JP5051788B2 - E-mail control device, control method thereof, and program - Google Patents

Description

  The present invention relates to an electronic mail control apparatus, a control method thereof, and a program, and more particularly, to a technique for controlling transmission and / or auditing of transmitted electronic mail.

In recent years, leakage of personal information and confidential information has been affecting corporate trust. With the enforcement of various laws such as the Personal Information Protection Law, it has become an urgent task for companies to take measures against information leakage. The cause of information leakage may be caused by unauthorized access from outside, but most of them are caused by carelessness of people inside the company.

One such information leakage countermeasure is a mail filtering system. The e-mail filtering system sets e-mail characteristics as filtering conditions, such as the presence or absence of keywords that are likely to lead to information leakage, and selects e-mails that are subject to auditing or transmission control. The administrator can efficiently prevent information leakage by visually determining the selected electronic mail.

As such prior art, in Patent Document 1, based on preset conditions, an email to be audited is selected, and a list of selected emails is sent to an administrator corresponding to the sender of the email. A mechanism for displaying audits and prompting audits is disclosed.

JP 2006-85642 A

However, as the demand for information leakage prevention increases and diversifies, the number of e-mails subject to auditing or transmission control increases, and the contents become diversified, and the e-mails that the administrator must visually check The number and complexity of judgment is increasing.

In the above prior art, if the number of e-mails that need to be visually confirmed is limited to a certain extent, by looking at summarized information such as a list of titles, e-mails with a high possibility of information leakage are found and preferentially examined. However, as the number of e-mails that need to be confirmed increases, it becomes difficult to find e-mails that require high-scrutiny audits from the list, increasing the burden on the administrator. Also, urgent emails are buried in many emails waiting for confirmation, causing problems such as delayed transmission

  As described above, when performing an email audit (pre-audit and post-audit) in the past, the priority to be audited based on the past transmission control and / or auditing results for the email source and destination group. It was difficult to grasp high-level e-mails, and it was difficult to efficiently audit.

  That is, it is difficult for the user to select an e-mail that is presumed to have a high risk from the relationship between the sender and the receiver in order to perform an efficient audit.

  Conventionally, when performing transmission control of email, since past transmission control and / or auditing results for a pair of email transmission source and destination are not taken into account, the transmission control of email is appropriately performed. It was difficult to do.

An object of the present invention is a mechanism for appropriately performing e-mail transmission control by controlling transmission of e-mail according to past transmission control and / or auditing results for a set of e-mail transmission source and destination. Is to provide.

The present invention is an electronic mail control device that is communicable with an electronic mail transmission terminal and performs transmission control of an electronic mail transmitted by the electronic mail transmission terminal, for a set of the electronic mail transmission source and transmission destination Risk storage means for storing a risk value indicating the degree of risk of sending the e-mail based on past transmission control and / or audit results, and determining whether to permit sending of the e-mail is made based on the risk value A condition storage unit that stores a risk condition indicating a condition for the acquisition, an acquisition unit that acquires an e-mail transmitted by the e-mail transmission terminal, and a combination of a transmission source and a transmission destination of the e-mail acquired by the acquisition unit Corresponding to the risk value stored in the risk storage means, determining the risk value of the e-mail according to the risk value, and determined by the determination means Was in accordance with the risk conditions stored in the risk value and the condition storage unit, and a transmission control means for controlling whether to permit transmission of the electronic mail, the condition storage means further contents of the electronic mail The content condition indicating the condition for determining whether to permit sending of the e-mail according to the above is stored, and the transmission control means is further stored in the condition storage means and the content of the e-mail acquired by the acquisition means The electronic mail is controlled according to the content condition to allow transmission of the electronic mail, and the electronic mail is acquired according to the content condition stored in the condition storage means and the content of the electronic mail acquired by the acquisition means by the transmission control means. According to the transmission control result indicating whether mail transmission is permitted, it corresponds to the combination of the sender and destination of the email stored in the risk storage means. Further characterized in that it comprises updating means for updating the risk value.
The present invention is also an electronic mail control device that is communicable with an electronic mail transmission terminal and performs transmission control of electronic mail transmitted by the electronic mail transmission terminal, wherein the transmission source and transmission destination of the electronic mail are controlled. Risk storage means for storing a risk value indicating the degree of risk of sending the e-mail based on past transmission control and / or audit results for the set, and whether to permit sending of the e-mail is determined according to the risk value Condition storage means for storing a risk condition indicating a condition for determination, acquisition means for acquiring an e-mail transmitted by the e-mail transmission terminal, a transmission source and a transmission destination of the e-mail acquired by the acquisition means A determination unit that determines a risk value of the e-mail according to a risk value stored in the risk storage unit, A transmission control means for controlling whether to permit sending of the e-mail according to the set risk value and the risk condition stored in the condition storage means; and the risk value of the e-mail determined by the decision means, And / or specifying means for specifying an email to be audited according to a transmission control result by the transmission control means, input means for inputting an audit result of the email specified by the specifying means, and input by the input means And updating means for updating a risk value stored in the risk storage means corresponding to a set of a transmission source and a transmission destination of the e-mail according to an audit result.

