CN103532704A - E-mail IBE (identity based encryption) system aiming at OWA (outlook web access) - Google Patents
E-mail IBE (identity based encryption) system aiming at OWA (outlook web access) Download PDFInfo
- Publication number
- CN103532704A CN103532704A CN201310460884.4A CN201310460884A CN103532704A CN 103532704 A CN103532704 A CN 103532704A CN 201310460884 A CN201310460884 A CN 201310460884A CN 103532704 A CN103532704 A CN 103532704A
- Authority
- CN
- China
- Prior art keywords
- pseudo
- digital certificate
- rsa
- ibe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to an OWA (outlook web access) e-mail IBE (identity based encryption) system applying a pseudo-RSA (Rivest, Shamir and Adleman) digital certificate. The system comprises an OWA client, the pseudo-RSA digital certificate, an IBE cryptogrammic module, a pseudo-RSA digital certificate issuing tool or system, an Exchange server, an AD (advertisement) server, an IBE public key acquisition agent and an IBE secret key server, wherein the IBE public key acquisition agent is an HTTP (hyper text transport protocol) agent or plugin arranged or inserted in an HTTP transmission channel between the OWA client and the Exchange server; the HTTP agent or plugin stops a request of the OWA client for acquiring public keys of encrypted digital certificates of an encrypted e-mail sender and an encrypted e-mail receiver from the AD server by Exchange and generates or returns pseudo-RSA digital certificates or pseudo-RSA public keys of the e-mail sender and the e-mail receiver, so that e-mail IBE encryption based on the OWA is realized, and the manual operation involved in the application of the pseudo-RSA digital certificates in the OWA is reduced and simplified.
Description
Technical field
The invention belongs to field of information security technology, OWA(Outlook Web Access particularly) an Email IBE(Identity Based Encryption) encryption system, this system makes the OWA system of not supporting IBE to encrypt can in the situation that not making an amendment, realize the email encryption system that mail IBE encrypts.
Background technology
Current cryptographic algorithm can be divided into two large systems: symmetric key encryption (Symmetric key Cryptography) and asymmetric-key encryption (Asymmetric Key Cryptography); Correspondingly, encryption technology is divided into symmetric key encryption technology and asymmetric-key encryption technology.In symmetric key encryption algorithm (technology), same key is used in data encryption, deciphering; In asymmetric-key encryption algorithm (technology), data encryption, deciphering are used two differences but the key that is mutually related (pair of secret keys), one of them can disclose, be called PKI (Public Key), can be used for data encryption, another is underground, is called private key (Private Key), can be used for data deciphering.This pair of secret keys in asymmetric-key encryption algorithm is called public-key cryptography pair, so asymmetric-key encryption algorithm is called again public key encryption algorithm (Public Key Cryptography); Private key in asymmetric-key encryption algorithm must be by the right owner's safekeeping of key.The public key encryption algorithm that obtains at present extensive use comprises with three inventors, Rivest, Shamir and Adleman, the RSA Algorithm of name, and DSA(Digital Signature Algorithm) algorithm etc.; And ECC(Elliptic Curve Cryptography) elliptic curve encryption algorithm is also public key encryption algorithm that to pay attention to and progressively obtain application recent years.
Symmetric key encryption algorithm has realizes feature simple, fast operation, but it also exists the shortcoming (how data encryption side passes to data deciphering side safely by symmetric key) of key distribution management difficulty; And public key encryption algorithm has advantages of key distribution easily (PKI can publish), but it exists algorithm to realize complicated, the slow shortcoming of arithmetic speed.Can see, symmetric key encryption algorithm and public key encryption algorithm are excellent, shortcoming is complementary, so, conventionally the two is combined to use in actual applications: use the random symmetric key generating and apply symmetric key encryption algorithm to data encryption, then the PKI of the usage data side of deciphering, the symmetric key encryption of application public key encryption algorithm to random generation pass to data deciphering side by the data of encryption afterwards together with symmetric key; Data deciphering side receives after the data and symmetric key after encryption, first uses the symmetric key of the private key enabling decryption of encrypted of oneself, then with the symmetric key data decryption after deciphering.Except for data encryption, deciphering; public key encryption algorithm conventionally can also be for digital signature and the signature verification of data: private key owner uses private key to data encryption (signature), and data receiver person uses corresponding PKI to data deciphering (signature verification).
In public key architecture, a side will send enciphered data to the opposing party, must first obtain the other side's PKI, therefore, the owner of PKI (being the recipient of enciphered data) need issue its PKI (preventing that assailant false impersonation from issuing PKI) by certain secure way, so that other people (or entity) can be used its PKI to send enciphered data to it.In order to address this problem, people have proposed Public Key Infrastructure (Public Key Infrastructure, PKI) security technic system.In PKI system, by a digital certificate authentication center (Certification Authority, CA) as believable third party, sign and issue the issue (as served by ldap directory, Lightweight Directory Access Protocol) that digital certificate (Digital Certificate) carries out user's (entity) PKI.The digital certificate that CA signs and issues, except the PKI that comprises holder of certificate, also includes other identity informations of holder of certificate, as name, affiliated tissue, e-mail address etc.Certificate is used its private key digital signature by CA, to guarantee credibility, the fail safe of information in certificate.Digital certificate can be divided into encrypted certificate and letter of identity again sometimes according to its key purposes, and the former is for encryption, the deciphering of data, and the latter is for discriminating, digital signature and the signature verification of identity.Like this, in PKI system, a side will send enciphered data to the opposing party, sender need be first by certain approach, as the open certificate directory service (LDAP) from CA, obtain (encryption) digital certificate of recipient, then from digital certificate, extract recipient's PKI.The most frequently used public key algorithm of digital certificate is RSA and DSA algorithm at present, and the extensive ECC algorithm of paying attention to of up-to-date acquisition, wherein, RSA, ECC digital certificate both can be used for data encryption and deciphering, can test for digital signature and signature again, and DSA digital certificate is only for digital signature and signature verification.
Data encryption based on PKI data certificate (particularly RSA digital certificate) has obtained the extensive support of application at present, such as all kinds of mail private client Outlook, Outlook Express, Thunderbird, Foxmail etc. support E-mail enciphered, the deciphering based on digital certificate (RSA digital certificate); The Outlook Web Access(OWA based on general browser client (take IE browser as main) of Microsoft) mailing system is also supported email encryption, the deciphering based on digital certificate (RSA digital certificate).For the subject of the digital certificate of email encryption, (form of subject is the examination name of X500, Distinguished Name, DN) email address that has certificate holder in E-mail address field (E field), when carrying out email encryption, Mail Clients is that the E-mail address field by the subject of digital certificate finds corresponding enciphered data certificate (such as the certificate key object from local certificate repository or crypto module).
