Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is a part of embodiment of the invention, rather than whole embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
First embodiment
Referring to Fig. 1, Fig. 1 is the flow chart of e-mail sending method provided in an embodiment of the present invention, and the method can apply to
First terminal, as shown in figure 1, comprising the following steps:
Step 101, acquisition targeted mails to be sent.
Step 101 can obtain user to have edited, and targeted mails to be sent, for example:Postal can be included in the mail
Part title, Mail Contents, recipient mailbox and sender's mailbox.Or step 101 is it is to be understood that obtain postal to be sent
When part, i.e. certain mail need to send, step 101 is performed.
It should be noted that in the embodiment of the present invention, the type of above-mentioned targeted mails is not limited, the targeted mails can be
Any mail that can be sent in mailing system, and the addressee of the mail can be one or more mailbox.
Step 102, the addressee for obtaining from the advance block chain for obtaining the corresponding recipient mailbox of the targeted mails
Certificate.
Wherein, the block chain of above-mentioned advance acquisition can be understood as the block chain obtained before step 102 is performed, example
Such as:First terminal, i.e. mail send equipment, above-mentioned block chain can be locally stored, or after step 101 is performed, holding
Before row step 102, from the above-mentioned block chain of Network Capture, or can be obtained from the equipment of above-mentioned block chain that is stored with
's.In addition, above-mentioned block chain can be made up of multiple blocks, each block card including one or more mailbox
Include the public key of correspondence mailbox in book, each certificate.
Because block chain possesses Distributed Storage, and the feature such as common recognition mechanism, wherein, common recognition mechanism is block chain
Realize setting up the mathematical algorithm trusted and obtain rights and interests between different nodes in system, can so realize when mail is sent,
Addressee's certificate of recipient mailbox can be directly got from block chain.
Due to being encrypted using the public key of recipient mailbox, the private key solution of recipient mailbox can only be so used
It is close, and the private key of recipient mailbox will not be transmitted in mail transmission process, so as to will not be by during mail transmission
Pry, and then improve the security performance of mail.
Step 103, the public key for obtaining recipient mailbox described in addressee's certificate.
After above-mentioned addressee's certificate is received, it is possible to the public key of recipient mailbox is obtained from the certificate.
Step 104, based on the public key, the targeted mails are encrypted.
Wherein, the public key of above-mentioned recipient mailbox is got, it is possible to targeted mails are encrypted based on the public key, its
In, encryption here can be that the mail header and Mail Contents of targeted mails are encrypted, wherein, Mail Contents can be wrapped
Message body is included, and Email attachment can also be included.Certainly, in some scenes can Email attachment be encrypted,
Can also be can only Mail Contents be encrypted.
Step 105, to the recipient mailbox send encryption after the targeted mails.
Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox, decrypts the mesh
Mark mail.
After above-mentioned targeted mails have been encrypted, it is possible to send the targeted mails after encryption to recipient mailbox.Work as mail
When receiving device receives the privacy enhanced mail, it is possible to be decrypted using the private key of recipient mailbox.
In the embodiment of the present invention, by realizing that key is come privacy enhanced mail disclosed in the certificate using recipient mailbox, use
Even if TLS is not supported in mail service, also can certified mail safe transmission, while guarantee do not spied upon by mail service business.
It should be noted that in the embodiment of the present invention, can be applicable on TLS secure communication protocols, it is also possible to be applied to it
The host-host protocols such as his agreement such as HTTP, FTP or XMPP.
In the embodiment of the present invention, the above method can apply to any terminal for possessing and sending mail function, and the terminal can
To be referred to as first terminal, for example:Computer, self-aided terminal or mobile terminal etc., wherein, mobile terminal can be mobile phone, put down
Plate computer (Tablet Personal Computer), kneetop computer (Laptop Computer), personal digital assistant
(personal digital assistant, abbreviation PDA), mobile Internet access device (Mobile Internet Device, MID)
Or the mobile device such as Wearable device (Wearable Device).
In e-mail transmission method provided in an embodiment of the present invention, targeted mails to be sent are obtained;From the advance area for obtaining
Addressee's certificate of the corresponding recipient mailbox of the targeted mails is obtained in block chain;Obtain and received described in addressee's certificate
The public key of part people's mailbox;Based on the public key, the targeted mails are encrypted;After encryption being sent to the recipient mailbox
The targeted mails;Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox, solution
The close targeted mails.Because mail is the public key encryption using addressee's mail in block chain, addressee can only be so used
The private key decryption of people's mailbox, and the private key of recipient mailbox will not be transmitted in mail transmission process, so as to be passed in mail
Will not be spied upon during defeated, and then improved the security performance of mail.
Second embodiment
Referring to Fig. 2, Fig. 2 is the flow chart of e-mail transmission method provided in an embodiment of the present invention, and the method can apply to
First terminal, as shown in Fig. 2 comprising the following steps:
Step 201, by proof of work mechanism, generate first object block.
Wherein, above-mentioned proof of work mechanism can be the proof of work algorithm of calculation block chain, the amount of calculation
Prove that algorithm can be understood as Mathematical Problem, for example:Carrying out one to Hash (HASH) value that there is block of block chain is
The correlation computations of row.I.e. step 201 can be the proof of work algorithm of calculation block chain, and when calculating passes through, i.e., mail sends
Device authentication is legal, then can generate the target block of the block chain.
Or step 201 is it can be appreciated that obtain certificate granting qualification by amount of calculation, when workload meets above-mentioned
Proof of work mechanism, then obtain the qualification of generation target area, to obtain the public key and certificate of mailbox.
Because first object block is generated by proof of work mechanism, can so ensure the legitimacy of block, with
And the certificate in block, and the public key in certificate legitimacy so that further improve mail security performance.
Step 202, obtain from the block chain targeted mails sender's mailbox public key.
