CN1849774A - Message security - Google Patents

Message security Download PDF

Info

Publication number
CN1849774A
CN1849774A CNA2004800263389A CN200480026338A CN1849774A CN 1849774 A CN1849774 A CN 1849774A CN A2004800263389 A CNA2004800263389 A CN A2004800263389A CN 200480026338 A CN200480026338 A CN 200480026338A CN 1849774 A CN1849774 A CN 1849774A
Authority
CN
China
Prior art keywords
terminal
key
seed
email
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2004800263389A
Other languages
Chinese (zh)
Inventor
彼得·达文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SECURED EMAIL AB
Original Assignee
SECURED EMAIL AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SECURED EMAIL AB filed Critical SECURED EMAIL AB
Publication of CN1849774A publication Critical patent/CN1849774A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner

Abstract

The present invention relates to a method of transmitting an electrical message, preferably an email from a first user having a first terminal to a second user having a second terminal, comprising the steps of: transmitting said email in an encrypted form by said first terminal, said encrypted e-mail being encrypted by means of a key generated by a first key generator using a seed, providing once said second user with said seed for generating a key with a second key generator provided in said second terminal, providing to and storing said seed in said second terminal, using said seed by said second terminal for generating a key each time an encrypted email from said first user to said second user is received, synchronising a counting value in each terminal; and generating said key on the basis of said seed and a counting value in each terminal, independently of other terminal.

