mail processing system further includes a storage unit for storing data and an identification code generating unit for generating an identification code for data stored in the storage unit .

According to another embodiment of the present invention, the present invention is characterized in that the data includes content and an electronic mail file.

According to another embodiment of the present invention, the storage unit includes a content storage module for accessing external resource information and downloading a content, and a mail storage module for storing an electronic mail file transmitted from an external server / terminal .

According to another embodiment of the present invention, the content storage module may access the external resource information and download the content immediately upon completion of receiving the mail and / or when accessing the server resource information from the internal server / terminal .

According to another embodiment of the present invention, the present invention is characterized in that the mail storage module stores an e-mail file upon completion of receiving the mail.

According to another embodiment of the present invention, the identification code generation unit may include: a content identification code generation module that generates an identification code for a content downloaded by the content storage module; And a mail identification code generation module for generating an identification code for the e-mail file.

According to another embodiment of the present invention, the present invention is characterized in that the electronic mail providing system includes a data tracking unit for analyzing contents and feeding back the contents to an internal server / terminal.

According to another embodiment of the present invention, the data tracking unit includes a determination module for determining whether the data is dangerous or not and whether the identification code is matched; An extracting module for transmitting the corresponding data from the storage unit to the internal server / terminal when it is determined that the identification code is inconsistent, And an alarm module.

According to another embodiment of the present invention, the determination module may further include: an identification code of data stored immediately after completion of reception of an e-mail and an identification code of data stored in connection with the server resource information in the internal server / .

According to another embodiment of the present invention, the e-mail processing system includes an e-mail file stored in the e-mail processing system and a server multiplexed with the e-mail processing module, And a multiplexing processor for transmitting the generated identification codes together.

According to still another embodiment of the present invention, the present invention is characterized in that the identification code is encrypted.

The present invention can obtain the following effects by the above-described embodiment, the constitution described below, the combination, and the use relationship.

The present invention relates to an electronic mail processing system for receiving an electronic mail transmitted from an external server / terminal and transmitting the received electronic mail to an internal server / terminal, And a resource information changing unit for changing the external resource information into the server resource information of the e-mail processing system and transmitting the changed e-mail to the internal server / terminal when the external resource information is confirmed in the e-mail through the resource information checking unit So that the mail transmitted from the external server / terminal is transmitted to the internal server / terminal through the electronic mail processing system, so that the internal server / terminal is not directly exposed to the malicious code, Providing an e-mail handling system for security at the time of reading e-mail to prevent infection Has the.

In the present invention, the resource information checking unit may be configured to check whether the external resource information exists in the contents of the electronic mail, and when the electronic mail in which the external resource information exists is transmitted, the external resource information is regarded as the server resource information Mail to the internal server / terminal, thereby providing an e-mail processing system for security when browsing e-mail protecting the internal server / terminal.

The present invention is characterized in that the content is configured to include a body of an e-mail or an attachment file so that the body of the e-mail or the external resource information exists in the attachment file, A problem that the internal server / terminal may be exposed to a malicious code or the like by changing the external resource information of the content into the server resource information and transmitting it to the internal server / terminal, There is an effect of providing an electronic mail processing system.

The present invention is characterized in that the resource information changing unit includes a content deletion module for removing all contents other than the text text to the received e-mail source, and a server resource creation unit for creating server resource information corresponding to the content removed by the content deletion module A plurality of contents including external resource information may be included in the e-mail, and the server resource creating module may classify and generate server resource information corresponding to each of the removed contents, And the server resource information are correctly corresponded to each other so that the content output through the server resource information is implemented in the same manner as the original content.

According to the present invention, there is provided an information processing apparatus comprising: a storage unit for storing data; and an identification code generation unit for generating an identification code for data stored in the storage unit, wherein data including both contents and files is stored And to provide an e-mail processing system for securing the security of the e-mail when the e-mail is to be retrieved when necessary, and to provide an identification code to the stored data to prevent the stored data from being altered or the like so as to verify the integrity of the data .

The present invention is characterized in that the data is constituted so as to include content and an e-mail file, stores the content and the e-mail file in a storage unit, generates an identification code for the content and the e-mail file stored in the storage unit, And an e-mail processing system for securing the e-mail when the e-mail is read, which prevents tampering of the e-mail file.

The present invention is characterized in that the storage unit is configured to include a content storage module for downloading content by accessing external resource information and a mail storage module for storing an e-mail file transmitted from an external server / terminal, The e-mail processing system has the effect of providing an e-mail processing system for securing the e-mail when the e-mail is read, which prevents the internal server / terminal from being infected by malicious code or the like.

