JP7408065B2 - File management system, information processing device, program and information processing method - Google Patents

Description

The present invention relates to a server.

E-mail has traditionally been used as a communication tool, and there are MTAs (Mail Transfer Agents) that accept e-mails from MUAs (Mail User Agents) and process the delivery (delivery, transmission, forwarding) of e-mails. do.

Here, MUA is a client program used to send and receive e-mails on terminals on the Internet, and MTA is a program that receives and delivers e-mails on the network through SMTP (Simple Mail Transfer Protocol). Refers to a server (mail server).

As a prior art, for example, there is a file management system that encrypts an attached file when an email has an attached file and delivers the email with the encrypted file attached to the destination (Patent Document 1).

For example, according to Patent Document 1, when the server 10 determines that a received e-mail has an attached file, it encrypts the attached file and sends the e-mail to the destination. Then, the destination user B can decrypt the encrypted file only if the password is set to public by clicking the URL of the password inquiry information (URL is an abbreviation for Uniform Resource Locator. The same applies hereinafter). It is possible to view the password for encrypted files and decrypt encrypted attached files (see 0061 to 0067 of Patent Document 1).

Japanese Patent Application Publication No. 2017-215744

However, in the conventional technique disclosed in Patent Document 1, there is a risk that someone other than the destination user B can easily share the attached file. For example, if the destination user B mistakenly forwards an e-mail with an encrypted file to a third party user There is a risk that the password could be easily obtained and the encrypted file could be decrypted.

Furthermore, the conventional technique disclosed in Patent Document 1 has a problem in that it is necessary for the user to decrypt the attached file, which is time consuming.

The present invention has been made in view of the above-mentioned problems, and it is an object of the present invention to provide a server that manages e-mail attachment files more safely and improves user convenience.

(1) The present invention:
A server that performs processing to manage email attachments,
a receiving unit that receives the e-mail sent from the sender;
a storage processing unit that stores the encrypted attached file in a storage unit when the email has an attached file;
an inquiry information generation unit that generates inquiry information that associates the destination of the e-mail with the encrypted attached file;
a sending unit that sends the e-mail with the attached file deleted and the inquiry information inserted to the destination;
When the inquiry information is received from a user, external authentication of the user is performed on a given authentication server, and if external authentication of the user is permitted, the destination managed on the authentication server and the inquiry an authentication processing unit that authenticates the user based on the destination associated with the information;
File control for decrypting the attached file associated with the inquiry information and controlling the decrypted attached file to be downloadable or viewable to the user when the user's authentication is permitted; and a server including:

Note that the present invention relates to a program characterized in that it causes a computer to function as each part of the server. The present invention also relates to an information storage medium in which the above program is stored.

Here, the "inquiry information" can be, for example, a URL for uniquely specifying a web page on the Internet using a protocol such as HTTP (Hyper Text Transfer Protocol) or HTTPS (Hyper Text Transfer Protocol Secure). Note that the inquiry information may be information about a server that can send and receive data using other communication protocols such as FTP (File Transfer Protocol). Furthermore, "when inquiry information is received" is, for example, when access to information specified by a URL is received.

According to the present invention, when external authentication of the user is permitted on the authentication server, the user's Since the attached file can be downloaded or viewed when the user is authenticated and the user's authentication is permitted, the attached file of the e-mail can be managed even more safely.

Therefore, even if the inquiry information is known to a third party (a user other than the destination user), permission can be denied through external authentication. Furthermore, even if a third party is permitted through external authentication, if the "address received from the authentication server" and the "address associated with the inquiry information" do not match, the user's authentication will be disallowed. This can prevent attachments from being downloaded or viewed illegally.

Further, according to the present invention, since a legitimate user can download or view a decrypted attached file, the trouble of decrypting it on the user's terminal can be omitted, and convenience can be improved.

(2) The server, program, and information storage medium of the present invention also include:
The authentication processing unit includes:
When the inquiry information is received from the user in a logged-in state where external authentication of the user is permitted, the external authentication of the user is omitted and the user's destination managed on the authentication server and the inquiry information are The user may be authenticated based on the destination associated with the information.

According to the present invention, if a legitimate destination user accesses inquiry information in a logged-in state where external authentication is already permitted, the trouble of external authentication can be omitted. Files can be downloaded or viewed.

(3) The server, program, and information storage medium of the present invention also include:
The authentication processing unit includes:
If new inquiry information is received from the user within a predetermined period from the time when the user's authentication is permitted, it may be determined that the user's authentication is permitted.

According to the present invention, if the destination user newly accesses the inquiry information within a predetermined period from the time when authentication is permitted, it is determined that the authentication of the user is permitted, so that the decrypted information can be seamlessly accessed. Attachments can be downloaded or viewed.

(4) The server, program, and information storage medium of the present invention also include:
The inquiry information generation unit includes:
When there are multiple attachments to one e-mail, generating one inquiry information that associates the destination with the encrypted attachments;
The file control unit includes:
When there are multiple attachments associated with the inquiry information, the multiple attachments associated with the inquiry information are decrypted, and the decrypted attachments can be downloaded to the user. It may be controlled or controlled to be viewable.

According to the present invention, even if there are multiple attachments to one e-mail, the user can obtain or view the decrypted attachments using one password associated with one inquiry information. Therefore, convenience for the user can be improved.

(5) The server, program, and information storage medium of the present invention also include:
The file control unit includes:
After the e-mail into which the inquiry information is inserted is sent to the destination, the user is prohibited from downloading and viewing the decrypted attached file based on instructions from a predetermined user. You can.

Here, the "predetermined user" is, for example, a sender user, an administrator user, or the like. According to the present invention, based on an instruction from a predetermined user, a decrypted attached file is prohibited from being downloaded and viewed by the user, so that attached files can be managed more safely.

(6) The server, program, and information storage medium of the present invention also include:
The file control unit includes:
Based on an instruction from a predetermined user, the decrypted attached file may be controlled to be downloadable or viewable to the predetermined user.

Here, the "predetermined user" is, for example, a sender user, an administrator user, or the like. According to the present invention, based on an instruction from a predetermined user, the decrypted attached file is controlled to be downloadable or viewable to the predetermined user, thereby increasing convenience for the predetermined user. be able to.

FIG. 3 is a diagram showing an overview of attached file management according to the present embodiment. FIG. 3 is a diagram showing an overview of password notification according to the present embodiment. An example of a network diagram of the file management system of this embodiment. FIG. 2 is a functional block diagram of a server 10 according to the present embodiment. An example of a password issuing screen according to the present embodiment. An example of a password input screen according to the present embodiment. An example of a download screen of this embodiment. An example of a management data storage unit of this embodiment. FIG. 3 is a flowchart diagram showing the flow of processing according to the present embodiment. FIG. 3 is a flowchart diagram showing the flow of processing according to the present embodiment. FIG. 3 is a diagram showing an overview of file control using an authentication server according to the present embodiment. FIG. 3 is a flowchart showing the flow of server processing using the authentication server of this embodiment.

This embodiment will be described below. Note that this embodiment described below does not unduly limit the content of the present invention described in the claims. Furthermore, not all of the configurations described in this embodiment are essential components of the present invention.

[1] Overview The file management system of this embodiment relates to control by an e-mail relay server to manage e-mail attachment files. For example, a case will be explained in which a user A as a sender (A@example.com) sends an e-mail with an attached file to a user B as a destination (B@example.net).

