CN106603577A - E-mail encryption method and system - Google Patents
E-mail encryption method and system Download PDFInfo
- Publication number
- CN106603577A CN106603577A CN201710077214.2A CN201710077214A CN106603577A CN 106603577 A CN106603577 A CN 106603577A CN 201710077214 A CN201710077214 A CN 201710077214A CN 106603577 A CN106603577 A CN 106603577A
- Authority
- CN
- China
- Prior art keywords
- mail clients
- party
- key
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004891 communication Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 6
- 230000003993 interaction Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000008034 disappearance Effects 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 241000038889 Mimemodes Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an E-mail encryption method and system; the method comprises the following steps: storing public keys of a plurality of E-mail client end key pairs in a third party certificate server end; logging on the E-mail client end, requesting to send an e-mail to at least one e-mail client end receiving the e-mail, and requesting to the third party certificate server end to obtain the public key of the e-mail client end receiving the e-mail; determining whether the third party certificate server end has the public key of the e-mail client end receiving the e-mail or not; if yes, allowing the e-mail client end sending the e-mail to obtain the public key, and the e-mail client end sending the e-mail can use the public key to encrypt the sending e-mail, thus finishing sending the e-mail. The E-mail encryption method and system can provide more E-mail usage convenience and high safety.
Description
Technical field
The present invention relates to communication security technical field, more particularly to a kind of method and system of email encryption.
Background technology
Current email has been used widely, as Email is plaintext transmission on the internet, so that
In the safety that cannot ensure individual privacy information and trade secret information, so, solved by E-mail enciphered technology,
What is be wherein widely used has:S/MIME and OpenPGP, supports that the email client software of S/MIME has Microsoft
IPhone e-mail client softwares of Thunderbird and Fructus Mali pumilae of Outlook, Mozilla etc., and support the electricity of OpenPGP
Sub- e-mail client software has PGP Desktop Email.Be summarised as the former for email encryption certificate be third party CA sign
Send out, and the latter's certificate to be oneself sign and issue.
The premise of both the above email encryption technology is the public key certificate that outbox side must have recipient, and both sides first must send out
After mail swaps public key certificate, privacy enhanced mail could be sent.Sending privacy enhanced mail must have two premises:One is both sides
Must all there is E-mail enciphered certificate (public key and private key), if adopting S/MIME modes, apply for certificate to third party CA
Also need to devote a tremendous amount of time and money (if certificate charge);Two is that both sides must be handed over by plain text email in advance
Change public key certificate.Further, both sides must also use the email client software supported using unified encryption technology.With
This make it is E-mail enciphered become extremely complex and trouble, cause current individual privacy and trade secret to be badly in need of encipherment protection
Mode is not widely used.
Meanwhile, current e-mail client software, mostly can be by the private key of certificate when E-mail enciphered certificate is installed
It is also complete that to be stored in equipment local.When equipment (particularly mobile device) stolen or system is cracked, it is very easy to lead
Cause certificate private key to reveal, endanger user mail information security.
The content of the invention
The main object of the present invention is to provide a kind of method and system of email encryption, it is intended to improve what Email was used
Convenience and safety.
For achieving the above object, the present invention proposes a kind of method of email encryption, and the method for the email encryption includes following
Step:
Third party's cert services end stores the public key of the key pair of multiple Mail Clients,
Log in Mail Clients,
Request sends mail to the Mail Clients of at least one addressee,
The public key of the Mail Clients to third party's cert services end acquisition addressee is asked,
Judge third party's cert services end whether be stored with the addressee Mail Clients public key, the if so, postal of outbox
Part client obtains the public key,
The mail that the Mail Clients of outbox is sent by public key encryption, completes to send mail.
Preferably, judge third party's cert services end whether be stored with the addressee Mail Clients public key also include with
Lower step:
If it is not, third party's cert services end generates the key pair of self signed certificate, the public key of the key pair is returned to outbox
Mail Clients, third party's cert services end send prompting mail to the Mail Clients of addressee.
Preferably, log in Mail Clients further comprising the steps of:
The private key of key pair splits to form the first private key and the second private key, and third party's cert services end is stored with mail client
First private key at end, Mail Clients are stored with the second private key,
Request logs in Mail Clients,
Checking identity information,
Judge whether to be proved to be successful, if so, Mail Clients obtains the first private key, and to the first private key encryption,
Judge whether to exit the Mail Clients,
If so, delete the first private key of acquisition.
Preferably, the prompting mail includes the link for illustrating and downloading the Mail Clients.
