CN1849774A - Message security - Google Patents

Abstract

The present invention relates to a method of transmitting an electrical message, preferably an email from a first user having a first terminal to a second user having a second terminal, comprising the steps of: transmitting said email in an encrypted form by said first terminal, said encrypted e-mail being encrypted by means of a key generated by a first key generator using a seed, providing once said second user with said seed for generating a key with a second key generator provided in said second terminal, providing to and storing said seed in said second terminal, using said seed by said second terminal for generating a key each time an encrypted email from said first user to said second user is received, synchronising a counting value in each terminal; and generating said key on the basis of said seed and a counting value in each terminal, independently of other terminal.

Description

information security

technical field

The invention relates to a method and system for securely encrypting and transmitting information, especially for transmitting emails and for communication networks.

Background technique

With the increasing use of the Internet and other networks, communicating by electronic mail (email) is now a very common practice. Countless emails are sent over the Internet every day, containing many types of information. Email is also used in companies and businesses for domestic and international communication. Many emails contain sensitive and confidential information.

Unfortunately, not all emails reach their destination and may even be received by the wrong address. Also, it is often easy for an unauthorized person to hack a server or gain access to a network to read e-mail.

For sending encrypted e-mail, there are many methods: PGP (Pretty Good Privacy) (PGP and Pretty Good Privacy are registered trademarks of PGP Corporation) is an application program for sending encrypted e-mail. This application is a plug-in for email programs based on the use of public keys. Two users exchange public keys, which can then be used to encrypt and decrypt email or other files. Also, if the e-mail is encrypted and transmitted with the recipient's public key, the sender cannot access the e-mail.

You can also use a file as an e-mail attachment and provide the recipient with a password to access the attachment.

Both methods mean that a password or personal key must be used every time a new encrypted file or email is accessed. Passwords or personal keys may be forgotten or obtained by unauthorized persons. Also, tests have shown that many people use last names, nicknames, etc. in order to avoid forgetting their passwords/personal keys, which can be easily guessed or even recorded.

International patent application WO 02/077773 describes a system, method and computer program product which provides an encrypted e-mail reader and responder. Methods of distributing and initializing encrypted email include: first user obtaining permission for an email client software application with public/private key encryption; first user making a request for second user to download a reader/responder software application to exchange encrypted email between a first user and a second user; the second user downloads and installs a reader/responder software application; the second user sends an email to the first user mail, including an unencrypted public key embedded using the Reader/Responder software application's SendKey feature; the first user receives email from a second user with the unencrypted public key embedded in In e-mail; the first user sends a second e-mail in response to the second user, where the reader/responder software application encrypts the second e-mail using the second user's unencrypted public key The email message is encrypted; the second user receives a second email from the first user with the encrypted message as an attachment on a third-party email software application that is different from the A reader/responder software application and an e-mail client software application; a second user opens the attachment, executes the reader/responder software application, and allows the user without the e-mail client software to read and respond to the Encrypted emails created and sent by users of .

Published US application 2002059529 relates to a secure e-mail system where pre-selected e-mail users form a group of participating users requesting secure communications, including a safelist server, members of the group of participating users send all secure e-mail to On a safelist server that includes memory for storing certificate data and a CPU that compares the names of recipients who want to receive each e-mail message with the data in memory and processes the information to facilitate forwarding Authenticated transmission, which is to authenticate the recipient in time according to the display of the memory data.

US 2003140235 relates to a method of exchanging electronic messages between a sender registered with a biometric set and a recipient registered with a biometric set, the method comprising: a. exchanging between the sender and the recipient Registered biometric feature set; b. generate the sender's live-scan (digital palmprint scanning tool) biometric feature set; c. generate the first distinguishing key, the first distinguishing key is derived from the sender's live-scan The difference between the scan biometric set and the sender's registered biometric set; d. Encrypt the message with the first distinguishing key; e. Encrypt the live-scan biometric set of said sender with the encryption key ; f. transmit the encrypted information and the encrypted sender's live-scan biometric feature set to the recipient; g. the recipient decrypts the encrypted sender's live-scan biometric feature set; h. the recipient regenerates the first distinguishing key by calculating the difference between said sender's live-scan biometric set and the sender's registered biometric set; and i. utilizes the regenerated first The distinct key decrypts the information.