In PKI system, send enciphered data, must obtain in advance (encryption) digital certificate of recipient, this is not a nothing the matter for many domestic consumers, this is also the comparison distinct issues that PKI technical system exists in actual applications, in order to address this problem, people have proposed the encryption (Identity Based Encryption, IBE) based on identify label.IBE is also a kind of public key encryption technology.While using IBE to transmit data encryption, sender is without obtaining in advance recipient's digital certificate, only need know in advance a sign (as identification card number, e-mail address etc.) of unique identification the other side identity, then based on this identification, in conjunction with one group of open parameter, just can carry out data encryption (similarly, normally first by the random symmetric key encryption data that produce, then with the random symmetric key producing of IBE public key encryption).Here, the open parameter of identify label and a group just formed IBE PKI (but in actual applications everybody usually identify label referred to as PKI).Recipient receives after the data of encryption, uses private key corresponding to own identify label to get final product data decryption (strictly get on very well, private key is also to disclose parameter and calculate private information by identify label by a group to form).Private key corresponding to recipient's identify label is to be produced by an IBE key server (also referred to as private key maker, Private Key Generator, PKG).Recipient will obtain IBE private key corresponding to own identify label, need first to complete identity at IBE key server and differentiates and prove that it is that (identity discriminating can realize by identity digital certificate for the owner of respective identity sign, or other is kept fit part identification method and realizes), by escape way, from IBE key server, obtain its IBE private key afterwards, and private key is preserved safely for use in the future.IBE key server can be issued one group of open parameter by secured fashion, so that anyone calculates certain with it, identifies corresponding IBE PKI (carrying out data encryption).
IBE encrypts its unique advantage, and it is encrypted and brought convenience for data transmit, but IBE technology also exists distinct issues in actual applications: Here it is, and current types of applications software (as Outlook) is not nearly all supported IBE encryption technology.The application problem of encrypting in order to decipher IBE, the applicant of patent of the present invention is at its patent " a kind of application implementation method of the public key encryption algorithm recently based on pseudo-RSA key " (number of patent application: proposed the IBE Data Encryption Scheme based on pseudo-RSA key and pseudo-RSA digital certificate 201110248050.8), exactly, when the public key encryption algorithm recently of mentioning in patent of invention 201110248050.8 is IBE cryptographic algorithm, corresponding enforcement is the IBE Data Encryption Scheme based on pseudo-RSA key and pseudo-RSA digital certificate.
When the technical scheme in patent of invention 201110248050.8 is used for the enforcement of IBE cryptographic algorithm, the key data of described pseudo-RSA key (comprising PKI and private key) has the data structure of RSA key, but actual what deposit is the key data (PKI or private key) of IBE cryptographic algorithm; And the digital certificate that described pseudo-RSA digital certificate is the reference format based on X509, the RSA PKI of the certificate owner on this digital certificate is not real RSA PKI, but pseudo-RSA PKI; The certificate owner's that this digital certificate is corresponding RSA private key is not real RSA private key, but pseudo-RSA private key.
There have been pseudo-RSA key and pseudo-RSA digital certificate corresponding to IBE key, also need one of development and implementation simultaneously to realize the crypto module of supporting the standard cipher module interface of RSA cryptographic algorithms funcall, it will use the crypto-operation of pseudo-RSA key, as data encryption, deciphering, be converted into the corresponding crypto-operation (as used the data encryption of pseudo-RSA PKI to be converted into use the data encryption etc. of corresponding IBE PKI) that uses corresponding IBE key.This crypto module is referred to here as IBE crypto module.The standard cipher module interface of described support RSA cryptographic algorithms funcall comprises Windows CSP(Cryptographic Services Provider), PKCS#11 etc., corresponding IBE crypto module is called IBE CSP, IBE PKCS#11 etc.
There have been pseudo-RSA digital certificate and corresponding IBE crypto module, the application that any support RSA digital certificate carries out data encryption, deciphering can be used IBE to carry out data encryption, deciphering: encrypt the standard RSA interface of applying by IBE crypto module and use (puppet) digital certificate to carry out the crypto-operation (encrypt, decipher) for (puppet) RSA key (PKI or private key) and cryptographic algorithm, and IBE crypto module is converted into the crypto-operation for corresponding IBE key (PKI or private key) by relevant computing.
The concrete application process of the IBE data encryption based on pseudo-RSA digital certificate is as follows:
(1) if when enciphered data transmit leg is used certain application (as Outlook) to carry out data encryption, application system reminder-data recipient's digital certificate, enciphered data transmit leg can use local certificate issuance instrument or system in this locality, generate recipient not with the pseudo-RSA digital certificate of private key, and certificate is loaded, is configured in data encryption application program or system;
(2) if enciphered data recipient is when the enciphered data of using certain interface applications to receive is decrypted, application system prompting is without corresponding digital certificate and private key, enciphered data recipient can use certificate issuance instrument or system in this locality, to generate the pseudo-RSA digital certificate with private key of oneself, and the corresponding IBE private key of pseudo-RSA digital certificate is kept at corresponding IBE crypto module (this IBE crypto module is that the crypto module that provides standard RSA cryptoAPI to call that application is used is provided).
Here, the pseudo-RSA digital certificate that enciphered data transmit leg and enciphered data recipient use (separately independently) certificate issuance instrument or system to generate in this locality is is independently of one another signed and issued without the same CA private key (private key of grant a certificate) by same CA system, can use different CA private keys to sign and issue by different certificate issuance instruments or system, as long as the person of signing and issuing, subject and the sequence number of the pseudo-RSA digital certificate that they independently generate separately identical (in fact, subject difference is also without impact).
Although adopt the IBE Data Encryption Scheme of pseudo-RSA digital certificate also to use digital certificate, this digital certificate scheme and common digital certificate scheme are essentially different, this major embodiment this following some:
1) pseudo-RSA digital certificate is signed and issued without the public CA system of moving specially by, but by enciphered data transmit leg, recipient, in needs, is used independently of one another in this locality a certificate issuance instrument or system to sign and issue;
2) enciphered data transmit leg, each comfortable local pseudo-RSA digital certificate generating of recipient are except having the identical person's of signing and issuing name, subject and sequence number, can be two different RSA digital certificates (in fact, subject can be different, as long as the person's of signing and issuing name is identical with sequence number);
3) enciphered data transmit leg is without from other places, and as the LDAP system of CA obtains enciphered data recipient's pseudo-RSA digital certificate, enciphered data transmit leg even can generate not the pseudo-RSA digital certificate with private key before recipient obtains IBE private key;
4) whether pseudo-RSA digital certificate is signed and issued inessentially by credible CA, because their intermediary and bridges that to be only IBE encrypt, the fail safe of data encryption is guaranteed by IBE data encryption system, rather than guaranteed by pseudo-RSA digital certificate.