Preferably, the private key of key pair splits to form the first private key and the second private key, and third party's cert services end is stored with
First private key of Mail Clients, Mail Clients are stored with the second private key, comprise the following steps:
Mail Clients is logged in an equipment or miscellaneous equipment first request,
Identification authentication mode is set,
Apply for certificate to third party's cert services end,
Complete certificate is judged whether, first private key and complete certificate at third party's cert services end is if so, obtained.
Preferably, judge whether that complete certificate is further comprising the steps of:
If it is not, judge whether the key pair of self signed certificate, if so, according to the key of self signed certificate to generating complete card
Book, performs the step of judging whether complete certificate again.
Preferably, judge whether the key of self signed certificate to further comprising the steps of:
If it is not, generating new complete certificate, the step of judging whether complete certificate is performed again.
Preferably, it is further comprising the steps of:
The Mail Clients of addressee obtains mail,
Request analysis mail,
Judge whether mail passes through public key encryption, if so, the first private key is merged with the second private key.
Preferably, the Mail Clients acquisition mail of the addressee is further comprising the steps of:
Judge whether the first private key is merged successfully with the second private key,
If so, parsed using the private key after merging, shown Mail Contents, if it is not, showing mail failure.
The present invention also proposes a kind of system of email encryption, including described at least two Mail Clients and at least two
Third party's cert services end that Mail Clients is electrically connected with, each Mail Clients include logging in unit, transmitting element, obtain
Unit and ciphering unit are taken, third party's cert services end includes judging unit and memory element,
The memory element, stores the public key of the key pair of multiple Mail Clients,
The login unit, logs in Mail Clients,
The transmitting element, request send mail to the Mail Clients of at least one addressee,
The acquiring unit, asks the public key of the Mail Clients to third party's cert services end acquisition addressee,
The judging unit, judge third party's cert services end whether be stored with the addressee Mail Clients public key,
If so, the Mail Clients of outbox obtains the public key,
The ciphering unit, the mail that the Mail Clients of outbox is sent by public key encryption complete to send mail.
Technical solution of the present invention stores the public key of the key pair of multiple Mail Clients by third party's cert services end, steps on
Record Mail Clients, request send mail to the Mail Clients of at least one addressee, ask to third party's cert services end to obtain
Take the public key of the Mail Clients of addressee, judge third party's cert services end whether be stored with the addressee Mail Clients public affairs
Key, if so, the Mail Clients of outbox obtain the public key, the mail that the Mail Clients of outbox is sent by public key encryption is complete
Into mail is sent, with this by directly public key being obtained to third party's cert services end, improve the E-mail enciphered facility for using
Property and safety.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Structure according to these accompanying drawings obtains other accompanying drawings.
Fig. 1 is the principle schematic of one embodiment of method of email encryption of the present invention;
Fig. 2 is the principle schematic that the method for email encryption of the present invention logs in Mail Clients;
The principle schematic of the step of Fig. 3 is the method for email encryption of the present invention S21;
Fig. 4 is another embodiment principle schematic of step S90 in Fig. 3;
Fig. 5 is the principle schematic of another embodiment of the method for email encryption of the present invention;
Fig. 6 is the principle schematic of the another embodiment of the method for email encryption of the present invention;
Fig. 7 is the structural representation of the Mail Clients of the system of email encryption of the present invention;
Fig. 8 is the structural representation at third party's cert services end of the system of email encryption of the present invention.
Drawing reference numeral explanation:
The realization of the object of the invention, functional characteristics and advantage will be described further in conjunction with the embodiments referring to the drawings.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment a part of embodiment only of the invention, rather than the embodiment of whole.Base
Embodiment in the present invention, those of ordinary skill in the art obtained under the premise of creative work is not made it is all its
His embodiment, belongs to the scope of protection of the invention.
It is to be appreciated that the directional instruction (such as up, down, left, right, before and after ...) of institute is only used in the embodiment of the present invention
In the relative position relation under a certain particular pose (as shown in drawings) between each part, motion conditions etc. are explained, if should
When particular pose changes, then directionality indicates also correspondingly to change therewith.
In the present invention, unless otherwise clearly defined and limited, term " connection ", " fixation " etc. should be interpreted broadly,
For example, " fixation " can be fixedly connected, or be detachably connected, or integral;Can be mechanically connected, or
Electrical connection;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, can be the connection or two of two element internals
The interaction relationship of individual element, unless otherwise clearly restriction.For the ordinary skill in the art, can basis
Concrete condition understands above-mentioned term concrete meaning in the present invention.
