JP2018142768A - Electronic information management device, electronic information management system, electronic information management method, and electronic information management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To allow for highspeed decryption of encrypted electronic information, while maintaining robustness for information leakage.SOLUTION: An electronic information management device 50 includes a storage unit 51 storing an unencrypted session key 510 capable of encrypting and decrypting electronic information 600, an encryption unit 52 for encrypting the electronic information 600 by using a session key 510, and a control unit 54 for controlling the electronic information 600, encrypted by the session key 510, so as to be stored in an external device 60, and for controlling the stored electronic information 600 so as to be acquired from the external device 60, and a decryption unit 53 for decrypting the electronic information 600, acquired by the control unit 54, by using the session key 510.SELECTED DRAWING: Figure 6

Description

  The present invention relates to a technique for encrypting and managing electronic information.

  In today's highly information-oriented society, ensuring security in communications using electronic information such as e-mails and instant messages is a very important issue. As an example of a system that solves such a problem, for example, there is a system that encrypts and saves an e-mail in the apparatus in addition to encryption in a communication path between a mail server and a client terminal. Such a system has an effect of preventing information leakage due to an attack on the mail server, or unauthorized acquisition of information by the administrator of the mail server.

  Such a system uses an encryption method for electronic mail represented by, for example, S / MIME (Secure / Multipurpose Internet Mail Extensions). In S / MIME, an e-mail is encrypted with a different session key for each e-mail. In S / MIME, the session key itself is encrypted with a public key. However, the public key is used when performing encryption that can be decrypted with the secret key of the client terminal.

  As a technique related to such a technique, Patent Document 1 stores a terminal unit for storing electronic information encrypted with a session key in an electronic medium, and a session key used for encrypting the electronic information. And a key management unit formed separately from the terminal unit to be managed. This device secures security by managing the encrypted electronic information and the session key obtained by encrypting the electronic information in separate bodies (separate devices).

Japanese Patent Laid-Open No. 2003-069550

  For example, in the device disclosed in Patent Document 1, the client terminal obtains a session key stored separately when decrypting an electronic mail encrypted with the session key. At this time, in order to prevent information leakage while the session key is communicated from a separate body to the client terminal, the session key is normally communicated in a state encrypted by a public key cryptosystem or the like. Therefore, the client terminal that has obtained the session key needs to decrypt the session key encrypted by the public key cryptosystem or the like.

  In general, in the decryption in such a public key cryptosystem, complicated processing calculation is performed. Therefore, when displaying the contents of a large number of e-mails on a display screen or the like, the time required to decrypt the e-mails becomes longer, so that the time until the e-mail contents are displayed on the display screen or the like becomes longer. There is a problem of becoming. Here, in order to shorten the time until the content of the e-mail is displayed on the display screen or the like so as to pursue the convenience of the user, the fall of the robustness against the information leakage is a fall. Therefore, it is a problem to maintain robustness against information leakage and to be able to decrypt encrypted electronic information (e-mail or the like) at high speed. The main object of the present invention is to provide an electronic information management apparatus or the like that solves such problems.

  An electronic information management device according to an aspect of the present invention is an electronic information management device that is capable of encrypting and decrypting electronic information, storing a non-encrypted session key, and using the session key to store the electronic information Encrypting means for encrypting, controlling to store the electronic information encrypted by the session key in an external device, and obtaining the stored electronic information from the external device Control means for controlling, and decryption means for decrypting the electronic information acquired by the control means using the session key.

  In another aspect of achieving the above object, in the electronic information management method according to one aspect of the present invention, an unencrypted session key that can encrypt and decrypt electronic information is stored in the storage means. The electronic information is encrypted using the session key by the information processing device, and the electronic information encrypted with the session key is controlled to be stored in an external device, and the stored electronic Controlling acquisition of information from the external device, and decrypting the acquired electronic information using the session key.

  Further, in a further aspect to achieve the above object, the electronic information management program according to one aspect of the present invention is a storage unit that stores an unencrypted session key that can encrypt and decrypt electronic information. A computer comprising: an encryption process for encrypting the electronic information using the session key; and controlling the electronic information encrypted with the session key to be stored in an external device; Control processing for controlling acquisition of the electronic information from the external device, and decryption processing for decrypting the electronic information acquired by the control processing using the session key. It is a program.

