CN107888475B - Mail decryption method and server - Google Patents
Mail decryption method and server Download PDFInfo
- Publication number
- CN107888475B CN107888475B CN201610872860.3A CN201610872860A CN107888475B CN 107888475 B CN107888475 B CN 107888475B CN 201610872860 A CN201610872860 A CN 201610872860A CN 107888475 B CN107888475 B CN 107888475B
- Authority
- CN
- China
- Prior art keywords
- request
- receiving
- authentication
- ciphertext
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
The invention provides a mail decryption method and a server, wherein the method comprises the following steps: receiving a ciphertext and a first public key from a request end; sending the ciphertext and the first public key to an authentication end; receiving a first private key generated based on the first public key and sent by the authentication end, and decrypting the ciphertext according to the first private key; receiving a second private key sent by the authentication end, and encrypting the decrypted ciphertext according to the second private key; and receiving a second public key sent by the request end, decrypting the encrypted ciphertext by using the second public key, and if the decryption is successful, pushing the mail to the request end. In the embodiment of the invention, the security of the encrypted mail is ensured by encrypting and decrypting the mail twice. After the first private key decrypts the ciphertext, the second private key is used for encrypting the decrypted ciphertext, and the second public key is used for decrypting the ciphertext encrypted again, so that the problem that information in the encrypted mail in the prior art can be stolen by others is solved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and a server for decrypting an email.
Background
The encrypted mail can mean that the sender encrypts the mail through the digital certificate of the receiver on the premise that both the receiver and the sender have the digital certificate of the electronic mail. Under the condition of using the safe e-mail to transmit and receive, only the receiver can read the encrypted e-mail, and the encrypted information of the e-mail transmitted on the Internet can not be stolen by others. Even if the mail is intercepted or sent by mistake, other people cannot read the content of the mail, so that the safety of communication between users can be ensured.
Currently, encrypted mail can be read in several ways:
1) reading the encrypted mail through the priority shield:
in the process of reading the mail, the encrypted mail is read after inserting the priority shield into the interface of the client.
2) Uploading a file certificate and reading an encrypted mail:
in reading the mail, the encrypted mail is read after the corresponding file certificate is uploaded to the server.
3) Uploading the encrypted mail to a special decryption device for reading:
in the process of reading the mail, the encrypted mail can be downloaded first, and then the encrypted mail is uploaded to a specified device or a specified website for reading.
However, when the encrypted mail is read by the above method, when the security key is lost, the mail certificate uploaded to the server is lost, or the encrypted mail is stolen by others, the information in the encrypted mail may be read by others, so that the encrypted mail loses its security function for others.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a mail decryption method and a server, which are used for solving the problem that information in an encrypted mail in the prior art can be stolen by others.
The embodiment of the invention provides a mail decryption method, which comprises the following steps: receiving an email receiving request from a request end, wherein the email receiving request carries a ciphertext and a first public key; sending the ciphertext and the first public key to an authentication end according to a mapping relation between the request end and the authentication end; receiving a first private key which is sent by the authentication end and generated based on the first public key, and decrypting the ciphertext according to the first private key; receiving a second private key sent by the authentication end, and encrypting the decrypted ciphertext according to the second private key; and receiving a second public key sent by the request terminal, decrypting the encrypted ciphertext by using the second public key, and if the decryption is successful, pushing an email to the request terminal according to the mapping relation between the request terminal and the authentication terminal.
In this embodiment, after decrypting the encrypted ciphertext with the second public key, the method further includes: and if the decryption fails, respectively sending error indication information to the request terminal and the authentication terminal according to the mapping relation between the request terminal and the authentication terminal.
In this embodiment, receiving a mail receiving request from a requesting end includes: receiving an image from the authentication terminal, wherein the image is obtained by scanning a code from the request terminal by the authentication terminal; identifying the identification information of the request terminal from the image, and establishing a mapping relation between the request terminal and the authentication terminal according to the identification information; and receiving the image as a mail receiving request received by the request end.
In this embodiment, after receiving a mail reception request from a requesting end, the method further includes: and carrying out data transmission with the request end through long connection.
In this embodiment, the long connection is established as follows: receiving the long connection initiated by the request end, setting the overtime time for the long connection, if the data from the authentication end is received in the overtime time, sending the received data to the request end, and closing the long connection immediately, if the data from the authentication end is not received in the overtime time, closing the long connection when the overtime time is reached.
In this embodiment, before receiving the long connection initiated by the request end, the method further includes: the request end detects whether the long connection is closed or not, and if the long connection is detected to be closed, the request end initiates the long connection.
The embodiment of the invention also provides a decryption server of the mail, which comprises: the first receiving module is used for receiving an email receiving request from a request end, wherein the email receiving request carries a ciphertext and a first public key; the first sending module is used for sending the ciphertext and the first public key to the authentication end according to the mapping relation between the request end and the authentication end; the second receiving module is used for receiving a first private key which is sent by the authentication end and generated based on the first public key, and decrypting the ciphertext according to the first private key; the third receiving module is used for receiving the second private key sent by the authentication end and encrypting the decrypted ciphertext according to the second private key; and the fourth receiving module is used for receiving the second public key sent by the request terminal, decrypting the encrypted ciphertext by using the second public key, and pushing an email to the request terminal according to the mapping relation between the request terminal and the authentication terminal if the decryption is successful.
In one embodiment, further comprising: and the fourth receiving module sends error indication information to the request terminal and the authentication terminal respectively according to the mapping relation between the request terminal and the authentication terminal under the condition that the encrypted ciphertext is not decrypted by using the second public key.
In one embodiment, the first receiving module comprises: a first receiving unit, configured to receive an image from the authentication end, where the image is scanned by the authentication end from the request end; the first identification unit is used for identifying the identification information of the request terminal from the image and establishing a mapping relation between the request terminal and the authentication terminal according to the identification information; and the second receiving unit is used for receiving the image as a mail receiving request received by the request end.
In one embodiment, further comprising: and the first receiving module is used for carrying out data transmission with the request end through long connection after receiving a mail receiving request from the request end.
In the embodiment of the invention, the security of the encrypted mail is ensured by encrypting and decrypting the mail twice. Specifically, an email receiving request from a request end is received, wherein the email receiving request carries a ciphertext and a first public key; sending the ciphertext and the first public key to the authentication end according to the mapping relation between the request end and the authentication end; receiving a first private key generated based on the first public key and sent by the authentication end, and decrypting the ciphertext according to the first private key; receiving a second private key sent by the authentication end, and encrypting the decrypted ciphertext according to the second private key; and receiving a second public key sent by the request end, decrypting the encrypted ciphertext by using the second public key, and if the decryption is successful, pushing the mail to the request end according to the mapping relation between the request end and the authentication end. Under the condition that the first private key decrypts the ciphertext, the second private key is used for encrypting the decrypted ciphertext, and the second public key is used for decrypting the ciphertext encrypted again, so that the problem that information in the encrypted mail can be stolen by others in the prior art can be solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is a flowchart of a mail decryption method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an application scenario of the mail decryption method according to the embodiment of the present invention;
fig. 3 is a block diagram of a server according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
In consideration of the problem that information in the encrypted mail may be stolen by others when the encrypted mail is decrypted in the prior art, the inventor proposes to read the encrypted mail by adopting a mode of twice encryption and twice decryption.