For example, as shown in FIG. 1, the server 10 receives an e-mail M (e-mail ID=001) that was sent from a sender (A@example.com) and specified a destination (B@example.net). receive. Then, the server 10 determines whether or not an attached file exists in the e-mail M, and if an attached file exists, stores the attached file in the storage unit 30.

In this embodiment, in order to improve security, attached files are automatically encrypted when stored in the storage unit 30, and encrypted attached files (hereinafter, encrypted attached files are also referred to as encrypted files). (similar) is stored in the storage unit 30.

Then, the server 10 generates inquiry information L (URL) that associates the destination (B@example.net) with the identification information of the attached file. The attached file identification information is information that can uniquely identify the attached file. For example, the server 10 generates inquiry information L (URL) based on the destination (B@example.net) and the identification information of the attached file. In other words, the inquiry information L is information that can specify the destination and one or more attached files. Note that the attached file that can be specified by the inquiry information L is an encrypted attached file.

Then, the server 10 deletes the data portion of the attached file of the e-mail M and inserts the inquiry information L in its place. Then, the e-mail M is sent to the destination (B@example.net).

Then, as shown in FIG. 2, when the server 10 receives access to the inquiry information L, the server 10 specifies the destination (B@example.net) from the inquiry information L, and sends the specified destination (B@example.net) to the specified destination (B@example.net). ) to notify you of your password. Therefore, when the user B at the legitimate destination (B@example.net) clicks on the inquiry information L, the password can be notified.

Then, when the server 10 receives access to the inquiry information L, the server 10 performs password authentication, and when the authentication is permitted, decrypts the encrypted attached file and allows the decrypted attached file to be downloaded or Control so that it can be viewed.

Therefore, even if user B accidentally sends (erroneously forwards) email M to another user X, or if inquiry information L is illegally known to user Since the password is limited to user B, it is possible to control the password not to be notified to user X. In other words, according to the present embodiment, even if the inquiry information is known to the user X who is another person, the user X can be prevented from acquiring the password, and the password can be managed safely. This makes it possible to control the user X from illegally downloading or viewing the attached file.

In the following explanation, assume that user A (A@example.com) who is the sender creates an e-mail with an attached file, and the recipient of the e-mail M is user B (B@example.net). Let me explain using an example.

[2] Network FIG. 3 shows an example of a network diagram of the file management system. In the file management system of this embodiment, a server 10 and a user's terminal 20 are connected to each other via a network (the Internet, an intranet, etc.).

The server 10 is an information processing device that can provide mail services using a terminal 20 that is communicatively connected via the Internet.

The server 10 of this embodiment has a mail server function (MTA function) that receives an e-mail consisting of an envelope destination, an envelope sender, and a message, and delivers the e-mail. Note that the server 10 is also referred to as a "relay device" or "information processing device" that performs email relay control.

The terminal 20 is a client device, and is an information processing device such as a smartphone, a mobile phone, a PHS, a computer, a game device, a PDA, or an image generation device, and is connected to the server 10 via a network such as the Internet (WAN) or LAN. This is a possible device.

Note that the server 10 includes a storage unit 30 that stores files. The storage unit 30 functions as a file server that manages files. Note that the storage unit 30 may be provided in a device other than the server 10.

[3] Configuration FIG. 4 is an example of a functional block diagram of the server 10 of this embodiment. Note that the server 10 of this embodiment does not need to include all of the parts shown in FIG. 4, and may have a configuration in which some of them are omitted.

The storage unit 170 stores programs and various data for making the computer function as each unit of the processing unit 100, and also functions as a storage area of the processing unit 100.

The storage unit 170 includes a temporary storage area and storage. Storage refers to a device that permanently stores data, such as a hard disk, optical disk, flash memory, or magnetic tape. Furthermore, the storage unit 170 may store programs and data stored in the information storage medium 180.

The storage unit 170 of this embodiment includes a main storage unit 171 used as a work area, a user information storage unit 172, and a management data storage unit 173. Note that a configuration may be adopted in which some of these are omitted.

The main storage unit 171 can be implemented using a RAM or the like. The main storage unit 171 is a storage area used in the processing of this embodiment. The user information storage unit 172 stores user information (user account, password, email address, etc.). The user information storage unit 172 may be configured by a DB (DB is an abbreviation for database, hereinafter the same).

The management data storage unit 173 stores at least identifiable and unique inquiry information (URL) for each attached file, destination, and attached file information (for example, file name) in association with each other. The management data storage unit 173 may be configured by a DB. The management data storage unit 173 may also store the generated password, a flag indicating validity or invalidity (1 is valid, 0 is invalid), expiration date, number of accesses K, and the like.

Furthermore, the management data storage unit 173 may store an e-mail ID (message ID) for identifying an e-mail that has an attached file.

The information storage medium 180 (computer readable medium) stores programs, data, etc., and its functions include optical disks (CDs, DVDs), magneto-optical disks (MO), magnetic disks, hard disks, and magnetic tapes. , or can be realized by storage such as memory (ROM).

The communication unit 196 performs various controls for communicating with the outside (for example, terminals, other servers, and other network systems), and its functions are performed by hardware such as various processors or communication ASICs. This can be achieved using a program or the like.

The processing unit 100 performs various processes of this embodiment based on programs (data) stored in the storage unit 170 or the information storage medium 180.

The processing unit 100 (processor) performs various processes using the main storage unit 171 within the storage unit 170 as a work area. The functions of the processing unit 100 can be realized by hardware such as various processors (CPU, DSP, etc.) and programs.

The processing unit 100 includes a reception unit 111, an analysis unit 112, an authentication processing unit 113, a transmission unit 114, a notification unit 115, a storage processing unit 116, an inquiry information generation unit 117, a password generation unit 118, a file control unit 119, and a web processing unit. 120 included.

The receiving unit 111 receives e-mail on the network via SMTP. In other words, the receiving unit 111 performs a process of receiving an e-mail sent by the MUA of the sender terminal 20 and in which the envelope destination is specified.

The analysis unit 112 performs processing to analyze the received email. For example, processing is performed to analyze the envelope destination, the envelope sender, the message header, and the text part of the message body. For example, processing to extract the domain from the envelope destination, processing to extract To, Cc, Bcc, Subject, and Message-ID from the message header, processing to extract the main text from the message body, and processing to extract the message body from the message header. Performs processing to extract attached files from the body part.

When receiving inquiry information from a user, the authentication processing unit 113 performs external authentication of the user on a given authentication server, and when external authentication of the user is permitted, manages the inquiry information on the authentication server. The user is authenticated based on the destination and the destination associated with the inquiry information.

When the authentication processing unit 113 receives inquiry information from the user in a logged-in state where external authentication of the user is permitted, the authentication processing unit 113 omits the external authentication of the user and sends the user's destination managed on the authentication server and the inquiry information. The user may be authenticated based on the destination associated with the information.

The authentication processing unit 113 may determine that the user's authentication is permitted when new inquiry information is received from the user within a predetermined period from the time when the user's authentication is permitted.

The transmitter 114 transmits (deliveries, distributes, relays, forwards) e-mails on the network via SMTP. That is, the transmitter 114 performs a process of transmitting the e-mail received by the receiver 111 to the destination.