By means of described pseudo-RSA digital certificate and corresponding IBE crypto module (as IBE CSP, IBE PKCS#11), current most support RSA digital certificate is encrypted, the application (as Outlook, Thunderbird) of deciphering can both be used IBE to carry out the encryption and decryption of data.But, the scheme that the pseudo-RSA digital certificate of foregoing use (or pseudo-RSA key) carries out IBE data encryption, deciphering still has certain limitation, Here it is enciphered data transmit leg needs before encryption use corresponding pseudo-RSA certificate issuance instrument or system generate enciphered data recipient not with the pseudo-RSA digital certificate of private key, and generated pseudo-RSA digital certificate is configured to (in the address of the addressee book of Outlook) in application program or system.For the special-purpose client of mail, use IBE algorithm to carry out the problem of email encryption, the applicant of patent of the present invention is at its patent application " a kind of Email IBE encrypts implementation method " (number of patent application: proposed the Email IBE encipherment scheme based on mail private client add-in and bridge encrypted digital certificate 201310013656.2).Bridge encrypted digital certificate in described Email IBE encipherment scheme or pseudo-RSA digital certificate noted earlier or patent applicant of the present invention are in its patent " a kind of IBE data encryption system based on medium digital certificate " (patent No.: the medium digital certificate adopting 201110189108.6) or (adopt one of two kinds, the present invention only uses pseudo-RSA digital certificate, so medium digital certificate is not described).The add-in of described Mail Clients is in needs, when Email Sender will send privacy enhanced mail, and when corresponding mail reception person does not dispose corresponding encrypted certificate in the address book of sender's Mail Clients, automatically generate corresponding bridge encrypted digital certificate (as pseudo-RSA digital certificate) and it is configured in mail reception person's corresponding in address book address book information; Or when mail reception person receives the mail of encrypting through IBE, and recipient is not while there is no the corresponding bridge encrypted certificate for data deciphering (pseudo-RSA digital certificate) and private key thereof, automatic-prompting recipient generates the corresponding bridge encrypted certificate with private key (pseudo-RSA digital certificate).
This E-mail enciphered scheme of IBE based on add-in and bridge encrypted digital certificate (as pseudo-RSA digital certificate) for be Outlook and so on proprietary mail client, be not suitable for OWA(Outlook Web Access) this use browser is as the Web mailing system of Mail Clients.
OWA(is called again Outlook Web Application now) be that Microsoft is a kind of Web mail service of its Exchange mail server exploitation, its client adds that by generic browser corresponding page code, control form, therefore, by OWA user, can use the own mailbox at Exchange of generic browser access, sending and receiving mail; OWA client is by special Web page technology, for user provides the operation interface that is similar to Outlook Mail Clients.With respect to Outlook mail private client, use general browser to have without configuration, easy to operate feature are installed, such as user can cross any computer expert the mailbox of browser access oneself as the OWA of client.OWA also supports to use digital certificate (RSA digital certificate) to carry out email encryption, deciphering by control.Different from searching sender's encrypted digital certificate and search mail reception person's encrypted digital certificate from local address of the addressee book from Email Sender's configuration information while sending privacy enhanced mail from Outlook, OWA client by OWA server at Active Directory(AD) encrypted digital certificate (what in fact obtain is PKI, certificate issuance person name and the certificate serial number of the encrypted digital certificate of outbox person and receiver) of searching outbox person and receiver in server.Certainly, OWA does not support to use IBE to carry out email encryption.
If the IBE for OWA Email encrypts by pseudo-RSA key and pseudo-RSA digital certificate, the sender of privacy enhanced mail and recipient need to proceed as follows:
1) use pseudo-RSA digital certificate sign and issue instrument or system for own generation, sign and issue a pseudo-RSA digital certificate with private key corresponding with own E-mail address;
2) by Exchange, the pseudo-RSA digital certificate of the encryption purposes that generates, signs and issues is configured in I AD account's user certificate attribute (UserCertificate).
The IBE that realizes in this way OWA Email encrypts that there are the following problems:
1) need manual operation, trouble;
2) Email Sender only completes the configuration of pseudo-rsa encryption digital certificate mail reception person and could send privacy enhanced mail (and for IBE to recipient, should be whenever sender can send privacy enhanced mail to recipient, no matter whether whether recipient have generated with the pseudo-RSA digital certificate of private key and be configured in my AD account);
3) send privacy enhanced mail can only to the user in AD territory.
Summary of the invention
The object of the invention is for pseudo-RSA key and pseudo-RSA digital certificate technique OWA Email IBE encrypt in application, exist need the pseudo-rsa encryption digital certificate in manual configuration AD account, ease for use and the availability issue that can not send privacy enhanced mail and can only send privacy enhanced mail before recipient completes configuration between the user of AD territory, a kind of Email IBE encryption system for OWA is proposed.
