CN102055685B - Method for encrypting webmail information - Google Patents
Method for encrypting webmail information Download PDFInfo
- Publication number
- CN102055685B CN102055685B CN 201010598307 CN201010598307A CN102055685B CN 102055685 B CN102055685 B CN 102055685B CN 201010598307 CN201010598307 CN 201010598307 CN 201010598307 A CN201010598307 A CN 201010598307A CN 102055685 B CN102055685 B CN 102055685B
- Authority
- CN
- China
- Prior art keywords
- user
- record
- privacy enhanced
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for encrypting webmail information. An adopted encryption and decryption protecting module based on passwords is embedded in a webmail system, and is seamlessly integrated with the webmail system, so that the method does not depend on a complicated password system and a third-party certification authority, is not subject to a password algorithm patent, and has no need of complicated encryption exchange and complicated encryption management. The method has the advantages of simplification of operation and convenience for use.
Description
Technical field
The present invention relates to a kind of method of web mail information encryption.
Background technology
Email (Email) is as at present the most a kind of application of internet use, and people not only communicate with it, in the individual mailbox that also often personal information that some are important or data are kept at oneself.At present, the Email (Webmail is called for short web mail) based on Webpage is by realizing its access control service with account/cipher authentication mode in client.In case reveal with account/encrypted message, then all e-mail messages in the subscriber mailbox will be exposed in disabled user's eye fully, comprise the personal information that some are important.
Such as Fig. 1, existing email encryption system mainly considers the information privacy in the mail transmission process, when namely the addresser sends mail in E-mail communication e-mail messages is encrypted, and the recipient is decrypted mail after getting the mail again.This method not only needs the mail security communication protocol (such as S/MIME, OpenPGP) of system's support standard, and the mixed cipher system that adopts symmetric cryptography, public key cryptography and Hash password to combine is realized.Therefore, not only can be subject to the patent right restriction of some cryptographic algorithms, and have the shortcoming that realization is complicated, difficulty is large; The second, email encryption and the decryption oprerations of existing email encryption system are finished by transmitting end and receiving end respectively, and namely they are separate operation.Therefore, when carrying out email encryption in the system, transmit leg need to obtain the correct public key information that the recipient uses.Therefore need to carry out cipher key change and management, have operation and use inconvenient shortcoming.The 3rd, its cipher key change has adopted the authentication system based on PKI/CA, must rely on the third-party institution, so have the not high shortcoming of versatility.The 4th, because the operation of the email encryption of existing email encryption system carries out at transmitting terminal, the mail that receiving terminal is received then can't be encrypted protection by existing email encryption system.The 5th, encryption system is (Outlook S/MIME supported in Mail Clients mainly, PGP for Outlook, Gnupg with ThunderBird), existing web mail system self does not have the encryption support of this respect, namely do not have the web mail system that the cryptographic services of this respect is provided self, just some third party developer provides some to encrypt plug-in unit (such as Gmail S/MIME for particular webpage mailing system or browser; FireGPG) this, has the not high shortcoming of Security of the system, because will affect the fail safe of web mail system self.The 6th, in the existing web mail, also can't realize the e-mail messages of user self web displaying is encrypted protection.
The method of existing web mail information encryption mainly contains following two kinds:
1) account/command identifying method
Authentication is as the first line of defence of information security, and it adopts various authentication techniques usually, each side involved in the information operating is carried out identity differentiate, prevents that the disabled user is to the illegal operation of data message.Authentication mainly realizes by following three kinds of Basic Ways one or a combination set of: 1. known to the user, i.e. knowledge known to the individual or that grasp is such as account/password.2. the user all, i.e. the thing that has of individual is such as various smart cards such as magnetic card, bar code card, IC-card or intelligent tokens.3. individual subscriber feature, i.e. the individual biological nature that has of user is such as fingerprint, palmmprint, vocal print, the shape of face, DNA, retina etc.Wherein,, obtained using widely because it is simple, easy-to-use based on the identity identifying technology of account/password.It is based on the checking means of " known to the user (what you know) ".Account/encrypted message of each user is set by user oneself, only has user oneself just to know.As long as can correctly input account/password, system just thinks that the operator is exactly validated user, allows it that system resource is operated.Fig. 2 has shown the authentication basic principle based on account/password.
As can be seen from Figure 2, in the authentication process, when computer system is received the account that the user inputs/encrypted message, computer system will be carried out the account/encrypted message table from system corresponding encrypted message of the inquiry account according to account.Then the encrypted message with this encrypted message and user's input compares.If they are consistent, think that then this user is validated user, authentication is passed through.If they are inconsistent, think that so this user is not validated user, can't be by authentication.
(2) secure e-mail communication protocol
The safety of assurance Email is commonly used mainly to be PGP (Pretty Good Privacy) and S/MIME (Secure Multi-Part Intermail Mail Extension) to two kinds of end-by-end security technology.Their major function is exactly the authentication of identity and the encryption of the transmission of data.Wherein, PGP is the scheme that 20th century the mid-80 Hil Zimmermann proposes.PGP (Pretty Good Privacy) U.S. Phil Zimmermann invention, it is a software cryptography program at first, the user can use it to create safe message and communicate by letter at unsafe communication link, for example Email.PGP uses various forms of encryption methods, it with a kind of simple packet format combined message so that simple, efficient security mechanism to be provided, so that message transmits on the Internet or other networks safely.Characteristics of PGP application program are that its speed is fast, and efficient is high; Another distinguishing feature is exactly that it is portable outstanding, and it can move etc. at multiple operating platform, so PGP becomes the Email public key encryption software kit of current popular.
S/MIME is a new mail security communication protocol, and it is to develop from PEM (Privacy Enhanced Mail) and MIME (the annex standard of Internet mail).The same with PGP, S/MIME also utilizes the encryption system of one-way Hash algorithm and PKI and private key.But it from PGP mainly contain 2 different: its authentication mechanism depends on the certificate verification mechanism of hierarchical structure, the organizations and individuals' of all next stage certificate is responsible for authentication by the tissue of upper level, and mutually authentication between the tissue (root certificate) of upper level, whole trusting relationship is tree-shaped substantially, Here it is so-called Tree of Trust.Also have, S/MIME transmits as special annex after with mail content-encrypt signature, and X.509 its certificate format adopts, but with the online SSL certificate that uses of general browser different is arranged.The certification authority of numerous domestic substantially all provides the service of a kind of crying " safety E-mail certificate ", and what its technology was corresponding is exactly the S/MIME technology, and that platform uses is U.S. Versign basically.There is Pekinese's martial prowess sincere (http://www.itrus.com.cn/) and TrustAsia Shanghai (http://www.trustasia.com.cn/) in main provider, they one be the China affiliate of Versign, one is the Asia-Pacific branch of Versign.
The web mail Confidentiality protection is mainly processed by following several modes at present: the third party PKI/CA authentication public key system of (1) S/MIME agreement and tree realizes sending encryption and the signature of mail; (2) authentication of PGP agreement and network structure equity realizes sending encryption and the signature of mail; (3) increase encipherment protection to the Mail Contents of web mail when the sending/receiving by third party's plug-in unit/module.Yet there is different shortcomings in aforesaid way: mode (1) requires the PKI of S/MIME to be kept in the digital certificate, and be responsible for generating and signing and issuing by the mechanism CA center that the third party generally acknowledges, authentication mechanism depends on the certificate verification mechanism of hierarchical structure, the organizations and individuals' of all next stage certificate is responsible for authentication by the tissue of upper level, and mutually authentication between the tissue (root certificate) of upper level, whole trusting relationship is tree-shaped substantially, Here it is so-called Tree of Trust, and as key authentication mechanism, the CA center not only requires the user to submit to such as identity card, the personal identification of telephone number and so on proves, also accept the usage charges of peek word certificate within limits on time, for domestic consumer, be undoubtedly a huge obstacle, and must arrive the checking of CA center when using certificate at every turn, also user's experience caused adverse effect, in addition, the management of a large amount of certificates (PKI) also becomes the problem that makes CA center headache, can only implement protection to the Email Information that sends based on the mailing system of S/MIME simultaneously, can't be encrypted protection to the Email of accepting; Mode (2) is different from the public key management mechanism of S/MIME, PGP has developed a kind of means of the Model Transfer PKI from interpersonal mutual trust, the key referral of the private mode of this use, more can reflect the social interaction of people's nature, and people also can freely select the people who trusts to introduce, but since trust to as if individual people, it or not Public Authority mechanism, therefore the fail safe of its PKI is lower than S/MIME, there is the complicated operational issue such as cipher key change and management equally in PGP in addition, simultaneously the same with S/MIME, PGP also only supports the mail protection of mailing system transmitting terminal, and the mail of receiving terminal is not supported; Mode (3) adopts third party's plug-in unit to have the safety issue of web mail system self at web mail.
Summary of the invention
Purpose of the present invention provides a kind of method of safe web mail information encryption.
For achieving the above object, the present invention adopts following technical scheme: a kind of method of web mail information encryption, and its encrypting step comprises:
S1 obtains all mails of user in the mail server when the user passes through user log-in authentication in the web mail system after;
The privacy enhanced mail record of S2 read local;
S3 then, the characteristic value of the privacy enhanced mail the characteristic value of each envelope mail that the web mail system will read from mail server and the privacy enhanced mail record compares, have in the privacy enhanced mail record if find certain mail, the information content that then this mail is shown in " mail tabulation " Webpage is encrypted processing; Otherwise the information content that does not show in " mail tabulation " Webpage to this mail is processed;
S4 then, the web mail system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after processing, and this page is passed to user's browser display; For the unencrypted mail, will show the cleartext information of its " mail tabulation "; And will show the cipher-text information of " mail tabulation " for the mail of having encrypted;
If S5 user need to be encrypted operation to the plaintext mail in " mail tabulation ", then in " mail tabulation " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The characteristic value of the selected privacy enhanced mail of S6 web mail system log (SYSLOG) user and the encrypted ones of setting, i.e. " privacy enhanced mail record ", and get back to " mail tabulation " display web page page of step S1 refreshed web page mailing system, to show " mail tabulation " information after encrypting.
Advantage of the present invention is:
The method that the present invention proposes can realize the encipherment protection to the e-mail messages of user's web displaying, has solved the privacy concerns of receiving emails.In the web mail encryption system, realize adopting the encryption and decryption protection of password-based, can not rely on complicated cryptographic system, be not subject to the cryptographic algorithm patent, do not need complicated cipher key change and management and do not rely on third-party certification authority.Because important information often need to often not access or browse, therefore adopt the encipherment protection of password to have advantage simple to operate, easy to use, and, can prevent from that the disabled user from deciphering to read e-mail messages.Email encryption and decryption oprerations all are to be finished by the receiver simultaneously, have advantages of easy to operate.The present invention adopts the mechanism of dynamic encryption and decryption in addition, has the fast characteristics of encryption/decryption speed, and by encryption system being embedded in the web mail system, energy and web mail system seamless combination improve the globality of system and fail safe greatly.
Description of drawings
The invention will be further described below in conjunction with drawings and Examples:
Fig. 1 is the topological diagram of web mail system.
Fig. 2 is the flow chart of existing E-mail encryption/decryption.
Fig. 3 is the flow chart of encrypting step of the present invention.
Fig. 4 is the flow chart of decryption step of the present invention.
Embodiment
Embodiment: the invention provides a kind of specific embodiment of the Mail Contents of web mail (Webmail) being implemented encipherment protection, the information privacy problem that its Mail Contents that is used for the solution web mail occurs expressly to show, its method is specific as follows:
1. encrypting step
We can find out from Fig. 3, and the ciphering process of web mail and demonstration execution in step thereof are as follows:
S1 is when the user passes through user log-in authentication in the web mail system after, at first web mail system (MUA) reads e-mail messages, namely pass through the mail communication agreement from mail server, such as POP3, the communication protocols such as IMAP, but be not limited to this, obtain all mails of user in the mail server, wherein mail server is the mail server independently of third party arbitrarily.
The privacy enhanced mail record of S2 read local, namely from database or file, read the characteristic value (ID) of the privacy enhanced mail in the privacy enhanced mail record, this characteristic value can be/comprises " X-ID " that meet the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.Privacy enhanced mail is recorded in to adopt in the web mail system and stores and read such as modes such as database or files, but can be not limited to this, namely can store in every way and read.The privacy enhanced mail record can adopt cipher mode to store simultaneously, improves fail safe.Privacy enhanced mail is recorded in the web mail system and realizes, with respect to mail server, it is to belong to local.
S3 then; the characteristic value of the privacy enhanced mail the characteristic value of each envelope mail that the web mail system will read from mail server and the privacy enhanced mail record compares; if finding the characteristic value of this mail has in the privacy enhanced mail record; the information content that then this mail is shown in " mail tabulation " page is encrypted processing; and the encryption mode can be simple substituting or displacement; as substituting with " * ", perhaps adopt the modern password algorithm to be encrypted protection.Otherwise, the mail tabulation displaying contents of this mail is not processed, wherein " mail tabulation " comprises the projects such as mail matter topics title, source of email, mail arrives time at least.
S4 then, the web mail system generates static " mail tabulation " webpage (Web) page according to the data of " mail tabulation " after processing, and this page is passed to user's browser display.At this moment, the user will see following content in " mail tabulation " Webpage: for the unencrypted mail, will show the cleartext information of its tabulation; The cipher-text information that will show its tabulation for the mail of having encrypted.The user can check by browser arbitrarily browsing of mail, such as IE, and Firefox etc., but be not limited to this.
If S5 user need to be encrypted operation to the plaintext mail in " mail tabulation ", then in " mail tabulation " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set.
Characteristic value and the encrypted ones of setting, i.e. " the privacy enhanced mail record " of the selected privacy enhanced mail of S6 web mail system log (SYSLOG) user." privacy enhanced mail record " can adopt in the web mail system and store and read such as database or file etc., but can be not limited to this, namely can store in every way, " privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.For security consideration, can also with the encrypted ones information encryption, be encrypted as adopting hash function MD5 or SHA1, but be not limited to this.Then, get back to " mail tabulation " webpage display of step S1 refreshed web page mail, can show the mail tabulation information after the encryption.
If S7 user need to show the particular content of mail, then the user selects this mail and clicks the link of this mail in " mail tabulation " Webpage, enter " Mail Contents " Webpage of this mail, wherein " Mail Contents " comprises projects all in " mail tabulation " and the concrete text project of mail or accessory item.
S8 web mail system reads the mail of user selection from mail server, namely when the user enters " Mail Contents " Webpage of this mail, the web mail system will read from mail server the content of this mail, and communication mode can adopt the POP3/IMAP agreement, but is not limited to this.
S9 web mail system reads the privacy enhanced mail record, wherein " privacy enhanced mail record " information of reading of web mail system refers to the characteristic value of the privacy enhanced mail in the privacy enhanced mail record, this characteristic value can be/comprises " X-ID " that meet the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.In addition, " privacy enhanced mail record " can adopt in the web mail system and store and read such as database or file etc., but can be not limited to this, namely can store in every way and read." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.
S10 then, the characteristic value of the privacy enhanced mail in the characteristic value of the mail that user selection is shown and the privacy enhanced mail record compares, and has in privacy enhanced mail records if find the characteristic value of this mail, then execution in step S11; Such as the mail of user selection not in the privacy enhanced mail record, execution in step S12 then.
Static " Mail Contents " Webpage of the Mail Contents Information generation of S11 web mail system after according to encryption, and this Webpage is passed to user's browser display; The e-mail messages user will can only see encryption in " Mail Contents " Webpage after; The information content that this mail is shown in " Mail Contents " page is encrypted processing, and this encryption mode can be simple substituting or displacement, as substituting with " * ", perhaps adopts the modern password algorithm to be encrypted.The web mail system will carry out dynamic encryption to characteristic value for the Mail Contents information of the mail of " encryption " according to judged result and process, and so far finish.
S12 does not process " Mail Contents " of this mail, and execution in step S13;
S13 web mail system is according to static " Mail Contents " Webpage of mail clear content Information generation, and this Webpage passed to user's browser display, and the user will see expressly e-mail messages in " Mail Contents " Webpage; The user can check by browser arbitrarily browsing of mail, such as IE, and Firefox etc., but be not limited to this.
If S14 user need to be encrypted operation to the plaintext mail that " Mail Contents " Webpage is seen, then in " Mail Contents " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The characteristic value of the selected mail of encrypting of S15 web mail system log (SYSLOG) user and the encrypted ones of setting, i.e. " privacy enhanced mail record ", and get back to " Mail Contents " display web page page of step S8 refreshed web page mailing system, to show " Mail Contents " information after encrypting.For security consideration, password information can also be encrypted, be encrypted as adopting hash function MD5 or SHA1, but be not limited to this.The user can check by browser arbitrarily browsing of mail, such as IE, and Firefox etc., but be not limited to this.When the user is encrypted operation by " Mail Contents " Webpage to the plaintext mail, need the characteristic value of this privacy enhanced mail of record and the encrypted ones information that the user arranges, i.e. privacy enhanced mail record.The privacy enhanced mail record can adopt in web mail to be stored and reads such as database or file etc., but can be not limited to this, namely can store in every way.The privacy enhanced mail record can adopt cipher mode to store in addition, improves fail safe.After finishing cryptographic operation, by refreshing the Mail Contents information after " Mail Contents " Webpage can show encryption.
2. decryption step
We can find out from Fig. 4, and the decrypting process of web mail and demonstration execution in step thereof are as follows:
S16 is when the user passes through user log-in authentication in the web mail system after, and the web mail system obtains all mails of user from mail server, namely passes through the mail communication agreement from mail server, such as POP3, and IMAP etc., and leave in the temporary variable;
S17 reads the privacy enhanced mail record, namely reads the characteristic value of the privacy enhanced mail in the privacy enhanced mail record from database or file; The information of the web mail system reads in this step " privacy enhanced mail record " refers to the characteristic value of the privacy enhanced mail in the privacy enhanced mail record, this characteristic value can be to comprise " X-ID " that meets the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.In addition, " privacy enhanced mail record " can adopt in the web mail system and store and read such as modes such as database or files, but can be not limited to this, namely can store in every way and read." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.
S18 then, the characteristic value of the privacy enhanced mail the characteristic value of each envelope mail that will read from mail server and the privacy enhanced mail record compares, if finding this mail not in the privacy enhanced mail record, does not then process the mail tabulation displaying contents of this mail; Otherwise, have in the privacy enhanced mail record if find this mail, then read interim deciphering mail record, and judge whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the mail tabulation displaying contents of this mail is not processed equally; Otherwise, this mail is encrypted processing at " mail tabulation " displaying contents; Wherein encryption mode can be simple substituting/displacement, as substituting with " * ", perhaps adopts the modern password algorithm to be encrypted.Extract the characteristic value of every envelope mail in the mail that the web mail system will obtain from mail server, and the characteristic value of the privacy enhanced mail in the characteristic value of every envelope mail and " the privacy enhanced mail record " compared, thereby judge whether this mail belongs to the mail of encryption.The characteristic value that the information of " temporarily deciphering mail record " that the web mail system reads refers to decipher the interim deciphering mail in the mail record temporarily, this characteristic value can be/comprises " X-ID " that meet the RFC822/MIME standard among the mail head, or fields such as " X-Message ", also can be user-defined characteristic value mail head's information field.In addition, " deciphering mail record " can adopt in web mail and store and read such as modes such as Session temporarily, but can be not limited to this, namely can store in every way and read." decipher mail record " in addition temporarily and can adopt cipher mode to store, improve fail safe.The web mail system will extract the characteristic value of its mail from privacy enhanced mail, and the characteristic value of the interim deciphering mail in its characteristic value and " temporarily deciphering mail record " is compared, thereby judge whether this mail belongs to interim deciphering mail.The web mail system will carry out " dynamically " encryption to attribute for the list information of the mail of " encryption " and " non-interim deciphering " according to judged result.
S19 then, the web mail system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after processing, and this page is passed to user's browser display: for the unencrypted mail, will show the cleartext information of mail tabulation; Mail for encrypting if this mail is deciphered temporarily, then shows the cleartext information of mail tabulation, otherwise will show the cipher-text information of mail tabulation; The user can check by browser arbitrarily browsing of mail, such as IE, and Firefox etc., but be not limited to this.The web mail system will generate static " mail tabulation " Webpage according to result, and this page is transferred to the user browser demonstration.
If S20 user need to be decrypted operation to the ciphertext mail in " mail tabulation ", then the user clicks corresponding therewith decryption oprerations control in " mail tabulation " Webpage, and input solution password and selection manner of decryption, wherein manner of decryption comprises " interim deciphering " and " forever deciphering " two kinds; The user can be in " mail tabulation " Webpage be decrypted respectively operation to privacy enhanced mail arbitrarily.The user is decrypted when operation to privacy enhanced mail in " mail tabulation " Webpage, need input to separate password, and selects manner of decryption: " interim deciphering " or " permanent deciphering ".
S21 web mail system reads the encrypted ones information of the privacy enhanced mail in the privacy enhanced mail record, and compares with the password of user's input, if password is incorrect, then stops decryption oprerations; If password is correct, then judge whether to belong to " interim deciphering " still " permanent deciphering ", if interim deciphering, the characteristic value of this mail of storage in interim deciphering mail record; If permanent deciphering is then deleted characteristic value and the password information thereof of this mail in the privacy enhanced mail record, and is got back to " mail tabulation " webpage display of step S16 refreshed web page mailing system; The user can check by browser arbitrarily browsing of mail, such as IE, and Firefox etc., but be not limited to this.When the web mail system is decrypted operation by " mail tabulation " Webpage to privacy enhanced mail the user, need to read first the encrypted ones information of the mail of user selection in " privacy enhanced mail record ", and it and password information that the user inputs are compared.The web mail system determines whether that according to the password comparative result needs are decrypted operation.If password is incorrect, then forbid decryption oprerations; If password is correct, then carry out different operations according to the manner of decryption of user selection: for " interim deciphering ", need in " deciphering mail record ", record the characteristic value information of this interim deciphering mail temporarily, and " deciphering mail record " can adopt in the web mail system such as modes such as Session and store and read temporarily, but can be not limited to this, namely can store in every way, " decipher mail record " in addition temporarily and can adopt cipher mode to store, improve fail safe; For " permanent deciphering ", need in " privacy enhanced mail record ", delete the characteristic value information of this deciphering mail, " privacy enhanced mail record " can adopt in the web mail system and store and read such as modes such as database or files, but can be not limited to this, namely can store in every way, in addition, " privacy enhanced mail record " can adopt cipher mode to store, and improves fail safe.The web mail system is after finishing decryption oprerations, by refreshing the mail tabulation information after " mail tabulation " Webpage can show deciphering.
If S22 user need to look into the specifying information content that shows mail, in " mail tabulation " Webpage, click the link of this mail;
S23 web mail system reads the Mail Contents of user selection mail from mail server, when the user enters this mail " Mail Contents " Webpage, the web mail system will read from mail server the Mail Contents of this mail, communication mode can adopt the POP3/IMAP agreement, but is not limited to this.
S24 web mail system reads the privacy enhanced mail record; It mainly is the characteristic value that reads the privacy enhanced mail in the privacy enhanced mail record, this characteristic value can be to comprise " X-ID " that meets the RFC822/MIME standard among the mail head, or " X-Message " etc. also can be user-defined characteristic value mail head's information field at interior field information.In addition, " privacy enhanced mail record " can adopt in the web mail system and store and read such as database or file etc., but can be not limited to this, namely can store in every way and read." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.
S25 then, the characteristic value of the privacy enhanced mail in the characteristic value of the mail that user selection is checked by the web mail system and the privacy enhanced mail record compares, if this mail is not in the privacy enhanced mail record, the information content that then this mail is not shown in " Mail Contents " page is processed, and execution in step S26, if this mail in privacy enhanced mail record, execution in step S27 then;
S26 web mail system generates static deciphering " Mail Contents " Webpage according to mail clear content information, and this page is passed to user's browser display, until finish;
S27 reads first interim deciphering mail record, and judges whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the displaying contents of this mail is not processed equally, if this mail does not belong to the mail of " interim deciphering ", then execution in step S28; The web mail system will read according to judged result the characteristic value of its mail for the mail of " encryption " to attribute, the characteristic value of mail and the characteristic value of the interim deciphering mail in " temporarily deciphering mail record " are compared, thereby judge whether this mail belongs to the mail of interim deciphering.The web mail system will not do the encryption process the Mail Contents information of attribute for the mail of " interim deciphering " according to judged result, then execution in step S26.
The Mail Contents information of S28 web mail system after according to encryption, generate static ciphertext " Mail Contents " Webpage, and this page is passed to user's browser display, the e-mail messages the user will will see encryption in " Mail Contents " Webpage after; The content that this mail is shown in " Mail Contents " page is encrypted processing: the encryption mode can be simple substituting or displacement, as substituting with " * ", perhaps adopts the modern password algorithm to be encrypted, but is not limited to this.The web mail system carries out " dynamically/in real time " encryption to attribute for the Mail Contents information of the mail of " encryption " and " non-interim deciphering ".
When the ciphertext mail that S29 user sees " Mail Contents " Webpage is decrypted operation, then in " Mail Contents " Webpage, click corresponding therewith decryption oprerations control, and input solution password and selection manner of decryption, wherein manner of decryption comprises " interim deciphering " and " forever deciphering " two kinds at least; The user can be decrypted operation to this mail in encrypting " Mail Contents " Webpage.
S30 web mail system reads the encrypted ones information of the privacy enhanced mail in the privacy enhanced mail record, and compares with password that the user inputs, if password is incorrect, then stops decryption oprerations; If password is correct, then judge whether to belong to " interim deciphering " still " permanent deciphering "; If interim deciphering, the then characteristic value of this mail of storage in interim deciphering mail record; If permanent deciphering, characteristic value and the password information thereof of then deleting this mail in the privacy enhanced mail record, and get back to step 23 after the deciphering.The user can check by browser arbitrarily browsing of mail, such as IE, and Firefox etc., but be not limited to this.When the web mail system is decrypted operation by " Mail Contents " Webpage to privacy enhanced mail the user, need to read first the encrypted ones information of this privacy enhanced mail in " privacy enhanced mail record ", and the encrypted ones of this privacy enhanced mail in the password information of user input and " the privacy enhanced mail record " is compared.The web mail system determines whether that according to the password comparative result needs are decrypted operation, if password is incorrect, then forbids decryption oprerations.If password is correct, then carry out different operations according to the manner of decryption of user selection.For " interim deciphering ", need in " deciphering mail record ", record the characteristic value information of this interim deciphering mail temporarily." decipher mail record temporarily " and can in the web mail system, adopt and store and read such as modes such as Session, but can be not limited to this, namely can store in every way." decipher mail record " in addition temporarily and can adopt cipher mode to store, improve fail safe; For " permanent deciphering ", characteristic value and the password information thereof that need in " privacy enhanced mail record ", delete this deciphering mail." privacy enhanced mail record " can adopt in the web mail system and store and read such as modes such as database or files, but can be not limited to this, namely can store in every way." privacy enhanced mail record " can adopt cipher mode to store in addition, improves fail safe.In addition after finishing decryption oprerations, by refreshing the Mail Contents information after " Mail Contents " Webpage can show deciphering.
The present invention realizes the encryption of mail is shown in the web mail system by the mail according to user's appointment; realization is to the encipherment protection of mail; and by the decrypted authentication of password mechanism realization to privacy enhanced mail; thereby realize the authentication to privacy enhanced mail, prevent that the disabled user from checking mail tabulation and the Mail Contents thereof of privacy enhanced mail.
Certainly above-described embodiment only is explanation technical conceive of the present invention and characteristics, and its purpose is to allow the people who is familiar with technique can understand content of the present invention and according to this enforcement, can not limit protection scope of the present invention with this.The all Spirit Essence of main technical schemes is done according to the present invention equivalent transformation or modification all should be encompassed within protection scope of the present invention.
Claims (5)
1. the method for a web mail information encryption, it is characterized in that: its encrypting step comprises:
S1 obtains all mails of user in the mail server when the user passes through user log-in authentication in the web mail system after;
The privacy enhanced mail record of S2 read local;
S3 then, the characteristic value of the privacy enhanced mail the characteristic value of each envelope mail that the web mail system will read from mail server and the privacy enhanced mail record compares, have in the privacy enhanced mail record if find certain mail, the information content that then this mail is shown in " mail tabulation " Webpage is encrypted processing; Otherwise the information content that does not show in " mail tabulation " Webpage to this mail is processed;
S4 then, the web mail system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after processing, and this page is passed to user's browser display; For the unencrypted mail, will show the cleartext information of its " mail tabulation "; And will show the cipher-text information of " mail tabulation " for the mail of having encrypted;
If S5 user need to be encrypted operation to the plaintext mail in " mail tabulation ", then in " mail tabulation " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The characteristic value of the selected privacy enhanced mail of S6 web mail system log (SYSLOG) user and the encrypted ones of setting, i.e. " privacy enhanced mail record ", and get back to " mail tabulation " display web page page of step S1 refreshed web page mailing system, to show " mail tabulation " information after encrypting.
2. the method for claim 1, it is characterized in that: its encrypting step further comprises:
If S7 user need to show the specifying information content of mail, then the user selects this mail and clicks the link of this mail in " mail tabulation " Webpage, enters " Mail Contents " Webpage of this mail;
S8 web mail system reads the mail of user selection from mail server, namely when the user enters " Mail Contents " Webpage of this mail, the web mail system will read from mail server the content of this mail;
S9 web mail system reads the privacy enhanced mail record, and wherein the information of web mail system " the privacy enhanced mail record " that read refers to the characteristic value of the privacy enhanced mail in the privacy enhanced mail record;
S10 then, the characteristic value of the privacy enhanced mail in the characteristic value of the mail that user selection is shown and the privacy enhanced mail record compares, and has in privacy enhanced mail records if find this mail, then execution in step S11; Such as the mail of user selection not in the privacy enhanced mail record, execution in step S12 then;
Static " Mail Contents " Webpage of the Mail Contents Information generation of S11 web mail system after according to encryption, and this Webpage is passed to user's browser display; The e-mail messages user will can only see encryption in " Mail Contents " Webpage after so far finishes;
S12 does not process " Mail Contents " of this mail, and execution in step S13;
S13 web mail system is according to static " Mail Contents " Webpage of mail clear content Information generation, and this Webpage passed to user's browser display, and the user will see expressly e-mail messages in " Mail Contents " Webpage;
If S14 user need to be encrypted operation to the plaintext mail that " Mail Contents " Webpage is seen, then in " Mail Contents " Webpage, click corresponding therewith cryptographic operation control, and encrypted ones is set;
The selected mail features value of encrypting of S15 web mail system log (SYSLOG) user and the encrypted ones of setting, i.e. " privacy enhanced mail record ", and get back to " Mail Contents " display web page page of step S8 refreshed web page mailing system, to show " Mail Contents " information after encrypting.
3. method according to claim 2, it is characterized in that: its decryption step comprises:
S16 is when the user passes through user log-in authentication in the web mail system after, and the web mail system obtains all mails of user from mail server, and leaves in the temporary variable;
S17 reads the privacy enhanced mail record, namely reads the characteristic value of the privacy enhanced mail in the privacy enhanced mail record from database or file;
S18 then, the characteristic value of the privacy enhanced mail the characteristic value of each envelope mail that will read from mail server and the privacy enhanced mail record compares, if finding this mail not in the privacy enhanced mail record, does not then process the mail tabulation displaying contents of this mail; Otherwise, have in the privacy enhanced mail record if find this mail, then read interim deciphering mail record, and judge whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the mail tabulation displaying contents of this mail is not processed equally; Otherwise, the mail tabulation displaying contents of this mail is encrypted processing;
S19 then, the web mail system generates static " mail tabulation " Webpage according to the data of " mail tabulation " after processing, and this page is passed to user's browser display: for the unencrypted mail, will show the cleartext information of mail tabulation; Mail for encrypting if this mail is deciphered temporarily, then shows the cleartext information of mail tabulation, otherwise will show the cipher-text information of mail tabulation;
If S20 user need to be decrypted operation to the ciphertext mail in " mail tabulation ", then the user clicks corresponding therewith decryption oprerations control in " mail tabulation " Webpage, and input solution password and selection manner of decryption, wherein manner of decryption comprises " interim deciphering " and " forever deciphering " two kinds;
S21 web mail system reads the encrypted ones information of the privacy enhanced mail in the privacy enhanced mail record, and compares with the password of user's input, if password is incorrect, then stops decryption oprerations; If password is correct, then judge whether to belong to " interim deciphering " still " permanent deciphering ", if interim deciphering, the characteristic value of this mail of storage in " temporarily deciphering mail record "; If permanent deciphering is then deleted characteristic value and the password information thereof of this mail in the privacy enhanced mail record, and is got back to " mail tabulation " webpage display of step S16 refreshed web page mailing system.
4. method as claimed in claim 3, it is characterized in that: its decryption step further comprises:
If S22 user need to show the specifying information content of mail, then the user selects this mail and clicks the link of this mail in " mail tabulation " Webpage;
S23 web mail system reads the Mail Contents of user-selected mail from mail server;
S24 web mail system reads the privacy enhanced mail record;
S25 then, the characteristic value of the privacy enhanced mail in the characteristic value of the mail that user selection is checked by the web mail system and the privacy enhanced mail record compares, if this mail is not in the privacy enhanced mail record, the information content that then this mail is not shown in " Mail Contents " page is processed, and execution in step S26, if this mail in privacy enhanced mail record, execution in step S27 then;
S26 web mail system generates static deciphering " Mail Contents " Webpage according to mail clear content information, and this page is passed to user's browser display, until finish;
S27 reads first interim deciphering mail record, and judges whether this mail belongs to the mail of interim deciphering; If this mail belongs to the mail of " interim deciphering ", then the displaying contents of this mail is not processed equally, and execution in step S26, if this mail does not belong to the mail of " interim deciphering ", then execution in step S28;
The Mail Contents information of S28 web mail system after according to encryption, generate static ciphertext " Mail Contents " Webpage, and this page is passed to user's browser display, the e-mail messages the user will see encryption in " Mail Contents " Webpage after;
When the ciphertext mail that S29 user sees " Mail Contents " Webpage is decrypted operation, then in " Mail Contents " Webpage, click corresponding therewith decryption oprerations control, and input solution password and selection manner of decryption, wherein manner of decryption comprises " interim deciphering " and " forever deciphering " two kinds at least;
S30 web mail system reads the encrypted ones information of the privacy enhanced mail in the privacy enhanced mail record, and compares with password that the user inputs, if password is incorrect, then stops decryption oprerations; If password is correct, then judge whether to belong to " interim deciphering " still " permanent deciphering "; If interim deciphering, the then characteristic value of this mail of storage in interim deciphering mail record; If permanent deciphering, characteristic value and the password information thereof of then deleting this mail in the privacy enhanced mail record, and get back to step S23 after the deciphering.
5. method as claimed in claim 4, it is characterized in that: its decryption step further comprises: the characteristic value in the characteristic value in the described privacy enhanced mail record and the interim deciphering mail record all comprises " X-ID " or " X-Message " field that meets the RFC822/MIME standard among the mail head at least.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010598307 CN102055685B (en) | 2010-12-21 | 2010-12-21 | Method for encrypting webmail information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010598307 CN102055685B (en) | 2010-12-21 | 2010-12-21 | Method for encrypting webmail information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102055685A CN102055685A (en) | 2011-05-11 |
| CN102055685B true CN102055685B (en) | 2013-02-13 |
Family
ID=43959631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010598307 Active CN102055685B (en) | 2010-12-21 | 2010-12-21 | Method for encrypting webmail information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102055685B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103906004B (en) * | 2012-12-19 | 2019-02-01 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail transmitting terminal and mail transmission/reception method |
| CN103580991B (en) * | 2013-01-05 | 2017-06-06 | 网易(杭州)网络有限公司 | The method for uploading and equipment of a kind of Email attachment |
| CN103532704B (en) * | 2013-10-08 | 2016-08-17 | 武汉理工大学 | A kind of Email IBE encryption system for OWA |
| CN104158725A (en) * | 2014-08-22 | 2014-11-19 | 深圳市清时捷科技有限公司 | Data management platform and data management method based on mail transmission |
| CN104270517B (en) * | 2014-09-23 | 2019-06-14 | 中兴通讯股份有限公司 | Information ciphering method and mobile terminal |
| CN104734944A (en) * | 2015-03-18 | 2015-06-24 | 重庆森格玛科技有限公司 | Transmission method and device for electronic mail |
| CN107707456A (en) * | 2017-09-25 | 2018-02-16 | 维沃移动通信有限公司 | A kind of voting method and mobile terminal |
| CN113452687B (en) * | 2021-06-24 | 2022-12-09 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1201198A (en) * | 1997-04-22 | 1998-12-09 | 夏普公司 | Data receiving apparatus |
| CN101115020A (en) * | 2006-07-25 | 2008-01-30 | 腾讯科技(深圳)有限公司 | Secret mail protecting method and mail system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002373140A (en) * | 2001-06-15 | 2002-12-26 | Nec Corp | Portable telephone device |
-
2010
- 2010-12-21 CN CN 201010598307 patent/CN102055685B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1201198A (en) * | 1997-04-22 | 1998-12-09 | 夏普公司 | Data receiving apparatus |
| CN101115020A (en) * | 2006-07-25 | 2008-01-30 | 腾讯科技(深圳)有限公司 | Secret mail protecting method and mail system |
Non-Patent Citations (1)
| Title |
|---|
| JP特开2002-373140A 2002.12.26 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102055685A (en) | 2011-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102055685B (en) | Method for encrypting webmail information | |
| Kent | Internet privacy enhanced mail | |
| US9338163B2 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
| CN101674304B (en) | Network identity authentication system and method | |
| JP4991035B2 (en) | Secure message system with remote decryption service | |
| US8737624B2 (en) | Secure email communication system | |
| US20070174636A1 (en) | Methods, systems, and apparatus for encrypting e-mail | |
| CN106104562A (en) | Safety of secret data stores and recovery system and method | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN106341493A (en) | Entity rights oriented digitalized electronic contract signing method | |
| CN101753311A (en) | Information privacy and identity authentication method and digital signature program | |
| US8619978B2 (en) | Multiple account authentication | |
| CN101765996A (en) | Remote Authentication And Transaction Signatures | |
| CN104243149B (en) | Encrypt and Decrypt method, device and server | |
| JP2010522488A (en) | Secure electronic messaging system requiring key retrieval to distribute decryption key | |
| CN106022035A (en) | Method and system for electronic signature | |
| JP2014527787A (en) | Communication method for authentication using fingerprint information | |
| US7512978B1 (en) | Human-read-only configured e-mail | |
| CN107332666A (en) | Terminal document encryption method | |
| CN103428077A (en) | Method and system for safely receiving and sending mails | |
| CN103078743A (en) | E-mail IBE (Internet Booking Engine) encryption realizing method | |
| Sujithra et al. | ID based adaptive-key signcryption for data security in cloud environment | |
| CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
| Fahl et al. | Trustsplit: usable confidentiality for social network messaging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201222 Address after: No.13 caodang Road, Changshu City, Suzhou City, Jiangsu Province Patentee after: Changshu intellectual property operation center Co.,Ltd. Address before: 215500 No. three, South 99 Ring Road, Jiangsu, Changshou City Patentee before: CHANGSHU INSTITUTE OF TECHNOLOGY |
|
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 215500 5th floor, building 4, 68 Lianfeng Road, Changfu street, Changshu City, Suzhou City, Jiangsu Province Patentee after: Changshu intellectual property operation center Co.,Ltd. Address before: No.13 caodang Road, Changshu City, Suzhou City, Jiangsu Province Patentee before: Changshu intellectual property operation center Co.,Ltd. |