It should be noted that the execution subject in the present application is a server. Wherein, the server can include: the hardware equipment with the data information processing function and the software necessary for driving the hardware equipment to work can analyze and process the received write request or read request and feed back the corresponding request processing result to a request end or an authentication end. The server may provide a predetermined port through which a read request or a write request of the requesting side and the authenticating side may be received. For example, the server may perform network data interaction with the requesting end or the authenticating end based on a network protocol such as HTTP, TCP/IP, or FTP, and the network communication module. Specifically, in this embodiment, a method for decrypting an email is provided, as shown in fig. 1, the method may include the following steps:
step 101: receiving an email receiving request from a request end, wherein the email receiving request carries a ciphertext and a first public key;
the requesting end may be a terminal device capable of accessing a communication network based on a network protocol or application software running on the terminal device, such as a mobile smart phone, a computer, a mailbox client, and the like. Wherein the application software can send and receive mails. The request end can detect the operation from the upper layer of the application, and can trigger the generation of the read request or the write request based on the operation, and then the request end can send the read request or the write request to the server. The ciphertext may be a mail password used to encrypt the mail to be sent. The public key corresponds to the private key, which may be a key pair derived by an algorithm. The public key is a public part of the key pair, and the private key is a non-public part. The public key may typically be used to encrypt session keys, verify digital signatures, or encrypt data that may be decrypted with a corresponding private key. The key pair obtained by such an algorithm can guarantee uniqueness. Using a key pair, if a piece of data is encrypted with one of the keys, it must be decrypted with the other key. For example, if data is encrypted with a public key, it may be decrypted with a private key corresponding to the public key, and if data is encrypted with a private key, it may also be decrypted with a public key corresponding to the private key. Otherwise, the decryption will not succeed.
In the prior art, the encrypted mail can be read in the following ways:
1) reading the encrypted mail through the priority shield:
in the process of reading the mail, the encrypted mail can be read only after inserting the priority shield into the interface of the client.
However, this method requires a good shield to be carried around. After the client is replaced, driver and configuration software may need to be installed, and the problem of incompatibility of the client browser may also occur.
2) Uploading a file certificate and reading an encrypted mail:
in the process of reading the mail, the encrypted mail can be read only after the corresponding file certificate is uploaded to the server.
However, certificates are stored on personal computers and are not portable. When the mail is read every time, the software certificate is required to be found and then uploaded, and the use experience of a user is influenced.
3) Uploading the encrypted mail to a special decryption device for reading:
in the process of reading the mail, the encrypted mail can be downloaded first and then uploaded to a specified device or a specified website for reading.
However, when the method is used for reading the encrypted mail, the use requirement is higher than that of the two methods, and correspondingly, the use operation steps are more complicated.
Aiming at the problem that the steps are complicated when the encrypted mail is read by adopting the three modes, the inventor proposes that the purpose of receiving the mail receiving request from the request end can be realized through the url where the request mail is located. Further, the url may use a picture obtained by scanning a code from the requesting end as a mail receiving request received from the requesting end, and certainly, may also use other manners to receive a mail receiving request from the requesting end, which is not limited in this application. Specifically, a port having a camera function and a data processing function may be used as an authentication end, such as: the mobile phone, the tablet computer or the authentication client executes the operation of receiving the mail receiving request. As described in the present application, a mobile phone may be used as the authentication terminal having the image capturing function.
Where url may refer to a uniform resource locator, which may indicate the location and access method of a resource obtained from the internet, which is the address of a standard resource on the internet. Each file on the internet has a unique url that contains information indicating the location of the file and how the browser should handle it. The basic url contains: schema (or protocol), server name (or IP address), path, and file name, such as "protocol:// authorization/path? Query ". The complete, generic uniform resource identifier syntax with the grant portion looks as follows: protocol:// username: password @ sub-domain name. top level domain name: port number/directory/file name. file suffix? The parameter is a value # mark, that is, each email corresponds to a unique url, and the url is requested to open corresponding information in the email receiving request. The http protocol, which is used in this application, is a stateless short connection. When both communication parties have data interaction, an http connection is established, and after the data transmission is completed, the http connection is disconnected. Of course, ftp protocol, https protocol, etc. may also be used, and this application is not limited thereto.
Further, as can be seen from the above description, the authenticator may obtain the email information of the supplicant by requesting the url. Furthermore, the identification information of the request terminal can be carried in the picture, and the mapping relation between the request terminal and the authentication terminal is established according to the identification information, so that the information of the authentication terminal can be transmitted back to the request terminal.