Here, sending an e-mail refers to the process of sending a received e-mail to another MTA via SMTP, or the process of sending a received e-mail to a user who has an account within the same system where the server 10 operates. This also includes the process of sending to a mail delivery agent (Mail Delivery Agent) and the case of sending to a user who has an account within the same system where the server 10 operates without going through the MDA.

In particular, the transmitter 114 of this embodiment transmits inquiry information to the destination. The inquiry information is associated with at least a destination and an attached file (an encrypted attached file), and is information that allows the destination and attached file to be specified.

The sending unit 114 sends the e-mail with the attached file deleted and the inquiry information inserted to the destination.

In other words, when the e-mail received by the receiving section 111 includes an attached file, the transmitting section 114 of this embodiment deletes the attached file and inserts (adds) the inquiry information in place of the attached file in the e-mail. to the destination. Note that when the first inquiry information and the second inquiry information are generated, the first inquiry information is inserted instead of the attached file.

Furthermore, when the e-mail received by the receiving section 111 includes an attached file, the transmitting section 114 of this embodiment may encrypt the attached file and transmit it to the destination.

When receiving inquiry information, the notification unit 115 notifies the destination associated with the inquiry information of the password associated with the inquiry information. Here, "notification" means that the server 10 sends an e-mail to the terminal 20 via SMTP (e-mail magazine, etc.), and is not limited to SMTP, but also sends using a given protocol. , to send a push notification, to present (display, control to enable viewing) a predetermined screen (banner display screen, notification screen, pop-up screen, etc.) of a predetermined application, and to notify by the server 10 via a web page. There is at least one, indicating that the server 10 actively transmits to the user's terminal 20. Note that, in response to a request from a user's terminal 20, the server 10 may transmit information to the terminal 20 that has made the request, which may also be a form of "notification." Note that push notification refers to displaying a message window in a partial area (such as the top edge) of the screen of a terminal (smartphone).

Furthermore, when receiving inquiry information, the notification unit 115 notifies the destination associated with the inquiry information of one password associated with the inquiry information. In other words, there is a one-to-one relationship between the inquiry information and the password.

Note that when the first inquiry information and the second inquiry information are generated and the first inquiry information is received, the notification unit 115 sends the first inquiry information to the destination associated with the first inquiry information. Notify the inquiry information of 2.

The storage processing unit 116 performs a process of storing the encrypted attached file in the storage unit 30 when the email received by the receiving unit 111 has an attached file.

The inquiry information generation unit 117 generates inquiry information that associates a destination with an encrypted attached file.

In addition, when a plurality of attached files exist in one e-mail, the inquiry information generation unit 117 generates one piece of inquiry information in which the destination and the plurality of encrypted attached files are associated with each other.

Further, the inquiry information generation unit 117 may generate first inquiry information and second inquiry information in which a destination and an encrypted attached file are associated with each other.

In addition, when a plurality of attached files exist in one e-mail, the inquiry information generation unit 117 generates one first inquiry information that associates the destination and the encrypted plurality of attached files, and one Second inquiry information may be generated.

In addition, when a plurality of attached files exist in one e-mail, the inquiry information generation unit 117 generates one first inquiry information that associates the destination and the encrypted plurality of attached files, and one Second inquiry information may be generated.

The password generation unit 118 generates a password required to download the attached file.

The file control unit 119 decrypts the encrypted attached file and controls the decrypted attached file so that it can be downloaded or viewed by the user.

For example, when receiving inquiry information, the file control unit 119 performs authentication based on the password received from the user and the password associated with the inquiry information (password registered and managed on the server side), and If permission is granted, the attached file associated with the encrypted inquiry information is decrypted, and the decrypted attached file is controlled to be downloadable or viewable to the user.

Further, the file control unit 119 performs the following control when a plurality of attached files exist in one e-mail. That is, when the file control unit 119 receives inquiry information, it performs authentication based on the password received from the user and the password associated with the inquiry information, and when the authentication is permitted, it performs authentication based on the password associated with the inquiry information. The attached plurality of attached files are decrypted, and the plurality of decrypted attached files are controlled to be downloadable or viewable to the user side.

Further, when receiving the second inquiry information, the file control unit 119 decrypts the attached file associated with the second inquiry information, and makes the decrypted attached file downloadable to the user. It may be controlled or controlled to be viewable.

Further, when receiving the second inquiry information, the file control unit 119 decrypts the plurality of attached files associated with the second inquiry information, and transfers the decrypted plurality of attached files to the user's side. It may also be possible to control the content so that it can be downloaded or viewed.

Further, the file control unit 119 may perform anti-virus processing on the decrypted attached file before downloading it to the user's terminal or viewing it.

In addition, the file control unit 119 determines whether a predetermined condition is satisfied before downloading to the user's terminal or viewing, and if the predetermined condition is met, the file control unit 119 sends the decrypted attached file to the user. It may be controlled to allow downloading, control to allow viewing, or control to prohibit downloading to the user's terminal, or control to prohibit viewing.

Further, after the e-mail containing the inquiry information is sent to the destination, the file control unit 119 prohibits the user from downloading and viewing the decrypted attached file based on instructions from a predetermined user. It may also be controlled to.

Further, the file control unit 119 may control the decrypted attached file so that it can be downloaded or viewed by a predetermined user based on an instruction from a predetermined user.

The web processing unit 120 transmits (provides) data such as HTML (Hyper Text Markup Language) documents and images in response to requests from client software such as a web browser installed on the terminal 20 via HTTP (Hypertext Transfer Protocol). ), and the process of receiving data received by the terminal's web browser. Then, the server performs mail processing, DB update processing, etc. based on the information received from the administrator's and user's terminals.

The web processing unit 120 performs a process of transmitting (providing) data for management settings to the administrator's terminal 20 in response to an access request from the web browser of the administrator's terminal 20, and transmits (provides) data for management settings to the administrator's terminal 20. A process for receiving information may also be performed.

In other words, the web processing unit 120 may add, delete, update, etc. each piece of data to the DB based on input from the administrator. Note that only the administrator is authorized to access the Web page (URL) for the administrator.

Further, the web processing unit 120 performs a login process and a process of controlling the web page of information related to the logged-in user to be viewable in response to a request from the web browser of the terminal 20.

For example, the web processing unit 120 may control a password input screen or a screen for downloading an attached file to be viewable in response to a request from the web browser of the terminal 20.

The storage processing unit 116 performs processing for registering, updating, and deleting data stored in the management data storage unit 173 and the storage unit 30. For example, the storage processing unit 116 may perform a process of updating the database based on data received from the terminal 20.

Note that a part or all of the processing of the processing unit 100 and the storage unit 170 may be executed by one device, or each processing may be executed by distributing it to different devices depending on the purpose of the processing. You can.

[4] Attachment file encryption processing and storage processing First, when the server 10 of this embodiment receives an e-mail sent from the MUA of the terminal 20, it analyzes the received e-mail and determines whether there is an attached file. Decide whether or not.

When the server 10 determines that the e-mail has an attached file, it performs processing to encrypt the attached file and generates an encrypted attached file.

The server 10 then stores the encrypted attached file in the storage area of the storage unit 30. That is, when an attached file is stored in the storage unit 30, it is automatically encrypted. Note that the attached file (encrypted) stored in the storage unit 30 is controlled to be decrypted when downloaded.

Further, the storage unit 30 sequentially accumulates and stores encrypted attached files received from the server 10.

Note that the storage unit 30 may be a storage area of the server 10 or a storage area on a cloud. In other words, it may be a storage area (storage device) on the Internet that can be connected to the server 10 via the Internet.