The present invention relates to a risk storage means for storing a risk value indicating a degree of risk of sending the e-mail based on past transmission control and / or audit results for a set of e-mail transmission source and destination; and A condition storage unit that stores a risk condition indicating a condition for determining whether to permit transmission of an e-mail based on the risk value , and is communicable with an e-mail transmission terminal, and is transmitted by the e-mail transmission terminal. A control method in an e-mail control apparatus that performs sending control of e-mail , wherein the acquisition means of the e-mail control apparatus acquires an e-mail transmitted by the e-mail transmission terminal, and the e-mail The determination unit of the control device records in the risk storage unit corresponding to the combination of the transmission source and transmission destination of the email acquired by the acquisition step. A determination step of determining a risk value of the electronic mail according to the risk values, the transmission control means of the electronic mail control apparatus, and risk conditions stored in the condition storage means with the risk values determined in said determining step And a transmission control step for controlling whether to permit the sending of the e-mail , wherein the condition storage means further determines a condition for judging whether to permit the sending of the e-mail according to the contents of the e-mail. The content condition shown is stored, and the transmission control step further permits the sending of the email according to the content of the email acquired by the acquisition step and the content condition stored in the condition storage means. The update means of the e-mail control device controls the contents of the e-mail acquired by the acquisition step and the condition by the transmission control step. The risk corresponding to the combination of the sender and destination of the e-mail stored in the risk storage unit according to the transmission control result indicating whether or not the sending of the e-mail is permitted according to the content condition stored in the storage unit The method further includes an update step of updating the value .
In addition, the present invention provides a risk storage means for storing a risk value indicating a degree of risk of sending the e-mail based on past transmission control and / or auditing results for a set of the e-mail transmission source and destination. And a condition storage means for storing a risk condition indicating a condition for determining whether to permit transmission of the e-mail based on the risk value, and is capable of communicating with an e-mail transmission terminal, the e-mail transmission terminal A control method in an e-mail control apparatus that controls transmission of an e-mail transmitted by the acquisition method of the e-mail control apparatus, wherein the acquisition means of the e-mail control apparatus acquires an e-mail transmitted by the e-mail transmission terminal; The determination unit of the e-mail control device corresponds to the risk record corresponding to a set of a transmission source and a transmission destination of the e-mail acquired by the acquisition step. A determination step of determining the risk value of the e-mail according to the risk value stored in the means, and a transmission control means of the e-mail control device stored in the risk value determined in the determination step and the condition storage means A transmission control step for controlling whether to permit the sending of the e-mail according to a risk condition, and a specifying means of the e-mail control device, the risk value of the e-mail determined in the determination step, and / or A specifying step of specifying an email to be audited according to a transmission control result by a transmission control step; an input step in which the input means of the email control device inputs an audit result of the email specified by the specifying step; The update unit of the email control device is stored in the risk storage unit according to the audit result input in the input step, An updating step of updating the risk value corresponding to the set of transmission destination e-mail sender, characterized in that it comprises a.

The present invention relates to a risk storage means for storing a risk value indicating a degree of risk of sending the e-mail based on past transmission control and / or audit results for a set of e-mail transmission source and destination; and A condition storage unit that stores a risk condition indicating a condition for determining whether to permit transmission of an e-mail based on the risk value, and is communicable with an e-mail transmission terminal, and is transmitted by the e-mail transmission terminal. A computer program that can be read and executed by an e-mail control device that performs sending control of e-mail, wherein the e-mail control device acquires an e-mail transmitted by the e-mail transmission terminal, and the acquisition According to the risk value stored in the risk storage means corresponding to the pair of the transmission source and the transmission destination of the email acquired by the means. Accordance determining means and risk conditions stored in the condition storage means with the risk value determined by said determining means for determining a risk value of the electronic mail Te, and controls whether to permit transmission of the electronic mail transmission The condition storage means further stores a content condition indicating a condition for determining whether to permit sending of the email according to the content of the email, and the transmission control means further includes: , According to the content of the electronic mail acquired by the acquisition means and the content condition stored in the condition storage means, whether to permit sending of the electronic mail is controlled, and acquired by the acquisition means by the transmission control means In accordance with the transmission control result indicating whether or not to permit the sending of the e-mail according to the contents of the e-mail to be sent and the contents condition stored in the condition storage means The risk storage means is stored, further characterized Rukoto to function as update means for updating the risk value corresponding to the set of the electronic mail sender and destination.
In addition, the present invention provides a risk storage means for storing a risk value indicating a degree of risk of sending the e-mail based on past transmission control and / or auditing results for a set of the e-mail transmission source and destination. And a condition storage means for storing a risk condition indicating a condition for determining whether to permit transmission of the e-mail based on the risk value, and is capable of communicating with an e-mail transmission terminal, the e-mail transmission terminal A computer program that can be read and executed by an e-mail control device that performs sending control of e-mails transmitted by the e-mail control device, and the e-mail control device obtains e-mails transmitted by the e-mail transmission terminal; , Stored in the risk storage means corresponding to a set of transmission source and transmission destination of the email acquired by the acquisition means. A determination unit that determines a risk value of the e-mail according to a determination value, and controls whether to permit sending of the e-mail according to the risk value determined by the determination unit and the risk condition stored in the condition storage unit Transmission control means, a risk value of the email determined by the determination means, and / or a specification means for specifying an email to be audited according to a transmission control result by the transmission control means, and specified by the specification means Input means for inputting the audit result of the e-mail, and the risk value corresponding to the combination of the sender and destination of the e-mail stored in the risk storage means in accordance with the audit result input by the input means It is made to function as an update means to update.

According to the present invention, the transmission control of an electronic mail is appropriately performed by controlling the transmission of the electronic mail according to the past transmission control and / or auditing results for the pair of the transmission source and the transmission destination of the electronic mail. Can do.