In one embodiment, the relay can be performed by the server to establish a bidirectional channel between the requesting side and the authenticating side. Therefore, the request end can transmit data to the authentication end, and the authentication end can transmit data to the request end. In general, a corresponding tag may be stored for a transmitted request at a request end, and when the request end transmits a request to a server, the tag is carried, and the server may identify which request end transmits the request according to the tag. Similarly, the corresponding mark can be stored for the transmitted request at the authentication end, and when the authentication end transmits the request to the server, the mark is carried, and the server can identify which authentication end transmits the request according to the mark.
The following describes data transmission between a requesting end and an authenticating end through a specific application scenario. And the authentication end establishes a mapping relation between the request end and the authentication end through the identification information identified by the code scanning.
The request end sends a request to the server, the request carries the mark IDA, and the server can calculate the needed page data according to the mark IDA. Similarly, after the authentication end scans the code from the request end, the request carries the marked IDC, and the server can calculate the data that can be returned according to the marked IDC. Then, the mapping relationship between the IDA and the IDC in the requesting terminal and the authenticating terminal can be stored in the server, and a bidirectional communication channel between the requesting terminal and the authenticating terminal can be established. And the authentication end scans codes from the request end, the request carries the label IDC, and the request end sends corresponding data to the authentication end through the server according to the mapping relation between the IDA and the IDC in the request end and the authentication end. The request end sends a request to the server, the request carries the mark IDA, and corresponding data of the authentication end is sent to the request end according to the mapping relation between the IDA and the IDC in the request end and the authentication end.
Step 102: sending the ciphertext and the first public key to an authentication end according to a mapping relation between the request end and the authentication end;
in this embodiment, after the authentication end scans codes from the request end, the authentication end may obtain the ciphertext and the first public key from the request end according to the mapping relationship between the request end and the authentication end.
Step 103: receiving a first private key which is sent by the authentication end and generated based on the first public key, and decrypting the ciphertext according to the first private key;
in the present application, an SSL encryption channel is used to secure the communication. A valid, trusted SSL digital certificate includes a public key and a private key. Wherein the public key is used to encrypt information and the private key is used to decrypt encrypted information. Thus, when the browser points to a secure domain, SSL will synchronize the validation server and the client and create an encryption scheme and a unique session key.
After the authentication end obtains the ciphertext and the first public key, the authentication end may generate a corresponding first private key according to the ciphertext and the first public key to decrypt the ciphertext.
Normally, http requests are short connections without state during decryption of the ciphertext. When the http request is opened, the connection is closed by the request end, and if the request end wants to timely take the content decrypted by the mobile phone, the content can only be refreshed regularly, but the obtained information is not timely.
In this embodiment, the real-time performance of data transmission can be realized by establishing a long connection with the request end. Specifically, the long connection may be established by: receiving a long connection initiated by a request end, and setting timeout time for the long connection, such as: 30 seconds, which the present application does not limit. If the data from the authentication end is received within the overtime, the received data is sent to the request end, and then the long connection is closed, and if the data from the authentication end is not received within the overtime, the long connection is closed when the overtime is reached.
Furthermore, when the request end detects that the long connection is closed, a new long connection is initiated again, and meanwhile, the long connection initiated by the request end is received, so that the request end can obtain new data immediately, and the timeliness of information transmission can be guaranteed.
The following describes data transmission with a requesting end through a specific application scenario. After receiving a mail receiving request from a requesting end, specifically, after receiving a ciphertext and a first public key at an authentication end, the requesting end initiates a long connection with a timeout time of 20s to an executing body, and within the 20s time, the requesting end is in a state of waiting for receiving new data. If the requesting peer does not receive new data within 20s, the long connection is closed when the timeout time is reached. If the execution body receives new data within 20s, the received data can be sent to the requesting end and the long connection is closed. When the request end detects that the long connection is closed, a new long connection with the request end is reestablished.
Step 104: receiving a second private key sent by the authentication end, and encrypting the decrypted ciphertext according to the second private key;
step 105: and receiving a second public key sent by the request terminal, decrypting the encrypted ciphertext by using the second public key, and if the decryption is successful, pushing an email to the request terminal according to the mapping relation between the request terminal and the authentication terminal.