  Furthermore, the present invention can be realized by a computer-readable non-volatile recording medium in which the electronic information management program (computer program) is stored.

  The present invention makes it possible to decrypt encrypted electronic information at high speed while maintaining robustness against information leakage.

1 is a block diagram showing a configuration of an electronic information management system 1 according to a first embodiment of the present invention. 4 is a flowchart showing an operation of managing the received electronic mail 200 as an electronic mail 210 encrypted with a session key 110 according to the first embodiment of the present invention. 3 is a flowchart showing an operation performed when the electronic information management apparatus 10 according to the first embodiment of the present invention updates a session key 110. It is a block diagram which shows the structure of 1 A of electronic information management systems which concern on the 1st modification of 1st Embodiment of this invention. It is a block diagram which shows the structure of the electronic information management system 1B which concerns on the 2nd modification of 1st Embodiment of this invention. It is a block diagram which shows the structure of the electronic information management apparatus 50 which concerns on 2nd Embodiment of this invention. It is a block diagram which shows the structure of the information processing apparatus 900 which can execute the electronic information management apparatus which concerns on each embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

<First Embodiment>
FIG. 1 is a block diagram conceptually showing the structure of an electronic information management system 1 according to the first embodiment of the present invention. The electronic information management system 1 roughly includes an electronic information management device (terminal device) 10 and a mail server (external device) 20. The electronic information management apparatus 10 and the mail server 20 are communicably connected via a communication network 30 such as the Internet.

  The mail server 20 stores one or more e-mails 200 and one or more e-mails 210. The e-mail 200 is, for example, an e-mail transmitted from a terminal device (not shown) to the electronic information management apparatus 10 and represents an e-mail when first stored in the mail server 20. The electronic mail 200 is transmitted to the electronic information management apparatus 10 in a state encrypted with the session key 201. At this time, the session key 201 is encrypted with the public key 202.

  The e-mail 210 is an e-mail generated by performing the following processing on the e-mail 200 received by the electronic information management apparatus 10. That is, the electronic information management device 10 first decrypts the session key 201 using the private key 111 of the device itself in order to decrypt the encrypted email 200. Next, the electronic information management apparatus 10 decrypts the email 200 using the decrypted session key 201. Next, the electronic information management apparatus 10 encrypts the decrypted electronic mail 200 with the session key 110 of the own apparatus. The electronic information management apparatus 10 stores the electronic mail 200 subjected to the above processing in the mail server 20 as an electronic mail 210. Details of the email 200 and the email 210 will be described later.

  The electronic information management device 10 is a terminal device used when a user receives or transmits an electronic mail, and is, for example, a personal computer. The electronic information management apparatus 10 transmits and receives electronic mail to and from the mail server 20. 1 shows one electronic information management device 10 for convenience of explanation, the electronic information management system 1 may include a plurality of electronic information management devices 10.

  The electronic information management device 10 includes a storage unit 11, an encryption unit 12, a decryption unit 13, a control unit 14, and a generation unit 15.

  The storage unit 11 is a storage device such as a magnetic disk or an electronic memory. The storage unit 11 may be a removable recording medium such as a memory card. The storage unit 11 stores a session key 110 and a secret key 111. The session key 110 is used when the electronic information management apparatus 10 encrypts the electronic mail 200 or encrypts and decrypts the electronic mail 210. The session key 110 may be generated by the generation unit 15 described later, or may be given in advance by an input operation by a user or the like. The session key 110 is stored in the storage unit 11 in an unencrypted state.

  The generation unit 15 generates a session key 110 using a predetermined algorithm. The generation unit 15 updates the session key 110 stored in the storage unit 11 by newly generating the session key 110 at a predetermined timing (for example, periodically). Before updating the session key 110, the generation unit 15 notifies the encryption unit 12, the decryption unit 13, and the control unit 14 that processing for updating the session key 110 is started.

  The control unit 14 controls transmission / reception of the e-mail 200 or the e-mail 210 with the mail server 20 via the communication network 30. Thereby, the control unit 14 reads the e-mail 200 or the e-mail 210 from the mail server 20 or writes the e-mail 200 or the e-mail 210 to the mail server 20. When the control unit 14 is instructed to acquire (receive) an e-mail from the mail server 20 by an input operation by the user, the control unit 14 acquires the e-mail 200 or the e-mail 210 from the mail server 20. When notified from the generating unit 15 to start the process of updating the session key 110, the control unit 14 acquires, from the mail server 20, the email 210 encrypted with the session key 110 before the update. The control unit 14 inputs the electronic mail 210 encrypted by the acquired session key 110 before update to the decryption unit 13.