Description

Information Security
Technical field
The present invention relates to method and system that a kind of safety encipher transmits information, in particular for transmitting Email and being used for communication network.
Background technology
Along with the use of the Internet and other network constantly increases, be a kind of very common behavior now by Email (email) communication.Send millions of emails by the Internet every day, comprises various types of information than conventional perhaps.Email also uses in company and enterprise, is used for domestic and international communication.A lot of Emails comprise information responsive and secret.
Unfortunately, not every Email can both arrive their destination, even may be received by wrong address.And access by unauthorized persons is easy to crack server or enters the network reading Email usually.
For sending the Email of encrypting, existing many methods: PGP (Pretty Good Privacy) (PGP and Pretty Good Privacy are the registered trade marks of PGP company) is an application program that is used to send encrypted E-mail.This application program is a plug-in unit, is used for based on the e-mail program that uses public-key cryptography.Two users exchange public-key cryptography, so can be with public key encryption and decrypt e-mails or other file.And if Email is used addressee's public key encryption and transmitted, outbox side can not the access Email.
Also can be with the annex of a file as Email, and provide the coded access annex to the addressee.
When these two kinds of methods mean encrypt file that each access is new or Email, all must access to your password or personal key (personal key).Password or personal key may pass out of mind, or are obtained by unauthorized persons.And a lot of people of test shows forget Password/personal key in order to avoid, and use surname, the pet name etc., and these are easy to be guessed or even be recorded.
International Patent Application WO 02/077773 has been described a kind of system, method and computer program product, and it provides the email reader and the responsor of an encryption.The method of distribution and initialization encrypted E-mail comprises: the permission that first user's acquisition has the e mail client software application program of public affairs/encrypted private key; File a request by first user, allow second user's download reader/responsor software application, so as between first user and second user the Email of exchange encrypt; Second user's download also installed reader/responsor software application; Second user gives first user's send Email, comprises that the transmission cipher key function of use reader/responsor software application embeds a unencrypted public-key cryptography; First user receives the Email from second user, and wherein the unencrypted public-key cryptography is embedded in the Email; First user sends the second envelope Email to make response to second user, and wherein reader/responsor software application uses second user's unencryption public-key cryptography to encrypt the second envelope Email Information to be enciphered message; Second user will be from first user, have enciphered message receives on third party's e-mail software applications program as the second envelope Email of annex, and wherein third party's e-mail software applications program is different from reader/responsor software application and e mail client software application program; Second user opens the attachment, and carries out reader/responsor software application, allows not have the encrypted E-mail that the user reads and response is created and sent by the user that e mail client software is arranged of e mail client software.
Disclosed U. S. application 2002059529 relates to safe e-mail system, form the fellowship user group of a request secure communication for the Email User of selecting in advance, comprise the safe list server, member's Email that all are safe in the fellowship user group sends on the safe list server, this server comprises holder and the CPU that is used to store certificate data, CPU will want to receive the addressee's of every envelope Email Information name and compare with the data in the memory, and process information to be promoting that authentication transmits forward, and it is that demonstration by memory data in time authenticates the addressee that this authentication transmits.
The U.S. 2003140235 relates to a kind of the sender who has registered the biological characteristic collection and registered the method for exchange electronic information between the addressee of biological characteristic collection, and this method comprises: a. exchanges the biological characteristic collection of registration between sender and addressee; B. generate sender's live-scan (digital palmmprint scanning tools) biological characteristic collection; C. generate first distinct keys, first distinct keys is derived from the difference between the biological characteristic collection of sender's live-scan biological characteristic collection and sender's registration; D. use the first distinct keys enciphered message; E. with encryption key described sender's live-scan biological characteristic collection is encrypted; F. information after encrypting and the sender live-scan biological characteristic collection after the described encryption are sent to the addressee; G. the addressee deciphers the sender live-scan biological characteristic collection after the described encryption; H. the difference between the biological characteristic collection registered of the live-scan biological characteristic collection of addressee by calculating described sender and sender regenerates first distinct keys; And i. utilizes the first distinct keys decryption information that regenerates.
WO 01/91366 relates to a kind of apparatus and method that generate pseudo-random key in the cryptographic communication system.Make the initialized common set of configuration data if provide one, pseudo-random key can repeat by the various independently pseudo-random key makers of cryptographic communication system to generate.
WO 02/39660 relates to a kind of system and method that uses autochthonous key to carry out cryptographic communication in the middle of a plurality of users and central service supplier.Each user and central service supplier communicate, the preferred user communication interface that uses, this user communication interface comprises a local key generator, and after the seed that uses user oneself individual carried out initialization, local key generator generated a unique key.By the different user individual seed that issue has only each user just to have, each user's local key generator generates a unique group key.Central service supplier also has a local key generator, and preferably has the copy that portion is distributed to a guy of institute seed of authorized user.Central service supplier preferably uses the key that is generated by the individual subscriber seed to communicate with each user under a kind of safety encipher mode.By using the coded communication that generates unique individual's key, issue extra public seed to a plurality of users, generate the signal encryption of key then by use, the described user of access under the security admission condition, thus cause user to organize from public seed to hope.
In OTP: One-time pad maker program be a shared software routine by the Internet issue ( Http:// www.fourmilab.ch/onetime) be used to generate this (one-time pads) or cipher list of disposal password.
Summary of the invention
The embodiment of optimum according to the present invention, main purpose of the present invention provide a kind of safe e-mail system, and this system allows Email is carried out encryption and decryption and do not need to reuse password or personal key.The invention particularly relates at least two remote sites and generate the synchronous crypto-operation key, be used for encrypting and decrypt e-mails or similar information.
Another object of the present invention provides a kind of e-mail system, and unwelcome Email can filter in this system, promptly so-called spam.
Another object of the present invention provides a kind of e-mail system, and this system can easily buy the safety E-mail software program.
For these reasons, embodiment according to optimum, the present invention relates to a kind of method that transmits electronic information, preferably transmit second user of Email to the second terminal from first user of first terminal, comprise the following steps: that described first terminal transmits described Email with encrypted form, the Email of described encryption is to encrypt with the key that a seed generates by first key generator, provide described seed to described second user is disposable, so that second key generator that allows described second terminal provide generates key, described seed is offered described second terminal and described seed is stored in described second terminal, when each described second user receives from encrypted E-mail that described first user sends, described second terminal utilizes described seed to generate a key, the count value of each terminal synchronously; Count value according to described seed and each terminal generates described key, and is irrelevant with other terminal.
