CN102055685A - Method for encrypting webmail information - Google Patents
Method for encrypting webmail information Download PDFInfo
- Publication number
- CN102055685A CN102055685A CN2010105983078A CN201010598307A CN102055685A CN 102055685 A CN102055685 A CN 102055685A CN 2010105983078 A CN2010105983078 A CN 2010105983078A CN 201010598307 A CN201010598307 A CN 201010598307A CN 102055685 A CN102055685 A CN 102055685A
- Authority
- CN
- China
- Prior art keywords
- webpage
- user
- record
- tabulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for encrypting webmail information. An adopted encryption and decryption protecting module based on passwords is embedded in a webmail system, and is seamlessly integrated with the webmail system, so that the method does not depend on a complicated password system and a third-party certification authority, is not subject to a password algorithm patent, and has no need of complicated encryption exchange and complicated encryption management. The method has the advantages of simplification of operation and convenience for use.
Description
Technical field
The present invention relates to a kind of webpage e-mail messages method of encrypting.
Background technology
Email (Email) is as the most widely used a kind of application in the Internet at present, and people not only communicate with it, in the individual mailbox that also often that some are important personal information or data are kept at oneself.At present, the Email (Webmail is called for short the webpage mail) based on Webpage is by realizing its access control service with account/cipher authentication mode in client.In case reveal with account/encrypted message, then all e-mail messages in the subscriber mailbox will be exposed in disabled user's eye fully, comprise the personal information that some are important.
As Fig. 1, existing email encryption system mainly considers the information privacy in the mail transmission process, when promptly the addresser sends mail in E-mail communication e-mail messages is encrypted, and the recipient is decrypted mail after getting the mail again.This method not only needs system to support that (as S/MIME, OpenPGP), and the mixed cipher system that adopts symmetric cryptography, public key cryptography and Hash password to combine is realized for the mail security communication protocol of standard.Therefore, not only can be subjected to the patent right restriction of some cryptographic algorithms, and have the shortcoming that realization is complicated, difficulty is big; The second, the email encryption of existing email encryption system and decryption oprerations are finished by the transmitting end and the end of collecting mail respectively, and promptly they are separate operation.Therefore, when carrying out email encryption in the system, transmit leg need obtain the correct public key information that the recipient uses.Therefore need carry out cipher key change and management, have operation and use inconvenient shortcoming.The 3rd, its cipher key change has adopted the authentication system based on PKI/CA, must rely on the third-party institution, so have the not high shortcoming of versatility.The 4th, because the operation of the email encryption of existing email encryption system carries out at transmitting terminal, the mail that receiving terminal is received then can't carry out encipherment protection by existing email encryption system.The 5th, mainly supported in Mail Clients (the Outlook S/MIME of encryption system, PGP for Outlook, Gnupg with ThunderBird), existing webpage mailing system self does not have the encryption support of this respect, promptly do not have the webpage mailing system that the cryptographic services of this respect is provided self, just some third party developer provides some to encrypt plug-in unit (as Gmail S/MIME at particular webpage mailing system or browser; FireGPG), has the not high shortcoming of fail safe of system, because this will influence the fail safe of webpage mailing system self.The 6th, in the existing webpage mail, also can't realize the e-mail messages of user self web displaying is carried out encipherment protection.
Existing webpage e-mail messages method of encrypting mainly contains following two kinds:
1) account/command identifying method
Authentication is as the first line of defence of information security, and it adopts various authentication techniques usually, each side involved in the information operating is carried out identity differentiate, prevents the illegal operation of disabled user to data message.Authentication is mainly made up by one of following three kinds of Basic Ways or its and realized: 1. known to the user, knowledge promptly known to the individual or that grasp is as account/password.2. the user owns, and the promptly individual thing that is had is as various smart cards such as magnetic card, bar code card, IC-card or intelligent tokens.3. individual subscriber feature, the individual biological nature that promptly user had is as fingerprint, palmmprint, vocal print, the shape of face, DNA, retina or the like.Wherein,, obtained using widely because of it is simple, easy-to-use based on the identity identifying technology of account/password.It is based on the checking means of " known to the user (what you know) ".Account/encrypted message of each user is set by user oneself, has only user oneself just to know.As long as can correctly input account/password, system just thinks that the operator is exactly a validated user, allows it that system resource is operated.Fig. 2 has shown the authentication basic principle based on account/password.
As can be seen from Figure 2, in the authentication process, when computer system is received the account that the user imports/encrypted message, computer system will be carried out account/encrypted message table from system pairing encrypted message of the inquiry account according to account.Encrypted message with this encrypted message and user's input compares then.If their unanimities think that then this user is a validated user, authentication is passed through.If they are inconsistent, think that so this user is not a validated user, can't be by authentication.
