[go: up one dir, main page]

HK1135252B - Client device, mail system, program, and recording medium - Google Patents

Client device, mail system, program, and recording medium Download PDF

Info

Publication number
HK1135252B
HK1135252B HK10101497.4A HK10101497A HK1135252B HK 1135252 B HK1135252 B HK 1135252B HK 10101497 A HK10101497 A HK 10101497A HK 1135252 B HK1135252 B HK 1135252B
Authority
HK
Hong Kong
Prior art keywords
mail
tcp2
core
message
mail system
Prior art date
Application number
HK10101497.4A
Other languages
Chinese (zh)
Other versions
HK1135252A1 (en
Inventor
小川惠子
尾崎博嗣
Original Assignee
小川惠子
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2006150193A external-priority patent/JP4855147B2/en
Application filed by 小川惠子 filed Critical 小川惠子
Publication of HK1135252A1 publication Critical patent/HK1135252A1/en
Publication of HK1135252B publication Critical patent/HK1135252B/en

Links

Description

Client device, mail system, program, and recording medium
Technical Field
The present invention relates to a client system and a mail system that are emphasized on security in communication, and more particularly, to a client system, a mail system, and a computer program that realize the systems, which are capable of powerfully preventing unjust disturbances such as "leakage", "falsification", and "masquerading" of data and "appropriation" or "attack" of data on the internet and a computer that realizes the same.
Background
In recent years, communication using the internet has rapidly developed in society because anyone who has at least one personal computer can access a computer on a network only by connecting to the network. On the other hand, with the development of internet communication, social problems accompanying it have become more serious, in which a hacker or intruder intrudes into the computer system of other person to snoop software and data and tamper or crack them.
One particular case of improper interference is first made unavailable by interfering with the operation of the computer system by sending a large number of messages over the network to interfere with the system. It may also happen that the system is shut down when the host becomes overloaded due to the interference.
There is also a type of fraudulent disturbance called "unauthorized access and masquerading" in which confidential information is stolen by acquiring a password in the host, and information is tampered and cracked, and the like. There is a very serious situation in such interference in which information possessed by the computer is arbitrarily rewritten in order to defraud others. In addition, illicit activities caused by spyware may occur in which a specific personal computer is hacked secretly, and personal confidential data such as mail addresses and passwords are utilized. There is also the possibility of so-called eavesdropping, which, as mentioned above, frequently occurs in order to improperly snoop the database contents in a computer connected to the network.
In addition, there may occur an action of intentionally stealing personal information in a station or in a management source of a server, and a danger such as cyber terrorism may occur due to spying into the interior of a company or the like.
Further, there has been a growing number of recent improper interventions such as the release of "viruses", which are programs that cause computers of others to malfunction. If a personal computer used to send and receive mail at home becomes infected with such a virus that is placed, when it connects to a computer within a company, the corporate body computer will be infected with the virus and/or the virus will crack files in the computer and the entire network may fail.
Therefore, in communication on the internet using the conventional TCP/IP (transmission control protocol/internet protocol) or UDP (user datagram protocol), encrypted communication called IPsec (IPsec: security architecture for internet protocol) or SSL (secure socket layer) is used as a function of preventing "leakage", "falsification", and the like of data.
IPsec is characterized not only by encrypting only specific applications, but also by encrypting every communication sent from the host at the IP layer. In this way, it is possible for the user to have secure communication without knowledge of the application. Furthermore, IPsec makes it possible to change the encryption algorithm used without changing its own structure, so that it can be used in the future.
Further, by using SSL, it is possible to cause a client and a server to authenticate each other on the network, and to exchange highly confidential information (such as credit card information and the like) by encryption. In this way, it is possible to prevent eavesdropping of data, replay attack (transmission data to be transmitted over the network a plurality of times by eavesdropping of repetitive attack), masquerading (communication by impersonating another person himself), tampering with data, and the like.
Among encrypted communications used in the present invention, an encryption function is added to the TCP layer, which is the transport layer (the fourth layer of OSI). The transport layer is a protocol layer for implementing a hypothetical communication path without errors between two processes executing on respective nodes. It is possible for the network layer to send data, but there is no guarantee that the data will definitely reach the destination. Furthermore, there is no guarantee that the data will arrive correctly in the order sent. Therefore, it is a transport layer that provides a communication path without an error so that it can be easily used for an application. The inventor of the present invention has proposed an example of a communication system that can prevent unauthorized intrusion from the outside by adding an encryption function to the transport layer of the fourth layer for the first time in the world, and has named such an encryption communication system as "TCP 2" (see patent document 1).
Patent document 1: WO 2005/015827.
Disclosure of the invention
The invention described in the patent document 1 is limited to a general encryption communication system, a communication method, a communication device, and a communication program using TCP2, and a mail system equipped with TCP2 has not been realized.
An object of the present invention is to provide a mail system having an encryption function and a program for realizing the mail system using a communication system utilizing "TCP 2" previously proposed by the inventor of the present invention.
More specifically, the object of the present invention is to provide an electronic mail system and a program thereof, in which end-to-end encrypted electronic mail transmission/reception can be implemented by installing TCP2 on a transmitting-side client and a receiving-side client of the electronic mail.
In order to solve the above-described problems and achieve the object of the present invention, there is provided a client device used in a mail system of the present invention, wherein the mail system is connected to a network and includes an existing mailer that performs mail communication among a plurality of client devices. The client device includes a TCP2 driver and a TCP2 mail system application unit in addition to the existing mailer, wherein the TCP2 driver includes a TCP2 core and a mail system core. The TCP2 core includes means for identifying packets of e-mail sent from the existing mailer or SMTP and POP3 protocols and for sending them to the mail system core. The mail system core comprises: means for encrypting or decrypting the mail to be transmitted and received; means for performing a key exchange with other client devices; means for saving the IP address and port of the POP3 and the IP address and port of the SMTP; means for saving a user ID and password and e-mail addresses of the sender and recipient; means for maintaining a key formed by the key exchange; and means for selecting and deleting encrypted mail, HTML mail or attachments. The TCP2 mail application unit includes means for displaying a key status related to an e-mail sent from the mail system core and for displaying a list of the status of the e-mail (including encrypted or unencrypted state of the e-mail), mail type, attachment, and mail address of a sender, and the TCP2 mail application unit further includes means for displaying an encrypted mail received by the existing mailer in plain text. An e-mail received via the network is selected and processed by the TCP2 driver and then provided to the existing mailer, and a mail sent from the existing mailer to another client device via the network is set to be sent after the another client device of the receiving party is confirmed by the TCP2 driver.
The mail system of the present invention is a mail system in which mail transfer is carried out between a plurality of client apparatuses connected to a network and having existing mailers. The client device includes a TCP2 driver and a TCP2 mail application unit in addition to the existing mailer, wherein the TCP2 driver includes a TCP2 core and a mail system core. The TCP2 core of the TCP2 driver is connected to the existing mailer or the network, and is configured to transmit packets of e-mail of SMTP or POP3 protocol transmitted from a mail server to the mail system core. The mail system core is configured to perform the following operations: encrypting or decrypting the transmitted and received mails; implementing a key exchange with a sender or a receiver; saving the IP address and port number of the POP3, the IP address and port number of the SMTP, a user ID and password, and the email address of the sender or the receiver; storing a key formed by the key exchange on a storage medium; and selectively deleting the received e-mail. The mail system is characterized in that the TCP2 mail system application unit implements display of a key status relating to an electronic mail sent from the mail system core, and implements display of a list of sent and received mails and display of a plain text of an encrypted mail received by the existing mailer.
Further, a mail transfer program used in the mail system of the present invention is implemented on each client apparatus communicating with each other using a TCP2 mail system function, the TCP2 mail system function including 3 functions: TCP2 core, mail system core, and TCP2 mail application in addition to the existing mailer functions. The TCP2 core functions to connect to a network and includes functions for identifying a packet of an e-mail transmitted from the existing mailer or mail server protocol SMTP or POP3 and for transmitting it to a mail system core. Further, the functions of the mail system core include functions for performing the following operations: encrypting or decrypting the transmitted and received e-mails; implementing a key exchange with a sender or a receiver; storing an IP address and port number of the POP3, an IP address and port number of the SMTP, a user ID and password, an email address of the sender or the receiver, a key formed by the key exchange on a storage medium; and selectively deleting the received e-mail. Further, the functions of the TCP2 mail system application include functions for performing the following operations: displaying a key status related to an e-mail transmitted from the mail system core, and performing a list display of transmitted and received mails and a clear text display of an encrypted mail received by the existing mailer. The mail transfer program of the present invention is a program that causes the client apparatus computer to realize its corresponding functions. A recording medium in which the mail communication program is recorded is also included as an embodiment of the present invention.
According to the mail system of the present invention, since the TCP2 function is used to encrypt/decrypt the title, message body, and attachment of an electronic mail, only authorized persons can find the contents of the electronic mail without being known to others.
Further, the mail transmission and reception protocol (SMTP, POP2 command) and the mail header terminator, MIME identifier are kept in plain text, so that it is effective to use the mail application or the mail server used in the client apparatus without change.
Brief Description of Drawings
Fig. 1 is a diagram showing the protocol stack of TCP2 used in the mail system of the present invention.
Fig. 2 is a diagram showing the structure of a message packet used in the mail system of the present invention.
Fig. 3 is a block diagram of a TCP2 mail system in a client device of the present invention.
Fig. 4 is a block diagram for explaining an outline of a TCP2 core as one component of the mail system of the present invention.
Fig. 5 is a block diagram for explaining an outline of a core of the mail system as one component of the mail system of the present invention.
Fig. 6 is a block diagram for explaining an outline of an application unit of the TCP2 mail system as a component of the mail system of the present invention.
Fig. 7 is a diagram illustrating a received mailing list displayed on an output device by a TCP2 mail system application.
Fig. 8 is a part of a flowchart showing a user registration flow in the mail system of the present invention.
Fig. 9 is a part of a flowchart showing a user registration flow in the mail system of the present invention.
Fig. 10 is a part of a flowchart showing a user registration flow in the mail system of the present invention.
Fig. 11 is a part of a flowchart showing a key exchange transmitting side flow in the mail system of the present invention.
Fig. 12 is a part of a flowchart showing a key exchange transmitting side flow in the mail system of the present invention.
Fig. 13 is a part of a flowchart showing a key exchange transmitting side flow in the mail system of the present invention.
Fig. 14 is a part of a flowchart showing a key exchange reception side flow in the mail system of the present invention.
Fig. 15 is a part of a flowchart showing a key exchange reception side flow in the mail system of the present invention.
Fig. 16 is a part of a flowchart showing the encrypted mail transmission side flow in the mail system of the present invention.
Fig. 17 is a part of a flowchart showing a flow of an encrypted mail transmission side in the mail system of the present invention.
Fig. 18 is a part of a flowchart showing the encrypted mail transmission side flow in the mail system of the present invention.
Fig. 19 is a part of a flowchart showing a flow of the encrypted mail receiving side in the mail system of the present invention.
Fig. 20 is a part of a flowchart showing a flow of the encrypted mail receiving side in the mail system of the present invention.
Fig. 21 is a diagram for explaining an outline of an example of a TCP2 mail system of the present invention.
Best mode for carrying out the invention
Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 1 shows a TCP2 protocol stack for use in the encrypted communications system of the present invention.
< description of TCP2 protocol Stack >
The protocol stack includes a NIC (network interface card) driver 11 provided to correspond to one of a physical layer (first layer) and a data link layer (second layer) among OSI seven layers. The driver is provided to connect hardware such as a computer to a network, and its content is data transmission and reception control software. For example, a LAN board or a LAN card for connecting to ethernet corresponds thereto.
The IP emulator (emulator) 13 partially extended to the transport layer (fourth layer) is a network layer of the third layer. The transport function is not installed on the portion extended to the transport layer, and it provides only the session layer (fifth layer) with the functions of the network layer. The IP emulator 13 is configured to implement an operation with either "IPsec over CP" 13b as a protocol for implementing encrypted communication or "IP over CP" 13a by switching between the two depending on the intended use. The term "on CP" here indicates that "approaching" and "attacking" an object are observed by a Cracker Prevention (CP) and that it is obsolete, cut or by restriction, or that such observation can be carried out by the setting of the cracker prevention.
In addition, the network layer is provided with ARP (address resolution protocol over cracker) on the CP. ARP on the CP is a protocol used to find a MAC (media access control) address, which is a physical address of ethernet, from an IP address including a protection measure against a decrypter. The MAC is a transmission control technique utilized within a LAN or the like, which is called medium access control and is used as a technique for defining a transmission and reception method of a frame as a transmission and reception unit of data, a frame format, error correction, and the like.