FIG. 1 is a block diagram schematically showing a system configuration of an information processing system according to an embodiment of the present invention. FIG. 2 is a block diagram schematically showing a hardware configuration of the mail inspection apparatus in FIG. FIG. 3 is a flowchart showing a basic processing procedure executed by the mail inspection apparatus in FIG. FIG. 4 is a flowchart showing risk value calculation processing of the mail auditing apparatus. FIG. 5 is a flowchart showing the audit target determination process of the mail audit apparatus. FIG. 6 is a flowchart showing the audit processing of the audit target mail. FIG. 7 is a calculation formula showing an example of link risk calculation. FIG. 8 is a diagram illustrating an example of a link risk weight value. FIG. 9 is a diagram illustrating an example of a link risk table. FIG. 10 is a diagram illustrating an example of an audit index calculation function. FIG. 11 is a diagram illustrating an example of the audit target mail management table. FIG. 12 is a diagram illustrating an example of the audit target mail list screen. FIG. 13 is a diagram illustrating an example of a pre-audit mail detail screen. FIG. 14 is a diagram showing an example of a post-audit email detail screen. FIG. 15 is a diagram illustrating an example of a delivery rule table. FIG. 16 is a diagram illustrating an example of a link relationship between mail addresses.

Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.
<Description of FIG. 1>
FIG. 1 is a diagram illustrating a configuration example of a system according to the present embodiment.
The configuration of various terminals connected to the network in FIG. 1 is an example, and it goes without saying that there are various configuration examples depending on the application and purpose.

Reference numeral 100 denotes a mail audit apparatus (electronic mail control apparatus) that provides an electronic mail audit function. The mail auditing apparatus 100 can transmit / receive data to / from the mail transmission / reception terminal 120 (electronic mail transmission terminal), the mail management terminal 130, and the mail delivery apparatus 140 via a network. The mail inspecting apparatus 100 receives an electronic mail transmitted from the mail transmitting / receiving terminal 120, and according to a predefined condition, a delivery control (transmission control) for transmitting, deleting, or suspending an electronic mail that matches the condition. ). In addition, it is determined whether or not to be audited. The e-mail that is determined to be transmitted is transmitted to the mail delivery device 140. The mail auditing apparatus 100 includes a mail reception processing unit 101, a delivery control unit 102, a mail transmission processing unit 103, a delivery rule storage unit 104, an audit target mail storage unit 105, a management information storage unit 106, and an audit operation processing unit 107. Yes. The mail reception processing unit 101 has a function of acquiring an electronic mail transmitted from the mail transmitting / receiving terminal 120.

The delivery control unit 102 determines whether the e-mail received by the mail reception processing unit matches various conditions indicated in the delivery rule stored in the delivery rule storage unit 104, and determines that there is a matching delivery rule. If it is, the function (sending, deleting, or holding) set in the delivery rule is applied to the electronic mail. Also, based on the risk information stored in the management information storage unit 106, it is determined whether or not the email is to be audited. If the email is determined to be audited, the email is sent to the audit target email storage unit 105. A function of storing and updating risk information of the management information storage unit 106 is provided.

The mail transmission processing unit 103 has a function of transmitting an electronic mail to the mail delivery device 140. That is, it is a functional unit that transmits an e-mail that is determined to be transmitted by the delivery control unit 102 or an e-mail that is instructed to be transmitted from the audit operation processing unit 107. The delivery rule storage unit 104 is a storage area in which delivery rules for the delivery control unit 102 to determine the delivery method of electronic mail are stored. The audit target mail storage unit 105 is a storage area for storing an electronic mail that is determined as an audit target by the delivery control unit.

The management information storage unit 106 is a storage area for storing risk information related to the relationship between the sender and receiver of electronic mail, management information of audit target mail, and other control parameter values.

The audit operation processing unit 107 has a function of performing an audit process on the audit target mail stored in the audit target mail storage unit 105 in accordance with an instruction received from the management operation unit 131 of the mail management terminal 130. If the audit target mail is in a delivery pending state, it can be sent or deleted. If the sending or deleting process has already been completed, the risk information stored in the management information storage unit 106 is updated. It has a function to do.

Reference numeral 120 denotes a mail transmission / reception terminal used by a user who transmits electronic mail. The mail transmission / reception terminal 120 can transmit / receive data to / from the mail auditing apparatus 100 via the network. The mail transmission / reception terminal 120 includes a mail transmission / reception unit 121. The mail transmission / reception unit 121 has a function of transmitting an electronic mail to the mail inspection apparatus 100 and a function of receiving an electronic mail from the mail inspection apparatus 100.

A mail management terminal 130 is used by an administrator who audits electronic mail. The mail management terminal 130 can exchange data with the mail auditing apparatus 100 via the network. The mail management terminal 130 includes a management operation unit 131.

The management operation unit 131 has a function of instructing the audit operation processing unit 107 of the mail auditing apparatus 100 to send or delete delivery of the audit target email stored in the audit target mail storage unit 105. .

Further, the management operation unit 131 has a function of instructing the audit operation processing unit 107 of the mail auditing apparatus 100 to update the risk information of the email stored in the management information storage unit 106.

The mail delivery device 140 has a function of delivering the email received from the email auditing device 100 to an appropriate mail server based on the destination address information of the email. Next, hardware configurations of various terminals such as the mail auditing apparatus 100, the mail transmitting / receiving terminal 120, and the mail management terminal 130 of FIG. 1 will be described with reference to FIG.

<Description of FIG. 2>
Hereinafter, the hardware configuration of the information processing apparatuses 100 and 200 illustrated in FIG. 1 will be described with reference to FIG. FIG. 2 is a block diagram showing a hardware configuration of the information processing apparatuses 100 and 200 shown in FIG.

In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls devices and controllers connected to the system bus 204. Further, the ROM 202 or the external memory 211 has a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as OS), which is a control program of the CPU 201, and functions executed by each server or each PC (information processing apparatus). Various programs and the like to be described later necessary for the realization are stored.

A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 211 into the RAM 203 and executing the loaded program.

An input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown). A video controller 206 controls display on a display (display unit) such as a CRT display (CRT) 210. In FIG. 2, although described as CRT 210, the display device is not limited to the CRT, but may be another display device such as a liquid crystal display. These are used by the administrator as needed.

A memory controller 207 is provided in an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a compact flash (registered trademark) memory connected via an adapter.