(2) secure e-mail communication protocol
Guarantee the safety of Email commonly used to two kinds end to end safe practice mainly be PGP (PrettyGood Privacy) and S/MIME (Secure Multi-Part Intermail Mail Extension).Their major function is exactly the authentication of identity and the encryption of transmission data.Wherein, PGP is the scheme that 20th century the mid-80 Hil Zimmermann proposes.PGP (Pretty Good Privacy) U.S. Phil Zimmermann invention, it is a software cryptography program at first, the user can use it to create safe message and communicate by letter on unsafe communication link, for example Email.PGP uses various forms of encryption methods, it with a kind of simple packet format combined message with provide simply, security mechanism efficiently, make message on the Internet or other networks, transmit safely.Characteristics of PGP application program are that its speed is fast, the efficient height; Another distinguishing feature is exactly that it is portable outstanding, and it can move on multiple operating platform etc., so PGP becomes the Email public key encryption software kit of current popular.
S/MIME is a new mail security communication protocol, and it is from PEM (PrivacyEnhanced Mail) and MIME (the annex standard of Internet mail) development and come.The same with PGP, S/MIME also utilizes the encryption system of one-way Hash algorithm and PKI and private key.But it with PGP mainly contain 2 different: its authentication mechanism depends on the certificate verification mechanism of hierarchical structure, the organizations and individuals' of all next stage certificate is responsible for authentication by the tissue of upper level, and authentication mutually between the tissue (root certificate) of upper level, whole trusting relationship is tree-shaped substantially, Here it is so-called Treeof Trust.Also have, S/MIME transmits mail content-encrypt signature back as special annex, and X.509 its certificate format adopts, but with the online SSL certificate that uses of general browser certain difference is arranged.The certification authority of numerous domestic substantially all provides the service of a kind of crying " safety E-mail certificate ", its technology correspondence be exactly the S/MIME technology, that platform uses is U.S. Versign basically.There are Pekinese's martial prowess sincerity (http://www.itrus.com.cn/) and TrustAsia Shanghai (http://www.trustasia.com.cn/) in main provider, they one be the China affiliate of Versign, one is the Asia-Pacific branch of Versign.
Webpage mail Confidentiality protection is mainly handled by following several modes at present: the third party PKI/CA authentication public key system of (1) S/MIME agreement and tree realizes sending the encryption and the signature of mail; (2) authentication of PGP agreement and network structure equity realizes sending the encryption and the signature of mail; (3) increase encipherment protection by third party's plug-in unit/module to the Mail Contents of webpage mail when the transmission/reception.Yet there is different shortcomings in aforesaid way: mode (1) requires the PKI of S/MIME to be kept in the digital certificate, and be responsible for generating and signing and issuing by the mechanism CA center that the third party generally acknowledges, authentication mechanism depends on the certificate verification mechanism of hierarchical structure, the organizations and individuals' of all next stage certificate is responsible for authentication by the tissue of upper level, and authentication mutually between the tissue (root certificate) of upper level, whole trusting relationship is tree-shaped substantially, Here it is so-called Tree of Trust, and as key authentication mechanism, the CA center not only requires the user to submit to such as identity card, the personal identification of telephone number and so on proves, also accept the usage charges of peek word certificate within limits on time, for domestic consumer, be undoubtedly a huge obstacle, and must arrive the checking of CA center when using certificate at every turn, also the experience to the user causes adverse effect, in addition, the management of a large amount of certificates (PKI) also becomes the problem that makes CA center headache, can only implement protection to the Email Information that sends based on the mailing system of S/MIME simultaneously, can't carry out encipherment protection the Email of accepting; Mode (2) is different with the public key management mechanism of S/MIME, PGP has developed a kind of means of the Model Transfer PKI from interpersonal mutual trust, the key referral of the private mode of this use, more can reflect the social interaction of people's nature, and people also can freely select the people who trusts to introduce, but since trust to as if individual people, it or not public authoritative institution, therefore the fail safe of its PKI is lower than S/MIME, there are complicated operations problems such as cipher key change and management equally in PGP in addition, simultaneously the same with S/MIME, PGP also only supports the mail protection of mailing system transmitting terminal, and the mail of receiving terminal is not supported; Mode (3) adopts third party's plug-in unit to have the safety issue of webpage mailing system self on the webpage mail.
Summary of the invention
Purpose of the present invention provides a kind of safe webpage e-mail messages method of encrypting.
For achieving the above object, the present invention adopts following technical scheme: a kind of webpage e-mail messages method of encrypting, and its encrypting step comprises:
S1 obtains all mails of user in the mail server when the user passes through user log-in authentication in the webpage mailing system after;
S2 reads local privacy enhanced mail record;
S3 then, the webpage mailing system will compare from each envelope mail and the privacy enhanced mail record that mail server reads, have in the privacy enhanced mail record if find certain mail, then the information content that this mail is shown in " mail tabulation " Webpage is carried out encryption; Otherwise the information content that shows in " mail tabulation " Webpage to this mail is not handled;
S4 then, the webpage mailing system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after handling, and this page is passed to user's browser display; For the unencrypted mail, will show the cleartext information of its " mail tabulation "; And will show the cipher-text information of " mail tabulation " for the mail of having encrypted;
If S5 user need carry out cryptographic operation to the plaintext mail in " mail tabulation ", then in " mail tabulation " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The characteristic value of the selected privacy enhanced mail of S6 webpage mailing system recording user and the encrypted ones of setting, i.e. " privacy enhanced mail record ", and get back to " mail tabulation " display web page page of step S1 refreshed web page mailing system, to show " mail tabulation " information after encrypting.