To achieve these goals, the technical solution adopted in the present invention is:
An Email IBE encryption system of OWA, described system comprises following entity or data:
OWA client: add corresponding page code, control and the client of the Exchange of the Microsoft mail server that forms by browser, described OWA client call has the IBE crypto module of standard RSA cryptoAPI (as Windows CSP or PKCS#11) and by using pseudo-RSA digital certificate that Email is encrypted and is deciphered;
Pseudo-RSA digital certificate: the having of a kind of X509 form encrypted the digital certificate that purposes, key algorithm are designated RSA, and the RSA PKI of described pseudo-RSA digital certificate and private key are not real RSA PKI and private keys, but pseudo-RSA PKI and private key;
IBE crypto module: there is standard RSA cryptoAPI (as Windows CSP or PKCS#11), realize the crypto module of IBE data encryption and deciphering by pseudo-RSA key; Described IBE crypto module is signed and issued instrument or system for the cipher key operation of RSA key (comprise PKI or private key or key to) by pseudo-RSA digital certificate, comprise that key generates, deletes, imports, derives, change into the cipher key operation for corresponding IBE key (PKI or private key or key to); Described IBE crypto module is used the RSA PKI of pseudo-RSA digital certificate or private key (being pseudo-RSA PKI or the private key) data encryption of carrying out or the crypto-operation of deciphering to be converted into the crypto-operation that uses corresponding IBE PKI or private key to carry out corresponding data encryption or deciphering OWA client;
Pseudo-RSA digital certificate is signed and issued instrument or system: privacy enhanced mail sender and recipient are for generating in person client utility or the system with the pseudo-RSA digital certificate of private key; Described instrument or system, when generating privacy enhanced mail sender or recipient with the pseudo-RSA digital certificate of private key, are obtained the IBE private key corresponding with privacy enhanced mail sender or recipient's E-mail address from IBE key server;
Exchange server: the corporate mail server of Microsoft except supporting to use proprietary mail client (as Outlook), also provides the mail service based on general browser by OWA simultaneously; Described Exchange is from AD(Active Directory) obtain in associated person information the privacy enhanced mail sender's of server account information privacy enhanced mail recipient for E-mail enciphered digital certificate;
AD(Active Directory) server: territory (domain) service system in Microsoft's computer system security framework, for creating, each user in territory has account, be called AD account, AD account's user certificate attribute (UserCertificate) is preserved AD account user for E-mail enciphered digital certificate;
IBE public key acquisition agency: dispose or be inserted into the HTTP(HyperText Transfer Protocol between OWA client and exchange server) HTTP Proxy or the plug-in unit in transmission channel, when Email senders uses OWA client to send privacy enhanced mail, the HTTP that obtains Email Sender and recipient's encrypted digital certificate PKI that interception OWA client is submitted to asks, and generates or return the required Email Sender of OWA client encrypt and recipient's pseudo-RSA digital certificate or pseudo-RSA PKI;
IBE key server: the IBE cipher key service system that generates IBE private key, privacy enhanced mail sender or recipient, using pseudo-RSA digital certificate to sign and issue instrument or system generates in person in the process with the pseudo-RSA digital certificate of private key, is responsible for generating privacy enhanced mail sender or IBE private key corresponding to recipient's E-mail address.
Described IBE public key acquisition agency interception OWA client is submitted to all HTTP requests of exchange server, and whether the request that checks is the PKI that requires to obtain from AD server Email Sender and recipient's encrypted digital certificate, if not, allow this request pass through, request is not further processed; Otherwise, by one of following two kinds of modes, process:
Mode one: the pseudo-RSA PKI, certificate issuance person name, the certificate serial number (needn't generate pseudo-RSA digital certificate itself) that generate Email Sender and each recipient's pseudo-RSA digital certificate, and using them as response data, turn back to OWA client (directly return to http response data by IBE public key acquisition agency, exchange server no longer further processes this HTTP request);
Mode two:
For Email Sender, process as follows:
Steps A: the AD server that access Exchange is used, in Email Sender's AD account's user certificate attribute (UserCertificate), look into the pseudo-RSA digital certificate of the encryption purposes that sees if there is Email Sender, if have, complete the processing for Email Sender's encrypted digital certificate public key acquisition request; Otherwise, proceed to step B;
Step B: the E-mail address field (E field) that generates a certificate subject name is corresponding to Email Sender's E-mail address but not with the pseudo-RSA digital certificate of the encryption purposes of private key, and the pseudo-RSA digital certificate generating is placed in AD account's the user certificate attribute of Email Sender in AD server, complete the processing to the request of Email Sender's encrypted digital certificate public key acquisition;
For each mail reception person, process as follows:
Step 1: the AD server that access Exchange is used, in mail reception person's AD account's user certificate attribute (UserCertificate), look into the pseudo-RSA digital certificate of the encryption purposes that sees if there is mail reception person, if have, complete processing for the request of obtaining of the current mail reception person's who is processing encrypted digital certificate PKI (then for next mail reception person, restart step 1, until mail reception person used is disposed); Otherwise, proceed to next step;
Step 2: the E-mail address field (E field) that generates a certificate subject name is corresponding to mail reception person's E-mail address but not with the pseudo-RSA digital certificate of the encryption purposes of private key, and the pseudo-RSA digital certificate generating is placed in the user certificate attribute in the AD account of Email Sender in AD server;
Completing the described request of the processing relief HTTP for Email Sender and the request of recipient's encrypted digital certificate public key acquisition passes through;
In the steps A of described mode two and step 1, IBE public key acquisition agency finds Email Sender and the AD account of recipient in AD server by the Email Sender in request and recipient's AD account name or E-mail address;
Operational processes in described mode two, or directly completed by IBE public key acquisition agency, or completed by a pseudo-RSA digital certificate processing independent process by IBE public key acquisition agency.
Pseudo-RSA PKI, certificate issuance person name and the certificate serial number of the Email Sender that described IBE public key acquisition agency generates by described mode one and recipient's pseudo-RSA digital certificate, or by described mode two, generate not with pseudo-RSA PKI, certificate issuance person name and the certificate serial number of the pseudo-RSA digital certificate of private key, that with privacy enhanced mail sender and recipient, uses that pseudo-RSA digital certificate signs and issues that instrument or system generate is identical with pseudo-RSA PKI, certificate issuance person name, the sequence number of the pseudo-RSA digital certificate of private key in person.
The sender of privacy enhanced mail or before using OWA client to send privacy enhanced mail in the situation that also do not generate in person the pseudo-RSA digital certificate with private key, or in the situation that be there is no Email Sender for the PKI of data deciphering by OWA Client-Prompt while reading the privacy enhanced mail sent, use pseudo-RSA digital certificate to sign and issue instrument or system generates the E-mail address field (E field) of a certificate subject name corresponding to the pseudo-RSA digital certificate with private key of Email Sender's email address.
Privacy enhanced mail sender clicks the email encryption button of OWA client by the mode of the email encryption function of common use OWA, send privacy enhanced mail; The mode when mode of the email encryption function of described common use OWA refers to not use the described Email IBE encryption system for OWA.
The recipient of privacy enhanced mail or before receiving privacy enhanced mail in the situation that also do not generate in person the pseudo-RSA digital certificate with private key, or the in the situation that OWA Client-Prompt cannot being opened privacy enhanced mail using OWA client to read privacy enhanced mail, use pseudo-RSA digital certificate to sign and issue instrument and in this locality, generate the E-mail address field (E field) of a certificate subject name corresponding to the pseudo-RSA digital certificate with private key of mail reception person's email address.
Described IBE crypto module is the crypto module with standard RSA cryptoAPI that OWA client is used, when the crypto module of OWA client use is Windows CSP, described crypto module is IBE CSP, when the crypto module of OWA client use is PKCS#11, described crypto module is IBE PKCS#11.