In addition, in the present invention such as relating to the description of " first ", " second " etc. be only used for describe purpose, and it is not intended that
Indicate or imply its relative importance or the implicit quantity for indicating indicated technical characteristic.Thus, define " first ",
At least one this feature can be expressed or be implicitly included to the feature of " second ".In addition, the technical side between each embodiment
Case can be combined with each other, but must can be implemented as basis with those of ordinary skill in the art, when the combination of technical scheme
Will be understood that the combination of this technical scheme is not present when appearance is conflicting or cannot realize, also not in the guarantor of application claims
Within the scope of shield.
The present invention proposes a kind of system of email encryption,
With reference to Fig. 1, Fig. 7 and Fig. 8, in an embodiment of the present invention, the system of the email encryption includes at least two mails
Client 10, and at least two Mail Clients 10 be electrically connected with third party's cert services end 20, each Mail Clients is equal
Including unit 11, transmitting element 12, acquiring unit 13, and ciphering unit 14 is logged in, third party's cert services end 20 includes judging
Unit 21 and memory element 22,
Memory element 22, stores the public key of the key pair of multiple Mail Clients 10,
Unit 11 is logged in, Mail Clients 10 is logged in,
Transmitting element 12, request send mail to the Mail Clients 10 of at least one addressee,
Acquiring unit 13, asks the public key of the Mail Clients 10 to the acquisition of third party's cert services end 20 addressee,
Judging unit 21, judge third party's cert services end 20 whether be stored with the addressee Mail Clients 10 public affairs
Key, if so, outbox Mail Clients 10 obtain the public key,
Ciphering unit 14, the mail that the Mail Clients 10 of outbox is sent by public key encryption complete to send mail.
Above-mentioned Mail Clients 10 has receiving and dispatching mail function simultaneously, and the postal of outbox is defined as when mail is transmitted
Part client 10, is defined as the Mail Clients 10 of addressee when being mailed, Mail Clients 10 has with mobile phone, computer etc.
The device for having processor is carrier, and the Mail Clients 10 may also include communication interface, human-computer interaction interface or display screen, decryption
Unit, receiving unit 15, communication interface etc..Human-computer interaction interface therein provides the user operation interface, and user can pass through
The interface is checked mail and creates new mail, and realization is interacted with mail server.Receiving unit 15 is used to realize from mail taking
Business device obtains new mail.Decryption unit is decrypted for the mail to receiving, and process third party's cert services end 20 and obtain
User certificate information and relevant information.Certificate communication interface is used to realize Mail Clients 10 and third party's cert services end 20
Data interaction.
Third party's cert services end therein 20 can adopt the cert services in CA (Certificate Authority) high in the clouds
System, provides the user the service such as grant a certificate and inquiry certificate.Third party's cert services end 20 is included at memorizer, certificate
Reason module, PORT COM etc., wherein memorizer can be used to store the public key of multiple Mail Clients 10, preserve certificate service system
Issue certificate information record, and user request record.Communication interface is for carrying out certificate data friendship with Mail Clients 10
Mutually.Certificate processing module is used to process user's request, generates new authentication function.Mail Clients 10 passes through communication interface and the 3rd
The PORT COM at square cert services end 20 is electrically connected with, can obtain third party's cert services end 20 storage public key or other
Request service etc..
Above-mentioned mail server may include communication interface and memorizer.Communication interface is for carrying out with Mail Clients 10
Mail data is interacted.Memorizer is used for the mail data for preserving transmitting-receiving.Mail Clients 10 also passes through transmitting element 12 and receives
Unit 15 is attached with the PORT COM of mail server, and Mail Clients 10 sends mail to mail server and obtains postal
Part.Public key directly obtained to third party's cert services end 20 by acquiring unit 13 with this, E-mail enciphered use is improved
Convenience and safety.
The present invention also proposes a kind of method of email encryption.
With reference to Fig. 1, in an embodiment of the present invention, the method for the email encryption is comprised the following steps:
S10:Third party's cert services end stores the public key of the key pair of multiple Mail Clients,
S20:Log in Mail Clients,
S30:Request sends mail to the Mail Clients of at least one addressee,
S40:The public key of the Mail Clients to third party's cert services end acquisition addressee is asked,
S50:Judge third party's cert services end whether be stored with the addressee Mail Clients public key, if so, S51:
The Mail Clients of outbox obtains the public key, the mail that the Mail Clients of outbox is sent by public key encryption, completes to send postal
Part.
