JP2013182482A - Attached file relay device, method for relaying attached file, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To cause a destination to access to an attached file by an optimal method according to environment of the destination of an e-mail.SOLUTION: A mail reception unit 11 of an attached file relay device 10 receives an e-mail with an attached file, with a receiver terminal 30 defined as a destination, from a transmitter terminal 20. A processing determination unit 12 discriminates a processing method for the attached file of the e-mail on the basis of environment of the destination of the e-mail received by the mail reception unit 11. An attached file processing unit 13 executes processing for causing the attached file to access to the receiver terminal on the basis of the processing method discriminated by the processing determination unit 12.

Description

  The present invention relates to an attached file relay device, an attached file relay method, and a program.

  In many cases, the attached file of an e-mail is important data that is more confidential than the text. Therefore, an attached file of an electronic mail is encrypted and transmitted. Various techniques for safely delivering an attached file of an electronic mail are known.

  For example, in Patent Document 1, an attached file of an e-mail transmitted from a transmission side terminal is encrypted and transmitted to a reception side terminal, and a transmission completion mail is transmitted to the transmission side terminal. Then, in response to access to the inquiry address written in the transmission completion email, the attached file can be automatically encrypted by sending a password notification email to the receiving terminal, and the user It is possible to notify the encryption password safely without taking time and effort.

JP 2008-187280 A

  In Patent Document 1, processing such as encryption of an attached file is necessary even when security is ensured as in-house mail, which is troublesome and troublesome. Further, in Patent Document 1, it is not possible to cope with the situation such as changing the encryption method for each e-mail destination.

  The present invention has been made in view of the above circumstances, and is an attached file relay device, an attached file relay method, and an attached file relay method capable of allowing the destination to access the attached file by an optimum method according to the environment of the destination of the e-mail. And it aims at providing a program.

In order to achieve the above object, an attached file relay device according to the first aspect of the present invention provides:
An e-mail receiving means for receiving an e-mail with an attached file addressed to the recipient terminal from the sender terminal;
Processing determining means for determining a processing method for the attached file of the e-mail based on an environment of a destination of the received e-mail;
Based on the determined processing method, processing execution means for executing processing for causing the recipient terminal to access the attached file;
It is characterized by providing.

In order to achieve the above object, the attached file relay method according to the second aspect of the present invention is:
Receive an email with an attached file addressed to the receiver terminal from the sender terminal,
Based on the environment of the destination of the received email, determine a processing method for the attached file of the email,
Based on the determined processing method, a process for causing the recipient terminal to access the attached file is executed.
It is characterized by that.

In order to achieve the above object, a program according to the third aspect of the present invention provides:
Computer
An e-mail receiving means for receiving an e-mail with an attached file addressed to the recipient terminal from the sender terminal;
Processing determining means for determining a processing method for the attached file of the e-mail based on an environment of a destination of the received e-mail;
A process execution means for executing a process for causing the recipient terminal to access the attached file based on the determined processing method;
To function as.

  According to the present invention, the destination can access the attached file by an optimum method according to the environment of the destination of the e-mail.

It is a figure which shows the structure of the system containing the attachment file relay apparatus which concerns on embodiment of this invention. It is a block diagram which shows the structure of the attachment file relay apparatus which concerns on embodiment of this invention. It is a figure which shows the structure of a data storage part. It is a figure which shows the structure of user information. (A) is a figure which shows the structure of security setting information. (B) is a figure which shows the structure of the security setting information according to domain. (C) is a figure which shows the structure of the security setting information classified by address. It is a figure which shows the example of the data memorize | stored in DL site user management DB. It is a figure which shows the example of a system information setting file. It is a flowchart (the 1) for demonstrating the operation | movement of an email reception process. It is a flowchart (the 2) for demonstrating the operation | movement of an email reception process. It is a flowchart (the 3) for demonstrating the operation | movement of an email reception process. It is a figure which shows the example of an original mail. It is a flowchart for demonstrating operation | movement of a security setting acquisition process. It is a figure which shows the example of an email with an encryption attachment file. It is a figure which shows the example of an attachment file deletion mail. It is a figure which shows the structure of encryption information. It is a figure which shows the structure of an access key. It is a figure which shows the example of the data memorize | stored in transmission mail management DB. It is a figure which shows the example of the data memorize | stored in DB for Web approval. It is a figure which shows the example of an approval request mail. It is a figure which shows the example of an approval reply request mail. It is an example of a screen for Web approval (unprocessed mail list screen). It is an example of a screen (detail screen) for Web approval. It is a flowchart (the 1) for demonstrating operation | movement of an approval process. It is a flowchart (the 2) for demonstrating operation | movement of an approval process. It is a figure which shows the example of the access method notification mail. It is a figure which shows the example of the access method notification mail. It is a figure which shows the example of the access method notification completion mail. It is a flowchart for demonstrating operation | movement of a download process.

  Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings. In the drawings, the same or equivalent parts are denoted by the same reference numerals.

  FIG. 1 shows the configuration of a system including an attached file relay device 10 according to an embodiment of the present invention. The attached file relay apparatus 10 is connected to the sender terminal 20, the receiver terminal 30, and the approver terminal 40 so as to be able to communicate with each other via the Internet. The attached file relay device 100 is a device that safely relays an attached file of an e-mail transmitted from the sender terminal 20 to the recipient terminal 30. The approver terminal 40 is a terminal used by the approver to approve access to the attached file. In FIG. 1, each of the terminals 20 to 40 is shown one by one, but actually, it is assumed that there are a plurality of terminals 20 to 40, respectively. Each of the terminals 20 to 40 is a general PC (Personal Computer) including an operation unit, a display unit, a communication unit, a control unit, and the like. Each of the terminals 20 to 40 includes a browser and a function of accessing the Internet. In addition, e-mail software (mailer) is installed in each of the terminals 20 to 40, and it is possible to create and send / receive e-mails by the mailer function.