  The encryption unit 12 encrypts the decrypted email 200 using the session key 110 stored in the storage unit 11 after the email 200 received from the mail server 20 is decrypted by the decryption unit 13. To do. When notified from the generating unit 15 to start the process of updating the session key 110, the encryption unit 12 is decrypted by the decryption unit 13 and encrypted by the pre-update session key 110. Is encrypted using the session key 110 updated by the generation unit 15. The encryption unit 12 stores the electronic mail 210 encrypted with the session key 110 in the mail server 20 via the control unit 14.

  The decryption unit 13 decrypts the session key 201 encrypted by the public key 202 with respect to the e-mail 200 acquired (received) by the control unit 14 by using the secret key 111 stored in the storage unit 11. . The decryption unit 13 decrypts the electronic mail 200 encrypted with the session key 201 using the decrypted session key 201. The decryption unit 13 inputs the decrypted email 200 to the encryption unit 12. The decryption unit 13 decrypts the electronic mail 210 acquired (received) by the control unit 14 using the session key 110. When the decryption unit 13 is notified by the generation unit 15 to start the process of updating the session key 110, the decryption unit 13 receives the e-mail 210 encrypted by the session key 110 before update, which is input from the control unit 14. Decrypt using session key 110 before update. Thereafter, the decryption unit 13 inputs the decrypted electronic mail 210 to the encryption unit 12.

  Next, with reference to the flowchart of FIG. 2, the operation (process) in which the electronic information management apparatus 10 according to the present embodiment manages the received electronic mail 200 as the electronic mail 210 encrypted with the session key 110 will be described in detail. explain.

  The control unit 14 receives, from the mail server 20, the electronic mail 200 encrypted with the session key 201 and the session key 201 encrypted with the public key 202 (step S101). The decryption unit 13 decrypts the session key 201 using the secret key 111 stored in the storage unit 11, and then decrypts the electronic mail 200 received in step S101 using the decrypted session key 201 ( Step S102).

  The encryption unit 12 encrypts the decrypted email 200 using the session key 110 stored in the storage unit 11 without being encrypted (step S103). The control unit 14 stores the email 200 encrypted by the encryption unit 12 using the session key 110 as the email 210 in the mail server 20 (step S104).

  The electronic information management apparatus 10 is instructed to display a list of electronic mails 210 stored in the mail server 20 by, for example, an operation input by a user (step S105). The control unit 14 receives the email 210 from the mail server 20 (step S106). The decryption unit 13 decrypts the electronic mail 210 received by the control unit 14 using the session key 110 stored in the storage unit 11 without being encrypted, and then displays a list of the decrypted electronic mails 210 on the display screen. (Step S107), and the entire process is terminated.

  Next, an operation (process) performed when the electronic information management apparatus 10 according to the present embodiment updates the session key 110 will be described in detail with reference to the flowchart of FIG.

  The generation unit 15 notifies the encryption unit 12, the decryption unit 13, and the control unit 14 that the session key 110 stored in the storage unit 11 is updated at a predetermined timing (step S201). After receiving the notification from the generation unit 15, the control unit 14 acquires the email 210 encrypted with the session key 110 before being updated from the mail server 20 (step S <b> 202).

  The decryption unit 13 decrypts the electronic mail 210 acquired by the control unit 14 using the session key 110 before being updated, and temporarily stores the decrypted electronic mail 210 in the storage unit 11 (step S203). ). The generation unit 15 newly generates a session key 110, and stores the generated session key 110 as an updated session key 110 in the storage unit 11 without encryption (step S204).

  The encryption unit 12 encrypts the decrypted e-mail 210 temporarily stored in the storage unit 11 using the session key 110 updated by the generation unit 15 (step S205). The control unit 14 stores the electronic mail 210 encrypted with the updated session key 110 as a new electronic mail 210 in the mail server 20 (step S206), and the entire process ends (step S206). ).

  The electronic information management apparatus 10 according to this embodiment can decrypt encrypted electronic information at high speed while maintaining robustness against information leakage. The reason is that the electronic information management apparatus 10 encrypts the e-mail 200 (electronic information) received from the mail server 20 using the session key 110 stored in the apparatus without being encrypted, and the session key 110. This is because the e-mail 200 encrypted according to the above is stored and managed as the e-mail 210 in the mail server 20.

  Below, the effect implement | achieved by the electronic information management apparatus 10 which concerns on this embodiment is demonstrated in detail.

  In a system with enhanced robustness against information leakage, a client terminal may obtain a session key stored in a separate device (separate) when decrypting an electronic mail encrypted with the session key. At this time, in order to prevent information leakage while the session key is communicated from another apparatus to the client terminal, the session key is usually communicated in a state encrypted by a public key cryptosystem or the like. Therefore, the client terminal that has obtained the session key needs to decrypt the session key encrypted by the public key cryptosystem or the like.

  In such a system, since the time required for the process of decrypting these e-mails becomes longer, for example, when displaying the contents of many e-mails on a display screen or the like, the e-mail contents are displayed on the display screen or the like The time until is longer. That is, in this case, there is a problem that user convenience deteriorates. Therefore, it is a problem to be able to decrypt encrypted electronic information (e-mail or the like) at high speed without reducing robustness against information leakage.

  For such a problem, the electronic information management apparatus 10 according to the present embodiment includes a storage unit 11, an encryption unit 12, a decryption unit 13, and a control unit 14, and is exemplified in FIGS. 2 and 3, for example. Works as you do. That is, the storage unit 11 stores an unencrypted session key 110 that can encrypt and decrypt electronic mail (electronic information). The encryption unit 12 encrypts the electronic mail using the session key 110. The control unit 14 controls to store the electronic mail encrypted by the session key 110 in the mail server 20 (external device), and obtains the stored electronic mail from the mail server 20. Control. The decryption unit 13 decrypts the electronic mail acquired by the control unit 14 using the session key 110.

  In other words, the electronic information management apparatus 10 according to the present embodiment encrypts the e-mail received from the mail server 20 using the session key 110 stored without being encrypted in the own apparatus, and encrypts the e-mail using the session key 110. The received e-mail is stored in the mail server 20 (for example, the e-mail 200 may be replaced with the e-mail 210). In this case, since the session key 110 and the electronic mail 210 encrypted by the session key 110 are stored in different apparatuses, robustness against information leakage is maintained. In addition, since the electronic information management apparatus 10 stores the session key 110 in its own apparatus (that is, communication between apparatuses regarding the session key 110 does not occur), the session can be performed even if the session key 110 is not encrypted. The risk of the key 110 leaking information is small. Therefore, since the electronic information management apparatus 10 does not need to perform a process of decrypting the session key 110 when decrypting the electronic mail 210 encrypted by the session key 110, it maintains robustness against information leakage, It is possible to decrypt the encrypted electronic information at high speed.

  In addition, the electronic information management apparatus 10 according to the present embodiment includes a generation unit 15, and the generation unit 15 updates the session key 110 at a predetermined timing (for example, periodically). At this time, the electronic information management apparatus 10 manages the electronic mail 210 and the session key 110 so that they match by re-encrypting the electronic mail 210 stored in the mail server 20 with the updated session key 110. To do. Thus, since the electronic information management apparatus 10 according to the present embodiment updates the session key 110 at every predetermined timing, it is possible to improve robustness against information leakage.

  In addition, the encryption unit 12 according to the present embodiment performs encryption using the session key 110 only for a specific email whose content satisfies a predetermined condition among a plurality of emails, and the decryption unit 13 The specific e-mail encrypted with the session key 110 may be decrypted using the session key 110. In this case, as a classification related to the predetermined condition, for example, a source and destination of an electronic mail, a period when the electronic mail is transmitted, a keyword included in the electronic mail, or the like can be considered. Thus, the electronic information management apparatus 10 according to the present embodiment can flexibly manage the level of robustness against information leakage according to the contents of the e-mail.

  The electronic information management apparatus 10 according to the present embodiment stores a different session key for each e-mail when the e-mail is encrypted with a different session key for each e-mail by, for example, S / MIME or the like. You may make it memorize | store in the part 11. FIG.

  FIG. 4 is a block diagram conceptually showing the configuration of the electronic information management system 1A according to the first modification of the present embodiment in such a case. However, in the first modification shown in FIG. 4, the configuration having the same function as that of the above-described embodiment is described by giving the same numbers as those of the embodiment shown in FIG. 1 described above. Omitted. In this case, the storage unit 11A stores, for example, a session key 201, which is used for encryption of a plurality of emails 200, which is different for each email 200, as the session key 110 in an unencrypted state. That is, the session key 110 is a session key obtained by decrypting the session key 201 encrypted by the public key 202 using the secret key 111 by the decryption unit 13A. Then, the storage unit 11A associates each unencrypted session key 110 with the e-mail 200 encrypted with each session key 110 (that is, a session key obtained by decrypting the session key 201) ( The management table 112 to be associated is stored. The management table 112 is generated or updated when the storage unit 11A stores the session key 110 by, for example, a storage control function included in the storage unit 11A.

  Since the electronic information management apparatus 10A according to the first modification stores the session key 110 obtained by decrypting the session key 201 in the storage unit 11A, the electronic mail 200 can be decrypted using the session key 110. . Therefore, the encryption unit 12A according to the first modification, like the encryption unit 12 according to the first embodiment described above, converts the email 200 obtained by encrypting the email 200 using the session key 110. There is no need to generate. The decryption unit 13A according to the first modification uses the session key 110 associated with the electronic mail 200 by the management table 112, using the electronic mail 200 acquired by the electronic information management apparatus 10A from the mail server 20A. The e-mail 200 is decrypted.

  As described above, the electronic information management apparatus 10A according to the first modification re-encrypts the e-mail 200 using the session key 110 stored in the self apparatus as in the first embodiment described above. There is no need to generate the generated e-mail 210. That is, the electronic information management apparatus 10A can omit the process of storing and managing the generated electronic mail 210 in the mail server 20A after generating the electronic mail 210. Further, the generation unit 15 according to the first modification may update the session key 110 at a predetermined timing, similarly to the generation unit 15 according to the first embodiment. In this case, the electronic information management apparatus 10A generates an electronic mail 210 obtained by re-encrypting the electronic mail 200 using the updated session key 110, and stores and manages the generated electronic mail 210 in the mail server 20A. .

  In addition, in order to avoid the leakage of information from the unencrypted session key 110 due to unauthorized access to the electronic information management apparatus 10, the storage unit 11 according to the present embodiment is a removable recording such as a memory card, for example. You may make it comprise with a medium. That is, in this case, the electronic information management device 10 can prevent unauthorized access from the outside to the storage unit 11 by enabling the storage unit 11 to be physically separated when the session key 110 is not used. Robustness against information leakage can be improved.

  Further, there are cases where the user wants to manage his / her electronic mail stored in the mail server 20 by using a plurality of electronic information management devices (terminal devices) 10. In this case, the electronic information management apparatus 10 according to the present embodiment needs to share the session key 110 among a plurality of electronic information management apparatuses 10 used by the user.

  FIG. 5 is a block diagram conceptually showing the configuration of an electronic information management system 1B according to a modification of the present embodiment that can realize such a user request. The electronic information management system 1B according to the present modification broadly includes n (n is an integer of 2 or more) electronic information management devices 10-1 to 10-n, a mail server 20, and a storage device 40. The electronic information management devices 10-1 to 10-n include the same configuration as the electronic information management device 10 described above. The electronic information management devices 10-1 to 10-n, the mail server 20, and the storage device 40 are connected to be communicable via the communication network 30.

  The storage device 40 stores a session key 410 encrypted by, for example, a public key encryption method or a common key encryption method. The electronic information management devices 10-1 to 10-n acquire the encrypted session key 410 from the storage device 40 via the communication network 30. The electronic information management apparatuses 10-1 to 10-n decrypt the acquired session key 410, and then store the decrypted session key 410 in the storage unit 11 as the session key 110 shown in FIG. As described above, the electronic information management apparatuses 10-1 to 10-n according to the present modification leak information when the user wants to manage his / her e-mail using a plurality of electronic information management apparatuses (terminal apparatuses). The encrypted electronic information can be decrypted at high speed while maintaining the robustness against the above.

  Note that the electronic information management apparatus 10 according to the present embodiment performs the above-described processing not only on an e-mail received for a user who uses the electronic information management apparatus 10 but also on a transmitted e-mail transmitted by the user. You may do it. In this case, the electronic information management apparatus 10 encrypts the transmitted electronic mail with the session key 110 and then stores the encrypted transmitted electronic mail in the mail server 20. As a result, the electronic information management apparatus 10 according to the present embodiment decrypts the encrypted electronic mail at high speed while maintaining robustness against information leakage not only for the received electronic mail but also for the transmitted electronic mail. Can be able to.

  Also, the electronic information that is managed by the electronic information management apparatus 10 according to the present embodiment is not limited to electronic mail. The electronic information that is managed by the electronic information management apparatus 10 may be, for example, an instant message.

<Second Embodiment>
FIG. 6 is a block diagram conceptually showing the structure of the electronic information management apparatus 50 according to the second embodiment of the present invention.

  The electronic information management apparatus 50 according to the present embodiment includes a storage unit 51, an encryption unit 52, a decryption unit 53, and a control unit 54.

  The storage unit 51 stores an unencrypted session key 510 that can encrypt and decrypt the electronic information 600.

  The encryption unit 52 encrypts the electronic information 600 using the session key 510.

  The control unit 54 controls to store the electronic information 600 encrypted with the session key 510 in the external device 60. The control unit 54 controls the acquisition of the stored electronic information 600 from the external device 60.

  The decryption unit 53 decrypts the electronic information 600 acquired by the control unit 54 using the session key 510.

  The electronic information management device 50 according to this embodiment can decrypt encrypted electronic information at high speed while maintaining robustness against information leakage. The reason is that the electronic information management device 50 encrypts the electronic information 600 acquired from the external device 60 using the session key 510 stored without encryption in the own device, and encrypts it with the session key 510. This is because the electronic information 600 is stored and managed in the external device 60.

<Hardware configuration example>
In each of the above-described embodiments, each unit in the electronic information management apparatuses 10, 10A, and 50 shown in FIGS. 1, 4, and 6 can be realized by a dedicated HW (HardWare) (electronic circuit). 1, 4, and 6, at least the following configuration can be regarded as a function (processing) unit (software module) of a software program.
A storage control function in the storage units 11 and 51;
The encryption units 12, 12A and 52,
-Decoding sections 13, 13A and 53,
Control units 14 and 54,
Generation unit 15.

  However, the division of each part shown in these drawings is a configuration for convenience of explanation, and various configurations can be assumed for mounting. An example of the hardware environment in this case will be described with reference to FIG.

FIG. 7 is a diagram exemplarily illustrating the configuration of an information processing apparatus 900 (computer) that can execute the electronic information management apparatus according to each embodiment of the present invention. That is, FIG. 7 shows a configuration of a computer (information processing apparatus) that can realize the electronic information management apparatus shown in FIGS. 1, 4, and 6, or a part thereof, and each function in the above-described embodiment. Represents a hardware environment capable of realizing The information processing apparatus 900 illustrated in FIG. 7 includes the following as constituent elements.
CPU (Central_Processing_Unit) 901,
ROM (Read_Only_Memory) 902,
RAM (Random_Access_Memory) 903,
-Hard disk (storage device) 904,
A communication interface 905 with an external device such as a wireless transmission / reception unit,
・ Bus 906 (communication line),
A reader / writer 908 capable of reading and writing data stored in a recording medium 907 such as a CD-ROM (Compact_Disc_Read_Only_Memory)
An input / output interface 909;

  In other words, the information processing apparatus 900 including the above-described components is a general computer in which these configurations are connected via the bus 906. The information processing apparatus 900 may include a plurality of CPUs 901 or may include a CPU 901 configured by a multi-core.

  The present invention described by taking the above embodiment as an example supplies a computer program capable of realizing the following functions to the information processing apparatus 900 shown in FIG. The function is the above-described configuration in the block configuration diagrams (FIGS. 1, 4, and 6) referred to in the description of the embodiment, or the functions of the flowcharts (FIGS. 2 and 3). The present invention is then achieved by reading the computer program to the CPU 901 of the hardware, interpreting it and executing it. The computer program supplied to the apparatus may be stored in a readable / writable volatile memory (RAM 903) or a nonvolatile storage device such as the ROM 902 or the hard disk 904.

  In the above case, a general procedure can be adopted as a method for supplying the computer program into the hardware. The procedure includes, for example, a method of installing in the apparatus via various recording media 907 such as a CD-ROM, a method of downloading from the outside via a communication line such as the Internet, and the like. In such a case, it can be understood that the present invention is configured by a code constituting the computer program or a recording medium 907 in which the code is stored.

  The present invention has been described above using the above-described embodiment as an exemplary example. However, the present invention is not limited to the embodiment described above. That is, the present invention can apply various modes that can be understood by those skilled in the art within the scope of the present invention.

DESCRIPTION OF SYMBOLS 1 Electronic information management system 1A Electronic information management system 1B Electronic information management system 10 Electronic information management apparatus 10A Electronic information management apparatus 10-1 thru | or 10-n Electronic information management apparatus 11 Storage part 11A Storage part 110 Session key 111 Secret key 112 Management Table 12 Encryption unit 12A Encryption unit 13 Decryption unit 13A Decryption unit 14 Control unit 15 Generation unit 20 Mail server 20A Mail server 200 Electronic mail 201 Session key 202 Public key 210 Electronic mail 30 Communication network 40 Storage device 410 Session key 50 Electronic Information management device 51 Storage unit 510 Session key 52 Encryption unit 53 Decoding unit 54 Control unit 60 External device 600 Electronic information 900 Information processing device 901 CPU
902 ROM
903 RAM
904 Hard disk (storage device)
905 Communication interface 906 Bus 907 Recording medium 908 Reader / writer 909 Input / output interface

Claims (10)

Storage means capable of encrypting and decrypting electronic information and storing an unencrypted session key;
Encryption means for encrypting the electronic information using the session key;
Control means for controlling the electronic information encrypted by the session key to be stored in an external device; and control means for controlling acquisition of the stored electronic information from the external device;
Decryption means for decrypting the electronic information acquired by the control means using the session key;
An electronic information management device comprising: Further comprising generating means for generating the session key and storing the generated session key in the storage means;
The electronic information management apparatus according to claim 1. The generation means updates the session key at a predetermined timing,
The control means acquires the electronic information from the external device before the generation means updates the session key,
The decryption means decrypts the electronic information acquired by the control means using the session key before being updated by the generation means,
The encryption means encrypts the electronic information decrypted by the decryption means by using the session key after being updated by the generation means.
The electronic information management apparatus according to claim 2. The encryption means performs encryption using the session key only for specific electronic information whose contents satisfy a predetermined condition among the plurality of electronic information,
The decryption means decrypts the specific electronic information encrypted by the session key using the session key;
The electronic information management apparatus according to any one of claims 1 to 3. When a plurality of the electronic information encrypted by the different session keys are stored in the external device from the outside,
The storage means associates each of the plurality of electronic information with each of the plurality of session keys, and stores the plurality of session keys,
The decryption means decrypts the electronic information using the specific session key associated with the electronic information;
The electronic information management apparatus according to any one of claims 1 to 4. The storage means is constituted by a removable recording medium.
The electronic information management apparatus according to any one of claims 1 to 5. The electronic information is an email or an instant message.
The electronic information management apparatus according to any one of claims 1 to 6. A plurality of electronic information management devices according to any one of claims 1 to 7;
The external device;
A storage device in which the session key is encrypted and stored,
Each of the electronic information management devices acquires the session key from the storage device, decrypts the session key, and stores the decrypted session key in the storage unit.
Electronic information management system. When an unencrypted session key that can be encrypted and decrypted for electronic information is stored in the storage means,
Depending on the information processing device,
Encrypting the electronic information using the session key;
Controlling the electronic information encrypted by the session key to be stored in an external device, and controlling obtaining the stored electronic information from the external device;
Decrypting the acquired electronic information using the session key;
Electronic information management method. A computer comprising storage means for storing an unencrypted session key that can encrypt and decrypt electronic information;
An encryption process for encrypting the electronic information using the session key;
Control to store the electronic information encrypted by the session key in an external device; and control processing to control acquisition of the stored electronic information from the external device;
A decryption process for decrypting the electronic information acquired by the control process using the session key;
Electronic information management program to execute.

Images