Wherein, after mail device generates block by above-mentioned proof of work mechanism, block chain can think that it is distributed
One public key, the distribution can be that the system of block chain is distributed, that is, distribute the public key of sender's mailbox.For example:In block chain
Node for being successfully generated block is obtained by reward mechanism and authorizes a reward for public key, is obtained so that new certificate is added to
In block link, and reward mechanism can be forever effective.
Step 203, the public key according to the sender, generation include the outbox testimony of a witness of the public key of sender's mailbox
Book, and sender's certificate is added in the first object block.
After the public key that first terminal gets sender's mailbox, it is possible to which generation includes the public key of sender's mailbox
Sender's certificate, and by its certificate be added to first object block.It should be noted that in the embodiment of the present invention, the first mesh
Can also include in mark block or not include the certificate of other mailboxes, this is not construed as limiting.
Step 204, the authorization message for obtaining sender's certificate.
Wherein, authorization message can be mandate letter of the existing certificate to above-mentioned sender's certificate in above-mentioned block chain here
Breath, for example:The certificate of mailbox A can authorize the certificate of mailbox Aa.Because having passed through proof of work machine by step 201
The legitimacy of the bright mail device of accreditation, so that the existing certificate in block chain can just authorize sender's certificate.
Step 205, by the authorization message and the first object block added in the block chain.
Be added to authorization message in block chain by step 205, it is possible to ensure that one of the authorization message in block chain
All terminals or node of cause property and security, i.e. block chain all approve above-mentioned sender's certificate, and it is legal.And step
205 are added in block chain first object block, then, all nodes can get the block in block chain, so that
These nodes to above-mentioned sender's mailbox when mail is sent, it is possible to the public affairs of above-mentioned sender's mailbox are obtained from the block
Key, and mail to being sent to sender's mailbox is encrypted, to ensure the security of the mail to sender's mailbox.
It should be noted that step 201 is optional for the embodiment of the present invention to step 205, i.e. first terminal can be with
Above-mentioned steps are not performed, for example:The certificate of above-mentioned sender's mailbox is already present in above-mentioned block chain, because, a mailbox
Can be logged in multiple mail devices, and mailbox only exist a certificate just can be with.It is i.e. not all to log in setting for mailbox
Standby to be required in generation block, and addition block to block chain, some mail devices directly can carry out postal using block chain
Part is encrypted.
Step 206, acquisition targeted mails to be sent.
Step 206 can obtain user to have edited, and targeted mails to be sent, for example:Postal can be included in the mail
Part title, Mail Contents, recipient mailbox and sender's mailbox.Or step 206 is it is to be understood that obtain postal to be sent
When part, i.e. certain mail need to send, step 206 is performed.
It should be noted that in the embodiment of the present invention, the type of above-mentioned targeted mails is not limited, the targeted mails can be
Any mail that can be sent in mailing system, and the addressee of the mail can be one or more mailbox.
Step 207, the addressee for obtaining from the advance block chain for obtaining the corresponding recipient mailbox of the targeted mails
Certificate.
Optionally, in the embodiment of the present invention, above-mentioned block chain includes each block at least one block, and the block chain
Include at least one certificate, and the block chain includes unique root certificate, unique root certificate can authorize at least one
Certificate is opened, all certificates can authorize certificate and mailbox one-to-one corresponding in sub- certificate, and the block chain in the block chain,
Each certificate includes the public key of each correspondence mailbox.
For example:As shown in figure 3, block chain includes multiple blocks, and the block chain is that these blocks are orderly from back to front
The data structure being chained up, includes at least one certificate in each block, and first block includes unique root certificate, only
One root certificate can authorize the certificates such as A, B, C, D and F, and A, B, C, D and F these certificates can just authorize sub- certificate.Certainly,
This sub- certificate can just authorize other certificates, and in the embodiment of the present invention, all certificates can authorize out sub- certificate.Wherein, respectively
The certificate granting relation of mailbox may refer to Fig. 4, as shown in figure 4, unique root certificate can authorize the certificate of multiple mailboxes, and this
The certificate of a little mailboxes can authorize the certificate of other mailboxes again.
In due to the embodiment of the present invention, the root certificate of all certificates is all above-mentioned unique root certificate, can so ensure area
So the mandate of certificate is all based on unique root certificate mandate in block chain, so as to ensure the legitimacy of all certificates, more added with
Ensure that to effect the security performance of mail.
In addition, in the embodiment of the present invention, first block of block chain can be a certain node device application program from
Dynamic establishment, one can be created to key, including public key and private key while first block is created, and can also be used
The private key of generation carries out, from authorizing, obtaining unique root certificate to public key, recorded first block.
Table 1
And in the embodiment of the present invention, certificate can be using X.509 reference format, and main information is Email Accounts, each
Email Accounts one certificate of correspondence, after certificate is added to and authorizes in a block, can not repeat other of addition Email Accounts
Certificate, the root certificate of all certificates is all unique root certificate, and all certificates can authorize one or more sub- certificate.Due to
Each Email Accounts only corresponds to a certificate, and can so ensure will not mistake when being decrypted using the private key of mailbox.
In addition, in the embodiment of the present invention, the structure of each block can be as shown in table 1 in block chain, and the embodiment of the present invention
In, certificate can be using X.509 reference format, and main information is Email Accounts, each Email Accounts one certificate of correspondence, card
After book is added to and authorizes in a block, other certificates of addition Email Accounts can not be repeated, the root certificate of all certificates is all
It is unique root certificate, all certificates can authorize one or more sub- certificate.Because each Email Accounts only corresponds to one
Certificate, can so ensure will not mistake when being decrypted using the private key of mailbox.
In addition, in the embodiment of the present invention, the structure of each block can be as shown in table 1 in block chain, each area is understood by table 1
The size of block, the information that block includes is read such that it is able to accurate, will not be malfunctioned.And understand what each block included by table 1
Certificate, such that it is able to effectively get the certificate of recipient mailbox.
In addition, in the embodiment of the present invention, the block head of each block can be as shown in table 2:
Table 2
Wherein, above-mentioned father's block can be the previous block of block, because block chain is according to from rear by multiple blocks
The data structure being chained up in order forward.
The cryptographic Hash of father's block of each block is clear that by above-mentioned table 2, so as to be proved in the amount of being operated
During algorithm, it is possible to use the cryptographic Hash of father's block is calculated, to realize by the Kazakhstan of proof of work proof of algorithm father's block
The legitimacy of uncommon value, it is legal when father's block, such that it is able to new block will be added behind father's block.
Step 208, the public key for obtaining recipient mailbox described in addressee's certificate.
Optionally, the addressee testimony of a witness of the recipient mailbox that the targeted mails are obtained from the advance block chain for obtaining
After the step of book, it is described the step of obtain the public key of recipient mailbox described in addressee's certificate before, methods described
Also include:Verify whether addressee's certificate is legal;If the result is that addressee's certificate is legal, obtained described in execution
The step of taking the public key of recipient mailbox described in addressee's certificate.
Wherein, if verifying addressee's certificate non-legally, can abandon using the certificate.In addition, above-mentioned addressee
It can be that checking includes whether the block of addressee's certificate is legal that whether certificate is legal, if the block is legal, can be true
Certificate in the fixed block is legal.For example:Can be that the authorization message of block is verified, or by block chain
Whether other node verification blocks or certificate are legal etc., and this embodiment of the present invention is not construed as limiting.
Due to only verifying that addressee's certificate is legal, the addressee that addressee's certificate includes just is obtained
The public key of people's mailbox, can so ensure that mail is encrypted to be encrypted using legal public key, without using
Public key in the certificate of non-legally is encrypted, so that the security performance of the mail for further ensureing.
Step 209, based on the public key, the targeted mails are encrypted.
Optionally, it is described based on the public key, the step of being encrypted to the targeted mails, including:By the public affairs
Key, is encrypted at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents bag
Include message body and annex.
So when second terminal (can be referred to as mail reception equipment) receives the targeted mails of encryption, it is possible to directly
It is decrypted by the private key of recipient mailbox, to obtain Mail Contents.Due to directly being added using the public key of recipient mailbox
It is close, the security performance of mail so can be further improved, because often information content is very big for the public key in block chain, this
Sample in large information capacity privacy enhanced mail, such that it is able to further improve the security performance of mail.In addition, can be only in some scenes
Email attachment is encrypted, and in other scenes can be message body, or message body and Email attachment are encrypted.
Optionally, it is described based on the public key, the step of being encrypted to the targeted mails, including:Getting
After stating addressee's certificate, the first session key is generated according to preset rules;By first session key, to the target postal
At least one in the Mail Contents and mail header of part is encrypted;By the public key, the session key is added
It is close, generate the second session key;Second session key is added to the mail head of the targeted mails;Wherein, the postal
Part content includes message body and annex.
Wherein, above-mentioned first session key can be the random number generated at random according to preset rules.For example:It is above-mentioned random
Key can be set of number or letter, or numeral and alphabetical combination.
By then passing through the first session key mail, amount of calculation can be so reduced, to improve mail transmission
Efficiency, while security will not be reduced.Because the information content of the first session key is far smaller than the public key of recipient mailbox, this
Sample will be less than to enter mail using the public key of recipient mailbox using the amount of calculation that the first session key is encrypted mail
The amount of calculation of row encryption;Although being encrypted to mail compared to the public key using recipient mailbox, increased using the public key
First session key is encrypted, generation the second session key the step of, but using the public key to first meeting
The amount of calculation that words key is encrypted is less than the amount of calculation that even far smaller than described public key is encrypted to mail, because mail
Information content be less than even far smaller than the first session key information content.In addition, can be only to mail in some scenes
Annex is encrypted, and in other scenes can be message body, or message body and Email attachment are encrypted.
Step 2010, to the recipient mailbox send encryption after the targeted mails.
Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox, decrypts the mesh
Mark mail.
Optionally, it is described to the recipient mailbox send encryption after the targeted mails the step of before, the base
In the public key, the step of be encrypted to the targeted mails after, methods described also includes:Increase in the targeted mails
Plus encryption identification, the encryption identification be used for identify the targeted mails use block chain certificate encryption.
Can realize adding above-mentioned encryption identification on privacy enhanced mail by above-mentioned steps, so that can by the encryption identification
To allow second terminal, i.e. mail reception equipment, when receiving the mail, judge whether encryption identification is to add using block chain certificate
Close encryption identification.Only it is the encryption mark encrypted using block chain certificate in encryption identification for hence for second terminal
During knowledge, just the private key based on recipient mailbox is decrypted to mail, so as to successfully obtain Mail Contents.To avoid mail not
When being encrypted using block chain certificate, mail reception equipment is decrypted using the private key of recipient mailbox, and causes decryption error
The power wastage of generation, the purpose of equipment power dissipation is saved to reach.
In e-mail transmission method provided in an embodiment of the present invention, by proof of work mechanism, first object block is generated;
The public key of sender's mailbox of the targeted mails is obtained from the block chain;According to the public key of the sender, generation bag
Sender's certificate of the public key of sender's mailbox is included, and sender's certificate is added to the first object block
In;Obtain the authorization message of sender's certificate;The authorization message and the first object block are added to the area
In block chain;Obtain targeted mails to be sent;The corresponding addressee of the targeted mails is obtained from the advance block chain for obtaining
Addressee's certificate of mailbox;Obtain the public key of recipient mailbox described in addressee's certificate;Based on the public key, to described
Targeted mails are encrypted;The targeted mails after encryption are sent to the recipient mailbox;Wherein, the targeted mails are used
In:Mail reception equipment is based on the private key of the recipient mailbox, decrypts the targeted mails.Because mail is using block chain
The public key encryption of middle addressee's mail, can only so be decrypted using the private key of recipient mailbox, and the private key of recipient mailbox
Will not be transmitted in mail transmission process, so as to be spied upon during mail transmission, and then improve the peace of mail
Full performance.And because the block of the certificate including mailbox is generated and is added in block chain by proof of work mechanism, this
Sample can ensure the legitimacy of each certificate in block chain, so as to further improve the security performance of mail.