One embodiment is:The public key for storing multiple Mail Clients is collected at third party's cert services end in advance, and is made
During with the third party cert services end, the public key and relevant information of Mail Clients, an account of Mail Clients are collected
A public key number is corresponded only to, safety in utilization is improved, first after one Mail Clients of Successful login, by man-machine interaction circle
Face makes requests on transmission after entering the information such as edlin Mail Contents and addressee, then Mail Clients can automatic or manual request
The public key of the Mail Clients of addressee is obtained to third party's cert services end, third party's cert services end is responded, and lookup is deposited
The public key of the Mail Clients of the addressee stored in reservoir, and be sent to the Mail Clients of outbox, the then mail of outbox
Client carries out encryption mail to be sent is selected either automatically or manually after receiving the public key, finally sends mail to mail service
Device, completes email encryption transmission.Mail Clients above automatically obtains public key and encryption, is capable of achieving key encryption and sends electricity
Sub- mail, without the need for care is wherefrom applied for encrypted certificate, how to apply for encrypted certificate, receiving and dispatching mail both sides are without prior for user
CertPubKey file is exchanged, so that E-mail enciphered application more convenient and quicker, it is ensured that user email confidential information is pacified
Entirely.
Technical solution of the present invention stores the public key of multiple Mail Clients by third party's cert services end, logs in mail visitor
Family end, request send mail to the Mail Clients of at least one addressee, ask to obtain addressee to third party's cert services end
The public key of Mail Clients, judge third party's cert services end whether be stored with the addressee Mail Clients public key, if so,
The Mail Clients of outbox obtains the public key, the mail that the Mail Clients of outbox is sent by public key encryption, completes to send postal
Part, with this by directly obtaining public key to third party's cert services end, improves the E-mail enciphered convenience for using and safety
Property.
With reference to Fig. 1, further, step S50:Judge third party's cert services end whether be stored with the addressee mail visitor
The public key at family end is further comprising the steps of:
S52:If it is not, third party's cert services end generates the key pair of self signed certificate, the public key of the key pair is returned to sending out
The Mail Clients of part, third party's cert services end send prompting mail to the Mail Clients of addressee.
Wherein the key of self signed certificate to including self signed certificate public key and private key, when third party's cert services end does not store
When having the public key of Mail Clients of the addressee, third party's cert services end generates the key pair of self signed certificate, returns the key
To public key to outbox Mail Clients, prompting mail therein may include the link for illustrating and downloading the Mail Clients,
Specifically point out mail be plaintext mail, point out user to have privacy enhanced mail, the Mail Clients or corresponding slotting please be installed
Part, the such as Mail Clients with S/MIME or plug-in unit etc., carry out checking the mail.
With reference to Fig. 2, it is preferable that step S20:Log in Mail Clients further comprising the steps of:
S21:The private key of key pair splits to form the first private key and the second private key, and third party's cert services end is stored with mail
First private key of client, Mail Clients are stored with the second private key,
S22:Request logs in Mail Clients,
S23:Checking identity information,
S24:Judge whether to be proved to be successful, if so, S241:Mail Clients obtains the first private key, and the first private key is added
It is close,
S25:Judge whether to exit the Mail Clients, if so, S251:Delete the first private key for obtaining.
Certificate private key is split into the first private key and the second private key, mail by the above-mentioned safety to ensure user certificate private key
After client receives the response at third party's cert services end, automatically certificate parsing configuration is preserved using decryption unit, and can be led to
Cross AES to be encrypted the private key that third party's cert services end returns, be then stored in Mail Clients local data text
In part.
Specifically, when just logging in or login backed off after random Mail Clients is again introduced into, Mail Clients needs user to test
Oneself identity is demonstrate,proved to obtain the first private key of user's disappearance.Start Mail Clients 12, whether client judges user
Log in.If client is not logged on, user must first log in Mail Clients, after confirming User logs in, Mail Clients
Certification user identity interface is shown, the authentication method that oneself is arranged before user's use carries out authentication.Mail Clients is sentenced
Disconnected user whether certification success.Authentication can arrange 3 to 5 trial chances, if authentication failure, client-side lock journey
Sequence, user cannot be used.If authentication success, Mail Clients is to the first private key of third party's cert services end.Then sentence
Whether disconnected Mail Clients obtains the first private key success.If the first private key is obtained successfully, by the first private key of algorithm for encryption, and
It is stored in device memory.When the Mail Clients is successfully exited, it is first private that Mail Clients carries out being automatically deleted acquisition
Key, so that certified mail encrypts the safety for sending and receiving.Further, when needing using user certificate private key, will obtain
The first private key and mail client end memory in the second private key be merged into complete private key.Mail Clients will not be preserved all the time
The complete private key of user certificate, to ensure user information safety.As network problem or other factors cause Mail Clients to obtain
After the failure of first private key, now user has completed authentication and can enter the Mail Clients, but can not be using needs
The mail decryption function of complete private key.