Based on above IBE email encryption scheme, OWA client is used the PKI of pseudo-RSA digital certificate or private key (real is pseudo-RSA PKI or private key) to carry out encryption or the deciphering of mail by the mode of common use RSA digital certificate, and IBE CSP is by the data encryption of the PKI for pseudo-RSA digital certificate or private key or decrypt operation, be converted into for corresponding IBE PKI or data encryption or the decrypt operation of private key; And IBE public key acquisition agency guarantees that Email Sender's OWA client obtains mail reception person's corresponding pseudo-RSA PKI, certificate issuance person name, the certificate serial number of pseudo-RSA digital certificate (even before recipient generates the pseudo-RSA digital certificate of oneself), whole process is without any manual intervention.
By technical scheme proposed by the invention, the Email User of use OWA can be in the situation that without the pseudo-rsa encryption digital certificate in manual configuration AD account, send, receive by OWA client the Email that IBE encrypts; If the IBE public key acquisition of implementing agency generates, returns pseudo-RSA PKI, certificate issuance person name, the certificate serial number of Email Sender and each recipient's pseudo-RSA digital certificate by described mode one, can also realize between non-AD territory user and send IBE encrypted E-mail; Further, the encrypted E-mail form (form is S/MIME) that enforcement the present invention generates is identical with the encrypted E-mail form that the Mail Clients (as Outlook) of the patent application 201310013656.2 that carries out an invention is generated: this means that the Email of implementing the present invention's encryption is used the Mail Clients described in application for a patent for invention 201310013656.2 to open, vice versa.
The present invention has solved well and in OWA, has applied pseudo-RSA key and ease for use, availability and interoperability issue that pseudo-RSA digital certificate carries out Email IBE encryption.
Accompanying drawing explanation
Fig. 1 is system architecture diagram of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described.
Adopt system architecture diagram of the present invention as shown in Figure 1.
The specific implementation of the described pseudo-RSA digital certificate in the present invention is that the applicant of patent application of the present invention is at its patent application " a kind of application implementation method of the public key encryption algorithm recently based on pseudo-RSA key " (number of patent application: the pseudo-RSA digital certificate 201110248050.8) is for the realization of IBE cryptographic algorithm.Described pseudo-RSA digital certificate in the present invention is signed and issued the function of instrument or system and realization thereof and is pseudo-RSA digital certificate in 201110248050.8 and signs and issues instrument or system for function and the realization of IBE cryptographic algorithm; The function of the described IBE crypto module in the present invention and realization thereof are crypto module in 201110248050.8 for function and the realization of IBE cryptographic algorithm; IBE key server in the present invention is the IBE key server in 201110248050.8.The above pseudo-RSA digital certificate, pseudo-RSA digital certificate sign and issue instrument or system, crypto module and IBE cipher key service system entity for the concrete enforcement of IBE cryptographic algorithm referring to the corresponding contents in 201110248050.8.
IBE public key acquisition agency's concrete enforcement depends on that the embodiment of employing is with HTTP Proxy or HTTP plug-in unit:
1, IBE public key acquisition agency's HTTP Proxy embodiment
If IBE public key acquisition agency's concrete enforcement is a HTTP Proxy, can select an existing HTTP Reverse Proxy or system, such as Apache HTTP Server, then realize on its basis: or directly revise its code, or utilize its extension mechanism (as revised the source code of Apache, or utilize Hook and the filter extension mechanism of Apache), interception HTTP request, and by the mode of describing in summary of the invention, carry out respective handling according to the content of HTTP request.Further, relating to the enforcement partly of digital certificate public key acquisition is described below.
A, the mode one of pressing digital certificate public key acquisition are implemented
If HTTP Proxy (IBE public key acquisition agency) adopts described digital certificate public key acquisition mode one to process the request that OWA client is obtained Email Sender and recipient's certificate PKI, HTTP Proxy (IBE public key acquisition agency) is by the pseudo-RSA PKI of the pseudo-RSA PKI digital certificate in patent application 201110248050.8, certificate issuance person name, the generating mode of certificate serial number generates the corresponding pseudo-RSA PKI of Email Sender and recipient's pseudo-RSA digital certificate, certificate issuance person name, certificate serial number, and by the form that Exchange returns to certificate public key data, directly return to the pseudo-RSA PKI of generation, certificate issuance person name, certificate serial number data (Exchange is no longer to the processing of asking).
B, the mode two of pressing digital certificate public key acquisition are implemented
If HTTP Proxy (IBE public key acquisition agency) adopts described digital certificate public key acquisition mode two to process the request that OWA client is obtained Email Sender and recipient's certificate PKI, embodiment is as follows.
Generate in HTTP Proxy (IBE public key acquisition agency) Email Sender and recipient not with the code of the pseudo-RSA digital certificate of IBE private key, can use pseudo-RSA digital certificate in 201110248050.8 sign and issue enciphered data sender in instrument or system generate enciphered data recipient with the part code of the pseudo-RSA digital certificate of IBE private key (not at this moment, Email Sender is also used as to enciphered data recipient), and the code using changes the code section of inputting enciphered data recipient's identify label by man-machine interface by interface function into and calls the email address (being identify label) by HTTP Proxy input Email Sender and recipient, at this moment, pseudo-RSA digital certificate generates and can adopt OpenSSL.
IBE public key acquisition agency (HTTP Proxy) access AD server, the function of the pseudo-RSA digital certificate of inquiry and placement Email Sender and recipient's encryption purposes, can realize by developing a program (pseudo-RSA digital certificate is processed independent process) operating on the main frame of AD server place, be that HTTP Proxy entrusts the pseudo-RSA digital certificate moving on described AD server to process independent process from AD server lookup sender and recipient's pseudo-RSA digital certificate, or the pseudo-RSA digital certificate generating is joined to the respective encrypted digital certificate deposit position in the E-mail service information of Email Sender AD account in AD.Pseudo-RSA digital certificate is processed independent process by LDAP or ADSI access AD server.The communication that HTTP Proxy is processed between independent process with pseudo-RSA digital certificate can adopt TCP, and guarantees that by corresponding message authentication scheme (as HMAC or digital signature) HTTP Proxy is with the fail safe of pseudo-RSA digital certificate processing independent process information interaction (anti-counterfeiting, distort).In addition, also can also transfer to independent process to complete the function that generates Email Sender and recipient's pseudo-RSA digital certificate.About the exploitation net MSDN(msdn.microsoft.com of the addressable Microsoft of the more information of AD, ADSI).
2, IBE public key acquisition agency's HTTP plug-in unit embodiment
If IBE public key acquisition agency's concrete enforcement is a HTTP plug-in unit, it is the IIS(Internet Information Server that is deployed in exchange server place so) a HTTP plug-in unit of server, this plug-in unit or based on ISAPI(Internet Server Application Programming Interface) the Wildcard Application Mapping expansion (ISAPI Extension) of exploitation; Or the HTTP filter (being only applicable to the IIS of the above version of IIS7) of Native Code API based on IIS or Managed Code API exploitation.This HTTP plug-in unit interception HTTP request, and by the mode of describing in summary of the invention, carry out respective handling according to the content of HTTP request.Further, relating to the enforcement partly of digital certificate public key acquisition is described below.
A, the mode one of pressing digital certificate public key acquisition are implemented
Under HTTP plug-in unit execution mode, if HTTP plug-in unit (IBE public key acquisition agency) adopts described digital certificate public key acquisition mode one to process the request that OWA client is obtained Email Sender and recipient's digital certificate PKI, this HTTP plug-in unit (IBE public key acquisition agency) is by the pseudo-RSA PKI of the pseudo-RSA PKI digital certificate in patent application 201110248050.8, certificate issuance person name, the generating mode of certificate serial number generates the corresponding pseudo-RSA PKI of Email Sender and recipient's pseudo-RSA digital certificate, certificate issuance person name, certificate serial number, and by the form that Exchange returns to certificate public key data, directly return to the pseudo-RSA PKI of generation, certificate issuance person name, certificate serial number data (Exchange no longer processes this HTTP request).
B, the mode two of pressing digital certificate public key acquisition are implemented
If HTTP plug-in unit (IBE public key acquisition agency) adopts described digital certificate public key acquisition mode two to process the request that OWA client is obtained Email Sender and recipient's digital certificate PKI, similarly, in HTTP plug-in unit, generate the code of Email Sender and recipient's the pseudo-RSA digital certificate without IBE private key, can use part code that pseudo-RSA digital certificate in patent application 201110248050.8 signs and issues the pseudo-RSA digital certificate without IBE private key that enciphered data sender in instrument or system generates enciphered data recipient (at this moment, Email Sender is also used as to enciphered data recipient), the code using changes the code section of inputting enciphered data recipient's identify label by man-machine interface by interface function into and calls the email address (identify label) by HTTP plug-in unit input Email Sender and recipient, at this moment, pseudo-RSA digital certificate generates and can adopt OpenSSL or CryptoAPI.HTTP plug-in unit can directly connect by ADSI, access AD server, or equally by a program (pseudo-RSA digital certificate is processed independent process) operating on the main frame of AD place, accesses AD server with the enforcement digital certificate public key acquisition mode two in HTTP Proxy.
Except the above module, in specific embodiment of the invention, also need to develop corresponding installation procedure, pseudo-RSA digital certificate is signed and issued to the setting that instrument, IBE crypto module are arranged on the line correlation of going forward side by side on user's computing equipment.If the crypto module that OWA client is used is Windows CSP, IBE crypto module is IBE CSP, and need to be set to the default RSA CSP that OWA client is used.
Other aspects that realize for technology are self-explantory for the technology developer of association area.
Claims (7)
1. for an Email IBE encryption system of OWA, described system comprises following entity or data:
OWA client: add corresponding page code and control and the client of the Exchange of the Microsoft mail server that forms by browser, described OWA client call has the IBE crypto module of standard RSA cryptoAPI and by using pseudo-RSA digital certificate that Email is encrypted and is deciphered;
Pseudo-RSA digital certificate: the having of a kind of X509 form encrypted the digital certificate that purposes, key algorithm are designated RSA, and the RSA PKI of described pseudo-RSA digital certificate and private key are not real RSA PKI and private keys, but pseudo-RSA PKI and private key;
IBE crypto module: there is standard RSA cryptoAPI, realize the crypto module of IBE data encryption and deciphering by pseudo-RSA key; Described IBE crypto module is signed and issued instrument or system for the cipher key operation of RSA key by pseudo-RSA digital certificate, and described operation comprises that key generates, deletes, imports, derives, and changes into the cipher key operation for corresponding IBE key; Described IBE crypto module is used the crypto-operation of the RSA PKI of pseudo-RSA digital certificate or data encryption that private key carries out or deciphering to be converted into the crypto-operation that uses corresponding IBE PKI or private key to carry out corresponding data encryption or deciphering OWA client;
Pseudo-RSA digital certificate is signed and issued instrument or system: privacy enhanced mail sender and recipient are for generating in person client utility or the system with the pseudo-RSA digital certificate of private key; Described instrument or system, when generating privacy enhanced mail sender or recipient with the pseudo-RSA digital certificate of private key, are obtained the IBE private key corresponding with privacy enhanced mail sender or recipient's E-mail address from IBE key server;
Exchange server: the corporate mail server of Microsoft except supporting to use proprietary mail client, also provides the mail service based on general browser by OWA simultaneously; In the associated person information of described Exchange from the privacy enhanced mail sender's of AD server account information, obtain privacy enhanced mail recipient for E-mail enciphered digital certificate;
AD server: the territory service system in Microsoft's computer system security framework, for creating, each user in territory has account, be called AD account, AD account's user certificate attribute is preserved AD account user for E-mail enciphered digital certificate;
IBE public key acquisition agency: dispose or be inserted into HTTP Proxy or plug-in unit in the HTTP transmission channel between OWA client and exchange server, when Email senders uses OWA client to send privacy enhanced mail, the HTTP that obtains Email Sender and recipient's encrypted digital certificate PKI that interception OWA client is submitted to asks, and generates or return the required Email Sender of OWA client encrypt and recipient's pseudo-RSA digital certificate or pseudo-RSA PKI;
IBE key server: the IBE cipher key service system that generates IBE private key, privacy enhanced mail sender or recipient, using pseudo-RSA digital certificate to sign and issue instrument or system generates in person in the process with the pseudo-RSA digital certificate of private key, is responsible for generating privacy enhanced mail sender or IBE private key corresponding to recipient's E-mail address.
2. the Email IBE encryption system for OWA according to claim 1, it is characterized in that: described IBE public key acquisition agency tackles the HTTP request of obtaining Email Sender and recipient's encrypted digital certificate PKI that OWA client is submitted to as follows, return to the required Email Sender of OWA client encrypt and recipient's pseudo-RSA PKI:
Interception OWA client is submitted to all HTTP requests of exchange server, and whether the request that checks is the PKI that requires to obtain from AD server Email Sender and recipient's encrypted digital certificate, if not, allow this request pass through, request is not further processed; Otherwise, generate pseudo-RSA PKI, certificate issuance person name and the certificate serial number of Email Sender and each recipient's pseudo-RSA digital certificate, and PKI, certificate issuance person name and certificate serial number using described pseudo-RSA PKI, certificate issuance person name and certificate serial number as the required Email Sender of OWA client encrypt and recipient's encrypted digital certificate directly turn back to OWA client in the mode of http response, complete the processing to request.
3. the Email IBE encryption system for OWA according to claim 1, it is characterized in that: described IBE public key acquisition agency tackles the HTTP request of obtaining Email Sender and recipient's encrypted digital certificate PKI that OWA client is submitted to as follows, generate Email Sender and recipient's pseudo-RSA digital certificate:
Interception OWA client is submitted to all HTTP requests of exchange server, and whether the request that checks is the PKI that requires to obtain from AD server Email Sender and recipient's encrypted digital certificate, if not, allow this request pass through, request is not further processed; Otherwise, for Email Sender and recipient, process as follows respectively:
For Email Sender, process as follows:
Steps A: the AD server that access Exchange is used, in Email Sender's AD account's user certificate attribute, look into the pseudo-RSA digital certificate of the encryption purposes that sees if there is Email Sender, if have, complete the processing for Email Sender's encrypted digital certificate public key acquisition request; Otherwise, proceed to step B;
Step B: the E-mail address Related fields that generates a certificate subject name is in Email Sender's E-mail address but not with the pseudo-RSA digital certificate of the encryption purposes of private key, and the pseudo-RSA digital certificate generating is placed in AD account's the user certificate attribute of Email Sender in AD server, complete the processing to the request of Email Sender's encrypted digital certificate public key acquisition;
For each mail reception person, process as follows:
Step 1: the AD server that access Exchange is used, in mail reception person's AD account's user certificate attribute, look into the pseudo-RSA digital certificate of the encryption purposes that sees if there is mail reception person, if have, complete the processing for the request of obtaining of the current mail reception person's who is processing encrypted digital certificate PKI; Otherwise, proceed to next step;
Step 2: the E-mail address Related fields that generates a certificate subject name is in mail reception person's E-mail address but not with the pseudo-RSA digital certificate of the encryption purposes of private key, and the pseudo-RSA digital certificate generating is placed in the user certificate attribute in the AD account of Email Sender in AD server;
Complete the described request of the processing relief HTTP for Email Sender and the request of recipient's encrypted digital certificate public key acquisition and pass through, complete the processing to request;
In described steps A and step 1, IBE public key acquisition agency finds Email Sender and the AD account of recipient in AD server by the Email Sender in request and recipient's AD account name or E-mail address;
The operational processes of described steps A and step B and step 1 and step 2 is directly completed by IBE public key acquisition agency, or is completed by a pseudo-RSA digital certificate processing independent process by IBE public key acquisition agency.
4. according to the Email IBE encryption system for OWA described in claim 2 or 3, it is characterized in that:
Pseudo-RSA PKI, certificate issuance person name and the certificate serial number of the Email Sender that described IBE public key acquisition agency generates and recipient's pseudo-RSA digital certificate or not with pseudo-RSA PKI, certificate issuance person name and the sequence number of the pseudo-RSA digital certificate of private key, that with privacy enhanced mail sender and recipient, uses that pseudo-RSA digital certificate signs and issues that instrument or system generate is identical with pseudo-RSA PKI, certificate issuance person name and the sequence number of the pseudo-RSA digital certificate of private key in person.
5. the Email IBE encryption system for OWA according to claim 1, is characterized in that:
The sender of privacy enhanced mail or before using OWA client to send privacy enhanced mail in the situation that also do not generate in person the pseudo-RSA digital certificate with private key, or in the situation that be there is no Email Sender for the PKI of data deciphering by OWA Client-Prompt while reading the privacy enhanced mail sent, use pseudo-RSA digital certificate to sign and issue E-mail address Related fields that instrument or system generate a certificate subject name in the pseudo-RSA digital certificate with private key of Email Sender's email address.
6. the Email IBE encryption system for OWA according to claim 1, is characterized in that:
Privacy enhanced mail sender clicks the email encryption button of OWA client by the mode of the email encryption function of common use OWA, send privacy enhanced mail; The mode when mode of the email encryption function of described common use OWA refers to not use the described Email IBE encryption system for OWA.
7. the Email IBE encryption system for OWA according to claim 1, is characterized in that:
The recipient of privacy enhanced mail or before receiving privacy enhanced mail in the situation that also do not generate in person the pseudo-RSA digital certificate with private key, or the in the situation that OWA Client-Prompt cannot being opened privacy enhanced mail using OWA client to read privacy enhanced mail, use pseudo-RSA digital certificate to sign and issue E-mail address Related fields that instrument generates a certificate subject name in this locality in the pseudo-RSA digital certificate with private key of mail reception person's email address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310460884.4A CN103532704B (en) | 2013-10-08 | 2013-10-08 | A kind of Email IBE encryption system for OWA |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310460884.4A CN103532704B (en) | 2013-10-08 | 2013-10-08 | A kind of Email IBE encryption system for OWA |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103532704A true CN103532704A (en) | 2014-01-22 |
| CN103532704B CN103532704B (en) | 2016-08-17 |
Family
ID=49934412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310460884.4A Active CN103532704B (en) | 2013-10-08 | 2013-10-08 | A kind of Email IBE encryption system for OWA |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103532704B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683110A (en) * | 2015-03-16 | 2015-06-03 | 武汉理工大学 | Automatic generation and configuration method of bridge digital certificate with private key |
| CN105407094A (en) * | 2015-11-23 | 2016-03-16 | 广东数字证书认证中心有限公司 | Method and device for improving safety of e-mail, safe e-mail agent system |
| CN105763566A (en) * | 2016-04-19 | 2016-07-13 | 成都知道创宇信息技术有限公司 | Communication method between client and server |
| CN105933314A (en) * | 2016-04-21 | 2016-09-07 | 诚迈科技(南京)股份有限公司 | Android system email S/MIME function support method and system |