3rd embodiment
Referring to Fig. 5, Fig. 5 is the flow chart of mail receiving method provided in an embodiment of the present invention, can apply to second eventually
End, as shown in figure 5, comprising the following steps:
Step 501, the targeted mails encrypted for receiving the transmission of sender's mailbox.
Wherein, targeted mails may refer to the related description of first embodiment and second embodiment, not repeat herein, and
Identical beneficial effect can be reached.
Step 502, the private key based on the advance corresponding recipient mailbox of the targeted mails for obtaining, decrypt the target
Mail.
Wherein, the targeted mails of the encryption are the corresponding mail transmission equipment of sender's mailbox of the targeted mails,
Based on the public key of the recipient mailbox, the targeted mails are encrypted, and the public key of the recipient mailbox is institute
State what mail device was obtained from the advance block chain for obtaining.
Wherein, the public key of above-mentioned recipient mailbox may refer to mutually speaking on somebody's behalf for first embodiment and second embodiment with encryption
It is bright, do not repeat herein, and identical beneficial effect can be reached.
Optionally, the private key based on the advance corresponding recipient mailbox of the targeted mails for obtaining, decryption is described
The step of targeted mails, including:By the private key of the advance corresponding recipient mailbox of the targeted mails for obtaining, decryption is described
At least one in the Mail Contents and mail header of targeted mails;Wherein, the Mail Contents include message body and annex.
Wherein, it is decrypted that to may refer to first embodiment related to second embodiment using the private key of recipient mailbox
Illustrate, do not repeat herein, and identical beneficial effect can be reached.
Optionally, the private key based on the advance corresponding recipient mailbox of the targeted mails for obtaining, decryption is described
The step of targeted mails, including:By the private key of the recipient mailbox of the advance targeted mails for obtaining, the target is decrypted
The second session key in the mail head of mail, obtains the first session key;By first session key, the mesh is decrypted
Mark mail Mail Contents and mail header at least one;Wherein, the Mail Contents include message body and annex.
Wherein, above-mentioned session key may refer to the related description of first embodiment and second embodiment, not go to live in the household of one's in-laws on getting married herein
State, and identical beneficial effect can be reached.
Optionally, it is described based on the advance target postal for obtaining after the step of targeted mails of the reception encryption
Before the step of private key of the recipient mailbox of part, decryption targeted mails, methods described also includes:From the block chain
Obtain sender's certificate of sender's mailbox of the targeted mails;Verify whether sender's certificate is legal;If checking knot
Fruit is legal for sender's certificate, then perform the private of the recipient mailbox based on the targeted mails for obtaining in advance
The step of key, decryption targeted mails.
Wherein, the explanation on above-mentioned checking sender certificate may refer to first embodiment and second embodiment on
The related description that the checking addressee testimony of a witness is received, does not repeat, and can reach identical beneficial effect herein.
Optionally, it is described based on the advance target postal for obtaining after the step of targeted mails of the reception encryption
Before the step of private key of the recipient mailbox of part, decryption targeted mails, methods described also includes:Obtain the target postal
The encryption identification of part;Judge whether the encryption identification is the encryption identification encrypted using block chain certificate;If judged result is
The encryption identification is the encryption identification encrypted using block chain certificate, then perform described based on the target postal for obtaining in advance
The step of private key of the recipient mailbox of part, decryption targeted mails.
Wherein, above-mentioned encryption identification may refer to the related description of first embodiment and second embodiment, not go to live in the household of one's in-laws on getting married herein
State, and identical beneficial effect can be reached.
Optionally, before the step of targeted mails of the reception encryption, methods described also includes:By proof of work
Mechanism, generates the second target block;The public key of the recipient mailbox is obtained from the block chain;According to addressee's postal
The public key of case, generation includes addressee's certificate of the public key of the recipient mailbox, and addressee's certificate is added into institute
In stating the second target block;Obtain the authorization message of addressee's certificate;By the authorization message and second target area
Block is added in the block chain.
Wherein, the implementation method on the second target block may refer to the correlation of first object block in second embodiment
Illustrate, do not repeat herein, and identical beneficial effect can be reached.
Optionally, each block includes at least one during the block chain includes at least one block, and the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize at least one certificate, the block
All certificates can authorize certificate and mailbox in sub- certificate, and the block chain to correspond in chain, and each certificate includes
The public key of respective correspondence mailbox.
Wherein, block chain may refer to the related description of first object block in second embodiment, not repeat herein, and
Identical beneficial effect can be reached.
In the embodiment of the present invention, the above method can apply to any mail reception equipment for possessing and receiving mail function,
For example:Computer, self-aided terminal or mobile terminal etc., wherein, mobile terminal can be mobile phone, panel computer (Tablet
Personal Computer), kneetop computer (Laptop Computer), PDA, MID or Wearable device (Wearable
The mobile device such as Device).
In mail receiving method provided in an embodiment of the present invention, the target postal encrypted that sender's mailbox sends is received
Part;Based on the private key of the advance corresponding recipient mailbox of the targeted mails for obtaining, the targeted mails are decrypted;Wherein, institute
The targeted mails for stating encryption are that the corresponding mail of sender's mailbox of the targeted mails sends equipment, based on addressee's postal
The targeted mails are encrypted by the public key of case, and the public key of the recipient mailbox is the mail device from advance
Obtained in the block chain of acquisition.Because mail is the public key encryption using addressee's mail in block chain, can only so make
Decrypted with the private key of recipient mailbox, and the private key of recipient mailbox will not be transmitted in mail transmission process, so that
Will not be spied upon during mail transmission, and then improved the security performance of mail.