Because the first private key is stored in the authentication end, when the authentication end is lost, the first private key stored in the authentication end can be stolen by others, and although a user can cancel out the current public and private key pair on a mail setting interface, the mail which is read before is encrypted by an old public key, namely the first public key, and the encrypted mail in the inbox can be opened by the old private key, namely the first private key under normal conditions. Therefore, the security of the encrypted mail cannot be ensured by only adopting the methods of step 103 to step 104.
In the application, the method of encrypting and decrypting the decrypted ciphertext is adopted to ensure the security of the encrypted mail.
Specifically, the second private key of the authentication end may be used to encrypt the decrypted ciphertext again, and the second public key corresponding to the second private key from the request end may be used to decrypt the ciphertext, so as to ensure the security of the email.
In this embodiment, the second private key may be a latest version of the private key, and correspondingly, the second public key may be a latest version of the public key. Therefore, in this case, if a letter that has been read before is to be opened, after the letter is decrypted by using the private key matching the letter, the decrypted ciphertext needs to be encrypted again by using the private key of the latest version, and then decrypted by using the public key of the latest version sent by the request end, and if the decryption is successful, the mail can be opened, otherwise, the mail cannot be opened. When the authentication end is lost, the security of the encrypted mail can be ensured by adopting a method of upgrading the version of the public and private key.
And if the decryption is successful, pushing the mail to the request end according to the mapping relation between the request end and the authentication end. And if the decryption fails, respectively sending error indication information to the request end and the authentication end according to the mapping relation between the request end and the authentication end.
The following describes a mail decryption method in the present application with a specific application scenario. It should be noted, however, that the specific examples are only for better illustration of the present invention and should not be construed as limiting the present invention.
As shown in fig. 2, the following steps may be included:
1) and (4) the app of the authentication end scans the two-dimensional code picture carried by the request end and identifies the url in the picture.
2) The app of the authentication end requests the url through an http protocol, and returns a ciphertext to be decrypted and a public key version during encryption.
3) The app of the authentication end decrypts the ciphertext by using the stored private key corresponding to the public key version 2, and then obtains plaintext information.
4) The app at the authentication end signs the decrypted plaintext and other information with the stored latest version of the private key.
5) And the app of the authentication end sends the decrypted ciphertext and the signature information back to the server through an http protocol.
6) And the server verifies the signature information sent by the mobile phone app by using the stored public key of the latest version.
7) And if the signature information is inconsistent, discarding the plaintext information, and directly returning error information to the credit reading page and the app of the authentication end.
8) And if the signature information is consistent, receiving the plaintext information, and returning a corresponding result to the message reading page and the app of the authentication end.
The steps successfully protect the security of the encrypted mail after the authentication end is lost, and as long as the authentication end is lost, the version of the private key in the app of the authentication end can be upgraded, because the version authentication is firstly carried out between the app of the authentication end and the server before decryption, if the version of the private key carried in the authentication end is different from the version of the public key in the server, the private key cannot pass the authentication, so that a client who picks up the authentication end cannot read the decrypted mail, and the security of the mail can be ensured.
Based on the same inventive concept, the embodiment of the present invention further provides a decryption server for mails, as described in the following embodiments. Because the principle of solving the problem of the decryption server of the mail is similar to the decryption method of the mail, the implementation of the decryption server of the mail can refer to the implementation of the decryption method of the mail, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated. Fig. 3 is a block diagram of a structure of a mail decryption server according to an embodiment of the present invention, as shown in fig. 3, which may include: the first receiving module 301, the first transmitting module 302, the second receiving module 303, the third receiving module 304, and the fourth receiving module 305 will be described below.