In the present invention, the content storage module may be configured to access external resource information and download content immediately upon completion of mail reception and / or access to server resource information from an internal server / terminal, When the connection from the internal server / terminal receiving the e-mail changed to the server resource information to the server resource information is attempted, the identification code (a) of the content downloaded immediately after the completion of the mail reception and the content The electronic mail processing system for security when checking mail is provided which can easily check whether the content is tampered or not by comparing the identification code (b) of the electronic mail.

The present invention is characterized in that the mail storage module is configured to store an e-mail file immediately upon receipt of the e-mail, and to extract an attached file or the like from the original e-mail file when the internal server / There is an effect of providing an electronic mail processing system for security at the time of reading.

The identification code generation unit may include a content identification code generation module that generates an identification code for the content downloaded by the content storage module and an identification code generation unit that generates an identification code for the electronic mail file stored through the mail storage module There is an effect of providing an electronic mail processing system for securing the security of a mail reading so that the same data can be easily confirmed even by merely comparing the identification code of the data by configuring the mail identification code generation module.

The present invention is characterized in that the e-mail providing system includes a data tracking unit for analyzing the content and feeding back to the internal server / terminal to determine whether the content is dangerous or not, and when the content is analyzed as a dangerous content, And transmits the content to the internal server / terminal only when the identification code is matched in the case of non-dangerous contents, thereby protecting the internal server / terminal from malicious code or the like. . ≪ / RTI >

According to the present invention, the data tracking unit may include: a determination module for determining whether the data is dangerous or not and whether the identification code is matched; and, if it is determined through the determination module that there is no risk to the data, And an alarm module for transmitting a notification message to the internal server / terminal if it is determined that there is a risk to the data or the identification code is inconsistent through the determination module, If the identification code matches, the data requested by the extraction module is transmitted to the internal server / terminal. If there is a risk or inconsistency, the warning message is transmitted through the alarm module, so that the internal server / Mail system for security of e-mail reading There is an effect to provide.

In the present invention, the determination module may be configured to compare an identification code of data stored immediately after completion of mail reception and an identification code of data stored in connection with server resource information in the internal server / terminal, The data stored in the electronic mail processing system and / or the internal server / terminal may be altered by hacking or the like. Therefore, the data identification code at the time of completion of mail reception and the data identification code And provides an e-mail processing system for securing an e-mail when the e-mail reading is performed, which protects the internal server / terminal from a data modulation attack or the like.

The e-mail processing system according to the present invention is characterized in that the e-mail processing system includes a multiplexing unit for transmitting an e-mail file stored through the mail storage module and an identification code generated through the mail identification code generation module to a server multiplexed with the e- Each of the multiplexed servers checks the identification code transmitted with the original e-mail file and copies and stores the identification code in the server only when the identification code of the received e-mail file matches the transmitted identification code If the identification code of the received e-mail file does not coincide with the transmitted identification code, it is possible to guide a warning that the multiplex server itself is likely to be tampered with, etc., Thereby providing an effect of providing a mail processing system.

The present invention has the effect of providing an electronic mail processing system for securing the security of mail when the identification code is configured to be encrypted so as to prevent the manipulation of the identification code so as to more strongly verify the integrity of the data have.

1 is a diagram of a conventional e-mail based document type malware code fast detection system.
2 is a conceptual diagram of an electronic mail processing system;
3 is a diagram of an electronic mail processing system in accordance with an embodiment of the present invention.
4 is a diagram of an electronic mail processing system in accordance with another embodiment of the present invention.
5 is a flow diagram of an e-mail processing method according to an embodiment of the present invention.
6 is a flowchart of an e-mail processing method according to another embodiment of the present invention.

Hereinafter, preferred embodiments of an e-mail processing system for securing e-mail according to the present invention will be described in detail with reference to the accompanying drawings. In the following description, well-known functions or constructions are not described in detail to avoid unnecessarily obscuring the subject matter of the present invention. Unless defined otherwise, all terms used herein are the same as the general meaning of the term understood by those of ordinary skill in the art to which this invention belongs and, if conflict with the meaning of the terms used herein, And the definition used in the specification.

Here, the term " data " refers to all data in a form that can be processed by a computer. The term " data " includes a content and an electronic mail file. The content includes the body of an electronic mail, , Connection to the resource information may be required to view the contents on the received e-mail.

The resource information includes not only a URL (Uniform Resource Locator) which is an address on a network used for accessing a specific resource but also a URN (Uniform Resource Name) that is an address for identifying a resource with a unique name irrespective of the location of the resource It is a concept that collectively refers to addresses used to access specific resources.

A method of accessing a specific resource through the resource information can be largely performed by a user clicking on hyperlinked resource information or by automatic loading.

For example, in an HTML (Hyper Text Markup Language), which is a language for creating a web document, 'anchor <a href="url">' allows a user to click on a hyperlinked resource information to access a specific resource. On the other hand, '<img src = "url"> "or" <object src = "url"> is similar to href tag (Tag) Video, web page, etc. can be automatically loaded and output immediately.