The attached file relay device 10 is a computer including a communication interface such as a central processing unit (CPU), a read only memory (ROM), a random access memory (RAM), a hard disk drive, and a network interface card (NIC). As shown in FIG. 2, the attached file relay apparatus 10 functionally includes a mail receiving unit 11, a process determining unit 12, an attached file processing unit 13, and a data storage unit 14.
The mail receiving unit 11, the process determining unit 12, and the attached file processing unit 13 are functionally realized by the CPU executing an operation program stored in the ROM. The data storage unit 14 is information or a database stored in the hard disk drive.

The mail receiving unit 11 receives an e-mail from the sender terminal 20.
The process determining unit 12 performs a process to be performed on the received e-mail based on the information such as the destination address and destination domain of the e-mail received by the mail receiving unit 11 and the information stored in the data storage unit 14. Is determined.

  The attached file processing unit 13 executes the process determined by the process determining unit 12 on the electronic mail received by the mail receiving unit 11. The attached file processing unit 13 includes an encryption unit 131, a mail transmission unit 132, an approval processing unit 133, a WEB approval processing unit 134, and a DL site processing unit 135 according to the processing contents.

  The encryption unit 131 encrypts the attached file of the received electronic mail.

  The mail transmission unit 132 transmits an e-mail to the recipient terminal 30 designated as the destination of the received e-mail.

  The approval processing unit 133 transmits an approval request mail for requesting approval for opening the attached file of the received electronic mail to the approver terminal 40. In addition, the approval processing unit 133 responds to the reception of the approval reply mail from the approver terminal 40 or the WEB approval processing unit 134, and receives an access method notification mail that notifies the access method to the approved attached file. 30.

  The WEB approval processing unit 134 transmits an access method notification mail to the recipient terminal 30 in accordance with an operation performed by the approver terminal 40 on the Web.

  The DL site processing unit 135 executes various processes related to a Web site (download site) for downloading an attached file. Specifically, the DL site processing unit 135 separates the attached file from the received electronic mail and stores it in the data storage unit 14. Also, the DL site processing unit 135 receives an attachment file download request from the recipient terminal 30 and transmits the attachment file stored in the data storage unit 14 to the requesting recipient terminal 30.

  Various types of information are stored in the data storage unit 14. Specifically, as shown in FIG. 3, the data storage unit 14 includes a user information storage DB 141, a DL site user management DB 142, a DL information storage DB 143, an outgoing mail management DB 144, and a Web approval DB 145. The system information setting file 146 is stored.

  In the user information storage DB 141, information (user information) about the user is stored for each user who can use the attached file relay apparatus 10. FIG. 4 shows a configuration example of user information. The user information includes the user ID 1d of the user, the mail address 2d, the alternative mail address 3d, the approver mail address 4d, the mail attachment necessity flag 5d, the transmission result mail necessity flag 6d, and the transmission mail storage location 7d. , Data setting location 8d for Web approval, security setting information 9d, security setting information 10d for each domain created for each domain, and security setting information 11d for each address created for each destination address. The approver e-mail address 4d indicates the e-mail address of the approver when the e-mail transmitted from the sender terminal 20 to the receiver terminal 30 needs the approval of the approver. The mail attachment necessity flag 5d is information indicating whether or not the original mail is attached when the approval request mail is transmitted to the approver. The transmission result mail necessity flag 6d is information indicating whether or not to transmit the result to the user who is the sender when the transmission of the electronic mail to the destination address is completed. The transmission mail storage location 7d is information indicating a location in the transmission mail management DB 144 in which information related to the electronic mail transmitted by the user is stored. The Web approval data storage location 8d is information indicating a location in the Web approval DB 145 in which information necessary when the user who is an approver approves from the Web is stored.

  The security setting information 9d is information that defines in what form the attached file of the e-mail is transmitted to the recipient terminal 30. Specifically, as shown in FIG. 5A, the security setting information 9d includes a DL site use flag 9d1, an encryption presence / absence flag 9d2, encryption setting information, and approval setting information.

  The DL site use flag 9d1 is information indicating whether or not to use the download site in order to transmit the attached file of the e-mail to the recipient terminal 30.

  The encryption presence / absence flag 9d2 is information indicating whether or not to encrypt an attached file. When it is set to encrypt with the encryption presence / absence flag 9d2, the attached file is encrypted based on the information defined in the encryption setting information. The encryption setting information is information including an encryption method 9d3, a password length 9d4, an encrypted extension 9d5, a fixed password 9d6, and the like. The attached file is encrypted by a method defined by the encryption method 9d3. The password length 9d4 defines a password length condition for decrypting the encrypted attached file. The encrypted extension 9d5 defines the type of extension added to the encrypted attached file, and is an extension such as “.zip”, “.lzh”, “.exe”, or the like. The fixed password is information set when the password for decrypting the encrypted attached file is a fixed password.

  The approval setting information includes a self-approval necessity flag 9d7 and an approver approval necessity flag 9d8. The self-approval necessity flag 9d7 is used when notifying the recipient terminal 30 of the access method to the download site for acquiring the attached file of the e-mail and the password for combining the encrypted attached file. This is information indicating whether or not the approval of the user who is the sender of the e-mail is necessary. The approver approval necessity flag 9d8 is used when notifying the receiver terminal 30 of the access method to the download site for acquiring the attached file of the e-mail and the password for combining the encrypted attached file. This is information indicating whether or not the approval of the user approver is necessary.