Here, the IP emulator 13 is software or firmware for allowing various security functions according to the present invention to be matched with a conventional IP peripheral protocol stack. More specifically, the IP emulator 13 is software, firmware, or hardware (electronic circuit, electronic component) for allowing various security functions to be matched with an ICMP (internet control message protocol) 14a, an IGMP (internet group management protocol) 14b, a TCP 15, and a UDP 16, and further to a socket interface 17. The IP emulator 13 may implement encryption and decryption of IPsec and processing after the encryption and decryption, such as processing of adding necessary authentication information and authentication. It should be noted that the ICMP is a protocol for transmitting IP error messages or control messages, and the IGMP is a protocol for controlling a host group configured to efficiently distribute the same data to a plurality of hosts or receive the data distribution.
A TCP emulator 15 and a UDP emulator 16 are provided in the transport layer (fourth layer), which is a layer above the IP emulator 13. The TCP emulator 15 is configured to implement an operation with "TCPsec on CP" 15b as a protocol implementing encrypted communication or with "TCP on CP" 15a as a normal communication protocol by switching between the two depending on the intended use. Similarly, the UDP emulator 16 is configured to implement an operation using "UDPsec on CP" 16b as a protocol implementing encrypted communication or "UDP on CP" 16a as a general communication protocol by switching between them depending on the intended use.
Further, the most specific feature of the TCP2 is that the encryption communication protocols of the TCPsec15b and the UDPsec 16b are installed in the transport layer (fourth layer).
The socket interface 17 that implements data exchange with a protocol such as TCP, UDP, or the like is provided in a session layer (fifth layer), which is a layer above the transport layer (fourth layer). As has been described, a socket refers to a network address obtained by combining an IP address corresponding to an address of a computer in a network with a port number that is a sub-address of the IP address. In practice, the socket interface 17 is provided with a single software program module (executive, etc.) or a single hardware module (electronic circuit, electronic component, etc.) for adding or deleting a series of headers together.
The TCP emulator 15 implements, in the transport layer, an operation of distributing packets to one of the TCPsec15b and a normal protocol TCP 15a, in which the TCPsec15b has a function of preventing data leakage and falsification, i.e., a function of encryption, integrity authentication, and the like, and the TCP 15a may not have such a function of encryption, integrity authentication, and the like. Furthermore, the TCPsec15b and the TCP 15a each include a cracker prevention device (CP), so that it is possible to realize a protection function against "approach" and "attack" of a decryptor in the case where either of the protocols is selected. The TCP emulator 15 also has a function of interfacing with a socket located in an upper layer.
Further, as described above, the UDP may not have an error compensation function, while the TCP has an error compensation function, but the UDP has a feature of a high transmission speed accordingly and also has a broadcasting function. The UDP emulator 16, similar to the TCP emulator 15, performs an operation of distributing packets to one of the UDPsec 16b and the normal protocol UDP 16a, in which the UDPsec 16b has a function of preventing data leakage and falsification, i.e., functions of encryption, integrity authentication, and the like, and the normal protocol UDP 16a may not have such functions of encryption, integrity authentication, and the like.
As shown in fig. 1, the protocol stack implementing the encryption process according to the present invention includes the socket 17, a TCP emulator 15, a UDP emulator 16, a "TCPsec on CP" 15b, a "UDPsec on CP" 16b, a "TCP on CP" 15a, a "UDP on CP" 16a, an "ICMP on CP" 14a, an "IGMP on CP" 14b, an IP emulator 13, an "IP on CP" 13a, and an "ARP on CP" 12, which will be generally referred to as TCP2 hereinafter (see patent document 1).
In the TCP2, which plays a central role in the mail system of the present invention, CP (cracking prevention) is implemented in accordance with the standard protocols TCP, UDP, IP, IPsec, ICMP, IGMP, and ARP, and communication-based attacks against the corresponding stack protocol and application-based attacks (trojan horse, falsified program, or unauthorized use by qualified users) can be prevented. Further, the TCP emulator 15 is implemented in the TCP2, and the TCP emulator 15 is compatible with the socket 17 in the session layer and the IP emulator 13 in the network layer, so that the TCP emulator 15 can be externally regarded as a standard TCP. In practice, switching is made between TCP and TCPsec to perform it as a TCP2 function. TCPsec is the encryption and authentication function in the transport layer.
Further, the UDP emulator 16 is similarly implemented in the TCP2, and the UDP emulator 16 is compatible with a standard UDP corresponding to the socket 17 in the session layer and the IP emulator 13 in the network layer, so that the UDP emulator 16 can be externally treated as a standard UDP. In practice, a switch is made between UDP and UDPsec to perform it as a TCP2 function. However, UDPsec is a function that is not used in the mail system according to the present invention, and therefore will not be mentioned in the following description.
Next, the TCPsec15b having a function of preventing "data leakage", which is a particularly important function in the TCP2, will be described. A well-known secret key (public key) encryption algorithm is used as an encryption and decryption method (algorithm and logic (logic)) for the TCPsec15 b.
Furthermore, in addition to the cryptographic systems such as so-called FEAL (fast data decoding algorithm), MISTY and AES (advanced encryption standard) which are used as the cryptographic system of the TCPsec15b within the mail system of the present invention, it is also possible to use encryption and decryption algorithms of secrets which are independently generated. Here, FEAL is a cryptosystem developed by Nippon Telegraph and telephone corporation (old name of the time), which is a secret-key cryptosystem using the same key for both the encryption and decryption. FEAL has an advantage in that, compared to DES (data encryption standard: public key (secret key) encryption algorithm developed by IBM u.s.), encryption and decryption are implemented at high speed,
next, for example, MISTY is used as a cryptographic system corresponding to TCP2, and similarly to IDEA, MISTY encrypts data by dividing it into a plurality of 64-bit blocks. The key length is 128 bits. The same procedure is used for encryption and decryption in MISTY, which is similar to DES and the like.
Therefore, various known secret key encryption algorithms can be adopted as the cryptographic system of the TCPsec15b according to the present invention, and it is also possible to utilize a secret key (public key) cryptographic system independently developed by a user.
Further, an authentication algorithm using a public key or a pre-shared secret, such as MD5 (message digest 5), SHA1 (secure hash algorithm 1), is used as a kind of "authentication" and "integrity authentication" method for preventing so-called "spoofing" and "data tampering" and the like. It is also possible to use an original algorithm that replaces the above-mentioned known authentication algorithm with a one-way function.
MD5 is a hash function (one-way summary function) used for authentication and digital signature, in which it can be detected in the middle of a communication whether an original word is falsified by generating a hash value of a fixed length based on the original word and comparing the hash values at both ends of the communication path. The hash value is a value, such as a pseudo-random number, with which it is not possible to generate the original text. Furthermore, it is difficult to generate another message that generates the same hash value.
SHA1 is also a hash function used for authentication, digital signature, etc., where the hash function can be obtained by hashing a data stream with 264Or a maximum length of less bits, generates a 160-bit hash value and compares the values across the communication path to detect tampering with the original text in the middle of a communication. The authentication algorithm is also employed in IPsec representing conventional internet encrypted communication.
It should be noted that the authentication algorithm is designed so that secure key exchange can be implemented based on DH (Diffie-Hellman) public key distribution method, IKE (internet key exchange) protocol (No. 500 of UDP) similar to IPsec, and the like, and furthermore a schedule is determined by a protocol driver program (TCPsec 15b, UDPsec 16b, and the like), so that the encryption/decryption authentication algorithm (logic) itself and the key set/domain will be periodically transformed.
< description of TCP2 data packet Structure >
Next, a data packet structure used in the mail system of the present invention, its encryption area, and its area to which integrity authentication is applied will be described based on fig. 2.
Fig. 2 shows a packet structure of TCPsec/IPsec, an area of encryption, and an area to which integrity authentication is applied. As shown in fig. 2, the packet structure comprises an IP header 21, a TCP header 22 and, immediately after the IP header 21, TCPsec additional information 23, which is also followed by application data 24. Subsequently, a TCPsec additional trailer 25 and TCPsec additional authentication data 26 are set after the application data 24. The TCPsec additional trailer 25 is information for supporting cipher data on data space appearing in the block cipher, its space length, the number of next headers, and the like.
Depending on the encryption/authentication algorithm employed, such information representing the characteristics of the TCPsec may be dispersed into unused header field portions of the TCPsec/IP and so on, or may be omitted by a separate previous setup (negotiation) that cannot be reversely calculated or guessed from a separate packet. Further, by constructing a TCPsec/IP packet as shown in fig. 2 by using protocol fields that do not use TCP and IP corresponding to a layer higher than the IP layer, it is possible to easily reduce the packet size compared to an IPsec packet in which only lower layer IP is concentrated. It should be noted that the encrypted area here includes the application data 24 and the TCPsec additional trailer 25 as shown in the figure, and the authentication area includes the encrypted area and additionally additional TCPsec additional information 26.
< description of functional block diagram of TCP2 mail System >
Next, a first example of a mail system using TCP2 of the present invention will be described with reference to the drawings.
Fig. 3 is a block diagram of one example of a client device for use in the mail system of the present invention. The client device a (or B) includes a TCP2 driver 34, a TCP2 mail system application unit 35 in addition to the existing mailer 31, an input device 32, and an output device 33. The client device further comprises a storage medium 39 for holding the received mail.
The TCP2 driver 34 includes a TCP2 core 36 described in fig. 4, a mail system core 37, and a storage medium 38 described in fig. 5. The storage medium 38 is a storage medium different from the storage medium 39 which the client apparatus a normally has, and is a storage medium which stores various kinds of information described later in a state of being encrypted by a secret key which the mail system core has.
Here, a mail server and other terminals (e.g., client apparatus B) not shown in the drawing are connected to a network 40 connected to the client apparatus a, and the client apparatus a and the client apparatus B carry out mail exchange through the mail server (see fig. 4) connected to the network 40.
Next, the operation of the client device a shown in fig. 3 will be briefly described. As will be described in detail in fig. 4-6.
First, encrypted mail data transmitted from the mail server through the network 40 is transmitted to the TCP2 core 36 of the TCP2 driver 34 installed in the client device a. Subsequently, after confirming that the data is a POP3 packet in the TCP2 core 36, it is transmitted to the mail system core 37 and transmitted to the existing mailer 31 after performing predetermined processing.
Further, the mail system core 37 is connected to the TCP2 mail system application unit 35, and displays a list of received mails on the output device 33 through the TCP2 mail application unit (see fig. 7). The user of the client device a views the display result, determines whether to receive or discard the mail, and inputs the determination result from the input device 32. The output of the input device 32 is sent to the mail system core 37 through the TCP2 mail system application unit 35, and an improper mail is deleted there.
On the other hand, the email sent from the mailer 31 of the client apparatus a is confirmed in the TCP2 core 36 as a mail having an SMTP packet, and is then sent to the mail system core 37. Subsequently, the mail is encrypted in the mail system core 37 and sent to the mail server 41 connected to the network 40 through the TCP2 core 36 (see fig. 4). It should be noted that in the case of user registration or key exchange described in fig. 8 to 15, the storage medium 38 stores POP3IP address and port number, SMTP IP address and port number, user ID and password, e-mail addresses of the receiver and sender, and key information in an encrypted state. Further, although depending on the TCP2 installation mode, the mail message may also be stored.
Having described the outline configuration of an example of the mail system of the present invention, a detailed description thereof will be given below using the block diagrams of fig. 4 to 6 and the flowcharts of fig. 8 to 20.
Fig. 4 is a functional block diagram for explaining in detail the TCP2 core 36 as a component of the TCP2 driver 34. Wherein parts corresponding to those in figure 3 are given the same reference numerals.
As shown in fig. 4, the TCP2 core 36 includes a specified port search unit 42 and a hook processing unit 43, the specified port search unit 42 receives a port search request from the mail system core 37 and searches for a specified port, and the hook processing unit 43 also receives a hook request from the mail system core 37 and hooks a packet conforming to the request.
The TCP2 core 36 includes: a POP3 command message packet confirmation unit 44 that receives the POP3 command message packet from the mailer 31 of the client apparatus a and confirms that it is a POP3 command message packet; a response message confirmation unit 45 that confirms that the message is from the mail server 41 connected to the network 40; an SMTP command message packet confirmation unit 46 that receives the SMTP command message packet from the mailer 31 of the client a and confirms that it is an SMTP command message packet; and a response message confirmation unit 47 that confirms that the message is from the mail server 41 connected to the network 40. Further, the TCP2 core 36 includes a packet intercepting unit 48 that connects POP3/SMTP message confirmation units 44 to 47 and the mail system core 37.
The hook processing unit 43 is a unit configured to perform the following processing: a packet for which a hook request is issued by the mail system core 37 (i.e., a request for capturing a predetermined packet when the packet is received) is captured. More specifically, the hook processing unit 43 cooperates with the POP3 command message packet confirmation unit 44 and the SMTP command message confirmation unit 46, and upon confirming a packet including an IP address and a port number for which a hook request has been issued in advance, captures the packet and transmits it to the mail system core 37. Further, if receiver declaration data, key exchange fixed form data, and the like for which a hook request has been issued in advance by the mail system core 37 are confirmed in the POP3 command message packet confirmation unit 44 and the SMTP command message confirmation unit 46, these data are captured by the hook processing unit 43 and sent to the mail system core 37. When the POP3 response message packet confirming unit 45 and the SMTP response message packet confirming unit 47 similarly confirm each message packet, the hook processing unit 43 captures the message packet and sends the result thereof to the mail system core 37 via the packet intercepting unit 48. The configuration and operation of the TCP2 core 36 is thus described.
Next, the configuration and operation of the mail system core 37 will be described based on fig. 5. The same reference numerals are given to the same configurations as in fig. 3 and 4, and a description thereof will be omitted.
