WO2007121660A1 - Procédé et système de courrier électronique basés sur l'authentification sécurisée de clés publiques combinées - Google Patents

Procédé et système de courrier électronique basés sur l'authentification sécurisée de clés publiques combinées Download PDF

Info

Publication number
WO2007121660A1
WO2007121660A1 PCT/CN2007/001129 CN2007001129W WO2007121660A1 WO 2007121660 A1 WO2007121660 A1 WO 2007121660A1 CN 2007001129 W CN2007001129 W CN 2007001129W WO 2007121660 A1 WO2007121660 A1 WO 2007121660A1
Authority
WO
WIPO (PCT)
Prior art keywords
email
cpk
certificate
key
module
Prior art date
Application number
PCT/CN2007/001129
Other languages
English (en)
Chinese (zh)
Inventor
Xianghao Nan
Wenjia Guo
Original Assignee
Beijing E-Henxen Authentication Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing E-Henxen Authentication Technologies Co., Ltd. filed Critical Beijing E-Henxen Authentication Technologies Co., Ltd.
Publication of WO2007121660A1 publication Critical patent/WO2007121660A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • the invention relates to the field of digital communication security authentication, in particular to a combined public key algorithm
  • the existing security authentication methods for email systems mainly adopt passive security authentication protection methods, such as third-party Public Key Infrastructure (PKI) and identity-based key exchange algorithm (Identity-Based Encryption). , IBE).
  • PKI Public Key Infrastructure
  • IBE identity-based key exchange algorithm
  • the PKI algorithm is currently the most widely used encryption algorithm, an important part of the information security infrastructure, and a universally applicable network security infrastructure.
  • PKI is a concept put forward by American scholars in the 1980s. In fact, the construction of authorized management infrastructure, trusted time stamp service system, security and confidentiality management system, and unified security e-government platform are inseparable from its construction. stand by.
  • the encryption key and the decryption key are different, and the person who sends the information uses the recipient's public key to send the encrypted information, and the receiver then uses his own private key to decrypt. This approach not only ensures the confidentiality of the information, but also ensures that the information is non-repudiation.
  • public key systems are widely used for CA certification, digital Areas such as signing and key exchange.
  • the Digital Certificate Authority CA, the Registmition Authority (RA), and the Key Manager (KM) are key components of the PKI.
  • the passive security authentication method of the e-mail system needs to maintain a database with a large amount of data, occupy a large amount of storage space, is not efficient in operation, and has a slow processing speed and cannot adapt to a public network (such as the Internet).
  • Security is passive protection from passive protection to proactive protection, and the need to build trusted systems within a very large public network such as e-mail systems is not possible.
  • each entity also has an identifier.
  • This identifier can be any meaningful string.
  • the identity of the entity itself is the public key of the entity.
  • an email address, name, title, time, etc., or even a combination thereof can be used as the identity and public key of the entity.
  • This system greatly facilitates the management of public passwords. For example, if the sender wants to send an email to mike@network.com, he can directly use the email address as the recipient's public key for encryption. Even one party can send a message while specifying that the recipient can only decrypt at a specific time.
  • IBE can only implement key exchange, cannot achieve digital signature, and cannot meet the requirements of the authentication system. Summary of the invention
  • the present invention is directed to a CPK-based email security authentication system and method that overcomes the above-discussed deficiencies. It makes email systems more secure, efficient and more economical.
  • a CPK-based email security authentication system provided for the purpose of the present invention includes an ID certificate module and a protocol module;
  • An ID certificate module for providing an encryption, authentication, signature, and CPK private key for transmitting an email when transmitting an email
  • the protocol module is used for encrypting, decrypting, authenticating, verifying, signing and verifying the validity of the email by using the identifier provided by the ID certificate module and the CPK private key during the email transmission process.
  • the ID certificate module is a physical storage body.
  • the physical storage body is any non-volatile memory of ROM, EEPROM or FLASH memory.
  • the ID certificate module includes a certificate body and an extension body
  • the certificate body is a constant part of the certificate, and records an attribute of the email;
  • the extension is the content of the certificate.
  • the contents of the certificate are an identification domain, a security domain, a level, a role, and corresponding private keys and parameters.
  • the protocol module includes a signature protocol module, a key exchange protocol module, and an ID certificate verification protocol module.
  • the protocol module further includes one or more combinations of a data hierarchical encryption protocol module, a password verification and replacement protocol module, and a running format protocol module.
  • the invention also provides a CPK-based email security authentication method, comprising the following steps: Step A) The ID certificate module provides an identifier and a private key for encrypting, authenticating, and signing an email; Step B) Protocol module is in the email Use the identifier provided by the ID certificate module during transmission and
  • the CPK private key encrypts and decrypts emails, authenticates and authenticates, signs and verifies signature legitimacy.