A first receiving module 301, configured to receive an email receiving request from a requesting end, where the email receiving request carries a ciphertext and a first public key;
a first sending module 302, configured to send the ciphertext and the first public key to an authentication end according to a mapping relationship between the request end and the authentication end;
the second receiving module 303 may be configured to receive a first private key generated based on the first public key and sent by the authentication end, and decrypt the ciphertext according to the first private key;
the third receiving module 304 may be configured to receive the second private key sent by the authentication end, and encrypt the decrypted ciphertext according to the second private key;
the fourth receiving module 305 may be configured to receive the second public key sent by the request end, decrypt the encrypted ciphertext with the second public key, and if decryption is successful, push an email to the request end according to a mapping relationship between the request end and the authentication end.
In an embodiment, the fourth receiving module may send error indication information to the requesting end and the authenticating end respectively according to a mapping relationship between the requesting end and the authenticating end when the encrypted ciphertext is unsuccessfully decrypted by using the second public key.
In one embodiment, the first receiving module may include: a first receiving unit, configured to receive an image from the authentication end, where the image is scanned by the authentication end from the request end; the first identification unit may be configured to identify identification information of the request end from the image, and establish a mapping relationship between the request end and the authentication end according to the identification information; a second receiving unit, configured to receive the image as a mail reception request received from the requesting end.
In one embodiment, the first receiving module may perform data transmission with the requesting end through a long connection after receiving a mail receiving request from the requesting end.
In one embodiment, the first receiving module may be configured to establish the long connection as follows: receiving the long connection initiated by the request end, setting the overtime time for the long connection, if the data from the authentication end is received in the overtime time, sending the received data to the request end, and closing the long connection immediately, if the data from the authentication end is not received in the overtime time, closing the long connection when the overtime time is reached.
In one embodiment, the first receiving module may further include: before receiving the long connection initiated by the request end, the request end detects whether the long connection is closed, and if the long connection is closed, the request end initiates the long connection.
From the above description, it can be seen that the embodiments of the present invention achieve the following technical effects: the security of the encrypted mail is ensured by encrypting and decrypting the mail twice. Specifically, an email receiving request from a request end is received, wherein the email receiving request carries a ciphertext and a first public key; sending the ciphertext and the first public key to the authentication end according to the mapping relation between the request end and the authentication end; receiving a first private key generated based on the first public key and sent by the authentication end, and decrypting the ciphertext according to the first private key; receiving a second private key sent by the authentication end, and encrypting the decrypted ciphertext according to the second private key; and receiving a second public key sent by the request end, decrypting the encrypted ciphertext by using the second public key, and if the decryption is successful, pushing the mail to the request end according to the mapping relation between the request end and the authentication end. Under the condition that the first private key decrypts the ciphertext, the second private key is used for encrypting the decrypted ciphertext, and the second public key is used for decrypting the ciphertext encrypted again, so that the problem that information in the encrypted mail can be stolen by others in the prior art can be solved.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for decrypting an email, comprising:
receiving an email receiving request from a request end, wherein the email receiving request carries a ciphertext and a first public key; the ciphertext is an email password for encrypting an email to be pushed;
sending the ciphertext and the first public key to an authentication end according to a mapping relation between the request end and the authentication end;
receiving a first private key which is sent by the authentication end and generated based on the first public key, and decrypting the ciphertext according to the first private key;
receiving a second private key sent by the authentication end, and encrypting the decrypted ciphertext according to the second private key;
and receiving a second public key sent by the request terminal, decrypting the encrypted ciphertext by using the second public key, and if the decryption is successful, pushing an email to the request terminal according to the mapping relation between the request terminal and the authentication terminal.
2. The method of claim 1, wherein after decrypting the encrypted ciphertext with the second public key, the method further comprises:
and if the decryption fails, respectively sending error indication information to the request terminal and the authentication terminal according to the mapping relation between the request terminal and the authentication terminal.
3. The method of claim 1, wherein receiving a mail reception request from a requesting end comprises:
receiving an image from the authentication terminal, wherein the image is obtained by scanning a code from the request terminal by the authentication terminal;
identifying the identification information of the request terminal from the image, and establishing a mapping relation between the request terminal and the authentication terminal according to the identification information;
and receiving the image as a mail receiving request received by the request end.