Preferably, in the present invention, the connection to the resource information includes not only the user clicking on hyperlinked resource information but also automatically loading the hyperlinked resource information.

As will be described later, the internal server / terminal I can access the specific resource by opening the e-mail transmitted from the e-mail processing system 1 and clicking the external resource information such as the body of the e-mail or the attachment file , It is possible to access the specific resource by the automatic loading only by the action of the internal server / terminal 30 opening the electronic mail transmitted from the electronic mail processing system 1 or the like.

2 is a conceptual diagram of an electronic mail processing system. 2, when the electronic mail is directly transmitted from the external server / terminal E to the internal server / terminal I, the electronic mail processing system 1 according to the present invention transmits various kinds of viruses (I) via the e-mail processing system 1 to the internal server / terminal I via the e-mail processing system 1, the problem that the internal server / terminal I may be infected by the malicious code, To the internal server / terminal (I), thereby protecting the internal server / terminal (I). Here, the term "system" is preferred in view of a broad sense including devices and the like.

The external server / terminal E refers to various types of communication devices or systems that can transmit electronic mails including text, images, resource information, attachment files, etc. to other servers / terminals through wired / wireless communication.

The internal server / terminal (I) is a configuration capable of receiving an electronic mail transmitted from the external server / terminal (E). The reception means not only receives e-mail directly from the external server / terminal E via wired / wireless communication, but also intervenes in the middle so that the configuration interposed between the external server / Indirect reception of receiving the mail and forwarding it to the internal server / terminal I may also be included. In the present invention, it is preferable that the internal server / terminal I is configured to receive electronic mail via the electronic mail processing system 1.

The mail message transmitted from the external server / terminal E may include a phishing site or web page resource information including a malicious code, and the internal server / terminal I may transmit the resource information When there is an attempt to connect, for example, clicking on the resource information attached to the mail or opening an e-mail set to be automatically connected to the resource information even if the mail is opened, the internal server / terminal (I) It can be infected.

One of the ways to prevent the spread of malicious code through e-mail is to use a virtual machine to access resource information of an e-mail and read the contents of the e-mail in advance when an e-mail with resource information is received. In the evolutionary method of modifying the virtualization simulation execution system by disguising it as a safety site at the time of transmission, and then modifying the virtualization simulation execution system into a dangerous site after a certain period of time by predicting the time of reading the mail, the virtualization simulation system is useless I have no choice but to be.

Accordingly, when the electronic mail including the resource information is transmitted from the external server / terminal E, the electronic mail processing system 1 checks the type of the content, the risk, etc. on behalf of the internal server / terminal I Terminal server / terminal I indirectly via server resource information without directly connecting to the resource information by changing the corresponding resource information into server resource information so that the internal server / The malicious code or the like is prevented from being exposed.

Even if the server / terminal I accesses the server resource information by click or automatic loading, the internal server / terminal I does not directly access the external resource information attached to the electronic mail, It is possible to receive related contents from the storage unit 40 of the electronic mail processing system 1 to be described later even if the server / terminal E is not connected.

3 is a diagram of an electronic mail processing system according to an embodiment of the present invention, which will be described below with reference to FIG.

The e-mail processing system 1 refers to a configuration in which an e-mail transmitted from an external server / terminal E is received and stored, and the e-mail is transmitted to the internal server / terminal I again. It is not necessary to transmit the e-mail to the internal server / terminal I as it is provided from the external server / terminal E, but it is preferable that the internal server / The electronic mail transmitted from the external server / terminal E to the electronic mail processing system 1 is subjected to a certain processing in the electronic mail processing system 1 so that the internal server / terminal (I) 0.0 &gt; I). &Lt; / RTI &gt;

The e-mail processing system 1 includes a connection unit 10, a resource information verification unit 20, a resource information modification unit 30, a storage unit 40, an identification code generation unit 50, (60).

The connection unit 10 connects the electronic mail processing system 1 to the network so that data can be transmitted and received. As described above, the data refers to all data in a form that can be processed by a computer, and can be viewed as a broad concept including contents, e-mail files, and the like. The method of connecting the e-mail processing system 1 to a network is not limited to a specific concept, and various methods such as a wired or wireless method can be used. The e-mail processing system 1 can receive the e-mail transmitted from the external server / terminal E via the connection unit 10, and the e-mail processing system 1 changes the received e- To the internal server / terminal (I), enabling connection from the internal server / terminal (I) to the electronic mail processing system (1) and allowing the electronic mail processing system (1) .