  • the step A) comprises the following steps:
  • the CA Certificate Center generates key data, manages the identity and key, and encapsulates the data into the ID certificate module.
  • the step B) includes the following steps - step B1) the mail client receives an email from the mail server;
  • Step B2 The CPK security email expands the format and adds the CPK flag.
  • the mail client determines that the email is a CPK security email according to the CPK flag;
  • Step B3 through the private key pair E-mail decryption, access control of encrypted data according to security domain and security level;
  • Step B4) Verify that the email signature is correct by the signature public key attached to the email.
  • the format is S/MIME format.
  • the private key is USBkey.
  • the CPK security authentication-based e-mail system and method of the present invention adopts a system in which key generation is generated and distributed, and the technology for identifying the self-certification is used, and the third-party certification is no longer needed, and the disclosure is required. It is not the related information of a single user, but the public information security authentication parameter of the user. The amount of information is greatly reduced, and the support of the database is no longer needed. Therefore, the storage space is not occupied, the operation efficiency is improved, and the processing speed is also greatly increased.
  • the mail system proactively protects the ability to build trusted systems within a very large public network such as an email system.
  • 1 is a schematic structural diagram of a CPK security authentication email system according to the present invention
  • 2 is a schematic diagram of an application for issuing and issuing an ID certificate according to the present invention
  • FIG. 3 is a schematic diagram of a process of a CPK-based email security authentication method according to the present invention. Detailed ways
  • the Combined Public Key (CPK) security authentication algorithm is a discrete logarithm problem type identity-based key generation and management system. According to the mathematical principle of the discrete logarithm problem, it constructs the encryption and decryption algorithm in the security authentication algorithm, generates the public key and the private key matrix, and uses the hash function (HASH) and cryptographic transformation to map the identity of the entity to the row and column coordinates of the matrix. Sequences, and select and combine matrix elements to generate a large number of public and private key pairs consisting of public and private keys, thus achieving super-large-scale key generation and distribution based on identification.
  • HASH hash function
  • the CPK key algorithm utilizes discrete logarithm and elliptic curve cryptography to construct public and private key pairs.
  • the mapping algorithm binds the public and private key variables with the user ID to solve the identity-based key management.
  • CPK key management uses a centralized set of keys to generate a centralized mode for centralized distribution. It has controllable and manageable advantages, which facilitates the construction of a top-down network trust system.
  • CPK's key management adopts a key-distributed storage and static call operation mode, so that third-party and non-priority authentication can be realized.
  • the CPK-based e-mail security authentication system of the present invention is a system for providing credibility proofs for e-mail on a very large public network.
  • the present embodiment describes the electronic mail security authentication system of the present invention in particular by taking the Internet as an example.
  • the present invention is equally applicable to any network system capable of transmitting and receiving electronic mail other than the above-mentioned network. '
  • Internet e-mail systems include access to Internet access networks, e-mail system application software units, databases, server devices, storage backups, clusters, secure encryption units, and more.
  • the email system software unit includes the SMTP (SimplE-mail Transfer Protocol) protocol, which is a protocol for receiving and sending emails.
  • the POP (Post Office Protocol) protocol is a protocol for receiving emails. It is a client/server. The protocol, in which the email is received and saved by the server, is checked by the customer email receiving program and the email is downloaded.
  • the CPK-based email security authentication system of the present invention comprises an ID certificate module and a protocol module.
  • An ID certificate module for providing an identifier, a private key for encrypting, authenticating, and signing an email when transmitting an email;
  • the protocol module is used for encrypting, decrypting, authenticating and verifying, signing and verifying the validity of the email by using the identifier and private key provided by the ID certificate module during the email transmission.
  • Trusted logic and past belief logic include subject, object, content, and behavior, but there are many different places in the two. Believing that logic is under the premise of the subject's credibility, reasoning proves the authenticity of the object; Logic proves the authenticity of subject, object, content, and behavior with "conditional satisfaction"; the goal of the trusted logic SOB of the email system of the present invention is to provide subject trust for the entire email system. Proof of Object Trust, Contents Trust, and Behavior Trust.
  • Subject credibility The subject is the entity that acts on the object.
  • the identity is the name of the entity.
  • the subject authentication must satisfy the requirements of Regislation (Re), Integration (Int), and Read Read (MR).
  • Re Regislation
  • Int Integration
  • MR Read Read
  • verification and verification are not performed directly between the registrant and the registered party.
  • both A and B are registered in C, and mutual authentication between A and B is indirect.
  • This verification and verified relationship is called first-level reasoning proof, and the first-level reasoning trust relationship is obtained.
  • the certificate chain of the multi-layer structure along with the layer As the number increases, the relationship of trust also degenerates. Different from the PKI system, the trust chain of the CPK system guarantees the first-level reasoning relationship, and the trust does not degenerate.
  • MR Message Readable
  • the object is the object of the subject.
  • the proof of the authenticity of the object 0 satisfies at least the integrity (Integrity:), the nonce, the responsibility for the data (done-by), under the condition of applying the mode p and the discrimination state ⁇ , the constituent function -
  • Integrity Proof that the data has not been altered.
  • Sub-sex Provide proof of freshness (not valid in the past), which is a logical way to prevent replay attacks and implement "on-the-spot verification.”
  • Content credibility Content refers to the seal in the official seal and the seal in the bill.
  • the seal is generally in the form of data, but it is not ordinary data.
  • the seal itself has the logo, so it is the subject, and it needs to prove its authenticity.
  • Content is another type of entity contained in the object.
  • the authenticity of the content can be in the form of a third-party certification (PKI) and the way in which it proves itself (IBE/CPK) o
  • Behavior identifies the assessment of current behavioral assessments and historical records.
  • the current behavioral assessment includes the level of the chain of trust, the implementation of the agreement, the location of the event, the event, etc.
  • the assessment of historical behavior is a statistical assessment.
  • the current row For the authentication function is:
  • the pre-behavior trace of behavior ⁇ is ⁇ 1 ⁇ 2 ⁇ 3... ⁇ .
  • the historical behavior discriminant function is:
  • This function will provide authentication statistics for behavioral supervision.
  • the ID certificate module provides an identifier and a private key for encrypting, authenticating, and signing the email; the ID certificate module is a core component of the email security authentication system of the present invention, and the terminal entity in the CPK secure network implements encryption by means of the ID certificate. , certification, signature and other activities.
  • the ID certificate is uniformly managed by the CA certificate center, and the certificate center includes a registration management center, which is responsible for key management and key data generation; The center is responsible for encapsulating certificate data into physical banks (chips). The most important parameters of the ID certificate are the user's identity and the user's private key.
  • the user ID ie the user ID, is the globally unique logical representation of the identity of the entity in the email.
  • Each identifier can be mapped to a unique public key; the ID certificate module also includes a private key corresponding to the identifier.
  • the ID certificate module satisfies both the mandatory security policy of the private network and the autonomous security policy of the public network. In many cases, these two different security policies coexist.
  • the ID certificate module is different from the CA certificate in that it manages entities not by public key variables but by private key variables.
  • the ID certificate module consists of two parts: the certificate body, the extension body.
  • the certificate body is the constant part of the certificate and records the attributes of the entity email.
  • the extension is the content of the certificate, defining the identity domain, security domain, level, role, and corresponding private key and related parameters.
  • Key design is the key technology to achieve generalization and card.
  • This embodiment uses the ASN.1 language of the international standard to describe the format of the ID certificate, but the present invention is not limited to the certificate described in this language, and can also be implemented in other international standard languages, which is within the protection scope of the present invention.
  • the ID certificate includes the object CPKIdentity type and the CPKDomain type.
  • Email Address [1] Email Address, - Need definition number [2] INTEGER ⁇
  • the CPKIdentitfier data type is used to define the CPK ID, which is the email address (email Address) o
  • Data Type CPKDomain is used to describe a security domain in a CPK authentication system. It includes two sub-parameters, the identity of the domain and the parameters of the domain.
  • the identity of the domain is a globally unique name, which corresponds to the domain parameters, that is, the public key factor matrix. Therefore, the value of the public key factor matrix is optional ( OPTIONAL ).
  • the CPK domain parameters mainly include the domain identifier and the domain's public key factor matrix, where the public key factor matrix is optional.
  • the identifiers in the CPK authentication system are represented by the CPKIdentity type, and CPKIdentity has different representations in different application systems.
  • the system maps data in text form to consistent binary data based on the type of CPKIdentity. It is then mapped to a public key by the CPK mapping algorithm.
  • CPKIdentity uses the EmailAddress form.
  • the email address will be mapped to a consistent form.
  • Alice@example.com and ALICE@Example.com will be converted to indifferent alice@example.com because both Although there are differences in characters, they belong to the same logo.
  • the identifier can also be added to other fields according to the different policies.
  • the join time field can add an expiration date to the identifier, that is, the function of providing timed revocation for the certificate.
  • a security level field you can add multiple levels of security and support for mandatory access control for the CPK authentication system.
  • the CPK security domain is a CPK ID certificate derived from the same public-private key factor matrix and its owner. Public keys can be encrypted, decrypted, digitally signed, and verified by ID certificates.
  • the CPK security domain and its parameters are represented by the CPKDmain type, including the identity of the security domain and the public key factor matrix of the security domain (CPKDomainParameters object).
  • the ID certificate in this embodiment has a key distribution function in addition to the entity attribute. And includes The CPKCertificate object and the CPKDmomainParameters object used to define the security domain.
  • Data Type CPKCertificate is used to describe the CPK certificate.
  • the sub-parameters included are the version number of the certificate. The specific format of the different version numbers may be extended and different.
  • Domain describes the security domain to which the certificate belongs. The Identifier describes the user ID, the privateKey is the corresponding private key, and the privateKey data type CPKPrivateKeylnfo follows the PrivateKeylnfo or ProtectedPrivateKeyInfo standard in the PKCS#8 standard.
  • KeyUsage describes the purpose of the private key in the certificate, such as for signature, public key encryption, key exchange, etc., and its data type is defined by the KeyUsage type in the X.509 standard.
  • Validity describes the validity period of the certificate, which is a time range whose data type conforms to the definition of the Validity data type in the X.509 standard.
  • Extensions describe the extended format of the certificate, a feature extension for future versions of the CPK certificate, or vendor extensions to the CPK certificate based on the application, the data type of which conforms to the definition of the Extensions data type in the X.509 standard.
  • the private key information protected by encryption is defined by the relevant standards of PKCS#8.
  • mapAlgorithm Algorithmldentifier -- Not sure, use PKCS standard columnSize INTEGER,
  • INTEGER is the ASN.l standard data type, which represents an integer of arbitrary length.
  • the Parameters data type represents the parameters of the elliptic curve, as defined by [SEC1].
  • PublicMatrix is a sequence of columnSize*rowSize elliptic curve points, ECPoint is defined by [SEC1].
  • the CPK ID certificate of this embodiment is managed by the CA certificate center, including the registration center, and is responsible for generating certificate data.
  • the distribution center is responsible for writing data into the CPK chip to make an ID certificate and delivering it to the user.
  • the CPK chip may be a non-volatile memory of any one of ROM, EEPROM, and FLASH memory.
  • the ID certificate of the e-mail is implemented by USB Key, and the USB Key is embedded in the CPK dedicated chip, which is plug and play.
  • the content of the dedicated chip includes the defined identifier and corresponding private key, signature protocol, key exchange protocol, related encryption algorithm, etc., and also includes a public key matrix. All authentication functions are basically done on the chip for plug and play. Therefore, as long as the user has an ID certificate, the user can authenticate to any entity in hundreds of millions of user groups, and can also perform encrypted communication (mobile phone).
  • Step B) The protocol module encrypts, decrypts, authenticates, verifies, and verifies the validity of the email by using the identifier provided by the ID certificate module and the CPK private key during the email transmission process.
  • the email security authentication system protocol module of the present invention includes a signature protocol, a key exchange protocol, a data hierarchical encryption protocol, a password verification and replacement protocol, an ID certificate verification protocol, a running format protocol, and the like.
  • the signature algorithm of the present invention is implemented on the basis of the American Institute of Standards and Technology Digital Signature Standard (DSS). It can simulate the discrete logarithm DSS with elliptic curve, and the algorithm is exactly the same.
  • the signature protocol is based on the PKI standard protocol. According to the characteristics of the CPK algorithm, the process of adjusting the certificate of the other party in the signature verification and checking the legality of the certificate is simplified.
  • Step B211 B.
  • the email address calculates the public key of A;
  • Step B212 randomly select an integer r (multiple) in the range [l, nl], where n is the bound of the multiple of the elliptic curve.
  • Step B216 When A receives the mail, it calculates (SK A 4 )R with the inverse SK A - 1 of its private key.
  • Step B217) Since A has the same key as B, it can decrypt D key (C) X ; B22) One-to-many key exchange
  • A sends data to several users such as B, C, and D.
  • A generates a random number r
  • the level key and the role key are set in the ID certificate, and the level key is divided into top secret, confidential, secret, internal, and public; the role key is divided into senior staff, intermediate staff, ordinary staff, general customers, and users are different.
  • Authorization and role configure the corresponding key variable.
  • the secret level can only be compatible with the low level. If the authorization level is confidential, then the secret, secret, internal, public, and other keys are configured. If the role is normal. Member, then configure the general staff, general customer key.
  • Public level key variable CLASS5-KEY
  • the three-level key is defined as: RAN-KEY ten CLASSn-KEY®ROLEn-KEY ; encryption process:
  • E PK (RAN-KEY) coded-key; PK is the counterpart public key;
  • the user password is used to protect the private key variable, and its protection relationship is as follows.
  • Y1, Y2 are the password of the private key under Rl.
  • the private key variable can be multiple.
  • R1 is a random variable and is defined by the user.
  • the R1 variable is password protected: ; (given in the Z1 certificate)
  • the password Once the password is entered, it remains in the certificate password area until it exits the authentication state. It does not need to be re-entered and is in a state where various key variables are called at any time.
  • the password does not match for 5 consecutive times, and a security incident is counted, and the parameter Z2 is set to "0". Can only be restored to the CA center.
  • the Outlook client is provided with an email security service of the CPK kernel in the form of an Outlook plug-in.
  • CPK-based Outlook Secure Mail Plugin System It can be divided into two parts: hardware and software: The hardware part is the CPK security chip packaged in the form of USB Key; the software part is the Win32 dynamic link library (DLL) file developed according to COM (Component Object Model) specification, Outlook starts The DLL file is automatically loaded based on the information in the registry.
  • DLL dynamic link library
  • the USB Key stores the user's private key and public key matrix in a reliable manner.
  • the public key library can be read from inside the USB Key, or a backup can be kept on the local hard disk to speed up processing.
  • the public key corresponding to the identifier can be extracted from the public key pool according to the user identifier (ie, the recipient's email address), so that the public key certificate obtained by other encryption methods (such as PGP, S/MIME) is exempted. And the steps of authoritative authentication of public key certificates and the problems they bring.
  • the public key library in the USB Key only takes up 48KB of space. By combining, it can generate up to 10 48 public keys, which fully meets the needs of safe use.
  • the software partially obtains the public key of the other party through the CPK algorithm, intercepts the mail before sending the message, encrypts the text and attachments, or signs it with its own private key, and then Outlook sends the mail in the normal way.
  • the plugin will decrypt or authenticate the signature based on the other party's public key before reading the email.
  • the entire process is done in a way that is essentially transparent to the user.
  • the encryption/decryption and signature/authentication process is done by the plug-in and USB Key. In this process, the user must ensure that the USB Key is connected to the USB port.
  • the invention patent fully complies with various e-mail transmission protocols such as SMTP and POP3 protocols, conforms to the RPC822 and S/MIME secure e-mail standards on the e-mail format protocol, and extends its format to support the CPK-based algorithm.
  • SMTP and POP3 protocols conforms to the RPC822 and S/MIME secure e-mail standards on the e-mail format protocol, and extends its format to support the CPK-based algorithm.
  • the encryption and signature features, the added extensions are still compatible with RFC822 and S/MIME, and can be accessed normally by other standard mail clients (but cannot decrypt and verify signatures).
  • the unique feature of the present invention is that it simplifies the operation process based on the realization of all the security features of S/MIME.
  • the standard S/MIME secure email processing method is as follows:
  • Step 1) The mail client, such as Outlook, receives an email from the mail server.
  • Step 2) According to the flag in the email, it is determined that this is a secure email in S/MIME format.
  • Step 3) Locally stored user private key Decrypt email
  • Step 4) Verify that the email signature is correct by the signature public key attached to the email
  • Step 5 Verify whether the key used by the digital signature and the signer's identity are consistent by the certificate or certificate chain attached to the email.
  • Step 1 ' Same as the steps in the standard 1);
  • Step 2') CPK Secure Email extends the S/MIME format and adds the CPK flag. After the email client determines that the email is in S/MIME format, it can also determine that the email is CPK Security Electronics based on the CPK logo. mail.
  • Step 3 ' Decrypt the e-mail through the local USBKey instead of storing the local private key. This way enhances the security of the private key and allows access control of the encrypted data according to the security domain and security level design. .
  • Step 4' Same as step 4) in the standard.
  • the verification step 5 in the S/MIME standard processing flow can be omitted, and the S/MIME mail does not have to be accompanied by a large data chain. , greatly reducing the processing power of the computer, reducing the amount of data transfer. This is a unique advantage of CPK Secure Email.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur un système et un procédé de courrier électronique basés sur l'authentification sécurisée de clés publiques combinées (CPC). Le système comprend un module de certificat d'identification et un module de protocole. Le module de certificat d'identification sert, en utilisation, d'identifiant pour le cryptage, l'authentification et la signature de courriel lors de la transmission d'un courriel et pour l'obtention d'une clé privée de type CPC. Dans la procédure de transfert de courriel, le module de protocole utilise l'identification fournie par le module de certificat d'identification et la clé privée de type CPC pour crypter/décrypter, authentifier et valider et signer un courriel, et confirmer la validité de la signature. L'invention porte également sur un procédé de certification sécurisée sur la base du courriel de type CPC. La solution confère une sécurité au système de courriel, un meilleur rendement et permet de faire davantage d'économies.
PCT/CN2007/001129 2006-04-10 2007-04-09 Procédé et système de courrier électronique basés sur l'authentification sécurisée de clés publiques combinées WO2007121660A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610072748.8 2006-04-10
CN2006100727488A CN1835434B (zh) 2006-04-10 2006-04-10 一种基于cpk安全认证的电子邮件系统和方法