The mail system core 37 includes: an authentication/analysis unit 50 which authenticates a user ID and a password included in various command message packets transmitted from the TCP2 core 36 and analyzes various command messages; an encryption unit 51 that encrypts the POP3IP address and port number, SMTP IP address and port number, user ID and password, e-mail addresses of the receiver and sender, key information, etc., included in the command message packet analyzed by the authentication/analysis unit 50, and the title, message body, and attachment of the plaintext mail; a key exchange unit 53 that performs key exchange between the client apparatuses; and a storage medium 38 that stores the POP3IP address and port number, SMTP IP address and port number, user ID and password, e-mail addresses of the receiver and sender, key information, and the like in an encrypted state as described above. Further, the mail system core 37 further includes: an interface unit 55 which connects the mail system core 37 to the TCP2 mail system application unit 35; a mail/attached file deleting unit 54 that deletes the mail and attached file based on the displayed received mail list (see fig. 7); and a decryption unit 52 that decrypts the information stored in the storage medium 38 in an encrypted state.
As described above, the TCP2 core 36 captures the command message packet from the mailer 31 of the terminal and from the mail server 41 based on the hook request from the mail system core 37. The command message packet captured by the TCP2 core 36 is sent to the authentication/analysis unit 50 of the mail system core 37.
The encryption unit 51 of the mail system core 37 encrypts the header, the message body, and the attachment of the mail from the command message packet analyzed by the authentication/analysis unit 50 and transmits them to the mail server 41 through the TCP2 core 36. It should be noted that the command message packet other than the header, message body, and attachment of the mail is sent to the mail server 41 through the TCP2 core 36 without being encrypted by the encryption unit 51.
The decryption unit 52 is a means for decrypting various information including mail information stored in the storage medium 38 and transmitting them to the mailer 31 through the TCP2 core 36 as necessary. Further, the key exchange unit 53 is means for conducting key exchange between the terminal (client apparatus a) connected to the network 40 and another terminal (client apparatus B). In the encryption unit 51 and the decryption unit 52, the title, the message body, or the attachment of the mail is encrypted or decrypted.
Further, the mail system core 37 includes a deletion unit 54 of mail/attached file or the like, which allows deletion of an illegal mail. The mail/attachment deletion unit 54 is connected to the TCP2 mail application unit (see fig. 3, 6) through an interface 55. The operator of the client apparatus a confirms the display data shown in fig. 7 displayed on the output apparatus (display apparatus) 33, and determines to receive mail and delete mail. The delete mail (or attachment) is sent to the file-attachment deleting unit 54 of the mail system core 37 in fig. 5 by clicking the delete button, and is deleted. Accordingly, the illicit mail can be deleted without being supplied to the mailer 31 of the client apparatus a.
Next, the configuration and operation of the TCP2 mail system application unit 35 will be described based on fig. 6. The TCP2 mail system application unit 35 is software that connects the mail system core 37 with the input device 33 and the output device 32, and is configured to have an interface 61, a user registration unit 62, a mail sender/receiver information management unit 63, a mail display unit 64, and an input and output control unit 65. Subsequently, user registration is performed in the mail system core 37 through the interface 61 from the input and output control unit 65, and a user registration completion notification is sent from the mail system core 37 to the user registration unit 62 through the interface 61 when the user registration is completed. The fact that the user registration is completed is then displayed on the output device 33.
Further, as described above, the received mail list screen as shown in fig. 7 is displayed on the output device 33. That is, when mail data is transmitted from the POP3 server to the mail system core 37, the reception of the encrypted mail, the mail with attached file, and the HTML mail is suspended by the mail system core 37.
The received mails are then displayed as a list on the output device 33, and the TCP2 mail application unit 3 selects "receive" or "discard" the mails. More specifically, in the case of encrypted mail, after a "receive" button is pressed and the person is authenticated, the encrypted mail can be received by the existing mailer 31.
Further, in the case of a mail with an attached file or an HTML mail, after confirming to the sender whether the sender has intentionally sent the mail, the "receive" button will be pressed, and it will be possible for the existing mailer 31 to receive the mail. During the confirmation with the sender and in case the sender may not be able to tune back to the sending at all, the "discard" button will be pressed and the mail piece may be discarded.
Further, in the TCP2 mail application unit 35, the mail display unit 64 allows the encrypted mail received by the existing mailer and stored in the storage medium 39 to be plain (plaintext) and displayed on the output device 33.
< description of flow of user registration >
The flow of user registration will be described in detail next based on the flowcharts of fig. 8 to 10.
In the present invention, the "POP before SMTP" system must be used in the mail transmission process.
The "POP before SMTP" system means a mail transmission system in which POP must be performed before SMTP is used.
The SMTP protocol (in the standard mode) used in mail transmission has no mechanism for user authentication, and therefore any user is likely to transmit a mail.
For this reason, for example, spam and mail such as viruses may be sent. One of the contemplated methods of preventing improper utilization of such SMTP servers is the "POP before SMTP".
In the POP protocol for receiving mail, user authentication is carried out in the first step of its connection.
Therefore, if the user authentication according to POP is made to have to be received before the transmission of the SMTP protocol, it is possible to restrict the user using the SMTP server, so that it is possible to prevent an improper mail transmission.
A system using the SMTP server having the above-described mechanism is referred to as "SMTP-before-POP".
Typically, after the POP operation is carried out, access to the SMTP server from the same IP address will be permitted only for an interval of about several minutes to several tens of minutes, and therefore the user needs to send mail during that time period.
In the case where the SMTP server employs the "POP before SMTP" system, the user must perform a receiving operation once before sending a mail, but this operation is automatically performed depending on the mail-software.
Further, when the mail-software may not support, the transmission may be performed after the receiving operation is manually performed once.
Here, the user performs transmission according to the method regardless of whether the SMTP server employs the "POP before SMTP" system.
First, when a user is registered in the TCP2 mail system, the user registration is started from the TCP2 mail system application unit (step S1). More specifically, the TCP2 mail system application unit 35 requests the mail system core 37 in the TCP2 driver 34 to register a user. The mail system core 37 receiving the user registration request sends a mail search request to the TCP2 core 36 in the TCP2 driver.
Upon receiving the mail search request from the mail system core 37, the TCP2 core 36 searches for a specified communication port (step S2).
After the operation, a fixed-form mail for the user registration is sent from the existing mailer 31 to the user (step S3). Here, as described above, the connection to POP3 is implemented before mail transmission from SMTP is requested. In this step, TCP communication is established between the existing mailer 31 and the mail server 41 (see fig. 4) connected to the network 40 through the TCP2 core.
Subsequently, the TCP2 core 36 receives the POP3 connection message from the network 40, and after recognizing that it is a POP3 port, notifies the mail system core 37 of the searched port (step S4). For example, if the specified communication port is an SMTP (e.g., 25 port) or POP3 (e.g., 110 port) packet, the mail system core 37 is notified of the searched port. At the same time, the TCP2 core 36 also transmits a POP3 connection message to the existing mailer 31.
The mail system core 37 receives the search result from the TCP2 core 36, and requests the TCP2 core 36 to receive (intercept) the packet (step S5). After receiving the intercept request from the mail system core 37, the TCP2 core 36 starts to intercept the packet (step S6).
Subsequently, a USER ID is sent from the existing mailer 31 to the TCP2 core 36, and the TCP2 core 36 confirms the USER ID packet (step S7), and a "USER" message from the mailer is sent to the mail system core 37. "USER" is the basic command of POP3 issued when connecting a client to a server.
The mail system core 37 analyzes the "USER" message from the TCP2 core 36, stores the POP3IP address and port number in the storage medium 38 (see fig. 3, 5), and temporarily stores the USER ID therein (step S8). Here, the user ID is temporarily saved because authentication has not been obtained by password confirmation or the like in this step. Subsequently, the user ID is transmitted to the mail server 41 connected to the network 40 (see fig. 4).
A response to the user ID is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the user ID response message and transmits a "+ OK" message as a result thereof to the mail system core 37 (step S9). The "+ OK" message is a message informing that "the user is recognized, the password is transmitted" in the mail server 41. The mail system core 37 analyzes the "+ OK" message and transmits a user ID response from the mail server 41 to the mailer 31 (step S10).
Next, such a case in which the mailer 31 transmits a password message to the mail server 41 will be described. First, the password message transmitted from the mailer 31 is confirmed in the TCP2 core 36, and a packet of the confirmed password message is transmitted to the mail system core 37 (step S11). The mail system core 37 receives and analyzes the "PASS" message from the TCP2 core 36. As a result of the analysis, the password is temporarily saved in the storage medium 38 (temporary saving), and the password is transmitted to the mail server 41 connected to the network 40 (step S12).
Next, when a password response message is returned from the mail server 41 to the client device a, the packet of the password response message is confirmed by the TCP2 core 36, and the packet of the password response message is transmitted to the mail system core 37 (step S13). The mail system core 37 receives the packet of the password response message and analyzes the message. More specifically, "+ OK" message indicating that the password is confirmed is analyzed, and the user ID and password temporarily stored in the storage medium 38 are formally stored in the storage medium 38. Thereby terminating the user authentication. Subsequently, after terminating the storage of the user ID and password, the password response from the mail server 41 is sent to the mailer 31.
After receiving the password response, the mailer 31 sends a termination declaration (QUIT) reporting that the connection is released to the TCP2 core 36, and the TCP2 core 36 reports that the termination declaration has been confirmed to the mail system core 37 (step S15). The mail system core 37 analyzes the "QUIT" message and sends the termination declaration "QUIT" to the mail server 41 connected to the network 40 (step S16).
Thereafter, a termination declaration response is returned from the mail server 41 to the TCP2 core 36, so that the TCP2 core 36 confirms the packet of the termination declaration response (step S17), and sends the result to the mail system core 37. The mail system core 37 analyzes the "+ OK" message from the TCP2 core 36 and transmits a termination declaration response to the mailer 31 (step S18). Accordingly, the cutting off of the TCP communication between the TCP2 core 36 and the mailer 31 and between the TCP2 core 36 and the mail server 41 connected to the network 40 is completed.
Next, the second step of the user registration flow will be described based on fig. 9.
The second step starts with a mail transmission request from the SMTP of the mailer 31 to the mail server 41 connected to the network 40 (step S19). Accordingly, TCP communication is established between the mailer 31 and the mail server 41 through the TCP2 core 36.
After the TCP communication is established, an SMTP connection message is transmitted from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 receives the SMTP response code "220", recognizes that it is an SMTP port, and notifies the search result to the mail system core 37 (step S20). The SMTP response code "220" is a notification that the connection preparation between the mail server and the client device has been completed.
Subsequently, the mail system core 37 requests the TCP2 core 36 to receive (intercept) a packet (step S21), and the TCP2 core 36 that received the request starts the packet reception (step S22).
Next, a utilization start declaration is issued from the mailer 31 of the client apparatus. The utilization start declaration is a message informing the server of "sending mail from now on" from the client apparatus. The TCP2 core 36 confirms the packet with the start announcement message (step S23) and transmits it as a "HELO", "EHLO" message to the mail system core 37.
The mail system core 37 analyzes the "HELO", "EHLO" message, and saves the SMTP IP address and port number in the storage medium 38 (step S24). Subsequently, the utilization start notice is transmitted to the mail server 41 connected to the network 40. A utilization start declaration response to the utilization start declaration is issued from the mail server 41 and confirmed in the TCP2 core 36 (step S25). The response code with the start declaration is denoted by the number "250". The response code "250" refers to "requested mail action permit, completed".
The mail system core 37 analyzes the "250" message and sends the utilization start declaration response sent from the mail server 41 to the mailer 31 (step S26).
Subsequently, a sender declaration is sent from the mailer 31. The TCP2 core 36 confirms the packet of the sender declaration and sends it to the mail system core 37 (step S27). The sender declaration message is to refer to "mail from: a message of < ", and is a message notifying the sender. The mail system core 37 analyzes the message, stores the electronic mail address of the sender in the storage medium 38 (step S28), and transmits the sender declaration to the mail server 41.
The mail server 41 receives the sender declaration and issues a sender declaration response. The TCP2 core 36 confirms the packet of the sender declaration response and sends the response code "250" to the mail system core 37 (step S29). The mail system core 37 analyzes the "250" response code, and then transmits the received sender declaration response to the mailer 31 of the client apparatus (step S30).
Subsequently, the mailer 31 transmits a recipient declaration message. The receiver declaration message is used to report "please send an e-mail to the following e-mail address" to the mail server 41. "and is denoted by a reference number, which refers to" RCPTTO: <. The TCP2 core 36 confirms the receiver declaration message (step S31) and sends it to the mail system core 37. The mail system core 37 analyzes the "RCPT TO: "message" and sends it to the mail server 41 (step S32).
After receiving the receiver declaration, the mail server 41 returns a receiver declaration response to the TCP2 core 36, and the TCP2 core 36 confirms the receiver declaration response and sends it as a response code "250" to the mail system core 37 (step S33). The mail system core 37 analyzes the recipient declaration response and transmits it to the mailer 31 of the client terminal (step S34).
The third step of the user registration flow shown in fig. 10 will be described later. More specifically, the mailer 31 of the client apparatus receives the recipient declaration response, and transmits a message body start declaration. The TCP2 core 36 confirms the packet whose message body starts declaration and supplies it as a "DATA" message to the mail system core 37 (step S35). Here, "DATA" is an SMTP command, which means transmission of the message body. The mail system core 37 analyzes the "DATA" message and sends the message body start declaration to the mail server 41 (step S36).
After receiving the message body start declaration, the mail server 41 sends a message body start declaration response to the client apparatus. Subsequently, the TCP2 core 36 of the client device confirms the packet of the message body start declaration response and sends it as a "354" message to the mail system core 37 (step S37). Here, the response code "354" is an SMTP response code indicating the start of mail input.
