CN101710879A - Novel identity-based privacy enhanced mail forwarding system - Google Patents
Novel identity-based privacy enhanced mail forwarding system Download PDFInfo
- Publication number
- CN101710879A CN101710879A CN200910000696A CN200910000696A CN101710879A CN 101710879 A CN101710879 A CN 101710879A CN 200910000696 A CN200910000696 A CN 200910000696A CN 200910000696 A CN200910000696 A CN 200910000696A CN 101710879 A CN101710879 A CN 101710879A
- Authority
- CN
- China
- Prior art keywords
- private key
- user
- privacy enhanced
- enhanced mail
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a novel identity-based privacy enhanced mail forwarding system, which belongs to the field of communication. A method comprises the following steps of: selecting system parameters according to system security requirements, and generating a system master private key (namely the private key of a private key generation center PKG); receiving a user registration application by the PKG, and generating a private key for a user according to an e-mail address selected by the user; generating a first-stage encrypted e-mail according to the e-mail address of the user; generating a re-encrypted private key according to the system parameters; generating a second-stage encrypted e-mail according to the first-stage encrypted e-mail and the re-encrypted private key, and forwarding the second-stage encrypted e-mail; and decrypting the first-stage or the second-stage encrypted e-mail according to the private key of the user. The novel identity-based privacy enhanced mail forwarding system is realized on the basis of the bilinear pairing defined on an elliptic curve, uses a novel random filling mode to ensure the non-scalability of a cipher text, and enhances the security of the first-stage and the second-stage encrypted e-mails.
Description
Technical field
The present invention relates generally to be used for encryption, re-encryption, forwarding and the deciphering of mailing system, more particularly, relate to use and act on behalf of the re-encryption system as the cryptography instrument and then realize the forwarding of privacy enhanced mail based on identity.
Terminological interpretation
The implication of privacy enhanced mail: Mail Contents is through encrypting.
Implication based on identity: encryption key is exactly targeted mails address itself (Just because of this, this system does not need PKIX PKI), generates for each registered user but decruption key then generates center (PKG) by a private key trusty.
The implication that privacy enhanced mail is transmitted: be the privacy enhanced mail of issuing user A (such as manager) originally, (such as going on business etc.) for some reason, A has no time to attend to deciphering and handle this mail; But A has opened automatic forwarding service before this, wishes that oneself secret mail is transmitted to another one user B (such as the assistant manager) to be handled.Simultaneously, there is following requirement in this system:
The first, A does not wish directly to give B with the decruption key of oneself, does not wish that decruption key is acted on behalf of in generation to B yet;
The second, this mail must still be transmitted with the form of certain ciphertext;
The 3rd, this forwarding work can be finished by one and half trust authority (such as secretary or the mail server itself of A), and this half trust authority is called acts on behalf of Proxy.
Background technology
1984, shamir proposed the thought of public key encryption (IBE) system based on identity, and its core purpose is exactly to remove the dependence that public base is provided with PKI.
1998, people such as Barak proposed to act on behalf of the imagination of re-encryption (PRE), and its core objective is exactly by the one and half believable Proxy of mechanism the ciphertext of user A to be converted to the ciphertext of user B, thereby user B can directly decipher with the private key of oneself.Act on behalf of the re-encryption requirement and carry out the ciphertext corresponding plaintext information that the Proxy of this conversion work can not or be changed, can not know the private key information of A or B.Therefore, earlier being decrypted the approach of encrypting with the PKI of B again with the private key of A is invalid realization.
Calendar year 2001, people such as Boneh have designed the encipherment scheme based on identity of first highly effective based on bilinearity pairing.
2007, people such as Green designed the re-encryption scheme of acting on behalf of based on identity.
Under such background, we propose the present invention just.Be intended to propose a kind of privacy enhanced mail retransmission method and system based on identity.