The resource information confirmation unit 20 is configured to check whether or not the resource information exists in the electronic mail, and confirms whether the external resource information of the content exists in the content of the electronic mail. As described above, the content includes the body of an electronic mail or an attachment, and the resource information includes not only a URL (Uniform Resource Locator) which is an address on a network used to access a specific resource, but also a URL (Uniform Resource Name), which is an address that identifies a resource by its unique name. It is a concept that collectively refers to an address used to access a specific resource. Therefore, the resource information checking unit 20 checks whether an address to be connected to a specific resource is included in the e-mail transmitted from the external server / terminal E. [

When the external resource information is confirmed in the electronic mail through the resource information checking unit 20, the resource information changing unit 30 changes the external resource information to the server resource information of the electronic mail processing system 1, To the internal server / terminal (I). The change of the resource information is preferably performed uniformly, but the scope of the present invention is not limited thereto, and it is also possible to selectively change the resource information.

For example, if the resource information attached to the email is created in this way using the href tag in HTML format, this means that the user of the internal server / terminal (I) If you click on the information, you can access it with the corresponding resource information. On the other hand, when the resource information attached to the e-mail is created in the HTML format using the src tag such as' <img src = "resource information"> "or" <object src = "resource information"> " / The user of the terminal I can directly access the corresponding resource information immediately after opening the mail.

The resource information changing unit 30 changes the external resource information into the server resource information, so that even if 'anchor <a href=submit abroad'> is created on the e-mail source, 'anchor <a href = Even if the internal server / terminal I clicks the server resource information, it is not immediately connected to the external resource information, and similarly, when the server resource information is clicked on the internal server / terminal I, <img src = "server resource information"> "or" <object src = "server resource"> even if <img src = "external resource information" The information is transferred to the internal server / terminal I, so that even if the connection to the resource information is attempted by the automatic loading even by the action of opening the mail received from the internal server / terminal I, Attempts to connect to server resource information instead of to The server / terminal I can be protected in any case.

Further, even if the attached resource information is written in a format other than the HTML format, or the protocol or the like is changed, the resource information is not limited to a URL (Uniform Resource Locator) which is an address on the network used to access a specific resource, And URN (Uniform Resource Name), which is an address that identifies a resource by its unique name. This is a concept collectively referred to as an address used to access a specific resource. Since the external resource information itself is converted into server resource information, The internal server / terminal I can be protected.

That is, the user of the internal server / terminal I clicks the server resource information attached to the e-mail transmitted to the internal server / terminal I through the resource information changing unit 30, It is possible to prevent the internal server / terminal I from being infected by a virus, a malicious code or the like because the external resource information is not directly connected even when the connection is made with the resource information. The resource information change unit 30 includes a content deletion module 31 and a server resource creation module 33. [

The content deletion module 31 removes all contents other than the text text from the received electronic mail original. Contents such as separate images and attachments may be attached to the e-mail transmitted from the external server / terminal E to the e-mail processing system 1, Since the data may be modulated by hacking or the like, the deletion module 593 removes all content other than the body text attached to the e-mail file receipt originals.

The server resource creation module 33 generates the server resource information corresponding to the content removed by the content deletion module 31. [ The content removed by the content deletion module 31 may be provided to the internal server / terminal I as server resource information regarding an e-mail file stored in the storage unit 40, which will be described later. The access attempt from the internal server / terminal 10 to the server resource information means access to the electronic mail file stored in the electronic mail processing system 1. [ In addition, since a plurality of contents may be included in the electronic mail, the server resource creation module 33 may divide and generate server resource information corresponding to each of the removed contents. If the removed content and the server resource information do not correspond exactly, the content output through the server resource information can be arranged differently from the original content.

The storage unit 40 stores data in the electronic mail processing system 1. The data refers to all data in a form that can be processed by the computer and includes contents, Spring is desirable as a broader concept to include. As for the manner in which the storage unit 40 stores data, it is not limited to any specific concept, and various known or known techniques may be applied. The original mail file itself of the e-mail file transmitted from the external server / terminal E to the e-mail processing system 1 via the storage unit 40 is stored, and external resource information is attached to the transmitted e-mail file The related content may be downloaded through the external resource information and stored in the storage unit 40. [

The storage unit 40 includes a content storage module 41 and a mail storage module 43.

The content storage module 41 refers to a configuration in which content is downloaded by accessing external resource information. External resource information may be attached to an electronic mail transmitted from the external server / terminal E to the electronic mail processing system 1. The content storage module 41 accesses the external resource information, (40). The content storage module 41 may not be limited to the specific time point when the content storage module 41 downloads the content from the external server / terminal E to the e-mail processing system 1), the content can be downloaded by accessing the external resource information as soon as the e-mail is received or whenever the connection from the internal server / terminal I to the server resource information is attempted, that is, , It may be configured to access the external resource information to download the requested content. Of course, in any case, it is preferable that the downloading is blocked when the risk of the corresponding content to be downloaded is detected by the determination module 61 to be described later.