With reference to Fig. 3, it is preferable that step S21:The private key of key pair splits to form the first private key and the second private key, third party
Cert services end is stored with the first private key of Mail Clients, and Mail Clients is stored with the second private key, comprises the following steps:
S60:Mail Clients is logged in an equipment or miscellaneous equipment first request,
S70:Identification authentication mode is set,
S80:Apply for certificate to third party's cert services end,
S90:Complete certificate is judged whether, if so, S91:Obtain first private key at third party's cert services ends and complete
Whole certificate.
With reference to Fig. 4, further, step S90:Judge whether that complete certificate is further comprising the steps of:
If it is not, S92:The key pair of self signed certificate is judged whether, if so, S921:According to the key pair of self signed certificate
Complete certificate is generated, the step of judging whether complete certificate is performed again.
Further, step S92:Judge whether the key of self signed certificate to further comprising the steps of:
If it is not, S922:New complete certificate is generated, the step of judging whether complete certificate is performed again.
One embodiment is:After Mail Clients installs success for the first time, user input Email Accounts and password first, checking
Mail Clients is logged in after success.Mail Clients shows that authenticating user identification arranges interface, and user selects identification authentication mode,
Such as fingerprint, gesture pattern or other modes are configured, so as to authentication of the Mail Clients to user.Authentication side
After formula is provided with, Mail Clients asks automatically the complete card of the encryption of Mail Clients to third party's cert services end
Book.Third party's cert services terminate the request of the client that gets the mail, and solicited message are carried out in third party's cert services end
Checking and analysis.According to subscriber mailbox account, the electronics of the user in judging third party's cert services end, whether has been generated
The complete certificate of email encryption.
If third party's cert services end has had the certificate of the Mail Clients, directly by E-mail enciphered certificate
It is sent to Mail Clients.Make user correspond to a certificate with an account information or identity information using distinct device,
Ensure safety, if there is no the Mail Clients certificate in third party's cert services end, judge whether as the user
Pregenerated self signed certificate key pair.If also there is no self signed certificate key pair, third party's cert services end is directly the use
Family generates a new E-mail enciphered certificate and preserves.If there is self signed certificate key pair, third party's cert services end
According to the key for having existed to generating complete E-mail enciphered certificate.The certificate is fed back to by third party's cert services end
Mail Clients, Mail Clients can also carry out the first private key for obtaining third party's cert services end.
Further, one specific embodiment of email process in Mail Clients transmission encryption is:User first has to pass through
Above-mentioned authentication mode logs in Mail Clients, completes to log in Mail Clients and subscriber authentication.By man-machine interaction
Mail is write at interface, then click on transmission order make requests on transmission the mail.Now Mail Clients is taken to third party's certificate
The public key of the Mail Clients of business end request addressee.Third party's cert services end judges whether the Mail Clients of the addressee
Complete certificate.If third party's cert services end has the complete certificate of the Mail Clients of addressee, directly by the postal of addressee
The public key of part client issues the Mail Clients of outbox.If there is no the complete of Mail Clients in third party's cert services end
Certificate, Mail Clients pre-generatmg key pair of third party's cert services end for addressee, including public key and private key.While third party
Cert services end can send an envelope plaintext mail to the Mail Clients of addressee, point out the Mail Clients of addressee to have encryption postal
Part, can point out install the email client system carry out checking the mail.Third party's cert services end is by the mail client of addressee
The self signed certificate public key at end feeds back to the Mail Clients of outbox.The Mail Clients of outbox receives third party's cert services end
After response, it is encrypted to sent mail using the public key.The privacy enhanced mail is sent to mail server by transmitting element.
With reference to Fig. 5, it is preferable that further comprising the steps of:
S100:The Mail Clients of addressee obtains mail,
S110:Request analysis mail,
S120:Judge whether mail passes through public key encryption, if so, S121:First private key is merged with the second private key.
It is with reference to Fig. 6, further, further comprising the steps of:
S130:Judge whether the first private key is merged successfully with the second private key,
If so, S131:Parsed using the private key after merging, shown Mail Contents, if it is not, S132:Show that mail loses
Lose.
One embodiment is:In parsing email process, login Mail Clients is carried out by above-mentioned step first, including
Subscriber authentication etc., Mail Clients are collected new mail to mail server by receiving unit or check old mail.Solution
Close unit is parsed to the mail that needs are checked.Then carry out judging whether mail is public by the certificate of the Mail Clients of oneself
Key is encrypted.If mail does not have encrypted, Mail Contents are directly displayed.If mail is encrypted, decryption unit can be attempted this
The private key in private key and internal memory in ground data file enters line algorithm decryption, and it is completely private that two parts data are merged into user
Key.Then carry out judging whether to merge successfully, if some disappearance or algorithm decryption in the first private key and the second private key
Failure can cause to merge private key data failure.If the first private key and the second private key merge successfully, the Mail Clients can be used
Complete private key is decrypted to Email, and Mail Clients shows the particular content after Email decryption.If private key is closed
And mail can not be unsuccessfully checked, can also be pointed out.The E-mail enciphered convenience for using and safety are improved with this.
The preferred embodiments of the present invention are the foregoing is only, the scope of the claims of the present invention is not thereby limited, it is every at this
Under the inventive concept of invention, the equivalent structure transformation made using description of the invention and accompanying drawing content, or directly/use indirectly
It is included in the scope of patent protection of the present invention in other related technical fields.
Claims (10)
1. a kind of method of email encryption, it is characterised in that comprise the following steps:
Third party's cert services end stores the public key of the key pair of multiple Mail Clients,
Log in Mail Clients,
Request sends mail to the Mail Clients of at least one addressee,
The public key of the Mail Clients to third party's cert services end acquisition addressee is asked,
Judge third party's cert services end whether be stored with the addressee Mail Clients public key, if so, outbox mail visitor
Family end obtains the public key,
The mail that the Mail Clients of outbox is sent by public key encryption, completes to send mail.
2. the method for email encryption as claimed in claim 1, it is characterised in that judge whether third party's cert services end stores
There is the public key of the Mail Clients of the addressee further comprising the steps of:
If it is not, third party's cert services end generates the key pair of self signed certificate, the mail of the public key to outbox of the key pair is returned
Client, third party's cert services end send prompting mail to the Mail Clients of addressee.
3. the method for the email encryption as described in claim 1 or 2 is arbitrary, it is characterised in that logging in Mail Clients also includes
Following steps:
The private key of key pair splits to form the first private key and the second private key, and third party's cert services end is stored with Mail Clients
First private key, Mail Clients are stored with the second private key,
Request logs in Mail Clients,
Checking identity information,
Judge whether to be proved to be successful, if so, Mail Clients obtains the first private key, and to the first private key encryption,
Judge whether to exit the Mail Clients, if so, delete the first private key of acquisition.
4. the method for email encryption as claimed in claim 2, it is characterised in that the prompting mail includes illustrating and downloads this
The link of Mail Clients.
5. the method for email encryption as claimed in claim 3, it is characterised in that the private key of key pair splits to form the first private key
With the second private key, third party's cert services end is stored with the first private key of Mail Clients, and Mail Clients is stored with second private
Key, comprises the following steps:
Mail Clients is logged in an equipment or miscellaneous equipment first request,
Identification authentication mode is set,
Apply for certificate to third party's cert services end,
Complete certificate is judged whether, first private key and complete certificate at third party's cert services end is if so, obtained.
6. the method for email encryption as claimed in claim 5, it is characterised in that judge whether complete certificate also include with
Lower step:
If it is not, judge whether the key pair of self signed certificate, if so, according to the key of self signed certificate to generating complete certificate,
The step of judging whether complete certificate is performed again.
7. the method for email encryption as claimed in claim 6, it is characterised in that judge whether the key pair of self signed certificate
It is further comprising the steps of:
If it is not, generating new complete certificate, the step of judging whether complete certificate is performed again.
8. the method for email encryption as claimed in claim 3, it is characterised in that further comprising the steps of:
The Mail Clients of addressee obtains mail,
Request analysis mail,
Judge whether mail passes through public key encryption, if so, the first private key is merged with the second private key.
9. the method for email encryption as claimed in claim 8, it is characterised in that the Mail Clients of the addressee obtains mail
It is further comprising the steps of:
Judge whether the first private key is merged successfully with the second private key,
If so, parsed using the private key after merging, shown Mail Contents, if it is not, showing mail failure.