Summary of the invention
The embodiment of the invention provides a kind of privacy enhanced mail retransmission method and system based on identity.Described technical scheme is as follows:
(1) requires the selective system parameter according to security of system, and generate PKG desired parameters<G according to described system parameters
1, G
2, ê, h, H, p, q, P, P
0, s, comprise two work group G
1(generator P) and G
2, (definition is from G for bilinearity mapping ê
1* G
1To G
2On), crash-resistant Hash function h, Map-to-point function H, big prime number p and q, main private key s and the PKI P thereof of PKG
0
(2) user is at the own addresses of items of mail ID of PKG place registration
U, determine user's true identity to generate pairing decruption key then by the physics mode of off-line, the mode of the safety by off-line sends to the user again;
(3) user x sends mail to A, at first obtains the addresses of items of mail ID of A
A, the PKI of calculating A is contacted the back to the random digit of Mail Contents and generation with sending behind the public key encryption.
(4) the user A password mail of wishing to issue oneself is transmitted to intrasystem another one user B and goes to handle, and user A also will send to one and half trust authority Proxy to this key according to the PKI generation re-encrypted private key of own private key and user B.
(5) after certain user A in the system opened mail forwarding service, the secret mail of every A of issuing all directly was transmitted to Proxy (for example secretary of A or mail server).Have re-encrypted private key Proxy behind the original secret mail that obtains user A, carry out superencipher, be transmitted to user B in the system by overt channel then.
(6) if certain user receives that the password mail is the one-level privacy enhanced mail in the system, use the decruption key of oneself to be decrypted;
(7) if the secondary privacy enhanced mail, at first checking secondary ciphertext whether effectively is decrypted it again.
The embodiment of the invention also provides a kind of transmission digital signature system based on braid group, and described system comprises:
(1) system parameters generation module is used for requiring to select suitable system parameters according to security of system, and generates PKG desired parameters<G according to described system parameters
1, G
2, ê, h, H, p, q, P, P
0, s;
(2) user registration module, the registered user, and obtain the corresponding decruption key in user mail address;
(3) email encryption module, calculating mail reception person's PKI generates mail and additional information, encrypts the back and sends;
(4) re-encrypted private key generation module calculates the re-encrypted private key when carrying out superencipher, and sends to half Proxy that trusts;
(5) mail re-encryption and forwarding module are encrypted and are transmitted the secret mail that needs are transmitted;
(6) privacy enhanced mail deciphering module according to the number of times of email encryption, selects different decryption methods that it is deciphered.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
Be fit to the work mailing system within the sensitive mechanism.PKG can be the Supreme Commander (such as president etc.) of this mechanism, and Proxy can have one (such as mail server), perhaps a plurality of (such as each leader's secretaries).
Description of drawings
Fig. 1 is a kind of privacy enhanced mail retransmission method flow chart based on identity that the embodiment of the invention provides;
Fig. 2 is a kind of privacy enhanced mail forwarding system schematic diagram based on identity that the embodiment of the invention provides.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Referring to Fig. 1, present embodiment provides a kind of privacy enhanced mail retransmission method based on identity, and this method may further comprise the steps:
Step 101: the selective system parameter, the concrete system parameters of selecting is as follows:
At first, by the generation center of key, promptly PKG selectes work group G in the following manner
1And G
2, G
1Certain generator P, and the definition from G
1* G
1To G
2On bilinearity mapping ê:
(1) select a big prime number p to satisfy p=2 mod 3 and p=6q-1, to certain prime number q.Make that E is by equation y
2=x
3+ 1 is defined in the elliptic curve on the finite field GL (p), makes that P is a q rank element among the E/GL (p), order group G
1=<P 〉, promptly by the module on the elliptic curve of P generation.
(2) make 1 ≠ ζ ∈ GL (p
2) be EQUATION x
3Separate for one of-1=0 mod p, make mapping phi (x, y)=(ζ x, y).Note is by<P, φ (P)〉group that generates is E[q].Make G again
2Be GL (p
2) in all rank be that the set that the element of q is formed (can prove that this set is GL (p
2) the multiplication subgroup), e:E[q] * E[q] → G
2Be to be defined in E/GL (p
2) on Weil pairing, the Weil that then revises pairing ê is defined as: ê (P, Q)=e (P, φ (Q)).Easily demonstrate,prove, ê satisfies bilinearity, non-degeneracy and computability thus defined.
Secondly, PKG is from Z
q *In select master key s at random, and make P
0=[s] P.