Fourth embodiment
Referring to Fig. 6, Fig. 6 is the structure chart of first terminal provided in an embodiment of the present invention, and the first terminal can realize first
The details of the e-mail sending method in embodiment to second embodiment, and reach identical effect.As shown in fig. 6, first terminal
600 also include:Mail acquisition module 601, addressee's certificate acquisition module 602, the first public key acquisition module 603, encrypting module
604 and mail sending module 605, wherein, mail acquisition module 601 and addressee's certificate acquisition module 602 are connected, the addressee testimony of a witness
Book acquisition module 602 is also connected with the first public key acquisition module 603, and the first public key acquisition module 603 also connects with encrypting module 604
Connect, the first public key acquisition module 603 is also connected with mail sending module 605, wherein:
Mail acquisition module 601, for obtaining targeted mails to be sent;
Addressee's certificate acquisition module 602, for obtaining the mail acquisition module 601 from the advance block chain for obtaining
Addressee's certificate of the recipient mailbox of the targeted mails for obtaining;
First public key acquisition module 603, for obtaining the addressee that addressee's certificate acquisition module 602 is obtained
The public key of recipient mailbox described in certificate;
Encrypting module 604, for the public key obtained based on the first public key acquisition module 603, to the target
Mail is encrypted;
Mail sending module 605, for sending the mesh after the encrypting module 604 is encrypted to the recipient mailbox
Mark mail;
Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox, decrypts the mesh
Mark mail.
Optionally, the encrypting module 604 is used for the Mail Contents and mail to the targeted mails by the public key
At least one in title is encrypted;Wherein, the Mail Contents include message body and annex.
Optionally, as shown in fig. 7, encrypting module 604 includes:
Key generating unit 6041, for after addressee's certificate is got, the first meeting being generated according to preset rules
Words key;
Secret key encryption unit 6042, for first session key generated by the Key generating unit 6041,
At least one in the Mail Contents and mail header of the targeted mails is encrypted;
Public key encryption unit 6043, for the public key obtained by the first public key acquisition module 603, to described
Session key is encrypted, and generates the second session key;
Mail head's adding device 6044, second session key for the public key encryption unit 6043 to be generated adds
Add to the mail head of the targeted mails;Wherein, the Mail Contents include message body and annex.
Optionally, as shown in figure 8, the first terminal 600 also includes:
First authentication module 606, for verifying addressee's certificate that addressee's certificate acquisition module 602 is obtained
It is whether legal;
The result that the first public key acquisition module 603 is used to be verified in first authentication module 606 is described
Addressee's certificate is legal, obtains recipient mailbox described in addressee's certificate that addressee's certificate acquisition module is obtained
Public key.
Optionally, as shown in figure 9, the first terminal 600 also includes:
Mark add module 607, for increasing encryption identification in the targeted mails that the encrypting module is encrypted, institute
State encryption identification and use block chain certificate to encrypt for identifying the targeted mails.
Optionally, as shown in Figure 10, the first terminal 600 also includes:
First block generation module 608, for by proof of work mechanism, generating first object block;
Second public key acquisition module 609, the sender's postal for obtaining the targeted mails from the block catenary system
The public key of case;
First Certificate generation module 6010, for generating the hair for including that the second public key acquisition module 609 is obtained
Sender's certificate of the public key of part people's mailbox, and sender's certificate is added in the first object block;
First authorization message acquisition module 6011, the authorization message for obtaining sender's certificate;
First block add module 6012, for the mandate for obtaining the first authorization message acquisition module 6011
Information and the first object block of the First Certificate generation module 6010 addition are added in the block chain.
Optionally, each block includes at least one during the block chain includes at least one block, and the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize at least one certificate, the block
All certificates can authorize certificate and mailbox in sub- certificate, and the block chain to correspond in chain, and each certificate includes
The public key of respective correspondence mailbox.
In mail transmission equipment provided in an embodiment of the present invention, targeted mails to be sent are obtained;From the advance area for obtaining
Addressee's certificate of the corresponding recipient mailbox of the targeted mails is obtained in block chain;Obtain and received described in addressee's certificate
The public key of part people's mailbox;Based on the public key, the targeted mails are encrypted;After encryption being sent to the recipient mailbox
The targeted mails;Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox, solution
The close targeted mails.Because mail is the public key encryption using addressee's mail in block chain, addressee can only be so used
The private key decryption of people's mailbox, and the private key of recipient mailbox will not be transmitted in mail transmission process, so as to be passed in mail
Will not be spied upon during defeated, and then improved the security performance of mail.
5th embodiment
Referring to Figure 11, Figure 11 is the structure chart of second terminal provided in an embodiment of the present invention, and the second terminal can realize
The details of the mail receiving method in three embodiments, and reach identical effect.As shown in figure 11, second terminal 1100 is also wrapped
Include:Mail reception module 1101 and deciphering module 1102, mail reception module 1101 and deciphering module 1102 are connected, wherein:
Mail reception module 1101, the targeted mails encrypted for receiving the transmission of sender's mailbox;
Deciphering module 1102, for the private key based on the advance corresponding recipient mailbox of the targeted mails for obtaining, solution
The targeted mails that the close mail reception module 1101 is received;
Wherein, the targeted mails of the encryption are the corresponding mail transmission equipment of sender's mailbox of the targeted mails,
Based on the public key of the recipient mailbox, the targeted mails are encrypted, and the public key of the recipient mailbox is institute
State what mail device was obtained from the advance block chain for obtaining.