  The domain-specific security setting information 10d is information that prescribes how an attached file is transmitted to the recipient terminal 30 for an electronic mail addressed to a specific domain. The domain-specific security setting information 10d is created for the number of domains to be set. As shown in FIG. 5B, the domain-specific security setting information 10d has a configuration in which the domain name 10d1 of the target domain is added to the security setting information 9d shown in FIG. That is, the domain-specific security information includes the domain name 10d1, the DL site use flag 10d2, the encryption presence / absence flag 10d3, the encryption setting information (encryption method 10d4, password length 10d5, encrypted extension 10d6, fixed Password 10d7) and approval setting information (self-approval necessity flag 10d8, approver approval flag 10d9).

  The address-specific security setting information 11d is information that defines how an attached file is transmitted to the recipient terminal 30 for an e-mail addressed to a specific address. The address-specific security setting information 11d is created for the number of destination addresses to be set. As shown in FIG. 5C, the address-specific security setting information 11d has a configuration in which the target destination address 11d1 is added to the security setting information 9d shown in FIG. 5A. That is, the domain-specific security information includes a destination address 11d1, a DL site use flag 11d2, an encryption presence / absence flag 11d3, encryption setting information (encryption method 11d4, password length 11d5, encrypted extension 11d6, fixed Password 11d7) and approval setting information (self-approval necessity flag 11d8, approver approval flag 11d9).

  Returning to FIG. 3, the DL site user management DB 142 stores various types of information necessary for the user to use the download site for each user. Specifically, as shown in FIG. 6, the DL site user management DB 142 stores, for each user, a login ID 142c1, a login password 142c2, an expiration date 142c3, a storage location 142c4, and the like for logging in to the download site. The The storage location 142c4 is information indicating in which location (folder) in the DL information storage DB 143 data related to this user is stored.

  Returning to FIG. 3, the DL information storage DB 143 stores, for each user, data such as attached files stored in the download site by the user for each folder.

  The transmission mail management DB 144 stores, for each sender, information related to an electronic mail transmitted by the sender, an access key described later, and the like.

  The Web approval DB 145 stores information necessary for an approver to approve from the Web for each approver.

  In the system information setting file 146, various setting data that are commonly referred to in the entire system including the attached file relay apparatus 10 are defined. For example, in the system information setting file 146, as shown in FIG. 7, the system version, the host name, the host ID, the IP address of the attached file relay device 10, the path to the user management directory, the mail address of the attached file relay device 10 And an encryption exclusion extension list and the like are set. The encryption exclusion extension list is a list of extensions of attached files that are not encrypted. For example, if an encryption exclusion extension list is defined as shown in FIG. 7, attached files such as “XX.zzz” and “XX.yyy” are automatically detected from the encryption target. Excluded.

  Subsequently, the details of the process (e-mail reception process) when the attached file relay apparatus 10 receives an e-mail addressed to the recipient terminal 30 from the recipient terminal 30 are shown in the flowcharts of FIGS. The description will be given with reference.

  The user of the sender terminal 20 operates the sender terminal 20 to create an e-mail addressed to the receiver terminal 30 from the mailer and transmits it to the attached file relay apparatus 10. In the following description, this e-mail will be referred to as an original e-mail to distinguish it from other e-mails. FIG. 11 shows an example of the original mail transmitted from the sender terminal 20. The original mail includes a header part J1 in which a sender address (From), a destination address (To), a message ID (Message-ID), a subject (Subject) and the like are described, and a body part J2 in which the contents of the text are described. Prepare. The message ID is an ID assigned to uniquely identify each original mail. In addition, a file (attached file) J3 may be attached to the e-mail.

  When the mail receiving unit 11 of the attached file relay device 10 receives an e-mail (original mail) from the sender terminal 20, first, the process determining unit 12 determines whether or not an attached file is attached to the original mail ( FIG. 8; Step S101).

  When it is determined that the electronic mail is not attached with an attached file (step S101; No), it is not necessary to perform special processing on the original mail. Accordingly, the mail transmitting unit 132 transmits the original mail to the recipient terminal 30 set as the destination of the original mail (step S102), and the e-mail receiving process ends.

  If it is determined that the email is an attached file (step S101; Yes), the process determination unit 12 acquires the user information of the sender of the original mail from the user information storage DB 141. Specifically, the process determination unit 12 may acquire user information having the mail address of the sender address (From) in the header part of the original mail as the mail address 2d from the user information storage DB 141 (step S103).

  Subsequently, the process determination unit 12 refers to the system information setting file 146 to obtain a list of extensions set in the encryption exclusion extension list (step S104).

  Subsequently, the process determination unit 12 acquires setting information corresponding to the received original mail from the security setting information for each address 11d, the security setting information for each domain 10d, and the security setting information 9d acquired in step S103. A security setting acquisition process is executed (step S105).

  Details of the security setting acquisition processing will be described with reference to the flowchart of FIG. When the security setting acquisition process is started, first, the process determination unit 12 selects a destination address 11d1 that matches the destination address (To) of the original mail from the address-specific security setting information 11d acquired in step S103. It is determined whether or not there is address-specific security setting information 11d having (step S1051).

  When there is matching address-specific security setting information 11d (step S1051; Yes), the process determining unit 12 acquires the address-specific security setting information 11d (step S1052), and the security setting acquisition process ends.