Once more, selected following two Hash function: h of PKG and H
(1) h is any one crash-resistant Hash function.Consider that the collision of present MD5 and SHA-1 all finds, it is SHA-256 that h is got in suggestion.
(2) H:{0,1}
*→ G
1Be the Map-to-point function, it reflects any identity ID is G
1In certain element, its computational process is as follows: calculate earlier y=h (ID) mod p, ID is the binary string of expression user identity here; If a bit 0 is then added in y=0 or 1 in the ID back, carry out aforementioned calculation once more, be not equal to 0 up to the y that occurs and also be not equal to till 1.Calculate x=(y again
2-1)
(2p-1)/3Mod p.Make then that H (ID)=(x y) is G
1In the point.
At last, PKG announcement<G
1, G
2, ê, h, H, p, q, P, P
0, system parameters is set and is finished.
Step 102: user's registration, detailed process is:
At first, need the user U of registration, select the addresses of items of mail ID that oneself likes
USend ID by overt channel then
UGive PKG, request registration, and request PKG issues decruption key for it.
Secondly, PKG is at the ID that receives user U
UAfterwards, elder generation confirms the true identity of user U by the mode of the physics of off-line.Then, PKG now calculates Q
U=H (ID
U), calculate S again
U=[s] Q
U, last again with off-line and be that safe mode is with S
USend to user U.
Step 103: email encryption, detailed process is:
In the supposing the system or certain outer user X of system want to send envelope secret mail M to certain user A in the system, then X at first will obtain the addresses of items of mail ID of A
AThen, X generates secret mail C in the following manner:
(1) X calculates the PKI Q of user A
A=H (ID
A);
(2) X selects a random number D, requires the binary system length L of D to fix here, and can not be too little, and requiring 1/ (2^L) is a negligible quantity, such as getting L=80;
(3) X is connected in series mail M and d, i.e. E=M||D;
(4) X calculates r=h (E) mod q;
(5) X calculates C
1=[r] P, Q=[r] Q
A
(6) X calculates f=ê (P
0, Q) mod q;
(7) X calculates C
2=E
fMod p;
(8) X makes C=(C
1, C
2), and C sent to user A by overt channel.
Step 104: re-encrypted private key generates, and detailed process is:
Certain user A in the supposing the system wishes to issue own secret mail and is transmitted to intrasystem another one user B and goes processing.User A generates re-encrypted private key in the following manner:
(1) A calculates the PKI Q of B
B=H (ID
B);
(2) A selects a random number X;
(3) A calculates r=h (X) mod q;
(4) A calculates R
1=[r] P, Q=[r] Q
B
(5) A calculates f=ê (P
0, Q) mod q;
(6) A calculates R
2=X
fMod p;
(7) A calculates r
x=h (X) mod q;
(8) A calculates R3=[r
x] P-S
A
(9) A ream weight encryption key R
KA2B=(R
1, R
2, R
3), and with R
KA2BSend to half trust authority Proxy (for example secretary of A or mail server) by safe lane.
Step 105: mail re-encryption and forwarding, detailed process is:
After certain user A in the system opened mail forwarding service, the secret mail of every A of issuing all directly was transmitted to Proxy (for example secretary of A or mail server).Have re-encrypted private key RK
A2BProxy at original secret mail (the being called the one-level privacy enhanced mail) C=(C that obtains user A
1, C
2) after, carry out following operation:
(1) calculates f=ê (C
1, R
3) mod q;
(2) calculate C
2'=(C
2) f mod p;
(3) make C '=(C
1, C
2', R
1, R
2) be the secondary privacy enhanced mail, and it is transmitted to user B in the system by overt channel.
Step 106: the deciphering of one-level privacy enhanced mail, detailed process is:
If the secret mail that certain user U receives in the system is the one-level privacy enhanced mail, promptly without the mail C=(C that crosses re-encryption
1, C
2), then carry out following decryption step:
(1) U calculates f=ê (C
1, S
U) mod q, wherein S
UIt is the decruption key of user U oneself;
(2) U calculates E=(C
2)
-fmodqMod p;
(3) U takes out L position, back earlier from E, is designated as D, and all the other are designated as M;
(4) U calculates r=h (E) mod q;
(5) U calculates and checking equation [r] P=C
1Whether set up:, illustrate that then C is an invalid one-level ciphertext (may send distorted in the way or have error of transmission to take place) if be false; Otherwise, illustrate that C is effective one-level ciphertext, and the corresponding M that calculates is exactly the original e-mail after the effectively deciphering.