4. The method of claim 1, wherein after receiving a mail reception request from a requesting end, the method further comprises: and carrying out data transmission with the request end through long connection.
5. The method of claim 4, wherein the long connection is established as follows:
receiving the long connection initiated by the request end, setting the overtime time for the long connection, if the data from the authentication end is received in the overtime time, sending the received data to the request end, and closing the long connection immediately, if the data from the authentication end is not received in the overtime time, closing the long connection when the overtime time is reached.
6. The method of claim 5, wherein prior to receiving the long connection initiated by the requestor, the method further comprises:
the request end detects whether the long connection is closed or not, and if the long connection is detected to be closed, the request end initiates the long connection.
7. A decryption server for mail, comprising:
the first receiving module is used for receiving an email receiving request from a request end, wherein the email receiving request carries a ciphertext and a first public key; the ciphertext is an email password for encrypting an email to be pushed;
the first sending module is used for sending the ciphertext and the first public key to the authentication end according to the mapping relation between the request end and the authentication end;
the second receiving module is used for receiving a first private key which is sent by the authentication end and generated based on the first public key, and decrypting the ciphertext according to the first private key;
the third receiving module is used for receiving the second private key sent by the authentication end and encrypting the decrypted ciphertext according to the second private key;
and the fourth receiving module is used for receiving the second public key sent by the request terminal, decrypting the encrypted ciphertext by using the second public key, and pushing an email to the request terminal according to the mapping relation between the request terminal and the authentication terminal if the decryption is successful.
8. The server of claim 7, further comprising:
and the fourth receiving module sends error indication information to the request terminal and the authentication terminal respectively according to the mapping relation between the request terminal and the authentication terminal under the condition that the encrypted ciphertext is not decrypted by using the second public key.
9. The server of claim 7, wherein the first receiving module comprises:
a first receiving unit, configured to receive an image from the authentication end, where the image is scanned by the authentication end from the request end;
the first identification unit is used for identifying the identification information of the request terminal from the image and establishing a mapping relation between the request terminal and the authentication terminal according to the identification information;
and the second receiving unit is used for receiving the image as a mail receiving request received by the request end.
10. The server of claim 7, further comprising:
and the first receiving module is used for carrying out data transmission with the request end through long connection after receiving a mail receiving request from the request end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610872860.3A CN107888475B (en) | 2016-09-30 | 2016-09-30 | Mail decryption method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610872860.3A CN107888475B (en) | 2016-09-30 | 2016-09-30 | Mail decryption method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107888475A CN107888475A (en) | 2018-04-06 |
| CN107888475B true CN107888475B (en) | 2020-09-08 |
Family
ID=61769949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610872860.3A Active CN107888475B (en) | 2016-09-30 | 2016-09-30 | Mail decryption method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107888475B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111191266A (en) * | 2019-12-31 | 2020-05-22 | 中国广核电力股份有限公司 | File encryption method and system and decryption method and system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1422035A (en) * | 2001-11-28 | 2003-06-04 | Yun制造厂株式会社 | Cipher key exchange equipment, method, program and recording medium for recording the same program |
| CN1665188A (en) * | 2005-03-03 | 2005-09-07 | 武汉大学 | Method for implementing security E-mail system having transmitting-receiving bidirectional nonrepudiation mechanism |
| CN101083524A (en) * | 2007-06-14 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for encrypting and deciphering E-mail |
| CN101242264A (en) * | 2008-02-01 | 2008-08-13 | 深圳华为通信技术有限公司 | Data transmission method, device and system and mobile terminal |