  If there is no matching address-specific security setting information 11d (step S1051; No), the process determining unit 12 matches the destination domain of the original mail from the domain-specific security setting information 10d acquired in step S103. It is determined whether there is domain-specific security setting information 10d having the domain name 10d1 (step S1053).

  If there is matching domain-specific security setting information 10d (step S1053; Yes), the process determination unit 12 acquires the domain-specific security setting information 10d (step S1054), and the security setting acquisition process ends.

  When there is no matching domain-specific security setting information 10d (step S1053; No), the process determination unit 12 acquires the security setting information 9d of the user information acquired in step S103 (step S1055), and the security setting acquisition process ends. To do.

  Returning to FIG. 8, when the security setting acquisition process is completed, the process determination unit 12 determines that the original is based on the encryption exclusion extension list acquired in step S104 and the information acquired in the security setting information acquisition process in step S105. It is determined whether or not the mail attachment is encrypted (step S106). Specifically, when the extension of the attached file matches the extension registered in the encryption exclusion extension list, the process determining unit 12 determines that the attached file is not encrypted. If the extension of the attached file does not match the extension registered in the encryption exclusion extension list, the process determination unit 12 determines the security setting information for each address 11d acquired in the security setting information acquisition process, the security for each domain It is determined whether or not to encrypt the attached file with reference to the encryption presence / absence flags 11d3, 10d3, and 9d2 of the setting information 10d or the security setting information 9d.

  Subsequently, when it is determined in step S106 that the attached file is to be encrypted, the process determination unit 12 encrypts the encryption setting information (encryption method, password length, extension after encryption, fixed password, etc.). Is acquired from the address-specific security setting information 11d, the domain-specific security setting information 10d, or the security setting information 9d used for the determination (step S107).

  Subsequently, the process determination unit 12 determines whether or not to send the attached file of the original mail to the recipient terminal 30 via the download site based on the information acquired in the security setting information acquisition process of step S105. (Step S108). Specifically, the process determination unit 12 sets the security setting information for each address 11d, the security setting information for each domain 10d acquired in the security setting information acquisition process, or the DL site use flags 11d2, 10d2, and 9d1 of the security setting information 9d. Refer to and determine whether or not the download site is used.

  Subsequently, based on the information acquired in the security setting information acquisition process of step S105, the process determination unit 12 determines whether or not the approver or sender needs to approve the attached file of the original mail (step S109). . Specifically, the process determination unit 12 sets the security setting information 11d for each address acquired by the security setting information acquisition process, the security setting information 10d for each domain, or the approval setting information (self-approval necessity flag 11d8) of the security setting information 9d. 10d8, 9d7 and the approver approval necessity flag 11d9, 10d9, 9d8), it is determined whether approval is required.

  Subsequently, the process determining unit 12 determines whether or not the attached file is not encrypted in step S106, and determines whether or not the download site is not used in step S108 (step S110).

  If it is determined that the attached file is not encrypted and the download site is not used (step S110; Yes), there is no need to perform special processing on the original mail. Accordingly, the mail transmitting unit 132 transmits the original mail to the recipient terminal 30 set as the destination of the original mail (step S102), and the e-mail receiving process ends.

  If it is not determined that the attached file is not encrypted and the download site is not used (step S110; Yes), the process determining unit 12 determines whether the attached file is determined to be encrypted in step S106. It discriminate | determines (FIG. 9: step S111).

  When it is determined that encryption is to be performed (step S111; Yes), the encryption unit 131 encrypts the attached file of the original mail (encryption or extension change) based on the encryption setting information acquired in step S107. Password setting, etc.) (step S112).

  When it is determined that encryption is not performed (step S111; No), or after encryption is performed in step S112, the processing determination unit 12 determines whether it is determined in step S108 that the download site is used (step S108). Step S113).

  When it is determined that the download site is not used (step S113; No), the mail transmission unit 132 sets the mail with the attached file encrypted in step S112 to the original mail to the destination address (To). Transmit to the set recipient terminal 30 (step S114). Subsequently, the process proceeds to step S117.

  Here, FIG. 13 shows an example of an email with an encrypted attached file. The contents of the header part K1 and the body part K2 of the encrypted attached file-attached mail are the same as the contents of the original mail shown in FIG. 11, except that the attached file K3 is encrypted.

  Returning to FIG. 9, when it is determined that the download site is used (step S113; Yes), the DL site processing unit 135 stores the attached file in a predetermined location of the DL information storage DB 143 (step S115). Specifically, the DL site processing unit 135 creates a login ID 142c1 and a login password 142c2 for the original mail recipient to log in, and registers them as new records in the DL site user management DB 142. Note that the user ID created here does not overlap with the login ID 142c1 registered in the DL site user management DB. The login password 142c2 is randomly generated using a random number or the like. Subsequently, the DL site processing unit 135 sets a free location in the DL information storage DB 143 as the storage location 142c4 of the newly registered record. Subsequently, the DL site processing unit 135 registers (stores) the attached file in the storage location of the DL information storage DB 143 indicated by the storage location 142c4 of the newly registered DL site user DB 142 record. The DL site processing unit 135 may register a record of the newly registered DL site user DB 142 and an expiration date 142c3 for automatically deleting the attached file stored in the DL information storage DB 143.

  Subsequently, the DL site processing unit 135 transmits an email (attached file deleted email) from which the attached file has been deleted from the original email to the recipient terminal 30 set to the destination address (To) of the original email (step) S116). FIG. 14 shows an example of an attached file deletion mail obtained by deleting an attached file from the original mail shown in FIG. As shown in this example, a message indicating that the attached file has been deleted may be newly written in the main body L2 of the attached file deletion mail. Subsequently, the process proceeds to step S117.