Advantage of the present invention is:
The method that the present invention proposes can realize the encipherment protection to the e-mail messages of user's web displaying, has solved the privacy concerns of receiving emails.In webpage email encryption system, realize adopting encryption and decryption protection, can not rely on the complex password system, be not subject to the cryptographic algorithm patent, do not need complicated cipher key change and management and do not rely on third-party certification authority based on password.Because important information often need often not visit or browse, therefore adopt the encipherment protection of password to have advantage simple to operate, easy to use, and, can prevent from that the disabled user from deciphering to read e-mail messages.Email encryption and decryption oprerations all are to be finished by the receiver simultaneously, have easy to operate advantage.The present invention adopts the mechanism of dynamic encryption and decryption in addition, has the fast characteristics of encryption/decryption speed, and by encryption system being embedded in the webpage mailing system, energy and webpage mailing system seamless combination improve the globality of system and fail safe greatly.
Description of drawings
Below in conjunction with drawings and Examples the present invention is further described:
Fig. 1 is the topological diagram of webpage mailing system.
Fig. 2 is the flow chart of existing E-mail encryption/decryption.
Fig. 3 is the flow chart of encrypting step of the present invention.
Fig. 4 is the flow chart of decryption step of the present invention.
Embodiment
Embodiment: the invention provides the specific embodiment that a kind of Mail Contents to webpage mail (Webmail) is implemented encipherment protection, the information privacy problem that its Mail Contents that is used to solve the webpage mail occurs expressly to show, its method is specific as follows:
1. encrypting step
From Fig. 3 we as can be seen, the ciphering process of webpage mail and show that execution in step is as follows:
S1 is when the user passes through user log-in authentication in the webpage mailing system after, at first webpage mailing system (MUA) reads e-mail messages, promptly pass through the mail communication agreement from mail server, as POP3, communication protocols such as IMAP, but be not limited thereto, obtain all mails of user in the mail server, wherein mail server is an independently mail server of arbitrary third party.
S2 reads local privacy enhanced mail record, the i.e. characteristic value of reading encrypted mail (ID) from database or file, this characteristic value can be/comprises " X-ID " that meet the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.Privacy enhanced mail is recorded in to adopt in the webpage mailing system and stores and read as modes such as database or files, but can be not limited thereto, and promptly can store in every way and read.The privacy enhanced mail record can adopt cipher mode to store simultaneously, improves fail safe.Privacy enhanced mail is recorded in the webpage mailing system and realizes, with respect to mail server, it is to belong to local.
S3 then; the characteristic value of each envelope mail that the webpage mailing system will read from mail server and privacy enhanced mail record compare; if finding the characteristic value of this mail has in the privacy enhanced mail record; then the information content that this mail is shown in " mail tabulation " page is carried out encryption; and the encryption mode can be simple substituting or displacement; substitute as user " * ", perhaps adopt the modern password algorithm to carry out encipherment protection.Otherwise, the mail tabulation displaying contents of this mail is not handled, wherein " mail tabulation " comprises projects such as mail matter topics title, source of email, mail arrives time at least.
S4 then, the webpage mail generates static " mail tabulation " webpage (Web) page according to the data of " mail tabulation " after handling, and this page is passed to user's browser display.At this moment, the user will see following content in " mail tabulation " Webpage: for the unencrypted mail, will show the cleartext information of its tabulation; The cipher-text information that will show its tabulation for the mail of having encrypted.The user can check by browser arbitrarily browsing of mail, as IE, and Firefox etc., but be not limited thereto.
If S5 user need carry out cryptographic operation to the plaintext mail in " mail tabulation ", then in " mail tabulation " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set.
The encrypted ones of selected encrypted feature value of S6 webpage mailing system recording user and setting, i.e. " privacy enhanced mail record "." privacy enhanced mail record " can adopt in the webpage mailing system and store and read as database or file etc., but can be not limited thereto, promptly can store in every way, " privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.For security consideration, the encrypted ones information encryption can also be encrypted as adopting hash function MD5 or SHA1, but is not limited thereto.Then, get back to " mail tabulation " webpage display of step S1 refreshed web page mail, can show the mail tabulation information after the encryption.
If S7 user need show the particular content of mail, in " mail tabulation " Webpage, click the link of this mail, enter " Mail Contents " Webpage of this mail, wherein " Mail Contents " comprises projects all in " mail tabulation " and concrete text project of mail or accessory item.
S8 webpage mailing system reads the mail that the user selects from mail server, promptly when the user enters " Mail Contents " Webpage of this mail, the webpage mailing system will read the content of this mail from mail server, and communication mode can adopt the POP3/IMAP agreement, but is not limited thereto.
S9 webpage mailing system reading encrypted mail record, wherein " privacy enhanced mail record " information of reading of webpage mail is meant the characteristic value of privacy enhanced mail, this characteristic value can be/comprises " X-ID " that meet the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.In addition, " privacy enhanced mail record " can adopt in the webpage mailing system and store and read as database or file etc., but can be not limited thereto, and promptly can store in every way and read." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.
S10 then will select the characteristic value of the mail that shows to compare with the privacy enhanced mail record from the user, have in privacy enhanced mail writes down if find the characteristic value of this mail, then execution in step S11; The mail of selecting as the user not in the privacy enhanced mail record, execution in step S12 then.
The Mail Contents information of S11 webpage mailing system after according to encryption generates static " Mail Contents " Webpage, and this Webpage is passed to user's browser display; The e-mail messages user will can only see encryption in " Mail Contents " Webpage after; The information content that this mail shows in " Mail Contents " page is carried out encryption, and this encryption mode can be simple substituting or displacement, substitutes as user " * ", perhaps adopts the modern password algorithm to encrypt.The webpage mailing system will be carried out dynamic encryption to characteristic value for the Mail Contents information of the mail of " encryption " according to judged result and be handled.
S12 does not handle " Mail Contents " of this mail, and execution in step S13;
S13 webpage mailing system generates static " Mail Contents " Webpage according to mail clear content information, and this Webpage is passed to user's browser display, and the user will see expressly e-mail messages in " Mail Contents " Webpage; The user can check by browser arbitrarily browsing of mail, as IE, and Firefox etc., but be not limited thereto.
If S14 user need carry out cryptographic operation to the plaintext mail that " Mail Contents " Webpage is seen, then in " Mail Contents " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The characteristic value of the selected mail of encrypting of S15 webpage mailing system recording user and the encrypted ones of setting.For security consideration, password information can also be encrypted, encrypt as adopting hash function MD5 or SHA1, but be not limited thereto.The user can check by browser arbitrarily browsing of mail, as IE, and Firefox etc., but be not limited thereto.When the user carries out cryptographic operation by " Mail Contents " Webpage to the plaintext mail, need the characteristic value of this privacy enhanced mail of record and the encrypted ones information that the user is provided with, i.e. privacy enhanced mail record.The privacy enhanced mail record can adopt in the webpage mail to be stored and reads as database or file etc., but can be not limited thereto, and promptly can store in every way.The privacy enhanced mail record can adopt cipher mode to store in addition, improves fail safe.After finishing cryptographic operation, by refreshing the Mail Contents information after " Mail Contents " Webpage can show encryption.
2. decryption step
From Fig. 4 we as can be seen, the decrypting process of webpage mail and show that execution in step is as follows:
S16 when the user in the webpage mailing system by behind the user log-in authentication, the webpage mailing system is obtained all mails of user from mail server, promptly from mail server by the mail communication agreement, as POP3, IMAP etc., and leaving in the temporary variable;
S17 reading encrypted mail record, the i.e. characteristic value of reading encrypted mail from database or file; " privacy enhanced mail record " information that the webpage mailing system reads in this step is meant the characteristic value of privacy enhanced mail, this characteristic value can be to comprise " X-ID " that meets the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.In addition, " privacy enhanced mail record " can adopt in the webpage mailing system and store and read as modes such as database or files, but can be not limited thereto, and promptly can store in every way and read." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.
S18 then will compare from each envelope mail and the privacy enhanced mail record that mail server reads, and, then the mail tabulation displaying contents of this mail is not handled not in the privacy enhanced mail record if find this mail; Otherwise, have in the privacy enhanced mail record if find this mail, then read interim deciphering mail record, and judge whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the mail tabulation displaying contents of this mail is not handled equally; Otherwise, the information content that this mail shows in " mail tabulation " Webpage is carried out encryption; Wherein encryption mode can be simple substituting/displacement, substitutes as user " * ", perhaps adopts the modern password algorithm to encrypt.Extract the characteristic value of every envelope mail in the mail that the webpage mailing system will be obtained from mail server, and the characteristic value of every envelope mail is compared with " privacy enhanced mail record ", thereby judge whether this mail belongs to the mail of encryption." temporarily deciphering mail record " information that the webpage mailing system reads is meant the characteristic value of interim mail, this characteristic value can be/comprises " X-ID " that meet the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.In addition, " deciphering mail record " can adopt in the webpage mail and store and read as modes such as Session temporarily, but can be not limited thereto, and promptly can store in every way and read." decipher mail record " in addition temporarily and can adopt cipher mode to store, improve fail safe.The webpage mailing system will be extracted the characteristic value of its mail from privacy enhanced mail, and its characteristic value and " interim mail record " are compared, thereby judge whether this mail belongs to interim deciphering mail.The webpage mailing system will be carried out " dynamically " encryption to attribute for the list information of the mail of " encryption " and " non-interim deciphering " according to judged result.
S19 then, the webpage mailing system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after handling, and this page is passed to user's browser display: for the unencrypted mail, will show the cleartext information of mail tabulation; Mail for encrypting if this mail is deciphered temporarily, then shows the cleartext information of mail tabulation, otherwise will show the cipher-text information of mail tabulation; The user can check by browser arbitrarily browsing of mail, as IE, and Firefox etc., but be not limited thereto.The webpage mailing system will generate static " mail tabulation " Webpage according to result, and this page is transferred to the user browser demonstration.