A communication I / F controller 208 connects and communicates with an external device via the network 400, and executes communication control processing on the network. For example, communication using TCP / IP is possible.

Note that the CPU 201 enables display on the CRT 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. In addition, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 210.

Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Further, files and various tables used when executing the program are also stored in the external memory 211.

<Description of FIG. 3>
Next, the hardware configuration of the printer 300 shown in FIG. 1 will be described with reference to FIG.
Next, a basic processing flow of the mail inspection apparatus will be described with reference to FIG. FIG. 3 is a flowchart showing basic processing of the mail inspection apparatus according to the embodiment of the present invention.

In step S301, the e-mail transmitted by the e-mail transmitting / receiving terminal 120 is received (acquired) by the e-mail reception processing unit 101 of the e-mail auditing apparatus 100 (acquisition means). The mail reception processing unit 101 passes the received electronic mail to the delivery control unit 102, and the delivery control unit 102 executes the processing from step 302 onward. In step S302, it is determined by calculating a link risk value (risk value) of the e-mail.

The link risk value means a numerical value indicating the degree of risk given to the connection (link) between the sender and receiver of the e-mail. Detailed procedures regarding the calculation method will be described later.

An example of the link risk related to the three addresses in FIG. 16 is schematically shown. In FIG. 16 tanaka @ a. co. jp to matsumoto @ d. co. The link risk value for mail transmission to jp is “0.014”, whereas tanaka @ a. co. jp to nakamura @ b. co. The link risk value relating to the mail transmission to jp represents a relatively high value of “0.067”. In step S303, the delivery control unit 102 reads the delivery rule table stored in the delivery rule storage unit 104 (condition storage unit) into a memory such as a RAM.

An example of the delivery rule table is shown in FIG. One row of the table represents one delivery rule. One delivery rule is a record composed of a rule ID, a conditional expression, and an action. In the table, the delivery rules are stored and held in a list format sorted in descending order using the rule ID as a key. In the conditional expression, a condition for specifying an electronic mail is described. For example, conditions regarding the addresses of the sender and receiver, the presence / absence of an attached file, the document type of the attached file, or the number of destination addresses are used. In addition, it is assumed that the size of the link risk value can be made a condition as shown in the conditional expression column of the row 1501.

Here, for example, in the record (risk condition) with the rule ID of 5 in FIG. 15, it is stipulated that an e-mail having a link risk value larger than 0.7 is suspended. Further, it is stipulated that a record (content condition) with a record ID of 1 deletes an e-mail when the keyword “confidential” is included in the e-mail. Here, the risk condition and the content condition are set independently, but a condition obtained by combining the risk condition and the content condition may be set. The content condition is a condition for determining whether to permit transmission, suspension or deletion of the electronic mail from the content of the electronic mail. The risk condition is a condition for determining whether to permit transmission of an email, hold it, or delete it. In step S304, the delivery rules are extracted one by one from the delivery rule table in ascending order of the rule ID, and the process of step S305 is repeated.

In step S305, the conditional expression of the extracted delivery rule is evaluated for the e-mail. If the condition is true, the process proceeds to step S308. If it is false, the process proceeds to step S306. In step S306, if the processing for all the delivery rules is completed, the process proceeds to step S307, and if not completed, the process returns to step S304.

In step S308, the value of the action string of the delivery rule is extracted. If the value is transmission, the process proceeds to step S307. If the value is deleted, the process proceeds to step S309.

In step S 307, the electronic mail is transferred to the mail transmission processing unit 103, and the mail transmission processing unit 103 transmits the electronic mail to the mail delivery device 140. The delivery status of the electronic mail is transmitted, and the process proceeds to step S311. In step S309, the delivery state of the electronic mail is deleted, and the process proceeds to step S311. In step S310, the delivery state of the electronic mail is saved, and the process proceeds to step S311. In step S311, it is determined whether the electronic mail is an audit target, and the process proceeds to step S312. The detailed procedure of the audit target determination process will be described later separately.

In step S312, the value of the link risk table stored in the management information storage unit 106 is updated from the processing result (send, delete, hold) of the email (first update unit).

FIG. 9 shows an example of the link risk table. The link risk table shown in FIG. 9 is stored in the external memory 211 of the mail auditing apparatus 100 (risk storage means). If there is a row that matches the address pair by scanning the link risk table for the combination (address pair) of the sender address and all recipient addresses of the e-mail, the total number column of the row and the column corresponding to the processing result Increment the count value. In step S312, the value of the transmission string or the deletion string is incremented.

Here, FIG. 9 stores the past transmission control (transmission control result) and / or auditing results for the combination of the sender and destination of the e-mail, and the risk of sending e-mail to the set. A risk value (link risk value) indicating the degree is stored.

Next, the link risk column value of the row is updated. The update value of the link risk value is calculated by the calculation formula shown in FIG. 7 using the link risk weight value for each delivery processing result as shown in FIG.

However, if it corresponds to a delivery rule in step S305 and the action of the delivery rule is deletion and a link risk value is used in the conditional expression, the value of the deletion column and the link risk value are determined in step S312. Do not update.

That is, here, it is determined whether the action of the delivery rule is deleted and the link risk value is used in the conditional expression. If the action of the delivery rule is deleted and the link risk value is used in the conditional expression, If it is determined, in step S312, the deletion column value and the link risk value are not updated. On the other hand, if it is determined that the action of the delivery rule is deletion and the link risk value is not used in the conditional expression, step S312 is executed to update the link risk value.

  This is to prevent the processing result from being deleted corresponding to the condition using the link risk value, and the cycle of the link risk value from being automatically raised from the result of the deletion. The above is the basic processing flow in the mail auditing apparatus.