The mail storage module 43 stores an e-mail file transmitted from the external server / terminal E. [ It is not limited to the time point at which the mail storing module 43 stores the e-mail file. However, it is preferable that as soon as the e-mail is received by the e-mail processing system 1, It is preferable to store the mail file in the storage unit 40.

The identification code generation unit 50 generates an identification code for data stored in the storage unit 40 and adds the identification code to the data. The identification code collectively refers to a means for verifying the integrity of data, preferably a hash value, more preferably a hash value generated and encrypted. have. The electronic mail processing system 1 is communicatively connected to the external server / terminal E, and the data stored in the storage unit 40 may be modulated by hacking or the like of the electronic mail processing system 1. [ When a malicious code or the like is embedded in the data stored in the electronic mail processing system 1 due to such hacking, the internal server / terminal I opens the electronic mail received from the electronic mail processing system 1, The modulated data infected with malicious code can be transmitted to the internal server / terminal I when attempting to connect. Therefore, in order to prevent such a problem, it is preferable that the data stored in the storage unit 40 is given an identification code.

If a hash value or the like is given to the data, the hash value is completely changed even in a small modulation or the like. Therefore, the integrity of the data can be verified only by comparing the hash value. Preferably, the identification code generator 50 generates a hash value, encrypts the hash value, and attaches the hash value to the data. The operation of the hash value and the like can be blocked through the encryption of the hash value.

The identification code generation unit 50 includes a content identification code generation module 51 and a mail identification code generation module 53. [

The content identification code generation module 51 generates and stores an identification code for all downloaded content. As described above, the content storage module 41 can access the external resource information and download the content immediately after the mail reception of the electronic mail processing system 1 is completed. The content storage module 41 also stores the external resource information When attempting to access the server resource information from the internal server / terminal (I) receiving the e-mail changed to the server resource information, the external resource information can be accessed to download the content. The contents identification code generation module 51 generates an identification code for the downloaded contents. The contents storage module 41 accesses the external resource information immediately after completing the mail reception of the electronic mail processing system 1, An identification code (a) of a content and an identification code (b) of the downloaded content by accessing external resource information when a connection from the internal server / terminal (I) to the server resource information is attempted. As a result, by checking whether the identification codes (a) and (b) are matched with each other, the modulation of the content or the like can be confirmed. As described above, since the e-mail processing system 1 is communicatively connected to the external server / terminal E, there is a fear of hacking and the like. Therefore, in order to prevent a content, which has been altered due to hacking or the like, from being transmitted to the internal server / terminal I, a hash value, which is a unique identification number, is assigned to all downloaded contents, more preferably, A hash value (a) of the downloaded content and a hash value (b) of the downloaded content at the time of requesting the content of the internal server / terminal (I) at the time when the internal server / terminal (I) It is possible to transmit the requested content only when the hash values match.

The mail identification code generation module 53 is configured to generate and store an identification code for an electronic mail file and is preferably stored in an external server / terminal (not shown) stored by the mail storage module 43 of the storage unit 40 E), and encrypts the hash value and adds the hash value to the file. By generating a hash value for an e-mail file, even if there is a small change in the e-mail file, the hash value is completely different. Thus, the integrity of the e-mail file can be guaranteed by comparing the hash values. The multiplexing processor 70, which will be described later, transmits the e-mail file and its identification code from the e-mail processing system 1 to the multiplexed server so as to easily determine whether or not the same is identical with the original based on the identification code . It is not limited to a specific concept regarding the generation time of the hash value. Preferably, the hash value is generated and encrypted as soon as the mail is received from the external server / terminal E to the electronic mail processing system 1 It is preferable to add the file to a separate file or mail file. More preferably, the mail identification code generation module 53 may add the generated hash value on the header of the e-mail file.

The data tracking unit 60 analyzes the data and feeds back the data to the internal server / terminal I. The data tracking unit 60 analyzes and feeds back the data as soon as the mail receiving the external resource information is completed, Data can be analyzed and fed back when an attempt is made to connect from the internal server / terminal (I) to the server resource information. The connection attempt to the server resource information is an operation for clicking not only the hyperlinked server resource information included in the e-mail transmitted to the internal server / terminal I but also the resource automatically loaded And connection to server resource information by the server. Analyzing the data may include examining the type of data, the risk of the data, and the like. The feedback is a concept collectively referred to as a whole response sent from the electronic mail processing system 1 to the internal server / terminal I, and it is possible to transmit the content of the external resource information or the electronic mail file to the internal server / terminal I Warnings, and the like. Preferably, the data tracking unit 60 accesses the external resource information before storing the related data to check the content type or the like, analyzes the risk of the received e-mail file, Malicious code or the like is contained, and if the data is confirmed to be safe, it can be configured to be stored.