  In step S117 of FIG. 10, the process determining unit 12 determines whether or not the approval of the approver (or the sender) is required in order to notify the attached file access method in step S109.

  When it is determined that the approval is not necessary (step S117; No), the mail transmission unit 132 creates an access method notification mail for notifying the access method to the attached file, and the recipient terminal set as the destination of the original mail 30 (step S118). For example, when the attached file is encrypted and transmitted to the recipient terminal 30, the mail transmitting unit 132 transmits an access method notification mail in which a password for releasing the encryption is described. In addition, when an attached file is uploaded using the download site, an access method notification mail describing a URL (Uniform Resource Locator) indicating an access destination to the attached file in the download site is transmitted.

  When the transmission of the access method notification mail is completed, the mail transmission unit 132 transmits a transmission completion mail indicating that the transmission of the attached file is completed to the sender terminal 20 that is the sender of the original mail (step S119). The mail reception process ends.

  If it is determined that approval is required (step S117; Yes), the approval processing unit 133 specifies the transmission mail storage location 7d defined by the user information acquired in step S103 (step S120).

  Subsequently, the approval processing unit 133 creates encryption information (step S121). The encryption information is information composed of the destination address of the original mail and encrypted data (encrypted data) separated by a separator that is a predetermined character string as shown in FIG. The information encrypted as the encrypted data includes various types of security-related information (DL site use flag, encryption presence / absence flag, approval setting information, etc.) acquired in the security setting acquisition process in step S104, when encrypted. Password, access URL when the attached file is stored on the download site, various information about the original mail (destination address, message ID, transmission date and time, subject, etc.).

  Returning to FIG. 10, subsequently, the approval processing unit 133 creates an access key for the approver to access the attached file (step S122). FIG. 16 shows an example of the access key. The access key includes a character string obtained by encrypting the user ID of the sender of the original mail, a character string obtained by encrypting fixed information such as the message ID of the original mail and the version described in the system information setting file 146, and 4 This is character string data composed of a hash for checking digits and a character “@” separating them.

  Returning to FIG. 10, subsequently, the approval processing unit 133 stores the access key created in step S122 and the original mail in the storage location in the outgoing mail management DB 144 specified in step S120, as shown in FIG. Various information (processing time, message ID, transmission date and time, sender address (From), destination address (To), subject), etc. are stored (step S123).

  Returning to FIG. 10, subsequently, the approval processing unit 133 acquires the approver e-mail address 4d defined by the user information acquired in step S103. Then, the approval processing unit 133 specifies the approver user information from the approver mail address 4d, and specifies the storage location of the Web approval DB 145 (Web approval data storage location 8d) from the specified approver user information. (Step S124).

  Subsequently, as shown in FIG. 18, the approval processing unit 133 stores the access key created in step S122, the information related to the original mail, and the encrypted information created in step S121 in the storage location of the specified Web approval DB 145. Etc. are stored (step S125).

  Returning to FIG. 10, subsequently, the approval processing unit 133 creates and transmits an approval request mail to the approver terminal 40 that requests the approval of the attached file (step S <b> 126). The destination of the approver terminal 40 may be specified from the approver mail address 4d of the user information specified in step S103. If the self-approval flag 11d8, 10d8, 9d7 of the setting information specified in step S105 is set to require self-approval, an approval request mail is transmitted to the sender terminal 20 that is the original mail sender. To do. Thus, the e-mail reception process ends.

  Here, an example of the approval request mail is shown in FIG. The approval request mail is composed of a header part M1, a body part M2, and an attached file M3. In the sender address (From) of the header part M1, the mail address of the attached file relay device 10 defined in the system information setting file 146 is described. Further, the e-mail address of the approver is described in the destination address (To). In addition, unique information is automatically written in the message ID (Message-ID) from information such as the current time. In addition, the Message-ID of the original mail is described in the reference source message (References) and the reply source message (In-Reply-To).

  Further, the encrypted information created in step S121 and the access key created in step S122 are described in the body part M2 of the approval request mail. In addition, when the attachment necessity flag 5d indicates that attachment is necessary, the original mail is attached as an attachment file M3 for confirmation by the approver. It is assumed that the attached file M3 of the original mail is not particularly encrypted. FIG. 19 shows an approval request e-mail when the download site is used and the attached file is encrypted. Depending on whether or not the download site is used and whether or not the download site is encrypted, the main body M2 is appropriately selected. An approval request email with a different wording is created.

  Next, an approval process for approving an attached file based on an approval operation from an approver will be described. By the e-mail receiving process, the approver terminal 40 (sender terminal 20 in the case of self-approval) receives the approval request mail. The approver performs either “Approval from Web site” or “Approval by email reply” from the approver terminal 40 according to the content of the received approval request mail.

  In the case of “approval by e-mail reply”, the approver operates the approver terminal 40 to create an approval reply e-mail for notifying the response to the approval in the form of replying to the received approval request e-mail, and attaching the file Transmit to the relay device 10.

  An example of an approval reply mail corresponding to the approval request mail shown in FIG. 19 is shown in FIG. The approval reply mail is composed of a header part N1 and a text part N2. In the sender address (From) of the header part N1, the mail address of this approver is described. In addition, in the destination address (To), the mail address of the attached file relay apparatus 10 that is the transmission source of the approval request mail is described.

  The content of the approval request mail shown in FIG. 19 is quoted in the main body N2 of the approval reply mail. That is, encryption information and access keys are written in the main body. If the approver has an address of the recipient terminal 30 that is not approved (not subject to access to the attached file) among the recipient addresses of the original mail in the encrypted information described in the main body, Create an approval reply email with the address description removed.

