KR102164338B1 - E-mail Security System to Prevent Sender Impersonation and Method thereof - Google Patents

Abstract

The present invention relates to an e-mail security system for preventing impersonation of a sender, and a method thereof. More particularly, the present invention relates to an e-mail security system for preventing impersonation of a sender, and a method thereof which can prevent an e-mail that impersonates a sender by the will of the sender, not a receiver, do not have to change an existing e-mail system and a security system of the sender, and can block e-mail attacks without changing an e-mail environment of the receiver.

Description

E-mail Security System to Prevent Sender Impersonation and Method thereof

The present invention relates to an e-mail security system and a method for preventing impersonation of a sender, and more particularly, to prevent e-mails that counterfeit a sender at the will of the sender rather than the receiver, and the existing mail of the sender The present invention relates to an e-mail security system for preventing impersonation of a sender, and a method thereof, so that a mail attack can be blocked without changing a system and a security system, and a mail environment of a recipient is not changed.

In the case of using the global Internet-based e-mail, the mail system is connected to the global Internet network and communicates with an innumerable number of mail systems, and thus, it is inevitably exposed to various risks. By sending spam emails to unspecified users' mail systems using the program, they advertise pornography sites, gambling sites, illegal sites, etc., or attack by inserting malicious links or attachments that steal user information into emails. Examples include patterns and the like.

In order to solve this problem, a technology has been developed that allows the server system to automatically distinguish between safe and dangerous emails even without the involvement of the mail user. The representative technology is SPF based on the sender's DNS (Domain Name Server). (Sender Policy Framework), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication (DMARC).

SPF, which is called mail server registration system, is conceived that most spammers often falsely mark or change the sender's address or transmission path in order to hide their identity, and by publicly registering mail server information in DNS in advance. It is an authentication technology that enables the recipient to check whether the sender information displayed in the e-mail matches the actual mail server information. Specifically, the e-mail authentication procedure using SPF is described in detail. The sender registers an SPF record representing his/her mail server information and policy in the sender's domain name server (DNS), and the receiver side registers the SPF registered in the sender's DNS when receiving the e-mail. The record is checked, matched against the sending IP indicated in the e-mail, and a decision is made based on the result. The above SPF is easy to apply, has good compatibility, and is based on open source compared to other authentication technologies, so it has a wide support base around the world, but there is a limitation in that an SPF check function must be installed in mail servers or spam blocking solutions. have.

DKIM, also known as domain key authentication mail, is an email authentication method based on public key/private key, and authentication that allows the recipient to verify that the sender has not been forged by inserting a digital signature into the mail header. Speak of technology. Specifically, if the sending side registers the public key to be used for DKIM decryption in DNS and sends the mail to the receiving side, the receiving side checks the DKIM Header when receiving the mail, and the DKIM-Signature item by querying DNS for the DKIM public key to the sending side After decryption, it is checked whether the content in the mail matches the hash information, and if the hash value matches, it is passed, and if the hash value does not match, it is blocked as spam.

DMARC is an authentication technology that distinguishes whether a sender is a legitimate sender using the mail server registration system (SPF) and domain key authentication mail (DKIM), and refers to a mail authentication method in which a suspicious email is processed and reporting is received. In other words, if the sending side posts the DMARC policy in DNS in advance and sends the mail to the receiving side, the receiving side checks the SPF/DKIM, and if the SPF/DKIM verification fails, the sending side searches the DMARC policy previously posted. , None (pass), Quarantine (spam blocking), Reject (mail rejection) options will be processed.

However, the SPF, DKIM, and DMARC have the following problems.

First of all, if the recipient tries to block spam mail with SPF, DKIM, or DMARC, if the sending domain does not provide SPF, DKIM, and DMARC information, mail will be blocked, but on the contrary, SPF, DKIM, DMARC information is provided. If you do, your mail will not be blocked. In other words, even malicious mails can pass through the receiving mail security system as long as they have SPF, DKIM, and DMARC information. The above SPF, DKIM, and DMARC can be used by anyone and it is not very difficult. In the end, even if it is a dangerous mail, mail from other domains managed by SPF, DKIM, and DMARC will have a pass that can pass through the mail security system. there is a problem.

In addition, SPF, DKIM, and DMARC are technical devices from a system management point of view, and only display the information confirmed on the system as additional information on the mail view screen to the mail user. However, since general mail users focus only on the contents of the mail rather than such additional information, even though it is a dangerous mail, only the name, subject, and contents of the mail can be read and received.

In addition, SPF, DKIM, and DMARC are based on the information of the calling party, but there is also a problem that they are dependent on the receiving party. If the recipient does not utilize the technology or creates an unintended loophole due to the intended whitelist or additional filters, the mail pretending to be the sender will be received by the recipient user regardless of the intention of the original sender. Can be imported.

In addition, all mails without SPF, DKIM, and DMARC are dangerous.

As a method to classify forged and dangerous mail among the sending mail, there is a method of 1:1 secure communication with a mail server classified as requiring transmission and reception, and a method of using a separate mail viewing environment. It has a fatal weakness of being very unfavorable and closed.

After all, there is no technical method to guarantee complete and universal safety in mail use on the global Internet, only a database that identifies congested spammers or a method to analyze patterns based on already identified signatures.

Assuming that all government agencies adopt DKIM, all private companies that do business with government agencies will have to make additional investments in a system that only passes DKIM-verified emails, resulting in unexpected and large expenditures.

In addition, DKIM technology only blocks e-mails without a domain key.While it can block low-level spammer attacks that detonate an e-mail bomb without DKIM, it does not prevent high-level attacks using DKIM. do. After all, in an attack with DKIM, such DKIM may act as a pass-through pass to defeat the mail security system.

Accordingly, in the related industry, it is possible to impersonate the sending side only when spammers pay much more than DKIM, and the sending side can be identified in a manner that does not disclose the public key of RSA (Rivest, Shamir, Adleman). It does not require additional investment in the existing mail server or security system of the company, and users who are connected to the Internet can use various terminals and mail programs as they are, and users who view the mail can easily check whether the trusted sender is correct. The situation is demanding the introduction of a new mail system.

Korean Patent Publication No. 10-2016-0018218 (2016.02.17.)

The present invention was devised to solve the above problems,

It is an object of the present invention to prevent e-mails that counterfeit the sender at the will of the sender rather than the receiver.

Another object of the present invention is a mail attack impersonating a sending address, a mail attack stealing the subject or contents, a mail attack similarly altering the sending address, and an envelope sending address and mail header It protects the recipient from e-mail attacks against the recipient's mail server that allows inconsistency of the sender's address of) and mail attacks that impersonate the recipient of the mail by stealing the sender's name.

Another object of the present invention is that, in the case of mass spam mails that counterfeit the sender, matching signature information must be generated for each sent mail, and even if the signature information of the same information can be generated, the sending domain must be accessed when a user clicks. , When accessing the URL, a confirmation page that matches the information of the viewed mail must be displayed. This is to provide an e-mail security system that fundamentally blocks e-mails impersonating the sender.

Another object of the present invention is to provide an electronic mail security system that does not require changes to the existing mail system and security system of the sending side.

Another object of the present invention is to provide an e-mail security system capable of blocking an e-mail attack without changing the e-mail environment of the recipient.

Another object of the present invention is, when an attacker reuses a URL for requesting a sign image normally inserted in another mail, a URL for signing information, or a URL for confirming a sending domain in another mail, the mail subject, sender address, and destination address are the same. E-mail must be sent by sending the mail, and in particular, it must be the same until the time of sending. As a single sign image request URL or sign information, etc., it is impossible to mass send to multiple destination addresses, thereby neutralizing the automated attack of the attacker. It is to provide a mail security system.