According to this embodiment, the sender user A can save the trouble of encrypting the attached file and store it in the storage unit 30 after encrypting the attached file, thereby preventing falsification of the attached file or information leakage of the attached file. It can be prevented.

Furthermore, if there are multiple attachments to the e-mail, the server 10 may generate one encrypted file for the multiple attachments, or may generate an individual encrypted file for each of the multiple attachments. You may also generate a converted file.

In this way, the server 10 performs a process of encrypting the attached file when storing it in the storage unit 30. Note that, as will be described later, when the server 10 receives an instruction to download an attached file to the user's terminal 20, the server 10 decrypts the attached file and controls the attached file to be downloadable. Further, when receiving an instruction to display (browse) an attached file on the user's terminal 20, the server 10 performs processing to decrypt the attached file and display (browse) the attached file.

[5] E-mail sending process When the server 10 determines that the e-mail M has an attached file, it removes the attached file and inserts inquiry information. Then, the e-mail M containing the inquiry information is sent to the destination. In other words, since the server 10 separates the attached file from the e-mail M and stores the attached file in the storage unit 30, it is possible to prevent information leakage of the attached file in the event of erroneous transmission.

For example, as shown in FIG. 1, the server 10 inserts the inquiry information into the body of the email M. Note that the server 10 may insert it as a header of the e-mail M or as a new attached file to the e-mail M. Furthermore, the server 10 may insert not only the inquiry information but also a guidance text (for example, please click on this URL to download the attached file) into the e-mail M.

Note that the server 10 performs a process of transmitting the e-mail as is for an e-mail without an attached file.

[6] Inquiry information generation method The server 10 generates inquiry information (for example, URL) that becomes a reference destination for downloading the attached file. For example, the inquiry information is a URL required to download an attached file.

The inquiry information is a character string that can specify at least the destination and the attached file name (for example, the storage location in the storage unit 30) according to a predetermined format (URL format). For example, this inquiry information is an identifier for unique identification (also referred to as UUID). Note that the destination and attached file name may be encoded and written in the parameter portion according to the URL format.

Note that, when a plurality of attached files exist for one e-mail, the server 10 generates one piece of inquiry information that associates the destination with the plurality of encrypted attached files.

[7] Password Generation The server 10 generates a password based on a given cryptographic algorithm at the timing when the password generation instruction is received. The generated password is stored in the management data storage unit 173 in association with the inquiry information. Note that the server 10 generates one password associated with the inquiry information even when a plurality of attached files exist in one e-mail. Furthermore, the server 10 may generate the password at the timing at which it receives the inquiry information, not at the timing at which it receives the password generation instruction.

Furthermore, in order to prevent the password string from being easily analyzed, the password may be a string of 20 or more digits including symbols, numbers, uppercase letters, and lowercase letters.

Further, the password may be a one-time password that is valid only once. For example, a one-time password generation program that generates a one-time password with the same algorithm as that of the server 10 is installed in advance on the terminal 20, and authentication using the one-time password is performed. For example, the one-time password generation program installed on the terminal 20 and the one-time password generation program installed on the server 10 have the same algorithm and type number, and as a result, the one-time password generated on the terminal side This means that the password and the password generated by the server 10 match. For example, the one-time password generation program performs a process of generating one-time passwords based on time and type number at predetermined intervals (for example, every 30 seconds).

[8] Notification of password When the server 10 receives inquiry information from a given user, it notifies the destination associated with the inquiry information of the password. Note that "notifying the address associated with the inquiry information" means specifying the address associated with the inquiry information as the address of the e-mail for notifying the password, and sending an e-mail containing the password. It is. Note that notifying the destination associated with the inquiry information may mean that the user of the destination associated with the inquiry information performs login authentication and controls the password to be viewable on a screen dedicated to that user. .

In other words, when the server 10 receives inquiry information regarding e-mail M (email ID=001) from user B at the destination (B@example.net), .net) of the password required to download the attached file attached to e-mail M (e-mail ID=001).

For example, the server 10 may notify the password issuing screen Sc1 to the user B's terminal 20, as shown in FIG. For example, when the server 10 receives inquiry information from the user B of the destination (B@example.net), the server 10 displays the password issuing screen Sc1. Then, when an instruction to issue a password (password generation) is received from user B (for example, an instruction from user B by clicking link L52), the destination (B@example.net) associated with the inquiry information is sent. , the password may be notified.

Further, as shown in FIG. 5, the server 10 may display the destination and attached file name of the e-mail M (e-mail ID=001) on the password issuing screen Sc1. Although not shown, the header and body of the e-mail M may also be displayed.

Note that even if inquiry information is received from user This can prevent the password from being leaked to anyone other than User B.

In addition, when the server 10 receives inquiry information from a user when there are multiple attachment files to one e-mail, the server 10 sends one of the attachments associated with the inquiry information to the destination associated with the inquiry information. Notify the password.

[9] Attached File Control When receiving inquiry information from user B, the server 10 controls the attached file (encrypted attached file) associated with the inquiry information to be downloadable or viewable.

FIG. 6 shows a password input screen Sc2 displayed on user B's terminal 20. For example, as shown in FIG. 6, when the server 10 receives inquiry information from the user B, the server 10 notifies the user of the password, and then displays the password input screen Sc2 to the user B.

User B then enters the notified password in the text box field T61. That is, when the server 10 receives a password input instruction from the user B (for example, an instruction from the user B by clicking on the link L62), the server 10 performs the password authentication process.

For example, the server 10 uses the password received from the user and the password associated with the inquiry information registered in the server 10 (the password corresponding to the inquiry information stored in the management data storage unit 173) to Perform authentication. For example, if the password received from the user and the password registered in the server 10 match, authentication is permitted.

When the server 10 permits the authentication, the server 10 displays a download screen Sc3 on the user B's terminal 20, as shown in FIG.

Then, as shown in FIG. 7, when the server 10 receives an instruction to download an attached file from user B who is authorized for authentication (for example, an instruction by clicking link L72 from user B), the server 10 A decrypted attached file associated with the inquiry information is sent to the terminal 20. That is, user B can download the attached file to user B's terminal 20 by clicking link L72.

Although not shown, when the server 10 receives an instruction to view an attached file (for example, an instruction by clicking a link from user B) from user B who has been authenticated, the server 10 sends an instruction to user B's terminal 20. , the attached file associated with the inquiry information and decrypted may be controlled to be viewable. That is, by clicking the link for viewing, User B displays the contents of the attached file on User B's terminal 20. In this way, for example, user B can check the contents of the attached file even when using a browser that prohibits downloading (saving on the terminal side).

Furthermore, even if there are multiple attached files, the server 10 performs the authentication process using one password received from the user B who has been authorized for authentication, and when the authentication is authorized, the server 10 stores multiple attached files corresponding to the inquiry information. , to allow downloading to user B's terminal or to allow viewing.

[10] Validity Control The server 10 identifies the validity or invalidity of the process of generating a password for an attached file, the process of transmitting a password, and the control that enables downloading, in order to improve information security regarding the attached file. (e.g., the value of flag F). That is, the server 10 performs a process of determining the validity of the attached file, and when it is determined that the attached file is valid (for example, when flag F=1), a process of generating a password, a process of transmitting the password, Performs controls to enable downloads.