Most preferably, seed only obtains in the initialization time first time.If described first seed is done for, for example when application program is reinstalled or installed, preferably obtain second seed on new computer.
According to a kind of embodiment, when many envelope Emails sent to the addressee, the Email that every envelope is encrypted all obtained a dynamic serial number.This dynamic serial number is used for generating a key into corresponding encrypted E-mail.
According to a kind of embodiment, the present invention also further comprises the following steps: the count value of each terminal synchronously; Count value according to described seed and each terminal generates described key, and is irrelevant with other terminal.Seed is kept in the terminal at least in dynamic and tradable mode, is preferably kept in all terminals.Count value generates in the counter of each terminal, and the synchronization of count value is relevant with the synchronization of counter.After the counter initial synchronisation, only terminal is carried out the synchronisation steps of replenishing when needed.Key-generating run based on seed and count value is to realize by an algorithm that is stored at least one terminal in non-dynamic and immutable mode.
According to an embodiment, the present invention comprises the steps: that also generating one according to the seed received entrusts terminal list, and only accepts the Email registered from the described tabulation.Thereby, can stop spam.
For security reasons, according to the embodiment of optimum, the present invention includes described first user offers described second described seed of user by at least a mode of phone, fax and letter step.
The annex of encrypted E-mail is encrypted with Email.
The invention still further relates to the system that transmits Email to the second user from first user.This system comprises first terminal and second terminal, this system further comprises: described first terminal transmits the method for described safe Email with the privacy enhanced mail form, the Email of described encryption is to encrypt with the key that a seed generates by first key generator, provide described seed so that generate the method for key with second key generator to described second user is disposable, described seed is offered the method for described second terminal and described seed is stored in method in described second terminal, and described second terminal utilizes described seed to generate the method for key when each described second user receives from encrypted E-mail that described first user sends.
Each terminal comprises key-generation unit, and key-generation unit comprises memory, and identical seed is stored in the memory; Counter, the cyclomorphosis count value; And computing terminal, be adapted at each terminal and irrelevant with other terminal, generate key according to original value with by the count value that counter sends.Memory at least one terminal storage seed is a dynamic memory, stores seed in dynamic and tradable mode.Each terminal is set to sense them nonsynchronous the time, resets synchronization then.The computing unit of at least one terminal comprises algorithm, and algorithm is stored in non-dynamic and unalterable mode, and preferably realizes with hardware.One of terminal is a central terminal, and it comprises a plurality of seeds and is used for safe encryption transmission, and these seeds are relevant with some different terminals, and each terminal has an original value.
The present invention also relates to be used for transmitting second user's computer program product of safe Email to the second terminal from first user of first terminal, comprise that code is used for: encrypt and transmit the described Email that described first terminal sends, generate key with described first seed in described first terminal, obtain described seed so that generate key with second key generator in described second terminal, described seed is stored in described second terminal, when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized the seed of described storage to generate a key.
The invention still further relates to the transmission signal that is used for transmitting second user of safe Email to the second terminal from first user of first terminal, comprise the signal that contains code, wherein code is used for: encrypt and transmit the described Email that sends from described first terminal, generate key with described first seed in described first terminal, obtain described seed so that generate key with second key generator in described second terminal, described seed is stored in described second terminal, when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized the seed of described storage to generate a key.
The invention still further relates to computer-readable medium, wherein storing the instruction set that is used for transmitting second user of safe Email to the second terminal from first user of first terminal, described instruction set comprises that code is used for: encrypt and transmit the described Email that sends from described first terminal, generate key with described first seed in described first terminal, obtain described seed so that generate key with second key generator in described second terminal, described seed is stored in described second terminal, when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized the seed of described storage to generate a key.This medium can be a memory cell.
The invention still further relates to the marketing method of instruction set, this instruction set is used to transmit and receive from the Email of second user's of first user to the second terminal of first terminal safety.This method comprises: described first terminal transmits described safe Email with the form of encrypting, the Email of described encryption generates key by first key generator with a seed and encrypts, but in described safe Email, provide the access information that indicates the seller address, obtain second instruction set from described seller address and be used to decipher described Email, and described second user be designated as the debit, because he has used described second instruction set to encrypt new Email.Optimum method is computerized.Bill is opened according to ordering and receive described second instruction set.Second instruction set is the password that enters of preassembled instruction set.
The invention still further relates to the method for filtering Email on the receiver, Email arrives second user's of second terminal receiver from first user of first terminal, described first terminal transmits described Email with encrypted form, the Email of described encryption is to encrypt with the key that a seed generates by first key generator, provide described seed to described second user is disposable, so that second key generator that provides with described second terminal generates key, the sender that described second terminal generates according to described seed-receiver relation generates a sender who is trusted and tabulates, and receives Email Actions according to described tabulation.This operation can be to store, delete or return one of described Email.
Description of drawings
Present invention is described with reference to the accompanying drawings, and the preferred embodiment of the invention is described, but embodiment preferred does not limit the present invention:
Fig. 1 is the flow chart according to network service step of the present invention.
Fig. 2 is a structure chart of describing terminal.
Fig. 3 is a flow chart of describing the present invention's part step.
Fig. 4 is a flow chart of describing the part invention.
Embodiment
Basically, the present invention allows to provide an initial seed and generation to transmit leg and recipient system, all different for every envelope Email, but generate identical encryption key in each sender/receiver terminal based on same seed, and this seed all is provided when need not to transmit Email at every turn.According to embodiment preferred, the present invention is an application program, is as such as Microsoft Outlook, Lotus Notes, and the plug-in unit of e-mail programs such as OutlookExpress is realized.Below, provide some non-restrictive example with reference to Microsoft Outlook.Yet, be appreciated that the present invention can be applied to any data communication application/system, particularly email application/system usually.Thereby the present invention also can be applied to SMS and MMS transmission.
Fig. 1 describes is that two users terminal that uses a computer sends and receive the schematic communication process of Email.Send terminal and represent that with 110 receiving terminal is represented with 120.Clearly, only provided two terminals as an example, and the present invention can use on several terminals.Communication between terminals is by the Internet or use e-mail server for example to move on the local area network (LAN) of Exchange Server and carry out.
System creation of the present invention a kind of method of E-mail communication safety.Relation between two e-mail addresses of every pair of sender/receiver is unique (passage).System handles every pair of sender/receiver with the specific encryption key of every pair of sender/receiver oneself.
