Secure mail proxy system, method of managing security, and recording medium
First Claim
1. A secure mail proxy system that is provided with a proxy server between a mail server on a LAN (Local Area Network) and the Internet for performing processing that is necessary for managing security such as encryption and attachment of signatures to electronic-mail that is transmitted from said mail server to said Internet and decryption and detection of falsification of encrypted mail with attached signature that has been received from said Internet.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method that can ensure the security of electronic-mail on the Internet regardless of whether security capabilities are present on the client side, in which a proxy server (4) is arranged between the Internet (5) and a mail server (2) on a LAN (1) and in which a mail server (2) that has received ordinary-text mail from the mail client (3) sends mail that is addressed to a destination outside the LAN to the proxy server (4) as unaltered ordinary text, and proxy server (4): encrypts the ordinary-text mail, attaches the signature of the mail originator, and transmits the encrypted mail with attached signature to the Internet (5), checks for falsification of encrypted mail with attached signature from the Internet, decrypts the encrypted mail and sends as ordinary-text mail to the mail server (2) if the mail has not been falsified, and denies reception of mail if the mail has been falsified to prevent entry of falsified mail into LAN (1).
61 Citations
13 Claims
- 1. A secure mail proxy system that is provided with a proxy server between a mail server on a LAN (Local Area Network) and the Internet for performing processing that is necessary for managing security such as encryption and attachment of signatures to electronic-mail that is transmitted from said mail server to said Internet and decryption and detection of falsification of encrypted mail with attached signature that has been received from said Internet.
-
8. A proxy server that is arranged between a mail server that is connected to a LAN (Local Area Network) and the Internet for performing processing relating to electronic-mail security;
- is provided with;
a storage device that includes;
a secret key storage section for storing combinations of electronic-mail addresses and secret keys that correspond to the electronic-mail addresses; and
a public key storage section for storing combinations of electronic-mail addresses and public keys that correspond to the electronic-mail addresses;
wherein said secret keys are used when attaching the signature of an originator to electronic-mail and when decrypting encrypted electronic-mail that has been transmitted in to an electronic-mail address in said LAN; and
said public keys are used when encrypting mail such that only the user of the electronic-mail address that is designated in the electronic-mail destination can read the encrypted mail and when checking whether mail has been falsified;
said proxy server being further provided with a data processor that includes;
mail encryption means for obtaining from said public key storage section the public key that corresponds to the electronic-mail address of the electronic-mail destination and encrypting ordinary-text mail from said mail server using said public key;
mail signature attaching means for obtaining from said secret key storage section the secret key that corresponds to the mail address of an electronic-mail originator, calculating a message digest of said electronic-mail, and, after encrypting the calculated values using said secret key, attaching the encrypted values as the signature of the electronic-mail originator;
mail decryption means for obtaining from said secret key storage section the secret key that corresponds to the electronic-mail address of the electronic-mail destination, and decrypting encrypted mail using said secret key;
mail signature checking means for checking whether or not mail has been falsified by obtaining from said public key storage section the public key that corresponds to the mail address of an electronic-mail originator, decrypting the signature that is attached to electronic-mail using said public key; and
comparing values of the signature with the message digest of the electronic-mail; and
data communication means for receiving ordinary-text electronic-mail from said mail server, transmitting encrypted mail with attached signature that has been created by said mail encryption means and said mail signature attaching means to said Internet, and further, receiving encrypted mail with attached signature from said Internet and transmitting ordinary-text mail that is obtained by way of said mail signature checking means and said mail decryption means to said mail server.
- is provided with;
-
9. A method of managing security of electronic-mail that is transmitted and received between a mail server and the Internet in which a proxy server is provided between a mail server on a LAN (Local Area Network) and the Internet for performing processing relating to electronic-mail security, comprising steps in which:
-
said proxy server encrypts and attaches a signature to electronic-mail that is to be transmitted to said Internet; and
said proxy server checks for falsification of electronic-mail that is addressed to said mail server from said Internet and decrypts said electronic-mail;
wherein processes necessary for managing security of electronic-mail are performed by said proxy server that is arranged at the point of connection to said Internet;
whereby the security of electronic-mail on the Internet can be ensured regardless of the type of mail server, mail client, or user terminal that is used by the user and regardless of whether the mail server, mail client or user terminal used by the user incorporates security functions. - View Dependent Claims (10, 11, 12)
-
-
13. A recording medium on which is recorded a program for performing processing relating to security of electronic-mail between a mail server that is connected to a LAN (Local Area Network) and the Internet using a proxy server;
-
wherein a storage device is provided that is in turn provided with;
a secret key storage section for storing combinations of electronic-mail addresses and secret keys that correspond to these electronic-mail addresses, and a public key storage section for storing combinations of electronic-mail addresses and public keys that correspond to these electronic-mail addresses;
wherein said secret key is used when attaching to electronic-mail the signature of the originator and when decrypting encrypted mail that has been transmitted in to an electronic-mail address in said LAN; and
said public key is used when encrypting electronic-mail such that only the user of the electronic-mail address that is designated in the destination of the electronic-mail can read said electronic-mail and when checking for falsification of electronic-mail;
a program being recorded on said recording medium for causing a computer that constitutes said proxy server to execute the following processes from (a) to (e);
(a) a mail encrypting process in which the public key that corresponds to the electronic-mail address of the destination of electronic-mail is obtained from said public key storage section and ordinary-text mail is encrypted using the public key;
(b) a mail signature attaching process in which the secret key that corresponds to the mail address of the originator of electronic-mail is obtained from said secret key storage section, a message digest of said electronic-mail is calculated;
the calculated values are encrypted using the secret key and the encrypted values are attached to electronic-mail as the signature of the originator;
(c) a mail decryption process in which the secret key that corresponds to the electronic-mail address of the electronic-mail destination is obtained from said secret key storage section and encrypted mail is decrypted using the secret key;
(d) a mail signature checking process in which the public key that corresponds to the mail address of the originator of electronic-mail is obtained from said public key storage section, a signature that is attached to mail is decrypted using the public key, and falsification of mail is checked by comparing values of the signature and the message digest of the mail; and
(e) a data communication process in which ordinary-text mail is received from said mail server, encrypted mail with attached signature is transmitted to the Internet, encrypted mail with attached signature is received from said Internet, and ordinary-text mail is transmitted to said mail server.
-
Specification