For example, the server 10 sets a flag indicating validity for each attached file (or each inquiry information, or each e-mail). For example, flag F=1 means valid, and flag F=0 means invalid.

Then, when the flag F=1, the server 10 performs processing to generate a password, processing to transmit the password, and control to enable downloading of the attached file.

On the other hand, when the flag F=0, the server 10 performs a process such that a password is not generated, a password is not transmitted, and the download of the attached file is prohibited.

In this embodiment, the server 10 receives an instruction from a predetermined user to enable or disable each attached file (or each inquiry information, or each e-mail).

For example, when the server 10 receives a valid instruction from a predetermined user regarding an attached file of e-mail M (mail ID=001), the server 10 sets a flag F corresponding to the attached file to 1, and When an invalidation instruction is received from the attached file, the flag F corresponding to the attached file is set to 0.

Here, the "predetermined user" is the user who is the sender (RCPT FROM, envelope FROM) of the email with the attached file.

Note that the "predetermined user" may be a user other than the sender. For example, in the case where a group consisting of a plurality of users is set in advance, a user other than the sender who belongs to the same group as the sender may be set as the predetermined user. Further, for example, the user who is the sender's superior may be the predetermined user. Furthermore, in a case where a plurality of destinations are specified in an e-mail, a user other than the sender and whose domain is the same as that of the sender among the plurality of destinations may be set as the predetermined user. Alternatively, the system administrator may be the predetermined user.

[11] Download Restrictions and Viewing Restrictions In addition, the server 10 counts the number of times K that inquiry information has been received, and when the number K reaches a predetermined number or more (for example, 3 or more times), the server 10 prohibits downloads and At least one of viewing prohibition may be controlled. For example, regardless of the information on the flag F, when the number of times K becomes a predetermined number or more (for example, three times or more), at least one of downloading and viewing may be prohibited.

Further, the server 10 may set an expiration date corresponding to the inquiry information, and when the expiration date has passed, prohibit at least one of downloading and viewing, regardless of the information in flag F. good.

[12] Management Data FIG. 8 is an example of information stored in the management data storage unit 173 of the server 10. For example, the management data storage unit 173 contains the URL (inquiry information), the file name of the attached file, the destination, the generated password, the flag F indicating validity, the expiration date, and the number K indicating the number of accesses to the URL. be remembered.

For example, the destination indicates envelope To. Further, the password is a password used to download or view the attached file.

In the example of FIG. 8, the destination (B@example.net) has the flag F=1, so it is possible to obtain the password and the attached file, but the destination (G@example.org) has the flag F=1. Since F=0, the password cannot be obtained and the attached file cannot be obtained or viewed.

Further, the expiration date indicates the date and time of the expiration date when the attached file can be obtained. Further, the number of times K is the number of times inquiry information has been received. In other words, it indicates the number of times the inquiry information has been accessed.

Note that the password data stored in the management data storage unit 173 may not be the password itself, but a character string (such as a hash value) for determining the password.

[13] Flowchart The flow of processing in this embodiment will be described using FIGS. 9A and 9B.

First, as shown in FIG. 9A, the terminal 20-A of user A (A@example.com) on the sending side sends an e-mail with an attached file (step S1). Note that the destination of this e-mail is user B (B@example.net).

When the server 10 receives an e-mail with an attached file (step S11), it encrypts the attached file (step S12), and stores the encrypted attached file in the storage unit 30 (step S13).

Then, inquiry information (URL) is generated (step S14), the attached file is deleted from the received e-mail, and the inquiry information is inserted (step S15). Then, the e-mail is sent to the destination (step S16).

Then, the destination terminal 20-B of user B receives the e-mail (step S100).

Next, to explain using FIG. 9B, the destination user B's terminal 20-B accesses the inquiry information (URL) (step S111).
When the server 10 receives the inquiry information from the terminal 20-B (step S17), it notifies the password (step S18). Note that when the server 10 receives a password generation instruction from the terminal 20-B, the server 10 may generate a password and notify the password.

Then, the terminal 20-B receives the password (step S112) and inputs the password (step S113). For example, enter a password on the password entry screen. Note that the entered password is sent to the server 10.

The server 10 performs authentication processing based on a password (step S19). For example, the server 10 receives a password and performs an authentication process to determine whether the password registered in the server 10 matches the received password.

If it is determined that permission is granted in the authentication process (Y in step S20), the attached file is decrypted and controlled so that it can be downloaded or viewed on the terminal 20-B (step S21). Note that even if authentication is permitted, the server 10 downloads the attached file to the terminal 20-B if the given conditions are not satisfied (for example, when the flag F indicating validity is 0). It may be controlled to prohibit or prohibit viewing.

Then, the terminal 20-B downloads or views and displays the attached file sent from the server 10 (step S114).

On the other hand, if the server 10 determines that permission is not granted in the authentication process (N in step S20), the server 10 ends the process. This completes the process.

[14] Application example [14.1] Notification of inquiry information When the server 10 determines that there is an attached file in the e-mail M, it sends the e-mail M with the attached file removed to the destination, and sends the inquiry information individually. The destination user may be notified. For example, an e-mail containing inquiry information may be sent to the destination.

[14.2] Regarding multiple attached files When a single email has multiple attached files, the server 10 may generate a password for each attached file. Then, the server 10 may control the attached file to be downloadable or viewable when password-based authentication is permitted.

Further, the server 10 may generate inquiry information corresponding to each of a plurality of attached files, or may generate inquiry information that summarizes a plurality of attached files at once.

Further, the server 10 may control a plurality of attached files so that they can be downloaded or viewed individually, or may control a plurality of attached files so that they can be downloaded or viewed all at once. good.

[14.3] Regarding the first and second inquiry information The server 10 of the present embodiment may enable downloading of attached files using inquiry information (URL) rather than a password.

For example, if an attached file exists in e-mail M (assuming e-mail ID=001) sent from the sender (A@example.com), the server 10 encrypts the attached file. The attached file is stored in the storage unit 30.

Then, the server 10 generates first inquiry information L1 (first URL) and second inquiry information L2 (second URL) based on the destination (B@example.net) and the identification information of the attached file. ) and generate.

The first inquiry information L1 is associated with a destination (B@example.net) and identification information of an attached file. Further, the second inquiry information L2 is also associated with the destination (B@example.net) and the identification information of the attached file.

That is, the first inquiry information L1 and the second inquiry information L2 are information that can specify the destination and the attached file. Note that the attached file that can be specified by the first inquiry information L1 and the second inquiry information L2 is an encrypted attached file.

Further, the second inquiry information L2 is different information (URL) from the first inquiry information L1. Note that the server 10 stores the first inquiry information L1 and the second inquiry information L2 in association with each other.

Then, the server 10 deletes the data portion of the attached file of the e-mail M, inserts the inquiry information L1 in its place, and transmits the e-mail M to the destination (B@example.net).

Note that when the server 10 determines that the e-mail M has an attached file, it may send the e-mail M without the attached file to the destination, and may individually notify the destination user of the inquiry information L1. For example, an e-mail containing the inquiry information L1 may be sent to the destination.

Thereafter, when the server 10 receives the access to the inquiry information L1, the server 10 specifies the destination (B@example.net) from the inquiry information L1, and notifies the specified destination (B@example.net) of the inquiry information L2. do. In other words, inquiry information L2 corresponding to inquiry information L1 is notified.