Another object of the present invention is, when an attacker attacks the URL for requesting a sign image or the sign information with a third forged server URL, when a viewer browsing the mail clicks the URL, the normally sent information is not displayed. It is to provide an e-mail security system that makes it possible to easily detect an e-mail impersonating a sender by displaying values different from the e-mail that is not or is being viewed.

Another object of the present invention is, when an attacker attacks the sending domain verification URL (K) with a forged URL (K'), when a viewer browsing the mail clicks the URL (K'), the sending server It has no choice but to be connected to a forged domain URL (K'), not a domain, and in order for an attacker to impersonate a sender, a system that allows the URL (K') to be displayed similarly to the normal URL (K) must be established. It is to give up trying in the first place.

Another object of the present invention is to recognize URL (S') or sign information with OCR technology, and URL (K') in the case of the same system in which the receiving mail server provides URL (K) for normal sending domain confirmation. To be able to verify.

Another object of the present invention is that when an attacker randomly searches for a sending domain verification URL (K), the encryption value used for the URL (K) is not a series of values, and is a random value. It is to provide an e-mail security system that can block an IP requesting a K-valued URL (K).

Another object of the present invention is that when an attacker hijacks the network and uses the URL (S) for signing image request and the URL (K) for sending domain verification without delay, the recipient is the same mail subject and the same sender. It is to be able to easily recognize that the mail is impersonating the sender because the address and the duplicate mail having the same sending time are received, and in case of delay, the recipient receives the mail with a different sending time.

Another object of the present invention is to prevent an attacker from attacking the K value and discovering an encryption function, so that the encryption/decryption is performed only at the sending server, unlike RSA.

The present invention is implemented by an embodiment having the following configuration in order to achieve the above object.

According to an embodiment of the present invention, the present invention provides a mail receiving unit for receiving an e-mail to be sent, a signature generation information extracting unit for extracting a specific value from data constituting the e-mail to be sent, and the extracted specific value. Receiving e-mail, including a signature information generation unit that generates signature information, a signature information appending unit that adds the generated signature information to an e-mail to be sent, and a mail transmission unit that transmits an e-mail to be sent to which signature information is added. It checks whether the information in the e-mail received from the side matches the signature information so that dangerous e-mails can be identified.

According to another embodiment of the present invention, the sign information generation unit includes an image generation module for generating sign information in an image format.

According to another embodiment of the present invention, the sign information generation unit includes a text generation module that generates sign information in a text format.

According to another embodiment of the present invention, the sign information adding unit includes a sign information inserting module for inserting sign information in the form of an image or text generated by the sign information generating unit into the body of an e-mail to be sent. Characterized in that.

According to another embodiment of the present invention, the sign information generation unit includes a web page generation module for generating sign information in a web page format.

According to another embodiment of the present invention, the web page generation module includes: a web page encryption value generation module for generating an encryption value by encrypting a specific value extracted by the sign generation information extraction unit; It characterized in that it comprises a sending domain verification URL generation module for generating a sending domain verification URL using the encryption value.

According to another embodiment of the present invention, in the present invention, the sign information adding unit includes the sign information in the form of an image or text inserted into the body of an e-mail to be sent by the sign information inserting module. It characterized in that it comprises a sending domain verification URL insertion module for inserting the generated by the sending domain verification URL.

According to another embodiment of the present invention, the sign information generation unit comprises a calling image generation module for generating sign information in a calling image format.

According to another embodiment of the present invention, the call image generation module includes a call image encryption value generation module for generating an encryption value by encrypting a specific value extracted by the sign generation information extraction unit, and the It characterized in that it comprises a sign image request URL generation module for generating a sign image request URL using the password value.

According to another embodiment of the present invention, the sign information adding unit, a sign image request URL insertion module for inserting the sign image request URL generated by the calling image generation module into the body of an e-mail to be sent. It characterized in that it comprises a.

According to another embodiment of the present invention, the sign information generation unit includes a web page generation module for generating sign information in a web page format.

According to another embodiment of the present invention, the web page generation module includes: a web page encryption value generation module for generating an encryption value by encrypting a specific value extracted by the sign generation information extraction unit; It characterized in that it comprises a sending domain verification URL generation module for generating a sending domain verification URL using the encryption value.

According to another embodiment of the present invention, in the present invention, the sign information adding unit is in the form of an image called by a URL for requesting a sign image inserted in the body of an e-mail to be sent by the sign image request URL insertion module. And a sending domain confirmation URL insertion module for inserting the URL for confirming the sending domain generated by the web page generating module in the sign information.

According to another embodiment of the present invention, the signature generation information extracting unit includes a sending time extraction module for extracting a sending time of a sending target e-mail, and a sending address extraction for extracting a sending address of the sending target e-mail. A module, a destination address extraction module that extracts the destination address of the e-mail to be sent, a reference address extraction module that extracts the reference address of the e-mail to be sent, and an e-mail title extraction module that extracts the e-mail title of the e-mail to be sent. It characterized in that it includes.

According to another embodiment of the present invention, the sign information generation unit further includes a conversion processing module for blind processing a part of the mail subject received from the mail subject extraction module.

According to another embodiment of the present invention, the present invention provides a mail receiving step in which the mail receiving unit receives an e-mail to be sent, and after the mail receiving step, the signature generation information extracting unit is After the sign generation information extraction step of extracting a specific value, and after the sign generation information extraction step, an image generation step in which the image generation module generates sign information in an image format with the extracted specific value, and after the sign generation information extraction step In the web page generation step in which the web page generation module generates sign information in the form of a web page, and after the image generation step and the web page generation step, the sign information insertion module is in the form of the image generated by the image generation module. The signature information insertion step of inserting the signature information into the body of the sending target e-mail, and after the signature information insertion step, the sending domain confirmation URL insertion module is an image inserted into the body of the sending target email by the signature information insertion module. Sending domain confirmation URL insertion step of inserting the URL for sending domain confirmation generated by the web page generation module in the form of sign information, and after the sending domain confirmation URL inserting step, the sending target to which sign information is added to the mail transmission unit Including an e-mail transmission step of transmitting an e-mail, it is possible to identify a dangerous e-mail by checking whether the information of the e-mail received by the e-mail receiver matches the signature information.

According to another embodiment of the present invention, the present invention provides a mail receiving step in which the mail receiving unit receives an e-mail to be sent, and after the mail receiving step, the signature generation information extracting unit is After the sign generation information extraction step of extracting a specific value, and after the sign generation information extraction step, a text generation step in which the text generation module generates sign information in text format with the extracted specific value, and after the sign generation information extraction step In the web page generation step in which the web page generation module generates sign information in a web page format, and after the text generation step and the web page generation step, the sign information insertion module is in the text format generated by the text generation module. The signature information insertion step of inserting the signature information into the body of the sending target e-mail, and after the signature information insertion step, the sending domain confirmation URL insertion module is the text inserted into the body of the sending target email by the signature information insertion module. Sending domain confirmation URL insertion step of inserting the URL for sending domain confirmation generated by the web page generation module in the form of sign information, and after the sending domain confirmation URL inserting step, the sending target to which sign information is added to the mail transmission unit Including an e-mail transmission step of transmitting an e-mail, it is possible to identify a dangerous e-mail by checking whether the information of the e-mail received by the e-mail receiver matches the signature information.

According to another embodiment of the present invention, the present invention provides a mail receiving step in which the mail receiving unit receives an e-mail to be sent, and after the mail receiving step, the signature generation information extracting unit is Sign generation information extraction step of extracting a specific value, and after the sign generation information extraction step, a calling image generation step in which the calling image generation module generates sign information in the form of a calling image using the extracted specific value, and the sign generation information After the extraction step, after the web page generation step in which the web page generation module generates sign information in the form of a web page, and after the call image generation step and the web page generation step, the sign image request URL insertion module generates the call image. After the sign image request URL insertion step of inserting the sign information in the form of the calling image generated by the module into the body of the sending e-mail, and after the sign image request URL insertion step, the sending domain confirmation URL insertion module Insertion of a sending domain verification URL that inserts the URL for sending domain verification generated by the web page creation module into the image-format sign information called by the URL for requesting a sign image inserted in the body of the e-mail to be sent by the insertion module. After the step of inserting the sending domain confirmation URL, the mail sending unit transmits a sending e-mail to which signature information is added, and the e-mail information received from the e-mail receiving side is converted to the signature information. Check if they match, so you can identify dangerous emails.

According to another embodiment of the present invention, in the calling image generation step, a calling image encryption value generation module generates a password value by encrypting a specific value extracted by the sign generation information extraction unit. And a sign image request URL generation step of generating a sign image request URL by using the password value by the sign image request URL generation module after the cryptographic value generation step and the calling image cryptographic value generation step. .

According to another embodiment of the present invention, in the step of generating the web page, the web page encryption value generation module generates a password value by encrypting a specific value extracted by the sign generation information extraction unit. And a sending domain verification URL generating step in which a sending domain verification URL generating module uses the cipher value to generate a sending domain verification URL after the encryption value generating step and the web page password value generating step. .

According to another embodiment of the present invention, in the present invention, in the step of extracting the signature generation information, the sending time extracting module extracts the sending time of the sending target e-mail, and the sending address extracting module is the sending target. The sending address extracting step of extracting the sending address of the e-mail, the receiving address extracting step of extracting the receiving address of the sending e-mail by the receiving address extracting module, and the reference address extracting module extracting the reference address of the sending e-mail. It characterized in that it comprises a reference address extraction step, and a mail title extraction step of extracting the mail title of the e-mail subject to be sent by the mail title extraction module.

According to another embodiment of the present invention, the present invention further comprises, after the mail subject extraction step, a conversion processing step in which the conversion processing module blinds a part of the mail subject received from the mail subject extraction module. It features.

The present invention can obtain the following effects by the configuration, combination, and use relationship that will be described below with the present embodiment.

The present invention has the effect of making it possible to prevent e-mails that counterfeit the sender at the will of the sender rather than the receiver.

The present invention provides an e-mail attack impersonating a sending address, an e-mail attack in which the subject or content is stolen, an e-mail attack similarly altered to a sending address, and a sending address of an envelope and a sender of a mail header. It derives the effect of protecting the recipient from an e-mail attack against the recipient's mail server that allows an address mismatch and an e-mail attack that impersonates the recipient of the mail by stealing the sender's name.

In the present invention, in the case of mass spam mails that counterfeit the sender, matching signature information must be generated for each sent mail, and even if the signature information of the same information can be generated, it must be connected to the sending domain when a user clicks, and when accessing a URL It is effective to provide an e-mail security system that fundamentally blocks e-mails impersonating the sender, as the confirmation page that matches the information of the viewed e-mail must be displayed.

The present invention has the effect of providing an e-mail security system that does not require changes to the existing mail system and security system of the sending side.

The present invention has the effect of providing an e-mail security system capable of blocking an e-mail attack without changing the e-mail environment of the recipient.

In the present invention, when an attacker reuses a URL for requesting a sign image normally inserted in another mail, a URL for signing information, or a URL for confirming a sending domain in another mail, the mail must be sent using the same mail subject, sender address and destination address. In particular, the email security system that neutralizes the automated attack of the attacker by making it impossible to send large quantities to multiple destination addresses with a single sign image request URL or sign information etc. Derive the effect it provides.

In the present invention, when an attacker attacks the URL for requesting a sign image or the sign information with a third forged server URL, when a viewer browsing the email clicks the URL, the normally sent information is not displayed or the email is viewed. There is an effect of providing an e-mail security system, which makes it possible to easily detect a mail impersonating a sender by displaying values different from the ones.

In the present invention, when an attacker attacks the sending domain verification URL (K) with a forged URL (K'), when a viewer browsing the mail clicks the URL (K'), it is not the sending server domain, but forged. One domain URL (K') must be connected, and in order for an attacker to impersonate a sender, a system that allows the URL (K') to be displayed similarly to the normal URL (K) must be constructed. It has the effect of making.

In the present invention, when the receiving mail server is the same system that provides URL (K) for normal sending domain confirmation, it is possible to recognize URL (S') or signature information with OCR technology, and to verify URL (K'). To produce the effect.

In the present invention, when an attacker randomly searches for a sending domain verification URL (K), the encryption value used for the URL (K) is not a series of values, but since it is a random value, a URL with a K value that does not exist. It is effective to provide an e-mail security system that can block the IP requesting (K).

In the present invention, when an attacker hijacks the network and uses the URL (S) for signing image request and the URL (K) for sending domain verification without delay, the recipient is the same mail subject, same sender address, and same sender. It has the effect of making it easy to recognize that it is a mail impersonating a sender because it receives a duplicate mail having a time, and if it is delayed, the recipient receives a mail with a different sending time.

In the present invention, when an attacker attacks the K value and finds out an encryption function, unlike RSA, both encryption/decryption is performed only at the sending server, so that the password cannot be decrypted.

1 is a conceptual diagram of an e-mail security system for preventing impersonation of a sender according to the present invention.
Figure 2 is a block diagram of Figure 1;
3 is a view showing a signature generation information extraction unit.
4 is a diagram showing a sign information generation unit.
5 is a diagram showing an embodiment of sign information.
6 is a diagram showing another embodiment of sign information.
7 is a diagram showing a call image generation module.
8 is a diagram showing a web page generation module.
9 is a view showing a sign information adding unit.
10 is a diagram showing another embodiment of sign information.
11 is a diagram of an e-mail security method for preventing impersonation of a sender according to an embodiment of the present invention.
12 is a diagram of an e-mail security method for preventing impersonation of a sender according to another embodiment of the present invention.
13 is a diagram of an e-mail security method for preventing impersonation of a sender according to another embodiment of the present invention.
14 is a diagram of an e-mail security method for preventing impersonation of a sender according to another embodiment of the present invention.
Figure 15 is a state of use of the present invention.
Figure 16 is a state of use of the present invention.
17 is a diagram showing an example of a screen in which the present invention is implemented.

Hereinafter, exemplary embodiments of an e-mail security system and method for preventing impersonation of a sender according to the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, if it is determined that a detailed description of a known function or configuration may unnecessarily obscure the subject matter of the present invention, a detailed description thereof will be omitted. Unless otherwise defined, all terms in this specification are the same as the general meanings of the terms understood by those of ordinary skill in the art to which the present invention belongs, and in case of conflict with the meanings of terms used in the present specification, the present disclosure According to the definitions used in the specification.

The e-mail security system (1) for preventing impersonation of the sender of the present inventor is to check whether the information of the e-mail received from the e-mail receiving side matches the sign information so that dangerous mail can be identified. This feature prevents e-mails that counterfeit emails at the will of the sender rather than the receiver, and does not require changes to the sender's existing mail system and security system, and prevents mail attacks without changing the recipient's mail environment. There is this. In view of the fact that the general mail sign is used fixedly and the user who composes the mail cannot always fill in the information only for the outgoing mail, it is automatically configured and sent to the recipient by automatically configuring additional information pertaining to the outgoing mail. It is possible to provide the reliability of outgoing mail.

1 is a conceptual diagram of an e-mail security system 1 for preventing impersonation of a sender according to the present invention, and FIG. 2 is a block diagram of FIG. 1, and referring to FIGS. 1 and 2, in the past, a calling terminal S When the mail is transmitted to the sender server (SS) at, the corresponding mail is received by the receiver server (RS) through the network and transmitted to the receiving terminal (S). In this structure, it is easy to transmit the sender impersonation attack mail. In the present invention, an e-mail security system 1 is additionally configured on the sender to block the sender impersonation mail attack. The e-mail security system (1) for preventing the impersonation of the sender includes a mail receiving unit 10, a signature generating information extracting unit 20, a signature information generating unit 30, a signature information adding unit 40, and mail transmission. Includes part 50.

The mail receiving unit 10 may be regarded as a configuration for receiving an e-mail to be sent, and for receiving a specific mail in the middle so that signature information can be added to the mail that the sender wants to send to the receiver. Preferably, the mail receiving unit 10 may be connected to an existing sending mail server.

The signature generation information extracting unit 20 is configured to extract a specific value from the data constituting the e-mail to be sent, and is connected to the mail receiving unit 10 and the header of the mail received by the mail receiving unit 10 ( It refers to extracting specific values from data that compose mail including header). For example, the sending target e-mail may include a sending time, a sending address, a receiving address, a reference address, a mail title, and a mail content.

3 is a diagram showing a signature generation information extraction unit 20, and will be described with reference to FIG. 3, the signature generation information extraction unit 20 includes a sending time extraction module 21, a sending address extraction module ( 23), a destination address extraction module 25, a reference address extraction module 27, and a mail title extraction module 29.

The sending time extraction module 21 refers to a configuration for extracting the sending time of the sending target e-mail. As described above, specific values exist in the data constituting the sending target e-mail, and the sending time extracting module 21 is configured to extract the time when the mail is sent from among these specific values.

The sending address extraction module 23 is configured to extract the sending address of the sending target e-mail, and preferably, it can be viewed as extracting the sender's address from data constituting the mail including a plurality of pieces of information.

The destination address extraction module 25 is configured to extract a destination address of an e-mail to be sent, and the destination address extraction module 25 extracts an address of a destination designated by a sender from data constituting the mail.

The reference address extraction module 27 is configured to extract a reference address of an e-mail to be sent, and extracts addresses referenced when sending an e-mail.

The mail subject extraction module 29 refers to a configuration for extracting a mail subject of an e-mail to be sent. The specific value extracted by the mail title extraction module 29 may be converted by a conversion processing module 39 to be described later.

In addition, the signature generation information extracting unit 20 may be further configured with a body length extracting module capable of extracting the length of a string of mail contents from the e-mail to be sent.

The sign information generation unit 30 refers to a configuration for generating sign information using an extracted specific value. That is, the sign information generation unit 30 is connected to the sign generation information extraction unit 20, and an image or image displaying specific values extracted using a specific value extracted by the sign generation information extraction unit 20 Sign information is generated in the form of, text, call image, etc.

4 is a diagram showing a sign information generation unit 30, referring to FIG. 4, such a sign information generation unit 30 includes an image generation module 31, a text generation module 33, and a call image generation module. (35), a web page generation module 37, and a conversion processing module 39.

The image generation module 31 refers to a configuration for generating sign information in the form of an image. 5 is a diagram showing an embodiment of the sign information. Referring to FIG. 5, the sign information in the image format includes a sending time, a sending address, a receiving address, a reference address, a mail title, and Body length, etc. may be included. The image generated by the image generation module 31 can be inserted into the body of the mail by the sign information insertion module 41 to be described later, and the receiving side can check the image in the body of the mail when the received mail is opened. do.

The text generation module 33 refers to a configuration for generating sign information in a text format. If the image generation module 31 represents the specific value extracted by the sign generation information extraction unit 20 in the form of an image, the text generation module 33 specifies the message body to be viewed by the receiving side instead of an image. This is a configuration that displays the value in text format. When the sign information is implemented in the form of an image, the image may be broken and invisible at the receiving end due to various causes. This problem can be prevented by adding the sign information in a text format to the body of the mail.

The call image generation module 35 refers to a configuration for generating sign information in the form of a call image. The call image format does not directly insert an image into the body of the mail, but automatically requests a signed image request URL (URL(S)) to the sending server when the received mail is opened, and the sending server A refers to a format in which image-type sign information can be provided only to the mail by decrypting the encryption value obtained from the URL (S).

In the case of the image-type sign information generated by the image generation module 31, the image inserted in the mail body is not changed, but the call image-type sign information generated by the calling image generation module 35 If so, the image may be changed whenever an image is requested from the sending server.

6 is a diagram showing another embodiment of the sign information. Referring to FIG. 6, the current time is displayed in the sign information of FIG. 6, and the sign information in the image format by the image generation module 31 is the current time. While it is not possible to update, the sign information in the image format by the calling image generation module 35 can be updated at the current time.

7 is a diagram showing a call image generation module 35, and referring to FIG. 7, the call image generation module 35 includes a call image password value generation module 351, and a sign image request URL generation module ( 353).

The calling image encryption value generation module 351 refers to a configuration for generating an encryption value by encrypting a specific value extracted by the sign generation information extraction unit 20. As described above, the calling image generation module 35 adds the URL (S) to the body of the sending target e-mail, and automatically requests the URL (S) to the sender server when the recipient opens the mail. There is, however, the encryption value is generated through the calling image encryption value generation module 351 so that the request of the URL (S) is only possible through a legitimate connection, not a bypass connection.

The sign image request URL generation module 353 refers to a configuration for generating a sign image request URL (URL (S)) by using the password value generated by the calling image password value generation module 351. The URL (S) generated by the sign image request URL generation module 353 may be inserted into the body of the sending target e-mail by the sign image request URL insertion module 43 to be described later.

The web page generation module 37 refers to a configuration for generating sign information in a web page format. The webpage format does not directly insert any sign information into the body of the mail, but when the mail received by the recipient is opened, a URL for confirming the sending domain (URL(K)) exists in the body of the mail, and the mail recipient When the corresponding URL (K) is clicked, the URL (K) is requested to the sending server, and the sending server decrypts the encrypted value obtained from the URL (K) so that a web page with signature information is displayed. it means.

FIG. 8 is a diagram showing a web page generation module 37. Referring to FIG. 8, the web page generation module 37 includes a web page password value generation module 371, and a sending domain verification URL generation module 373. ).

The web page encryption value generation module 371 refers to a configuration for generating a password value by encrypting a specific value extracted by the sign generation information extraction unit 20. The web page creation module 37 adds a URL for confirming the sending domain (URL(K)) to the body of the sending e-mail, and when the receiving side opens the mail and clicks the corresponding URL(K), the sending side There is a URL(K) request to the server, and the webpage encryption value generation module 371 encrypts a specific value so that the request for the URL(K) is only possible through a legitimate connection.

The sending domain verification URL generation module 373 refers to a configuration for generating a sending domain verification URL (URL(K)) by using the password value generated by the web page password value generation module 371. The URL for checking the sending domain is a broad concept including not only a link for checking access to the sending domain, but a link for checking through a public domain provided by a public institution. The URL (K) generated by the sending domain verification URL generation module 373 may be inserted into the body of the sending target e-mail by the sending domain verification URL insertion module 45 to be described later. Information about the sent mail can be implemented on a web page through the URL (K), and information about the sent mail can be included in the text by allowing the text to be transmitted. You may want to be notified.

The conversion processing module 39 refers to a configuration for blind-processing a part of the mail subject received from the mail subject extraction module 29 of the signature generation information extracting unit 20. 5 and 6, it is assumed that the sending time, the sending address, the receiving address, the reference address, the mail title and the body length are extracted from the data constituting the sending target e-mail by the signature generation information extracting unit 20. When the specific head value extracted by the image generation module 31, the text generation module 33, or the calling image generation module 35 is made into sign information, the corresponding image sign information is sent The original e-mail title of the target e-mail is exposed as it is.

Mail titles are formed with representative words or phrases that allow you to gauge the entire contents of the mail, so it is possible to estimate what content will be written in the mail with just these mail titles. Accordingly, in order to prevent the risk of information leakage due to the exposure of the mail subject, the conversion processing module 39 may cover a part of the mail subject through an expression such as'*' as shown in FIGS. 5 and 6. Regarding the method of designating the blinded part, various methods such as a certain syllable as a reference, a few letters from the front, or random selection may be applied. However, it is desirable to exclude the entire subject of the mail to be blinded so that the information of the mail received from the recipient can be compared with the signature information to check whether the mail is impersonating the sender.

The sign information adding unit 40 refers to a configuration in which the generated sign information is added to an e-mail to be sent. That is, it refers to attaching the image, text, and sign information in URL format generated by the sign information generation unit 30 to the mail. The signature information adding unit 40 adds signature information that did not exist in the first e-mail to be sent, and the receiver can check the added signature information when viewing the e-mail.

FIG. 9 is a diagram showing a sign information adding unit, and referring to FIG. 9, the sign information adding unit 40 includes a sign information insertion module 41, a sign image request URL insertion module 43, and a sending domain confirmation It includes a URL insertion module 45.

The sign information insertion module 41 refers to a configuration in which sign information in the form of an image or text generated by the sign information generation unit 30 is inserted into the body of an e-mail to be sent. That is, the sign information insertion module 41 is connected to the image generation module 31 and the text generation module 33 among the sign information generation unit 30, and the image generation module 31 It functions to receive sign information in image format or to receive sign information in text format generated by the text generation module 33 and add it to the body of the e-mail. Accordingly, in the mail transmitted to the receiving side by the mail transmission unit 50 to be described later, sign information in an image format and/or sign information in a text format that cannot be changed is added. Taking HTML (Hyper Text Markup Language), which is a language for creating web documents, for example, the operation of inserting image-type sign information (IMG) into an e-mail by the sign information insertion module 41 is <img src="cid It can be expressed as :IMG">.

The sign image request URL insertion module 43 refers to a configuration in which the sign image request URL (URL (S) generated by the call image generation module 35 is inserted into the body of an e-mail to be sent. As described above, image sign information that can be updated can be provided by the calling image generation module 35, and the URL (S) generated by the calling image generation module 35 is inserted into the sign image request URL. It may be added to the mail body through the module 43. When expressed in HTML, the operation of the sign information insertion module 41 may be <img src="URL(S)">.

The sending domain confirmation URL insertion module 45 includes an image (IMG) inserted in the body of the e-mail to be sent by the signature information insertion module 41 or the web page generating module 37 in the text format of the signature information. It refers to a configuration in which the URL for sending domain verification (URL(K)) generated by is inserted. The operation of the sending domain verification URL insertion module 45 may be expressed as <a href="URL(K)"><img src="cid:IMG"></a> in HTML.

In addition, the sending domain confirmation URL insertion module 45 is called by the sign image request URL (URL(S)) inserted in the body of the sending target e-mail by the sign image request URL insertion module 43. The sending domain confirmation URL (URL(K)) generated by the web page creation module 37 may be inserted into the sign information in the image format, which is HTML <a href="URL(K)"> It is expressed as <img src="URL(S)"></a>.

FIG. 10 is a diagram showing another embodiment of the sign information. Referring to FIG. 10, when the mail received by the recipient is viewed by the sending domain confirmation URL insertion module 45, the body of the mail is shown in FIG. As shown in Fig. 10, an expression that induces a click may appear, and the mail recipient primarily compares a specific value of the sign information displayed in the body of the mail with the mail information, and secondly clicks the URL (K) When K) is called, the sending server decodes the encryption value obtained from URL(K) and outputs a web page.

The access address is displayed on the web page displayed through the web browser, and the current time, sending time, sending address, receiving address, reference address, mail title, body length, sender logo, and additional sign information can be expressed. The receiving side compares this signature information with the received mail information.

The mail transmission unit 50 refers to a configuration for transmitting an e-mail to be sent to which signature information is added. When a specific value is extracted by the sign generation information extraction unit 20, and through this, the sign information generation unit 30 generates sign information, the sign information adding unit 40 attaches it to the main body. When the corresponding task is completed, the mail transmission unit 50 receives the mail to which the signature information is added from the sign information adding unit 40 and transmits the mail to the receiving server through an Internet network or the like.

Hereinafter, an e-mail security method (S1) for preventing impersonation of a sender will be described.

The e-mail security method (S1) for preventing the impersonation of the sender is to check whether the information of the e-mail received from the e-mail receiver matches the signature information to identify the dangerous e-mail. How to prevent e-mail attacks without changing the sender's existing mail system and security system, and without changing the recipient's mail environment. will be.

FIG. 11 is a diagram of an e-mail security method (S1) for preventing impersonation of a sender according to an embodiment of the present invention. Referring to FIG. 11, an e-mail security method (S1) for preventing the impersonation of a sender (S1) ) Includes a mail receiving step (S10), a sign generation information extraction step (S20), a sign information generation step (S30), a sign information addition step (S40), and a mail transmission step (S50).

The mail receiving step (S10) refers to a step in which the mail receiving unit 10 receives an e-mail to be sent. Through the mail receiving step (S10), an outgoing mail to be sent from the sending server to the receiving server can be received by the electronic mail security system 1.

The signature generation information extraction step (S20) refers to a step of extracting a specific value from the data constituting the sending target e-mail by the signature generation information extraction unit 20 after the mail receiving step (S10). The specific value may include a sending time, a sending address, a receiving address, a reference address, a mail title, and a mail content. Referring to FIG. 11, the signature generation information extraction step (S20) includes a sending time extraction step (S21), a sending address extraction step (S23), a receiving address extraction step (S25), a reference address extraction step (S27), It includes a mail title extraction step (S29).

The sending time extracting step (S21) refers to a step in which the sending time extracting module 21 extracts the sending time of the sending target e-mail. Specific values exist in the data constituting the sending target e-mail, and the sending time extracting module 21 extracts the time when the mail was sent from among these specific values.

The sending address extraction step (S23) refers to a step in which the sending address extraction module 23 extracts the sending address of the sending target e-mail. The sender address extraction module 23 extracts the sender's address from data constituting the mail including a plurality of pieces of information.

The destination address extraction step (S25) refers to a step in which the destination address extraction module 25 extracts the destination address of the e-mail to be sent. That is, the mail address of the recipient who is expected to receive the mail is extracted from the data constituting the mail.

The reference address extraction step (S27) refers to a step in which the reference address extraction module 27 extracts the reference address of the e-mail to be sent. The reference address extraction module 27 extracts a reference mail address that refers to the corresponding mail in addition to the sending address and the receiving address.

The mail subject extraction step (S29) refers to a step in which the mail subject extraction module 29 extracts the mail subject of the e-mail to be sent. In the extracted mail title, some characters, etc., are blinded by the conversion processing module 39 to prevent the risk of information leakage.

The sign information generation step (S30) refers to a step in which the sign information generation unit 30 generates sign information with a specific value extracted after the sign generation information extraction step (S20). The sign information may be implemented in the form of an image, text, or URL.

The sign information generation step (S30) includes an image generation step (S31), a text generation step (S33), a call image generation step (S35), a web page generation step (S37), and a conversion processing step (S39). .

The image generation step (S31) refers to a step in which the image generation module 31 generates sign information in an image format using the extracted specific value. In the case of image-type sign information, it is impossible to change the sign information recorded in the image, so the receiving side can build high confidence in the sign information.

The text generation step (S33) refers to a step in which the text generation module 33 generates sign information in a text format with the extracted specific value. In the case of image-type sign information, the image may be broken or invisible due to various causes, so it may not be possible to check the image at the receiving side.

The calling image generation step (S35) refers to a step in which the calling image generation module 35 generates sign information in the form of a calling image using the extracted specific value. Although the call image format is to provide sign information in image format, it does not directly insert the image into the body of the mail, but when the recipient opens the received mail, the URL for requesting the sign image to the sending server automatically (URL (S)) is requested, and the sending server decrypts the encrypted value obtained from the URL(S) and provides the sign information in the image format only to the corresponding mail.Information such as the current time is provided whenever URL(S) is requested. The advantage is that it can be updated.

The call image generation step (S35) includes a call image encryption value generation step (S351) and a sign image request URL generation step (S353).

The calling image encryption value generation step (S351) refers to a step in which the calling image encryption value generation module 351 encrypts a specific value extracted by the sign generation information extracting unit 20 to generate a password value. The calling image generation module 35 adds a URL (S) to the body of the e-mail to be sent, and automatically requests the URL (S) to the sending server when the e-mail is opened by the receiver. The encryption value is generated through the call image encryption value generation module 351 so that the request of the URL (S) is possible only through a legitimate connection, not through a bypass connection. The generated encryption value may be decrypted by the sending server when the receiving side attempts to access the URL (S).

In the sign image request URL generation step (S353), after the call image password value generation step (S351), the sign image request URL generation module 353 generates a sign image request URL using the password value. Say. The URL (S) generated by the sign image request URL generation module 353 is inserted into the body of the e-mail to be sent by the sign image request URL insertion module 43, transmitted to the recipient, and opened the mail by the recipient. When the URL(S) connection can be attempted automatically.

The web page generation step (S37) refers to a step in which the web page generation module 37 generates sign information in a web page format. The web page format means that when the recipient opens the mail, the sending domain confirmation URL (URL(K)) exists in the body of the mail, and when the mail recipient clicks the URL(K), it is sent to the sending server. It refers to a format in which a URL (K) is requested and a web page with sign information is displayed by decrypting the encryption value obtained from the URL (K) by the sending server.

The web page generating step (S37) includes a web page password value generating step (S371) and a sending domain confirmation URL generating step (S373).

The web page encryption value generation step (S371) refers to a step in which the web page password value generation module 371 encrypts a specific value extracted by the sign generation information extraction unit 20 to generate a password value. Certain values are encrypted, so when an unauthorized person attempts bypass access, the web page can be prevented from being viewed.

In the sending domain verification URL generation step (S373), after the web page password value generation step (S371), the sending domain verification URL generation module 373 uses the password value to verify the sending domain URL (URL (K )). The URL (K) generated by the sending domain verification URL generation module 373 is inserted into the body of the sending target e-mail by the sending domain verification URL insertion module 45.

The conversion processing step (S39) refers to a step of blind-processing, by the conversion processing module 39, a part of the mail subject received from the mail subject extraction module 29, after the mail subject extraction step (S29). Mail titles are formed with representative words or phrases that allow you to gauge the entire contents of the mail. Since it is possible to estimate what content will be written in the mail with only such mail titles, concerns about information leakage due to the exposure of the mail title are avoided. To prevent this, in the conversion processing step S39, a part of the mail subject may be blinded with'*' or the like.

The sign information adding step (S40) refers to a step in which the sign information adding unit 40 adds the generated sign information to the sending target e-mail after the sign information generating step (S30). By the sign information adding step (S41), the image, text, and sign information in URL format generated in the sign information generating step (S30) may be attached to the body of the mail.

The sign information addition step (S40) includes a sign information insertion step (S41), a sign image request URL insertion step (S43), and a sending domain confirmation URL insertion step (S45).

The sign information inserting step (S41) refers to a step in which the sign information inserting module 41 inserts the sign information in the image or text format generated by the sign information generating unit 30 into the body of the sending target e-mail. Taking HTML as an example, an operation of inserting image-type sign information (IMG) into an e-mail may be expressed as <img src="cid:IMG">.

In the sign image request URL insertion step (S43), the sign image request URL insertion module 41 sends the sign image request URL (URL (S)) generated by the calling image generation module 35 to a sending target e-mail. It refers to the step of inserting it into the body of. The sign image request URL insertion step (S43) is expressed as <img src="URL(S)"> in HTML.

In the sending domain verification URL insertion step (S45), the sending domain verification URL insertion module 45 is in the form of an image (IMG) or text inserted in the body of the e-mail to be sent by the sign information insertion module 41. Inserting the URL (URL(K)) for confirming the sending domain generated by the webpage generating module 37 in the sign information, or in the body of the sending target e-mail by the sign image request URL inserting module 43 Inserting the URL for checking the sending domain (URL(K)) generated by the webpage generation module 37 into the sign information in the image format called by the inserted sign image request URL (URL(S)) Say the steps. According to HTML, in the former case, <a href="URL(K)"><img src="cid:IMG"></a>, in the latter case <a href="URL(K)"><img It may be src="URL(S)"></a>.

The mail transmission step (S50) refers to a step in which the mail transmission unit 50 transmits an e-mail to be sent to which the signature information is added after the sign information adding step (S40). This allows the recipient to check the signature information when viewing the e-mail.

In the following, among the steps described above, the process of generating sign information in an image format and inserting a URL for confirming the sending domain into the sign information in the image format, and a text format sign generated by generating sign information in a text format. The process of inserting the sending domain confirmation URL into the information and the process of inserting the sending domain confirmation URL into the sign information in the call image format created by generating sign information in the form of a call image are separated from each other to establish the relationship between each step. I will describe it while paying attention.

FIG. 12 is a diagram of an e-mail security method (S1) for preventing impersonation of a sender according to an embodiment of the present invention. Referring to FIG. 12, this embodiment generates sign information in an image format. , Characterized in that the URL for confirming the sending domain is inserted into the sign information of the generated image format.

Specifically, after the mail receiving step (S10) in which the mail receiving unit 10 receives the sending target e-mail, and after the mail receiving step (S10), the signature generation information extracting unit 20 configures the sending target e-mail. Sign generation information extraction step (S20) of extracting a specific value from the data proceeds.

After the sign generation information extraction step (S20), an image generation step (S31) in which the image generation module 31 generates sign information in an image format using the extracted specific value is performed.

In addition, after the sign generation information extraction step (S20), a web page generation step (S37) in which the web page generation module 37 generates sign information in a web page format proceeds.

After the image generating step (S31) and the web page generating step (S37), the sign information insertion module 41 sends the sign information in the image format generated by the image generating module 31 to the body of the sending target e-mail. The sign information inserting step (S41) to be inserted is in progress, and after the sign information inserting step (S41), the sending domain confirmation URL inserting module 45 is the body of the sending target e-mail by the sign information inserting module 41. The sending domain confirmation URL insertion step (S45) of inserting the URL for confirming the sending domain generated by the webpage generation module 37 into the sign information in the image format inserted in is proceeded, and the sending domain confirmation URL inserting step ( After S45), a mail transmission step (S50) in which the mail transmission unit 50 transmits an e-mail to be sent to which signature information is added is performed.

FIG. 13 is a diagram of an e-mail security method (S1) for preventing impersonation of a sender according to another embodiment of the present invention. Referring to FIG. 13, this embodiment generates sign information in text format. , Characterized in that the URL for confirming the sending domain is inserted into the generated text-type sign information.

Looking at the process, first, after the mail receiving step (S10) in which the mail receiving unit 10 receives the sending target e-mail, and after the mail receiving step (S10), the signature generation information extracting unit 20 is Sign generation information extraction step (S20) for extracting a specific value from the data constituting the proceeds in order.

After the sign generation information extraction step (S20), the text generation module 33 continues the text generation step (S33) of generating sign information in a text format using the extracted specific value.

Preferably, separate from the text generation step (S33), after the sign generation information extraction step (S20), a web page generation step (S37) in which the web page generation module 37 generates sign information in a web page format It goes on.

After the text generation step (S33) and the web page generation step (S37), the sign information insertion module 41 sends the text-type sign information generated by the text generation module 33 to the body of the sending e-mail. After inserting the signature information insertion step (S41) and the signature information insertion step (S41), the sending domain confirmation URL insertion module 45 is inserted into the body of the sending target e-mail by the signature information insertion module 41 After the sending domain verification URL insertion step (S45) of inserting the URL for sending domain verification generated by the webpage generation module 37 into the signed information in the text format (S45), and the sending domain verification URL insertion step (S45) , The mail transmission step (S50) in which the mail transmission unit 50 transmits an e-mail to be sent to which signature information is added may be sequentially performed.

FIG. 14 is a diagram of an e-mail security method (S1) for preventing impersonation of a sender according to another embodiment of the present invention. Referring to FIG. 14, the present embodiment uses sign information in a call image format. It is characterized in that a URL for confirming a sending domain is inserted into the generated and generated sign information in the form of a call image.

When explaining a specific process for this, similar to the above-described examples, first, a mail receiving step (S10) in which the mail receiving unit 10 receives an e-mail to be sent is performed, and after the mail receiving step (S10), a sign A signature generation information extraction step (S20) in which the generation information extraction unit 20 extracts a specific value from the e-mail to be sent is performed.

After the sign generation information extraction step (S20), a calling image generation step (S35) in which the calling image generation module 35 generates sign information in the form of a calling image with the extracted specific value is performed, and separately, the sign After the generation information extraction step S20, a web page generation step S37 in which the web page generation module 37 generates sign information in the form of a web page may proceed.

After the call image generation step (S35) and the web page generation step (S37), the sign image request URL insertion module 43 sends the sign information in the form of the call image generated by the call image generation module 35 to a sending target. The sign image request URL insertion step (S43) to be inserted into the body of the e-mail proceeds, and after the sign image request URL insertion step (S43), the sending domain confirmation URL insertion module 45 is the sign image request URL insertion module. Sending by inserting the URL for confirming the sending domain generated by the webpage generation module 37 into the sign information in the image format called by the URL for requesting the sign image inserted in the body of the e-mail to be sent by (43) The domain verification URL insertion step (S45) is in progress, and after the sending domain verification URL insertion step (S45), the mail transmission unit 50 transmits an e-mail to be sent to which signature information is added (S50). Can be done.

15 and 16 are diagrams showing a state of use of the present invention, and FIG. 17 is a diagram showing an example of a screen in which the present invention is implemented. Referring to FIGS. 15 to 17, the e-mail security system 1 of the present invention By this, the mail received by the receiving vehicle includes signature information, and when the recipient opens the mail, as shown in FIG. 15, the signature information may be displayed at the bottom of the mail content. The recipient side retrieves the received mail information and compares the information of the mail with the signature information, so that it is possible to check whether the mail is an e-mail impersonating the sender. In addition, as shown in FIG. 15, an expression that induces a click of the URL (K) may appear in the body of the mail, and when the recipient clicks it, a web page appears as shown in FIG. , You can check the sign information through the web page. Additionally, a text message may be sent to a smartphone through the sending domain verification URL, or information about a sent mail may be notified through a chat app.

In the end, the recipient side first compares the specific value of the sign information shown in the body of the mail with the mail information, and secondly clicks the URL(K) to call the URL(K), and the sending server starts from the URL(K). The obtained encryption value is decrypted and the web page is output. On the web page displayed through the web browser, the current time, sending time, sending address, receiving address, reference address, mail title, body length, and sender together with the access address. A logo, additional sign information, and the like can be expressed, and the receiving side can determine whether the mail is dangerous by comparing the sign information with the received mail information. When a spammer attempts to send an e-mail that counterfeits the sender, the signature information and the information in the e-mail do not match. In particular, in the case of mass spam e-mails, matching signature information must be generated for each sent e-mail, and the same information can be generated Even in this case, when a user clicks, the sender's domain must be accessed, and when a URL is accessed, a confirmation page that matches the information of the browsed mail must be displayed.

The detailed description above is illustrative of the present invention. In addition, the above description shows and describes preferred embodiments of the present invention, and the present invention can be used in various other combinations, modifications and environments. That is, changes or modifications may be made within the scope of the concept of the invention disclosed in the present specification, the scope equivalent to the disclosed contents, and/or the skill or knowledge of the art. The above-described embodiments describe the best state for implementing the technical idea of the present invention, and various changes required in the specific application fields and uses of the present invention are possible. Therefore, the detailed description of the invention is not intended to limit the invention to the disclosed embodiment. In addition, the appended claims should be construed as including other embodiments.

1: E-mail security system to prevent impersonation of sender
10: mail receiver
20: Sign generation information extraction unit
21: Shipping time extraction module
23: sending address extraction module
25: destination address extraction module
27: reference address extraction module
29: Mail subject extraction module
30: Sign information generation unit
31: image generation module
33: text generation module
35: calling image generation module
351: call image password value generation module
353: Sign image request URL generation module
37: web page creation module
371: Web page password value generation module
373: Sending domain verification URL generation module
39: conversion processing module
40: Add sign information
41: sign information insertion module
43: Sign image request URL insertion module
45: Sending domain verification URL insertion module
50: mail transmission unit
S1: How to secure email to prevent impersonation of sender
S10: e-mail reception step
S20: Sign generation information extraction step
S21: Shipping time extraction step
S23: source address extraction step
S25: destination address extraction step
S27: Reference address extraction step
S29: Mail subject extraction step
S30: Sign information generation step
S31: Image creation step
S33: text generation step
S35: call image generation step
S351: Call image encryption value generation step
S353: Sign image request URL generation step
S37: Web page creation step
S371: Web page password generation step
S373: Sending domain confirmation URL generation step
S39: conversion processing step
S40: Sign information addition step
S41: Sign information insertion step
S43: Sign image request URL insertion step
S45: Sending domain confirmation URL insertion step
S50: Mail transmission step

Claims (22)