If S20 user need be decrypted operation to the ciphertext mail in " mail tabulation ", then the user clicks corresponding therewith decryption oprerations control in " mail tabulation " Webpage, and import and separate password and select manner of decryption, wherein manner of decryption comprises " interim deciphering " and " deciphering forever " two kinds; The user can be in " mail tabulation " Webpage be decrypted operation respectively to privacy enhanced mail arbitrarily.The user is decrypted when operation to privacy enhanced mail in " mail tabulation " Webpage, need input separate password, and selects manner of decryption: " interim deciphering " or " permanent deciphering ".
S21 webpage mailing system reading encrypted mail record, and compare with the password of user input, if password is incorrect, then stop decryption oprerations; If password is correct, then judging whether to belong to " interim deciphering " still is " permanent deciphering ", if interim deciphering, the characteristic value of this mail of storage in interim deciphering record; If permanent deciphering is then deleted the privacy enhanced mail record, and is got back to " mail tabulation " webpage display of step S16 refreshed web page mail; The user can check by browser arbitrarily browsing of mail, as IE, and Firefox etc., but be not limited thereto.The webpage mailing system is decrypted when operation by " mail tabulation " Webpage to privacy enhanced mail the user, need read the password information of the mail that user selects in " privacy enhanced mail record " earlier, and the password information that it and user import is compared.The webpage mailing system determines whether that according to the password comparative result needs are decrypted operation.If password is incorrect, then forbid decryption oprerations; If password is correct, then the manner of decryption of selecting according to the user is carried out different operations: for " interim deciphering ", need in " deciphering mail record ", write down the characteristic value information of this interim deciphering mail temporarily, and " deciphering mail record " can adopt in the webpage mailing system as modes such as Session and store and read temporarily, but can be not limited thereto, promptly can store in every way, " decipher mail record " in addition temporarily and can adopt cipher mode to store, improve fail safe; For " permanent deciphering ", need in " privacy enhanced mail record ", delete the characteristic value information of this deciphering mail, " privacy enhanced mail record " can adopt in the webpage mailing system and store and read as modes such as database or files, but can be not limited thereto, promptly can store in every way, " privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.The webpage mailing system is after finishing decryption oprerations, by refreshing the mail tabulation information after " mail tabulation " Webpage can show deciphering.
If S22 user need look into the specifying information content that shows mail, in " mail tabulation " Webpage, click the link of this mail;
S23 webpage mailing system reads the Mail Contents that the user selects mail from mail server, when the user enters this mail " Mail Contents " Webpage, the webpage mailing system will read the Mail Contents of this mail from mail server, communication mode can adopt the POP3/IMAP agreement, but is not limited thereto.
S24 webpage mailing system reading encrypted mail record; It mainly is the characteristic value of reading encrypted mail, and this characteristic value can be to comprise " X-ID " that meets the RFC822/MIME standard among the mail head, or " X-Message " etc. also can be user-defined characteristic value mail head's information field at interior field information.In addition, " privacy enhanced mail record " can adopt in the webpage mailing system and store and read as database or file etc., but can be not limited thereto, and promptly can store in every way and read." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.
S25 then, the webpage mailing system will compare from mail and the privacy enhanced mail record that the user selects to check, if this mail is not in the privacy enhanced mail record, then the information content that this mail is not shown in " Mail Contents " page is handled, and execution in step S26, if this mail in privacy enhanced mail record, execution in step S27 then;
S26 webpage mailing system is according to mail clear content information, generates static deciphering " Mail Contents " Webpage, and this page is passed to user's browser display, until end;
S27 reads interim deciphering mail record earlier, and judges whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the displaying contents of this mail is not handled equally, if this mail does not belong to the mail of " interim deciphering ", then execution in step S28; The webpage mailing system will read its interim deciphering characteristic value to attribute for the mail of " encryptions " according to judged result, will decipher characteristic value and " deciphering mail record " temporarily temporarily and compare, thereby judge whether this mail belongs to the mail of interim deciphering.The webpage mailing system will not done encryption to attribute for the Mail Contents information of the mail of " interim deciphering " according to judged result.
The Mail Contents information of S28 webpage mailing system after according to encryption, generate static ciphertext " Mail Contents " Webpage, and this page passed to user's browser display, the e-mail messages the user will will see encryption in " Mail Contents " Webpage after; Information/content that this mail shows in " Mail Contents " page is carried out encryption (the encryption mode can be simple substituting or displacement, substitutes as user " * ", perhaps adopts the modern password algorithm to encrypt, but is not limited thereto).The webpage mailing system is carried out " dynamically/in real time " encryption to attribute for the Mail Contents information of the mail of " encryption " and " non-interim deciphering ".
When the ciphertext mail that S29 user sees " Mail Contents " Webpage is decrypted operation, then in " Mail Contents " Webpage, click corresponding therewith decryption oprerations control, and import and separate password and select manner of decryption, wherein manner of decryption comprises " interim deciphering " and " deciphering forever " two kinds at least; The user can be decrypted operation to this mail in encrypting " Mail Contents " Webpage.