Step 107: the deciphering of secondary privacy enhanced mail, detailed process is:
If the secret mail that certain user U receives in the system is the secondary privacy enhanced mail, promptly pass through the mail C=(C of re-encryption
1, C
2', R
1, R
2), then carry out following encrypting step:
(1) calculates f=ê (R
1, S
U) mod q;
(2) calculate X=(R
2)
1/fmodqMod p;
(3) calculate r
x=h (X) mod q;
(4) calculate P '=[r
x] P;
(5) calculate g=ê (C
1, P ') and mod q;
(6) calculate E=(C
2') g mod p;
(7) take out L position, back earlier from E, be designated as D, all the other are designated as M;
(8) calculate r=h (E) mod q;
(9) calculate and whether checking equation [r] P=C1 sets up:, illustrate that then C is an invalid secondary ciphertext (may send distorted in the way or have error of transmission generation or the re-encryption incorrect) if be false; Otherwise, illustrate that C is effective secondary ciphertext, and the corresponding M that calculates is exactly the original e-mail after the effectively deciphering.
Referring to Fig. 2, present embodiment provides a kind of privacy enhanced mail forwarding system based on identity, comprising:
System parameters generation module 201 is used for requiring to select suitable system parameters according to security of system, and generates the required parameter of PKG (being that private key generates the center) according to described system parameters;
User registration module 202, the registered user, and obtain the corresponding decruption key in user mail address;
Re-encrypted private key generation module 204 calculates the re-encrypted private key when carrying out superencipher, and sends to half Proxy that trusts;
Mail re-encryption and forwarding module 205 are encrypted and are transmitted the secret mail that needs are transmitted;
One-level privacy enhanced mail deciphering module 206 is to being decrypted without the privacy enhanced mail of crossing the re-encryption forwarding;
Secondary privacy enhanced mail deciphering module 207 is decrypted the privacy enhanced mail of transmitting through re-encryption.
Wherein, system parameters generation module 201 comprises:
The system parameter selection unit is used for requiring to select suitable system parameters according to security of system.These parameters all are need be disclosed, mainly comprise two work group G
1(generator P) and G
2, (definition is from G for bilinearity mapping ê
1* G
1To G
2On), crash-resistant Hash function h, Map-to-point function H, big prime number p and q, and the PKI P of PKG
0(generating) by following main private key selected cell;
Main private key selected cell is used for according to described system parameters, selects main private key (being the private key that private key generates center P KG) s, and calculates the PKI P of PKG according to main private key
0Main private key s will maintain secrecy, and the PKI P of PKG
0Then disclose as one of system parameters.
User registration module 202 comprises:
The application for registration unit is used to allow the user of needs registration choose at random the addresses of items of mail of oneself liking, and request registration takes place to PKG by overt channel;
The user identity discriminating unit is used to allow PKG after the application for registration of receiving the user, and the mode of the physics by off-line is confirmed user's true identity;
The decruption key generation unit, the user allows PKG after the application for registration of confirming the user and corresponding identity, and the addresses of items of mail of selecting according to the user is user's generating solution decryption key;
Decruption key is issued the unit, is used to allow decruption key that PKG produced the decruption key generation unit send to the user by the mode of the safety of off-line.
The PKI generation unit is used to allow user's (be called for short the sender, down with) that desire sends privacy enhanced mail generate corresponding encrypted public key according to mail reception person's's (adhere to the recipient, down with) addresses of items of mail;
The fill factor, curve factor selected cell is used to allow the sender according to described system parameters, selects the fill factor, curve factor of the binary string of a regular length as this email encryption at random;
The mail encapsulation unit, the mail that is used to allow the sender that desire is encrypted encapsulates with described fill factor, curve factor;
The ciphertext generation unit is used to the mail that allows the sender get up according to described system parameters, described PKI, described encapsulation, generates corresponding ciphertext;
The ciphertext transmitting element, the user allows the sender with described, and ciphertext takes place to the recipient by overt channel.