<Description of FIG. 4>
Next, the risk value calculation process in step S302 will be described using the flowchart of FIG. In step S401, a risk value buffer for storing risk values related to a plurality of sender address / recipient address pairs in the electronic mail is initialized.

In step S402, the recipient addresses are extracted one by one from the set of recipient addresses, and the processing from S403 to S411 is repeated for all sender address and recipient address pairs (address pairs).

In step S403, it is determined by searching whether there is a row matching the current address pair in the link risk table (determination means). That is, it is determined whether or not the risk value for the set of the sender and destination of the e-mail is in the link risk table. If it exists, the process proceeds to step S404, and if it does not exist, the process proceeds to step S405. In step S404, the link risk value of the row extracted in S403 is added to the risk value buffer, and the process proceeds to step S411.

In step 405, the new link assessment policy parameter stored (set) in the management information storage unit 106 is referred to. If the value is the entity result priority method, the process proceeds to step S406. If the value is the default value priority method, the process proceeds to step S410. .

Here, in the new link assessment policy parameter, it is set whether or not to set the risk value of the set of the sender and destination of the acquired e-mail as a predetermined risk value (setting means), and the predetermined risk value Is set, the process proceeds to step S410.

In step S406, all the rows having the sender address of the e-mail in the sender column of the link risk table are searched (search means). If there is at least one corresponding row, the average value thereof is calculated. If there is none, the average value is -1 or the like. Next, the process proceeds to step S407.

In step S407, all rows having the recipient address of the e-mail in the recipient column of the link risk table are searched (search means). If there is at least one corresponding row, the average value thereof is calculated. If there is none, the average value is -1 or the like. Next, the process proceeds to step S408.

Here, the link risk values of the sender (sender) and the receiver (destination) are searched in step S406 and step S407, but only one of them (sender (sender) or receiver (sender)) only. , And an average value of the searched link risk values may be calculated to determine the risk value (link risk value) of the e-mail.

In step S408, the two average values calculated in step S406 and step S407 are referred to. If either is 0 or more, the process proceeds to step S409, and if both are less than 0, the process proceeds to step S410.

In step S409, the two average values calculated in step S406 and step S407 are referred to, and the larger one is selected, the value is added to the risk value buffer, and the process proceeds to step S411.

In step S410, a fixed value (default value) settable by the administrator stored in the management information storage unit 106 is added to the risk value buffer, and the process proceeds to step S411.

If the processing from S403 to S410 has been completed for all recipient addresses in step S411, the process proceeds to step S412. If not completed, the process returns to step S402.

In step S412, the link risk value of the e-mail is calculated using a plurality of link risk values stored in the risk value buffer.

As a method for calculating the link risk value of an e-mail from a plurality of link risk values, it can be selected from several methods such as an average value, a maximum value, and a minimum value depending on the audit policy of the organization to be used.

<Example of risk value calculation method when new combinations of senders and receivers with no track record in the past> As described above, new combinations of senders and receivers with no track record in the past occur In this case, since the combination of the sender and the receiver does not exist as an existing row in the link risk table in step S403, the process proceeds to S405, and the value calculation method is changed by the new link assessment policy parameter in step S405. . Even when there is no corresponding transmission / reception relationship, the entity performance priority method is a method in which the link risk value between the target sender and the receiver is obtained by using the average of link risk values that are independent for the sender and the receiver. When a new link is generated, the default value priority method is a method using a fixed value for a new link without using independent past results of the sender and receiver. By setting a large value (such as 1.0) as a fixed value used in the default value priority method, if a new combination of senders and recipients with no past record occurs, the e-mail is always subject to auditing. Can be operated.

<Description of FIG. 5>
Next, the audit target determination processing in step S311 in FIG. 3 will be described using the flowchart in FIG. The electronic mail to be audited is specified by the processing of FIG. 5 (specifying means).

In step S501, the delivery status of the electronic mail being processed is referred to. If the delivery status is pending, the process proceeds to step S502, and if it is transmitted or deleted, the process proceeds to step S503.

In step S502, the information (e-mail ID, reception time, sender address, delivery status, link risk value) of the e-mail is added to the audit target mail management table stored in the management information storage unit 106, and the process proceeds to step S503. move on. FIG. 11 shows an example of the audit target mail management table.

The audit target e-mail management table is a management table for managing e-mails to be audited in the e-mail auditing apparatus 100. Records represented by rows include a management ID for record identification, a mail ID for target e-mail identification, It is composed of the reception time when the target electronic mail is received by the mail auditing apparatus 100, the sender address of the target electronic mail, the delivery status of the target electronic mail, and the link risk value calculated in step S302 of the target electronic mail. The delivery status takes one of the values of transmission, deletion, or hold. In step S504, the electronic mail is stored in the audit target mail storage unit 105. In step S503, it is determined whether or not the post-audit is to be used by using the link risk value of the e-mail.

As this method, whether or not the link risk value is not less than the value (threshold value) (for example, 0.75) of the post audit threshold parameter (threshold storage means) stored (stored) in the management information storage unit, etc. Authenticity is determined by. Alternatively, if it is desired to incorporate a certain degree of randomness in the determination of the e-mail subject to the post-audit, the value obtained by applying the function shown in FIG. 10 to the link risk value and the σ parameter representing the degree of randomness is It is also possible to apply a method of performing authenticity determination as to whether or not the above threshold value is exceeded. FIG. 10 is a calculation formula based on the Box-Muller method for generating normal random numbers having the link risk value R as an average value and σ as a standard deviation. When such a function is used, the link risk value of the e-mail is set as a mode value, and the threshold value is compared with a value that varies before and after the degree of σ. It is possible to realize an audit target selection method that adds randomness to some extent. If the result of true / false determination is true, the process proceeds to step S502, and if false, the process proceeds to step S505. In step S505, the electronic mail is deleted.