S30 webpage mailing system reading encrypted mail record, and compare with password that the user is imported, if password is incorrect, then stop decryption oprerations; If password is correct, then judging whether to belong to " interim deciphering " still is " permanent deciphering "; If interim deciphering, the then characteristic value of this mail of storage in interim deciphering mail record; If the privacy enhanced mail record is then deleted in permanent deciphering, and get back to step 23 after the deciphering.The user can check by browser arbitrarily browsing of mail, as IE, and Firefox etc., but be not limited thereto.When the webpage mailing system is decrypted operation by " Mail Contents " Webpage to privacy enhanced mail the user, need read the password information of this privacy enhanced mail in " privacy enhanced mail record " earlier, and the password information and the password of user's input compared.The webpage mailing system determines whether that according to the password comparative result needs are decrypted operation, if password is incorrect, then forbids decryption oprerations.If password is correct, then the manner of decryption of selecting according to the user is carried out different operations.For " interim deciphering ", need in " deciphering mail record ", write down the characteristic value information of this interim deciphering mail temporarily." decipher mail record temporarily " and can in the webpage mailing system, adopt and store and read, but can be not limited thereto, promptly can store in every way as modes such as Session." decipher mail record " in addition temporarily and can adopt cipher mode to store, improve fail safe; For " permanent deciphering ", the characteristic value information that need in " privacy enhanced mail record ", delete this deciphering mail." privacy enhanced mail record " can adopt in the webpage mailing system and store and read as modes such as database or files, but can be not limited thereto, and promptly can store in every way." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.In addition after finishing decryption oprerations, by refreshing the Mail Contents information after " Mail Contents " Webpage can show deciphering.
The present invention realizes the encryption of mail is shown in the webpage mailing system by the mail according to user's appointment; realization is to the encipherment protection of mail; and by the decrypted authentication of password mechanism realization to privacy enhanced mail; thereby realize authentication, prevent that the disabled user from checking the mail tabulation and the Mail Contents thereof of privacy enhanced mail privacy enhanced mail.
Certainly the foregoing description only is explanation technical conceive of the present invention and characteristics, and its purpose is to allow the people who is familiar with this technology can understand content of the present invention and enforcement according to this, can not limit protection scope of the present invention with this.The all spirit of main technical schemes is done according to the present invention equivalent transformation or modification all should be encompassed within protection scope of the present invention.
Claims (5)
1. webpage e-mail messages method of encrypting, it is characterized in that: its encrypting step comprises:
S1 obtains all mails of user in the mail server when the user passes through user log-in authentication in the webpage mailing system after;
S2 reads local privacy enhanced mail record;
S3 then, the webpage mailing system will compare from each envelope mail and the privacy enhanced mail record that mail server reads, have in the privacy enhanced mail record if find certain mail, then the information content that this mail is shown in " mail tabulation " Webpage is carried out encryption; Otherwise the information content that shows in " mail tabulation " Webpage to this mail is not handled;
S4 then, the webpage mailing system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after handling, and this page is passed to user's browser display; For the unencrypted mail, will show the cleartext information of its " mail tabulation "; And will show the cipher-text information of " mail tabulation " for the mail of having encrypted;
If S5 user need carry out cryptographic operation to the plaintext mail in " mail tabulation ", then in " mail tabulation " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The characteristic value of the selected privacy enhanced mail of S6 webpage mailing system recording user and the encrypted ones of setting, i.e. " privacy enhanced mail record ", and get back to " mail tabulation " display web page page of step S1 refreshed web page mailing system, to show " mail tabulation " information after encrypting.
2. the method for claim 1, it is characterized in that: its encrypting step further comprises:
If S7 user need look into the specifying information content that shows mail, in " mail tabulation " Webpage, click the link of this mail, enter " Mail Contents " Webpage of this mail;
S8 webpage mailing system reads the mail that the user selects from mail server, promptly when the user enters " Mail Contents " Webpage of this mail, the webpage mailing system will read the content of this mail from mail server;
S9 webpage mailing system reading encrypted mail record, wherein " privacy enhanced mail record " information of reading of webpage mailing system is meant the characteristic value of privacy enhanced mail;
S10 then will compare from mail and the privacy enhanced mail record that the user selects to show, has in the privacy enhanced mail record if find this mail, then execution in step S11; The mail of selecting as the user not in the privacy enhanced mail record, execution in step S12 then;
The Mail Contents information of S11 webpage mailing system after according to encryption generates static " Mail Contents " Webpage, and this Webpage is passed to user's browser display; The e-mail messages user will can only see encryption in " Mail Contents " Webpage after;
S12 does not handle " Mail Contents " of this mail, and execution in step S13;
S13 webpage mailing system generates static " Mail Contents " Webpage according to mail clear content information, and this Webpage is passed to user's browser display, and the user will see expressly e-mail messages in " Mail Contents " Webpage;
If S14 user need carry out cryptographic operation to the plaintext mail that " Mail Contents " Webpage is seen, then in " Mail Contents " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The selected mail features value of encrypting of S15 webpage mailing system recording user and the encrypted ones of setting.