Optionally, deciphering module 1102 is used for the private by the corresponding recipient mailbox of the targeted mails for obtaining in advance
Key, decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include mail
Text and annex.
Optionally, as shown in figure 12, deciphering module 1102 includes:
Cipher key decryption unit 11021, for the private key of the recipient mailbox by the advance targeted mails for obtaining, solution
The second session key in the mail head of the targeted mails that the close mail reception module is received, obtains the first session close
Key;
Mail decryption unit 11022, for first session key obtained by the cipher key decryption unit 11021
Decrypt, at least one in the Mail Contents and mail header of the decryption targeted mails;Wherein, the Mail Contents include postal
Part text and annex.
Optionally, as shown in figure 13, second terminal 1100 also includes:
Sender's certificate acquisition module 1103, the sender's mailbox for obtaining the targeted mails from the block chain
Sender's certificate;
Second authentication module 1104, for verifying the outbox testimony of a witness that sender's certificate acquisition module 1103 is obtained
Whether book is legal;
If the result that the deciphering module 1102 is used for second authentication module 1104 is sender's certificate
Legal, the private key of the recipient mailbox based on the advance targeted mails for obtaining decrypts the targeted mails.
Optionally, as shown in figure 14, second terminal 1100 also includes:
Encryption identification acquisition module 1105, the encryption identification for obtaining the targeted mails;
Judge module 1106, for judge the encryption identification whether be using block chain certificate encrypt encryption identification;
If the deciphering module 1102 is used for the judged result of the judge module 1106 for the encryption identification is to use area
The encryption identification of block chain certificate encryption, the private key of the recipient mailbox based on the advance targeted mails for obtaining, decryption is described
Targeted mails.
Optionally, as shown in figure 15, second terminal 1100 also includes:
Second block generation module 1107, for by proof of work mechanism, generating the second target block;
3rd public key acquisition module 1108, the public key for obtaining the recipient mailbox from the block catenary system;
Second certificates constructing module 1109, generation includes the addressee that the 3rd public key acquisition module 1108 is obtained
Addressee's certificate of the public key of mailbox, and addressee's certificate is added in second target block;
Second authorization message acquisition module 11010, the authorization message for obtaining addressee's certificate;
Second block add module 11011, for awarding described in the second authorization message acquisition module 11010 is obtained
Power information and second target block of the second certificates constructing module 1109 addition are added in the block chain.
Optionally, the block chain includes at least one block, and each block of block chain including at least one card
Book, and the block chain includes unique root certificate, unique root certificate can authorize at least one certificate, the block chain
In all certificates can authorize certificate and mailbox in sub- certificate, and the block chain to correspond, each certificate includes each
From the public key of correspondence mailbox.
In mail reception equipment provided in an embodiment of the present invention, the target postal encrypted that sender's mailbox sends is received
Part;Based on the private key of the advance corresponding recipient mailbox of the targeted mails for obtaining, the targeted mails are decrypted;Wherein, institute
The targeted mails for stating encryption are that the corresponding mail of sender's mailbox of the targeted mails sends equipment, based on addressee's postal
The targeted mails are encrypted by the public key of case, and the public key of the recipient mailbox is the mail device from advance
Obtained in the block chain of acquisition.Because mail is the public key encryption using addressee's mail in block chain, can only so make
Decrypted with the private key of recipient mailbox, and the private key of recipient mailbox will not be transmitted in mail transmission process, so that
Will not be spied upon during mail transmission, and then improved the security performance of mail.
Sixth embodiment
Referring to Figure 16, Figure 16 is the structure chart of the first terminal of embodiment of the present invention application, can realize first embodiment
The details of the e-mail sending method into second embodiment, and reach identical effect.As shown in figure 16, first terminal 1600 is wrapped
Include:At least one processor 1601, memory 1602, at least one network interface 1604 and user interface 1603.First terminal
Each component in 1600 is coupled by bus system 1605.It is understood that bus system 1605 is used to realize these groups
Connection communication between part.Bus system 1605 in addition to including data/address bus, also including power bus, controlling bus and state
Signal bus.But for the sake of for clear explanation, various buses are all designated as bus system 1605 in figure 16.
Wherein, user interface 1603 can include display, keyboard or pointing device (for example, mouse, trace ball
(track ball), touch-sensitive plate or touch-screen etc..
It is appreciated that the memory 1602 in the embodiment of the present invention can be volatile memory or non-volatile memories
Device, or may include both volatibility and nonvolatile memory.Wherein, nonvolatile memory can be read-only storage
(Read-Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), erasable programmable are only
Read memory (Erasable PROM, EPROM), Electrically Erasable Read Only Memory (Electrically EPROM,
) or flash memory EEPROM.Volatile memory can be random access memory (Random Access Memory, RAM), its use
Make External Cache.By exemplary but be not restricted explanation, the RAM of many forms can use, such as static random-access
Memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random-access
Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data
Rate SDRAM, DDRSDRAM), it is enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronous
Connection dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory
(Direct Rambus RAM, DRRAM).The memory 1602 of system and method described herein be intended to including but not limited to this
The memory of a little and any other suitable type.
In some embodiments, memory 1602 stores following element, can perform module or data structure, or
Person their subset, or their superset:Operating system 16021 and application program 16022.
Wherein, operating system 16021, comprising various system programs, such as ccf layer, core library layer, driving layer etc. are used for
Realize various basic businesses and process hardware based task.Application program 16022, comprising various application programs, such as matchmaker
Body player (Media Player), browser (Browser) etc., for realizing various applied business.Realize that the present invention is implemented
The program of example method may be embodied in application program 16022.