The above is the description of the processing in the mail auditing apparatus 100 when the mail auditing apparatus 100 receives an e-mail from the mail transmitting / receiving terminal 120.

<Description of FIG. 6>
Next, a process in which an administrator who audits an email audits the audit target mail stored in the audit target mail storage unit of the mail audit apparatus 100 will be described with reference to FIG.

The administrator accesses the audit operation processing unit 107 of the mail auditing apparatus 100 from the mail management terminal 130 using a program represented by the management operation unit 131. The management operation unit 131 is assumed to be software such as a web browser, and the audit operation processing unit 107 is assumed to be a CGI program on a web server. When the administrator accesses, an audit target mail list screen to be managed by the administrator is displayed in step S601 through login processing and the like. An example of the audit target mail list screen is shown in FIG.

The audit target mail displayed here displays the contents of the audit target mail management table stored in the management information storage unit 106. However, the displayed range is limited to an e-mail in which the management target e-mail address determined from the management authority of the logged-in administrator is the sender.

At this time, the list of audit target mails is sorted (sorted) in the order according to the link risk value and displayed (output). Here, the list of emails to be audited is displayed arranged in descending order of link risk values. Furthermore, it is assumed that the descending order and the ascending order of the display order can be switched by the sort button represented by 1203. This makes it easier for the administrator to preferentially audit from emails that are estimated to be high risk.

On the audit target mail list screen, in addition to the list of audit target mails that are managed by the administrator, the residual risk value that is the sum of all link risk values of audit target mails indicated by 1204 and the audit execution rate indicated by 1205 The index information of audit work such as is displayed. The audit execution rate is a numerical value indicating how many of the emails to be audited that have arrived within a certain period are audited.

Next, in step 602, the administrator selects the audited email list from the auditable email list displayed on the auditable email list screen by clicking on the row of the email to be audited.

In step S603, the audit operation processing unit 107 acquires the information on the electronic mail selected by the administrator in step S602, and extracts the target record information from the audit target mail management table. If the delivery status of the target record is on hold, the process proceeds to step S604, and if not, the process proceeds to step S609.

In step S604, the audit target mail selected in step S602 in the audit operation processing unit 107 is extracted from the audit target mail storage unit 105 and the contents thereof are displayed. Since the delivery status of the audit target mail in step S604 is on hold, the operation screen for pre-audit (e-mail pre-audit screen) is displayed. An example of the e-mail pre-audit screen is shown in FIG.

The e-mail pre-audit screen includes an area (1301) for displaying the header part and body part of the target e-mail, an area (1302) for displaying the delivery status and the link risk value, transmission (1303), transmission with attention (1304), It consists of buttons for instructing deletion (1305).

In step S605, the administrator confirms the information on the e-mail pre-audit screen, determines the target e-mail delivery process, and presses any of buttons 1303 to 1305, thereby the CPU 201 of the e-mail management terminal 130. Transmits an instruction for the delivery process pressed by the audit operation processing unit 107, and the mail auditing apparatus 100 accepts an input of the instruction (an input means for inputting an audit result of the email).

Next, in step S606, the audit operation processing unit 107 that has received the instruction from S605 proceeds to step S607 if the instruction content is deletion, and proceeds to step S608 if it is transmission with transmission or attention. In step S607, the electronic mail stored in the audit target mail storage unit is deleted, and the process proceeds to step S611.

In step S608, the e-mail is transferred to the mail transmission processing unit 103, and the mail transmission processing unit 103 transmits the e-mail to the mail distribution device 140. Next, the electronic mail stored in the audit target mail storage unit is deleted, and the process proceeds to step S611.

In step S609, the audit target mail selected in step S602 in the audit operation processing unit 107 is extracted from the audit target mail storage unit 105 and the contents thereof are displayed. Since the delivery status of the audit target mail in step S609 is transmission or deletion, an operation screen for post audit (e-mail post audit screen) is displayed. An example of an e-mail post-audit screen is shown in FIG.

The e-mail post-audit screen includes an area for displaying the header and body of the target e-mail (1401), an area for displaying the delivery status and link risk value (1402), no problem (1403), attention (1404), problem It is composed of buttons for instructing “Yes” (1405). Here, in the area for displaying the delivery status, if the delivery status is deleted, the number of deleted records and links in the link risk table for all pairs of the sender address and recipient address of the e-mail already in step S312. Since the risk value is added, a message indicating that the link risk value of the e-mail has already been added to the risk value is also displayed.

Then, the administrator confirms the information on the email post-audit screen, determines the audit evaluation of the target email, and presses one of buttons 1403 to 1405, so that the CPU 201 of the email management terminal 130 The result of the pressed audit evaluation is transmitted to the audit operation processing unit 107. In step S610, the CPU 201 of the mail auditing apparatus 100 receives the result of the audit evaluation transmitted from the mail management terminal 130 (input means for inputting the audit result of the email).

In step S611, the audit operation processing unit 107 receives an audit instruction result (transmission, transmission with caution, deletion, no problem, caution, or problem) from any of step S607, step S608, or step S610. Based on the value of this result, the value of the link risk table stored in the management information storage unit 106 is updated. FIG. 9 shows an example of the link risk table. For the combination of the sender address of the e-mail and all recipient addresses (address pairs), if there is a row that matches the address pair by scanning the link risk table, the count value of the column corresponding to the processing result of that row is Increment. In step S611, the value of any column of transmission, transmission with attention, deletion, no problem, attention, or problem is incremented. Next, the link risk column value of the row is updated (second updating means). Here, the risk value corresponding to the pair of the transmission source and transmission destination of the electronic mail subject to the audit is updated according to the input audit result.

The link risk value updating method is calculated by the calculation formula shown in FIG. 7 using the link risk weight value for each delivery processing result as shown in FIG. Next, the process proceeds to step S612.

In step S612, since the audit of the audit target mail is completed, the row corresponding to the audit target mail in the audit target mail management table of the management information storage unit is deleted.

Thereafter, the screen of the management operation unit 131 returns to the screen of step S601 and repeatedly performs the audit process on the other audit target mails in the process flow from step S602 to step S612 described above. The above is the flow of the process in which the administrator who audits the email audits the audit target mail stored in the audit target mail storage unit of the mail audit apparatus 100.

  As described above, according to the present embodiment, an e-mail can be obtained by controlling the transmission of the e-mail based on past transmission control and / or auditing results for a set of e-mail transmission source and destination. Can be appropriately controlled.

  Conventionally, when performing an email audit (pre-audit and post-audit), a high priority should be audited based on past transmission control and / or audit results for the source and destination of the email. E-mail can be grasped, and auditing can be performed efficiently.

  In other words, it is possible to allow the user to select an e-mail that is presumed to have a high risk of information leakage from the relationship between the e-mail sender (source) and recipient (destination) in order to perform an efficient audit. It becomes.

Although one embodiment of the present invention has been described in detail above, the present invention can take an embodiment as, for example, a system, apparatus, method, program (computer program), or storage medium. May be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.

Another object of the present invention is to supply a storage medium storing software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the storage medium. Needless to say, this can also be achieved by reading and executing the program code stored in.

In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing the program code constitute the present invention.

As a storage medium for supplying the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (basic system or operating system) running on the computer based on the instruction of the program code. Needless to say, a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

Further, after the program code read from the storage medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function is determined based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion board or function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

DESCRIPTION OF SYMBOLS 100 Mail inspection apparatus 101 Mail reception process part 102 Delivery control part 103 Mail transmission process part 104 Delivery rule preservation | save part 105 Audit object mail preservation | save part 106 Management information preservation | save part 107 Audit operation process part 120 Mail transmission / reception terminal 121 Mail transmission / reception part 130 Mail management Terminal 131 Management operation unit 140 Mail delivery device 150 External network

Claims (10)