  In addition, in the case of “approval from the website”, the approver operates the operation unit of the approver terminal 40 and the approval provided by the attached file relay device 10 indicated by the URL destination described in the approval request mail. Log in to your website with your user ID.

  When there is a login from the approver, the WEB approval processing unit 134 of the attached file relay apparatus 10 acquires user information having the user ID of the approver from the user information storage DB 141. Then, the WEB approval processing unit 134 acquires information related to the original mail from the storage location of the Web approval DB 145 indicated by the Web approval data storage location 8d of the acquired user information, and based on the acquired information, FIG. As shown, an approval list screen on which all approval requests that the user needs to approve is displayed and displayed on the display unit of the approver terminal 40.

  The approver operates the approver terminal 40 and selects a matter to be approved from the approval list screen. In response to this selection operation, the approval processing unit 133 of the attached file relay apparatus 10 displays a detailed screen as shown in FIG. 22 on the display unit of the approver terminal 40. After confirming the details on the details screen, the approver operates the operation unit of the approver terminal 40 to check the destination address to be approved, and clicks the approval button. In response to this click operation, the WEB approval processing unit 134 creates the above-described approval reply mail based on the information checked from the detail screen, and transmits it to the approval processing unit 133.

  When an approval reply mail is received from the approver terminal 40 by “approval by mail reply”, or when an approval reply mail is received from the web approval processing unit 134 by “approval from the website”, the attached file relay device 10 The approval processing unit 133 performs the approval processing shown in FIGS.

  First, the approval processing unit 133 decrypts the access key portion in the main body part of the received approval reply mail and acquires the user ID (step S201). This user ID is the user ID of the sender of the original mail as described above.

  Subsequently, the approval processing unit 133 acquires user information having the acquired user ID from the user information storage DB 141, and acquires the approver's mail address 2d from the user information (step S202). The approval processing unit 133 may also acquire the approver's alternative email address 3d from the user information.

  Subsequently, the approval processing unit 133 determines whether or not the approver's email address 2d (or alternative email address 3d) acquired in step S202 matches the email address of the approval reply email sender (step S203). ).

  If they do not match (step S203; No), it is considered that an approval reply email has been sent by an unauthorized third party pretending to be an approver. Therefore, the approval process is terminated without performing the subsequent processes.

  If they match (step S203; No), then the approval processing unit 133 acquires the user information having the user ID acquired in step S201 from the user information storage DB 141, and stores the transmission mail management DB 144 from this user information. 7d is specified (step S204).

  Subsequently, the approval processing unit 133 acquires information on the original mail stored in association with the access key stored in the storage location 7d of the specified transmission management DB 144, encryption information, and the like (step S205). .

  Subsequently, the approval processing unit 133 refers to the encryption information described in the main body of the received approval reply mail, and identifies the destination address (approval address) approved by the approver as the destination of the attached file (Step S206).

  Subsequently, the approval processing unit 133 determines whether or not the approval address identified in step S206 is one or more (step S207). If there is no approval address (step S207; No), the process proceeds to step S212.

  When there are one or more approval addresses (step S207; Yes), the approval processing unit 133 determines whether or not all the approval addresses are included in the list of destination addresses of the original mail acquired in step S205. A determination is made (step S208).

  If it is not included (step S208; No), there is a possibility that the approver has described an incorrect approval address in the approval reply mail, or that improper approval by impersonation has been made. Therefore, the subsequent processing is not performed, and the approval processing ends.

  If it is included (step S208; Yes), the approval processing unit 133 decrypts the encrypted data of the encrypted information acquired in step S205, and stores a password and an attached file for decrypting the attached file. Various information necessary for creating an access method notification mail for notifying the access method to the download site is acquired (step S209).

  Subsequently, the approval processing unit 133 creates an access method notification mail for notifying a DL site access method (URL, login ID, login password) and a password for decryption based on the information acquired in step S209. Then, it transmits to the approval address specified in step S206 (FIG. 24; step S210).

  Here, examples of access method notification mails are shown in FIGS. FIG. 25 is a diagram showing an access method notification mail when the download site is not used (that is, when the attached file of the original mail is encrypted and transmitted). The sender address (From), message ID (Message-ID), reference source message (References), and reply source message (In-Reply-To) in the header part P1 are the encrypted attachments transmitted in step S114 of the email reception process. Set the same as mail with file. Further, the main body part P2 describes a password for decrypting the attached file and information on the mail with the encrypted attached file.

  FIG. 26 is a diagram showing an access method notification mail when the attached file is encrypted and the download site is used. The sender address (From), message ID (Message-ID), reference source message (References), and reply source message (In-Reply-To) in the header part Q1 are deleted from the attached file transmitted in step S116 of the e-mail receiving process. Set the same as email. In the main body Q2, the URL of the download site, login ID, login password, download expiration date, password value if the file is encrypted, and information on the attached file deletion mail are described.

  Returning to FIG. 24, subsequently, the approval processing unit 133 transmits the attached file access method (download site access method, encrypted password) to the approver terminal 40 (sender terminal 20 when the sender approves). An access method notification completion mail is sent to notify that the notification is completed (step S211).

  Here, an example of the access method notification completion mail is shown in FIG. In the reference source message (References) of the header part R1, the message ID of the original mail and the message ID of the approval request mail transmitted in step S126 of the e-mail reception process are set. Further, the message ID of the approval request mail is set in the reply source message (In-Reply-To). In addition, the main body R2 includes a destination list that notifies the access method to the attached file and information related to the original mail. FIG. 27 shows an access method notification completion e-mail when the download site is used and the attached file is encrypted. Depending on whether or not the download site is used and whether or not it is encrypted, Are described as appropriate.

  Returning to FIG. 24, subsequently, the approval processing unit 133 deletes the data in the outgoing mail management DB 144 stored in the storage location specified in step S204 (step S212).

  Subsequently, the approval processing unit 133 specifies the user information of the approver from the user information storage DB 141 from the approver's mail address acquired in Step S202 (Step S213). Then, the approval processing unit 133 specifies the storage location 8d of the Web approval DB 145 for the specified user information (step S214). Then, the approval processing unit 133 deletes the data stored in the specified storage location 8d of the Web approval DB 145 (Step S215). This completes the approval process.

  Next, a process in which the recipient terminal 30 that has received the access method notification mail acquires an attached file from the download site will be described.

  In response to an operation from the user, the recipient terminal 30 accesses the URL destination described in the received access method notification mail by specifying the login ID and login password described in the access method notification mail ( log in. The DL site processing unit 135 of the attached file relay apparatus 10 executes the download process shown in FIG. 28 in response to access from the recipient terminal 30.

  First, the download processing unit determines whether there is a record in the DL site user management DB 142 in which the login ID and login password specified by the login are registered (step S301). If there is no such record (step S301; No), the recipient terminal 30 cannot be authenticated, and the download process ends without performing the subsequent processes.

  When there is a record corresponding to the DL site user management DB 142 (step S301; Yes), the DL site processing unit 135 specifies the storage location 142c4 of the DL information storage DB 143 from this record (step S302). Then, the DL site processing unit 135 transmits a download list screen that displays a list of data stored in the specified storage location of the DL information storage DB 143 to the receiver terminal 30 (step S303).

  The recipient operates the recipient terminal 30 to select an attached file to be downloaded from the displayed download list screen. In response to this selection operation, the DL site processing unit 135 transmits the selected attached file to the recipient terminal 30 (step S304). The DL site processing unit 135 may delete the attached file that has been transmitted or data that has passed the expiration date 142c3 defined in the DL site user management DB 142. This completes the download process.

  As described above, according to the present embodiment, for each user (mail sender), the presence / absence of encryption and the download site of the e-mail destination environment (destination address, destination domain) transmitted by the user are determined. Whether to use or not to approve can be set in detail. Therefore, it is possible to safely transmit the attached file of the e-mail by an optimum method according to the environment of the e-mail destination.

  Further, according to the present embodiment, it is possible to easily approve simply by sending a reply mail to the received approval request mail. At this time, approval / denial can be designated for each transmission destination, and convenience is improved. Therefore, it becomes possible to perform approval for each transmission destination, and even if there is an error in a part of the destination, it is not necessary to re-send the mail.

  Further, according to the present embodiment, the attached file can be encrypted and delivered via the download site, and the attached file can be delivered more safely, so that the security can be further improved. In this embodiment, even if the above two security types (“encryption” and “via download site”) are used, there is only one approval request mail, and the approver completes with one approval operation. Because it is possible, it is excellent in terms of convenience.

  Further, according to the present embodiment, all approval and denial procedures can be realized only by sending an email. Therefore, the sending terminal can safely deliver the attached file using only a general-purpose mail client.

  In the present embodiment, the mail transmitted and received for approval is described in the mail body by encrypting the password and original mail information. Therefore, in the approval / denial for each transmission destination from the mail client, it is possible to reduce a security risk such as an unauthorized approval by an unauthorized description.

  The present invention is not limited to the above-described embodiments, and various changes can be made without departing from the spirit of the present invention.

  For example, in the above embodiment, the presence / absence of encryption can be set for each destination domain and destination address of the e-mail. However, the present invention is not limited to this, and security setting information corresponding to each IP address and name of the destination terminal is stored for each user. Depending on the IP address and name of the destination terminal, the presence / absence of encryption, download site and approval The presence or absence may be determined.

  Alternatively, the entire original mail may be a single file in the .eml format or the like, an electronic mail having the file as an attached file may be created, and the attached file may be encrypted and transmitted. In other words, when receiving the original mail transmitted from the sender terminal 20, the mail receiving unit 11 first converts the entire original mail into a file, and re-creates an e-mail with the file attached. In the following, the above-described e-mail reception process may be executed on the re-created e-mail. The sender address (From), the destination address (To), the subject (Subject), etc. of the re-created electronic mail are the same as those of the original mail. In this way, the entire original mail can be encrypted and transmitted. In this case, the flag information indicating whether or not the entire mail is filed in the user information is set in the security setting information 9d, the domain-specific security setting information 10d, and the address-specific security setting information 11d, so that the original information is obtained. It is possible to determine whether or not to file the entire original mail according to the mail destination address and domain.

  In the present invention, since the approver can be set as the sender itself, the approver can be used as a means for self-approval when transmitting an e-mail to the outside. Whether the approver is the sender or the third party approver is set by the user information self-approval necessity flag 9d7, 10d8, 11d8 and the approver approval necessity flag 9d8, 10d9, 11d9. It is only necessary to submit an approval request to the third-party approver for the e-mail approved by the self-approval, and when the third-party approval is completed, an access method notification email is sent. It is also possible to perform operations such as procedures and self-approval and no third-party approval.

  Also, in the present invention, when it is desired to perform special encryption settings and approval only for original mails to be sent from now on, it is described in a predetermined format in which each setting set in the user information of the user information storage DB 141 is described. By sending a mail with the attached file attached, it becomes possible to refer to the file and set special encryption settings, approval rules, etc. only for the individual original mail received.