Re-encrypted private key generation module 204 comprises:
Act on behalf of the PKI computing unit, be used to allow desire authorized user (being the deciphering person of one-level privacy enhanced mail) calculate the PKI that is authorized to user's (being the deciphering person of secondary privacy enhanced mail) that it is chosen according to described system parameters;
The re-encrypted private key generation unit is used to allow the desire authorized user calculate the mail re-encrypted private key;
The re-encrypted private key generating unit is used to allow and desires authorized user described re-encrypted private key is sent to its one and half trusted agents of choosing (for example desiring the secretary of authorized user or mail server etc.) by safe lane.
Mail re-encryption and forwarding module 205 comprise:
Mail re-encryption unit is used to allow half trusted agent that the privacy enhanced mail that receives is carried out re-encryption;
Re-encryption mail retransmission unit, the mail after being used to allow described half trusted agent with described re-encryption is transmitted to authorized users (being secondary privacy enhanced mail deciphering person) by overt channel.
One-level privacy enhanced mail deciphering module 206 comprises:
One-level decrypt ciphertext unit is used to allow the user according to oneself private key, and received one-level privacy enhanced mail is tried deciphering, obtains with the mail of filling expressly;
Authentication unit is used to allow mail that the user fills according to described system parameters and described band expressly, verifies the integrality of former privacy enhanced mail;
Mail deblocking unit is used to allow the user according to the described mail that has a filling expressly and described filling mode, isolates fill factor, curve factor and not with the mail plaintext of filling.
Secondary privacy enhanced mail deciphering module 207 comprises:
Secondary decrypt ciphertext unit is used to allow the user according to oneself private key, and received secondary privacy enhanced mail is tried deciphering, obtains with the mail of filling expressly;
Authentication unit is used to allow mail that the user fills according to described system parameters and described band expressly, the integrality of checking secondary privacy enhanced mail;
Mail deblocking unit is used to allow the user according to the described mail that has a filling expressly and described filling mode, isolates fill factor, curve factor and not with the mail plaintext of filling.
All or part of step in the such scheme can be finished by the commands for controlling relevant hardware, and this instruction can be stored in the storage medium, and storage medium is in the hard disk and internal memory as computer or server.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1. privacy enhanced mail retransmission method based on identity is characterized in that described method comprises:
Require the selective system parameter according to security of system, and according to described system parameters generation system master private key (being the private key that private key generates center P KG);
According to described system parameters and described main private key, for each registered user generates PKI and private key;
According to described system parameters, described PKI and mail to be sent, generate the one-level privacy enhanced mail;
According to described system parameters and desire authorized user private key, be authorized to user's PKI, generate re-encrypted private key;
According to described one-level privacy enhanced mail and described re-encrypted private key, generate the secondary privacy enhanced mail;
According to described private key for user and described one-level or secondary privacy enhanced mail, be decrypted respectively.
2. a kind of privacy enhanced mail retransmission method as claimed in claim 1 based on identity, it is characterized in that, describedly require the selective system parameter, and comprising according to the step of described system parameters generation system master private key (being the private key that private key generates center P KG) according to security of system:
At first, require the selective system parameter, comprise and select suitable elliptic curve and be defined in bilinearity mapping on this curve etc. according to security of system;
Secondly, select main private key for private key generates center P KG, and calculate corresponding public key;
At last, select two hash functions: one is used for any binary string is mapped as point on the described elliptic curve; Another is any crash-resistant hash function.
3. a kind of privacy enhanced mail retransmission method based on identity as claimed in claim 1 is characterized in that, described according to described system parameters and described main private key, the step that generates PKI and private key for each registered user comprises:
At first, the user selects the addresses of items of mail of oneself, and proposes application for registration to PKG;
Secondly, PKG accepts user's application for registration, confirms user real identification by offline mode, and is user's generating solution decryption key;
At last, PKG sends to the user with user's decruption key in the mode of the safety of off-line.