Publications (1)

Publication Number Publication Date
WO2007121660A1 true WO2007121660A1 (fr) 2007-11-01

Family

ID=37003053

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001129 WO2007121660A1 (fr) 2006-04-10 2007-04-09 Procédé et système de courrier électronique basés sur l'authentification sécurisée de clés publiques combinées

Country Status (2)

Country Link
CN (1) CN1835434B (fr)
WO (1) WO2007121660A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104091191A (zh) * 2014-07-09 2014-10-08 上海象形通讯科技有限公司 一种快捷有效的防伪鉴真方法
CN111682937A (zh) * 2020-06-08 2020-09-18 晋商博创(北京)科技有限公司 增强型cpk的密钥申请与分发方法及装置
CN114024689A (zh) * 2022-01-05 2022-02-08 华中科技大学 一种基于后量子和身份标识的电子邮件收发方法和系统
CN115225350A (zh) * 2022-07-01 2022-10-21 浪潮云信息技术股份公司 基于国密证书的政务云加密登录验证方法及存储介质

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101554012B (zh) * 2006-10-18 2012-09-05 黄金富 用付费收费捐款和认证手段来防止垃圾电邮的系统和方法
US7877784B2 (en) * 2007-06-07 2011-01-25 Alcatel Lucent Verifying authenticity of webpages
CN101668009B (zh) * 2009-09-27 2012-12-12 北京联合智华微电子科技有限公司 路由地址的安全处理方法和系统
CN102118381A (zh) * 2010-09-20 2011-07-06 中科方德软件有限公司 基于usbkey的安全邮件系统及邮件加密、解密方法
CN102710601B (zh) * 2012-05-03 2015-07-22 苏州大学 基于身份文件的安全加密和签名方法
CN103414563A (zh) * 2013-08-05 2013-11-27 南京瑞组信息技术有限公司 Cpk标识、密钥对和证书的有效期限的管理方法
CN104468111A (zh) * 2013-09-25 2015-03-25 同方股份有限公司 一种用usbkey公钥矩阵实现密钥及数据交换的方法
CN104994008B (zh) * 2015-07-14 2019-02-05 中国互联网络信息中心 一种电子邮件的反钓鱼系统及方法
CN109347627B (zh) * 2018-09-19 2023-08-29 平安科技(深圳)有限公司 数据加解密方法、装置、计算机设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050005124A1 (en) * 1998-11-09 2005-01-06 First Data Corporation Sending electronic transaction message for entity information account, digital signature derived therefrom, and sender identity information in aads system
WO2005078993A1 (fr) * 2004-02-12 2005-08-25 Kryptiva, Inc. Systeme et procede garantissant le courrier electronique au moyen d'un schema de chiffrement de cle publique hybride
CN1665188A (zh) * 2005-03-03 2005-09-07 武汉大学 具有收发双向不可否认机制的安全电子邮件系统实现方法

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1262087C (zh) * 2005-01-14 2006-06-28 南相浩 基于标识的密钥产生方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050005124A1 (en) * 1998-11-09 2005-01-06 First Data Corporation Sending electronic transaction message for entity information account, digital signature derived therefrom, and sender identity information in aads system
WO2005078993A1 (fr) * 2004-02-12 2005-08-25 Kryptiva, Inc. Systeme et procede garantissant le courrier electronique au moyen d'un schema de chiffrement de cle publique hybride
CN1665188A (zh) * 2005-03-03 2005-09-07 武汉大学 具有收发双向不可否认机制的安全电子邮件系统实现方法

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104091191A (zh) * 2014-07-09 2014-10-08 上海象形通讯科技有限公司 一种快捷有效的防伪鉴真方法
CN111682937A (zh) * 2020-06-08 2020-09-18 晋商博创(北京)科技有限公司 增强型cpk的密钥申请与分发方法及装置
CN114024689A (zh) * 2022-01-05 2022-02-08 华中科技大学 一种基于后量子和身份标识的电子邮件收发方法和系统
CN115225350A (zh) * 2022-07-01 2022-10-21 浪潮云信息技术股份公司 基于国密证书的政务云加密登录验证方法及存储介质
CN115225350B (zh) * 2022-07-01 2024-05-31 浪潮云信息技术股份公司 基于国密证书的政务云加密登录验证方法及存储介质

Also Published As

Publication number Publication date
CN1835434B (zh) 2012-07-18
CN1835434A (zh) 2006-09-20

Similar Documents

Publication Publication Date Title
WO2007121660A1 (fr) Procédé et système de courrier électronique basés sur l'authentification sécurisée de clés publiques combinées
US10673626B2 (en) Threshold secret share authentication proof and secure blockchain voting with hardware security modules
JP3595109B2 (ja) 認証装置、端末装置、および、それら装置における認証方法、並びに、記憶媒体
WO2020062668A1 (fr) Procédé d'authentification d'identité, dispositif d'authentification d'identité et support lisible par ordinateur
US20180167222A1 (en) Identity-based certificate management
US8103867B2 (en) Method and system for obtaining digital signatures
US7370202B2 (en) Security device for cryptographic communications
US20110173452A1 (en) Method of generating compound type combined public key
US20040059924A1 (en) Biometric private key infrastructure
US20090228703A1 (en) System and method for configuring a valid duration period for a digital certificate
US7627532B2 (en) Method for creating and managing secure service communities
ES2665887T3 (es) Sistema de datos seguro
JP2001249901A (ja) 認証装置およびその方法、並びに、記憶媒体
Kapadia A case (study) for usability in secure email communication
Patel et al. The study of digital signature authentication process
CN111651740B (zh) 一种面向分布式智能嵌入式系统的可信平台共享系统
Markovic Data protection techniques, cryptographic protocols and pki systems in modern computer networks
Ma et al. Electronic contract ledger system based on blockchain technology
Ren et al. BIA: A blockchain-based identity authorization mechanism
RU2659730C1 (ru) Способ обмена защищенными данными
Parnerkar et al. Secret key distribution protocol using public key cryptography
Sejwani et al. Implementation of X. 509 certificate for online applications
Samardžić et al. Public key infrastructure and methods of e-mail protection
Foltz et al. Public Key Infrastructure Issues for Enterprise Level Security.
Kurariya et al. LTV-Backed E-Signatures Using Post-Quantum Cryptography

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720702

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720702

Country of ref document: EP

Kind code of ref document: A1