When the server 10 receives access to the inquiry information L2, the server 10 identifies the attached file based on the inquiry information L2, decrypts the attached file, and controls the decrypted attached file so that it can be downloaded. . In other words, the destination user B can display the download screen Sc3 as shown in FIG. 7 on the terminal simply by clicking the inquiry information L2, and can save the effort of entering a password.

According to this embodiment, the notification destination of the inquiry information L2 is limited to the destination user B, so if the user B accidentally sends (erroneously forwards) the e-mail M to another user Even if L1 is illegally known to user X, control can be performed so that user X is not notified of inquiry information L2. In other words, it is possible to prevent user X from illegally downloading or viewing attached files.

Note that when the server 10 receives access to the inquiry information L2, it may internally issue a password, perform authentication based on the issued password, and display a download screen to the destination user B.

In addition, when a plurality of attached files exist in one e-mail, the server 10 stores one first inquiry information that associates the destination with the encrypted plurality of attached files, and one second inquiry information. Generate inquiry information. When the server 10 receives the second inquiry information, the server 10 decrypts the plurality of attached files associated with the second inquiry information, and downloads the decrypted plurality of attached files to the user. Control to enable or control to enable viewing.

[14.4] Antivirus Processing The server 10 may perform antivirus processing on the decrypted attached file before downloading it to the user's terminal or viewing it. Antivirus processing means processing to remove computer viruses from attached files. For example, the server 10 records a specific code pattern included in a predefined known virus, checks whether it matches the target attachment, and removes the code if it matches. Perform processing. Note that if a code that matches the specific code of the target attachment is detected, the user is notified that a computer virus has been detected and prohibited from downloading the attachment without removing the code. good.

The server 10 may perform anti-virus processing on the attached file before storing the attached file in the storage unit 30.

[14.5] Filtering Process The server 10 determines whether or not a predetermined condition is met before downloading to the user's terminal or viewing, and if the predetermined condition is met, the server 10 filters the decrypted attached file. It may also be possible to control the user side so that it can be downloaded or viewed. Alternatively, if the predetermined condition is satisfied, the server 10 may prohibit downloading or viewing of the decrypted attached file to the user's terminal.

The predetermined condition is a predetermined rule condition. The server 10 may define the predetermined conditions in advance, or may set the predetermined conditions based on input information from the administrator or the user. Note that the server 10 may set a plurality of predetermined conditions.

For example, if the server 10 satisfies the predetermined condition A that the destination domain of the header information (or envelope) is a specific domain (for example, "example.net"), the server 10 transfers the decrypted attached file to the user. It can be controlled so that it can be downloaded or viewed on the side.

Further, for example, when the server 10 satisfies a predetermined condition B in which the word "secret" is included in the subject of the header information, the server 10 controls the downloading of the decrypted attached file to the user's terminal. or prohibit viewing.

Furthermore, before storing the attached file in the storage unit 30, the server 10 determines whether a predetermined condition is satisfied, and stores the attached file in the storage unit 30 when the predetermined condition is satisfied. Good too. Alternatively, the server 10 may prohibit storage of the attached file in the storage unit 30 when the predetermined condition is satisfied.

[14.6] Authentication Token The server 10 may notify an authentication token instead of a password. That is, when the server 10 receives access to the inquiry information L, the server 10 specifies the destination (B@example.net) from the inquiry information L, and notifies the specified destination (B@example.net) of the authentication token. .

The authentication token is a program or URL for generating a password (for example, a one-time password) for accessing a file stored in the storage unit 30, and may also be referred to as a security token. For example, when the server 10 is allowed to authenticate based on a password generated using an authentication token according to an instruction from a user, the server 10 can decrypt an encrypted attachment file and download the decrypted attachment file. Or control it so that it can be viewed. Furthermore, once authentication based on an authentication token from a user is permitted, the server 10 may maintain the user's authentication permission for a predetermined period (for example, 10 minutes after authentication is permitted). .

[14.7] E-mail reception control Even when the server 10 functions as a reception server for receiving received e-mails to the user side, the server 10 may manage attached files using the above-described method. Note that the server functions for importing received e-mails to the user side include, for example, POP (Post Office Protocol), IMAP (Internet Message Access Protocol), and the like.

A case in which the server functions as a receiving server will be described below. First, the server 10 receives an e-mail Mr (e-mail ID=002) sent from a sender (A@example.com) with a designated destination (B@example.net). Then, the server 10 determines whether or not there is an attached file for the received e-mail Mr (hereinafter referred to as "received e-mail"). Then, if the attached file exists, the server 10 encrypts the attached file and stores the encrypted attached file in the attached file storage section 40.

Then, the server 10 generates inquiry information L (URL) that associates the destination (B@example.net) with the identification information of the attached file. The attached file identification information is information that can uniquely identify the attached file. For example, the server 10 generates inquiry information L (URL) based on the destination (B@example.net) and the identification information of the attached file.

Then, the server 10 deletes the data portion of the attached file of the e-mail Mr, and stores the e-mail Mr with the inquiry information L inserted therein in the received mail storage unit 50 instead.

Then, for example, based on a reception instruction from user B of the destination (B@example.net), the e-mail Mr stored in the received mail storage section 50 is fetched as the received mail of user B.

Then, when user B accesses the inquiry information L included in the e-mail Mr, the server 10 accepts the access to the inquiry information L, specifies the destination (B@example.net) from the inquiry information L, and sends the specified destination Notify the password to (B@example.net).

When the server 10 receives access to the inquiry information L, the server 10 performs password authentication, and when the authentication is permitted, decrypts the attached file stored in the attached file storage unit 40 and decrypts the attached file. Control so that attached files can be downloaded or viewed.

Note that even when the server 10 functions as a receiving server, it may perform the processing listed in the application example described above.

The received email storage unit 50 and the attached file storage unit 40 may be a storage area of the server 10 or a storage area on the cloud (for example, a storage area on the Internet that can be connected to the server 10 and the terminal 20 via the Internet). good.

[14.8] Download Destination In this embodiment, the download destination for attached files and the like may be not only the user's terminal 20 but also a storage area on the cloud.

In other words, controlling the attached file to be downloadable to the user means not only making the attached file downloadable to the user's terminal 20, but also allowing the attached file to be downloaded to a storage area on the Internet that can be connected to the terminal 20 via the Internet. It also includes controlling the attached file so that it can be stored in association with the user ID of the user (so that the user can access it).

[15] Description of user authentication by authentication server [15.1] Overview As shown in FIG. 10, the server 10 of this embodiment determines user authentication by an external authentication server (certification authority), Based on the received user information (for example, the destination), it may be determined whether or not the user is allowed to authenticate, and if the user is allowed to authenticate, the user may be allowed to download or view the attached file of the e-mail. For example, the authentication server is an authentication server such as Google (registered trademark).

Note that in this embodiment, the user needs to register user information (for example, account and password, etc.) corresponding to the destination user in advance in an external authentication server.

[15.2] Example of file control using authentication server The server 10 sends an email to B@example. whose destination is the email address of user B. .net and receives an e-mail M1 (e-mail ID=101) sent from the sender (A@example.com). The server 10 performs a process of storing the attached file in the storage unit 30 when the email M1 has an attached file. Note that in this embodiment, the attached file is encrypted when it is stored in the storage unit 30, but the attached file does not necessarily need to be encrypted.