WO 01/91366 relates to an apparatus and method for generating pseudo-random keys in a cryptographic communication system. Given a common set of initial configuration data, pseudo-random keys can be repeatedly generated by various independent pseudo-random key generators of the cryptographic communication system.

WO 02/39660 relates to a system and method for cryptographic communication between users and a central service provider using keys generated in situ. Each user communicates with the central service provider, preferably using a user communication interface that includes a local key generator that, after initialization with the user's own personal seed value, generates a unique key. Each user's local key generator generates a unique set of keys by publishing a different user personal seed unique to each user. The central service provider also has a local key generator and preferably also has a copy of all personal seeds distributed to authorized users. The central service provider preferably communicates with individual users in a secure encrypted manner using keys generated from the user's personal seed. By using encrypted communication that generates a unique personal key, an additional public seed value is issued to multiple users, and then encrypted by using the signal that generates the key to grant access to said users under secure conditions, resulting in the conversion from the public seed value to desired user group.

In OTP: The One-time pad generator program is a shareware program distributed via the Internet ( http://www.fourmilab.ch/onetime ) for generating one-time pads or password lists.

Contents of the invention

According to the preferred embodiment of the present invention, the main object of the present invention is to provide a secure electronic mail system which allows encryption and decryption of electronic mail without the need to reuse passwords or personal keys. In particular, the present invention relates to the generation of synchronized encryption keys at at least two remote sites for use in encrypting and decrypting electronic mail or similar information.

Another object of the present invention is to provide an e-mail system which filters unwanted e-mails, so-called spam.

Another object of the present invention is to provide an e-mail system that enables easy purchase of secure e-mail software programs.

For these reasons, and according to a preferred embodiment, the present invention relates to a method of transmitting electronic information, preferably electronic mail, from a first user of a first terminal to a second user of a second terminal, comprising the following steps : The first terminal transmits the email in an encrypted form, and the encrypted email is encrypted with a key generated by a seed through the first key generator, and sent to the second user once providing said seed so that a second key generator provided by said second terminal generates a key, providing said seed to said second terminal and storing said seed in said second terminal In the second terminal described above, when the second user receives an encrypted e-mail sent from the first user, the second terminal uses the seed to generate an encrypted email The key is used to synchronize the count value of each terminal; the key is generated according to the seed and the count value of each terminal, regardless of other terminals.

Most preferably, the seed is only obtained at first initialization time. A second seed is preferably obtained if said first seed is no longer available, for example when the application is reinstalled or installed on a new computer.

According to one embodiment, when many emails are sent to the recipient, each encrypted email gets a dynamic serial number. This dynamic serial number is used to generate a key for the corresponding encrypted email.

According to one embodiment, the present invention further includes the following steps: synchronizing the count value of each terminal; generating the key according to the seed and the count value of each terminal, regardless of other terminals. The seed is stored in at least one terminal, preferably in all terminals, in a dynamic and exchangeable manner. The count value is generated in the counter of each terminal, and the synchronization of the count value is related to the synchronization of the counter. After the initial synchronization of the counters, the terminal performs supplementary synchronization steps only when required. The key-generating operation based on the seed and count value is performed by means of an algorithm stored in at least one terminal in a non-dynamic and unalterable manner.

According to one embodiment, the present invention further includes the step of: generating a list of entrusted terminals according to the received seeds, and only accepting emails registered in said list. Thus, spam can be prevented.

For security reasons, according to a preferred embodiment, the invention includes the step of said first user providing said second user said seed by at least one of telephone, fax and letter.

Encrypted email attachments are encrypted along with the email.

The invention also relates to a system for transmitting electronic mail from a first user to a second user. The system includes a first terminal and a second terminal, the system further includes: a method for the first terminal to transmit the secure e-mail in the form of an encrypted e-mail, the encrypted e-mail is passed through the first encrypted e-mail The key generator is encrypted with a key generated by a seed, and the seed is provided to the second user at one time so as to use the second key generator to generate a key, and the seed is provided to The method of the second terminal and the method of storing the seed in the second terminal, when each time the second user receives the encrypted electronic message sent from the first user A method in which the second terminal uses the seed to generate a key when sending an email.