The data tracking unit 60 includes a determination module 61, an extraction module 63, and an alarm module 65.

The judgment module 61 judges whether the data is dangerous or not, and judges whether the identification code is matched or not. It is not limited to a specific concept in relation to the operation timing of the determination module 61. It is preferable that data is not immediately transmitted from the external server / terminal E to the electronic mail processing system 1 And judges whether the data is dangerous when the connection from the internal server / terminal I to the server resource information is attempted (i.e., when the data is requested).

The data risk determination method of the determination module 61 is not limited to any specific concept, but it is preferable that the determination of the risk of data immediately after the completion of the mail reception is made by a database (I. E., When requesting data) from the internal server / terminal &lt; / RTI &gt; (I) to the server resource information The determination can be confirmed by comparing the identification code (a) of the data stored immediately after completion of the mail reception and the identification code (b) of the data stored at the time of requesting the data.

If the data is found to be dangerous, it is possible to send a notification message such as a warning message to the internal server / terminal I without storing the data, It is possible to transmit a notification message such as a warning message to the internal server / terminal (I) without having to store the data if the data is found to be dangerous. In addition, It is possible to judge whether the data is dangerous again by comparing the identification code (a) of the data stored immediately after receiving the mail and the identification code (b) of the data stored at the time of requesting the data.

The extraction module 63 extracts the requested data from the storage unit 40 and transmits the extracted data to the internal server / terminal I if the identification code is found to be consistent with the data through the determination module 61 Transmission configuration. Preferably, when the internal server / terminal (I) receiving the electronic mail whose resource information is changed from the electronic mail processing system 1 makes a request for data transmission while attempting to access the server resource information, the electronic mail processing system 1 Can extract the requested data through the extraction module 63 and transmit the extracted data to the internal server / terminal I. [

The alarm module 65 is configured to generate a specific notification message when a risk of data to be stored is recognized through the determination module 61 or a match / mismatch of the identification code is determined, Not only does not generate a notification message only in the case of inconsistency, but also a notification phrase such as an authentication confirmation if there is no risk to the data or the identification code is matched, a warning phrase if there is a risk to the data or the identification code is inconsistent Message. &Lt; / RTI &gt; The warning phrase may be a character form such as "malicious code discovery &quot;, but the present invention is not limited thereto, and may include various voices, moving pictures, etc. in a form of recognizing the meaning of warning.

FIG. 4 is a diagram of an electronic mail processing system according to another embodiment of the present invention, and reference is made to FIG. 4 below. In contrast to the embodiment shown in FIG. 3, the multiplexing processor 70 is added in the present embodiment. In order to avoid redundant description, the multiplexing processor 70, which is additionally configured in the above embodiment, do.

 The multiplexing processor 70 is configured to transmit the data having the identification code added thereto through the identification code generator 50 to a plurality of servers, And the mail file is transmitted together with the identification code of the e-mail file. Data stored intensively on a specific server is vulnerable to hacking, etc., and when data stored in a specific server is lost due to hacking or the like, there is no way to recover lost data. Therefore, in order to solve the problem of the single point of failure, it is necessary to multiplex the data. The multiplexing processing means that data stored in a specific server is distributed and stored in a plurality of different servers so that even if a specific server is attacked by hacking or the like, the same data is stored in another server, . As a prerequisite for this multiplexing process, it must be proved that the data distributed to other servers are the same as the original. Therefore, in order to verify such integrity, the multiplexing processor 70 generates an identification code for data stored in the storage unit 40 and adds the identification code to the data, The data with the hash value added is transmitted. This hash value may be encrypted.

That is, when the e-mail is received in the e-mail processing system 1 from the external server / terminal E, the multiplexing processor 70 transmits the e-mail message to the multiplexer 70 via the mail storage module 43 of the storage unit 40, An identification code relating to the e-mail original file stored by the mail identification code generation module 53 of the identification code generation unit 50 is generated, and the e-mail file as the original file and the original e- To the respective servers multiplexed with the electronic mail processing system 1 by extracting the identification code of the electronic mail processing system 1. The identification code of the original e-mail file may be added to a separate file or a mail file, preferably to the header of the original e-mail file. Each of the multiplexed servers can be configured to check the hash value transmitted together with the original e-mail file and copy and store the hash value of the received e-mail file only when the hash value of the received e-mail file coincides with the transmitted hash value, If the hash value of the received e-mail file does not coincide with the transmitted hash value, a warning message may be generated that the multiplexing server itself is concerned about the modulation or the like.

5 is a flowchart illustrating an e-mail processing method according to an embodiment of the present invention. Hereinafter, description will be made with reference to FIG.

The e-mail processing method (S1) is a method in which an e-mail processing system (1) having received an e-mail from an external server / terminal (E) changes external resource information of an e-mail to server resource information, To the server / terminal (I), and when the content is requested from the internal server / terminal (I) that has received the changed e-mail, it determines whether the identification code is matched and extracts the content. The electronic mail processing method S1 includes an electronic mail receiving step S10, a resource information checking step S20, an identification code generating step S30, a resource information changing step S40, an electronic mail transmitting step S50, A data request step S60, an identification code comparison step S70, a warning step S80, and a data extraction step S90.

The e-mail receiving step S10 is a step in which the connection unit 10 of the e-mail processing system 1 receives an e-mail transmitted from the external server / terminal E. [

The resource information checking step S20 includes checking whether the resource information checking unit 20 of the e-mail processing system 1 has external resource information attached to the e-mail transmitted from the external server / terminal E .

The identification code generation step S30 is a step in which when the external resource information is attached to the e-mail transmitted from the external server / terminal E from the resource information checking step S20, Refers to a step of accessing with external resource information to download a content and generating an identification code for all contents downloaded by the content identification code generation module 51. [ As described above, the identification code is preferably a hash value, and such a hash value can be encrypted.

The resource information changing step S40 is a step in which the content deletion module 31 of the resource information changing unit 30 removes all content other than the text text from the received e-mail source, The generation module 33 generates server resource information corresponding to the content removed by the content deletion module 31, respectively. A plurality of contents may be attached to the e-mail, and a plurality of contents to be deleted by the contents deletion module 31 may be associated with each content so that they can be implemented on the internal server / Server resource information is preferably created.

The electronic mail transmission step S50 is a step in which the connection unit 10 of the electronic mail processing system 1 transmits an electronic mail transmitted from the external server / terminal E to the internal server / terminal I.

The data requesting step S60, the internal server / terminal I receiving the e-mail from the e-mail processing system 1 opens the mail and clicks the hyperlinked server resource information, Quot; refers to a step of requesting the electronic mail processing system 1 for data information in order to browse specific data by accessing server resource information by a resource that is automatically loaded only by the user.

In the identification code comparison step S70, when the connection from the internal server / terminal I to the server resource information to which the external resource information is changed to the server resource information is attempted, the content storage module 41, (I) of the data stored immediately after completion of the mail reception and the identification code (a) of the internal server / terminal (I) by the content identification code generation module 51 or the mail storage module 43 and the mail identification code generation module 53, (B) of the data stored at the time of the data request.

In the warning step S80, when the identification code is found to be inconsistent through the identification code comparison step S70, the alarm module 65 of the data tracking unit 60 outputs a warning message such as modulation as a notification message .

When the identification code is found to be identical through the identification code comparison step S70, the extraction module 63 of the data tracking unit 60 extracts the request from the internal server / terminal I And extracts the extracted data from the storage unit 40 and transmits the extracted data to the internal server / terminal (I).

6 is a flowchart illustrating an e-mail processing method according to another embodiment of the present invention. Hereinafter, description will be made with reference to FIG. 6, the e-mail processing method S1 of FIG. 6 distributes the original e-mail transmitted from the external server / terminal E to the e-mail processing system 1 in a plurality of different servers The same data is stored in another server even if a specific server is attacked by a hacking or the like so that the e-mail stored in the other server is the same as the e-mail stored in the storage, It shows the process of proving. According to the present embodiment, the e-mail processing method (S1) includes an e-mail receiving step (S100), a storing and identification code generating step (S200), a multiplexing processing step (S300), an identity determination step (S400) And an authentication step S600.

The electronic mail receiving step S100 is a step in which the connection unit 10 of the electronic mail processing system 1 receives an electronic mail transmitted from the external server / terminal E. [

The storage and identification code generation step S200 stores the e-mail file source sent from the external server / terminal E by the mail storage module 43 of the storage unit 40, and the mail identification code generation module 53 ) Is the step of generating an identification code for the original e-mail file. As described above, the identification code is preferably a hash value.

The multiplexing processing step S300 refers to a step in which the multiplexing processor 70 extracts an original e-mail file and a corresponding identification code and transmits the same to multiple servers. The identification code of the original e-mail file may be added to a separate file or mail file, preferably to be added to the header of the original e-mail file. Data stored intensively on a specific server is vulnerable to hacking, etc., and when data stored in a specific server is lost due to hacking or the like, there is no way to recover lost data. Therefore, in order to solve the problem of single point of failure, data stored in a specific server is distributed to a plurality of different servers so that even if a specific server is attacked by hacking or the like, the same data Once stored, you can block the source from disappearing.

In the affirmative determination step S400, the identification code of the received e-mail file is transmitted together with the identification code transmitted together with the identification code transmitted together with the e-mail file transmitted from the e-mail processing system 1 in the multiplexed server And judging whether or not they coincide with each other. The identification code may preferably be a hash value, and the identity determination step (S400) may verify the integrity of the received e-mail file by comparing the hash value.

In the warning step S500, when the identification code is found to be inconsistent through the determination step S400, a warning message indicating that the e-mail file received from the multiplexed server itself is likely to be altered may be sent as a notification message .

In the storing step S600, when the identity code is found to be identical through the determination step S400, it is confirmed that the e-mail file received from the multiplexed server itself is the same as the original, .

The foregoing detailed description is illustrative of the present invention. In addition, the foregoing is intended to illustrate and explain the preferred embodiments of the present invention, and the present invention may be used in various other combinations, modifications and environments. That is, it is possible to make changes or modifications within the scope of the concept of the invention disclosed in this specification, within the scope of the disclosure, and / or within the skill and knowledge of the art. The embodiments described herein are intended to illustrate the best mode for implementing the technical idea of the present invention and various modifications required for specific applications and uses of the present invention are also possible. Accordingly, the detailed description of the invention is not intended to limit the invention to the disclosed embodiments. It is also to be understood that the appended claims are intended to cover such other embodiments.

1: E-mail processing system
10: Connection
20: Resource information verification unit
30: Resource information changing unit 31: Content deletion module
33: Server resource creation module
40: Storage unit 41: Content storage module
43: Mail storage module
50: ID code generation unit 51: Content ID code generation module
53: mail identification code generation module
60: Data tracking unit 61: Judgment module
63: Extraction module 65: Alarm module
70:
E: external server / terminal I: internal server / terminal

Claims (15)

An electronic mail processing system for receiving an electronic mail transmitted from an external server / terminal and transmitting the electronic mail to an internal server / terminal,
A resource information checking unit for checking whether the contents of the electronic mail received from the external server / terminal are present in the external resource information,
And a resource information changing unit for changing the external resource information into server resource information for connecting the external resource information to the e-mail processing system when the external resource information is confirmed in the e-mail through the resource information checking unit and transmitting the changed e-mail to the internal server / ,
Wherein the internal server / terminal is protected while notifying the external server / terminal of the electronic mail transmitted from the external server / terminal to the internal server / terminal regardless of the danger of the electronic mail. system. delete The e-mail processing system according to claim 1, wherein the content includes a body of an electronic mail or an attachment file. The information processing apparatus according to claim 1, wherein the resource information changing unit comprises: a content deletion module for removing all contents other than the text text from the received e-mail source; a server for generating server resource information corresponding to the content removed by the content deletion module; And a resource creation module for creating an e-mail. The electronic mail processing system according to claim 1, wherein the electronic mail processing system further comprises: a storage unit for storing data; and an identification code generation unit for generating an identification code for data stored in the storage unit Email processing system for security of city. The e-mail processing system according to claim 5, wherein the data includes content and an e-mail file. 7. The apparatus of claim 6, wherein the storage unit comprises a content storage module for downloading content by accessing external resource information, and a mail storage module for storing an electronic mail file transmitted from the external server / An email processing system for security when browsing. 8. The method according to claim 7, wherein the content storage module accesses external resource information and downloads contents immediately after completing the mail reception and / or when accessing the server resource information from the internal server / terminal Email processing system for security. 8. The e-mail processing system according to claim 7, wherein the mail storage module stores an e-mail file upon completion of e-mail reception. 6. The apparatus of claim 5, wherein the identification code generation unit comprises: a content identification code generation module for generating an identification code for the content downloaded by the content storage module; and an identification code generation unit for generating an identification code for the electronic mail file stored through the mail storage module And an e-mail identification code generation module for e-mail. 7. The e-mail processing system according to claim 6, wherein the electronic mail processing system includes a data tracking unit for analyzing data and feeding back to the internal server / terminal. 12. The apparatus of claim 11, wherein the data tracking unit comprises: a determination module for determining whether the data is dangerous or not and whether the identification code is matched; and, if the identification code is found to be consistent with the data through the determination module, And an alarm module for transmitting a notification message to the internal server / terminal when it is determined that there is a risk to the data or the identification code is inconsistent through the determination module, E-mail processing system for security when reading e-mails. The information processing apparatus according to claim 12, wherein the determination module compares an identification code of data stored upon completion of mail reception with an identification code of data stored in connection with server resource information in the internal server / terminal An email processing system for security when browsing. 14. The e-mail processing system according to claim 13, wherein the e-mail processing system includes a multiplexing unit that transmits an e-mail file stored through a mail storage module and an identification code generated through a mail identification code generation module to a server multiplexed with the e- Further comprising a processing unit for processing the e-mail. 15. The e-mail processing system according to any one of claims 5 to 14, wherein the identification code is encrypted.

Images