In embodiments of the present invention, by the program for calling memory 1602 to store or instruction, specifically, can be application
The program stored in program 16022 or instruction, processor 1601 are used for:Obtain targeted mails to be sent;From advance acquisition
Addressee's certificate of the corresponding recipient mailbox of the targeted mails is obtained in block chain;Obtain described in addressee's certificate
The public key of recipient mailbox;Based on the public key, the targeted mails are encrypted;Sent to the recipient mailbox and encrypted
The targeted mails afterwards;Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox,
Decrypt the targeted mails.
The method that the embodiments of the present invention are disclosed can apply in processor 1601, or real by processor 1601
It is existing.Processor 1601 is probably a kind of IC chip, the disposal ability with signal.In implementation process, the above method
Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1601 or software form.Above-mentioned
Processor 1601 can be general processor, digital signal processor (Digital Signal Processor, DSP), special
Integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field
Programmable Gate Array, FPGA) or other PLDs, discrete gate or transistor logic,
Discrete hardware components.Can realize or perform disclosed each method in the embodiment of the present invention, step and logic diagram.It is general
Processor can be microprocessor or the processor can also be any conventional processor etc..With reference to embodiment of the present invention institute
The step of disclosed method, can be embodied directly in hardware decoding processor and perform completion, or with the hardware in decoding processor
And software module combination performs completion.Software module may be located at random access memory, and flash memory, read-only storage may be programmed read-only
In the ripe storage medium in this area such as memory or electrically erasable programmable memory, register.The storage medium is located at
Memory 1602, processor 1601 reads the information in memory 1602, with reference to the step of its hardware completion above method.
It is understood that embodiments described herein can with hardware, software, firmware, middleware, microcode or its
Combine to realize.Realized for hardware, processing unit can be realized in one or more application specific integrated circuits (Application
Specific Integrated Circuits, ASIC), digital signal processor (Digital Signal Processing,
DSP), digital signal processing appts (DSP Device, DSPD), programmable logic device (Programmable Logic
Device, PLD), field programmable gate array (Field-Programmable Gate Array, FPGA), general processor,
In controller, microcontroller, microprocessor, other electronic units for performing herein described function or its combination.
Realized for software, can be realized by performing the module (such as process, function etc.) of function described herein herein
Described technology.Software code is storable in memory and by computing device.Memory can within a processor or
Realize processor outside.
Optionally, processor 1601 is additionally operable to:By the public key, Mail Contents and mail mark to the targeted mails
At least one in topic is encrypted;Wherein, the Mail Contents include message body and annex.
Optionally, processor 1601 is additionally operable to:After addressee's certificate is got, first is generated according to preset rules
Session key;By first session key, at least one in the Mail Contents and mail header of the targeted mails
It is encrypted;By the public key, the session key is encrypted, generates the second session key;By second session
Mail head of the key added to the targeted mails;Wherein, the Mail Contents include message body and annex.
Optionally, processor 1601 is additionally operable to:Verify whether addressee's certificate is legal;If the result is the receipts
Part people's certificate is legal, then perform described the step of obtain the public key of recipient mailbox described in addressee's certificate.
Optionally, processor 1601 is additionally operable to:Increase encryption identification in the targeted mails, the encryption identification is used for
Identifying the targeted mails has used block chain certificate to encrypt.
Optionally, processor 1601 is additionally operable to:By proof of work mechanism, first object block is generated;From the area
The public key of sender's mailbox of the targeted mails is obtained in block chain;According to the public key of the sender, generation includes the hair
Sender's certificate of the public key of part people's mailbox, and sender's certificate is added in the first object block;Obtain institute
State the authorization message of sender's certificate;The authorization message and the first object block are added in the block chain.
Optionally, each block includes at least one during the block chain includes at least one block, and the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize at least one certificate, the block
All certificates can authorize certificate and mailbox in sub- certificate, and the block chain to correspond in chain, and each certificate includes
The public key of respective correspondence mailbox.
In first terminal provided in an embodiment of the present invention, targeted mails to be sent are obtained;From the advance block chain for obtaining
The middle addressee's certificate for obtaining the corresponding recipient mailbox of the targeted mails;Obtain addressee described in addressee's certificate
The public key of mailbox;Based on the public key, the targeted mails are encrypted;The institute after encryption is sent to the recipient mailbox
State targeted mails;Wherein, the targeted mails are used for:Mail reception equipment is based on the private key of the recipient mailbox, decrypts institute
State targeted mails.Because mail is the public key encryption using addressee's mail in block chain, addressee's postal can only be so used
The private key decryption of case, and the private key of recipient mailbox will not be transmitted in mail transmission process, so as in mail transmission mistake
Will not be spied upon in journey, and then improved the security performance of mail.
7th embodiment
Figure 17 is referred to, Figure 17 is the structure chart of the second terminal of embodiment of the present invention application, can realize the 3rd implementation
The details of the mail receiving method in example, and reach identical effect.As shown in figure 17, second terminal 1700 includes radio frequency
(Radio Frequency, RF) circuit 1710, memory 1720, input block 1730, display unit 1740, processor 1750,
Voicefrequency circuit 1760, communication module 1770 and power supply 1780.
Wherein, input block 1730 can be used to receive the numeral or character information of user input, and produce with second eventually
The user at end 1700 is set and the relevant signal input of function control.Specifically, in the embodiment of the present invention, the input block
1730 can include contact panel 1731.Contact panel 1731, also referred to as touch-screen, can collect user thereon or neighbouring touch
Operation (such as user uses the operations of any suitable object or annex on contact panel 1731 such as finger, stylus) is touched, and
Corresponding attachment means are driven according to formula set in advance.Optionally, contact panel 1731 may include touch detecting apparatus and
Two parts of touch controller.Wherein, touch detecting apparatus detect the touch orientation of user, and detect the letter that touch operation brings
Number, transmit a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into
Contact coordinate, then give the processor 1750, and the order sent of receiving processor 1750 and can be performed.Furthermore, it is possible to
Contact panel 1731 is realized using polytypes such as resistance-type, condenser type, infrared ray and surface acoustic waves.Except contact panel
1731, input block 1730 can also include other input equipments 1732, and other input equipments 1732 can be included but is not limited to
One kind or many in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc.