According to the flow chart of Fig. 1, the user of terminal 110 sends the user that (1) Email is given addressee terminal 120.Terminal 110 has been installed application program of the present invention, and this application program is encrypted Email.In the following embodiments, suppose that sender's e-mail address is " 110@mail.com ", addressee's e-mail address is " 120@mail.com ".With for example SHS-1, Blowfish or similar conventional cryptographic algorithm encrypted E-mail information, and lock Email Information with encryption key.If encrypted application detect the addressee be not the addressee that entrusts one of them, that is to say, this addressee is in the addressee's register list the inside that decryption application or clear crytpographic key are provided to it, and application program requires the sender that initial password is provided or provides password for special addressee.The password that provides by the sender, 120xxx for example, with the addressee other for information about (as e-mail address) be stored in the system.This password is used for:
-generate the passage that key and initialization have key, 110120xxx for example, this passage is used to transmit Email and gives addressee 120;
-generating key, 120110xxxx for example when receiving from 120 Email, uses this key; And
-generate unique encryption key to be used for transmitting Email.The generation of key will be described in detail below.
Should be noted that passage is meant tunnel here, and relevant with the sender-addressee's who obtains relation.
If the addressee does not have decryption application, the subsidiary envelope unencrypted information of Email is issued the addressee, informs that Email is encrypted, need enter (2) program supplier 130, and Internet service merchant for example is with acquisition/download (3) decrypted program.The annex that the Email of encrypting also can be used as information mail sends.If key disappearance, for example after installing decrypted program, the addressee does not receive the deciphering permission, and the addressee is instructed to obtain " password " and can generates key and come decrypt e-mails.For example, the addressee can make a phone call to the sender (4) obtain (6) password, initialization is carried out in the generation of key.When encryption section being installed and having been inputed password, the Email of encryption can be decrypted.Addressee's application storage the sender information also:
-generate the passage that key and initialization have key, 120110xxx for example, this passage is used for transmitting Email and gives sender 110;
-using the cipher key initialization passage, 110120xxx for example uses this passage when receiving from 120 Email; And
The unique encryption key of-generation is used to receive the Email from sender 110.
Therefore, created a sender-receiver relation.
In subsequent step, promptly when relation create finish after and sender and addressee initialized key has all been arranged, do not need to exchange again password or password.To verify and generate keys for encryption/decryption automatically the sender of each terminal and addressee's application program, for example according to the e-mail address of sender/receiver.
Email sent to 120 o'clock from 110 next time, and sender's application program detects addressee 120 in register list, and was that Email generates a new unique encryption key according to the passage that generates.This key is used for enciphered message.Send a dynamic serial number with Email, this dynamic serial number has been determined the order of Email and the key of use.
In receiver site, decryption application detects the dynamic sequence of the employed encryption key of enciphered message.Decryption application generates key and decrypt e-mails according to dynamic serial number (with the password of more early storing).If dynamic serial number is not in order, for example, the Email of the low sequence number of an envelope is received lately than the Email of an envelope higher sequence number, and this application program generates and stores all keys until the sequence number that is used to decipher specific encrypted E-mail.So the key of all storages can be used for deciphering discontinuous Email.These keys are stored in memory cell and are encrypted, and this key can be destroyed after corresponding encrypted E-mail is decrypted.Therefore, the present invention also can allow to postpone decrypt e-mails, and also can decipher under the mode of off-line.
Outbox side or email application can provide and have the information that parameter is set, and the parameter of setting forces recipient or email application to carry out specific operation.For example, outbox can be stored in special mode with the information that requires to receive, and for example is stored as information encrypted, otherwise not storage.Guaranteed that like this outbox can be sure of information when the addressee locates to store, the person can not access information without permission.Also be to be other possible indication, above-mentioned example has been a two locking projections and notches, is not to be limitation of the invention, and for example outbox can be with the information that deletes an e-mail immediately after requiring to consult, and do not allow Email Information to store by any way, so that fail safe maximization.
Each terminal 210, for example the logical PC of a Daepori as shown in accompanying drawing 2, comprises primary processor 240, ROM (read-only memory) 250, RAM (random access memory) 260 and program storage unit (PSU) 270.ROM comprises instruction set, for example is used for the functional performance of terminal.The RAM storage is from the instruction of application program.Program storage unit (PSU) comprises application program, as email application, and encryption and decryption application program etc.
Key-generation application program 280 comprises that in memory cell or RAM, identical original value SID is known as seed, preferably with dynamically and/mutually/tradable mode.The storage of original value preferably realizes with the guiding application program initialization, and by escape way, is favourable as information encrypted or phone or similar the realization.Perhaps, original value does not need, but is but transmitted by physics, and the user of correlation unit can import in advance the value of agreeing voluntarily and comes alternate physical to transmit.In addition, if desired, original value can exchange, but a kind of replacement scheme is all to use same original value in the whole lifetime of key-generation unit.In this case, original value need not stored in dynamic memory, but can use permanent memory.
In addition, key-generation application program control counter 281 makes it periodically-varied count value X; And control computation unit/application program 282, make it to be adapted at each and each unit and irrelevant with other unit, according to original value and the count value sent by counter, generate key.
Yet counter and computing unit are integrated in same unit to be favourable, and same unit is suitably for processor (CPU).Oscillator 283 or clock equally can be integrated in processor, and it is also fine to be used for control counter.The preferred real-time clock that uses is integrated in CPU.In addition, the counter staged increases, easier like this terminal and other terminal be consistent (synchronously) of making.
If provide identical original value in memory, to store, and make counter synchronisation, can in several keys-generation application program, generate identical key so to transmit identical count value, with other, each terminal that promptly runs application is irrelevant.
So these keys can be used to encrypt between terminal or the purpose of authentication.
And key-generation unit preferably is fit to induction, and whether they are synchronous, if they are asynchronous, realize synchronously.Induction can lean on special synchronism detection to finish, and synchronism detection was finished before key generates.
A kind of replacement scheme is whether when using different keys, can verify earlier needs can be re-set as afterwards synchronously synchronously.For example can realize synchronously by exchange count value between the unit.
According to an embodiment, computing unit comprises algorithm F, and algorithm F carries out Hash to original value (seed), existing key and count value to be handled as input parameter.Afterwards, the increase of count value one number one number, i.e. counting=counting+1.This optimal algorithm selection realizes that in the hardware of computing unit perhaps alternately, algorithm is stored in non-dynamic and unalterable memory.Optimal algorithm selection generates 160 key, and the key of other length also is possible certainly.At every turn, when producing a new key for instruction of key generator, generate 160 character codes of a new pseudorandom, this character code is calculated according to " seed " and count value
Key-generation application program can further include the interface section, is used for communicating between communication unit and the key-generation unit.Preferably, this communication comprises that sending instruction to key-generation unit generates key, sends instruction then and makes the key of generation turn back to communication unit.
Key-generation unit can be realized in hardware and carry out with the form of integrated circuit, therefore be difficult to be distorted.Circuit can add on the communication unit of any kind basically then, use common with it.For example, to use with email application be possible to key-generation unit of the present invention.
Can be used for any of point-to-point communication or authentication according to key of the present invention-generation application program, promptly between two terminals, or between central location, e-mail server or several users, client.Such central location preferably includes a plurality of different keys-generation application program, and one of them is used for communicating by letter between each client/user/terminal and the central location.Another kind of replacement scheme, cipher key unit can comprise some different original values, in such cases, key-generation unit is sent the order that generates key also comprise about using the information of which original value.Same, be possible for having identical key generation unit with some unit that central location is communicated by letter, they are communicated by letter with same key-generation unit in the central location.
Be described encrypting transmission or authentication by system described above below.The first step is encrypted Email at a terminal generation Email and with the key that key generation application program generates.Email can comprise one or several annex, for example word processing file, picture file, JAVA small routine or any other numerical data.Therefore, Email according to the present invention relate to the band annex and not with two kinds of the information of annex.Send an email to the addressee terminal, and allow the addressee obtain an initial value, promptly so-called password or seed.Password is input in the decryption application of recipient, the following hope terminal of intercommunication mutually is created, and they are provided to identical original value and preferred synchronization in this course.Now this system has been ready to use, in later time, can using system after the initialization through any a period of time, and at least one terminal is to other terminal authentication self.When other terminal determines whether the identity that provides is known, and whether it has corresponding key-generation application program, i.e. key-generation application program as defined above, and have corresponding original value, access authentication.If program proceeds to next step, opposite program interrupt.
Carry out encrypt/decrypt/authentication with the key that calculates then.It should be understood, however, that encryption transmits and authentication certainly realizes simultaneously in same process.The realization of encryption and authentication can be by any cryptographic algorithm of using key basically, for example known DES and RC6, Bluefish etc.
Another advantage of the present invention is that application program can be used to stop unwanted Email as filter.Nowadays, countless envelope advertisement e-mail send to the addressee people, for example, have individual function to be called " spam " in the Outlook, and it is put into the Email of receiving in the Junk E-Mail folder according to list or some parameters.Yet when the content changing of sender's title and spam, this function is just inoperative.The present invention is directed to this problem solves in the following method:
As mentioned above and with reference to figure 3, addressee terminal or server comprise sender-addressee to tabulation, check 300 and are used at the tabulation center to the address that receives with relatively 310 be used for being compared with address stored in sender's address.If Email can be decrypted, promptly sender address exists in tabulation, and Email decrypted 320 also sends the addressee to.If Email can not be decrypted, promptly sender's address not in tabulation, Email or move on to the spam case or return 330 and give the sender.Enclose an envelope information can for the Email of returning, for example notify the sender to need encipheror to give the addressee who wishes by send Email.Certainly, be not the sender in the tabulation, but the sender that the addressee wants also can send Email.For this reason, system can store the copy of 340 a Emails, perhaps just notifies the addressee, and the sender can obtain its installation encrypted application of notice request and obtain password from the addressee like this.Clearly, filtration/prevention function is an optional application program.
As mentioned above, the present invention also allows to buy whole or the certain applications program in simple mode.
4 pairs of automatic purchase systems 400 of accompanying drawing are described.Addressee 401 receives an envelope informedness Email, and its annex is an encrypted E-mail, obtains decrypted program.Preferably, this decrypted program provides with free or shareware form.And encrypted application must be bought.When decrypted program was downloaded, encipheror also was downloaded, but only provide license number, password or similar, could use encipheror.For this reason, directed one of client buys address 410, for example on the internet, can secure permission therefrom.Client buys the website and may need information specific such as the country of closing client, language, so that can obtain correct version.Then client be repositioned onto Transaction Information is provided order website 420.The requestee can conclude the business in a known manner, for example uses payments such as credit card, bank transaction, cash transaction.According to method of commerce, clear 430 or manage 440.If transaction has been accepted, buys website 420 and send instructions to registration office's 450 transmission information and to delivery office 460.The necessary any out of Memory of delivery office or router bag, license number or transmission (installing also) operation encipheror.Delivery office can generating routine bag/License Info.If program has been installed in advance, password/license number can be downloaded by (encryption) Email or from the website and pay.
Also may the sub-mail of sender's electricity be provided and notify the addressee to come decrypt e-mails to the addressee to the website acquisition decryption/encryption application program that download of pre-payment program and password are provided.Yet under the situation, the addressee must obtain password or other enters the possibility of program like this.
Also may provide a kind of server apparatus, the Email of encryption is for example realized by opening up address tunnel by this equipment.In this case, every envelope Email can debt respectively (so-called ticker) and need not the purchase program.
Above embodiment relates to network, and the user uses two terminal access Emails there.The present invention also can be applied in the user and use under the situation of different terminals.In this case, encrypt/decrypt program and seed can be used as moving, and for example with the form of hardware plug (as USB dongle), are stored on information carrier media such as the CD etc.Thereby, when using email application, all must provide key/storage medium, so that carry out the encrypt/decrypt application program therefrom at every turn.
In network, for example in organization or enterprise, the IP network at server process client place.The client only need create the email channel of a safety to the server that is moving, so other user's secure relationship on this server processing and the network.A unique password is provided for each user, so as can be according to the present invention access Email Information and email information.And, can provide administrator's password to the network manager, administrator's password can allow the keeper read information and account executive.In order further to improve fail safe, it is possible requiring the keeper must use hardware cell to generate unique sequence number, and unique sequence number is used for the purpose of authentication.The control of this unique sequence number is arranged in another hardware or the software module as central server, based on the module formation sequence of server number, if it is synchronous each other that it is correct hardware cell and they, this sequence number is identical with the sequence number that administrator module generates so.If they are inequality, two systems will try the phase mutually synchronization several times so.
This hardware cell that the keeper uses for example can be provided as, but is not limited to, and hardware plug is used USB (USB), RS232, RS485, Ethernet, Firewire, bluetooth, Centronics, SecureDigital, PCMCIA, PC-Card or similar hardware connect standard.Also may use software module to replace hardware cell, this software module or on the manageable computer, work station or similarly on the computer equipment, perhaps on the computer media memory device, this equipment can be connected on the network or can be connected on the equipment that is connected under the management on the network.
Also may provide the system that has tool of compression, be used for the Email of compress-encrypt.Any traditional compression method can both use.
What can select is that the Email of encrypting and/or deciphering can be preserved with deciphering or the form of encrypting.In this case, the preferred electron mail is encrypted with password.For security reasons, especially in company, should an a guy's password and an administrator key (network manager).
The embodiment of more than describing and illustrating can not limit the present invention.In the scope of accessory claim,, can improve the present invention in some kinds of modes according to application, demand and needs.

Claims (31)

1. method that transmits electronic information, second user who preferably transmits Email to the second terminal from first user of first terminal comprises the following steps:
-described first terminal transmits described Email with the form of encrypting, and the Email of described encryption is to encrypt with the key that a seed generates by first key generator,
-provide described seed to described second user is disposable, so that second key generator that provides with described second terminal generates key,
-described seed is offered described second terminal and described seed is stored in described second terminal,
-when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized described seed to generate a key,
-the count value of each terminal synchronously; And
-generate described key according to the count value of described seed and each terminal, irrelevant with other terminal.
2. according to the process of claim 1 wherein that described seed only obtains in the initialization time first time.
According to the process of claim 1 wherein if described first seed is done for, obtain second seed.
4. according to the process of claim 1 wherein that the Email that every envelope is encrypted obtains a dynamic serial number.
5. according to the method for claim 4, wherein said dynamic serial number is used to corresponding encrypted E-mail to generate key.
6. according to the method for claim 5, wherein seed is preserved in a terminal at least in dynamic and tradable mode, preferably preserves in all terminals.
7. according to the method for claim 1 or 6, wherein said count value generates in the counter of each terminal, count value synchronously and counter relevant synchronously.
8. according to any one method among the claim 1-7, wherein after the counter initial synchronisation, only terminal is carried out the synchronisation steps of replenishing when needed.
9. according to any one described method among the claim 1-8, wherein the described key-generating run based on seed and count value is to realize by the algorithm that is stored at least one terminal in non-dynamic and immutable mode.
10. according to the method for claim 1, comprise step: the terminal list that generates a trust according to the seed of receiving.
11., comprise receiving only the Email of registering from the described tabulation according to the method for claim 10.
12., comprise that described first user offers described second described seed of user by at least a mode of phone, fax or letter according to any one method in the aforementioned claim.
13. according to any one method in the aforementioned claim, the annex of the Email of wherein said encryption is encrypted with Email.
14. according to any one method in the aforementioned claim, wherein transmit leg provides one to have the information that parameter is set, the parameter of setting forces recipient to carry out specific operation.
15. according to any one method in the aforementioned claim, wherein provide administrator's password to the network manager, this password can allow the keeper read information and account executive.
16. according to the method for claim 15, wherein provide hardware cell to generate unique sequence number to the keeper, this sequence number plays the purpose of identity verification.
17. a system that transmits electronic information, second user who preferably transmits Email to the second terminal from first user of first terminal, this system further comprises:
-described first terminal transmits the method for described safe Email with the privacy enhanced mail form, and the Email of described encryption is to encrypt with the key that a seed generates by first key generator,
-provide described seed so that allow second key generator generate the method for key to described second user is disposable,
-described seed is offered the method for described second terminal and the method that described seed is stored in described second terminal,
-when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized described seed to generate the method for key;
-each terminal comprises a key-generation unit, and described key-generation unit comprises memory, and identical seed is stored in the memory; Counter, the cyclomorphosis count value; Computing terminal is adapted at each terminal and generates key with other terminal is irrelevant according to original value with by the count value that counter sends; And
-terminal is set to sense them nonsynchronous the time, is re-set as then synchronously.
18. according to the system of claim 17, wherein the described memory at least one terminal storage seed is a dynamic memory, stores seed in dynamic and tradable mode.
19. according to any one system in the claim 17 to 18, wherein the computing unit of at least one terminal comprises algorithm, this algorithm is stored in non-dynamic and unalterable mode, and is preferably with hardware and realizes.
20. according to any one system in the claim 17 to 19, wherein one of terminal is a central terminal, it comprises a plurality of seeds and is used for safe encryption and transmits, and these seeds terminal different with several is relevant, and each terminal has an original value.
21. according to any one system in the claim 17 to 20, comprise that first unit is used to generate unique sequence number, first unit controls is arranged in second unit of system, second unit formation sequence number, if it is correct unit and their phase mutually synchronization, this sequence number is identical with the sequence number that first unit generates so.
22. second the user's computer program product that is used for transmitting from first user of first terminal safe Email to the second terminal comprises that code is used for:
-encrypt and transmit from the described Email of described first terminal transmission,
-generate key with described first seed in described first terminal,
-obtain described seed, so that generate key with second key generator in described second terminal,
-described seed is stored in described second terminal,
-when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized the seed of described storage to generate a key;
The Email of-every envelope encryption obtains a dynamic serial number;
-be that corresponding encrypted E-mail generates key with described dynamic serial number;
-the count value of each terminal synchronously; And
-generate described key according to the count value of described seed and each terminal, irrelevant with other terminal.
23. a transmission signal that is used for transmitting from first user of first terminal second user of safe Email to the second terminal comprises the signal that contains code, wherein code is used for:
-encrypt and transmit from the described Email of described first terminal transmission,
-generate key in described first terminal with described first seed,
-obtain described seed, so that generate key with second key generator in described second terminal,
-described seed is stored in described second terminal,
-when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized the seed of described storage to generate a key,
The Email of-every envelope encryption obtains a dynamic serial number;
-be that corresponding encrypted E-mail generates key with described dynamic serial number;
-the count value of each terminal synchronously; And
-generate described key according to the count value of described seed and each terminal, irrelevant with other terminal.
24. a computer-readable medium has the instruction set that is stored in wherein, is used for transmitting from first user of first terminal second user of safe Email to the second terminal, described instruction set comprises that code is used for:
-encrypt and transmit from the described Email of described first terminal transmission,
-generate key with described first seed in described first terminal,
-obtain described seed, so that generate key with second key generator in described second terminal,
-described seed is stored in described second terminal,
-when each described second user received from encrypted E-mail that described first user sends, described second terminal utilized the seed of described storage to generate a key,
The Email of-every envelope encryption obtains a dynamic serial number;
-be that corresponding encrypted E-mail generates key with described dynamic serial number;
-the count value of each terminal synchronously; And
-generate described key according to the count value of described seed and each terminal, irrelevant with other terminal.
25. according to the medium of claim 24, wherein said medium is a memory cell.
26. the marketing method of an instruction set, this instruction set are used for transmitting and receive electronic information, send to second user's of second terminal safety E-mail in particular for first user from first terminal, this method comprises:
-described first terminal transmits described safe Email in the mode of encrypting, and the key that the Email of described encryption generates with a seed by first key generator is encrypted,
-readable information that indicates the seller address is provided for described safe Email,
-obtain second instruction set from described seller address, be used to decipher described Email, and
-described second user is designated as the debit, because he has used described second instruction set to encrypt new Email.
27. according to the method for claim 26, wherein this method is computerized.
28. according to the method for claim 26, wherein said bill is opened according to ordering and receive described second instruction set.
29. according to the method for claim 26, wherein said second instruction set is the password that enters of preassembled instruction set.
30. method of filtering the Email on the receiver, described Email arrives from first user of first terminal on second user's the receiver of second terminal, described first terminal transmits described Email with encrypted form, the Email of described encryption is to encrypt with the key that a seed generates by first key generator, provide described seed to described second user is disposable, so that second key generator that provides with described second terminal generates key, described second terminal is according to the sender-receiver relation that is produced by described seed, generate a sender who is trusted and tabulate, and receive the operation of Email according to described tabulation.
31. according to the method for claim 30, wherein said operation is storage, delete or return a kind of in the described Email.
CNA2004800263389A 2003-09-12 2004-09-13 Message security Pending CN1849774A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
SE0302456A SE527561C2 (en) 2003-09-12 2003-09-12 Electronic mail transmission method in internet environment, involves storing seed for key generation provided from sender's terminal, in receiver's terminal
US60/502,254 2003-09-12
SE03024569 2003-09-12
SE04002382 2004-02-04