The mail system core 37 analyzes the "354" message and transmits the message body start declaration response transmitted from the mail server 41 to the mailer 31 of the terminal (step S38).
After receiving the response, the mailer 31 transmits a user registration fixed-form mail message to the mail server 41. At this time, the TCP2 core 36 confirms the packet of the user registration fixed-form mail message and transmits it to the mail system core 37 (step S39).
The mail system core 37 receives the packet of the user registration fixed-form mail message, and conducts analysis of the user registration fixed-form mail message (step S40). Subsequently, the user registration fixed-form mail message is sent to the mail server 41.
Next, a send data response message is sent from the mail server 41 to the client apparatus. The TCP2 core 36 confirms the packet of the transmission data response message and transmits the packet of the transmission data response message to the mail system core 37 (step S41). The mail system core 37 receives the packet of the transmission data response message and analyzes the message. More specifically, the SMTP response code "250 OK" message is analyzed, the TCP2 mail system application unit 35 is notified of the completion of the user registration, and the transmission data response is transmitted to the mailer 31 of the terminal (step S42). After receiving the notification from the mail system core 37, the TCP2 mail system application unit 35 displays the fact that the user registration is completed on the display screen of the output device 33 (step S43).
The mailer 31, which has received the send data response from the mail server 41, sends an end declaration message "QUIT" to the mail server 41. The TCP2 core 36 that received the termination declaration message confirms the packet (step S44), and sends it as a "QUIT" message to the mail system core 37. The mail system core 37 analyzes the "QUIT" message, and sends the termination declaration to the mail server 41 (step S45). The mail server 41 issues a termination declaration response regarding the termination declaration and sends it to the client device. Subsequently, the TCP2 core 36 of the client device confirms the received packet of the termination declaration response and transmits it to the mail system core 37 as an SMTP response code "221" message (step S46). The "221" message is an SMTP response code that informs that the connection is closed. The mail system core 37 analyzes the "221" message and transmits its termination declaration response to the mailer 31 of the terminal. Accordingly, the user registration flow is all completed, and the TCP communication of the mailer 31 in the client apparatus and the mail server 41 is cut off.
< description of flow on Key exchange transmitting side >
The flow of the key exchange transmitting side will be described next based on the flowcharts of fig. 11 to 13.
First, a hooking request for capturing a packet having POP3 and SMTP IP addresses and port numbers of mail servers of all registered users is issued from the mail system core 37 of the TCP2 driver 34 of the TCP2 mail system to the TCP2 core without interruption (step S50). The hooking request is a request for capturing packets including those having POP3 and SMTP IP addresses and port numbers of mail servers registered for all registered users. Upon receiving the hooking request, the TCP2 core 36 captures (hooks) the packets including those having the IP addresses and port numbers of the POP3 and SMTP servers of all users that have been registered.
Here, in carrying out transmission and reception of encrypted mail by the TCP2 mail system, it is necessary to carry out transmission and reception of the key exchange fixed-form mail first between users who transmit and receive the encrypted mail.
For this purpose, the key exchange fixed-form mail is first input to the mailer 31 of the terminal (new transmission-side terminal: "client apparatus A"), and the input key exchange fixed-form mail is transmitted to the mail server connected to the network 40 (step S52). The mail server 41 transmits the key exchange fixed-form mail to the mail server of the key exchange reception side terminal (new reception side terminal: "client apparatus B"), and the reception side terminal (client apparatus B) can receive the key exchange fixed-form mail by addressing the mail server.
Before a mail transmission request is issued from SMTP, POP3 is first connected between the client apparatus a and the mail server 41. In this step, TCP communication is established between the existing mailer 31 and the mail server 41 (see fig. 4) connected to the network 40 through the TCP2 core.
Subsequently, a POP3 connection message is sent from the mail server 41 connected to the network 40, and the TCP2 core 36 receives the POP3 connection message and notifies the mail system core 37 of a hook result after recognizing that it is a POP3 packet (step S53).
After receiving the hooking result from the TCP2 core 36, the mail system core 37 requests the TCP2 core 36 to receive (intercept) the packet (step S54). After receiving the interception request from the mail system core 37, the TCP2 core 36 starts intercepting the packet (step S55).
Subsequently, a USER ID is sent from the existing mailer 31 to the TCP2 core 36, the TCP2 core 36 confirms the packet of the USER ID (step S56), and a "USER" message is sent from the mailer to the mail system core 37. The "USER" message is the POP3 base command issued with the client connected to the server, as described in the USER registration (see fig. 8).
The mail system core 37 analyzes the "USER" message from the TCP2 core 36 and temporarily stores the USER ID in the storage medium 38 (see fig. 3 and 5) (step S57). Here, the temporary saving means a step in which authentication has not been obtained by the password confirmation or the like, that is, a previous saving step before formal storage after authentication. The user ID is then transmitted to the mail server 41 connected to the network 40.
A response for the user ID is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the user ID response message and sends an "+ OK" message as a result of the confirmation to the mail system core 37 (step S58). The "+ OK" message is a message informing that "the user is recognized, the password is sent" in the mail server 41. The mail system core 37 analyzes the "+ OK" message, and the user ID response is transmitted from the mail server 41 to the mailer 31 (step S59).
Next, the password message is transmitted from the existing mailer 31 of the client apparatus a to the mail server 41 connected to the network 40. The password message transmitted from the mailer 31 is confirmed in the TCP2 core 36, and a packet of the confirmed password message is transmitted to the mail system core 37 (step S60). The mail system core 37 receives the "PASS" message from the TCP2 core 36 and analyzes the message. As a result of the analysis, the mail system core temporarily saves the password in the storage medium 38 and transmits the password to the mail server 41 connected to the network 40 (step S61).
Next, when the password response message is returned from the mail server 41 to the client device a, the TCP2 core 36 confirms the packet of the password response message and transmits the packet of the password response message to the mail system core 37 (step S62). The mail system core 37 receives the packet of the password response message and analyzes the message. More specifically, the mail system core 37 analyzes the "+ OK" message indicating that the password has been confirmed, performs authentication by collating the user ID and password temporarily stored in the storage medium 38 with the user ID and password registered in the storage medium 38, and acquires key information (step S63). Subsequently, after acquiring the key information, the mail system core 37 transmits a password response to the mailer 31.
After receiving the password response, the mailer 31 sends a termination declaration (QUIT) reporting that the connection is released to the TCP2 core 36, and the TCP2 core 36 reports that the termination declaration has been confirmed to the mail system core 37 (step S64). The mail system core 37 analyzes the "QUIT" message and sends the termination declaration (QUIT) to the mail server 41 connected to the network 40 (step S65).
Subsequently, a termination declaration response is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the termination declaration response (step S66) and sends the result to the mail system core 37. The mail system core 37 analyzes the "+ OK" message from the TCP2 core 36 and transmits the termination declaration response to the mailer 31 (step S67). Thereby completing the cutting off of TCP communication between the client apparatus a and the mail server 41 (client apparatus B) connected to the network 40.
The second step of the key exchange transmitting side will be described next based on fig. 12.
Similar to the case of the user registration (see fig. 9), the second step starts with a mail transmission request from the SMTP of the mailer 31 to the mail server 41 connected to the network 40 (step S68). With this request, TCP communication is established between the mailer 31 and the mail server 41 through the TCP2 core.
After the TCP communication is established, an SMTP connection message is transmitted from the mail server 41 to the TCP2 core 36, and after receiving the SMTP response code "220", the TCP2 core 36 recognizes that it is an SMTP port, and notifies the search result to the mail system core 37 (step S69).
Subsequently, the mail system core 37 requests the TCP2 core 36 to receive (intercept) the packet (step S70), and the TCP2 core 36 that received the request starts receiving the packet (step S71).
Next, the mailer 31 of the client apparatus issues a utilization start declaration. The utilization start declaration is a message informing the server of "sending mail from now on" from the client apparatus. The TCP2 core 36 confirms the packet with the start announcement message (step S72) and transmits it as the "HELO", "EHLO" message to the mail system core 37.
The mail system core 37 analyzes the "HELO", "EHLO" message, and saves the SMTP IP address and port number in the storage medium 38 (step S73). Subsequently, the mail system core 37 transmits the utilization start declaration to the mail server 41 connected to the network 40. A utilization start declaration response to the utilization start declaration is issued from the mail server 41, and it is confirmed in the TCP2 core 36 (step S74).
The mail system core 37 analyzes the "250" message and sends the utilization start declaration response sent from the mail server 41 to the mailer 31 (step S75).
A sender declaration is then sent from the mailer 31. The TCP2 core 36 confirms the packet of the sender declaration and sends it to the mail system core 37 (step S76). The sender declaration message is referred to as "mail from: a message of < ", and is a message notifying the sender. The mail system core 37 analyzes the message, stores the mail address of the sender in the storage medium 38 (step S77), and transmits a sender declaration to the mail server 41.
After receiving the sender declaration, the mail server 41 issues a sender declaration response. The TCP2 core 36 confirms the packet of the sender declaration response and sends a response code "250" to the mail system core 37 (step S78). The mail system core 37 analyzes the "250" response code, and then transmits the received sender declaration response to the mailer 31 of the client apparatus (step S79).
Subsequently, the mailer 31 transmits a recipient declaration message. The recipient declaration message is a message for reporting "please send mail TO the following email address" TO the mail server 41 and is denoted as "RCPT TO: the symbol of < ". The TCP2 core 36 confirms the receiver declaration message (step S80), and sends it to the mail system core 37. The mail system core 37 analyzes the "RCPT TO: < "message, save the recipient mail address in the storage medium 38 and send the recipient declaration to the mail server 41 (step S81).
After receiving the receiver declaration, the mail server 41 returns a receiver declaration response to the TCP2 core 36, and the TCP2 core 36 confirms the receiver declaration response and sends it as a response code "250" to the mail system core 37 (step S82). The mail system core 37 analyzes the recipient declaration response and transmits it to the mailer 31 of the client terminal (step S83).
The third step of the flow of the key exchange transmitting side will be described later based on fig. 13. More specifically, the mailer 31 of the client apparatus a receives the recipient declaration response, and transmits a message body start declaration. The TCP2 core 36 confirms the packet whose message body starts declaration and supplies it as a "DATA" message to the mail system core 37 (step S84). Here, "DATA" is an SMTP command, which means transmission of the message body. The mail system core 37 analyzes the "DATA" message and sends the message body start declaration to the mail server 41 (step S85).
After receiving the message body start declaration, the mail server 41 sends a message body start declaration response to the client apparatus a. Subsequently, the TCP2 core 36 of the client device a confirms the packet of the message body start declaration response and sends it as a "354" message to the mail system core 37 (step S86). Here, the response code "354" is an SMTP response code indicating the start of mail input.
The mail system core 37 analyzes the "354" message and transmits a message body start declaration response transmitted from the mail server 41 to the mailer 31 of the terminal (step S87).
After receiving the response, the mailer 31 transmits a key exchange fixed-form mail message to the mail server 41. At this time, the TCP2 core 36 confirms the packet of the key exchange fixed-form mail message and sends it to the mail system core 37 (step S88).
After receiving the packet of the key exchange fixed-form mail message, here the mail system core 37 first determines whether the key exchange is to the transmission side (step S89). More specifically, regarding the key exchange, each of the terminals (client apparatuses a and B) that transmit and receive encrypted mails must transmit a key exchange fixed-form mail to another apparatus with each other. For example, if encrypted mail is transmitted and received between the client apparatus a and the client apparatus B, a key exchange fixed-form mail message is first transmitted from the transmitting-side client apparatus a to the receiving-side client apparatus B, and then the key exchange fixed-form mail message is transmitted from the receiving-side client apparatus B to the transmitting-side client apparatus a. The determination step S89 is a step for determining whether the key exchange is to the transmission side or to the reception side. It is self-evident that mail server 41 (see fig. 4) intervenes between the sending and receiving of key exchange fixed form mail messages.
If it is determined in the determination step S89 that the key exchange fixed-form mail message is from the sending side (client device a), the mail system core 37 analyzes the "mail message" and sends the mail to which the original value of the key is attached to the mail server 41 connected to the network 40 (step S90). At this time, the key original value is stored in the storage medium 38 and transmitted to the TCP2 mail system application unit 35, and the current key status is displayed on the output device 33 (step S91).
Further, if it is determined in the determination step S89 that the key exchange is not destined for the transmission side (client device a), that is, if it is determined that the key exchange is destined for the reception side (client device B), the mail system core 37 analyzes a "mail message", transmits the mail to which the key original value is attached to the mail server 41 connected to the network 40, and saves the key original value in the storage medium 38 (step S92). Subsequently, a new key is generated from the additional key original value and the key original value already stored in the storage medium 38 and stored in the storage medium 38. Subsequently, the newly generated key is transmitted to the TCP2 mail system application unit 35, and the current key status is displayed on the output device 33 (step S93). Through the above-described processing, the key exchange fixed-form mail message is sent to the mail server 41 (client apparatus B).
Next, a transmission data response message is sent from the mail server 41 to the client apparatus a. The TCP2 core 36 confirms the packet of the transmission data response message and transmits the packet of the transmission data response message to the mail system core 37 (step S94). After receiving the packet of the transmission data response message, the mail system core 37 analyzes the message. More specifically, the mail system core 37 analyzes the "250 OK" message of the SMTP response code and transmits the transmission data response to the mailer 31 of the terminal (client apparatus a) (step S95).