| CN101309293A (en) * | 2008-06-27 | 2008-11-19 | 中国网络通信集团公司 | Authentication method and system based on hypertext transmission protocol |
| EP2150017A1 (en) * | 2008-07-31 | 2010-02-03 | Research In Motion Limited | Systems and methods for selecting a certificate for use with secure messages |
| CN102387162A (en) * | 2011-12-14 | 2012-03-21 | 广州杰赛科技股份有限公司 | Mail server access method and system based on digital certificate |
| CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| CN103906004A (en) * | 2012-12-19 | 2014-07-02 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail sending end and mail sending and receiving method |
| CN103973713A (en) * | 2014-05-29 | 2014-08-06 | 华翔腾数码科技有限公司 | Transfer method, extraction method and processing system for electronic mail information |
| CN104639516A (en) * | 2013-11-13 | 2015-05-20 | 华为技术有限公司 | Method, equipment and system for authenticating identities |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8229812B2 (en) * | 2009-01-28 | 2012-07-24 | Headwater Partners I, Llc | Open transaction central billing system |
-
2016
- 2016-09-30 CN CN201610872860.3A patent/CN107888475B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1422035A (en) * | 2001-11-28 | 2003-06-04 | Yun制造厂株式会社 | Cipher key exchange equipment, method, program and recording medium for recording the same program |
| CN1665188A (en) * | 2005-03-03 | 2005-09-07 | 武汉大学 | Method for implementing security E-mail system having transmitting-receiving bidirectional nonrepudiation mechanism |
| CN101083524A (en) * | 2007-06-14 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for encrypting and deciphering E-mail |
| CN101242264A (en) * | 2008-02-01 | 2008-08-13 | 深圳华为通信技术有限公司 | Data transmission method, device and system and mobile terminal |
| CN101309293A (en) * | 2008-06-27 | 2008-11-19 | 中国网络通信集团公司 | Authentication method and system based on hypertext transmission protocol |
| EP2150017A1 (en) * | 2008-07-31 | 2010-02-03 | Research In Motion Limited | Systems and methods for selecting a certificate for use with secure messages |
| CN102387162A (en) * | 2011-12-14 | 2012-03-21 | 广州杰赛科技股份有限公司 | Mail server access method and system based on digital certificate |
| CN103906004A (en) * | 2012-12-19 | 2014-07-02 | 上海晨兴希姆通电子科技有限公司 | Mail server, mail sending end and mail sending and receiving method |
| CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| CN104639516A (en) * | 2013-11-13 | 2015-05-20 | 华为技术有限公司 | Method, equipment and system for authenticating identities |
| CN103973713A (en) * | 2014-05-29 | 2014-08-06 | 华翔腾数码科技有限公司 | Transfer method, extraction method and processing system for electronic mail information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107888475A (en) | 2018-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6612358B2 (en) | Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point | |
| CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
| JP4222834B2 (en) | Method and apparatus for storing a cryptographic key that authenticates a key server by obtaining and securely distributing the stored key | |
| US8719952B1 (en) | Systems and methods using passwords for secure storage of private keys on mobile devices | |
| EP2696557B1 (en) | System and method for accessing third-party applications based on cloud platform | |
| US8868909B2 (en) | Method for authenticating a communication channel between a client and a server | |
| US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
| US9973481B1 (en) | Envelope-based encryption method | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| US20050144439A1 (en) | System and method of managing encryption key management system for mobile terminals | |
| US9264420B2 (en) | Single sign-on for network applications | |
| CN105024819A (en) | Multifactor authentication method and system based on mobile terminal | |
| JP2008503778A (en) | Method for transmitting sync ML synchronization data | |
| EP3677005A1 (en) | Authentication protocol based on trusted execution environment | |
| US20160315915A1 (en) | Method for accessing a data memory of a cloud computer system using a modified domain name system (dns) | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| DK2414983T3 (en) | Secure computer system | |
| US20120102319A1 (en) | System and Method for Reliably Authenticating an Appliance | |
| KR20160123558A (en) | Apparatus and method for Mobile Trusted Module based security of Short Message Service | |
| KR102049527B1 (en) | User Authentication Server and System | |
| KR101241864B1 (en) | System for User-Centric Identity management and method thereof | |
| JP3711931B2 (en) | E-mail system, processing method thereof, and program thereof | |
| CN107888475B (en) | Mail decryption method and server | |
| WO2015104567A1 (en) | Secure communication between a server and a client web browser | |
| KR102171377B1 (en) | Method of login control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |