JP2007089116A - Electronic message system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a safe electronic message request transmission system. <P>SOLUTION: The transmission side of an electronic mail message transmits a notice of a posting intention. When a reception side determines reception, the notice of requiring a mail content is replied. When the reception side does not transmit a notice requiring a mail content, the transmission side does not transmit an electronic mail message to the reception side. A host computer is designated with one and only name which is registered in an authoritative constitution, and connection to the host computer is established. The host computer provides a public key of a holder of its account to the public. A first public key of the account holder is certificated by the host computer with an account password of the account holder. The account holder generates a new public key and secret key pair. The host computer certificates the new public key with the old public key of the account holder. The new public key is valid after the certification and is provided to the public. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

The present invention relates to an electronic message system, and more particularly to an electronic message system and method, which transmits an electronic message and reaches a predetermined recipient before reaching the recipient's email address. The process of determining whether to collect the full text of the electronic message from the source of the electronic message, and public-key cryptography (public-key
The process includes performing authentication, certification, and secret protection functions during communication using a cryptography public key / private key pair management method.

The above and many items of the present invention list definitions in Table 1 below so that many technical features are comprehensive and can be fully understood.

The method of implementing the e-mail system is such that an e-mail message can be transmitted only by knowing the e-mail address of the recipient. The sender does not want to receive this email message because the sender can transmit email messages of various contents to any recipient and consumes the recipient's valuable resources.

In the prior art, the sender leaves only messages related to uncertified senders in the email message. If the sender forges these messages, the true source of the email message is not indicated. As a result, spam (SPAM) and computer virus-borne or mischievous email messages are scattered and there is no easy way to track them. This problem is due to the transmission method of the “escape” e-mail message.

Among known techniques, public-key cryptography is used for authentication and certification during communication. In a typical process, a sender adds an electronic signature to an electronic mail message, encodes and packages it, and the process is as follows.
1. Edit email messages.
2. Generate a message digest from the edited email message using the hash function (Hash-function) algorithm.
3. The message digest is encoded with the sender's private key using the public key cryptosystem calculation method to obtain the sender's electronic signature.
4). Append the sender's digital signature to the edited email message.
5. A randomly selected session key (Session Key) is generated using an operation method of a secret key cryptosystem.
6). Using the calculation method of the secret key cryptosystem, the edited electronic mail message and the attached electronic signature of the sender are encoded by the selection session key.
7). The selection session key is encoded with the public key of the recipient using the public key cryptography method.
8). The encoded electronic mail message and the encoded session key are transmitted to the recipient, and the electronic mail message is attached with the electronic signature of the sender.

A typical process for a recipient to open an encoded email message and an encoded session key is as follows.
1. Using the calculation method of the public key cryptosystem, the encoded session key is encrypted with the recipient's secret key (Secret Key) to obtain a session key.
2. Encrypts the encoded email message with the session key using the secret key encryption method, and the email message is readable after encryption because it adds the sender's electronic signature Obtain an email message and the sender's electronic signature.
3. Using the public key cryptography method, the sender's public key is used to encrypt the sender's electronic signature, and a message digest generated by the sender is obtained.
4). Generate a new message digest from the acquired email message using a homogenous hash function algorithm.
5. Compare the new message digest with the received message digest to see if both message digests are completely homologous.

During the above process, there are two basic limitations: how to obtain one person's public key and how to prove the legality of the public key. Several methods have been disclosed in the past, eg, first exchanging public keys. A person uses a key ring to store another person's public key. Obtain a public key from a third party server stored in the public key. Providing a commercial certificate authority with a personal driver's license, birth certificate, passport, or other document that can prove your identity, and requesting a digital certificate for your public key. A third party's public key is proved by an electronic signature through a trusted person, etc., all of which require a user's intervention in a troublesome process.

Scattering and certifying public keys is cumbersome and it is impractical to generate a new public key private key pair for security purposes so that the account password of the electronic message system is always changed.

In electronic communication systems, compatibility with only joint service providers such as Microsoft instant messaging or similar is allowed. For communication with a person, the initiator must verify that the responder is registered with the same service provider. As with the use of email systems, communication between different service providers is not possible.

Many electronic messaging systems select a user identification and password to authenticate financial services such as, for example, the transfer of funds. The major drawback is that all the information necessary to authorize the transfer of funds is obtained by a single source, the service provider. Many account user identifications and passwords are stolen by computer hackers and unscrupulous employees. Stealing an equal amount of information from many individuals using a one-to-one method is more difficult than from a single source, so funds are transferred by the public key cryptography and are kept secret to the holder of each account. It is safe to have a private key. However, the publicly known technology lacks effective public key distribution, certification and storage methods. Another shortcoming of user identification and password selection is the lack of proof of electronic message content, eg, amount of funds, recipients, etc.

Some electronic message systems do not have any authentication capabilities. Shopping using a credit card on the Internet is an example. The seller cannot know if the purchaser is the real holder of the credit card or knows the credit card number of another person.

Many electronic messaging systems provide license agreements for services or software, let the licensee click “accept” on the computer display, and click to accept the contents of the license agreement. Is displayed. This type of scheme does not provide recognition of the license holder's identity or proof of the contents of the license agreement.

After downloading or receiving computer software from a software developer or a wholesaler's electronic message system, the user cannot confirm whether the computer software has been altered by a hacker.

In the known technology, many methods are adopted by computer software manufacturers to protect the copyright of products, and the commonly used method is that the manufacturer provides a security key to the licensee. If the copyright is infringed, the legal security key from the manufacturer is provided and the computer software is reissued.

The present invention provides an electronic message system and method for transmitting an email message and collecting the full text of the email message from the source of the electronic message to a given recipient before reaching the recipient's email mailbox. The purpose is to manage public-key cryptography public-key cryptography, and to perform authentication, certification, and secret protection functions during communication.

In the present invention, an e-mail message is transmitted, and before reaching the e-mail address of the recipient, the predetermined recipient is checked with the basic material of the e-mail message to determine whether to receive the full text of the e-mail message. . Thus, the recipient's resources are not exhausted to an unsolicited email message.

  In the present invention, when the recipient decides to receive the full text of the email message, the email message is obtained from the sender. In order to successfully transmit an e-mail message, the host computer that sends the e-mail message must remain connected and wait for a predetermined recipient's response. In other words, the source of the email message is identified and the sender's identity can be tracked. This feature eliminates the possibility of hiding email message sources, junk mail, virus-borne mail, malicious programs, and the like. Spam disseminators and hackers use email systems to disseminate commercial messages and destructive effects, revealing their identity, or at least revealing their host computer identity. Exposing their true identity and driving away these nasty criminals, in particular, they must be punished by law.

The present invention can eliminate the trouble of a user spreading, proving, and storing another person's public key. It does not require participation in the program from the viewpoint of the user's application, and uses functions such as “signing a message” and “sealing a message” easily.

  The present invention determines whether a sender can easily add an electronic signature to an outgoing e-mail without worrying about the problem of a secure key, and whether to retain confidentiality when transmitting an electronic message. Yes, so that only certain recipients can read this electronic message in a readable manner.

  The present invention protects the contents of an electronic message from being seen by others without the sender being concerned about the problem of the security key, authenticates the identity of the sender, and checks whether the received electronic message has been tampered with. I can't confirm and prove the content of the email message and let the sender reject it at a later date.

  In addition, the present invention allows the recipient to choose to keep confidentiality when transmitting an electronic message, without requiring the sender to process a new email message without the sender having to do so. .

  The present invention can reproduce the public key / private key pair again when the user needs it. The system automatically updates the correlated changes, no user intervention is required, and the new public / private key pair works immediately.

  The present invention allows for compatible communications and does not require the consent of a joint service provider. The originator of compatible communications may not care if the responder has an account with a homologous service provider. Communication compatibility can be established only by the originator knowing the respondent's email address.

  The present invention is a method for authenticating a user's identity on the Internet and verifying the contents of an electronic message, such as a net bank, online shopping, and an electronic signature of a consent form.

  The present invention provides a certification method and checks whether the computer software has been tampered with. At the same time, the licensee provides a way to follow a person who divulges computer software illegally by leaking a secret key known only to that person.

  Another advantage of the present invention is that the sender is responsible for storing and transmitting the full text content of the email message, which is from the sender. Therefore, the receiving side does not accept an unexpected work burden.

Further, when there are multiple recipients, the present invention limits each email message from being individually collected from each recipient in a single case. As a result, e-mail messages containing computer viruses and malicious programs cannot be scattered or transferred.

  According to the present invention, spam mail is reduced and the amount of Internet transfer is also improved.

  FIG. 1 shows an embodiment for transmitting an electronic mail message of the present invention. The message source client terminal (11) transmits an e-mail message to a predetermined e-mail address by a computer or a communication device used by the sender. The message source server (12) is a host computer that manages a sender account, receives an email message from the message source client end (11), and the email message is transmitted to a predetermined email address. The message end point server (14) is a host computer that manages a predetermined e-mail address, and is a final destination of the e-mail message. The recipient acquires the right to use the predetermined e-mail address. The message end client end (15) processes an e-mail message entered from an e-mail address by a computer or communication device used by the recipient.

  The message source client end (11), the message source server (12), the message end point server (14), and the message end point client end (15) are all connected to the Internet.

Each message source server (12) and message end point server (14) is a unique name, for example, a domain name (Domain Name), and the unique name is registered and connected to an authoritative organization. Used to build In a single host computer, the task of the message source server (12) is performed to transmit an email message, and the task of the message end point server (14) is performed to receive an email. Only the name of is required.

The message source client end (11), the message source server (12), the message end point server (14), and the message end point client end (15) all generate the public key private key pair and calculate the public key private key pair. The electronic message is encoded and encrypted according to the method.

At the same time, the message source client end (11) and the message end point client end (15) both encode and encrypt the electronic message by the public key / private key pair calculation method, and generate an electronic message digest by the hash calculation method.

When the message source server (12) or the message end point server (14) is established and the password calculation service is provided, the message source server (12) or the message end point server (14) is the first public key private key pair. After that, a new public key / private key pair is generated again when necessary. The message source server (12) or the message end point server (14) stores all versions of the public key private key unit and includes a public key private key pair and a key generation time. This time is the public key private key pair. Greenwich time at the time of generation. All secret keys are stored secretly by the message source server (12) or the message end point server (14). The message source server (12) or the message end point server (14) provides its public key unit to the account holder and its target, and the public key unit includes the public key and key generation time, and provides The scheme is described below. Further, the message source server (12) or the message end point server (14) provides a mechanism for downloading the latest public key unit by, for example, a file transfer protocol (FTP) for exchanging files over the Internet. A single host computer performs the work of the message source server (12), sends out an e-mail message, performs the work of the message end server (14), receives the e-mail message, and public key secrets The key pair needs to be generated only once and is not separated twice by the message source server (12) and the message end point server (14), respectively.

A typical process in which the message source client end (11) or the message end point client end (15) acquires the public key unit of the message source server (12) or the message end point server (14) for the first time is as follows. is there.

1. Initially, the sender or receiver uses the message source client end (11) or the message end point client end (15), and based on the e-mail address, the message source server (12) or the message end point server. When a new account is established in (14), the message source server (12) or the message end point server (14) encodes its latest public key unit with a correlated secret key.
2. The message source server (12) or the message end point server (14) sends the public key unit encoded by the information flow (22) or the information flow (26) to the message source client end (11) or , Provided to the message end client end (15).
3. When receiving the encoded public key unit, the message source client end (11) or the message end client end (15) is provided by the message source server (12) or the message end point server (14). Based on the public mechanism, the latest public key unit of the message source server (12) or the message end point server (14) is downloaded.
4). The message source client end (11) or the message end point client end (15) encrypts the encoded public key unit with the downloaded public key, and the message source server end (12) or the message end point end server (14) The identity is authenticated, and it is confirmed whether the public key unit obtained by encryption matches the downloaded public key unit.
5. If the encryption is successful, the two public key units match, and the message source client end (11) or the message end point client end (15) stores the encrypted public key unit.
6). In the case of encryption failure or when the two public key units do not match, the sender or receiver contacts the administrator of the message source server (12) or the message end point server (14) to determine the problem. It needs to be solved.

For the account user, only one execution is necessary in the above-described steps 1 to 6, and the sender and the receiver are not divided and executed twice.

If the message source client end (11) or the message end client end (15) already has the public key unit of the message source server (12) or the message end server (14), a typical public key is used. The unit update process is as follows.

1. When the message source client end (11) or the message end client end (15) is connected to the message source server (12) or the message end client end (15), the message source client end (11) or The message end client end (15) sends the key generation time of the message source server (12) or message end point server (14) received last by the information flow (21) or the information flow (25) to the message. This is provided to the source server (12) or the message end point server (14).
2. The message source server (12) or the message end point server (14) identifies its own secret key with the key generation time, and encodes its latest public key unit with the identified secret key.
3. The message source server (12) or the message end point server (14) sends the encoded public key unit to the message source client end (11) or the message by the information flow (22) or the information flow (26). Provide to the end client end (15).
4). The message source client end (11) or the message end point client end (15) encrypts the encoded public key unit with the public key of the last received message source server (12) or message end point server (14). To authenticate the identity of the message source server (12) or the message end server (14), obtain the latest public key unit of the message source server (12) or the message end server (14), and If necessary, the public key unit of the stored message source server (12) or message end point server (14) is updated.

Similarly, the account user only needs to execute the above-described steps 1 to 4 once, not twice for the sender and the recipient.

The message source server (12) or the message end point server (14) both store a server database and contain other message end point server or message source server message records, eg, registered domain names, Public key, public key generation time, etc.

A message source server (12) or a message end point server (14) (hereinafter referred to as a start method) is connected to a message source server (12) or a message end point server (14) (hereinafter referred to as a response method). The connection is constructed using the domain name registered by the responder, and when the initiator does not have the public key unit of the responder, the initiator requests the responder to provide the public key unit. . A typical process is as follows.

1. The initiator asks the responder to provide the responder's public key unit.
2. The reaction method is to encode the latest public key unit with the correlated secret key, and download the encoded public key unit and the latest public key unit by the information flow (32) or the information flow (31). Provides a starting mechanism for
3. The starter downloads the public key unit of the responder.
4). The starting method encrypts the encoded public key unit with the downloaded public key, and confirms whether the encrypted public key unit matches the downloaded public key unit. If the decoding is successful and the two public key units match, the starter joins the encrypted public key unit into the database of the server.

If there is a public key unit of the reaction method in the server database under the connection status of the start method and the reaction method, the start method updates the public key unit of the reaction method, and the typical process is as follows: It seems to be.

1. The starting method provides the reaction method with the key generation time of the reaction method received last by the information flow (31) or the information flow (32).
2. The method of reaction identifies its own private key that correlates with the key generation time, encodes its latest public key unit with the identified private key, and information flow (32) or information flow (31). To provide the encoded public unit to the starter.
3. The starting method encrypts the encoded public key unit with the last received public key of the reaction method, authenticates the identity of the reaction method, acquires the latest public key unit of the reaction method, and if necessary, Update the public key unit of the reaction method in the server database.

If there is no public key unit for the start method in the server database under the connection status of the start method and the reaction method, the response method uses the registered domain name of the start method and builds a connection to the start method, Obtain the starting public key unit. A typical process is as follows.

1. The responder requests the initiator to provide the registered domain name of the initiator.
2. The starting method provides the registered domain name to the reaction method by the information flow (31) or the information flow (32).
3. After stopping the connection, the responding method establishes a connection to the initiating method based on the acquired registered domain name, and then acquires the initiating public key unit by the above-described process. In this way, the new starting method has no response public key unit at all.

Under the connection status of the start method and the reaction method described above, if the reaction method already has the start public key unit in the server database, the reaction method updates the public key unit of the start method, and the typical process is as follows. It seems to be.

1. The reaction method provides the start key generation time of the start method received last by the information flow (32) or the information flow (31).
2. The starting method is to identify its own secret key correlated with the key generation time, encode the latest public key unit with the identified secret key, and use the information flow (31) or the information flow (32) Provide encoded public units to the reaction.
3. The response method encrypts the encoded public key unit with the last received public key, authenticates the identity of the initiator, obtains the latest public key unit of the initiator, if necessary. For example, the latest public key unit is updated in the server database.

When the recipient's message endpoint client end (15) or the sender's message source client end (11) first generates or regenerates the public key private key pair, the public key private key pair The public key is stored in the destination client end (15) or the message source client end (11), and the public key is the message end point server (14) or message source server (12) for which the receiver or sender has an account. Must be presented and stored. The message end point server (14) or the message source server (12) is stored in a client database, and the client database includes user account messages such as e-mail address, public key, key generation time, and the like.

A typical process for generating and storing a user's initial public key private key pair is as follows.

1. First, when the receiver or sender establishes an account in the message end server (14) or message source server (12), the receiver or sender is the message end client end (15), or Using the message source client end (11), the receiver or sender identification or password is registered in the message end point server (14) or the message source server (12).
2. The message end point server (14) or the message source server (12) provides its latest public key unit to the message end point client end (15) or the message source client end (11) as described above. To do.
3. The message end client end (15) or the message source client end (11) generates an initial public key private key pair and stores the public key private key unit. The public key private key unit is the public key private key. Includes pair and key generation time.
4). The message end client end (15) or the message source client end (11) stores the secret key secretly.
5. The message end client end (15) or the message source client end (11) is a password of the receiver or sender by the public key of the message end server (14) or the message source server (12), and The public key unit is encoded, and the public key unit includes a public key and a key generation time.
6). The message end client end (15) or the message source client end (11) receives the password and public key unit encoded by the information flow (25) or the information flow (21) as the message end point server ( 14) Alternatively, it is presented to the message source server (12).
7). The message end point server (14) or message source server (12) encrypts the encoded password and public key unit with the private key of the message end point server (14) or message source server (12). Determine if the password is legal.
8). If the encryption is successful and the password is legal, the message endpoint server (14) or message source server (12) subscribes the public key unit into its client database and the public key unit is the recipient, or Correlate with the sender's account.
9. When the encryption fails or the password is illegal, the administrator of the message end point server (14) or the message source server (12) needs to solve this problem.

In general practice, a user works with a single computer or communication device and interacts with a single host computer. A single computer or communication device performs the work of the message source client end (11), sends an e-mail message, and performs the work of the message end client end (15) to the user account. Clean up email messages. Thereby, steps 1 to 9 need only be executed once, and are not performed twice for the receiver and the sender.

Again, a typical process for generating and storing a user's public key / private key pair is as follows.

1. When the message end client end (15) or the message source client end (11) regenerates the public key private key pair correlated with the receiver or sender account, the message end client end (15), Alternatively, the message source client end (11) saves the new public key private key unit as the latest version and at the same time saves the old public key private key unit.
2. The message end client end (15) or the message source client end (11) stores all secret keys secretly.
3. The message end client end (15) or the message source client end (11) encodes the receiver's or sender's new public key unit with the receiver's or sender's last secret key.
4). The message end client end (15) or the message source client end (11) is transferred to the message end point server (14) or the message source server (12) by the information flow (25) or the information flow (21). Presents a new encoded public key unit.
5. The message end point server (14) or the message source server (12) encrypts the new public key unit encoded with the last public key of the receiver or the sender, and identifies the receiver or the sender. And a new public key unit of the receiver or the sender is acquired.
6). If the encryption is successful, the message end point server (14) or the message source server (12) updates the public key unit of the correlated receiver or sender account in the client database.
7). In the case of encryption failure, the administrator of the message end point server (14) or the message source server (12) needs to solve this problem.

If it demonstrates again, the above-mentioned process 1-7 will only perform one time of a user, and is not divided into a receiver or a sender twice.

According to the above, the message source server (12) and the message end point server (14) store the public key unit of the account holder. The message source client terminal (11) and the message end client terminal (15) of the user store the public key units of the message source server (12) and the message end server (14) that manage the account. Once connected, the message source server (12) and the message end point server (14) store each other's public key units. The stored public key unit is a secure transmission of the demand for email messages. A typical process for transmitting an email from a sender to a given recipient is as follows.

1. The sender edits the e-mail message using the message source client end (11), transmits the e-mail address of the recipient, and the e-mail message expiration condition, for example, “After transmission to all recipients” ", A fixed date and time, or a combination of these two conditions.
2. The message source client end (11) establishes a connection to the message source server (12) of the account of the sender, and, as described above, the public key unit of the message source server (12) is obtained by the information flow (22). Receive and update.
3. The message source client end (11) transmits the e-mail message to the message source server (12) by the information flow (21).
4). When the above-mentioned e-mail is received, the message source server (12) holds the e-mail address specifically designated in the sender's account.
5. The message source server (12) generates a notice of intention to post, and the notice of posting intention includes the name of the sender, the sender's email address, the subject, the transmission date and time, the identification code of the email message, the message source server ( 12) a message electronic mail message including the registered domain name of 12), the public key unit of the message source server (12), the public key unit of the sender's account, and the like.
6). The message source server (12) transmits a notice of posting intention to the e-mail address by the information flow (23). A typical process transmits a notice of posting intention and provides a communication environment of an internal process on the Internet in a transport service environment by a simple SMTP communication protocol in the known art. In the communication environment of the internal process, the notification of posting intention passes the intermediate message carrier, and the intermediate message carrier obtains an e-mail message from the host computer and transmits this e-mail message to another host computer. Until the message end point server (14) reaches the final target, it is posted to the e-mail address.
7). When the notice of posting intention is received, the message end point server (14) encodes the recipient's public key with the secret key of the message end point server (14).
8). The message end point server (14) establishes a connection to the message source server (12) by the domain name registered by the message source server (12), and encodes the recipient's public key unit by the information flow (31). And the registration domain of the message end point server (14) is provided to the message source server (12). As described above, the message end point server (14) and the message source server (12) also update each other's public key unit.
9. After receiving the encoded public key unit of the recipient and updating the public key unit of the message end point server (14), the message source server (12) encodes with the public key of the message end point server (14). The recipient's public key unit is encrypted, and the recipient's public key unit is acquired and suspended.
10. After providing the encoded recipient's public key unit to the message source server (12), the message end point server (14) subscribes the key generation time of the recipient's public key unit to the notification of posting intention, and this posting Save the intention letter in the recipient's incoming e-mail box.
11. The recipient uses the message end client end (15) to establish a connection to the message end point server (14), and, as described above, the information flow (26) sets the public key unit of the message end point server (14). Receiving, updating, and utilizing an e-mail message including a notice of posting intention that enters the receiving e-mail box of the recipient by the information flow (26).
12 If the recipient decides to receive an e-mail message that correlates with the posting intention notification, the recipient uses the message end point client end (15) and correlates reception from the key generation time added during the posting intention notification. Identify the private key
13. The message end client end (15) generates an authentication message, which is encoded with a series of data codes with the identified secret key.
14 The message end client end (15) generates a notification requesting the mail content, and the notification requesting the mail content is an electronic message including the identification code of the electronic mail message, the electronic mail address of the recipient, the authentication message, and the like.
15. The message end client end (15) establishes a connection to the message source server (12) based on the domain name registered by the message source server (12), and sends a notification requesting the mail contents via the information flow (27). To the message source server (12).
16. When receiving the above-mentioned notification requesting the mail content, the message source server (12) uses the identification code of the email message and the recipient's email address to identify and identify the recipient's public key. The authentication message is encrypted with the public key, and the identity of the recipient is authenticated.
17. If the recipient authentication is successful, the message source server (12) provides the e-mail message to the message end client end (15) by the information flow (28) and the e-mail message is "posted to XXX". The transmission status is recorded.
18. When there are a plurality of recipients, Steps 7 to 17 described above are performed for each recipient.
19. Based on the expiration date of the email message, the message source server (12) deletes the email message in the email address sent by the sender.

When the message end client end (15) sends a notification requesting the mail content, the receiver sends the message to the message source server (12) by the information flow (27) even if the sender does not encode the e-mail message. Instructs the email message to be encoded. A typical process is as follows.

1. When the message end client end (15) sends a notification requesting the mail content to the message source server (12), the message end client end (15) adds a command to the mail content request notification and sends an e-mail message. Is encoded.
2. As described above, after receiving the notification requesting the mail content and authenticating the identity of the recipient, the message source server (12) arbitrarily selects the session key of the secret key cryptosystem based on the encoding command. Encode the e-mail message with the selected session key. Thereafter, the public key cryptosystem is adopted, and the selected session key is encoded by the public key of the receiver.
3. The message source server (12) provides the encoded electronic mail message and the encoded session key to the message end client end (15) by the information flow (28).
4). After receiving the encoded email message and the encoded session key, the message end client end (15) encrypts the encoded shared key with the recipient's private key to obtain the session key, and then With the session key, the encoded electronic mail message is encrypted to obtain the electronic mail message, and the electronic mail message can be presented in a readable format.

The recipient provides a directory of email addresses to the message endpoint server (14), allowing the message endpoint server (14) to automatically collect email messages from email addresses in the directory, Is as follows.

1. First, the recipient uses the message end point client end (15), and provides a list of e-mail addresses to the message end point server (14) through the information flow (25).
2. When receiving the notice of posting intention of the recipient, the message end point server (14) confirms the sender's email address from the email address list. When the e-mail address of the recipient is included in the e-mail address list, the message end point server (14) is not the recipient's public key unit but the public key unit of the message end point server (14) by the information flow (31). To the message source server (12).
3. Thereafter, the message end point server (14) is transmitted to the notification message source server (12) requesting the mail content by the information flow (31), and the notification requesting the mail content is the secret key of the message end point server (14). Contains the authentication message generated by
4). The message source server (12) encrypts the authentication message with the public key of the message end point server (14), and returns an e-mail message to the message end point server (14) with the information flow (32) or (23). .
5. After receiving the e-mail message, the message end point server (14) stores the e-mail message in the receiving e-mail box of the recipient and waits for the recipient to process.

In order to perform various functions, authentication of the sender's identity, proof of the content of the e-mail message, and encoding of the e-mail message for the purpose of privacy, etc. are almost the same as the basic transmission but the above-mentioned method. Packaging e-mail messages to be sent out on the source client end (11) is different from unzipping e-mail messages received on the message end-client end (15).

Before encoding an email message, the sender's message source client end (11) must have obtained the recipient's public key so that only certain recipients can encrypt it. The public key is obtained from the recipient's message end point server (14).

As described above, when the message end point server (14) replies with a notice of posting intention, the message source server (12) can acquire the registered domain name and public key unit of the message end point server (14). The message source server (12) puts the registered domain name and the public key unit in the transmission status message of the e-mail message to be sent out, and the message source client end (11) obtains it from inside. Furthermore, when the request mail content is transmitted to the message source server (12), the message end point client end (15) also provides the registered domain name and public key unit of the message end point server (14). Thus, each time an e-mail message is transmitted to an e-mail address, the message source client end (11) acquires and stores the registered domain name and public key unit of the message end point server (14), and the message end point server (14 ) Manage email addresses.

If the e-mail address does not have the registered domain name and public key unit of the message destination server (14) with which the message source client end (11) correlates, the typical process for obtaining the message is as follows.

1. The message source client end (11) generates a request for the domain name, and the request for the domain name is an electronic message including an e-mail address, and requests the provision of the registered domain name of the message end point server (14). (14) manages the electronic mail box correlated with the electronic mail address.
2. The message source client end (11) sends a domain name request to the message source server (12) by the information flow (21).
3. The message source server (12) holds the request for the domain name so as to hold the outgoing e-mail message, and sends the e-mail address in the same manner as the information flow (23) transmits the notice of posting intention. Transmit to.
4). When the message end point server (14) is the last end point and receives the domain name request, the message end point server (14) does not store the domain name request in any e-mail box, but the message source server (12 ) Build a connection to.
5. The message end point server (14) provides its registered domain name and public key unit to the message source server (12).
6). The message source server (12) holds the registered domain name and the public key unit of the message end point server (14) in the transmission status message of the domain name request as in the method for the e-mail message.
7). The sender uses the message source client end (11) to obtain the registered domain name and public key unit of the message end point server (14) from the message source server (12).

This allows the message source client end (11) to store the registered domain name and public key unit of the message end point server (14) before packaging the outgoing e-mail message.

A typical process for packaging outgoing e-mail messages to authenticate the identity of the sender, prove the contents of the message, and prevent peeping is as follows.

1. The message source client end (11) generates a message digest of the electronic mail message by the hash function calculation method.
2. The message source client end (11) encodes the message digest with the sender's private key, and generates the sender's electronic signature based on the message digest. The sender's electronic signature is added to the email message. The real name “signed email message” is used to represent the original email message to which the sender's electronic signature is added.
3. The message source client end (11) randomly selects a secret key encryption session key, uses the secret key encryption calculation method, and encodes the e-mail message to be signed with the selected session key. The real name “signed email message” is used to represent an encoded email message.
4). For the recipient, the message source client end (11) establishes a connection to the message end point server (14) using the registered domain name, and finally receives the recipient's email address and information via the information flow (34). The key generation time of the message end point server (14) is provided to the message end point server (14), and the provision of the recipient's public key unit is requested.
5. For the recipient's email address, the message endpoint server (14) examines the client data and obtains the recipient's public key unit. The corresponding secret key is identified from the key generation time of the message source client end (11). The obtained public key unit is encoded by the identified secret key unit.
6). The message end point server (14) provides the encoded public key unit to the message source client end (11) by the information flow (33).
7). The message source client end (11) encrypts the encoded public key unit of the recipient with the public key of the last received message end point server (14), authenticates the identity of the message end point server (14), and receives the recipient. Obtain a public key unit.
8). The message source client end (11) encodes the session key with the recipient's public key using the public key cryptography method.
9. The encoded e-mail message and the encoded session key become the package outgoing mail message. The message source client end (11) transmits an externally sent e-mail message of this package to the message source server (12) by the information flow (21), and the message source server (12) sends a notification of the posting intention to a predetermined e-mail. Sending to an address, the process is similar to handling the absence of an email message to encode with the sender's electronic signature, as described earlier.

If there are multiple recipients, steps 4-9 described above are performed once for each recipient. For each recipient, the message source client end (11) provides the encoded shared conference to the message source server (12). For the recipient sending the request mail content notification, the message source server (12) provides the corresponding encoded session key.

On the message end client end (15), the session key that has been encoded and signed is decompressed, and the typical process is as follows.

1. After receiving the encoded signature e-mail message and the encoded session key, the message end client end (15) encrypts the encoded session key with the recipient's private key and obtains the session key.
2. The message end client end (15) encrypts the encoded and signed electronic mail message with the session key, and acquires the electronic mail message in a readable format and the electronic signature of the sender.
3. The message end client end (15) encrypts the electronic signature of the sender with the public key from the sender of the notice of posting intention, authenticates the identity of the sender, and obtains the message digest of the original electronic mail message.
4). The message endpoint client end (15) then generates a new message digest from the received email message using a homogenous hash function algorithm.
5. Finally, the message end client end (15) confirms that these two message digests match.

According to the above, it can be seen that there are many advantages in the present invention, which are as follows.

1. A given recipient can not send a notification requesting mail content and avoid receiving an email message that he does not want to receive.
2. The recipient does not need to open a notification of posting intention and checks the basic message from the list format. Other messages in notification of posting intention have the ability to eliminate traps embedded in e-mail messages by system automatic processing.
3. The e-mail message is obtained by a host computer that authenticates and specifies a unique domain name registered with an authoritative mechanism. Thus, if necessary, the source of the email message can be identified and tracked.
4). At any time, a new public key private key can be regenerated and the old public key private key pair becomes invalid before the criminal decrypts it.
5. When a new public key / private key pair is created, the system automatically updates the correlated changes. The new public key / private key pair becomes effective immediately and does not cause confusion that the process is incomplete using the old public key / private key pair.
6). The user's first public key is proved by the user's password by the host computer that manages the user's account.
7). The new public key employs a public key cryptography method, and authenticates and proves the identity of the old public key owner.
8). Managing the user's account host computer is to provide the public key of the account holder to the most prestigious public body.
9. Responsible for providing a public key unit to a public host computer can specify a unique domain name registered with an authoritative organization and track it if necessary.
10. There is no need to exchange or save another person's public key, and a new public key can be generated at any time.
11. The latest public key of another person can be obtained from a host computer to which an individual can easily connect.
12 The public key of each user is stored by the host computer of the user's own and management user's account.
13. The host computer that provides the service need only store the user's account public key.
14 It is impractical or impossible to store a large number of public keys and perform the operation by a small number of centralized host computers and is distributed to a plurality of host computers.
15. There is no need to store, provide, issue or certify public keys with the participation of third parties.
16. After the initial setting, the sender does not need to consider the problem of the secure key, and can simply select “signature” and “seal” of the e-mail message from the viewpoint of application.

FIG. 2 is an application in the embodiment of FIG. 1 that performs compatible communications. The management method of the public key / private key pair includes initial generation, re-generation, storage, update, provision, acquisition, and public key certification, and is completely the same as the description in FIG.

For example, when performing compatible communication such as voice conference on the Internet, the process is as follows.

1. When the message endpoint client end (15) is connected to the Internet, the recipient uses the message endpoint client end (15) to establish a connection to the message endpoint server (14), and the information flow (25) The IP address of the message end point client end (15) is reported to the message end point server (14), and it is used as an index of the online state regardless of whether it is fixed or floating. Before going offline, the message endpoint client end (15) must report on-line to the message endpoint server (14).
2. When a sender establishes a compatible communication with a given recipient over the Internet, the sender uses the message source client end (11) to generate a request for communication with the other party, which is the message source client. An electronic message containing the end (11) IP address requests a predetermined recipient to establish a compatible communication.
3. The message source client end (11) transmits to the communication request message source server (12) by the information flow (21). Thereafter, the message source client end (11) is continuously connected to the Internet and waits for a response.
4). When the communication request is received, the message source server (12) generates a notification of the communication intention, which is the name of the sender, the sender's email address, the identification code of the communication request, the message source client end (11). An electronic message such as an IP address, a registered domain name of the message source server (12), a public key unit, and a sender's public key unit.
5. As described in the explanation of FIG. 1, the message source server (12) sends the notification of the communication intention to the message end point server of the predetermined recipient in the same manner as the notification of the posting intention is transmitted. (14).
6). When the notification of the communication intention is received, the message end point server (14) does not subscribe the notification of the communication intention to the recipient's electronic mailbox, but the message source server (12) by the registered domain name of the message source server (12). Build a connection to
7). The message end point server (14) and the message source server (12) authenticate each other's identity and update the other party's public key unit as described in the description of FIG.
8). When the message end client end (15) of a predetermined recipient is online, the message end point server (14) transmits an online notification to the message source server (12) by the information flow (31), and notification of the online state. Is an electronic message containing the recipient's public key unit, which is encoded with the private key of the message endpoint server (14). If the message destination client end (15) of a given recipient is not online, or if an online report or offline report has not been received, the message end server (14) sends an offline notification through the information flow (31). The message is transmitted to the message source server (12). An offline notification is an electronic message that informs you that you are not connected to a given recipient.
9. When receiving an online notification or an offline notification, the message source server (12) establishes a connection to the message source client end (11) by the IP address of the message source client end (11), and the message source The server (12) encodes its own public key unit with its own private key, and provides the encoded public key unit to the message source client end (11). As described in FIG. 1, the message source client end The message source client end (11) can authenticate the identity of this message source server (12) so that (11) establishes a connection to the message source server (12).
10. When the message source server (12) receives an online notification from the message end server (14), it encrypts the encoded recipient's public key unit with the public key of the message end server (14), and And the recipient's public key unit is encoded with the private key of the message source server (12). The information flow (22) then provides an online notification to the message source client end (11), which includes the newly encoded recipient effect key unit. When the message source server (12) receives an offline notification from the message end point server (14), it transmits the offline notification to the message source client end (11).
11. When the message source server (12) receives the online notification, the message source client end (11) encrypts the recipient's public key unit with the public key of the message source server (12), and the recipient's public key. Acquire units and wait for a response. When receiving an offline notification from the message source server (12), the message source client end (11) issues a clear warning whether it is visible or audible and allows the recipient to select a choice. The reason for leaving a voice or character electronic message is “call later”, as described in the description of FIG.
12 On the other hand, after sending the online status notification to the message source server (12), the message end point server (14) establishes a connection to the message end point client end (15) by the IP address of the message end point client end (15). Thereafter, a notification of communication intention is transmitted to the message end client end (15) by the information flow (26).
13. When receiving a communication intent notification, the message end client end (15) issues a clear warning whether it is visible or audible and allows the recipient to select a choice. Build compatible communications. "Recall later", "Reply call", "Record message" or "Remove my name from your call list". Or simply, the notification of the communication intention is ignored.
14 If the recipient chooses to build a compatible communication, the recipient generates an authentication message by the message endpoint client end (15), and the authentication message is received by a series of data codes, eg, the recipient's private key The name of the person is encoded. The message end client end (15) establishes a connection to the message source client end (11) by the IP address of the message source client end (11), and the recipient's e-mail address and authentication by the information flow (29) Provide the message to the message source client end (11).
15. When the message source client terminal (11) has received the authentication message, if the receiver's public key has already been received, the authentication message is encrypted with the receiver's public key, the identity of the receiver is authenticated, and then the electronic Generate a message, for example, “Compatible communication is prepared on the display of the message source client end (11)”, and then the information flow (29 and 30) allows the sender and receiver to communicate their communication. Can start.
16. When the message source client end (11) receives the authentication message, if the receiver's public key is not received, an electronic message, for example, “waiting for authentication” is sent to the message end point client end (15) and received. Wait until the user's public key is received, and then execute step 15.
17. If the recipient responds to the sender's message and chooses not to establish a compatible communication, the message endpoint client end (15) is similar to sending a message and establishing a compatible communication, but with some differences. There is. (A) A message encoded by the message end client end (15), for example, “call later”, “respond”, or the like is transmitted to the message source client end (11). (B) The message source client end (11) presents this message immediately and is not “ready for compatible communication”. (C) After the message is transmitted, the connection between the message source client end (15) and the message source client end (11) is stopped.

Since the message source client end (11) and the message end point client end (15) have the other party's public key, the sending side uses the receiving side public key to encode the electronic compatibility message, and the receiving side is the receiving side's public key. Encrypt the encoded electronic compatibility message using the private key. That is, compatible communication can maintain confidentiality.

According to the above, the compatibility communication of the present invention has many advantages, mainly as follows.

1. It is not necessary for the sender and the receiver to employ the same service provider by constructing compatible communication using the e-mail address.
2. Voice messages typically occupy a large amount of data, are not left in the recipient's email mailbox, are stored on the sender's message source server (12), and allow a given recipient to decide whether to listen to this message. .
3. Identify unwanted voice message sources.

FIG. 3 illustrates the special situation of FIG. 1, where the message source and destination server (326) is a single host computer that performs the functions of the sender's message source server and the receiver's message endpoint server, e-mail Transmit the message. In this situation, the execution process is the same as that described in FIG. 1, except that the process between the message source server and the destination source server is processed internally or omitted as an exception situation. it can. The message source server and the destination source server do not need to authenticate the other party's identity. Both the sender and the receiver can easily acquire the other party's public key unit by the message source / end point server (326).

FIG. 4 illustrates the special situation in FIG. 2, where the message source and endpoint server (326) is a single host computer that performs the functions of the sender's message source server and the receiver's message endpoint server, Build compatible communications. In this situation, the execution process is the same as described in FIG. 2, except that the process between the message source server and the destination source server is processed internally or omitted as an exception situation. it can. The message source server and the destination source server do not need to authenticate the other party's identity, and transmission of notification of communication intention, online notification, offline notification, etc. is fast. Both the sender and the receiver can easily acquire the other party's public key unit by the message source / end point server (326).

FIG. 5 illustrates one embodiment of the secure key management of the present invention. The general message server (512) is a host computer that performs the functions of the sender's message source server and the receiver's message end server, immediately responds automatically to the received electronic message, and sends an externally sent electronic message. Can do. The total message client end (511) is a computer or a communication device, and the user communicates with the total message server (512). The total message client end (511) performs the functions of the message source client end and the message end client end.

The management method of the public key / private key pair includes initial generation, re-generation, storage, update, provision, acquisition, and public key certification, and is completely the same as the description in FIG.

First, when the user uses the general message client end (511) to establish a new account on the general message server (512), the general message server (512) uses its private key to set its public key unit. Encode and provide the encoded public key unit to the general message client end (511) by the information flow (522). The total message server (512) also provides a mechanism to cause the total message client end (511) to download the public key unit of the total message server (512). The general message client end (511) encrypts the encoded public key unit with the downloaded public key unit, and the acquired public key unit compares the downloaded public key unit to prove the received public key unit. Used. The general message client end (511) encodes the user's account password and the user's public key unit with the public key unit of the general message server (512), and encodes the account password with the information flow (521). And the public key unit is reported to the general message server (512). The general message server (512) encrypts the encoded account password and public key unit with the secret key of the general message server (512), examines the received account password, and proves the received public key unit. As a result, the user and the general message server (512) have the other party's public key units.

At any time, when necessary, both the user and the general message server (512) can generate a new public key / private key pair.

When the user registers the total message client end (511) in the total message server (512), the total message client end (511) is added to the last received total message server (512) by the information flow (521). Key generation time is provided to the general message server (512). The general message server (512) identifies its own secret key corresponding to the received key generation time, encodes its latest public key unit with the identified secret key, and encodes it according to the information flow (522). The obtained public key unit is provided to the general message client end (511). The general message client end (511) encrypts the encoded public key unit with the public key of the last received general message server (512), authenticates the identity of the general message server (512), and updates the latest general message server. The public key unit of (512) is acquired.

When the user uses the general message client end (511) to generate a new public key private key pair, the total message client end (511) establishes a connection to the total message server (512), and finally The new public key unit is encoded by the user's private key, and the encoded new public key unit is reported to the general message server (512) by the information flow (521). The general message server (512) encrypts the encoded new public key unit with the user's last public key, authenticates the identity of the user, and obtains the user's new public key unit.

As a result, both the user and the general message server (512) can save the latest version of the other party's public key unit, execute secure communication, authenticate the identity, and prove the message content.

FIG. 5 shows an application example of financial transfer via the Internet. In addition to the management of the public key / private key pair described above, the following steps are further included.

1. The user specifically designates the transfer request, and the transfer request includes, for example, an electronic message such as account identification, transfer amount, payee, date and time.
2. The general message client end (511) uses a hash function calculation method to generate a message digest from the transfer request.
3. The general message client end (511) uses a public key encryption calculation method, encodes the message digest with the user's private key, and uses it as the user's electronic signature. The user's electronic signature is added during the transfer request. For the sake of brevity, the real name “transfer request to sign” indicates that the original transfer request adds the electronic signature of the user.
4). Thereafter, the general message client end (511) randomly selects a secret key encryption session key, uses the secret key encryption calculation method, and encodes the transfer request to be signed by the selected session key. The name “transfer request for encoding signature” represents an encoded transfer request.
5. The general message client end (511) encodes the session key with the public key of the general message server (512) using a public key encryption calculation method. The transfer request for the encoding signature and the encoded session key become an electronic message to be transmitted.
6). The general message client end (511) transmits the electronic message to be transmitted to the general message server (512) by the information flow (521).
7). When receiving the electronic message, the general message server (512) encrypts the encoded session key with the secret key of the general message server (512), and acquires the session key.
8). The general message server (512) encrypts the transfer request for encoding signature with the session key, and acquires the transfer request in a readable format and the electronic signature of the user.
9. The general message server (512) encrypts the electronic signature of the user with the public key of the user, authenticates the identity of the user, and obtains a message digest of the original transfer request.
10. The general message server (512) generates a new message digest from the received transfer request.
11. Finally, the general message server (512) verifies that the two message digests are completely homologous and proves the transfer request.

As described above, the present invention has the following advantages regarding online services such as an online bank.

1. The transfer requires the account holder's private key process, and the bank does not have a private key. Even if all bank account messages are compromised by hackers or viewed by unscrupulous persons, stolen account messages cannot transfer funds out of a bank account.
2. With the transfer record, the bank can store the transfer request signed by the user and prove the identity of the user and the content of the transfer request.
3. Any confidential account message can be encoded in the transfer request statement, protected for transmission over the Internet, and not stolen.
4). From time to time, banks and account holders can regenerate their public key private key pair, and the old public key private key pair becomes invalid before the criminal decrypts it.

Another application example in FIG. 5 is that the management of the public key / private key pair that can be permitted to use the computer system on the electronic message system is not described above, and further steps of this application are as follows.

1. First, a computer software seller uses a hash function calculation method to calculate a message digest of a computer software (hereinafter referred to as a product digest) and a message digest of a software license agreement (hereinafter referred to as a seller's license digest). To generate).
2. The user uses the general message client end (511) to establish a connection to the merchant's general message server (512).
3. The general message server (512) provides the software license agreement to the general message client end (511) through the information flow (522).
4). After viewing the software license agreement and agreeing to the contents, the user only has to click the “Agree and Sign” button on the display of the general message client terminal (511). The general message client end (511) generates a message digest of the software license agreement (hereinafter referred to as the user's license digest) using a hash function calculation method that is homologous to the seller, and uses the user's private key. The user's license digest is encoded into the user's electronic signature. Thereafter, the general message client end (511) provides the user's electronic signature to the general message server (512) through the information flow (521).
5. When the user's electronic signature is received, the general message server 512 encrypts the user's electronic signature with the user's public key, authenticates the user's identity, and obtains the user's license digest. The general message server (512) confirms that the license digest of the user and the license digest of the seller match completely, records the public key unit of the user correlated with the electronic signature of the user, To do.
6). The general message server (512) encodes the product digest using the user's public key, and provides the encoded product digest to the general message client end (511) using the information flow (522). The encoded product digest is The license key. The general message server (512) records the user's public key unit that correlates with the license key for use as a follow-up purpose.
7). With the proper design of the computer software, three main characteristics of the license key can be used. (A) Only a person with a unique secret key can encrypt the license key (using computer software). (B) The license key after encryption, that is, the product digest, can prove specific computer software (only specific computer software is allowed). (C) The product digest confirms whether the computer software has been tampered with (by a virus or a hacker). Since how to design a computer software and use a license key is beyond the scope of the present invention, the present invention only pays attention to this method of generating a license key.

According to the above, the present invention has many advantages, and it is possible to generate a license key, authenticate the identity of the user, and prove the contents of the computer software. The advantages are as follows.

1. The merchant allows the computer software to be freely sprayed, for example, reducing the burden on the merchant's computer operation between the dealer and the user. However, in an electronic message system, a license is controlled by issuing a license key, and the license key occupies a minute amount of data.
2. In case of infringement of copyright, the computer software is distributed along with the private key, the license key is encrypted, the registered recipient of the license key can follow, and the registered recipient is the only person who has the private key. This is because the seller does not know the secret key.

FIG. 6 shows another embodiment of the secure key management according to the present invention, in which a third party server is negotiated. For example, a buyer pays to an electronic store using an electronic account check. A general message server (512) is a host computer and provides an electronic billing service. A service message server (614) is a host computer and provides electronic shopping services to the public. The general message client terminal (511) communicates with the general message server (512) by a user through a computer or a communication device, and the user has an account on the general message server (512). The user communicates with the service message server (614) through the general message client terminal (511) to purchase the product.

The management method of the public key / private key pair includes initial generation, re-generation, storage, update, provision, acquisition, and public key certification, and is completely the same as the description in FIG. More specifically, the management of the public key / private key pair between the general message client end (511) and the general message server (512) is similar to the description of FIG. The management of the public key / private key pair between the general message server (512) and the service message server (614) is similar to the situation at the time of connection between the message source server and the message end server, and is described in the description of FIG. The same.

Further typical steps during this application are as follows.

1. When each user uses the general message client terminal (511) and registers with the general message server (512), the general message server (512) manages the electronic account current of the user, and the general message server (512) In addition to providing the public message unit of the general message server (512) to the general message client end (511) by the information flow (522), as described in the description of FIG. 5, the general message server (512) The registered domain name is provided to the general message client end (511) by the information flow (522).
2. When the user uses the general message client terminal (511) to establish a connection to the service message server (614), the service message server (614) provides the electronic shopping service to the public, and the service message server (614). Provides its public key unit to the general message client end (511) through the information flow (633).
3. The user can specify the order specifically, and the order is an electronic message including items, payment amount, registered domain name of the general message server (512), identification of the user's account, and the like.
4). The general message client end (511) uses a hash function calculation method to generate a message digest from the order, and then encodes the message digest with the user's private key using a public key encryption calculation method. Digital signature. The user's electronic signature is added to the order. The real name “order to sign” represents an original order and an electronic signature to be added.
5. The general message client end (511) randomly selects a secret key encryption session key, and encodes the signed order with the selected session key using a secret key encryption calculation method. The name “order of the encoded signature” represents the order of the encoded signature.
6). The general message client end (511) encodes the session key with the public key of the service message server (614) using the public key cryptography calculation method. The order of the encoded signature and the encoded session key become an electronic message to be transmitted.
7). The general message client end (511) transmits the electronic message to the service message server (614) by the information flow (634).
8). When the general message client end (511) receives the electronic message, the service message server (614) encrypts the encoded session key with the secret key of the service message server (614) and acquires the session key.
9. The service message server (614) encrypts the encoded and signed order with the session key, and obtains the order in a readable format and the electronic signature of the user.
10. The service message server (614) uses the registered domain name of the general message server (512) to establish a connection to the general message server (512). The service message server (614) and the general message server (512) authenticate the other party's identity and update the other party's public key unit, which is the same as the message source server and message end point server. The same.
11. The service message server (614) is used to provide the user's current account identification through the information flow (631) and to request the user's public key.
12 The general message server (512) identifies the user's public key based on the user's current account identification, encodes the user's public key unit with the private key of the general message server (512), and The information flow (632) provides the encoded user public key unit to the service message server (614).
13. The service message server (614) encrypts the encoded public key unit of the user with the public key of the general message server (512), and acquires the public key unit of the user.
14 The service message server (614) encrypts the user's electronic signature with the user's public key, authenticates the user's identity, and obtains a message digest of the original order.
15. The service message server (614) newly generates a message digest from the received order.
16. Finally, the service message server (614) determines whether the two message digests are completely homologous and proves the order.

  According to the above, the present invention has many advantages, as follows.

1. From the viewpoint of the online shop, the user's private key is used to authenticate the identity of the user (buyer), the order is proved, and the private key is known only to the user. Therefore, if the impersonator knows the account identification, for example, the credit card number, the account balance of another person cannot be used, and the real user cannot reject the order after the fact.
2. From the user's point of view, after the credit card owner provides the card number, there is no need to worry about unjust sellers charging unfairly, the payment must be proved not only by the private key, but also by the secret Only the user knows the key, and after the user's transaction is completed, a new public key private key pair can be newly generated and the old public key private key pair can be revoked.
3. The current service provider is managed by the most prestigious organization, which provides the public with the account holder's public key.
4). The current service provider is responsible for providing the user's public key to the public and tracks based on the unique domain name, which is registered with the authority's authoritative organization.

The present invention provides a system and method for transmitting email messages and improving cryptographic security key management in a required transmission manner. Although there are many explanations in the above description, the limitation of the scope of the present invention cannot be estimated, it is merely an example of implementation, and there are many other possible variations. For example, if provided with sufficient computer state capability, the present invention can perform multi-party video conferencing and encodes an electronic compatibility message that includes text, pattern, voice, and Only individual recipients can encrypt the encoded electronic compatibility message with their respective private keys.

In the present invention, preferred embodiments have been disclosed as described above. However, the present invention is not limited to the present invention, and any person who is familiar with the technology can use various methods within the spirit and scope of the present invention. Variations and moist colors can be added, so the protection scope of the present invention is based on what is specified in the claims.

It is explanatory drawing explaining transmission of an e-mail message by the safe electronic message system which transmits if there exists a request | requirement of this invention. FIG. 4 is an illustration showing compatibility communication in a secure electronic message system that transmits if required by the present invention. FIG. 5 is an explanatory diagram showing that a message source server and a message end point server transmit an electronic message on a single host computer in a secure electronic message system that transmits a request according to an embodiment of the present invention. FIG. 3 is an explanatory diagram showing that a message source server and a message end point server perform compatible communication on a single host computer in a secure electronic message system that transmits a request according to an embodiment of the present invention. FIG. 4 is an explanatory diagram showing management of a safety key in a secure electronic message system that transmits a request according to an embodiment of the present invention. FIG. 5 is an explanatory diagram showing that a secure electronic message system that transmits if there is a request according to an embodiment of the present invention is involved in secure key management of a third party server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 ... Message source client end 12 ... Message source server 14 ... Message end point server 15 ... Message end point client end 21, 22, 23, 25, 26, 27, 28, 31, 32, 33, 34,
521, 522, 631, 632, 633, 634... Information flow 326... Message source / end point server 511... General message client end 512.

Claims (30)

A method of transmitting an email message from a sender to a receiver,
The sender transmits a notification intended for posting including basic information of an email message to the receiver;
When the receiving side decides to receive, the receiving side responds to the notification of posting intention, and sends a notification requesting mail content to the transmitting side;
The sending side responds to the receiving side with a notification requesting the mail content by the electronic mail message;
A method characterized by comprising: The method of claim 1, wherein the e-mail message may not be received if the recipient does not send a notification requesting the mail content. The method of claim 1, wherein the sender is identified as the source of an email message. Furthermore,
When receiving the notice of posting intention, the receiving side provides a public key of public key cryptography to the transmitting side;
When sending a notification requesting the contents of the mail, the receiving side provides a series of data codes, and the data code is encoded with a secret key opposite to the public key, and provides authentication information to the transmitting side. And a process of
When the authentication information is received, the transmitting side encrypts the authentication information with a public key provided from the receiving side and a public key that can be selected from a group of sources that the transmitting side can trust. When,
If the authentication information is successfully encrypted, the sender processes the email message and replies to a notification requesting the email content;
The method of claim 1, comprising: 5. The method of claim 4, wherein the sender does not respond to the party with an email message unless the party provides the sender with authentication information for successful encryption. A method for managing a public key private key pair for public key cryptography,
Assigning a unique name to a host computer, the computer host managing a user account, registering the name with an authoritative organization, and establishing a connection to the host computer over the Internet; ,
The host computer authenticating the user's public key with the user's account password;
The host computer providing the public key of the user to the public;
A method characterized by comprising: 7. The method of claim 6, wherein the host computer manages the user's account as authoritative and provides the public key to a public party. The method of claim 6, wherein the public key is certified by the host computer, the host computer is authoritative and provides the public key to a public party. The method of claim 6, wherein the host computer responsible for providing a public key to the public is tracked as needed. 7. The method of claim 6, wherein maintaining a vast public key is a task that is impractical or impossible with a small number of centralized host computers and is distributed across multiple host computers. . The method of claim 6, wherein the host computer maintains only the public key of the user's account among all the public keys. 7. The method of claim 6, wherein there is no need to hold another person's public key. 7. The method according to claim 6, wherein the public key can be obtained by a host computer that can be connected at any time. Furthermore,
The host computer encoding the public key of the user with the secret key of the host computer;
The requester obtains the public key of the user and connects to the host computer or obtains the public key of the host computer from an authoritative organization registered by the host computer;
The requester encrypts the encoded public key of the user with the public key of the host computer;
The method of claim 6, comprising: 15. The method of claim 14, wherein the requester verifies that the user's public key is legal by authenticating the identity of the host computer. Furthermore,
Each time the user first or newly generates a public key private key pair, the public key private key pair has a public key and a public key for public key encryption, and records the key generation time; ,
Each time the user's public key private key pair is generated, the user presents a public key unit including a key generation time correlated with the user's public key to the host computer;
When a new public key unit is presented, the host computer verifies the public key of the new user;
The host computer provides the public with the user's last updated public key unit;
The host computer notifying the user that the public key unit of the user has been provided to the requester;
The method of claim 6, comprising: The presentation part is
Encoding the public key unit including a key generation time correlated with the public key with the user's last secret key;
Providing the encoded public key unit to the host computer;
The method of claim 16, comprising: The proof part is
17. The method of claim 16, comprising encrypting an encoded public key unit presented by a user with the user's last public key. The notification part is
The method of claim 16, including the step of providing the user with a key generation time that correlates to a public key unit provided to the requester. When necessary, the user can regenerate a new public key private key pair, and the old public key private key pair is revoked before the old public key private key pair is revoked and the unscrupulous person decrypts it. The method of claim 16, wherein: The method of claim 16, wherein an incomplete step is initiated prior to regenerating a public key private key pair so that the user can identify a suitable private key. Furthermore,
The host computer providing the user with the unique host computer name;
Providing the third host computer with the unique host computer name and account identification;
The third host computer establishes a connection to the host computer;
The third host computer obtains a public key of the user correlated with the account identification from the host computer;
The method of claim 6, comprising: The method of claim 22, wherein the third host computer can obtain the individual's public key from a host computer that manages one person's account. Furthermore,
Requesting the user to encode the information with the user's private key before transmitting the information to the host computer;
The host computer encrypts the encoded information with the public key of the user;
The method of claim 6, comprising: The method according to claim 24, wherein the host computer authenticates the identity of the user and checks whether the information has been tampered with. Furthermore,
Requesting the user to encode the information with the last updated secret key of the user before transmitting the information to the host computer;
The host computer encrypts the encoded information with the public key last updated by the user;
The method of claim 16, comprising: The public key / private key pair of the user is newly generated when necessary, and the host computer authenticates the identity of the user and confirms whether the information has been tampered with. The method described. Furthermore,
The host computer encoding the information with the public key of the user;
The host computer providing the encoded information to the user;
Encrypting the encoded information with the user's private key before the user performs further actions, and allowing further actions to be performed only by the user; ,
The method of claim 6, comprising: 29. The method of claim 28, wherein the further action is performed only by the user. 29. The method of claim 28, wherein the user is tracked if the further action is not performed by an authorized person.