4. a kind of privacy enhanced mail retransmission method based on identity as claimed in claim 1 is characterized in that, and is described according to described system parameters, described PKI and mail to be sent, and the step that generates the one-level privacy enhanced mail comprises:
At first, according to described system parameters and reception addresses of items of mail, generate encrypted public key;
Secondly, according to described system parameters, fill at random desiring privacy enhanced mail;
Once more, according to the mail after described system parameters, described PKI, the described filling, generate the one-level privacy enhanced mail;
At last, described one-level privacy enhanced mail is sent to the recipient by overt channel.
5. a kind of privacy enhanced mail retransmission method based on identity as claimed in claim 1 is characterized in that, described according to described system parameters and desire authorized user private key, be authorized to user's PKI, the step that generates re-encrypted private key comprises:
At first, desire authorized user, generate the PKI that is authorized to the user according to described system parameters and the addresses of items of mail that is authorized to the user;
Secondly, desiring authorized user according to described system parameters and oneself private key and the described PKI that is authorized to the user, is that half trusted agent generates re-encrypted private key;
At last, desire authorized user described re-encrypted private key is sent to half trusted agent by safe lane.
6. a kind of privacy enhanced mail retransmission method based on identity as claimed in claim 1 is characterized in that, and is described according to described one-level privacy enhanced mail and described re-encrypted private key, and the step that generates the secondary privacy enhanced mail comprises:
At first, according to described system parameters, described one-level privacy enhanced mail and described re-encrypted private key, generate the secondary privacy enhanced mail;
Secondly, described secondary privacy enhanced mail is transmitted to by overt channel is authorized to the user.
7. a kind of privacy enhanced mail retransmission method based on identity as claimed in claim 1 is characterized in that, described according to described private key for user and described one-level or secondary privacy enhanced mail, the step that is decrypted respectively comprises:
At first, divide into one-level or secondary privacy enhanced mail according to the architectural feature of described privacy enhanced mail;
Secondly,, try deciphering, obtain having the mail plaintext of filling at random according to described system parameters, described one-level (or secondary) privacy enhanced mail and mail reception person's private key;
Once more, according to described system parameters and the described mail plaintext that has filling, the integrality of checking one-level (or secondary) privacy enhanced mail;
At last, isolate fill factor, curve factor and not expressly according to described system parameters, described filling mode with the mail of filling.
8. the privacy enhanced mail forwarding system based on identity is characterized in that, described system comprises:
The system parameters generation module is used for requiring to select suitable system parameters according to security of system, and generates the required parameter of PKG (being that private key generates the center) according to described system;
User registration module is used to allow the user register, and obtains the corresponding private key in user mail address;
The email encryption module is used to allow e-mail sending generate encrypted public key and corresponding privacy enhanced mail according to recipient's addresses of items of mail;
The re-encrypted private key generation module is used to allow and desires the private key of authorized user basis oneself and be authorized to the corresponding re-encrypted private key of user mail address computation;
Mail re-encryption and forwarding module are used to allow half trusted agent generate the secondary privacy enhanced mail according to one-level privacy enhanced mail and described re-encrypted private key, and are transmitted to and are authorized to the user;
One-level privacy enhanced mail deciphering module is used to allow the recipient of mail decipher the one-level privacy enhanced mail according to the private key of oneself;
Secondary privacy enhanced mail deciphering module is used to allow the recipient of mail decipher the secondary privacy enhanced mail according to the private key of oneself.
9. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described system parameters generation module comprises:
The system parameter selection unit is used for requiring to select suitable system parameters according to security of system;
Main private key selected cell is used for according to described system parameters, selects the main private key of PKG.
10. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described user registration module comprises:
The application for registration unit is used to allow the user select the addresses of items of mail of oneself, and carries out application for registration;
The user identity discriminating unit is used to allow PKG verify user's true identity;
The decruption key generation unit, the user allows PKG after the identity of confirming the user, is user's generating solution decryption key;
Decruption key is issued the unit, is used to allow PKG that user's decruption key is sent to the user by safe lane.
11. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described email encryption module comprises:
The PKI generation unit is used for generating corresponding encrypted public key according to addresses of items of mail;
The fill factor, curve factor selected cell is used to select the fill factor, curve factor of this email encryption;
The mail encapsulation unit, the mail that is used for desire is encrypted encapsulates with described fill factor, curve factor;
The ciphertext generation unit is used for the mail that gets up according to described system parameters, described PKI, described encapsulation, generates the respective encrypted mail;
The ciphertext transmitting element is used for described privacy enhanced mail is sent to the recipient by overt channel.
12. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described re-encrypted private key generation module comprises:
Act on behalf of the PKI computing unit, be used for calculating the PKI that is authorized to the user that it is chosen according to described system parameters;
The re-encrypted private key generation unit is used to calculate re-encrypted private key;
The re-encrypted private key generating unit is used for described re-encrypted private key is sent to half trusted agent by safe lane.
13. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described mail re-encryption and forwarding module comprise:
Mail re-encryption unit, the privacy enhanced mail that is used for receiving carries out re-encryption;
Re-encryption mail retransmission unit is used for the mail after the described re-encryption is transmitted to authorized users by overt channel.
14. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described one-level privacy enhanced mail deciphering module comprises:
One-level decrypt ciphertext unit is used for received one-level privacy enhanced mail is tried deciphering, obtains the mail plaintext with filling;
Authentication unit is used for the mail plaintext according to described system parameters and the filling of described band, verifies the integrality of former privacy enhanced mail;
Mail deblocking unit is used for according to the described mail that has a filling expressly and described filling mode, isolates fill factor, curve factor and not with the mail plaintext of filling.
15. the privacy enhanced mail forwarding system based on identity as claimed in claim 8 is characterized in that, described secondary privacy enhanced mail deciphering module comprises:
Secondary decrypt ciphertext unit is used for received secondary privacy enhanced mail is tried deciphering, obtains the mail plaintext with filling;
Authentication unit is used for the mail plaintext according to described system parameters and the filling of described band, the integrality of checking secondary privacy enhanced mail;
Mail deblocking unit is used for according to the described mail that has a filling expressly and described filling mode, isolates fill factor, curve factor and not with the mail plaintext of filling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100006967A CN101710879B (en) | 2009-01-14 | 2009-01-14 | Novel identity-based privacy enhanced mail forwarding system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100006967A CN101710879B (en) | 2009-01-14 | 2009-01-14 | Novel identity-based privacy enhanced mail forwarding system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101710879A true CN101710879A (en) | 2010-05-19 |
| CN101710879B CN101710879B (en) | 2012-05-02 |
Family
ID=42403640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100006967A Expired - Fee Related CN101710879B (en) | 2009-01-14 | 2009-01-14 | Novel identity-based privacy enhanced mail forwarding system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101710879B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404121A (en) * | 2011-11-30 | 2012-04-04 | 华为技术有限公司 | Method, device and system for processing cipher text |
| CN103095462A (en) * | 2013-01-24 | 2013-05-08 | 中国科学院软件研究所 | Data broadcasting distribution protection method based on proxy re-encryption and security chips |
| CN103384233A (en) * | 2012-05-02 | 2013-11-06 | 华为技术有限公司 | Agency conversion method, device and system |
| CN104639319A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Identity-based proxy re-encryption method and system |
| CN105187303A (en) * | 2015-10-27 | 2015-12-23 | 湖北工业大学 | Reverse-engineering-resistant safe E-mail forwarding system and method |
| CN107360181A (en) * | 2017-08-02 | 2017-11-17 | 成都蓝码科技发展有限公司 | A kind of data encryption system and method based on id password |
| CN109450631A (en) * | 2018-12-27 | 2019-03-08 | 石更箭数据科技(上海)有限公司 | Key generation device and management system, data processing equipment, data transacting system |
| CN111368317B (en) * | 2020-03-04 | 2021-03-19 | 江苏经贸职业技术学院 | Computer data encryption system and method |