Each terminal comprises a key-generating unit, the key-generating unit comprising a memory, in which the same seed is stored; a counter, which periodically changes the count value; and a calculation terminal, adapted at each terminal and independently of the other terminals, according to the original value and A key is generated from the count value emitted by the counter. The memory storing the seed in at least one terminal is a dynamic memory, storing the seed in a dynamic and exchangeable manner. Endpoints are set up to sense when they are out of sync and then reset to sync. The computing unit of at least one terminal comprises an algorithm, which is stored in a non-dynamic and unchangeable manner and is preferably implemented in hardware. One of the terminals is the central terminal, which contains several seeds for secure encrypted transmission, these seeds are related to several different terminals, each terminal has an original value.

The invention also relates to a computer program product for transmitting secure electronic mail from a first user of a first terminal to a second user of a second terminal, comprising code for: encrypting and transmitting said first terminal Send the email, use the first seed to generate a key at the first terminal, obtain the seed to generate at the second terminal with the second key generator Key, store the seed in the second terminal, when each time the second user receives the encrypted email sent from the first user, the second The terminal generates a key using said stored seed.

The invention also relates to a transmission signal for transmitting secure electronic mail from a first user of a first terminal to a second user of a second terminal, comprising a signal containing a code for: encrypting and transmitting from The email sent by the first terminal uses the first seed to generate a key at the first terminal, and obtains the seed so as to use the second A key generator generates a key, stores the seed in the second terminal, and each time the second user receives an encrypted email sent from the first user, Said second terminal generates a key using said stored seed.

The present invention also relates to a computer-readable medium having stored thereon a set of instructions for transmitting secure electronic mail from a first user of a first terminal to a second user of a second terminal, said set of instructions including codes for for: encrypting and transmitting said e-mail sent from said first terminal, generating a key at said first terminal using said first seed, obtaining said seed for use in said first terminal The two terminals use the second key generator to generate keys, store the seed in the second terminal, and each time the second user receives the key sent from the first user When encrypting emails, said second terminal generates a key using said stored seed. The medium may be a memory unit.

The invention also relates to a method of marketing a set of instructions for transmitting and receiving secure electronic mail from a first user of a first terminal to a second user of a second terminal. The method includes: said first terminal transmits said secure e-mail in encrypted form, said encrypted e-mail is encrypted by a first key generator with a seed generating key, said Accessible information is provided in the secure email specifying the seller's address from which a second set of instructions is obtained for decrypting the email and debiting the second user due to He used said second set of instructions to encrypt new emails. The optimal method is computerized. Billing is based on ordering and receiving said second set of instructions. The second command set is the entry code for the pre-installed command set.

The invention also relates to a method of filtering e-mails on a receiver from a first user of a first terminal to a receiver of a second user of a second terminal, said first terminal being transmitted in encrypted form The email, the encrypted email is encrypted with a key generated by a seed through the first key generator, and the second user is provided with the seed once to use the The second key generator provided by the second terminal generates a key, and the second terminal generates a trusted sender list according to the sender-recipient relationship generated by the seed, and Perform the operation of receiving emails according to the list. The action may be to store, delete or bounce one of said emails.

Description of drawings

The present invention is described below with reference to accompanying drawing, and preferred embodiment of the present invention is described, but preferred embodiment does not limit the present invention:

FIG. 1 is a flowchart of network communication steps according to the present invention.

FIG. 2 is a block diagram describing a computer terminal.

Figure 3 is a flow chart describing a portion of the steps of the present invention.

Figure 4 is a flow chart describing part of the invention.

Detailed ways

Basically, the invention allows to provide both sender and receiver systems with an initial seed and generate, different for each e-mail, the same encryption key generated at each sender/recipient terminal based on the same seed, And there is no need to provide this seed every time an email is sent. According to a preferred embodiment, the present invention is an application program implemented as a plug-in for e-mail programs such as Microsoft Outlook, Lotus Notes, OutlookExpress, etc. Below, some non-limiting examples are given with reference to Microsoft Outlook. However, it will be appreciated that the present invention can be applied to any data communication application/system in general, especially email application/system. Thus the invention can also be applied to SMS and MMS delivery.