Then, the server 10 generates the inquiry information L-M1 (URL) based on the destination (B@example.net) and the identification information of the attached file (for example, the attached file name or information that can uniquely identify the attached file). generate. Then, the server 10 deletes the attached file of the e-mail M1, inserts the inquiry information LM1 in its place, and sends the e-mail M1 to the destination.

As shown in FIG. 10, it is assumed that user B refers to this e-mail M1 and clicks on the inquiry information LM1.

Then, the server 10 accepts access to the inquiry information LM1 from the user B, and delegates the authentication of the user B to an external authentication server. That is, the server 10 first determines the validity of user B on the authentication server.

Authentication processing by the authentication server is left to the authentication server, and includes user B's account, password authentication, one-time password authentication, biometric authentication (face authentication), device authentication, phone number authentication, and identity verification. Authentication is performed using various methods, such as an authentication method that requests input in response to a question and determines whether the input content is correct.

Note that the authentication server is an authentication device that performs authentication that is connected to the server 10 via the Internet, and may also be referred to as an authentication system or a certification authority.

Note that there may be multiple types of authentication servers such as Google (registered trademark), Amazon (registered trademark), Facebook (registered trademark), etc., and an instruction to select one authentication server may be received from the user. The server 10 then delegates authentication to the selected authentication server.

When the user B's terminal 20B accesses the inquiry information LM1, the screen shifts to the authentication screen of the authentication server. If necessary, user B performs input necessary for authentication (for example, inputting a password) on the authentication screen.

Then, the server 10 performs a process of determining whether or not the user is allowed to authenticate based on the authentication result on the authentication server. Here, "authentication result" may be given information that means permission for authentication (for example, user information managed by an authentication server), the result of permitting or denying authentication, or information from the authentication server. The result may be that there is no response.

In particular, in this embodiment, when the server 10 and the authentication server permit user authentication on the authentication server in advance, the user information (for example, the user's destination (email address)) managed on the authentication server is , and is defined to be sent to the server 10.

Therefore, when the authentication server permits authentication for user B, it transmits user information including user B's destination managed on the authentication server to the server 10. On the other hand, when the authentication server does not permit authentication for user B (when it is determined that authentication is not permitted), the authentication server controls not to transmit the user information of user B to the server 10 (or transmits an error result).

Specifically, as shown in FIG. 10, the server 10 receives the destination of user B received from the authentication server (that is, the destination managed on the authentication server) and the inquiry information accessed by user B. and the corresponding destination, and if they match, it is determined that user B's authentication is permitted. For example, if the destination of user B received from the authentication server is "B@example.net" and the destination corresponding to the inquiry information accessed by user B is "B@example.net", there is a match. It is determined that the authentication of user B is permitted. On the other hand, if the destination of user B received from the authentication server and the destination corresponding to the inquiry information accessed by user B do not match, the server 10 determines to reject the authentication of user B, and , the downloading and viewing of attached files corresponding to the inquiry information is prohibited. In this way, it is possible to avoid the possibility that user B may impersonate the user, and it is possible to further improve security.

In addition, the server 10 sends a confirmation email including a confirmation URL (confirmation inquiry information) to the destination included in the information received from the authentication server, and when it detects that user B has accessed the confirmation URL, It may be determined that authentication is permitted.

Then, when user B's authentication is permitted, the server 10 decrypts the attached file associated with the inquiry information LM1, and controls the decrypted attached file so that it can be downloaded to the user B side. Or control it so that it can be viewed. For example, when user B's authentication is permitted, user B's terminal 20B transitions to a download screen as shown in FIG.

Note that if there is no response from the authentication server for a predetermined period (one minute) or if error information is received from the authentication server, the server 10 prohibits user B from downloading or viewing the attached file corresponding to the inquiry information. Ban it.

According to this embodiment, the authenticity of the destination user can be ensured by the authentication server, and unauthorized access from a third party (a user other than the destination user) can be prevented. Furthermore, by comparing the destination from the authentication server with the destination corresponding to the inquiry information, the server 10 can prevent a third party from impersonating the original user and attempting unauthorized access.

Note that when the server 10 receives access to inquiry information from a user and authenticates the user to the authentication server, the server 10 sends user B an address (email address) managed on the authentication server. Information for confirming whether or not there is a problem in associating the address) with the destination of user B managed by the server 10 may be presented.

Then, when the server 10 obtains approval for the association from user B (for example, when receiving an instruction to approve the association "Yes"), the server 10 sends an e-mail to the address managed on the authentication server (email address). address) and the destination of user B managed by the server 10 may be associated with each other and stored in the storage unit 170 (for example, the user information storage unit 172).

[15.3] Omission of external authentication, etc. In addition, when the server 10 receives inquiry information L-M1 from user B in a logged-in state where external authentication of user B is permitted, external authentication of the user B, etc. may be omitted. In other words, the server 10 receives "user B's destination managed on the authentication server" from the authentication server in a logged-in state in which external authentication of user B is permitted, or receives the "address of user B managed on the authentication server" or the address is stored in the storage unit 170. Refer to "User B's destination managed on the authentication server". Then, user B may be authenticated based on "user B's destination managed on the authentication server" and the destination associated with the inquiry information.

In other words, in this way, if user B is a legitimate user, he or she can seamlessly download or view the decrypted attached file.

In addition, if the server 10 receives new inquiry information (different inquiry information) from user B within a predetermined period (for example, within 10 minutes) from the time when user B's authentication is permitted, It may be determined that authentication is permitted. In other words, once the authenticity is ensured, user B can seamlessly download or view the decrypted attached file simply by accessing the inquiry information for a predetermined period of time.

In addition, when the server 10 receives inquiry information from a user, the server 10 stores the inquiry information in the storage unit 170 (for example, the user information storage unit 172) as an address (email address) managed on the authentication server. external authentication on the authentication server may be omitted. In other words, the server 10 authenticates the user based on "the user's destination managed on the authentication server" and "the destination associated with the inquiry information" stored in the storage unit 170. Good too.

[15.4] Flowchart FIG. 11 shows an example of a flowchart showing the flow of server processing using the authentication server.

First, the server 10 determines whether inquiry information has been received from the user (step S31). When the inquiry information is received (Y in step S31), authentication of the user is delegated to the authentication server (step S32). Note that when the server 10 receives the inquiry information from the user (Y in step S31), the server 10 selects the inquiry information from among a plurality of authentication servers such as Google (registered trademark), Amazon (registered trademark), Facebook (registered trademark), etc. Based on the user's selection instruction, one authentication server may be accepted and the authentication of the user may be delegated to the accepted authentication server.

Then, it is determined whether a destination managed on the authentication server has been received from the authentication server (step S33). Note that in this embodiment, "receiving a destination managed on the authentication server" from the authentication server means that authentication of the user is permitted on the authentication server.

When the destination managed on the authentication server is received (Y in step S33), it is determined whether the destination managed on the authentication server and the destination corresponding to the inquiry information match ( Step S34). If the destination managed on the authentication server and the destination corresponding to the inquiry information match (Y in step S34), the attached file (attached file associated with the inquiry information) is decrypted and sent to the user. It is controlled to be downloadable or viewable (step S55).

Note that if the destination managed on the authentication server is not received (N in step S33), or if the destination managed on the authentication server and the destination corresponding to the inquiry information do not match (N in step S34), N), the process ends. This completes the process.