| CN113824702A (en) * | 2021-09-02 | 2021-12-21 | 中电积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083524A (en) * | 2007-06-14 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for encrypting and deciphering E-mail |
-
2009
- 2009-01-14 CN CN2009100006967A patent/CN101710879B/en not_active Expired - Fee Related
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404121B (en) * | 2011-11-30 | 2014-03-12 | 华为技术有限公司 | Method, device and system for processing cipher text |
| CN102404121A (en) * | 2011-11-30 | 2012-04-04 | 华为技术有限公司 | Method, device and system for processing cipher text |
| WO2013078874A1 (en) * | 2011-11-30 | 2013-06-06 | 华为技术有限公司 | Method, device and system for processing encrypted text |
| US9473471B2 (en) | 2012-05-02 | 2016-10-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for performing proxy transformation |
| CN103384233A (en) * | 2012-05-02 | 2013-11-06 | 华为技术有限公司 | Agency conversion method, device and system |
| CN103384233B (en) * | 2012-05-02 | 2017-06-20 | 华为技术有限公司 | A kind of methods, devices and systems for acting on behalf of conversion |
| CN103095462B (en) * | 2013-01-24 | 2015-10-28 | 中国科学院软件研究所 | Based on the data broadcast distribution guard method acting on behalf of re-encryption and safety chip |
| CN103095462A (en) * | 2013-01-24 | 2013-05-08 | 中国科学院软件研究所 | Data broadcasting distribution protection method based on proxy re-encryption and security chips |
| CN104639319B (en) * | 2013-11-10 | 2019-04-23 | 航天信息股份有限公司 | The proxy re-encryption method and system of identity-based |
| CN104639319A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Identity-based proxy re-encryption method and system |
| CN105187303A (en) * | 2015-10-27 | 2015-12-23 | 湖北工业大学 | Reverse-engineering-resistant safe E-mail forwarding system and method |
| CN105187303B (en) * | 2015-10-27 | 2018-06-29 | 湖北工业大学 | The safety of electronic mail repeater system and method for a kind of anti-reverse-engineering |
| CN107360181A (en) * | 2017-08-02 | 2017-11-17 | 成都蓝码科技发展有限公司 | A kind of data encryption system and method based on id password |
| CN109450631A (en) * | 2018-12-27 | 2019-03-08 | 石更箭数据科技(上海)有限公司 | Key generation device and management system, data processing equipment, data transacting system |
| CN111368317B (en) * | 2020-03-04 | 2021-03-19 | 江苏经贸职业技术学院 | Computer data encryption system and method |
| CN113824702A (en) * | 2021-09-02 | 2021-12-21 | 中电积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
| CN113824702B (en) * | 2021-09-02 | 2024-02-02 | 积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101710879B (en) | 2012-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101710879B (en) | Novel identity-based privacy enhanced mail forwarding system | |
| CN109246096B (en) | Multifunctional fine-grained access control method suitable for cloud storage | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| US7657037B2 (en) | Apparatus and method for identity-based encryption within a conventional public-key infrastructure | |
| JP3548215B2 (en) | Communication method and system | |
| CN104767612B (en) | It is a kind of from the label decryption method without certificate environment to PKIX environment | |
| CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
| CN103647642A (en) | Certificate-based agent heavy encryption method and system | |
| CN109873699B (en) | Revocable identity public key encryption method | |
| CN105933345B (en) | It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing | |
| CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
| JP5047638B2 (en) | Ciphertext decryption right delegation system | |
| CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
| CN110120939A (en) | A kind of encryption method and system of the deniable authentication based on heterogeneous system | |
| CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
| CN103297230B (en) | Information encipher-decipher method, Apparatus and system | |
| CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
| JP5298394B2 (en) | Dual-function ID-based encryption method and encryption system | |
| CN104796260B (en) | A kind of short ciphertext identity base encryption method for meeting forward secrecy | |
| Reshma et al. | Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications | |
| JPH04347949A (en) | Cipher communicating method and cipher communicating system | |
| CN101964039B (en) | Encryption protection method and system of copyright object | |
| CN113468582A (en) | Anti-quantum computing encryption communication method | |
| CN111355578B (en) | Public key encryption and decryption method and system with double monitoring parties | |
| Weber | A hybrid attribute-based encryption technique supporting expressive policies and dynamic attributes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120502 Termination date: 20140114 |