Figure 1 depicts a schematic communication flow of two users using computer terminals to send and receive e-mails. A sending terminal is indicated with 110 and a receiving terminal is indicated with 120 . It is obvious that only two terminals are given as an example, whereas the invention can be used on several terminals. Communication between terminals is performed via the Internet or a LAN using an e-mail server such as Exchange Server running.

The system of the present invention creates a method for email communication security. The relationship between the two email addresses of each sender/recipient pair is unique (channel). The system processes each sender/recipient pair with its own specific encryption key.

According to the flowchart of FIG. 1 , the user of terminal 110 sends (1) an email to the user of receiving terminal 120 . Terminal 110 is installed with the application of the present invention, which encrypts e-mails. In the following embodiment, it is assumed that the sender's email address is "110@mail.com" and the recipient's email address is "120@mail.com". Encrypt the email message with a conventional encryption algorithm such as SHS-1, Blowfish or similar, and lock the email message with the encryption key. If the encryption application detects that the recipient is not one of the delegated recipients, that is, the recipient is not in the recipient registration list for which the decryption application or the decryption password was provided, the application requests the sender Provide an initial password or provide a password for a specific recipient. The password provided by the sender, such as 120xxx, is stored in the system together with other relevant information of the recipient (such as email address). This password is used for:

- generate a key and initialize a channel with the key, such as 110120xxx, which is used to send email to the recipient 120;

- Generate a key, such as 120110xxxx, which is used when receiving emails from 120; and

- Generate unique encryption keys for sending emails. Key generation is described in detail below.

It should be noted that channel here refers to a virtual channel and is related to the obtained sender-recipient relationship.

If the recipient does not decrypt the application program, an unencrypted message is attached to the e-mail and sent to the recipient, informing that the e-mail is encrypted, and it is necessary to enter (2) the program provider 130, such as an Internet service provider, to obtain/ Download (3) the decryption program. Encrypted emails can also be sent as attachments to informational messages. If the key is missing, for example after installing a decryption program and the recipient has not received permission to decrypt, the recipient is instructed to obtain a "password" that will generate the key to decrypt the email. For example, the recipient can call (4) the sender to obtain (6) the passphrase to initiate key generation. Encrypted e-mails can be decrypted when the encryption part is installed and a password is entered. The recipient's application stores the sender's information and:

- Generate a key and initialize a channel with the key, such as 120110xxx, which is used to transmit email to the sender 110;

- Initialize the channel with a key, e.g. 110120xxx, to use when receiving emails from 120; and

- Generate a unique encryption key for receiving emails from the sender 110.

Thus, a sender-recipient relationship is created.

In subsequent steps, when the relationship is created and both the sender and recipient have initialized keys, there is no need to re-exchange passwords or passphrases. The sender's and recipient's applications at the respective terminals will automatically authenticate and generate encryption/decryption keys, eg based on the sender's/recipient's email address.

The next time an email is sent from 110 to 120, the sender's application detects that the recipient 120 is in the registered list and generates a new unique encryption key for the email based on the generated channel. This key is used to encrypt information. A dynamic sequence number is sent with the email, which determines the sequence of the email and the key used.

At the recipient's site, the decryption application detects the dynamic sequence of encryption keys used to encrypt the message. The decryption app generates a key based on the dynamic serial number (and an earlier stored password) and decrypts the email. If the dynamic serial numbers are out of order, for example, an email with a lower serial number is received later than an email with a higher serial number, the application generates and stores all keys until used to decrypt a specific The serial number of the encrypted email. All stored keys can then be used to decrypt discrete emails. These keys are stored and encrypted in a memory unit, which can be destroyed after the corresponding encrypted email has been decrypted. Thus, the present invention also allows delayed decryption of e-mails, and also in an off-line manner.

A sender or email application can provide a message with set parameters that force the recipient or email application to perform a specific action. For example, a sender may require that received information be stored in a special way, such as encrypted, or otherwise not be stored at all. This ensures that the sender can be confident that unauthorized persons cannot access the information while it is stored at the recipient. It can also be other possible instructions. The above examples are for illustrative purposes only, and are not intended to limit the present invention. For example, the sender can request to delete the email information immediately after viewing, and does not allow the email information to be stored in any way. to maximize security.