[15.5] Multiple Attachments When there are multiple attachments to one e-mail, the server 10 sends one piece of inquiry information that associates the destination with the encrypted attachments, may be generated. In such a case, if there are multiple attachments associated with the inquiry information, the multiple attachments associated with the inquiry information can be decrypted and the decrypted attachments can be downloaded to the user. It may also be controlled to allow viewing.

[15.6] Invalidation Even when performing authentication using an authentication server, after the e-mail M1 containing the inquiry information is sent to the destination (B@example.net), the server 10 is able to authenticate the predetermined user. Based on an instruction from the sender (for example, user A or a superior of user A), the user may be prohibited from downloading or viewing the decrypted attached file.

[16] Downloading and viewing by a predetermined user Based on an instruction from a predetermined user (for example, sender user A or administrator user), the server 10 makes it possible to download the decrypted attached file to a predetermined user. It may be controlled or controlled to be viewable. For example, based on an instruction from the sending user, the decrypted attached file may be controlled to be downloadable or viewable to the sending user. Further, based on instructions from the administrator user, the decrypted attached file may be controlled to be downloadable or viewable to the administrator user. Note that when downloading or the like is performed for a predetermined user, user authentication may be performed to determine the legitimacy of the predetermined user using the various methods described above.

[17] Others The e-mail of this embodiment is not limited to SMTP, and may be sent and received using a given protocol.

Furthermore, the data of this embodiment, for example, e-mail data, may be stored in the storage unit 30 or a storage area on the Internet.

Furthermore, the server 10 of the present embodiment may encrypt the attachment files of all received e-mails, or may encrypt the attachment files of e-mails that satisfy a given rule condition. May be controlled. For example, the server 10 may set rule conditions in advance based on input information from an administrator or a user. Furthermore, in this embodiment, e-mails that meet predetermined rule conditions may be temporarily suspended (sending is suspended for a certain period of time). Furthermore, an e-mail that satisfies predetermined rule conditions may be sent when an approval instruction is received from a predetermined user (for example, the sender's superior).

Furthermore, in this embodiment, the control that enables downloading may be a concept that includes control that enables printing. Further, the control to prohibit downloading may be a concept that includes control to prohibit printing.

Further, in this embodiment, the inquiry information is inserted into the main text, but an attached file containing the inquiry information may also be inserted.

Further, in this embodiment, the user who downloaded or viewed the content may be stored in the storage unit (left in the history).

Further, the user authentication process performed in this embodiment may be various other authentication processes. For example, the legitimacy of the user may be determined by phone number authentication or authentication processing using the user's terminal device (smartphone).

10 server, 20 terminal, 30 storage unit,
100 processing unit, 111 reception unit, 112 analysis unit, 113 authentication processing unit, 114 transmission unit, 115 notification unit, 116 storage processing unit, 117 inquiry information generation unit, 118 password generation unit, 119 file control unit, 120 web processing unit , 170 storage unit, 171 main storage unit, 172 user information storage unit, 173 management data storage unit, 180 information storage medium

Claims (9)

A file management system that performs processing for managing email attachments,
a receiving unit that receives the e-mail sent from the sender;
a storage processing unit that stores the encrypted attached file in a storage unit when the email has an attached file;
an inquiry information generation unit that generates inquiry information that associates the destination of the e-mail with the encrypted attached file;
a sending unit that deletes the attached file of the e-mail , inserts the inquiry information into the e-mail , and sends the e-mail to the destination;
When the inquiry information is received from a user, external authentication of the user is performed on a given authentication server, and if external authentication of the user is permitted, the destination managed on the authentication server and the inquiry an authentication processing unit that authenticates the user based on the destination associated with the information;
A file that decrypts the attached file associated with the inquiry information and controls the decrypted attached file to be downloadable or viewable to the user 's terminal when the user's authentication is permitted. A file management system comprising: a control unit; In claim 1,
The authentication processing unit includes:
When the inquiry information is received from the user in a logged-in state where external authentication of the user is permitted, the external authentication of the user is omitted and the user's destination managed on the authentication server and the inquiry information are A file management system characterized in that the user is authenticated based on a destination associated with information. In claim 1 or 2,
The authentication processing unit includes:
A file management system characterized in that, if new inquiry information is received from the user within a predetermined period from the time when the user's authentication is permitted, it is determined that the user's authentication is permitted. In any one of claims 1 to 3,
The inquiry information generation unit includes:
When there are multiple attachments to one e-mail, generating one inquiry information that associates the destination with the encrypted attachments;
The file control unit includes:
If there are multiple attachments associated with the inquiry information, the multiple attachments associated with the inquiry information can be decrypted and the decrypted attachments can be downloaded to the user 's terminal. A file management system characterized in that it can be controlled or viewed. In any one of claims 1 to 4,
The file control unit includes:
After the e-mail into which the inquiry information is inserted is sent to the destination, the decrypted attached file is prohibited from being downloaded or viewed on the user 's terminal based on instructions from a predetermined user. A file management system featuring: In any one of claims 1 to 5,
The file control unit includes:
A file management system that controls a decrypted attached file to be downloadable or viewable to a terminal of a predetermined user based on an instruction from a predetermined user. An information processing device that performs processing for managing email attachments,
a receiving unit that receives the e-mail sent from the sender;
a storage processing unit that stores the encrypted attached file in a storage unit when the email has an attached file;
an inquiry information generation unit that generates inquiry information that associates the destination of the e-mail with the encrypted attached file;
a sending unit that deletes the attached file of the e-mail, inserts the inquiry information into the e-mail, and sends the e-mail to the destination;
When the inquiry information is received from a user, external authentication of the user is performed on a given authentication server, and if external authentication of the user is permitted, the destination managed on the authentication server and the inquiry an authentication processing unit that authenticates the user based on the destination associated with the information;
A file that decrypts the attached file associated with the inquiry information and controls the decrypted attached file to be downloadable or viewable to the user's terminal when the user's authentication is permitted. An information processing device comprising: a control unit;. A program that causes a computer to manage e-mail attachments,
a receiving section that receives the e-mail sent from the sender;
a storage processing unit that stores the encrypted attached file in a storage unit when the email has an attached file;
an inquiry information generation unit that generates inquiry information that associates the destination of the e-mail with the encrypted attached file;
a sending unit that deletes the attached file of the e-mail, inserts the inquiry information into the e-mail, and sends the e-mail to the destination;
When the above-mentioned inquiry information is received from a user, external authentication of the user is performed on a given authentication server, and if external authentication of the user is permitted, the address managed on the authentication server is
an authentication processing unit that authenticates the user based on the destination and the destination associated with the inquiry information;
A file that decrypts the attached file associated with the inquiry information and controls the decrypted attached file to be downloadable or viewable to the user's terminal when the user's authentication is permitted. A program that causes a computer to function as a control unit.. An information processing method for managing email attachments, the method comprising:
receiving the email sent from the sender;
If the e-mail has an attached file, storing the encrypted attached file in a storage unit;
generating inquiry information that associates the email address with the encrypted attached file;
deleting the attachment of the e-mail, inserting the inquiry information into the e-mail, and sending the e-mail to the destination;
When the inquiry information is received from a user, external authentication of the user is performed on a given authentication server, and if external authentication of the user is permitted, the destination managed on the authentication server and the inquiry authenticating the user based on the destination associated with the information;
If the user's authentication is permitted, decrypting the attached file associated with the inquiry information, and controlling the decrypted attached file to be downloadable or viewable to the user's terminal. An information processing method comprising :

Images