The mailer receiving the transmission data response from the mail server 41 transmits a termination declaration message "QUIT" to the mail server 41. The TCP2 core 36 that received the termination declaration message confirms its packet (step S96) and sends it as a "QUIT" message to the mail system core 37. The mail system core 37 analyzes the "QUIT" message and sends a termination declaration to the mail server 41 (step S97). The mail server 41 issues a termination declaration response to the termination declaration and sends it to the client apparatus a. Subsequently, the TCP2 core 36 of the client device a confirms the received packet of the termination declaration response and sends it to the mail system core 37 as an SMTP response code "221" message (step S98). The "221" message is an SMTP response code that informs that the connection is to be closed. The mail system core 37 analyzes the "221" message and transmits its termination declaration response to the mailer 31 of the terminal (step S99). Accordingly, the flow of the key exchange transmission side is all completed, and the TCP communication between the mailer 31 of the client apparatus a and the mail server 41 is cut off.
< description of flow on the Key exchange receiving side >
The flow of the key exchange reception side will be described next based on the flowcharts of fig. 14 to 15.
As shown in fig. 14, a hooking request for a captured packet is first issued without interruption from the mail system core 37 of the TCP2 driver 34 to the TCP2 core, including those packets having the IP addresses and port numbers of POP3 and SMTP servers of all registered users (step S101). Upon receiving the hooking request, the TCP2 core 36 captures (hooks) the packets including those having the IP addresses and port numbers of the POP3 and SMTP servers of all users that have been registered (step S102).
When mail reception is performed by the existing mailer 31 on the key exchange reception side, TCP communication is established between the existing mailer 31 and the mail server 41 (see fig. 4) connected to the network 40. In other words, TCP communication is established between the client apparatus a having the existing mailer 31 and the mail server 41 (or client apparatus B) connected to the network 40.
A POP3 connection message is transmitted from the mail server 41 connected to the network 40, and the TCP2 core 36 receives the POP3 connection message and notifies the mail system core 37 of a hook result after recognizing that it is a connection message from the POP3 port (step S103).
After receiving the hooking result from the TCP2 core 36, the mail system core 37 requests the TCP2 core 36 to receive (intercept) the packet (step S104). After receiving the interception request from the mail system core 37, the TCP2 core 36 starts intercepting the packet (step S105).
Subsequently, a USER ID is transmitted from the mailer 31 of the client apparatus a to the TCP2 core 36, the TCP2 core 36 confirms the grouping of the USER ID (step S106), and a "USER" message is transmitted from the mailer to the mail system core 37. The mail system core 37 analyzes the "USER" message and temporarily saves the USER ID in the storage medium 38 (see fig. 3, 5) (step S107). Here, the temporary saving means saving of one step in which authentication has not been obtained by password confirmation or the like, that is, a previous step for formal saving after authentication. The user ID is then transmitted to the mail server 41 connected to the network 40.
A response to the user ID is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the user ID response message and sends a "+ OK" message as a result thereof to the mail system core 37 (step S108). The "+ OK" message is a message informing that "the user is recognized, the password is sent" in the mail server 41. The mail system core 37 analyzes the "+ OK" message and transmits the user ID response from the mail server 41 to the mailer 31 (step S109).
Next, the password message is transmitted from the existing mailer 31 of the client apparatus a to the mail server 41 connected to the network 40. The password message transmitted from the mailer 31 is confirmed in the TCP2 core 36, and a packet of the confirmed password message is transmitted to the mail system core 37 (step S110). The mail system core 37 receives and analyzes the "PASS" message from the TCP2 core 36. As a result of the analysis, the mail system core temporarily saves the password in the storage medium 38 and transmits the password to the mail server 41 connected to the network 40 (step S111).
Next, when the password response message is returned from the mail server 41 to the client apparatus a, the TCP2 core 36 confirms the packet of the password response message and transmits the packet of the password response message to the mail system core 37 (step S112). The mail system core 37 analyzes the packet of the "+ OK" message as the password response message, authenticates the temporarily held user ID and password based on the user ID and password already registered in the storage medium 38, and obtains key information (step S113). The received password response is then sent to the mailer 31.
The flow continuing on the key exchange reception side will be described later based on fig. 15. After receiving the transmission of the password response from the mail system core 37, the mailer 31 issues a mail download request. The TCP2 core 36 confirms the packet of the download request from the mailer 31 and reports it to the mail system core 37 as a "RETR" message (step S114). The mail system core 37 analyzes the "RTER" message and transmits the mail download request to the mail server 41 connected to the network 40 (step S115). Here, the "RETR" message is a POP3 basic command for receiving a message specified by a certain parameter. If a line without a message is designated as a parameter, it is configured to return "-ERR message not present".
A key exchange fixed form mail message is then sent from the mail server 41. The key exchange fixed-form mail message is a message (transmission side) transmitted from the client apparatus B (reception side) connected to the network 40 to the client apparatus a.
The TCP2 core 36 confirms the packet of the key exchange fixed-form mail message and sends it to the mail system core 37 (step S116).
Upon receiving the packet of the key exchange fixed-form mail message, the mail system core 37 first determines here whether the key exchange is to the receiving side (step S117). For example, if encrypted mail is transmitted and received between the client apparatus a and the client apparatus B, a key exchange fixed-form mail message is first transmitted from the transmitting-side client apparatus a to the receiving-side client apparatus B, and then a key exchange fixed-form mail message is transmitted from the receiving-side client apparatus B to the transmitting-side client apparatus a. The determination step S117 is a step for determining whether the key exchange is transmitted from the client device B on the reception side. As described above, both sides that send and receive the encrypted mail must send the key exchange fixed-form mail to each other in the key exchange to the other side.
If it is determined in the determination step S117 that the key exchange fixed-form mail message is from the reception side (client apparatus B), the mail system core 37 analyzes the "mail message" and stores the sender electronic mail address and the key original value in the storage medium 38. Further, the "key exchange fixed-form mail message" and the "key exchange mail reception notification mail message" are exchanged and sent to the mailer 31 (step S118). At this time, the current key status is transmitted to the TCP2 mail system application unit 35, and is displayed on the output device 33 (step S119). And then sends a key exchange reception mail message to the mailer 31 of the terminal. The mailer 31 receives the message and saves it in the storage medium 39 (step S120).
Further, if it is determined in the determination step S117 that the key exchange is not to the reception side (client device B), that is, if it is determined that the key exchange is to the transmission side (client device a), the mail system core 37 analyzes the "mail message" and stores the sender electronic mail address and the key original value in the storage medium 38. Further, a new key is generated from the key original value of the received mail and the key original value stored in the storage medium 38. Subsequently, the "key exchange fixed-form mail message" and the "key exchange mail reception notification mail message" are exchanged and transmitted to the mailer 31 (step S121). At this time, the current key status is transmitted to the TCP2 mail system application unit 35, and is displayed on the output device 33 (step S122).
The mailer 31 saves the received "key exchange mail reception notification mail message" in the storage medium 39 (step S123), and sends a message deletion request "del" to the TCP2 core 36. The TCP2 core 36 confirms the packet of the message deletion request (step S124), and sends it to the mail system core 37. The mail system core 37 analyzes the message deletion request "del" and sends the message deletion request to the mail server 41 (step S125).
After receiving the message deletion request, the mail server 41 sends a message deletion response to the TCP2 core 36, and the TCP2 core 36 confirms the packet (step S126). The mail system core 37 analyzes the "+ OK" message of the message deletion response and transmits it to the mailer 31 (step S127).
After receiving the message deletion response, the mailer 31 transmits a termination declaration message "QUIT" to the mail server 41, and the TCP2 core 36 that received the termination declaration message confirms its packet (step S128) and transmits it as a "QUIT" message to the mail system core 37. The mail system core 37 analyzes the "QUIT" message and sends the termination declaration to the mail server 41 (step S129).
The mail server 41 issues a termination declaration response regarding the termination declaration and sends it to the TCP2 core 36 of the client device a. Subsequently, the TCP2 core 36 of the client device a confirms the received packet of the termination declaration response, and sends the SMTP response code "+ OK" message to the mail system core 37 (step S130). The mail system core 37 analyzes the "+ OK" message and transmits its termination declaration response to the mailer 31 of the terminal (step S131). Accordingly, the flow of the key exchange receiving side is all completed, and the TCP communication between the mailer 31 of the client apparatus a and the mail server 41 is cut off.
< description of flow on the encrypted mail transmitting side >
Next, the flow of the encrypted mail transmission side will be described based on the flowcharts of fig. 16 to fig. 18.
First, a hooking request for packets including those having the IP addresses and port numbers of the SMTP and POP3 servers of all registered users is issued from the mail system core 37 of the TCP2 driver 34 without interruption (step S132). Upon receiving the hooking request, the TCP2 core 36 captures (hooks) the packets including those having the IP addresses and port numbers of the POP3 and SMTP servers of all the users that have been registered (step S133).
Subsequently, in the flow of the encrypted mail transmission side, a mail is input by the mailer 31, and the mail is transmitted to the partner with which the key exchange has been completed. At this time, POP3 is connected before a mail transmission request is made by SMTP. In this step, TCP communication is established between the client apparatus a (terminal) and the mail server 41 connected to the network 40 through the TCP2 core.
In this step, a POP3 connection message is transmitted from the mail server 41 connected to the network 40, and the TCP2 core 36 receives the POP3 connection message and notifies the mail system core 37 of a hook result after recognizing that it is a POP3 port (step S134).
After receiving the hooking result from the TCP2 core 36, the mail system core 37 requests the TCP2 core 36 to intercept the packet (step S135). After receiving the interception request from the mail system core 37, the TCP2 core 36 starts intercepting the packet (step S136).
Subsequently, a USER ID is transmitted from the existing mailer 31 to the TCP2 core 36, the TCP2 core 36 confirms the packet of the USER ID (step S137), and a "USER" message is transmitted from the mailer to the mail system core 37. The "USER" message is the POP3 base command issued with the client connected to the server, as described in the USER registration (see fig. 8).
The mail system core 37 analyzes the "USER" message from the TCP2 core 36 and temporarily stores the USER ID in the storage medium 38 (see fig. 3 and 5) (step S137). Here, the temporary saving means saving of one step in which authentication has not been obtained by password confirmation or the like, that is, a previous step for formal saving after authentication. The user ID is then transmitted to the mail server 41 connected to the network 40.
A response to the user ID is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the user ID response message and sends a "+ OK" message as a result thereof to the mail system core 37 (step S139). The "+ OK" message is a message informing that "the user is recognized, the password is sent" in the mail server 41. The mail system core 37 analyzes the "+ OK" message and transmits the user ID response from the mail server 41 to the mailer 31 (step S140).
Next, the password message is transmitted from the existing mailer 31 of the client apparatus a to the mail server 41 connected to the network 40. The password message transmitted from the mailer 31 is confirmed in the TCP2 core 36, and a packet of the confirmed password message is transmitted to the mail system core 37 (step S141). The mail system core 37 receives and analyzes the "PASS" message from the TCP2 core 36. As a result of the analysis, the mail system core 37 temporarily saves the password in the storage medium 38 and transmits the password to the mail server 41 connected to the network 40 (step S142).
Next, when the password response message is returned from the mail server 41 to the client apparatus a, the TCP2 core 36 confirms the packet of the password response message and transmits the packet of the password response message to the mail system core 37 (step S143). The mail system core 37 receives the packet of the password response message and analyzes the message. More specifically, the mail system core 37 analyzes the "+ OK" message indicating that the password has been confirmed, and authenticates the user ID and password temporarily stored in the storage medium 38 by checking them with the user ID and password registered in the storage medium 38, and key information is acquired (step S144). Subsequently, after acquiring the key information, a password response is sent to the mailer 31.
After receiving the password response, the mailer 31 sends a termination declaration (QUIT) reporting that the connection is released to the TCP2 core 36, and the TCP2 core 36 reports that the termination declaration has been confirmed to the mail system core 37 (step S64). The mail system core 37 analyzes the "QUIT" message and sends the termination declaration (QUIT) to the mail server 41 connected to the network 40 (step S65).
Subsequently, a termination declaration response is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the termination declaration response (step S145), and sends the result to the mail system core 37. The mail system core 37 analyzes the "+ OK" message from the TCP2 core 36 and transmits the termination declaration response to the mailer 31 (step S146). Accordingly, the cutting off of the TCP communication between the client apparatus a and the mail server 41 (client apparatus B) connected to the network 40 is completed.
The second step of the flow of the encrypted mail transmission side will be described next based on fig. 17.
Similar to the flow of the key exchange transmitting side (see fig. 12), the second step starts with a mail transmission request from the SMTP of the mailer 31 to the mail server 41 connected to the network 40 (step S149). Thereby establishing TCP communication between the mailer 31 and the mail server 41 through the TCP2 core.
After the TCP communication is established, an SMTP connection message is transmitted from the mail server 41 to the TCP2 core 36, and after receiving the SMTP response code "220", the TCP2 core 36 recognizes that it is an SMTP port, and notifies the search result to the mail system core 37 (step S150).
Subsequently, the mail system core 37 requests the TCP2 core 36 to receive (intercept) the packet (step S151), and the TCP2 core 36 that received the request starts receiving the packet (step S152).
Next, a utilization start declaration is issued from the mailer 31 of the client apparatus. The utilization start declaration is a message informing the server of "sending mail from now on" from the client apparatus. The TCP2 core 36 confirms the packet using the start declaration message (step S153) and transmits it as a "HELO", "EHLO" message to the mail system core 37.
The mail system core 37 analyzes the "HELO", "EHLO" message and transmits the utilization start declaration to the mail server 41 connected to the network 40 (step S154). A utilization start declaration response to the utilization start declaration is issued from the mail server 41 and confirmed in the TCP2 core 36 (step S155).
The mail system core 37 analyzes the "+ OK" message and sends the utilization start declaration response sent from the mail server 41 to the mailer 31 (step S156).
A sender declaration is then sent from the mailer 31. The TCP2 core 36 confirms the packet of the sender declaration and sends it to the mail system core 37 (step S157). The sender declaration message is referred to as "MAIL FROM: a message of < ", which informs the sender. The mail system core 37 analyzes the message and sends a sender declaration to the mail server 41 (step S158).
After receiving the sender declaration, the mail server 41 issues a sender declaration response. The TCP2 core 36 confirms the packet of the sender declaration response and sends a response code "250" to the mail system core 37 (step S159). The mail system core 37 analyzes the "250" response code, and then transmits the received sender declaration response to the mailer 31 of the client apparatus (step S160).
Subsequently, the mailer 31 transmits a recipient declaration message. The receiver declaration message is a message for reporting "please send mail TO the following email address" TO the mail server 41, and is denoted as "RCPT TO: the symbol of < ". The TCP2 core 36 confirms the receiver declaration message (step S161), and sends it to the mail system core 37. The mail system core 37 analyzes the "RCPT TO: < "message, and the receiver declaration is sent to the mail server 41 (step S162).
Upon receiving the receiver declaration, the mail server 41 returns a receiver declaration response to the TCP2 core 36, and the TCP2 core 36 confirms the receiver declaration response and sends it as a response code "250" to the mail system core 37 (step S163). The mail system core 37 analyzes the recipient declaration response and transmits it to the mailer 31 of the client terminal (step S164).
The third step of the flow on the encrypted mail transmission side will be described later based on fig. 18. More specifically, the mailer 31 of the client apparatus a which received the receiver declaration response issues a message body start declaration. The TCP2 core 36 confirms the packet whose message body starts declaration and supplies it as a "DATA" message to the mail system core 37 (step S165). Here, "DATA" is an SMTP command, which means message body transmission. The mail system core 37 analyzes the "DATA" message and sends the message body start declaration to the mail server 41 (step S166).
After receiving the message body start declaration, the mail server 41 sends a message body start declaration response to the client apparatus a. Subsequently, the TCP2 core 36 of the client device a confirms the packet whose message body starts declaration response, and sends it as a "354" message to the mail system core 37 (step S167). Here, the response code "354" is an SMTP response code indicating the start of mail input.
The mail system core 37 analyzes the "354" message and transmits a message body start declaration response transmitted from the mail server 41 to the mailer 31 of the terminal (step S168).
After receiving the response, the mailer 31 transmits the mail message to the TCP2 core 36, and the TCP2 core confirms the mail message packet and supplies it to the mail system core 37 (step S169). After receiving the packet of the mail message, the mail system core 37 analyzes the mail message, confirms the presence of the receiving-side key, and encrypts the header, the message body, and the attachment, if any (step S170). Subsequently, the mail system core 37 transmits the encrypted mail message to the mail server 41 connected to the network 40.
A send data response message is then sent from the mail server 41 to the client device a. The TCP2 core 36 confirms the packet of the transmission data response message and transmits the packet of the transmission data response message to the mail system core 37 (step S171). After receiving the packet of the transmission data response message, the mail system core 37 analyzes the message. More specifically, the mail system core 37 analyzes the "250" message of the SMTP response code and transmits the transmission data response to the mailer 31 of the terminal (client apparatus a) (step S172).
The mailer 31 which receives the transmission data response from the mail server 41 transmits a termination declaration message "QUIT" to the mail server 41. The TCP2 core 36 that received the termination declaration message confirms its packet (step S173), and sends it as a "QUIT" message to the mail system core 37. The mail system core 37 analyzes the "QUIT" message and sends a termination declaration to the mail server 41 (step S174). The mail server 41 issues a termination declaration response to the termination declaration and sends it to the client apparatus a. Subsequently, the TCP2 core 36 of the client device a confirms the received packet of the termination declaration response and sends it to the mail system core 37 as an SMTP response code "221" message (step S175). The "221" message is an SMTP response code that informs that the connection is to be closed. The mail system core 37 analyzes the "221" message and transmits its termination declaration response to the mailer 31 of the terminal (step S176). Accordingly, the flow of the encrypted mail transmission side is all completed, and the TCP communication between the mailer 31 of the client apparatus a and the mail server 41 is cut off.
< description of flow on the encrypted mail receiving side >
Next, the flow of the encrypted mail receiving side will be described based on the flowcharts of fig. 19 to 20.
As shown in fig. 19, the mail system core 37 of the TCP2 driver 34 issues a hook request for a captured packet at startup including those having the IP addresses and port numbers of the SMTP and POP3 servers of all registered users, without interruption (step S180). Upon receiving the hooking request, the TCP2 core 36 captures (hooks) packets including those having the IP addresses and port numbers of the POP3 and SMTP servers of all users that have been registered (step S181).
Subsequently, when the existing mailer 31 performs mail reception, the flow on the encrypted mail receiving side starts. In this step, TCP communication is established between the existing mailer 31 and the mail server 41 (see fig. 4) connected to the network 40. In other words, TCP communication is established between the client apparatus a including the existing mailer 31 and the mail server 41 (client apparatus B) connected to the network 40.
A POP3 connection message is transmitted from the mail server 41 connected to the network 40, and the TCP2 core 36 receives the POP3 connection message and notifies the mail system core 37 of a hook result after recognizing that it is a POP3 connection (step S183).
After receiving the hooking result from the TCP2 core 36, the mail system core 37 requests the TCP2 core 36 to intercept the packet (step S184). After receiving the interception request from the mail system core 37, the TCP2 core 36 starts intercepting the packet (step S185).
Subsequently, a USER ID is transmitted from the mailer 31 of the client apparatus a to the TCP2 core 36, the TCP2 core 36 confirms the grouping of the USER ID (step S186), and a "USER" message is transmitted from the mailer to the mail system core 37. The mail system core 37 analyzes the "USER" message and temporarily saves (temporarily stores) the USER ID in the storage medium 38 (see fig. 3, 5) (step S187). Here, the temporary storage means a step in which authentication has not been obtained by the password confirmation or the like, that is, saving of a previous step for formal saving after authentication. The user ID is then transmitted to the mail server 41 connected to the network 40.
A response to the user ID is returned from the mail server 41 to the TCP2 core 36, and the TCP2 core 36 confirms the packet of the user ID response message and sends a "+ OK" message as a result thereof to the mail system core 37 (step S187). The "+ OK" message is a message informing that "the user is recognized, the password is sent" in the mail server 41. The mail system core 37 analyzes the "+ OK" message and transmits the user ID response from the mail server 41 to the mailer 31 (step S188).
Next, the password message is transmitted from the existing mailer 31 of the client apparatus a to the mail server 41 connected to the network 40. The TCP2 core 36 confirms the password message transmitted from the mailer 31 and transmits a packet of the confirmed password message to the mail system core 37 (step S189). The mail system core 37 receives and analyzes the "PASS" message from the TCP2 core 36. As a result of the analysis, the mail system core 37 temporarily saves (temporarily stores) the password in the storage medium 38, and transmits the password to the mail server 41 connected to the network 40 (step S190).
Next, the password response message is sent from the mail server 41 to the client apparatus a. The TCP2 core 36 confirms the packet of the password response and sends the packet of the password response message to the mail system core 37 (step S191). The mail system core 37 analyzes the packet of the "+ OK" message as the password response message, and obtains the key information from the user ID and password already registered in the storage medium 38 and the temporarily held user ID and password (step S192). The received password response is then sent to the mailer 31.
The flow continuing on the encrypted mail receiving side will be described later based on fig. 20. After receiving the transmission of the password response from the mail system core 37, the mailer 31 issues a mail download request. The TCP2 core 36 confirms the packet of the download request from the mailer 31 and reports it to the mail system core 37 as a "RETR" message (step S193). The mail system core 37 analyzes the "RTER" message and transmits the mail download request to the mail server 41 connected to the network 40 (step S194). Here, the "RETR" message is a POP3 basic command for receiving a message specified by a certain parameter. When a line without a message is designated as a parameter, it is configured so as to return "-ERR message not present".
Subsequently, the mail server 41 transmits a download response ("+ OK" message) and a mail message. The TCP2 core 36 confirms the download response ("+ OK" message) and the packet of the mail message, and sends it to the mail system core 37 (step S195).
The mail system core 37 analyzes the download response ("+ OK" message) and the mail message, and if it is ciphertext, notifies the TCP2 mail application unit 35 of the "mail status" and the address of the sender. Here, "mail status" means the following case: whether "encrypted text", whether "HTML" files or whether there are "attachments". It should be noted that the packet is not sent to the TCP2 mail application unit 35, but is retained in the mail system core 37 (step S196). Here, it is also possible to make settings depending on the implemented mode of the TCP2 driver 34 so as to store the mail message in the storage medium 38 of the mail system core 37.
The TCP2 mail system application unit 35 displays the mail status and the sender address sent from the mail system core 37 on the display screen of the output device 33 (step S197). Subsequently, when the mail receiver sees the mail list displayed on the output device 33 and presses the "receive" button of the input device 32 (step S198), the mail is received, and the received mail is supplied to the mailer 31 of the client device a through the mail system core 37 in the form of a cipher text (step S199).
Here, basically, the ciphertext is supplied to the mailer 31, but it is also possible to decrypt it by a decryption unit 52 (see fig. 5) according to the system setting to supply the plaintext to the mailer. In step S198, when the delete button is pressed instead of the receive button, the mail for which the delete button is pressed is deleted in the mail/attached file deleting unit 54 (see fig. 5) of the mail system core 37.
In this way, the download request and the received mail message are transmitted to the mailer 31 of the client apparatus a, and the mail message is saved in the form of ciphertext (may also be plaintext depending on the case) in the storage medium 39 (step S200). The mailer 31 sends the message deletion request "del" to the TCP2 core 36. The TCP2 core 36 confirms the packet of the message deletion request (step S201), and sends it to the mail system core 37. The mail system core 37 analyzes the message deletion request "del" and sends the message deletion request to the mail server 41 (step S202).
After receiving the message deletion request, the mail server 41 sends a message deletion response to the TCP2 core 36, and the TCP2 core 36 confirms the packet (step S203). The mail system core 37 analyzes the "+ OK" message of the message deletion response and transmits it to the mailer 31 (step S204).
After receiving the message deletion response, the mailer 31 sends a termination declaration message "QUIT" to the mail server 41, and the TCP2 core 36 that received the termination declaration message confirms its packet (step S205) and sends it as a "QUIT" message to the mail system core 37. The mail system core 37 analyzes the "QUIT" message, and sends the termination declaration to the mail server 41 (step S206).
The mail server 41 issues a termination declaration response to the termination declaration and sends it to the TCP2 core 36 of the client device a. Subsequently, the TCP2 core 36 of the client device a confirms the received packet of the termination declaration response and sends it to the mail system core 37 as an SMTP response code "+ OK" message (step S207). The mail system core 37 analyzes the "+ OK" message and transmits its termination declaration response to the mailer 31 of the terminal (step S208). Accordingly, the flow of the encrypted mail receiving side is all completed, and the TCP communication between the mailer 31 of the client apparatus a and the mail server 41 (client apparatus B) is cut off.
< description of embodiments of TCP2 mail System >
Finally, the overall flow of the TCP2 mail system will be briefly described based on fig. 21.
As shown in fig. 21, the client apparatus a and the client apparatus B carry out mail communication through the respective mail servers a and B. First, a key exchange fixed-form mail is sent from client device a, whose TCP2 driver adds and saves the key original value. The key exchange fixed-form mailpiece from client device a is sent by the mail servers a and B to the TCP2 driver of client device B where the key original value is saved and received by the mailer of client device B.
Next, the key exchange fixed-form mail is sent from the client apparatus B to the client apparatus a. Here, the key original value is added and saved in the TCP2 driver of client device B, and a new key is generated. The key exchange fixed form mail is then sent to client device a through the mail servers B and a. The key original value is saved in the TCP2 driver of the client device a and a new key is generated, and then the mailer receives the key exchange reception mail. The sending and receiving of the key exchange fixed form mail is only performed at an initial time, and need not be performed in subsequent mail transfers.
Mail is sent from the client apparatus a. First, the mailer of client device a sends a clear text mail to the TCP2 driver, which the TCP2 driver encrypts. The encrypted mail is then sent to the client device B through the mail servers a and B. Depending on its setting, the TCP2 driver of the client device B transmits the ciphertext of the encrypted mail to the mailer of the terminal or transmits it in a plaintext state after decryption to the mailer. Mail transmission from client device B to client device a is similarly implemented as well. The above is given only as an overview of the TCP2 mail system.
As described above, in the mail system using the TCP2 of the present invention, mail transfer is implemented using the TCP2 having a high security function, thereby implementing an extremely reliable protection function particularly in terms of data leakage, tampering, disguise, proximity, and attack, compared to mail transfer according to the existing encryption processing.
The invention is not limited to the embodiments described above, but it will be appreciated that the invention may also comprise various other embodiments without departing from the scope of the invention as described in the appended claims.
Description of the reference numerals
31-existing mailer
32-input device
33-output device
34-TCP2 driver
35-TCP2 mail system application unit
36-TCP2 core
37-mail system core
38. 39-storage medium
40-network
41-mail server
50-authentication unit
51-encryption unit
52-decryption unit
53-Key exchange Unit

Claims (2)

1. A client device connected to a network and comprising an existing mailer that implements email communications between a plurality of client devices, the device comprising:
a TCP2 driver including a TCP2 core and a mail system core; and
TCP2 mail system application unit, in addition to the existing mailer, characterized in that,
the TCP2 core includes means for identifying packets of e-mail sent from the existing mailer and one of SMTP or POP3 protocols and for sending the packets to the mail system core,
the mail system core comprises: means for encrypting or decrypting the transmitted and received mail; means for performing a key exchange with other client devices; means for saving the IP address and port of the POP3 and the IP address and port of the SMTP; means for saving a user ID and password and e-mail addresses of the sender and recipient; means for maintaining a key formed by the key exchange; and means for selecting and deleting encrypted mail, HTML mail or attachments,
the TCP2 mail system application unit comprises: means for implementing display of key status relating to an e-mail sent from the mail system core and for implementing list display of encrypted or unencrypted status of the e-mail, mail address of sender, mail type, and attachment; and means for displaying the encrypted mail received by said existing mailer in clear text,
selecting and processing by the TCP2 driver an email received via the network and then providing it to the existing mailer, an
The electronic mail sent from the existing mailer to the other client apparatus through the network is set to be sent after the other client apparatus of the receiving party is confirmed by the TCP2 driver.
2. A mail system comprising a plurality of client devices for conducting mail communications among the plurality of client devices, the plurality of client devices being connected to a network and comprising an existing mailer, characterized in that:
the client device includes a TCP2 driver and a TCP2 mail system application unit in addition to the existing mailer, wherein the TCP2 driver includes a TCP2 core and a mail system core,
the TCP2 core of the TCP2 driver is connected to one of an existing mailer and a network, and transmits a packet of an e-mail of SMTP or POP3 protocol transmitted from a mail server to the mail system core,
the mail system core implements the following operations: encrypting or decrypting the transmitted and received e-mails; implementing a key exchange with a sender or a receiver; storing the IP address and port number of the POP3, the IP address and port number of the SMTP, a user ID and password, the email addresses of the sender and receiver, and a key formed by the key exchange on a storage medium; and selectively deleting said received e-mail, an
The TCP2 mail system application unit implements display of key status related to the e-mail sent from the mail system core, and implements display of a list of sent and received mails and display of a plain text of an encrypted mail received by the existing mailer.
HK10101497.4A 2006-05-30 2006-07-31 Client device, mail system, program, and recording medium HK1135252B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP150193/2006 2006-05-30
JP2006150193A JP4855147B2 (en) 2006-05-30 2006-05-30 Client device, mail system, program, and recording medium
PCT/JP2006/315130 WO2007138717A1 (en) 2006-05-30 2006-07-31 Client device, mail system, program, and recording medium

Publications (2)

Publication Number Publication Date
HK1135252A1 HK1135252A1 (en) 2010-05-28
HK1135252B true HK1135252B (en) 2013-10-11

Family

ID=

Similar Documents

Publication Publication Date Title
JP4855147B2 (en) Client device, mail system, program, and recording medium
CN1833403B (en) Communication system, communication device, communication method
US7039713B1 (en) System and method of user authentication for network communication through a policy agent
US8307208B2 (en) Confidential communication method
WO2009155781A1 (en) Method and system of transmitting the encrypted information
US7721093B2 (en) Authenticated exchange of public information using electronic mail
EP1842313A1 (en) Method and system of managing and filtering electronic messages using cryptographic techniques
US7636848B2 (en) Method, system, network and computer program product for securing administrative transactions over a network
US6968458B1 (en) Apparatus and method for providing secure communication on a network
CN112202773B (en) Computer network information security monitoring and protection system based on internet
CN115150076B (en) An encryption system and method based on quantum random numbers
CN109257387A (en) Method and apparatus for disconnection reconnecting
CN101197822B (en) System for preventing information leakage and method based on the same
KR101089269B1 (en) Attack detection method and system using secure SIP protocol that provides security function
CN117544376A (en) A trusted authentication method and system for mobile terminal devices based on the Internet of Things
CN114928503B (en) Method for realizing secure channel and data transmission method
HK1135252B (en) Client device, mail system, program, and recording medium
JP4866150B2 (en) FTP communication system, FTP communication program, FTP client device, and FTP server device
JP2017055274A (en) Mail system, electronic mail transfer method, and program
CN111212018A (en) Multi-link transmission method and system based on link selection and fragmentation recombination
KR100250457B1 (en) Communication method of calling party and called party in network using internet protocol
CN115834037A (en) Method and system for network security monitoring
Budzko et al. Analysis of the level of security provided by advanced information and communication technologies
Gammage Security application note
Husien et al. Application Layer Protocols to Protect Electronic Mail from Security Threads