Each terminal 210, such as an ordinary personal computer, includes a main processor 240, a ROM (read only memory) 250, a RAM (random access memory) 260 and a program storage unit 270 as shown in FIG. 2 . The ROM contains a set of instructions, eg, for the functional operation of the terminal. RAM stores instructions from applications. The program storage unit includes application programs such as e-mail applications, encryption and decryption applications, etc.

The key-generating application 280 comprises, in a storage unit or RAM, the same original value SID, called a seed, preferably in a dynamic and/mutual/exchangeable manner. The storage of the original value is preferably carried out together with the initialization of the boot application, and advantageously through a secure channel, such as an encrypted message or a phone call or similar. Perhaps, the original value is not required, but is instead physically transmitted, and the user of the relevant unit can enter a pre-agreed value on his own instead of the physical transmission. Also, the original value can be exchanged if desired, but an alternative is to use the same original value throughout the lifetime of the key-generating unit. In this case, the original value does not need to be stored in dynamic memory, instead permanent memory can be used.

In addition, the key-generating application controls the counter 281 to periodically change the count value X; The count value emitted by the counter to generate the key.

However, it is advantageous for the counter and calculation unit to be integrated in the same unit, suitably a processor (CPU). An oscillator 283 or clock can also be integrated in the processor, and is also good for controlling the counter. Preferably integrated in the CPU using a real-time clock. In addition, the counter is incremented in steps, which makes it easier to keep terminals in line (synchronize) with other terminals.

If the same raw value is provided to be stored in memory, and the counters are synchronized to deliver the same count value, then the same key can be generated in several key-generating applications, with the others, i.e. each of the running applications Terminal has nothing to do.

These keys can then be used between endpoints for encryption or authentication purposes.

Furthermore, the key-generating unit is preferably adapted to sense whether they are synchronized, and to achieve synchronization if they are not. Sensing can be done by means of a special synchronization test, which is done before key generation.

As an alternative, when a different key is used, it can be verified that sync is required and can be set back to sync afterwards. Synchronization can be achieved, for example, by exchanging count values between the units.

According to one embodiment, the calculation unit comprises an algorithm F which hashes the original value (seed), the existing key and the count value as input parameters. After that, the count value is increased one by one, that is, count=count+1. This algorithm is preferably implemented in the hardware of the computing unit, or alternatively the algorithm is stored in a non-dynamic and unchangeable memory. The algorithm preferably generates keys of 160 bits, although keys of other lengths are possible. Each time, when an instruction is given to the key generator to generate a new key, a new pseudo-random 160-bit code is generated, which is calculated based on the "seed" and the count value

The key-generating application program may further include an interface part for communication between the communication unit and the key-generating unit. Preferably, such communication includes instructing the key-generating unit to generate a key and then instructing the generated key to be returned to the communication unit.

The key-generating unit can be implemented in hardware and implemented in the form of an integrated circuit, so it is difficult to be tampered with. The circuitry can then be added to, and used in conjunction with, essentially any type of communication unit. For example, it is possible to use the key-generating unit of the present invention with an email application.

The key-generating application according to the invention can be used for any kind of peer-to-peer communication or authentication, ie between two terminals, or between a central unit, an email server or several users, clients. Such a central unit preferably comprises a plurality of different key-generating applications, one of which is used for communication between the respective clients/users/terminals and the central unit. As another alternative, the key unit can comprise several different original values, in which case the command to generate the key to the key-generating unit also includes information about which original value should be used. Likewise, it is possible for several units communicating with the central unit to have the same key-generating unit, enabling them to communicate with the same key-generating unit in the central unit.

Encrypted transmission or authentication is described below with the aid of the system described above. In the first step, an email is generated at a terminal and encrypted with a key generated by a key generation application. An e-mail may contain one or several attachments, such as word processing files, picture files, JAVA applets, or any other digital data. Thus, electronic mail according to the present invention involves both messages with and without attachments. Send an e-mail to the receiving terminal and let the recipient get an initial value, the so-called password or seed. Entering the password into the recipient's decryption application, terminals wishing to communicate with each other in the future are created, during which they are provided with the same original value and preferably synchronized. Now that the system is ready for use, at a subsequent time, any time after initialization the system can be used and at least one terminal authenticates itself to other terminals. When the other terminal determines whether the given identity is known, whether it has a corresponding key-generating application, ie a key-generating application as defined above, with corresponding original values, authentication is obtained. If yes, the program continues to the next step, otherwise the program is interrupted.

Encryption/decryption/authentication is then performed with the computed key. However, it should be understood that encrypted transmission and authentication can of course be accomplished simultaneously in the same process. Encryption and authentication can be implemented with the help of basically any encryption algorithm using keys, such as known DES and RC6, Bluefish, etc.

Another advantage of the present invention is that the application can be used as a filter for blocking unwanted e-mails. Nowadays, countless advertising emails are sent to the recipients, for example, there is a function in Outlook called "Junk Mail", which puts the received emails into a junk mail folder according to a list or some parameters. However, this feature does not work when the sender's name and spam content are changed. The present invention solves this problem with the following methods:

As mentioned above and with reference to FIG. 3, the receiving terminal or server includes a list of sender-recipient pairs, checking 300 is used to check the received address in the list, and comparing 310 is used to compare the sender's address with the stored compared to the addresses. If the email can be decrypted, ie the sender's address is present in the list, the email is decrypted 320 and delivered to the recipient. If the email cannot be decrypted, ie the sender's address is not on the list, the email is either moved to the spam box or returned 330 to the sender. A message can be attached to the bounced e-mail, such as informing the sender that an encryption program is required to send the e-mail to the intended recipient. Of course, not the senders on the list, but the senders that the recipient wants can also send the email. For this reason, the system can store 340 a copy of the email, or simply notify the recipient so that the sender can be notified to install an encryption application and obtain a password from the recipient. Obviously, the filtering/blocking feature is an optional application.

As mentioned above, the present invention also allows the purchase of whole or parts of applications in a simple manner.

Figure 4 illustrates an automated purchasing system 400 . The recipient 401 receives an informational e-mail, the attachment of which is an encrypted e-mail, and obtains a decryption program. Preferably, the decryption program is provided as free or shareware. And encrypted apps must be purchased. When the decryption program is downloaded, the encryption program is also downloaded, but the encryption program can only be used if a license number, password or similar is provided. For this reason, the customer is directed to a purchase address 410, for example on the Internet, from where the license can be obtained. Buying sites may require specific information about the customer's country, language, etc. so that the customer can get the correct version. The customer is then redirected to an ordering website 420 that provides transaction information. The payer may conduct the transaction in known ways, such as payment by credit card, bank transaction, cash transaction, and the like. Depending on the transaction method, clearing 430 or management 440 is performed. If the transaction is accepted, the purchasing site 420 sends a message to the registry 450 and an instruction to the delivery department 460 . The delivery department either sends the program package, the license number, or any other information necessary to (install and) run the encryption program. The delivery department can generate the package/license information. If the program is pre-installed, the password/license number can be delivered via (encrypted) email or downloaded from the website.

It is also possible to provide the recipient with an email from the sender and instruct the recipient to obtain a decryption/encryption application from a website that offers prepaid program downloads and passwords to decrypt the email. In this case, however, the recipient must obtain a password or other possibility to enter the procedure.

It is also possible to provide a server device through which encrypted e-mails pass, for example by tunneling the addresses. In this case, each e-mail can be debited separately (so-called ticker) without purchasing the program.

The above embodiments relate to networks where a user uses two terminals to access e-mail. The present invention can also be applied when users use different terminals. In this case, the encryption/decryption program and the seed can be stored on an information carrier medium such as a CD etc. as a mobile application, for example in the form of a hardware plug-in (such as a USB dongle). Thus, every time the email application is used, the key/storage medium must be provided to execute the encryption/decryption application from there.

In a network, such as in an organization or enterprise, a server handles the IP network where the client is located. Clients simply need to create a secure e-mail channel to a running server, which then handles secure communications with other users on the network. Each user is provided with a unique password to be able to access email messages and send email messages in accordance with the present invention. Also, the network administrator can be provided with an administrator password that allows the administrator to read information and manage accounts. To further increase security, it is possible to require that the administrator must use the hardware unit to generate a unique serial number, which is used for authentication purposes. This unique serial number controls another hardware or software module located like in a central server, the server-based module generates the serial number, and if it is the correct hardware unit and they are synchronized with each other, then this serial number is the same as the administrator module The serial numbers generated are the same. If they are not the same, then the two systems try to synchronize with each other several times.

Such a hardware unit used by the administrator may be provided as, for example, but not limited to, a hardware plug-in using USB (Universal Serial Bus), RS232, RS485, Ethernet, Firewire, Bluetooth, Centronics, SecureDigital, PCMCIA, PC-Card or similar hardware connection standard. Instead of a hardware unit, it is also possible to use a software module, either on a managed computer, workstation or similar computing device, or on a computer media storage device, which can be connected to a network or to a managed Next, connect to the device on the network.

It is also possible to provide a system with compression tools for compressing encrypted e-mails. Any conventional compression method can be used.

Optionally, encrypted and/or decrypted emails can be stored in decrypted or encrypted form. In this case, emails are preferably encrypted with a password. For security reasons, especially in companies, there should be personal passwords and an administrator key (network administrator).

The embodiments described and illustrated above do not limit the invention. Within the scope of the appended claims, the invention can be modified in several ways, depending on the application, wants and needs.

Claims (31)

1. A method of transmitting electronic information, preferably electronic mail, from a first user of a first terminal to a second user of a second terminal, comprising the steps of: - said first terminal transmits said e-mail in encrypted form, said encrypted e-mail is encrypted with a seed generated key by the first key generator, -providing said seed once to said second user in order to generate a key with a second key generator provided by said second terminal, - providing said seed to said second terminal and storing said seed in said second terminal, - said second terminal generates a key using said seed each time said second user receives an encrypted e-mail sent from said first user, - synchronizing the count values of the various terminals; and - Generate said key according to said seed and count value of each terminal, independent of other terminals. 2. The method according to claim 1, wherein said seed is obtained only at a first initialization time. 3. The method of claim 1, wherein if said first seed becomes unusable, a second seed is obtained. 4. The method of claim 1, wherein each encrypted email obtains a dynamic serial number. 5. The method according to claim 4, wherein said dynamic serial number is used to generate a key for a corresponding encrypted email. 6. A method according to claim 5, wherein the seed is stored in at least one terminal, preferably in all terminals, in a dynamic and exchangeable manner. 7. The method according to claim 1 or 6, wherein said count value is generated in a counter of each terminal, and the synchronization of the count value is related to the synchronization of the counter. 8. A method according to any of claims 1-7, wherein after the initial synchronization of the counters, the terminal performs a supplementary synchronization step only when required. 9. The method according to any one of claims 1-8, wherein said key-generating operation based on a seed and a counter value is implemented by an algorithm stored in at least one terminal in a non-dynamic and unalterable manner . 10. The method according to claim 1, comprising the step of generating a delegated terminal list based on the received seed. 11. A method according to claim 10, comprising only receiving emails from registrations in said list. 12. A method according to any one of the preceding claims, comprising said first user providing said second user said seed by at least one of telephone, facsimile or letter. 13. A method according to any one of the preceding claims, wherein said encrypted email attachments are encrypted together with the email. 14. A method according to any one of the preceding claims, wherein the sender provides a message with set parameters which force the recipient to perform a specific action. 15. A method according to any one of the preceding claims, wherein the network administrator is provided with an administrator password which enables the administrator to read information and manage accounts. 16. A method according to claim 15, wherein the hardware unit is provided to the administrator to generate a unique serial number, the serial number serving the purpose of verification of identity. 17. A system for transmitting electronic messages, preferably electronic mail, from a first user of a first terminal to a second user of a second terminal, the system further comprising: - a method for said first terminal to transmit said secure e-mail in the form of an encrypted e-mail encrypted with a key generated by a seed by the first key generator, - a method of providing said second user with said seed once for a second key generator to generate a key, - a method of providing said seed to said second terminal and storing said seed in said second terminal, - when said second user receives an encrypted e-mail sent from said first user, said second terminal uses said seed to generate a key; - Each terminal comprises a key-generating unit, said key-generating unit comprising a memory, in which the same seed is stored; a counter, periodically changing the count value; a computing terminal, suitable in each terminal and independent of other terminals generate a key from the original value and the count value emitted by the counter; and -Terminals are set to sense when they are out of sync, and reset to sync. 18. The system according to claim 17, wherein said memory storing seeds at at least one terminal is a dynamic memory, storing seeds in a dynamic and exchangeable manner. 19. A system according to any one of claims 17 to 18, wherein the computing unit of at least one terminal comprises an algorithm stored in a non-dynamic and unchangeable manner, preferably implemented in hardware. 20. A system according to any one of claims 17 to 19, wherein one of the terminals is a central terminal containing a plurality of seeds for secure encrypted transmission, the seeds being associated with several different terminals, each terminal having an original value. 21. A system according to any one of claims 17 to 20, comprising a first unit for generating a unique serial number, the first unit controlling a second unit located in the system, the second unit generating the serial number if It's the correct unit and they are in sync with each other, then that serial number is the same as the one generated by the first unit. 22. A computer program product for transmitting secure electronic mail from a first user of a first terminal to a second user of a second terminal, comprising code for: - encrypt and transmit said email sent from said first terminal, - generate a key at said first terminal with said first seed, - obtaining said seed to generate a key with a second key generator at said second terminal, - storing said seed in said second terminal, - said second terminal generates a key using said stored seed each time said second user receives an encrypted email sent from said first user; - Each encrypted email gets a dynamic serial number; - generate a key for the corresponding encrypted email with said dynamic serial number; - synchronizing the count values of the various terminals; and - Generate said key according to said seed and count value of each terminal, independent of other terminals. 23. A transmission signal for transmitting secure electronic mail from a first user of a first terminal to a second user of a second terminal, comprising a signal comprising a code, wherein the code is for: - encrypt and transmit said email sent from said first terminal, - generating a key at said first terminal with said first seed, - obtaining said seed to generate a key with a second key generator at said second terminal, - storing said seed in said second terminal, - said second terminal generates a key using said stored seed each time said second user receives an encrypted e-mail sent from said first user, - Each encrypted email gets a dynamic serial number; - generate a key for the corresponding encrypted email with said dynamic serial number; - synchronizing the count values of the various terminals; and - Generate said key according to said seed and count value of each terminal, independent of other terminals. 24. A computer readable medium having stored thereon a set of instructions for transmitting secure electronic mail from a first user of a first terminal to a second user of a second terminal, said set of instructions Include code for: - encrypt and transmit said email sent from said first terminal, - generate a key at said first terminal with said first seed, - obtaining said seed to generate a key with a second key generator at said second terminal, - storing said seed in said second terminal, - said second terminal generates a key using said stored seed each time said second user receives an encrypted e-mail sent from said first user, - Each encrypted email gets a dynamic serial number; - generate a key for the corresponding encrypted email with said dynamic serial number; - synchronizing the count values of the various terminals; and - Generate said key according to said seed and count value of each terminal, independent of other terminals. 25. The medium of claim 24, wherein said medium is a memory unit. 26. A method of marketing a set of instructions for transmitting and receiving electronic messages, in particular for secure electronic mail sent from a first user of a first terminal to a second user of a second terminal , the method includes: - said first terminal transmits said secure e-mail in an encrypted manner, said encrypted e-mail is encrypted with a key generated by a seed by the first key generator, - providing said secure e-mail with readable information indicating the seller's address, - obtaining a second set of instructions from said seller address for decrypting said email, and - Debit said second user for encrypting new e-mails using said second set of instructions. 27. The method according to claim 26, wherein the method is computerized. 28. The method of claim 26, wherein said billing is based on ordering and receiving said second set of instructions. 29. The method of claim 26, wherein said second set of instructions is an entry code for a pre-installed set of instructions. 30. A method of filtering email on a receiver, said email arriving at a receiver of a second user of a second terminal from a first user of a first terminal, said first The terminal transmits the email in an encrypted form, the encrypted email is encrypted with a key generated by a seed through the first key generator, and the second user is provided with the seed once , so as to use the second key generator provided by the second terminal to generate a key, and the second terminal generates a trusted A list of senders and an action to receive emails based on said list. 31. The method of claim 30, wherein said action is one of storing, deleting, or returning said email.

Images