3. method according to claim 1 is characterized in that: its decryption step comprises:
S16 is when the user passes through user log-in authentication in the webpage mailing system after, and the webpage mailing system is obtained all mails of user from mail server, and leaves in the temporary variable;
S17 reading encrypted mail record, the i.e. characteristic value of reading encrypted mail from database or file;
S18 then will compare from each envelope mail and the privacy enhanced mail record that mail server reads, and, then the mail tabulation displaying contents of this mail is not handled not in the privacy enhanced mail record if find this mail; Otherwise, have in the privacy enhanced mail record if find this mail, then read interim deciphering mail record, and judge whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the mail tabulation displaying contents of this mail is not handled equally; Otherwise, the information content that this mail shows in " mail tabulation " Webpage is carried out encryption;
S19 then, the webpage mailing system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after handling, and this page is passed to user's browser display: for the unencrypted mail, will show the cleartext information of mail tabulation; Mail for encrypting if this mail is deciphered temporarily, then shows the cleartext information of mail tabulation, otherwise will show the cipher-text information of mail tabulation;
If S20 user need be decrypted operation to the ciphertext mail in " mail tabulation ", then the user clicks corresponding therewith decryption oprerations control in " mail tabulation " Webpage, and import and separate password and select manner of decryption, wherein manner of decryption comprises " interim deciphering " and " deciphering forever " two kinds;
S21 webpage mailing system reading encrypted mail record, and compare with the password of user input, if password is incorrect, then stop decryption oprerations; If password is correct, then judging whether to belong to " interim deciphering " still is " permanent deciphering ", if interim deciphering, the characteristic value of this mail of storage in interim deciphering record; If permanent deciphering is then deleted the privacy enhanced mail record, and is got back to " mail tabulation " webpage display of step S16 refreshed web page mail;
4. the method for claim 1, it is characterized in that: its decryption step further comprises:
If S22 user need look into the specifying information content that shows mail, in " mail tabulation " Webpage, click the link of this mail;
S23 webpage mailing system reads the Mail Contents of user-selected mail from mail server;
S24 webpage mailing system reading encrypted mail record;
S25 then, the webpage mailing system will compare from mail and the privacy enhanced mail record that the user selects to check, if this mail is not in the privacy enhanced mail record, then the information content that this mail is not shown in " Mail Contents " page is handled, and execution in step S26, if this mail in privacy enhanced mail record, execution in step S27 then;
S26 webpage mailing system is according to mail clear content information, generates static deciphering " Mail Contents " Webpage, and this page is passed to user's browser display, until end;
S27 reads interim deciphering mail record earlier, and judges whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the displaying contents of this mail is not handled equally, if this mail does not belong to the mail of " interim deciphering ", then execution in step S28;
The Mail Contents information of S28 webpage mailing system after according to encryption, generate static ciphertext " Mail Contents " Webpage, and this page passed to user's browser display, the e-mail messages the user will will see encryption in " Mail Contents " Webpage after;
When the ciphertext mail that S29 user sees " Mail Contents " Webpage is decrypted operation, then in " Mail Contents " Webpage, click corresponding therewith decryption oprerations control, and import and separate password and select manner of decryption, wherein manner of decryption comprises " interim deciphering " and " deciphering forever " two kinds at least;
S30 webpage mailing system reading encrypted mail record, and compare with password that the user is imported, if password is incorrect, then stop decryption oprerations; If password is correct, then judging whether to belong to " interim deciphering " still is " permanent deciphering "; If interim deciphering, the then characteristic value of this mail of storage in interim deciphering mail record; If the privacy enhanced mail record is then deleted in permanent deciphering, and get back to step 23 after the deciphering.
5. the method for claim 1, it is characterized in that: its decryption step further comprises: described characteristic value comprises " X-ID " or " X-Message " field that meets the RFC822/MIME standard among the mail head at least.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010598307 CN102055685B (en) | 2010-12-21 | 2010-12-21 | Method for encrypting webmail information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010598307 CN102055685B (en) | 2010-12-21 | 2010-12-21 | Method for encrypting webmail information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102055685A true CN102055685A (en) | 2011-05-11 |
| CN102055685B CN102055685B (en) | 2013-02-13 |
Family
ID=43959631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010598307 Active CN102055685B (en) | 2010-12-21 | 2010-12-21 | Method for encrypting webmail information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102055685B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188129A (en) * | 2011-12-29 | 2013-07-03 | 盈世信息科技(北京)有限公司 | E-mail encryption method, mail server and system |
| CN103532704A (en) * | 2013-10-08 | 2014-01-22 | 武汉理工大学 | E-mail IBE (identity based encryption) system aiming at OWA (outlook web access) |
| CN103580991A (en) * | 2013-01-05 | 2014-02-12 | 网易(杭州)网络有限公司 | Mail attachment uploading method and device |
| CN103906004A (en) * | 2012-12-19 | 2014-07-02 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail sending end and mail sending and receiving method |
| CN104158725A (en) * | 2014-08-22 | 2014-11-19 | 深圳市清时捷科技有限公司 | Data management platform and data management method based on mail transmission |
| CN104270517A (en) * | 2014-09-23 | 2015-01-07 | 中兴通讯股份有限公司 | Information encryption method and mobile terminal |
| CN104734944A (en) * | 2015-03-18 | 2015-06-24 | 重庆森格玛科技有限公司 | Transmission method and device for electronic mail |
| CN107707456A (en) * | 2017-09-25 | 2018-02-16 | 维沃移动通信有限公司 | A kind of voting method and mobile terminal |
| CN113452687A (en) * | 2021-06-24 | 2021-09-28 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1201198A (en) * | 1997-04-22 | 1998-12-09 | 夏普公司 | Data receiving apparatus |
| JP2002373140A (en) * | 2001-06-15 | 2002-12-26 | Nec Corp | Portable telephone device |
| CN101115020A (en) * | 2006-07-25 | 2008-01-30 | 腾讯科技(深圳)有限公司 | Secret mail protecting method and mail system |
-
2010
- 2010-12-21 CN CN 201010598307 patent/CN102055685B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1201198A (en) * | 1997-04-22 | 1998-12-09 | 夏普公司 | Data receiving apparatus |
| JP2002373140A (en) * | 2001-06-15 | 2002-12-26 | Nec Corp | Portable telephone device |
| CN101115020A (en) * | 2006-07-25 | 2008-01-30 | 腾讯科技(深圳)有限公司 | Secret mail protecting method and mail system |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188129A (en) * | 2011-12-29 | 2013-07-03 | 盈世信息科技(北京)有限公司 | E-mail encryption method, mail server and system |
| CN103906004B (en) * | 2012-12-19 | 2019-02-01 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail transmitting terminal and mail transmission/reception method |
| CN103906004A (en) * | 2012-12-19 | 2014-07-02 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail sending end and mail sending and receiving method |
| CN103580991A (en) * | 2013-01-05 | 2014-02-12 | 网易(杭州)网络有限公司 | Mail attachment uploading method and device |
| CN103580991B (en) * | 2013-01-05 | 2017-06-06 | 网易(杭州)网络有限公司 | The method for uploading and equipment of a kind of Email attachment |
| CN103532704A (en) * | 2013-10-08 | 2014-01-22 | 武汉理工大学 | E-mail IBE (identity based encryption) system aiming at OWA (outlook web access) |
| CN103532704B (en) * | 2013-10-08 | 2016-08-17 | 武汉理工大学 | A kind of Email IBE encryption system for OWA |
| CN104158725A (en) * | 2014-08-22 | 2014-11-19 | 深圳市清时捷科技有限公司 | Data management platform and data management method based on mail transmission |
| CN104270517A (en) * | 2014-09-23 | 2015-01-07 | 中兴通讯股份有限公司 | Information encryption method and mobile terminal |
| CN104734944A (en) * | 2015-03-18 | 2015-06-24 | 重庆森格玛科技有限公司 | Transmission method and device for electronic mail |
| CN107707456A (en) * | 2017-09-25 | 2018-02-16 | 维沃移动通信有限公司 | A kind of voting method and mobile terminal |
| CN113452687A (en) * | 2021-06-24 | 2021-09-28 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
| CN113452687B (en) * | 2021-06-24 | 2022-12-09 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102055685B (en) | 2013-02-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102055685B (en) | Method for encrypting webmail information | |
| Kent | Internet privacy enhanced mail | |
| US20220198049A1 (en) | Blockchain-Based Secure Email System | |
| US9338163B2 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
| US20070174636A1 (en) | Methods, systems, and apparatus for encrypting e-mail | |
| TWI247516B (en) | Method, apparatus and computer programs for generating and/or using conditional electronic signatures and/or for reporting status changes | |
| US20100241847A1 (en) | Encrypted email based upon trusted overlays | |
| CN106104562A (en) | Safety of secret data stores and recovery system and method | |
| CN101777158B (en) | Method and system for secure transaction | |
| CN101753311A (en) | Information privacy and identity authentication method and digital signature program | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN109951453A (en) | A kind of safe encryption method based on block chain | |
| US20090271627A1 (en) | Secure Data Transmission | |
| CN101765996A (en) | Remote Authentication And Transaction Signatures | |
| JP2010522488A (en) | Secure electronic messaging system requiring key retrieval to distribute decryption key | |
| CN101720071A (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
| CN106464496A (en) | Method and system for creating a certificate to authenticate a user identity | |
| JP2014527787A (en) | Communication method for authentication using fingerprint information | |
| CN106022035A (en) | Method and system for electronic signature | |
| CN107332666A (en) | Terminal document encryption method | |
| CN103428077A (en) | Method and system for safely receiving and sending mails | |
| CN103973713A (en) | Transfer method, extraction method and processing system for electronic mail information | |
| CN103078743A (en) | E-mail IBE (Internet Booking Engine) encryption realizing method | |
| CN110166403A (en) | A kind of safety method of key and ciphertext separated transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201222 Address after: No.13 caodang Road, Changshu City, Suzhou City, Jiangsu Province Patentee after: Changshu intellectual property operation center Co.,Ltd. Address before: 215500 No. three, South 99 Ring Road, Jiangsu, Changshou City Patentee before: CHANGSHU INSTITUTE OF TECHNOLOGY |
|
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 215500 5th floor, building 4, 68 Lianfeng Road, Changfu street, Changshu City, Suzhou City, Jiangsu Province Patentee after: Changshu intellectual property operation center Co.,Ltd. Address before: No.13 caodang Road, Changshu City, Suzhou City, Jiangsu Province Patentee before: Changshu intellectual property operation center Co.,Ltd. |