Publications (1)

Publication Number Publication Date
CN1849774A true CN1849774A (en) 2006-10-18

Family

ID=28787336

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2004800263389A Pending CN1849774A (en) 2003-09-12 2004-09-13 Message security

Country Status (3)

Country Link
CN (1) CN1849774A (en)
SE (1) SE527561C2 (en)
ZA (1) ZA200601931B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170401B (en) * 2006-10-27 2011-02-02 鸿富锦精密工业(深圳)有限公司 Email encryption/decryption system and its method
CN101399627B (en) * 2008-09-27 2012-08-29 北京数字太和科技有限责任公司 Method and system for synchronization recovery
CN103379451A (en) * 2013-06-21 2013-10-30 宇龙计算机通信科技(深圳)有限公司 Check method and system for information instantly burned after being read
CN104159118A (en) * 2014-07-30 2014-11-19 天津大学 Image byte XOR algorithm based on pseudo random sequence and LSB algorithm
CN104798355A (en) * 2012-09-18 2015-07-22 思杰系统有限公司 Mobile device management and security
CN104854840A (en) * 2012-12-12 2015-08-19 德国邮政股份公司 Method for securely transmitting a digital message
US9378359B2 (en) 2011-10-11 2016-06-28 Citrix Systems, Inc. Gateway for controlling mobile device access to enterprise resources
US9521147B2 (en) 2011-10-11 2016-12-13 Citrix Systems, Inc. Policy based application management
US9521117B2 (en) 2012-10-15 2016-12-13 Citrix Systems, Inc. Providing virtualized private network tunnels
US9602474B2 (en) 2012-10-16 2017-03-21 Citrix Systems, Inc. Controlling mobile device access to secure data
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
US9654508B2 (en) 2012-10-15 2017-05-16 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US9774658B2 (en) 2012-10-12 2017-09-26 Citrix Systems, Inc. Orchestration framework for connected devices
US9854063B2 (en) 2012-10-12 2017-12-26 Citrix Systems, Inc. Enterprise application store for an orchestration framework for connected devices
US9948657B2 (en) 2013-03-29 2018-04-17 Citrix Systems, Inc. Providing an enterprise application store
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
US10097584B2 (en) 2013-03-29 2018-10-09 Citrix Systems, Inc. Providing a managed browser
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US10701082B2 (en) 2013-03-29 2020-06-30 Citrix Systems, Inc. Application with multiple operation modes
US10908896B2 (en) 2012-10-16 2021-02-02 Citrix Systems, Inc. Application wrapping for application management framework

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101170401B (en) * 2006-10-27 2011-02-02 鸿富锦精密工业(深圳)有限公司 Email encryption/decryption system and its method
CN101399627B (en) * 2008-09-27 2012-08-29 北京数字太和科技有限责任公司 Method and system for synchronization recovery
US9378359B2 (en) 2011-10-11 2016-06-28 Citrix Systems, Inc. Gateway for controlling mobile device access to enterprise resources
US10469534B2 (en) 2011-10-11 2019-11-05 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10063595B1 (en) 2011-10-11 2018-08-28 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US9521147B2 (en) 2011-10-11 2016-12-13 Citrix Systems, Inc. Policy based application management
US10044757B2 (en) 2011-10-11 2018-08-07 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US9529996B2 (en) 2011-10-11 2016-12-27 Citrix Systems, Inc. Controlling mobile device access to enterprise resources
US11134104B2 (en) 2011-10-11 2021-09-28 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
US10402546B1 (en) 2011-10-11 2019-09-03 Citrix Systems, Inc. Secure execution of enterprise applications on mobile devices
CN104798355A (en) * 2012-09-18 2015-07-22 思杰系统有限公司 Mobile device management and security
US9774658B2 (en) 2012-10-12 2017-09-26 Citrix Systems, Inc. Orchestration framework for connected devices
US9854063B2 (en) 2012-10-12 2017-12-26 Citrix Systems, Inc. Enterprise application store for an orchestration framework for connected devices
US9654508B2 (en) 2012-10-15 2017-05-16 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US9973489B2 (en) 2012-10-15 2018-05-15 Citrix Systems, Inc. Providing virtualized private network tunnels
US9521117B2 (en) 2012-10-15 2016-12-13 Citrix Systems, Inc. Providing virtualized private network tunnels
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
US9858428B2 (en) 2012-10-16 2018-01-02 Citrix Systems, Inc. Controlling mobile device access to secure data
US9602474B2 (en) 2012-10-16 2017-03-21 Citrix Systems, Inc. Controlling mobile device access to secure data
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US10545748B2 (en) 2012-10-16 2020-01-28 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US10908896B2 (en) 2012-10-16 2021-02-02 Citrix Systems, Inc. Application wrapping for application management framework
CN104854840B (en) * 2012-12-12 2018-06-29 德国邮政股份公司 A kind of method of safe transmission electronic information
CN104854840A (en) * 2012-12-12 2015-08-19 德国邮政股份公司 Method for securely transmitting a digital message
US9948657B2 (en) 2013-03-29 2018-04-17 Citrix Systems, Inc. Providing an enterprise application store
US10284627B2 (en) 2013-03-29 2019-05-07 Citrix Systems, Inc. Data management for an application with multiple operation modes
US10097584B2 (en) 2013-03-29 2018-10-09 Citrix Systems, Inc. Providing a managed browser
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
US10701082B2 (en) 2013-03-29 2020-06-30 Citrix Systems, Inc. Application with multiple operation modes
US10965734B2 (en) 2013-03-29 2021-03-30 Citrix Systems, Inc. Data management for an application with multiple operation modes
CN103379451A (en) * 2013-06-21 2013-10-30 宇龙计算机通信科技(深圳)有限公司 Check method and system for information instantly burned after being read
CN104159118A (en) * 2014-07-30 2014-11-19 天津大学 Image byte XOR algorithm based on pseudo random sequence and LSB algorithm

Also Published As

Publication number Publication date
SE0302456D0 (en) 2003-09-12
ZA200601931B (en) 2007-06-27
SE0302456L (en) 2005-03-13
SE527561C2 (en) 2006-04-11

Similar Documents

Publication Publication Date Title
US7600121B2 (en) Message security
CN1849774A (en) Message security
US20070172066A1 (en) Message security
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
CN100576792C (en) The method that file encryption is shared
CN1565117A (en) Data certification method and apparatus
CN1711738A (en) Providing a user device with a set of access codes
CN104662870A (en) Data security management system
CN1653746A (en) Method for authenticating and verifying sms communications
CN1299545A (en) User authentication using a virtual private key
CN101216923A (en) A system and method to enhance the data security of e-bank dealings
CN1694555A (en) Dynamic cipher system and method based on mobile communication terminal
US7660987B2 (en) Method of establishing a secure e-mail transmission link
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN107332666A (en) Terminal document encryption method
CN103078743B (en) E-mail IBE (Internet Booking Engine) encryption realizing method
JPH11298470A (en) Key distribution method and system
IL174176A (en) Message security
CN112243233A (en) CTID (computer telephony integration) verification method and device based on Bluetooth low-power-consumption protocol
CN101924635A (en) Method and device for user identity authentication
CN1784643A (en) Method and system for controlling the disclosure time of information
KR20100114321A (en) Digital content transaction-breakdown the method thereof
JP2003198632A (en) Electronic mail system and method for processing the same and its program
JP2008502045A5 (en)
AU753951B2 (en) Voice and data encryption method using a cryptographic key split combiner

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20061018

C20 Patent right or utility model deemed to be abandoned or is abandoned