  In the present invention, after the approval is completed, the mail sender is given access right to the attachment file of the download site, and the management URL, login ID, and login password are notified to the sender by mail. In this case, the attached file may be deleted from the download site.

  In addition, by applying an operation program that defines the operation of the attached file relay apparatus 10 according to the present invention to an existing personal computer, information terminal device, or the like, the personal computer or the like functions as the attached file relay apparatus 10 according to the present invention. It is also possible to make it.

  Further, the distribution method of such a program is arbitrary. For example, the program can be read by a computer such as a CD-ROM (Compact Disk Read-Only Memory), a DVD (Digital Versatile Disk), an MO (Magneto Optical Disk), or a memory card. It may be distributed by storing in a recording medium, or distributed via a communication network such as the Internet.

  A part or all of the above-described embodiment can be described as in the following supplementary notes, but is not limited thereto.

(Appendix 1)
An e-mail receiving means for receiving an e-mail with an attached file addressed to the recipient terminal from the sender terminal;
Processing determining means for determining a processing method for the attached file of the e-mail based on an environment of a destination of the received e-mail;
Based on the determined processing method, processing execution means for executing processing for causing the recipient terminal to access the attached file;
An attached file relay device comprising:

(Appendix 2)
The processing determining means determines a processing method for the attached file of the e-mail based on a destination address.
The attached file relay device according to appendix 1, wherein:

(Appendix 3)
The processing determining means determines a processing method for the attached file of the e-mail based on a destination domain.
The attached file relay device according to appendix 1 or 2, characterized in that.

(Appendix 4)
The process determining means determines whether or not an approval by a recipient terminal or an approver terminal is necessary to access the attached file to the recipient terminal.
The attached file relay device according to any one of appendices 1 to 3, characterized in that:

(Appendix 5)
The process execution means
If the process determining means determines that approval is required, send an approval request email requesting approval to the recipient terminal or the approver terminal,
Receive an approval reply email indicating approval or disapproval in the form of a reply to the sent approval request email,
Sending an access method notification email describing a method of accessing the attached file to the recipient terminal to the recipient terminal approved by the received approval reply email;
The attached file relay device according to appendix 4, wherein

(Appendix 6)
The process determining means determines whether to allow the recipient terminal to access the attached file via a predetermined download site;
The attached file relay device according to any one of appendices 1 to 5, characterized in that:

(Appendix 7)
The process determining means determines whether to encrypt the attached file;
The attached file relay device according to any one of appendices 1 to 6, wherein:

(Appendix 8)
Receive an email with an attached file addressed to the receiver terminal from the sender terminal,
Based on the environment of the destination of the received email, determine a processing method for the attached file of the email,
Based on the determined processing method, a process for causing the recipient terminal to access the attached file is executed.
Attachment file relay method characterized by the above.

(Appendix 9)
Computer
An e-mail receiving means for receiving an e-mail with an attached file addressed to the recipient terminal from the sender terminal;
Processing determining means for determining a processing method for the attached file of the e-mail based on an environment of a destination of the received e-mail;
A process execution means for executing a process for causing the recipient terminal to access the attached file based on the determined processing method;
Program to function as.

DESCRIPTION OF SYMBOLS 10 Attachment file relay apparatus 11 Mail receiving part 12 Process determination part 13 Attachment file processing part 131 Encryption part 132 Mail transmission part 133 Approval processing part 134 WEB approval processing part 135 DL site processing part 14 Data storage part 20 Sender terminal 30 Reception Terminal 40 approver terminal

Claims (9)

An e-mail receiving means for receiving an e-mail with an attached file addressed to the recipient terminal from the sender terminal;
Processing determining means for determining a processing method for the attached file of the e-mail based on an environment of a destination of the received e-mail;
Based on the determined processing method, processing execution means for executing processing for causing the recipient terminal to access the attached file;
An attached file relay device comprising: The processing determining means determines a processing method for the attached file of the e-mail based on a destination address.
The attached file relay device according to claim 1, wherein The processing determining means determines a processing method for the attached file of the e-mail based on a destination domain.
The attached file relay apparatus according to claim 1 or 2, characterized by the above. The process determining means determines whether or not an approval by a recipient terminal or an approver terminal is necessary to access the attached file to the recipient terminal.
The attached file relay device according to any one of claims 1 to 3, wherein The process execution means
If the process determining means determines that approval is required, send an approval request email requesting approval to the recipient terminal or the approver terminal,
Receive an approval reply email indicating approval or disapproval in the form of a reply to the sent approval request email,
Sending an access method notification email describing a method of accessing the attached file to the recipient terminal to the recipient terminal approved by the received approval reply email;
The attached file relay apparatus according to claim 4, wherein The process determining means determines whether to allow the recipient terminal to access the attached file via a predetermined download site;
The attached file relay device according to any one of claims 1 to 5, wherein The process determining means determines whether to encrypt the attached file;
The attachment file relay device according to claim 1, wherein the attachment file relay device is a device. Receive an email with an attached file addressed to the receiver terminal from the sender terminal,
Based on the environment of the destination of the received email, determine a processing method for the attached file of the email,
Based on the determined processing method, a process for causing the recipient terminal to access the attached file is executed.
Attachment file relay method characterized by the above. Computer
An e-mail receiving means for receiving an e-mail with an attached file addressed to the recipient terminal from the sender terminal;
Processing determining means for determining a processing method for the attached file of the e-mail based on an environment of a destination of the received e-mail;
A process execution means for executing a process for causing the recipient terminal to access the attached file based on the determined processing method;
Program to function as.

Images