10. a kind of system of email encryption, it is characterised in that including postal described at least two Mail Clients and at least two
Third party's cert services end that part client is electrically connected with, each Mail Clients include logging in unit, transmitting element, acquisition
Unit and ciphering unit, third party's cert services end include judging unit and memory element,
The memory element, stores the public key of the key pair of multiple Mail Clients,
The login unit, logs in Mail Clients,
The transmitting element, request send mail to the Mail Clients of at least one addressee,
The acquiring unit, asks the public key of the Mail Clients to third party's cert services end acquisition addressee,
The judging unit, judge third party's cert services end whether be stored with the addressee Mail Clients public key, if so,
The Mail Clients of outbox obtains the public key,
The ciphering unit, the mail that the Mail Clients of outbox is sent by public key encryption complete to send mail.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710077214.2A CN106603577A (en) | 2017-02-13 | 2017-02-13 | E-mail encryption method and system |
| PCT/CN2017/079219 WO2018145357A1 (en) | 2017-02-13 | 2017-04-01 | Email encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710077214.2A CN106603577A (en) | 2017-02-13 | 2017-02-13 | E-mail encryption method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106603577A true CN106603577A (en) | 2017-04-26 |
Family
ID=58587690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710077214.2A Pending CN106603577A (en) | 2017-02-13 | 2017-02-13 | E-mail encryption method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106603577A (en) |
| WO (1) | WO2018145357A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110784395A (en) * | 2019-11-04 | 2020-02-11 | 航天信息股份有限公司 | Mail safety login method and system based on FIDO authentication |
| CN110912924A (en) * | 2019-12-04 | 2020-03-24 | 楚天龙股份有限公司 | System and method for realizing PGP encryption and decryption |
| CN111953675A (en) * | 2020-08-10 | 2020-11-17 | 四川阵风科技有限公司 | Key management method based on hardware equipment |
| CN113726807A (en) * | 2021-09-03 | 2021-11-30 | 烟台艾睿光电科技有限公司 | Network camera access method, equipment, system and storage medium |
| CN115314226A (en) * | 2022-09-13 | 2022-11-08 | 深圳市丛文安全电子有限公司 | Low-cost asymmetric encryption certificate management method based on certificate queue |
| CN115348233A (en) * | 2022-08-25 | 2022-11-15 | 浙江启明量子信息技术有限公司 | Standard mail system transparent encryption method, medium and computer equipment |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11249947B2 (en) | 2019-06-15 | 2022-02-15 | Facebook, Inc. | Distributed digital ledger transaction network for flexible, lazy deletion of data stored within an authenticated data structure |
| US11249985B2 (en) | 2019-06-15 | 2022-02-15 | Facebook, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
| US11126593B2 (en) | 2019-06-15 | 2021-09-21 | Facebook, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
| US11405204B2 (en) * | 2019-06-15 | 2022-08-02 | Meta Platforms, Inc | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
| CN111641552B (en) * | 2020-05-29 | 2022-04-15 | 长城计算机软件与系统有限公司 | Mail transmission system and method based on autonomous security |
| CN112667929B (en) * | 2020-12-11 | 2023-11-03 | 北京中数创新科技股份有限公司 | Prefix and identification data safe pushing method and system based on Handle system |
| CN113839927B (en) * | 2021-09-01 | 2023-06-09 | 北京天融信网络安全技术有限公司 | Method and system for performing mutual authentication based on third party |
| CN114338222B (en) * | 2022-01-11 | 2024-02-06 | 杭州弗兰科信息安全科技有限公司 | Key application method, system, device and server |
| CN114553506A (en) * | 2022-02-10 | 2022-05-27 | 零信技术(深圳)有限公司 | Mail encryption method, system, equipment and storage medium based on cloud service |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1665188A (en) * | 2005-03-03 | 2005-09-07 | 武汉大学 | Implementation method of secure e-mail system with two-way non-repudiation mechanism for sending and receiving |
| US20100186062A1 (en) * | 2009-01-20 | 2010-07-22 | Microsoft Corporation | Protecting content from third party using client-side security protection |
| CN102045709A (en) * | 2009-10-13 | 2011-05-04 | 中兴通讯股份有限公司 | Mobile terminal application data downloading method, system and mobile terminal |
| CN103002417A (en) * | 2012-12-17 | 2013-03-27 | 中国联合网络通信集团有限公司 | Short message encryption processing method and device |
| CN103532704A (en) * | 2013-10-08 | 2014-01-22 | 武汉理工大学 | E-mail IBE (identity based encryption) system aiming at OWA (outlook web access) |
| US8776249B1 (en) * | 2011-04-11 | 2014-07-08 | Google Inc. | Privacy-protective data transfer |