Kind.
Wherein, display unit 1740 can be used for display by the information of user input or be supplied to the information and second of user
The various menu interfaces of terminal 1700.Display unit 1740 may include display panel 1741, optionally, using LCD or can have
The forms such as machine light emitting diode (Organic Light-Emitting Diode, OLED) configure display panel 1741.
It should be noted that contact panel 1731 can cover display panel 1741, touch display screen is formed, when the touch display screen
Detect thereon or after neighbouring touch operation, processor 1750 is sent to determine the type of touch event, with post processing
Device 1750 provides corresponding visual output according to the type of touch event in touch display screen.
Touch display screen includes Application Program Interface viewing area and conventional control viewing area.The Application Program Interface viewing area
And the arrangement mode of the conventional control viewing area is not limited, can be arranged above and below, left-right situs etc. can distinguish two and show
Show the arrangement mode in area.The Application Program Interface viewing area is displayed for the interface of application program.Each interface can be with
The interface element such as the icon comprising at least one application program and/or widget desktop controls.The Application Program Interface viewing area
It can also be the empty interface not comprising any content.The conventional control viewing area be used for show utilization rate control higher, for example,
Application icons such as settings button, interface numbering, scroll bar, phone directory icon etc..
Wherein processor 1750 is the control centre of second terminal 1700, using various interfaces and connection whole mobile phone
Various pieces, by running or performing software program of the storage in first memory 1721 and/or module, and call and deposit
The data in second memory 1722 are stored up, the various functions and processing data of second terminal 1700 are performed, so as to whole to second
End 1700 carries out integral monitoring.Optionally, processor 1750 may include one or more processing units.
In embodiments of the present invention, by call store the first memory 1721 in software program and/or module and/
Or the data in the second memory 1722, processor 1750 is used for:Receive the target postal encrypted that sender's mailbox sends
Part;Based on the private key of the advance corresponding recipient mailbox of the targeted mails for obtaining, the targeted mails are decrypted;Wherein, institute
The targeted mails for stating encryption are that the corresponding mail of sender's mailbox of the targeted mails sends equipment, based on addressee's postal
The targeted mails are encrypted by the public key of case, and the public key of the recipient mailbox is the mail device from advance
Obtained in the block chain of acquisition.
Optionally, processor 1750 is additionally operable to:By the advance corresponding recipient mailbox's of the targeted mails for obtaining
Private key, decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include postal
Part text and annex.
Optionally, processor 1750 is additionally operable to:By the private key of the recipient mailbox of the advance targeted mails for obtaining,
The second session key in the mail head of the targeted mails is decrypted, the first session key is obtained;It is close by first session
Key, decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include mail
Text and annex.
Optionally, processor 1750 is additionally operable to:Sender's mailbox of the targeted mails is obtained from the block chain
Sender's certificate;Verify whether sender's certificate is legal;If the result is that sender's certificate is legal, institute is performed
The step of stating the private key of the recipient mailbox based on the targeted mails for obtaining in advance, the decryption targeted mails.
Optionally, processor 1750 is additionally operable to:Obtain the encryption identification of the targeted mails;Judging the encryption identification is
No is the encryption identification encrypted using block chain certificate;If judged result is to be encrypted using block chain certificate for the encryption identification
Encryption identification, then perform the private key of the recipient mailbox based on the targeted mails for obtaining in advance, decrypt the mesh
The step of mark mail.
Optionally, processor 1750 is additionally operable to:By proof of work mechanism, the second target block is generated;From the area
The public key of the recipient mailbox is obtained in block chain;According to the public key of the recipient mailbox, generation includes addressee's postal
Addressee's certificate of the public key of case, and addressee's certificate is added in second target block;Obtain the addressee
The authorization message of people's certificate;The authorization message and second target block are added in the block chain.
Optionally, each block includes at least one during the block chain includes at least one block, and the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize at least one certificate, the block
All certificates can authorize certificate and mailbox in sub- certificate, and the block chain to correspond in chain, and each certificate includes
The public key of respective correspondence mailbox.
In second terminal provided in an embodiment of the present invention, the targeted mails encrypted that sender's mailbox sends are received;Base
In the private key of the advance corresponding recipient mailbox of the targeted mails for obtaining, the targeted mails are decrypted;Wherein, the encryption
Targeted mails be that the corresponding mail of sender's mailbox of the targeted mails sends equipment, the public affairs based on the recipient mailbox
The targeted mails are encrypted by key, and the public key of the recipient mailbox is that the mail device is obtained from advance
Obtained in block chain.Because mail is the public key encryption using addressee's mail in block chain, addressee can only be so used
The private key decryption of people's mailbox, and the private key of recipient mailbox will not be transmitted in mail transmission process, so as to be passed in mail
Will not be spied upon during defeated, and then improved the security performance of mail.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Unit and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, depending on the application-specific and design constraint of technical scheme.Professional and technical personnel
Described function, but this realization can be realized it is not considered that exceeding using distinct methods to each specific application
The scope of the present invention.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can be by other
Mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, is only
A kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling or direct-coupling or communication connection can be the INDIRECT COUPLING or communication link of device or unit by some interfaces
Connect, can be electrical, mechanical or other forms.
The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be according to the actual needs selected to realize embodiment of the present invention scheme
Purpose.
In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.
If the function is to realize in the form of SFU software functional unit and as independent production marketing or when using, can be with
Storage is in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used to so that a computer equipment (can be individual
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, ROM, RAM, magnetic disc or CD etc. are various can be with store program codes
Medium.
The above, specific embodiment only of the invention, but protection scope of the present invention is not limited thereto, and it is any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.