| CN106603577A (en) * | 2017-02-13 | 2017-04-26 | 沃通电子认证服务有限公司 | E-mail encryption method and system |
| CN108011885A (en) * | 2017-12-07 | 2018-05-08 | 北京科技大学 | A kind of E-mail encryption method and system based on group cipher system |
| CN109933382A (en) * | 2019-03-11 | 2019-06-25 | 安徽志辉教育科技有限公司 | Online ppt previewing file tool based on owa service |
| WO2020024377A1 (en) * | 2018-08-02 | 2020-02-06 | 密信技术(深圳)有限公司 | Email encryption method and apparatus, and computer-readable storage medium |
| CN111641552A (en) * | 2020-05-29 | 2020-09-08 | 长城计算机软件与系统有限公司 | Mail transmission system and method based on autonomous security |
| CN113824702A (en) * | 2021-09-02 | 2021-12-21 | 中电积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055685A (en) * | 2010-12-21 | 2011-05-11 | 常熟理工学院 | Method for encrypting webmail information |
| CN102307096A (en) * | 2011-08-26 | 2012-01-04 | 武汉理工大学 | Pseudo-Rivest, Shamir and Adleman (RSA)-key-based application method for recent public key cryptography algorithm |
| US20120110332A1 (en) * | 2005-01-03 | 2012-05-03 | Gary Gang Liu | Secure Messaging with Automatic Recipient Enrollment |
| CN103078743A (en) * | 2013-01-15 | 2013-05-01 | 武汉理工大学 | E-mail IBE (Internet Booking Engine) encryption realizing method |
| CN103117861A (en) * | 2013-01-31 | 2013-05-22 | 武汉理工大学 | Pseudo RSA (Rivest Shamir Adleman) based method for transmitting IBE key information (identity based encryption) in IBE |
-
2013
- 2013-10-08 CN CN201310460884.4A patent/CN103532704B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120110332A1 (en) * | 2005-01-03 | 2012-05-03 | Gary Gang Liu | Secure Messaging with Automatic Recipient Enrollment |
| CN102055685A (en) * | 2010-12-21 | 2011-05-11 | 常熟理工学院 | Method for encrypting webmail information |
| CN102307096A (en) * | 2011-08-26 | 2012-01-04 | 武汉理工大学 | Pseudo-Rivest, Shamir and Adleman (RSA)-key-based application method for recent public key cryptography algorithm |
| CN103078743A (en) * | 2013-01-15 | 2013-05-01 | 武汉理工大学 | E-mail IBE (Internet Booking Engine) encryption realizing method |
| CN103117861A (en) * | 2013-01-31 | 2013-05-22 | 武汉理工大学 | Pseudo RSA (Rivest Shamir Adleman) based method for transmitting IBE key information (identity based encryption) in IBE |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683110A (en) * | 2015-03-16 | 2015-06-03 | 武汉理工大学 | Automatic generation and configuration method of bridge digital certificate with private key |
| CN104683110B (en) * | 2015-03-16 | 2018-03-02 | 武汉理工大学 | A kind of bridge digital certificate with private key automatically generate and collocation method |
| CN105407094A (en) * | 2015-11-23 | 2016-03-16 | 广东数字证书认证中心有限公司 | Method and device for improving safety of e-mail, safe e-mail agent system |
| CN105407094B (en) * | 2015-11-23 | 2019-04-02 | 数安时代科技股份有限公司 | Improve method and apparatus, the secure e-mail agency plant of Email Security |
| CN105763566B (en) * | 2016-04-19 | 2018-11-30 | 成都知道创宇信息技术有限公司 | A kind of communication means between client and server |
| CN105763566A (en) * | 2016-04-19 | 2016-07-13 | 成都知道创宇信息技术有限公司 | Communication method between client and server |
| CN105933314A (en) * | 2016-04-21 | 2016-09-07 | 诚迈科技(南京)股份有限公司 | Android system email S/MIME function support method and system |
| CN106603577A (en) * | 2017-02-13 | 2017-04-26 | 沃通电子认证服务有限公司 | E-mail encryption method and system |
| WO2018145357A1 (en) * | 2017-02-13 | 2018-08-16 | 沃通电子认证服务有限公司 | Email encryption method and system |
| CN108011885A (en) * | 2017-12-07 | 2018-05-08 | 北京科技大学 | A kind of E-mail encryption method and system based on group cipher system |
| CN108011885B (en) * | 2017-12-07 | 2020-12-15 | 北京科技大学 | E-mail encryption method and system based on group cryptosystem |
| WO2020024377A1 (en) * | 2018-08-02 | 2020-02-06 | 密信技术(深圳)有限公司 | Email encryption method and apparatus, and computer-readable storage medium |
| CN109933382A (en) * | 2019-03-11 | 2019-06-25 | 安徽志辉教育科技有限公司 | Online ppt previewing file tool based on owa service |
| CN109933382B (en) * | 2019-03-11 | 2022-08-12 | 安徽志辉教育科技有限公司 | Online ppt file preview tool based on owa service |
| CN111641552A (en) * | 2020-05-29 | 2020-09-08 | 长城计算机软件与系统有限公司 | Mail transmission system and method based on autonomous security |
| CN113824702A (en) * | 2021-09-02 | 2021-12-21 | 中电积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
| CN113824702B (en) * | 2021-09-02 | 2024-02-02 | 积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103532704B (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103532704B (en) | A kind of Email IBE encryption system for OWA | |
| CN102932149B (en) | Integrated identity based encryption (IBE) data encryption system | |
| JP5204090B2 (en) | Communication network, e-mail registration server, network device, method, and computer program | |
| CN113014392B (en) | Block chain-based digital certificate management method, system, equipment and storage medium | |
| JP4571865B2 (en) | Identity-based encryption system | |
| CA2408589C (en) | Url-based certificate in a pki | |
| CN102255729B (en) | IBE (Internet Booking Engine) data encryption system based on medium digital certificate | |
| CN101247232B (en) | Encryption technique method based on digital signature in data communication transmission | |
| CN1980123B (en) | Realizing method for PKI system based on IBE and key management apparatus | |
| US8117438B1 (en) | Method and apparatus for providing secure messaging service certificate registration | |
| CN108696360A (en) | A kind of CA certificate distribution method and system based on CPK keys | |
| JP2007049708A (en) | System and method for updating keys used for public key cryptography | |
| Al-Janabi et al. | Public-key cryptography enabled kerberos authentication | |
| CN103078743B (en) | E-mail IBE (Internet Booking Engine) encryption realizing method | |
| Buccafurri et al. | Integrating digital identity and blockchain | |
| CN110597836A (en) | Information query request response method and device based on block chain network | |
| JP5264548B2 (en) | Authentication system and authentication method | |
| Nabi et al. | Suitability of adopting S/MIME and OpenPGP email messages protocol to secure electronic medical records | |
| Téllez Isaac et al. | Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks | |
| KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
| CN112950356B (en) | Personal loan processing method, system, equipment and medium based on digital identity | |
| CN114301612A (en) | Information processing method, communication apparatus, and encryption apparatus | |
| JP5193924B2 (en) | Cryptographic communication system, administrator device, and program | |
| Huo et al. | A Secure Web Email System Based on IBC | |
| JP2002032503A (en) | Certificate providing method and certificate providing service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |