WO2008059898A1 - Authentication time adding apparatus, authentication time adding method, and program - Google Patents

Abstract

Highly reliable time information on a file attached to electronic mail is easily acquired. Upon receiving electronic mail before a transmission processing from an electronic mail server, a time-stamp adding apparatus (3) determines whether a file is attached to the electronic mail by an attached file presence determining section (301) and, if attached, takes the file from the electronic mail. The time-stamp adding apparatus (3) adds a time-stamp to each file by an electronic signature section (304), reattaches the file to which the time-stamp is added to the electronic mail by an electronic mail reconfiguring section (306), and returns it to the server.

Description

 Specification

 Authentication time addition device, authentication time addition method, and program

 Technical field

 The present invention relates to an authentication time adding device, an authentication time adding method, and a program.

 Background art

 [0002] Since e-mail, which is a means for information transmission, is electronic data, its contents are illegally browsed by a third party, and "tampering", where the contents are illegally rewritten by a third party, It's easy to “spoof” a third party to send an e-mail to the person. For example, PGP (Pretty Good Privacy) that uses encryption and S / MIME (Secure /) that uses encryption and digital signatures as technologies to prevent such fraud and increase the security when sending and receiving e-mails. Multipurpose Internet Mail Extensions) is known

[0003] Generally, the transmission date and time given to the header of an electronic mail depends on the date and time set in the machine (personal computer or the like) that is the transmission source of the electronic mail. For this reason, if the date and time set for a personal computer or the like is incorrect, an incorrect date and time is also given to the e-mail transmission date and time. For this reason, even if the originality of the e-mail text can be secured by technology such as S / MIME, the reliability of the transmission date / time will be impaired.

 [0004] In order to avoid such a problem, Patent Document 1 discloses a technique for adding a reliable time stamp to the body of an electronic mail. According to this technology, even if a file is attached to the received e-mail! /, It is added to the body of the e-mail! / Can be obtained with reliability.

 Patent Document 1: Japanese Translation of Special Publication 2005-531995

 Disclosure of the invention

 Problems to be solved by the invention

[0005] However, the technique disclosed in Patent Document 1 is that the attached file is sent when the attached file is stored in a different storage location from the electronic mail text separated from the electronic mail text. The date and time received can not be specified directly based on the attached file. For this reason, the recipient needs to search for the email with the file attached and specify the date and time of transmission based on the reliable timestamp given to the email body. It was.

The present invention has been made in view of the above circumstances, and an object thereof is to easily obtain highly reliable time information regarding a file attached to an e-mail.

 Means for solving the problem

 In order to solve the above problems, an authentication time adding device according to the present invention includes an e-mail acquisition unit that acquires an e-mail to which a file is attached, and an e-mail acquired by the e-mail acquisition unit. A file authentication time information adding means for adding authentication time information indicating an authenticated time to a file attached! / Song, and a file to which the authentication time information is added by the file authentication time information adding means are attached. And e-mail output means for outputting e-mail.

 [0008] For example, the file authentication time information adding means includes an authentication time information request data transmitting means for transmitting authentication time information request data for requesting authentication time information to a time authentication server for performing time authentication, and the authentication Authentication time information receiving means for receiving authentication time information according to the authentication time information request data transmitted by the time information request data transmitting means from the time authentication server, and authentication time information received by the authentication time information receiving means May be configured to include reception authentication time information adding means for adding to a file attached to the e-mail acquired by the e-mail acquisition means.

[0009] For example, the authentication time information request data transmission means includes a file electronic signature data acquisition means for acquiring electronic signature data of a file attached to the electronic mail acquired by the electronic mail acquisition means! Hash value generation means for generating a hash value of the electronic signature data acquired by the file electronic signature data acquisition means, and authentication time information request data for generating authentication time information request data including the hash value generated by the hash value generation means Generating means, and hash value transmitting means for transmitting the authentication time information request data including the hash value generated by the authentication time information request data generating means to the time authentication server, The authentication time information receiving means includes a time stamp token including time information and a hash value included in authentication time information request data transmitted by the hash value transmission means from the time authentication server, and the time stamp. The electronic signature data of the token, and the reception authentication time information adding means receives the time stamp token received by the authentication time information receiving means and the electronic signature data of the time stamp token by the electronic mail acquisition means. The authentication time information may be added to a file attached to the acquired e-mail.

[0010] For example, the e-mail acquisition means includes a transmission e-mail acquisition means for acquiring an e-mail attached with a file from a transmission e-mail server that performs e-mail transmission processing, and the transmission e-mail acquisition A file extracting means for taking out a file attached to the e-mail from the e-mail acquired by the means;

 The file authentication time information adding means adds authentication time information to the file extracted by the file extracting means,

 The e-mail output means includes a file attachment means for attaching the file to which the file authentication time information addition means has added the authentication time information to the electronic mail from which the file has been extracted by the file extraction means, and the file attachment The unit may be configured to include a transmission e-mail output unit that outputs an e-mail attached with a file to the transmission e-mail server.

 [0011] For example, the e-mail output means further includes e-mail authentication time information adding means for adding authentication time information to the e-mail to which the file attachment means has attached a file,

 The transmission e-mail output means may be configured to output an e-mail to which the e-mail authentication time information addition means has added authentication time information to the transmission e-mail server.

[0012] For example, it is determined whether or not the format of the file attached to the e-mail acquired by the e-mail acquisition unit is an additional information storage format including an additional information storage area for storing authentication time information. The format discriminating unit and the format discriminating unit discriminate that the file format is not the additional information storage format. A format conversion means for converting the format of the file into an additional information storage format.

 The file authentication time information adding means may be configured to record the authentication time information in an additional information storage area of the file whose format has been converted by the format conversion means.

 [0013] For example, conversion condition specifying means for specifying a conversion condition for converting the format of a file attached to an e-mail acquired by the e-mail acquiring means, and conversion specified by the conversion condition specifying means Format conversion means for converting the format of the file into a format according to conditions,

 The file authentication time information adding means may be configured to record the authentication time information in an additional information storage area of the file whose format has been converted by the format conversion means.

 [0014] For example, the file authentication time information adding means is an authentication time information recording file for generating an authentication time information recording file in which authentication time information of a file attached to an e-mail acquired by the e-mail acquiring means is recorded. And an authentication time information recording file attachment means for attaching the authentication time information recording file generated by the authentication time information recording file generation means to the electronic mail acquired by the electronic mail acquisition means,

 The e-mail output means may be configured such that the authentication time information record file attachment means outputs an e-mail attached with an authentication time information record file.

[0015] For example, it further includes an attachment condition designating unit for designating an attachment condition for designating whether to generate the authentication time information recording file and attach it to an e-mail,

 The e-mail output means may be configured such that the authentication time information record file attachment means outputs an e-mail attached with an authentication time information record file according to a condition designated by the attachment condition designation means. .

[0016] For example, it further includes correspondence information adding means for adding correspondence information for associating the authentication time information recording file and the electronic mail to a header of the electronic mail, and the electronic mail output means includes the correspondence information E-mail added to the header It may be configured to force.

[0017] Also provided is an authentication time addition method for realizing the main functions of the present invention. Furthermore, a program for causing a computer to execute the main functions of the present invention is provided. The invention's effect

 [0018] According to the present invention, time information related to a file attached to an electronic mail can be obtained with high reliability and reliability.

 Brief Description of Drawings

 FIG. 1 is a diagram showing an overall configuration of a time stamp addition system according to a first embodiment of the present invention.

Yes

 FIG. 2 is a diagram showing a circuit configuration of a time stamp adding device.

 FIG. 3A is a diagram showing an example of a data structure of conversion format information.

 FIG. 3B is a diagram showing an example of a data structure of a file according to a time stamp addition format.

 FIG. 4A is a diagram schematically showing a process of generating a signature value for an attached file.

 FIG. 4B is a diagram schematically showing a process of generating a time stamp request hash value.

 FIG. 4C is a diagram schematically showing data exchange between the time stamp adding device and the TSA server.

 FIG. 5 is a flowchart showing time stamp addition processing by the time stamp addition apparatus of the first embodiment.

 FIG. 6 is a flowchart showing file electronic signature processing.

 FIG. 7 is a flowchart showing a file time authentication process.

 FIG. 8 is a flowchart showing a file time stamp verification process when the time stamp of a file attached to an e-mail is verified on the receiving side.

 FIG. 9A is a diagram showing a first example of an e-mail data structure reconstructed by an e-mail reconstructing unit included in the time stamp addition apparatus of the second embodiment.

 FIG. 9B is a diagram showing a second example of the data structure of the email reconstructed by the email reconstruction unit included in the time stamp addition apparatus of Embodiment 2.

FIG. 10 is a block diagram showing an internal configuration of a time stamp adding apparatus according to the third embodiment. FIG. 11] An example of a data structure of time stamp additional information according to the third embodiment. Explanation of symbols

 1 User terminal

 2 Mail server

 3 Time stamp adding device

 4 TSA server

 5 network

 30 Control unit

 31 Communication Department

 32 1 Memory

 301 Attachment existence judgment part

 302 Format discriminator

 303 Format converter

 304 Electronic signature

 305 Time authentication part

 306 Email reconstruction unit

 307 Time stamp addition rule specification part

 321 Conversion format information

 322 Private key management information

 323 Time stamp additional information

BEST MODE FOR CARRYING OUT THE INVENTION

 (Embodiment 1)

Hereinafter, a time stamp addition system (including an authentication time addition device, an authentication time addition method, and a program) according to Embodiment 1 of the present invention will be described. As shown in FIG. 1, the time stamp addition system of Embodiment 1 includes a user terminal 1, a mail server 2, a time stamp addition device 3, a TSA (Time Stamping Authority) server 4, and a network 5. User terminal 1, mail server 2, time stamp adding device 3, and TSA server 4 They are connected to each other via work 5. The network 5 may be any network that can send and receive data, such as the Internet, an intranet, and a public network. For example, the user terminal 1, the mail server 2, and the time stamp adding device 3 may be connected to the same intranet.

 [0023] The user terminal 1 is composed of a personal computer (PC) or the like, and executes a process according to a user operation. For example, the user terminal 1 executes creation of an electronic mail, attachment of a file to the created electronic mail, transmission of an electronic mail with a file attached, and the like according to a user operation. Hereinafter, a file attached to an e-mail is referred to as an “attached file”, and an e-mail having an attached file is referred to as an “attached file e-mail”.

 [0024] The mail server 2 is composed of a server device or the like, and performs transmission / reception processing of electronic mail. For example, the mail server 2 transmits an electronic mail created by the user terminal 1 to a mail sano (not shown) of another user at the transmission destination. In addition, the mail server 2 receives an electronic mail transmitted from the other user terminal (not shown) to the user terminal 1 via the network 5 and holds it until a reception request is received from the user terminal 1.

 Note that the mail server 2 once transmits the e-mail to the time stamp adding device 3 before sending the e-mail supplied from the user terminal 1 to the transmission destination. This operation is to request the time stamp adding device 3 to attach a time stamp authenticated by the TSA server 4 to the attached file when an attached file is attached to the e-mail! Is called.

 [0026] The time stamp adding device 3 is constituted by a server device, for example, and assigns a time stamp to the electronic mail transmitted from the mail server 2 and the attached file of the electronic mail. Here, the “time stamp” is information indicating the time (date and time) authenticated by the TSA server 4.

The time stamp adding device 3 determines whether or not an attached file is attached to the email received from the mail server 2 and attaches the time stamp to each attached file. Then, the attached e-mail with the attached file is supplied to the mail server 2. The time stamp adding device 3 is a time stamp for requesting the time stamp issuance. A tamping request message is transmitted to the TSA server 4, and the time stamp issued by the TSA server 4 is attached to the attached file in response to the request.

 [0027] The TSA server 4 is configured by a server device or the like, and functions as a time stamping authority (TSA). The TSA server 4 issues a time stamp in response to a request from the time stamp adding device 3 and supplies the time stamp to the time stamp adding device 3. The time certification authority (time stamp authority), for example, authenticates the time of electronic data created by the user in response to a request from the user and issues a time stamp. Hereinafter, it is referred to as a “time authentication operator”.

 [0028] The TSA server 4 is connected to a TA sano (not shown) provided in a time authority (TA) via a predetermined network. The TSA server 4 maintains the reliability of the issued time stamp by receiving a highly accurate time distribution based on the standard time from the TA server. In the first embodiment, the TSA server 4 issues a time stamp in accordance with the time stamp protocol format using PKI (Public Key Infrastructure).

 Next, a circuit configuration of the time stamp adding apparatus 3 according to the first embodiment included in such a time stamp adding system will be described. As shown in FIG. 2, the time stamp adding device 3 includes a control unit 30, a communication unit 31, and a storage unit 32.

 The control unit 30 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and controls the time stamp adding device 3 as a whole. For example, the control unit 30 executes a time stamp addition process for adding a time stamp to the attached file of the e-mail. When performing various arithmetic processes and control processes, the control unit 30 causes the CPU to execute the control program stored in the ROM while temporarily storing various data in the RAM.

 [0031] Further, the control unit 30 includes an attached file existence determination unit 301, a format determination unit 302, a format conversion unit 303, an electronic signature unit 304, a time authentication unit 305, and an e-mail reconstruction unit 306. . Details of each unit 30;! To 306 will be described later.

The communication unit 31 includes a communication interface and the like, and communicates with an external device via the network 5. For example, the communication unit 31 communicates with the mail server 2 via the intranet. Data communication with the TSA server 4 via the network 5. When the communication unit 31 receives an e-mail scheduled to be transmitted to the transmission destination (destination) by the mail server 2 from the mail server 2, the communication unit 31 supplies the e-mail to the attached file existence determination unit 301.

The storage unit 32 includes an auxiliary storage device such as a ROM (Read Only Memory), a RAM (Random Access Memory), and a hard disk, and stores various types of information, programs, and the like. For example, the storage unit 32 stores conversion format information 321, secret key management information 322, and the like.

 As shown in FIG. 3A, conversion format information 321 associates “time stamp non-addition format Fn” with “time stamp addition format Fa”. “Time stamp non-addition format Fn” is a format that has been subjected to format conversion by the format conversion unit 303, and is a format that the control unit 30 does not add a time stamp to! /. is there. The “time stamp addition format Fa” is a format that has been subjected to format conversion by the format conversion unit 303 and is a format to which the control unit 30 can assign a time stamp.

 The structure of the time stamp addition format Fa will be described. As shown in FIG. 3B, the file converted into the time stamp addition format Fa has a “main data area DA” and an “additional information area IA”. Here, the “main data area” is an area for storing the main data of the file, and the “additional information area” is an area for storing additional information about the file such as an electronic signature and a time stamp. It is. In the main data area, data indicating the contents of the document is stored if the attached file of the conversion source is a document file, and image data is stored if the attached file is an image file.

 [0036] Note that the time stamp non-addition format Fn does not have an additional information area! /, A file format, or even if it has an additional information area, information such as a time stamp is included in that area. This is a file format that runs out of capacity when stored.

 The private key management information 322 stores the private key of the person who created the electronic mail to which the time stamp is added by the time stamp adding device 3. For example, the secret key management information 322 stores the secret key of the user who creates an email by the user terminal 1.

Next, each unit 30;! To 306 included in the control unit 30 shown in FIG. 2 will be described. The attached file existence determining unit 301 determines whether or not an attached file is attached to the e-mail supplied from the communication unit 31. If it is attached, the attached file existence determination unit 301 separates and extracts the attached file from the electronic mail. When a plurality of attached files are attached to the e-mail, the attached file existence determining unit 301 extracts each attached file separately from the e-mail. If the attached file is not attached to the electronic mail, the attached file existence determining unit 301 supplies the electronic mail to the electronic signature unit 304.

 [0039] The format discriminating unit 302 indicates that the file format of each attached file extracted by the attached file existence discriminating unit 301 is a difference between the time stamp non-addition format Fn and the time stamp addition format Fa! /. Is determined. For example, the format discriminating unit 302 discriminates the file format based on an extension for identifying the type of the attached file, file type information attached to the attached file, or the like.

 [0040] The format conversion unit 303 refers to the conversion format information 321 shown in FIG. 3A, and converts the format of the attached file that has been determined by the format determination unit 302 to be the non-timestamping format Fn. Convert to additional format Fa. The attached file after the format conversion is subject to digital signature and time authentication. In the example of FIG. 3A, if the format of the attached file of the conversion source is the file format C, the format conversion unit 303 converts the file format C to the file format A.

 Note that when the format determination unit 302 determines that the attached file is the time stamp addition format Fa, the format conversion unit 303 does not perform the format conversion process of the attached file.

[0042] If the electronic signature is not attached to the electronic mail and the attached file, the electronic signature unit 304 attaches the electronic signature to them. For example, the electronic signature unit 304 uses the private key stored in the private key management information 322 to generate the signature value of the file of the e-mail or the time stamp addition format Fa. Here, the signature value refers to digital signature data based on a digital signature procedure specified by PRCS (Public Key Cryptography Standards) 7 or the like, for example. [0043] The time authentication unit 305 attaches the time stamp issued by the TSA server 4 to the electronic mail to which the electronic signature is given by the electronic signature unit 304 and the attached file of the electronic mail. Then, the time authentication unit 305 supplies the electronic mail to which the time stamp is given to the electronic mail reconstruction unit 306.

 [0044] The e-mail reconstructing unit 306 re-attaches the e-mail by reattaching each attached file to which the time stamp is given by the time authenticating unit 305 to the e-mail separated by the attached file existence determining unit 301. Constitute. Then, the email reconstructing unit 306 supplies the reconstructed email to the electronic signature unit 304.

 Hereinafter, an operation in which the control unit 30 having the above configuration generates a signature value corresponding to the data of the attached file will be described. As shown in FIG. 4A, the electronic signature unit 304 of the control unit 30 is first stored in the main data area of the attached file using a predetermined hash function (for example, MD5, SHA-1, SHA-256, etc.). A message digest (hash value) corresponding to the stored data is generated. Subsequently, the electronic signature unit 304 encrypts the message digest with the secret key of the creator of the email with the attached file, and generates a signature value for the attached file. After generation, the electronic signature unit 304 stores the signature value in the additional information area of the attached file.

 Next, an operation in which the time authentication unit 305 generates a “time stamp request hash value” based on the signature value of the attached file generated by the electronic signature unit 304 will be described. Here, the “time stamp request hash value” is information used when the time authentication unit 305 requests the TSA server 4 to issue a time stamp.

 First, the time authentication unit 305 reads the signature value of the attached file generated by the electronic signature unit 304 from the additional information area of the attached file to which the time stamp is to be attached. Subsequently, as shown in FIG. 4B, the time authentication unit 305 generates a hash value corresponding to the signature value based on a predetermined hash function, and determines the hash value as a hash value for time stamp request.

Next, the time authentication unit 305 requests the TSA server 4 to issue a time stamp using the hash value for requesting time stamp. As shown in FIG. 4C, the time authentication unit 305 includes a time stamp request message in a predetermined format including a hash value for time stamp request. The message is generated and the message is transmitted to the TS A server 4 via the communication unit 31.

[0049] When receiving the time stamp request message from the time stamp adding apparatus 3, the TSA server 4 on the receiving side generates a time stamp token. This time stamp token includes time information indicating the exact time when the TSA server 4 authenticated the attached file, and a hash value for the time stamp request in the received time stamp request message.

[0050] After the time stamp token is generated, the TSA server 4 generates a signature value corresponding to the time stamp token by substantially the same processing as the processing of the electronic signature unit 304 shown in FIG. 4A. That is, the TSA server 4 generates a signature value corresponding to the token by encrypting the hash value of the time stamp token obtained by a predetermined hash function with the secret key of the TSA server 4. Further, the TSA server 4 generates a “response message” including a time stamp token and the signature value of the token in accordance with a predetermined format, and transmits it to the request time stamp adding device 3.

 By such processing, the time stamp adding device 3 can acquire a response message including the exact time when the attached file is authenticated by the TSA server 4.

 [0051] Based on the signature value of the time stamp token included in this response message, it is possible to verify later whether or not the time stamp token has been generated by the legitimate TSA server 4. When performing such verification, the signature value in the response message is decrypted with the public key of TSA server 4 to obtain the hash value of the token obtained by TSA server 4, and a predetermined hash function is used. The hash value of the time stamp token in the response message is obtained. When the hash value obtained by decrypting the signature value and the hash value of the time stamp token obtained by the hash function match each other, the token is a token generated by the legitimate TSA server 4. What is necessary is just to discriminate | determine.

The time authentication unit 305 refers to the response message received by the communication unit 31 and verifies the time stamp issued by the TSA server 4. Specifically, (1) the presence or absence of an error message in the response message, (2) the presence or absence of a time stamp token in the response message, and (3) whether the time stamp token was generated by a legitimate TSA server 4 (4) Hash value power S included in the time stamp token, the time set by the time authentication unit 305 It is verified whether or not the hash value for the time stamp request matches.

If the time stamp token is a normal one that satisfies the verification items described above, the time authentication unit 305 writes the time stamp token in the response message and the signature value of the token in the additional information area of the attached file. The electronic signature unit 304 and the time authentication unit 305 determine the time stamp addition position in the additional information area, the hash target data range in the main data area, and the like according to the file format of each attached file. A signature process and a time authentication process suitable for each are executed.

[0054] When time stamps are given to all attached files by the time authentication unit 305, the e-mail reconstructing unit 306 converts each attached file into an e-mail that has been separated by the attached file existence determining unit 301. Attach it again and reconstruct a new email with attachments. Further, the e-mail reconstructing unit 306 supplies the reconfigured e-mail to the electronic signature unit 304.

 [0055] The electronic signature unit 304 assigns an electronic signature to the new attached file-attached email by substantially the same processing as the processing shown in FIG. 4A, and sends the electronic signature to the time authentication unit 305. Supply.

 [0056] However, when this electronic signature is given, the electronic signature unit 304 creates a message digest (hash) for the entire new email with an attached file (including the attached file) excluding the header part. Value). After the generation, the electronic signature unit 304 encrypts the hash value with the private key of the electronic mail creator in the private key management information 322, and generates a signature value corresponding to the entire new attached-attached electronic mail.

 [0057] Further, the electronic signature unit 304 encodes the signature value into character string data in accordance with a method such as BASE64, and writes the character string data in the header part of the email, thereby providing the electronic signature to the email. Give. Note that the signature value is not limited to be written in the header part, but may be linked to electronic mail as electronic signature data. If the attached file existence discriminating unit 301 determines that an attached file is attached to the email! /, Te! /, Na! /, The electronic signature unit 304 creates an electronic signature for the body of the email. Apply.

[0058] The time authentication unit 305 adds a time stamp to the new electronic mail with attached file, and sends the e-mail with the time stamp to the e-mail reconstruction unit 306. Supply. When adding a time stamp, the time authentication unit 305 determines a hash value for requesting a time stamp by substantially the same processing as in FIG. 4B. Then, a time stamp request message including the hash value is generated and transmitted to the TS A server 4.

 [0059] When the time authentication unit 305 receives a response message corresponding to the request message from the TSA Sano 4, the time authentication unit 305 determines whether or not the response message is normal. If the response message is normal, the time stamp in the response message is determined. The token and its signature value are added to the header part of the e-mail. Note that the storage location of the time stamp token etc. is not limited to the header part, but may be the non-signature attribute area of the electronic signature data! /.

 [0060] Upon receipt of the reconstructed attached email with the time stamp added from the time authentication unit 305, the email reconstruction unit 306 sends the email to the mail server 2 via the communication unit 31. Output. Note that an electronic signature may be attached only to the body of an email even if it is an email with an attached file. In this case, the electronic signature unit 304 determines whether or not an electronic signature is received in the electronic mail received from the mail server 2, and if there is no electronic signature, the electronic signature may be added to the electronic mail.

 Next, a “time stamp addition process” in which the time stamp adding apparatus 3 having the above-described configuration adds a time stamp to the email received from the mail server 2 and the email with the attached file will be described. This time stamp addition processing is started when the communication unit 31 of the time stamp addition device 3 receives an e-mail before being transmitted from the mail server 2 to the transmission destination. In the following example, it is assumed that the mail received by the time stamp adding device 3 is an electronic mail created by the user terminal 1.

 As shown in FIG. 5, first, the attachment file existence determination unit 301 determines whether or not a file is attached to the electronic mail received by the communication unit 31 (step S 101).

 [0063] If no file is attached to the e-mail (step S101; No), the control unit 30 moves the process to step S109 in order to apply an electronic signature and time authentication to the e-mail body. If it is attached (step S 101; Yes), the attached file existence determination unit 301 separates the attached file and the body of the email attached to the email! /, And removes the attached file from the email. Extract (step S102).

[0064] Subsequently, the format determination unit 302 adds a time stamp to the extracted file. It is determined whether or not the format is for use Fa (step S103).

 If it is the time stamp addition format Fa (step S103; Yes), the process skips step S104 and proceeds to step S105.

 [0065] On the other hand, if the attached file is not the time stamp addition format Fa (step S1 03; No), the format conversion unit 303 sets the format of the attached file for time stamp addition based on the conversion format information 321. Convert to format Fa (step S104). Then, the control unit 30 moves the process to step S105.

 [0066] To add an electronic signature to the attached file, the electronic signature unit 304 executes a file electronic signature process (step S105). As shown in FIG. 6, in the file electronic signature process, first, the electronic signature unit 304 determines whether or not an electronic signature has already been added to the attached file (step S201). If it has already been assigned (step S201; Yes), the control unit 30 ends the file digital signature process as it is, and the process returns to FIG.

 On the other hand, if the electronic signature is not added (step S201; No), the electronic signature unit 304 uses the user's private key stored in the private key management information 322 to store the attached file. A signature value is generated, and the signature value is added to the file as an electronic signature (step S202). After the addition, the process returns to FIG.

 [0068] After the file digital signature process is completed, the time authentication unit 305 executes the file time authentication process shown in FIG. 7 in order to add a time stamp to the file (step S106). In this file time authentication process, as shown in FIG. 7, first, the time authentication unit 305 generates a time stamp request hash value for the signature value added to the attached file (step S301). .

 [0069] Next, the time authentication unit 305 generates a time stamp request message including the hash value for time stamp request shown in FIG. 4B (step S302), and sends the time stamp request message to the communication unit 31. To the TSA server 4 (step S303).

[0070] Time authentication unit 305 determines whether or not a response message to the transmitted time stamp request message has been received from TSA server 4 via communication unit 31 (step S304). If the response message has not been received (step S304; No), the time authentication unit 305 waits until the response message is received. [0071] If the response message has been received (step S304; Yes), the time authentication unit 305 determines whether the time stamp (time stamp token and its signature value) included in the response message is normal or not. (Step S305).

 If the time stamp is not normal (step S 305; No), the process returns to step S 303, and the time authentication unit 305 transmits the time stamp request message to the TSA server 4 again. When the number of times that the time stamp is determined to be not normal in step S305 reaches a predetermined value, the time stamp adding device 3 notifies the user terminal 1 and the mail server 2 of an error, and the time stamp adding process is performed. You may make it complete | finish.

 [0073] If the time stamp is normal (step S305; Yes), the time authentication unit 305 adds the time stamp acquired from the TSA server 4 via the communication unit 31 to the attached file (step S306). ). Then, the control unit 30 ends the file time authentication process, and the process returns to FIG.

 Subsequently, as shown in FIG. 5, the control unit 30 determines whether or not a time stamp has been added to all the attached files whose e-mail power is also extracted in step S102 (step S107). . If time stamps are not added to all the files (step S107; No), the control unit 30 returns the process to step S103, and performs steps S103 to S106 for each file to which no time stamp is added. Execute the process.

 [0075] When time stamps are added to all files (step S107; Yes), the e-mail reconstruction unit 306 adds all files with time stamps to step S102! /, Then, it is attached again to the email once separated from the attached file, and a new email with the attached file is reconstructed (step S108).

 Subsequently, in order to give an electronic signature to the entire newly reconstructed electronic mail with attached file, the electronic signature unit 304 is substantially the same as the file electronic signature process shown in FIG. The electronic mail electronic signature process (step S109) of 5 is executed.

[0077] When an electronic signature is applied to the entire email including the time stamp attached to the attached file, even if the electronic signature has already been added to the email (see Fig. 6). In step S201, Yes), the added electronic signature is not for an e-mail including the time stamp of the attached file. Therefore, the process is as shown in Figure 6. In step S202, the electronic signature unit 304 generates a new signature value for the entire electronic mail including the time stamp of the attached file and adds it to the electronic mail.

 [0078] When the electronic signature processing is completed, the time authentication unit 305 performs substantially the same processing as that of the file time authentication processing shown in FIG. 7 in order to add a time stamp to the email. Time authentication processing (step S110) is performed. In other words, the time authentication unit 305 attaches the time stamp issued by the TSA server 4 to the attached email with attached signature value based on the signature value. As a result, the authentication time information is added to each attached file and the entire electronic mail including each attached file.

 The control unit 30 transmits the electronic mail to which the electronic signature and the authentication time are given to the mail server 2 via the communication unit 31 (Step S111). The time stamp addition process is thus completed.

 Next, a description will be given of the file time stamp verification process performed at the e-mail transmission destination (PC or the like on the e-mail receiving side) to which the time stamp is given by the time stamp addition process described above.

 [0081] This file time stamp verification process is performed, for example, when a user who receives an e-mail with an attached file separates the attached file from the e-mail and saves it on the file saving PC. To start verifying the time stamp of the file.

 As shown in FIG. 8, the file storage PC first reads the time stamp recorded in the additional information area in the attached file (step S401). As a result, the file saving PC obtains the “time stamp token” and “signature value of the time stamp token” stored in the time stamp.

[0083] After the acquisition, the file storage PC determines whether the time stamp token has been tampered with (step S402). The method for determining the presence or absence of tampering is arbitrary. For example, a value obtained by decrypting the obtained signature value with the public key of the TSA server 4, the obtained time stamp token force, and a predetermined hash function are used. This can be determined by comparing the obtained hash value. If these values do not match, it is determined that the time stamp token has been tampered with (step S402; No), and processing is performed to notify the user that the time stamp is invalid. Reason (Ma step S409i proceed.

 [0084] If these values match, the file storage PC determines that the time stamp token is a legitimate token that has not been tampered with (step S402; Yes). In this case, the hash value contained in the time stamp token is read to extract the hash value from the time stamp (step S403).

 [0085] Next, the file storage PC reads the signature value of the attached file attached to the attached file! /, And uses the same hash function as the hash function used by the time stamp adding device 3, A hash value of the signature value of the file is generated (step S404). After the generation, the file storage PC determines whether or not the generated hash value matches the hash value extracted from the time stamp in step S403 (step S405). If the hash values do not match each other (step S405; No), the process proceeds to step S409 to notify the user that the time stamp is invalid.

 [0086] If the hash values match each other (step S405; Yes), it is considered that the time stamp has been detected normally, and then the file storage PC verifies the electronic signature of the file (step S406). ). For example, the file storage PC confirms the validity of the electronic certificate and determines whether the attached file has been tampered with (step S407). If there is no tampering (step S407; Yes), the file storage PC notifies the user that the time stamp is valid (step S408), and the processing ends, assuming that the file transmission date / time has been proved.

 [0087] On the other hand, if the attached file has been tampered with (step S407; No), the file storage date / time PC notifies the user that the time stamp is invalid (step S407; No). S409), the file time stamp verification process is completed. Note that this file time stamp verification processing may verify the electronic signature attached to the attached file before determining whether the time stamp attached to the attached file has been tampered with.

[0088] Note that the receiving side (file saving PC) of the attached file-attached e-mail to which the time stamp is added by the time stamp adding process described above, attaches the attached file before separating the attached file from the e-mail body. It is added to the entire email including it! This verification is substantially equivalent to the file time stamp verification process shown in Figure 8. This can be executed by applying the same process to e-mail. In the following, an e-mail time stamp verification process for performing such an operation will be described.

 [0089] As shown in FIG. 8, when the file storage PC receives the e-mail, it reads a time stamp described in a state encoded in character string data at a predetermined location (for example, a header portion) of the e-mail. (Step S401). When the electronic signature data is linked to the electronic mail, the time stamp stored in the non-signature attribute area of the electronic signature data may be read.

 [0090] Subsequently, the file storage PC decodes the read time stamp (encoded character string data) by a predetermined method (for example, BASE64), and acquires the time stamp token and its signature value. Further, the file storage PC verifies whether or not the time stamp token has been tampered with, and determines whether or not the time stamp token is genuine (step S402).

 [0091] Thereafter, the file saving PC confirms the validity of the time stamp attached to the entire e-mail including the attached file by substantially the same processing as that in steps S404 to S409 of the file time stamp verification processing. Determine. In step S407, the file storage PC determines, for example, whether or not the entire electronic mail has been tampered with based on the verification result of the validity of the electronic certificate. In step S408, the file storage PC determines whether or not the entire electronic mail has been falsified based on the verification result of the electronic signature.

 Thus, not only the transmission date and time and the originality of the entire electronic mail with attached file but also the originality of each attached file attached to the electronic mail can be guaranteed. The recipient of the email with the attached file can separate the attached file from the email and store or distribute it while maintaining the originality of the attached file.

[0093] As described above, according to the first embodiment of the present invention, the time stamp adding device 3 is a time certification business operator (T that functions as a time certification authority under that business operator). The time stamp issued by the SA server 4) is added to each attached file of the e-mail. As a result, even if the e-mail and attached file are stored in different storage locations on the receiving side of the e-mail to which the attached file is attached, the reliability is determined from the time stamp given to the attached file. Easily obtain a high transmission time It becomes ability.

 Further, according to the first embodiment, the time authentication unit 305 obtains the hash value of the time stamp token obtained by decrypting the signature value in the time stamp acquired from the TSA server 4 and a predetermined hash function. By comparing the hash value of the time stamp token obtained by itself with the hash value, it is determined whether the time stamp has been tampered with. If there is no alteration, a time stamp is attached to the attached file. As a result, it is possible to secure the non-falsification of this attached file.

 Furthermore, according to the first embodiment, the time authentication unit 305 stores the time stamp in the additional information area of the file. As a result, the various processes executed based on the data stored in the main data area of the attached file are not affected, and it is possible to maintain consistency with the existing application program.

 It should be noted that the time stamp adding apparatus according to the present invention can be variously modified without departing from the gist of the present invention, which is not limited to the above embodiment. For example, a “time stamp” that functions as a time certificate indicating the information of the authenticated time is not limited to being recorded in the additional information area of the attached file, but the time certificate is linked to the attached file. May be.

 [0096] (Embodiment 2)

 In the first embodiment described above, the time stamp adding device 3 attaches the time stamp generated by the TSA server 4 to the attached file. However, the time stamp adding device 3 may newly generate a time proof file in which the time certificate is recorded, and attach this time proof file together with the attached file to the email text to be transmitted. Hereinafter, the time stamp adding apparatus 3 according to the second embodiment for performing such an operation will be described.

 [0097] In Embodiment 2, the time / time IJ authentication unit 305 includes a time value (time information), a hash value of the attached file (hash value for time stamp request), and a time signature (time stamp). A “time certificate (time stamp)” including the token signature value) is acquired from the TSA server 4 via the communication unit 31. After the acquisition, the time authentication unit 305 generates a time certification file including the authentication time information indicated by the time certificate.

[0098] Further, the time authentication unit 305 uses the file name excluding the extension of the time certification file as the time Set the file name to be the same as the file name excluding the extension of the attached file that is subject to certification, and set the extension of the attached file to an extension that indicates that it is a time certification file

. When the e-mail reconstruction unit 306 reattaches the attached file to the e-mail and reconfigures it, the e-mail reconstructing unit 306 also attaches the time certification file corresponding to the attached file to the e-mail.

 The data structure of the email reconstructed by the email reconstruction unit 306 of the time stamp adding device 3 of Embodiment 2 will be described. As shown in FIG. 9A, the e-mail reconstruction unit 306 in the second embodiment attaches the attached file and the time certification file to the e-mail. The extension tst in Fig. 9A is an extension to indicate that the file with the extension tst is a time certification file. Also, the time proof file corresponding to the attached file fflea.xxx in Fig. 9A is the file fflea.tst, and the time proof file corresponding to the attached file ffleb.yyy is the file ffleb.tst. It can be identified from the file name of the attached file.

 [0100] The file storage PC that received the e-mail with the attached file and the time certificate file, when the attached file is saved separately from the e-mail, the time corresponding to the attached file based on the file name excluding the extension Identify the certification file and save the time certification file along with the attached file. When the file storage PC verifies the time stamp of the attached file, it is recorded in the time certification file corresponding to the attached file.

V, based on the information! / And time stamp verification processing.

 [0101] According to the second embodiment, when an electronic signature has already been added to the attached file, it is possible to perform time authentication of the attached file without adding any data to the attached file. For this reason, a time stamp can be added to an attached file regardless of the file format of the attached file.

 As a result, it is not necessary to provide the format discriminating unit 302, the format converting unit 303, and the conversion format information 321 shown in FIG. 3, and the configuration of the time stamp adding device 3 can be simplified. When the electronic signature unit 304 adds a new electronic signature to the attached file, the electronic signature data may be recorded together with the time certification file.

[0102] Also, in the second embodiment, as shown in Fig. 9B, an associated file for associating the attached file with a time proof file that proves the time of the attached file is created. You may make it attach to an email. In this case, the file name assigned to the time certification file may be arbitrary.

 [0103] Further, instead of creating an associated file, the correspondence information for associating the attached file with the time certification file may be described in the header of the e-mail.

 [Embodiment 3]

 Depending on the format of the attached file, the operation of the time stamp adding device described in the first and second embodiments may be used properly. For example, a rule indicating how to add a time stamp is specified in advance for each format of the attached file. For example, the ability to convert the format and attach a time stamp in the attached file as in Embodiment 1, or the ability to associate the time certification file in which the time stamp was recorded without converting the format as in Embodiment 2; Rules such as, etc. are established for each format. Based on this rule, a time stamp is added to the attached file.

 Hereinafter, a time stamp adding apparatus according to Embodiment 3 of the present invention that selects a time stamp adding operation based on a rule designated in advance will be described.

 First, the internal configuration of the time stamp adding apparatus 3 according to the third embodiment will be described. As shown in FIG. 10, the time stamp adding apparatus 3 is basically the same as the example of FIG. 3 described in the first and second embodiments. However, in the third embodiment, the control unit 30 includes a time stamp addition rule specifying unit 307. Further, the storage unit 32 of the third embodiment stores time stamp additional information 323 instead of the conversion format information 321.

 [0107] Time stamp addition information 323 associates a file format with a time stamp addition rule indicating a method of adding a time stamp. When the format determination unit 302 determines the format of the attached file, the time stamp addition rule specifying unit 307 reads the time stamp addition rule associated with the determined format from the time stamp addition information 323 and applies it to the attached file. To do.

 As shown in FIG. 11, this time stamp addition information 323 stores, for each file format, a time stamp addition rule applied to an attached file in that format.

[0109] In the example of Fig. 11, if the attached file is a text file, the text data of the file Force A time stamp is added to the converted PDF file that can be automatically converted to an SPDF file (Adobe Acrobat (registered trademark) file) and a time stamp can be added. If the attached file is originally a PDF file to which a time stamp can be added, the time stamp is added to the PDF file without any format conversion.

 In the example of FIG. 11, when the attached file is a WORD file (Microsoft Word (registered trademark) file), a time proof file indicating a time stamp is generated and attached to the e-mail. If the format of files stored electronically in a company is standardized as WORD files, if they are automatically converted to WORD file power SPDF files attached to in-house e-mails, There is a need to reconvert, which is cumbersome. Therefore, in order to prioritize internal rules, if the attached file is a WORD file, create a time certificate file without converting the format, and attach the time certificate file to the e-mail along with the WORD file.

 Further, in the example of FIG. 11, when the attached file is an e-mail message file, it is converted to the SPDF file with the body of the message file, and a time stamp is added to the converted PDF file. In other words, when another e-mail is attached as an e-mail attachment, the message is converted to a PDF file by converting only the body of the attached message file in consideration of the distribution of the attached file. Authenticate.

 [0112] In the example of FIG. 11, when the attached file is a CAD (Computer Aided Design) data file, a time certification file indicating a time stamp is created and attached to the e-mail. If a CAD data file is converted to a PDF file, the image accuracy may be reduced, and the correction work may be complicated. To avoid this problem, in the case of an SCAD data file with an attached file, leave it as an attached file, create a time certificate file, and attach it to an e-mail separately.

[0113] The time stamp addition rule specifying unit 307 follows the time stamp addition rule determined for each format! /, Format conversion operation according to the format of each attached file, time certificate attachment operation, etc. Is specified. In other words, the time-stamped calor rule specifying unit 307 specified the conversion condition for converting the format, or specified the attachment condition for specifying whether to generate a time certificate file and attach it to the email. You The conditions specified here are applied to the attached file.

[0114] Specifically, the time stamp addition rule specifying unit 307, if it is determined to add a time stamp by converting the time stamp addition rule format, format conversion unit 303, electronic signature unit 304 Then, the time authentication unit 305, the e-mail reconstruction unit 306, etc. are controlled to convert the attached file into a format to which a time stamp can be added in the same manner as in the first embodiment, and the time stamp is added to the converted file. Append. Time stamp addition rule force S If the time stamp is specified to be added without format conversion, the time stamp addition rule designating unit 307 directly adds the time stamp to the attached file.

 [0115] Further, if it is determined that the time stamp addition rule power S and the time certification file are associated with the attached file and the time stamp is added, the format conversion unit 303, the electronic signature unit 304, the time authentication unit 305, The e-mail reconstruction unit 306 and the like are controlled to create a time certification file as in the second embodiment described above.

 [0116] When time stamps are added to all the attached files, the email reconstructing unit 306, when there is a time certificate file, displays the correspondence between the attached file and the time certificate file in the header of the email. Describe. It is also possible to create a file that shows such correspondences separately! / ヽ.

 [0117] Further, the e-mail reconstructing unit 306 reconstructs the e-mail by attaching the attached file and the time certification file to the e-mail. Then, the electronic signature unit 304 or the time authentication unit 305 performs an electronic signature or time authentication on the entire electronic mail, respectively. The time stamp adding device 3 transmits an e-mail in which the time stamp is added to the attached file by such processing to the mail server 2.

 [0118] According to the third embodiment, it is possible to select a more detailed time stamp addition method in accordance with the file storage method or the like according to the type of the attached file.

In this embodiment, the time stamp additional information 323 stores a conversion operation determined by default. However, the time stamp adding device 3 is provided with an input unit so that the rules in the time stamp additional information 323 can be changed, and conversion operations for individual file formats can be separately registered in the time stamp additional information 323. Good.

 In the embodiments;! To 3, the time stamp adding device 3 has the secret key management information 322 for storing the secret key of the creator of the e-mail. However, the storage location of the user's private key is not limited to the time stamp adding device 3 and may be the user terminal 1. Under such a configuration, when the electronic signature unit 304 determines that an electronic signature has not been added to the attached file, the attached file is temporarily transferred from the time stamp adding device 3 to the user terminal 1 that stores the private key. It is only necessary to transmit and receive the file with the electronic signature added by the user terminal 1. Also, when an electronic signature is added to the entire email with an attached file, the electronic signature unit 304 sends the reconstructed email to the user terminal 1 where the private key is stored, and the user terminal 1 sends the electronic signature. An electronic mail with a signature may be acquired via the communication unit 31.

 [0120] The mail server 2 and the time stamp adding device 3 are not limited to being configured as separate cases, but the mail server 2 and the time stamp adding device 3 may be configured as a single case.

 [0121] The time stamp request message is not limited to storing the hash value of the signature value extracted from the attached file with the electronic signature, but may also store the hash value of the data in the main data area of the attached file. Good. In this case as well, it is possible to avoid affecting the processing executed based on the contents of the main data storage area of the attached file while ensuring the originality of the attached file. It is easy to maintain consistency.

 [0122] The time certification authority is not limited to the time certification business that receives the time distribution from the TA, but the time certification business that receives the time distribution from other time sources by NTP (Network Time Protocol), etc. It may be a time certification company that captures the time of the atomic clock.

 [0123] The function of the control unit 30 of the time stamp adding device 3 is not limited to software, and can also be realized by dedicated hardware. Further, the time stamp adding device 3 may be configured by a normal computer system.

For example, in the examples of the embodiments;! To 3, the time stamp adding apparatus 3 has been described on the assumption that the operation program is stored in advance in a memory or the like. However, the processing operation described above The program to be executed is stored and distributed on a computer-readable recording medium such as a flexible disk, CD—ROM (Compact Disk Read-Only Memory), DVD (Digital Versatile Disk), MO (Magneto-Optical disk), etc. Then, by installing the program in the computer, a device that executes the above processing operation may be configured.

Yes

 [0125] Further, the program may be stored in a disk device or the like of a predetermined server device on a communication network such as the Internet, and may be superposed on a carrier wave and downloaded to a computer. Furthermore, the above-described processing can also be achieved by starting and executing a program while transferring it via a communication network. In addition, when the functions described above are realized by the OS (Operating System) being shared, or when the functions are realized through cooperation between the OS and the application, only the parts other than the OS are stored in the medium for distribution. It may also be downloaded to a computer.

This application is based on Japanese Patent Application No. 2006-307 821 filed with the Japan Patent Office on November 14, 2006, and the contents of this application are incorporated herein.

 Industrial applicability

[0127] Reliable time information regarding a file attached to an e-mail can be easily obtained.

Claims

The scope of the claims  [1] An e-mail acquisition means for acquiring an e-mail attached with a file;  A file authentication time information adding means for adding authentication time information indicating an authenticated time to a file attached to the e-mail acquired by the e-mail acquiring means; and the file authentication time information adding means E-mail output means for outputting an e-mail attached with a file to which authentication time information is added by  An authentication time adding device comprising: [2] The file authentication time information adding means includes:  Authentication time information request data transmitting means for transmitting authentication time information request data for requesting authentication time information to a time authentication server for performing time authentication;  Authentication time information receiving means for receiving authentication time information corresponding to the authentication time information request data transmitted by the authentication time information request data transmitting means from the time authentication server, and authentication time information received by the authentication time information receiving means A reception authentication time information adding means for adding to a file attached to the e-mail acquired by the e-mail acquiring means! /  The authentication time adding device according to claim 1, wherein: [3] The authentication time information request data transmission means includes:  File electronic signature data acquisition means for acquiring electronic signature data of a file attached to the email acquired by the email acquisition means;  A hash value generating means for generating a hash value of the electronic signature data acquired by the file electronic signature data acquiring means;  Authentication time information request data generating means for generating authentication time information request data including the hash value generated by the hash value generating means; Hash value transmission means for transmitting the authentication time information request data including the hash value generated by the authentication time information request data generation means to the time authentication server. The authentication time information reception means includes the time authentication. From the server, the time information and the Receiving the time stamp token including the hash value included in the authentication time information request data transmitted by the value sending means and the electronic signature data of the time stamp token, and the receiving authentication time information adding means The time stamp token received by the authentication time information receiving means and the electronic signature data of the time stamp token are attached to the e-mail acquired by the e-mail acquisition means, and the authentication time information and To add,  The authentication time adding device according to claim 2, wherein [4] The e-mail acquisition means includes:  A transmission e-mail acquisition means for acquiring an e-mail attached with a file from a transmission e-mail server that performs e-mail transmission processing;  File extraction means for taking out a file attached to the email from the email acquired by the transmission email acquisition means;  The file authentication time information adding means adds authentication time information to the file extracted by the file extracting means,  The e-mail output means includes  File attachment means for attaching the file with the authentication time information added by the file authentication time information adding means to the e-mail from which the file was extracted by the file extraction means;  Sending e-mail output means for outputting the e-mail to which the file attaching means has attached a file to the sending e-mail server;  The authentication time adding device according to claim 1, wherein: [5] The e-mail output means further includes e-mail authentication time information adding means for adding authentication time information to the e-mail mail attached by the file attachment means, and the transmission e-mail output means includes 5. The authentication time adding apparatus according to claim 4, wherein the e-mail authentication time information adding means outputs an e-mail to which authentication time information is added to the transmission e-mail server. [6] An additional information storage format in which the format of the file attached to the e-mail acquired by the e-mail acquisition means includes an additional information storage area for storing authentication time information. Format discriminating means for discriminating whether or not it is a mat;  Format conversion means for converting the format of the file to the additional information storage format when the format determination means determines that the file format is not the additional information storage format! /  The file authentication time information adding means records the authentication time information in an additional information storage area of the file whose format has been converted by the format conversion means;  The authentication time adding device according to claim 1, wherein: [7] Conversion condition specifying means for specifying a conversion condition for converting the format of the file attached to the email acquired by the email acquisition means! /,  Format conversion means for converting the format of the file into a format corresponding to the conversion condition specified by the conversion condition specifying means;  The file authentication time information adding means records the authentication time information in an additional information storage area of the file whose format has been converted by the format conversion means;  The authentication time adding device according to claim 1, wherein: [8] The file authentication time information adding means includes:  An authentication time information recording file generating means for generating an authentication time information recording file in which the authentication time information of the file attached to the e-mail acquired by the e-mail acquisition means is recorded;  An authentication time information recording file attachment means for attaching the authentication time information recording file generated by the authentication time information recording file generation means to the e-mail acquired by the e-mail acquisition means;  The e-mail output means outputs an e-mail in which the authentication time information record file attachment means attaches an authentication time information record file;  The authentication time adding device according to claim 1, wherein: [9] The apparatus further comprises attachment condition designating means for designating an attachment condition for designating whether the authentication time information recording file is generated and attached to the e-mail. The e-mail output means attaches the authentication time information recording file to the authentication time information recording file attachment means according to the conditions specified by the attachment condition specifying means. Output an email,  The authentication time adding device according to claim 8, wherein [10] Correspondence information adding means for adding correspondence information associating the authentication time information recording file with the electronic mail to a header of the electronic mail, further comprising:  The e-mail output means outputs an e-mail in which the correspondence information is added to a header;  The authentication time adding device according to claim 8, wherein [11] An e-mail acquisition process for acquiring an e-mail with an attached file;  A file authentication time information adding step of adding authentication time information indicating an authenticated time to a file attached to the e-mail acquired in the e-mail acquisition step; and the file authentication time information adding step An e-mail output process for outputting an e-mail attached with a file to which authentication time information is added in  An authentication time addition method characterized by comprising: [12] On the computer,  An e-mail acquisition step for acquiring an e-mail attached with a file; and a file authentication time for adding authentication time information indicating an authentication time to the file attached to the e-mail acquired in the e-mail acquisition step Information addition step,  An e-mail output step for outputting an e-mail attached with the file to which the authentication time information is added in the file authentication time information adding step;  A program for running