An e-mail control device that is communicable with an e-mail transmission terminal and performs transmission control of an e-mail transmitted by the e-mail transmission terminal,
Risk storage means for storing a risk value indicating a degree of risk of sending the e-mail based on past transmission control and / or auditing results for a set of the e-mail sender and destination;
Condition storage means for storing a risk condition indicating a condition for determining whether to permit transmission of the e-mail based on the risk value;
Obtaining means for obtaining an email sent by the email sending terminal;
A determination unit that determines a risk value of the e-mail according to a risk value stored in the risk storage unit, corresponding to a set of a transmission source and a transmission destination of the e-mail acquired by the acquisition unit;
Transmission control means for controlling whether to permit sending of the e-mail according to the risk value determined by the determination means and the risk condition stored in the condition storage means;
With
The condition storage means further stores a content condition indicating a condition for determining whether to permit sending of the email according to the content of the email,
It said transmission control means further in accordance with the content conditions stored in the condition storage means with the contents of the e-mail acquired by the acquisition unit, and controls whether to permit output transmission of the electronic mail,
In the risk storage means according to the transmission control result of whether to permit the sending of the email according to the content of the email acquired by the acquisition means and the content condition stored in the condition storage means by the transmission control means. stored, the electronic mail control device characterized by the further comprising an electronic mail updating means to update the risk value corresponding to the destination set the source of. An e-mail control device that is communicable with an e-mail transmission terminal and performs transmission control of an e-mail transmitted by the e-mail transmission terminal,
Risk storage means for storing a risk value indicating a degree of risk of sending the e-mail based on past transmission control and / or auditing results for a set of the e-mail sender and destination;
Condition storage means for storing a risk condition indicating a condition for determining whether to permit transmission of the e-mail based on the risk value;
Obtaining means for obtaining an email sent by the email sending terminal;
A determination unit that determines a risk value of the e-mail according to a risk value stored in the risk storage unit, corresponding to a set of a transmission source and a transmission destination of the e-mail acquired by the acquisition unit;
Transmission control means for controlling whether to permit sending of the e-mail according to the risk value determined by the determination means and the risk condition stored in the condition storage means;
A specifying unit that specifies an email to be audited according to a risk value of the email determined by the determining unit and / or a transmission control result by the transmission control unit;
Input means for inputting the audit result of the email specified by the specifying means;
According to the audit result inputted by the input means, the stored risk storage means, and updating means to update the risk value corresponding to the e-mail source and destination pairs,
Electronic mail control unit you comprising: a. Threshold storage means for storing the threshold is further provided,
The specifying means, according to claim 2 wherein, characterized in that to identify the e-mail audited according the stored threshold risk value of the e-mail that is determined by the determining means and the threshold value storage means E-mail control device. A determination unit that determines whether or not a risk value for a set of a transmission source and a transmission destination of the email acquired by the acquisition unit is stored in the risk storage unit;
When the determination unit determines that the risk value for the set is not stored in the risk storage unit, the risk value for the set including the transmission source of the electronic mail and / or the transmission destination of the electronic mail Search means for searching the risk storage means for a risk value for a set including:
Further comprising
The determination means further calculates a risk value of a pair of the transmission source and the transmission destination of the electronic mail according to the risk value searched by the search means, and determines the risk value of the electronic mail. The electronic mail control apparatus according to any one of claims 1 to 3. When it is determined by the determination means that the risk value of the combination of the sender and destination of the e-mail is not stored in the risk storage means, the risk value of the set is set as a predetermined risk value Setting means;
Further comprising
The determining means further determines that the risk value of the set is not stored in the risk storage means by the determining means, and the setting means sets the risk value of the set as a predetermined risk value. The electronic mail control apparatus according to claim 4 , wherein, when the electronic mail is set, the risk value of the electronic mail is determined using the risk value of the set as the predetermined risk value. The electronic apparatus according to claim 1 , further comprising an output unit that outputs an electronic mail to be audited in an order according to the risk value of the electronic mail determined by the determining unit. Mail control device. Risk storage means for storing a risk value indicating the degree of risk of sending the e-mail based on past transmission control and / or auditing results for a set of e-mail sender and destination, and sending the e-mail And a condition storage means for storing a risk condition indicating a condition for determining whether to permit or not based on the risk value , and is capable of communicating with the e-mail transmission terminal, and the e-mail transmitted by the e-mail transmission terminal A control method in an e-mail control apparatus that performs sending control ,
The acquisition step of the e-mail control device acquires an e-mail transmitted by the e-mail transmission terminal; and
The determining means of the e-mail control device determines the risk value of the e-mail according to the risk value stored in the risk storage means, corresponding to the combination of the e-mail transmission source and the transmission destination acquired by the acquiring step A decision process to
A transmission control step for controlling whether transmission control means of the electronic mail control device permits transmission of the electronic mail according to the risk value determined in the determination step and the risk condition stored in the condition storage means; ,
With
The condition storage means further stores a content condition indicating a condition for determining whether to permit sending of the email according to the content of the email,
The transmission control step further controls whether to permit sending of the e-mail according to the content of the e-mail acquired by the acquisition step and the content condition stored in the condition storage means,
Whether the update means of the electronic mail control device permits sending of the electronic mail according to the content of the electronic mail acquired by the acquisition process and the content condition stored in the condition storage means by the transmission control process The control in the e-mail control device further comprising an update step of updating the risk value corresponding to the set of the e-mail transmission source and the transmission destination stored in the risk storage means according to the transmission control result Method. Risk storage means for storing a risk value indicating the degree of risk of sending the e-mail based on past transmission control and / or auditing results for a set of e-mail sender and destination, and sending the e-mail And a condition storage means for storing a risk condition indicating a condition for determining whether to permit or not based on the risk value, and is capable of communicating with the e-mail transmission terminal, and the e-mail transmitted by the e-mail transmission terminal A computer program that can be read and executed by an e-mail control device that performs sending control,
The e-mail control device;
Obtaining means for obtaining an email sent by the email sending terminal;
A determination unit that determines a risk value of the e-mail according to a risk value stored in the risk storage unit, corresponding to a set of a transmission source and a transmission destination of the e-mail acquired by the acquisition unit;
Accordance with risk conditions stored in the condition storage means with the risk value determined by the determining means, to function as a transmission control means for controlling whether to permit transmission of the electronic mail,
The condition storage means further stores a content condition indicating a condition for determining whether to permit sending of the email according to the content of the email,
The transmission control means further controls whether to permit sending of the e-mail according to the contents of the e-mail acquired by the acquisition means and the contents condition stored in the condition storage means,
In the risk storage means according to the transmission control result of whether to permit the sending of the email according to the content of the email acquired by the acquisition means and the content condition stored in the condition storage means by the transmission control means. stored, the computer program characterized Rukoto to further function as a updating means for updating the risk value corresponding to the e-mail set of source and destination. A risk storage means for storing a risk value indicating a degree of risk of transmission of the e-mail based on past transmission control and / or audit results for a set of the e-mail transmission source and destination; An e-mail that includes a condition storage unit that stores a risk condition indicating a condition for determining whether to permit transmission based on the risk value, and that is communicable with the e-mail transmission terminal and is transmitted by the e-mail transmission terminal A control method in an e-mail control device that performs sending control of
The acquisition step of the e-mail control device acquires an e-mail transmitted by the e-mail transmission terminal; and
The determining means of the e-mail control device determines the risk value of the e-mail according to the risk value stored in the risk storage means, corresponding to the combination of the e-mail transmission source and the transmission destination acquired by the acquiring step A decision process to
A transmission control step for controlling whether transmission control means of the electronic mail control device permits transmission of the electronic mail according to the risk value determined in the determination step and the risk condition stored in the condition storage means; ,
The specifying unit of the e-mail control device specifies the e-mail to be audited according to the risk value of the e-mail determined in the determining step and / or the transmission control result by the transmission control step, and
An input step in which the input means of the e-mail control device inputs the audit result of the e-mail specified by the specifying step;
The updating unit of the electronic mail control device updates the risk value corresponding to the combination of the transmission source and the transmission destination of the electronic mail stored in the risk storage unit according to the audit result input in the input step. Update process;
A control method in an electronic mail control apparatus comprising: A risk storage means for storing a risk value indicating a degree of risk of transmission of the e-mail based on past transmission control and / or audit results for a set of the e-mail transmission source and destination; An e-mail that includes a condition storage unit that stores a risk condition indicating a condition for determining whether to permit transmission based on the risk value, and that is communicable with the e-mail transmission terminal and is transmitted by the e-mail transmission terminal A computer program that can be read and executed by an e-mail control device that performs transmission control of
The e-mail control device;
Obtaining means for obtaining an email sent by the email sending terminal;
A determination unit that determines a risk value of the e-mail according to a risk value stored in the risk storage unit, corresponding to a set of a transmission source and a transmission destination of the e-mail acquired by the acquisition unit;
Transmission control means for controlling whether to permit sending of the e-mail according to the risk value determined by the determination means and the risk condition stored in the condition storage means;
A specifying unit that specifies an email to be audited according to a risk value of the email determined by the determining unit and / or a transmission control result by the transmission control unit;
Input means for inputting the audit result of the email specified by the specifying means;
In accordance with the audit result input by the input means, the risk storage means functions as an updating means for updating a risk value corresponding to a pair of a transmission source and a transmission destination of the e-mail. Computer program.

Images