An e-mail receiver that receives the e-mail to be sent,
A signature generation information extracting unit that extracts a specific value of an item that can be checked from the e-mail received by the e-mail receiver from the data constituting the e-mail to be sent;
A sign information generation unit that generates sign information with the extracted specific value,
A signature information appending unit that adds the generated signature information to the e-mail to be sent,
It includes a mail transmission unit for transmitting an e-mail to be sent to which signature information is added,
The sign information is in an image or text format,
The sign information adding unit includes a sign information inserting module for inserting the sign information in the form of an image or text generated by the sign information generating unit into the body of an e-mail to be sent,
An e-mail security system to prevent impersonation of a sender by checking whether the e-mail information received by the e-mail receiver matches the signature information without changing the e-mail environment of the recipient. The method of claim 1,
The sign information generation unit, characterized in that it comprises an image generation module for generating sign information in an image format, e-mail security system for preventing impersonation of a sender. The method of claim 1,
The sign information generation unit, characterized in that it comprises a text generation module for generating sign information in a text format, e-mail security system for preventing impersonation of a sender. delete The method of claim 1,
The sign information generation unit, characterized in that it comprises a web page generation module for generating sign information in the form of a web page, e-mail security system for preventing impersonation of a sender. The method of claim 5,
The web page generation module includes a web page encryption value generation module that generates a password value by encrypting a specific value extracted by the sign generation information extraction unit, and a transmission that generates a URL for confirming a sending domain using the password value. An e-mail security system for preventing impersonation of a sender, comprising a domain verification URL generation module. The method of claim 6,
The sign information adding unit is a sending domain for inserting the URL for confirming the sending domain generated by the web page generation module into the sign information in the form of an image or text inserted in the body of the e-mail to be sent by the sign information inserting module. E-mail security system for preventing impersonation of a sender, characterized in that it comprises a confirmation URL insertion module. The method of claim 1,
The sign information generation unit, characterized in that it comprises a call image generation module for generating sign information in the form of a call image, e-mail security system for preventing impersonation of a sender. The method of claim 8,
The calling image generation module includes a calling image encryption value generation module generating an encryption value by encrypting a specific value extracted by the signature generation information extraction unit, and a signature generating a URL for requesting a sign image using the password value. An electronic mail security system for preventing impersonation of a sender, comprising: an image request URL generation module. The method of claim 9,
The sign information adding unit comprises a sign image request URL insertion module for inserting the sign image request URL generated by the calling image generation module into the body of the sending target e-mail, and preventing impersonation of a sender. Email security system. The method of claim 10,
The sign information generation unit, characterized in that it comprises a web page generation module for generating sign information in the form of a web page, e-mail security system for preventing impersonation of a sender. The method of claim 11,
The web page generation module includes a web page encryption value generation module that generates a password value by encrypting a specific value extracted by the sign generation information extraction unit, and a transmission that generates a URL for confirming a sending domain using the password value. An e-mail security system for preventing impersonation of a sender, comprising a domain verification URL generation module. The method of claim 12,
The sign information adding unit, the sign information in the form of an image called by the URL for requesting a sign image inserted in the body of the e-mail to be sent by the sign image request URL insertion module, the sending generated by the web page generation module An e-mail security system for preventing impersonation of a sender, comprising a sending domain verification URL insertion module for inserting a domain verification URL. The method of claim 1,
The signature generation information extracting unit includes a sending time extracting module for extracting a sending time of a sending target e-mail, a sending address extracting module for extracting a sending address of the sending target e-mail, and a receiving address for extracting a receiving address of the sending target e-mail. Electronic for preventing impersonation of a sender, comprising an address extraction module, a reference address extraction module for extracting a reference address of an e-mail to be sent, and a mail title extraction module for extracting a mail title of an e-mail to be sent Mail security system. The method of claim 14,
The signature information generation unit further comprises a conversion processing module for blinding a part of the mail title received from the mail title extraction module. The e-mail security system for preventing impersonation of a sender. An e-mail receiving step in which the e-mail receiver receives the e-mail to be sent,
After the mail receiving step, a signature generation information extraction step of extracting a specific value of an item that can be checked from the mail received by the e-mail receiver from the data constituting the e-mail to be sent;
After the sign generation information extraction step, an image generation step in which the image generation module generates sign information in an image format with the extracted specific value,
After the sign generation information extraction step, a web page generation step in which the web page generation module generates sign information in a web page format,
After the image generating step and the web page generating step, a sign information inserting step in which the sign information inserting module inserts the sign information in the image format generated by the image generating module into the body of the sending target e-mail;
After the sign information inserting step, the sending domain confirmation URL inserting module is used to confirm the sending domain generated by the web page generation module in the sign information in the image format inserted in the body of the e-mail to be sent by the sign information inserting module. Sending domain verification URL insertion step of inserting the URL, and
After the sending domain confirmation URL inserting step, including a mail transmission step of sending the sending target e-mail to which the mail transmission unit has added signature information,
An e-mail security method to prevent impersonation of a sender by checking whether the information in the e-mail received by the e-mail receiver matches the signature information without changing the e-mail environment of the recipient. An e-mail receiving step in which the e-mail receiver receives the e-mail to be sent,
After the mail receiving step, a signature generation information extraction step of extracting a specific value of an item that can be checked from the mail received by the e-mail receiver from the data constituting the e-mail to be sent;
After the sign generation information extraction step, a text generation step in which the text generation module generates sign information in text format with the extracted specific value,
After the sign generation information extraction step, a web page generation step in which the web page generation module generates sign information in a web page format,
After the text generating step and the web page generating step, a sign information inserting step in which the sign information inserting module inserts the text-formatted sign information generated by the text generating module into the body of an e-mail to be sent;
After the sign information insertion step, the sending domain confirmation URL insertion module is used to confirm the sending domain generated by the web page generation module in the text format of sign information inserted in the body of the e-mail to be sent by the sign information inserting module. Sending domain verification URL insertion step of inserting the URL, and
After the sending domain confirmation URL inserting step, including a mail transmission step of sending the sending target e-mail to which the mail transmission unit has added signature information,
An e-mail security method to prevent impersonation of a sender by checking whether the information in the e-mail received by the e-mail receiver matches the signature information without changing the e-mail environment of the recipient. An e-mail receiving step in which the e-mail receiver receives the e-mail to be sent,
After the mail receiving step, a signature generation information extraction step of extracting a specific value of an item that can be checked from the mail received by the e-mail receiver from the data constituting the e-mail to be sent;
After the sign generation information extraction step, a calling image generation step of generating sign information in the form of a calling image with a specific value extracted by the calling image generation module,
After the sign generation information extraction step, a web page generation step in which the web page generation module generates sign information in a web page format,
After the calling image generation step and the web page generation step, the sign image request URL insertion module inserts the sign information in the form of the calling image generated by the calling image generation module into the body of the sending e-mail. Step and,
After the sign image request URL insertion step, the sending domain confirmation URL insertion module is inserted into the body of the sending e-mail by the sign image request URL insertion module in the image format of sign information called by the sign image request URL. A sending domain verification URL insertion step of inserting a sending domain verification URL generated by the web page generation module,
After the sending domain confirmation URL inserting step, including a mail transmission step of sending the sending target e-mail to which the mail transmission unit has added signature information,
An e-mail security method to prevent impersonation of a sender by checking whether the information in the e-mail received by the e-mail receiver matches the signature information without changing the e-mail environment of the recipient. The method of claim 18,
The calling image generation step includes a calling image encryption value generation step in which a calling image password value generation module encrypts a specific value extracted by the sign generation information extraction unit to generate a password value, and after the calling image encryption value generation step E-mail security method for preventing impersonation of a sender, characterized in that it comprises a sign image request URL generating step of generating a sign image request URL using the password value. The method according to any one of claims 16 to 18,
The web page generation step includes a web page password value generation step in which a web page password value generation module generates a password value by encrypting a specific value extracted by the sign generation information extraction unit, and after the web page password value generation step E-mail security method for preventing impersonation of a sender, comprising the step of generating, by the sending domain verification URL generating module, a URL for verifying the sending domain using the password value. The method according to any one of claims 16 to 18,
The signature generation information extraction step includes a sending time extracting step in which the sending time extracting module extracts a sending time of the sending e-mail, a sending address extracting step in which the sending address extracting module extracts the sending address of the sending e-mail, The destination address extraction step in which the destination address extraction module extracts the destination address of the e-mail to be sent, the reference address extraction step in which the reference address extraction module extracts the reference address of the destination e-mail, and the e-mail subject extraction module E-mail security method for preventing impersonation of a sender, comprising the step of extracting a mail title of extracting the mail title of the mail. The method of claim 21,
The e-mail security method further comprises a conversion processing step of blind-processing a part of the mail title received from the mail title extraction module after the mail title extraction step. E-mail security method to prevent the problem.

Images