| CN103973713A (en) * | 2014-05-29 | 2014-08-06 | 华翔腾数码科技有限公司 | Transfer method, extraction method and processing system for electronic mail information |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2011301B1 (en) * | 2006-04-10 | 2011-06-22 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission. |
| CN103036684B (en) * | 2012-12-28 | 2015-06-17 | 武汉理工大学 | Identity-based encryption (IBE) data encryption system and method capable of lowering damages of master key crack and disclosure |
-
2017
- 2017-02-13 CN CN201710077214.2A patent/CN106603577A/en active Pending
- 2017-04-01 WO PCT/CN2017/079219 patent/WO2018145357A1/en not_active Ceased
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1665188A (en) * | 2005-03-03 | 2005-09-07 | 武汉大学 | Implementation method of secure e-mail system with two-way non-repudiation mechanism for sending and receiving |
| US20100186062A1 (en) * | 2009-01-20 | 2010-07-22 | Microsoft Corporation | Protecting content from third party using client-side security protection |
| CN102045709A (en) * | 2009-10-13 | 2011-05-04 | 中兴通讯股份有限公司 | Mobile terminal application data downloading method, system and mobile terminal |
| US8776249B1 (en) * | 2011-04-11 | 2014-07-08 | Google Inc. | Privacy-protective data transfer |
| CN103002417A (en) * | 2012-12-17 | 2013-03-27 | 中国联合网络通信集团有限公司 | Short message encryption processing method and device |
| CN103532704A (en) * | 2013-10-08 | 2014-01-22 | 武汉理工大学 | E-mail IBE (identity based encryption) system aiming at OWA (outlook web access) |
| CN103973713A (en) * | 2014-05-29 | 2014-08-06 | 华翔腾数码科技有限公司 | Transfer method, extraction method and processing system for electronic mail information |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110784395A (en) * | 2019-11-04 | 2020-02-11 | 航天信息股份有限公司 | Mail safety login method and system based on FIDO authentication |
| CN110912924A (en) * | 2019-12-04 | 2020-03-24 | 楚天龙股份有限公司 | System and method for realizing PGP encryption and decryption |
| CN111953675A (en) * | 2020-08-10 | 2020-11-17 | 四川阵风科技有限公司 | Key management method based on hardware equipment |
| CN111953675B (en) * | 2020-08-10 | 2022-10-25 | 四川阵风科技有限公司 | Key management method based on hardware equipment |
| CN113726807A (en) * | 2021-09-03 | 2021-11-30 | 烟台艾睿光电科技有限公司 | Network camera access method, equipment, system and storage medium |
| CN115348233A (en) * | 2022-08-25 | 2022-11-15 | 浙江启明量子信息技术有限公司 | Standard mail system transparent encryption method, medium and computer equipment |
| CN115314226A (en) * | 2022-09-13 | 2022-11-08 | 深圳市丛文安全电子有限公司 | Low-cost asymmetric encryption certificate management method based on certificate queue |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018145357A1 (en) | 2018-08-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106603577A (en) | E-mail encryption method and system | |
| CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
| JP4384117B2 (en) | Data processing system user authentication method and system | |
| CN103458382B (en) | Hardware encryption transmission and storage method and system for mobile phone private short message | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN105608577A (en) | Method for performing non-repudiation, and payment managing server and user device therefor | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| US20040019780A1 (en) | System, method and computer product for delivery and receipt of S/MIME encrypted data | |
| CN104662941B (en) | For the method, apparatus and system supporting key to use | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN103428077B (en) | A kind of method and system being safely receiving and sending mails | |
| WO2001097440A2 (en) | Encryption system that dynamically locates keys | |
| CN106656490B (en) | Quantum whiteboard data storage method | |
| CN109684129A (en) | Data backup restoration method, storage medium, encryption equipment, client and server | |
| CN109412812A (en) | Data safe processing system, method, apparatus and storage medium | |
| KR20120108599A (en) | Credit card payment service using online credit card payment device | |
| CN113452687B (en) | Method and system for encrypting sent mail based on quantum security key | |
| WO2010050192A1 (en) | Password reissuing method | |
| CN103152425A (en) | Safety management system for mobile device based on cloud technology | |
| CN109600296A (en) | A kind of certificate chain instant communicating system and its application method | |
| CN104301886A (en) | A short message reading method and system, terminal, and wearable device | |
| CN109711196A (en) | Improve the information processing method of user's pickup safety | |
| CN109740319A (en) | Digital authentication method and server | |
| US20090106829A1 (en) | Method and system for electronic reauthentication of a communication party | |
| CN202206419U (en) | Network security terminal and interactive system based on terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170426 |
|
| RJ01 | Rejection of invention patent application after publication |