WO2008151542A1 - Method for controlling accessing to an electronic mail and electronic mail server - Google Patents

Method for controlling accessing to an electronic mail and electronic mail server Download PDF

Info

Publication number
WO2008151542A1
WO2008151542A1 PCT/CN2008/071120 CN2008071120W WO2008151542A1 WO 2008151542 A1 WO2008151542 A1 WO 2008151542A1 CN 2008071120 W CN2008071120 W CN 2008071120W WO 2008151542 A1 WO2008151542 A1 WO 2008151542A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
folder
encrypted
key
same
Prior art date
Application number
PCT/CN2008/071120
Other languages
French (fr)
Chinese (zh)
Inventor
Mingqiang Li
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2008151542A1 publication Critical patent/WO2008151542A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Abstract

A method for controlling accessing to an electronic mail and an electronic mail server, the method includes steps of: receiving a selection to encrypt at least a folder in an electronic mailbox, and receiving an inputted first encryption password, encrypting the selected folder using the first encryption password (S101); receiving a request to access the encrypted folder, and receiving an inputted second encryption password, judging whether the first encryption password is same as the second encryption password, if they were, permitting to access the encrypted folder (S102). An electronic mail server corresponding to the method mentioned above is also provided. The method encrypts the folder in the electronic mailbox again, and offers a secondary password protection of the electronic mail in the encrypted folder, thus ensuring the security of the electronic mail.

Description

一种电子邮件的访问控制方法及邮件服务器 技术领域  E-mail access control method and mail server
本发明属于通信安全领域, 尤其涉及一种电子邮件的访问控制方法 及邮件服务器。 发明背景  The invention belongs to the field of communication security, and in particular relates to an access control method for an email and a mail server. Background of the invention
现今随着网络的发展与普及, 电子邮件(Email ) 已经成为重要的交 流工具, 它的安全性也越来越受到重视。  Nowadays, with the development and popularization of the Internet, e-mail has become an important communication tool, and its security has received more and more attention.
目前电子邮件的安全性是通过邮箱的登录密码来保证的, 电子邮件 是以明文(未加密) 的形式保存在邮件服务器上的, 当用户通过密码登 录邮箱后, 邮箱中包括已发送的邮件、 已接收的邮件等所有的邮件信息 将被一览无余, 使得用户电子邮件的安全性受到较大的威胁。 而用户邮 箱的登录密码容易被窃取, 如当用户选择了浏览器的记住密码功能时, 只要盗用用户的计算机密码, 即可自由登录用户的邮箱; 当用户登录邮 箱后暂时离开, 或者通过其它方式泄露了用户邮箱的登录密码时, 用户 邮箱中的电子邮件的安全性无法得到保证, 这对许多企业, 尤其是商务 人士可能造成无法挽回的损失。 发明内容  At present, the security of the email is guaranteed by the login password of the email. The email is stored in the plaintext (unencrypted) on the mail server. When the user logs in to the mailbox through the password, the email includes the sent email. All mail information, such as received mail, will be displayed at a glance, making the security of user emails more vulnerable. The login password of the user's mailbox is easily stolen. For example, when the user selects the password remember function of the browser, as long as the user's computer password is stolen, the user's mailbox can be freely logged in; when the user logs in to the mailbox, the user temporarily leaves, or passes other When the login password of the user's mailbox is revealed, the security of the email in the user's mailbox cannot be guaranteed, which may cause irreparable damage to many enterprises, especially business people. Summary of the invention
本发明实施例的目的在于提供一种电子邮件的访问控制方法及邮 件服务器, 旨在对电子邮箱中的电子邮件提供更好的安全保护。  An object of the embodiments of the present invention is to provide an email access control method and a mail server, which are intended to provide better security protection for emails in an email mailbox.
本发明实施例提供了一种电子邮件的访问控制方法,包括以下步骤: 接收对电子邮箱中至少一个文件夹的加密选定, 并接收输入的第一 密码, 使用第一密码对所选定的文件夹进行加密。 接收对已加密文件夹的访问请求, 并接收输入的第二密码, 判断第 二密码和第一密码是否相同,如果相同,允许对已加密文件夹进行访问。 An embodiment of the present invention provides an access control method for an email, comprising the steps of: receiving an encryption selection of at least one folder in an email box, and receiving the input first password, using the first password pair to select the selected The folder is encrypted. Receiving an access request to the encrypted folder, and receiving the input second password, determining whether the second password and the first password are the same, and if the same, allowing access to the encrypted folder.
本发明实施例还提供了一种邮件服务器, 包括以下构件:  The embodiment of the invention further provides a mail server, which comprises the following components:
接口单元, 用于在加密时接收对电子邮箱中至少一个文件夹的加密 选定, 并接收输入的第一密码, 在访问时, 接收对已加密文件夹的访问 请求, 并接收输入的第二密码。  An interface unit, configured to receive an encryption selection of at least one folder in the email when encrypting, and receive the input first password, receive an access request to the encrypted folder, and receive the input second when accessing password.
控制单元, 用于使用第一密码对所选定的文件夹进行加密, 判断第 二密码和第一密码是否相同,如果相同,允许对已加密文件夹进行访问。  The control unit is configured to encrypt the selected folder by using the first password, determine whether the second password and the first password are the same, and if the same, allow access to the encrypted folder.
在本发明实施例中, 根据输入的加密密码采用加密算法生成加密密 匙, 对用户选定的邮箱中的文件夹加密, 为该加密文件夹中的电子邮件 提供了除邮箱登录密码外的二次密码保护, 从而保证了邮箱中电子邮件 的安全性, 尤其是对用户的重要私密数据提供了充分的安全保障。 附图简要说明  In the embodiment of the present invention, an encryption key is generated according to the input encryption password, and the folder in the mailbox selected by the user is encrypted, and the email in the encrypted folder is provided with two passwords other than the email login password. The second password protection ensures the security of the email in the mailbox, especially the important security data of the user. BRIEF DESCRIPTION OF THE DRAWINGS
图 1是本发明实施例提供的电子邮件访问控制方法的实现流程图。 图 2是本发明实施例提供的加密文件夹的访问流程图。  FIG. 1 is a flowchart of an implementation of an email access control method according to an embodiment of the present invention. 2 is a flow chart of accessing an encrypted folder according to an embodiment of the present invention.
图 3是本发明实施例提供的电子邮件解密方法的实现流程图。  FIG. 3 is a flowchart of implementing an email decryption method according to an embodiment of the present invention.
图 4是本发明实施例提供的邮件服务器的结构图。  4 is a structural diagram of a mail server according to an embodiment of the present invention.
图 5是本发明实施例提供的扩展的邮件服务器的结构图。 实施本发明的方式  FIG. 5 is a structural diagram of an extended mail server according to an embodiment of the present invention. Mode for carrying out the invention
为了使本发明的目的、 技术方案及优点更加清楚明白, 以下结合附 图及实施例, 对本发明进行进一步详细说明。 应当理解, 此处所描述的 具体实施例仅仅用以解释本发明, 并不用于限定本发明。  In order to make the objects, the technical solutions and the advantages of the present invention more comprehensible, the present invention will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
在本发明实施例中, 接收用户输入的加密密码, 即第一密码, 根据 该加密密码产生加密密匙对邮箱中用户选定的文件夹进行加密, 从而实 现了邮箱中该加密文件夹中的电子邮件的二次密码保护, 保证了用户电 子邮件的安全性。 In the embodiment of the present invention, the encrypted password input by the user, that is, the first password is received, according to The encrypted password generates an encryption key to encrypt the folder selected by the user in the mailbox, thereby realizing the secondary password protection of the email in the encrypted folder in the mailbox, thereby ensuring the security of the user's email.
图 1示出了本发明实施例提供的电子邮件的访问控制方法的实现流 程, 详述如下:  FIG. 1 is a flowchart showing an implementation process of an access control method for an email provided by an embodiment of the present invention, which is described in detail as follows:
在步骤 S101 中, 接收对电子邮箱中至少一个文件夹的加密选定, 并接收输入的第一密码, 使用第一密码对所选定的文件夹进行加密。  In step S101, an encryption selection of at least one folder in the electronic mailbox is received, and the input first password is received, and the selected folder is encrypted using the first password.
步骤 S101 可以通过下列的方式进行: 接收用户输入的加密密码以 及用户选定的邮箱中的文件夹信息, 如文件夹的 ID。 其中用户选定的邮 箱中的文件夹中可以包含用户需要加密保护的电子邮件信息, 也可以为 空的文件夹。  Step S101 can be performed by: receiving an encrypted password input by the user and folder information in a mailbox selected by the user, such as an ID of the folder. The folder in the mailbox selected by the user may contain email information that the user needs to encrypt and protect, or an empty folder.
然后根据用户输入的加密密码采用相应的加密算法产生加密密匙, 对用户选定的邮箱中的文件夹进行加密。 在本发明实施例中, 所采用的 相应的加密算法可以是公开密匙算法(如 RSA加密算法)、数据加密标 准( Digital Encryption Standard, DES )算法、 数字签名算法(如 ElGamal 加密算法、 DSA加密算法) 、 MD5加密算法或者 FLOWFISH加密算法 等。 当对该文件夹加密后, 访问该文件夹中的任何电子邮件都需要输入 该文件夹的加密密码, 从而使用户邮箱中的电子邮件得到二次加密保 护, 保证了该加密文件夹中的电子邮件的安全性。  Then, according to the encrypted password input by the user, a corresponding encryption algorithm is used to generate an encryption key, and the folder in the mailbox selected by the user is encrypted. In the embodiment of the present invention, the corresponding encryption algorithm may be a public key algorithm (such as RSA encryption algorithm), a data encryption standard (DES) algorithm, a digital signature algorithm (such as ElGamal encryption algorithm, DSA encryption). Algorithm), MD5 encryption algorithm or FLOWFISH encryption algorithm. When the folder is encrypted, accessing any email in the folder requires entering the encrypted password of the folder, so that the email in the user's mailbox is twice encrypted, and the electronic in the encrypted folder is guaranteed. The security of the mail.
在邮件服务器上对应每一个文件夹设置一个访问控制属性, 该访问 控制属性可以设置为文件夹是否需要使用密码进行访问。 当用户选择某 一个文件夹进行加密时, 向邮件服务器发送对要加密的文件夹的选定以 及加密密码。 邮件服务器设置访问控制属性为通过密码访问, 并将接收 到的加密密码, 即第一密码通过加密算法生成一个加密密钥, 即第一密 钥, 存储该第一密钥。 进一步地, 邮件服务器会对应第一密钥存储第一 密码。 Set an access control attribute for each folder on the mail server. The access control attribute can be set to whether the folder needs to be accessed with a password. When the user selects a folder for encryption, the mail server is sent a selection of the folder to be encrypted and an encrypted password. The mail server sets the access control attribute to be accessed by the password, and the received encrypted password, that is, the first password, generates an encryption key, that is, the first key, by the encryption algorithm, and stores the first key. Further, the mail server stores the first key corresponding to the first key. Password.
在步骤 S102 中, 接收对已加密文件夹的访问请求, 并接收输入的 第二密码, 判断第二密码和第一密码是否相同, 如果相同, 允许对已加 密文件夹进行访问。  In step S102, an access request to the encrypted folder is received, and the input second password is received, and it is determined whether the second password and the first password are the same. If the same, the access to the encrypted folder is allowed.
图 2示出了本发明实施例提供的对已加密文件夹进行访问的处理流 程。  FIG. 2 shows a processing flow for accessing an encrypted folder according to an embodiment of the present invention.
如图 2所示, 用户选择所要访问的文件夹, 如果该文件夹未加密, 则用户可以正常浏览或者操作电子邮件, 如果该文件夹已加密, 则提示 用户输入加密密码;验证用户输入的加密密码是否正确,如果密码错误, 则转入错误处理过程, 如提示用户密码错误等, 如果正确则用户可以正 常浏览或者操作电子邮件。  As shown in Figure 2, the user selects the folder to be accessed. If the folder is not encrypted, the user can browse or operate the email normally. If the folder is encrypted, the user is prompted to input an encrypted password; verify the encryption input by the user. If the password is correct, go to the error handling process, such as prompting the user for a wrong password. If it is correct, the user can browse or operate the email normally.
具体来说, 邮件服务器接收到用户发送的访问请求, 判断该文件夹 是否需要通过密码访问, 如果需要, 要求用户输入正确的加密密码。 邮 件服务器接收用户输入的密码, 即第二密码, 通过加密的时候使用的加 密算法生成一个加密密钥, 即第二密钥。 比较第二密钥和存储的第一密 钥, 如果两者相同, 允许用户访问该文件夹。  Specifically, the mail server receives the access request sent by the user, determines whether the folder needs to be accessed by the password, and if necessary, requires the user to input the correct encrypted password. The mail server receives the password entered by the user, that is, the second password, and generates an encryption key, that is, the second key, by the encryption algorithm used when encrypting. Compare the second key with the stored first key, and if the two are the same, allow the user to access the folder.
为了达到更好的密码保护效果, 本发明实施例在步骤 S101 中, 接 收用户输入的加密密码以及用户选定的邮箱中的文件夹信息的同时, 接 收用户输入的密码取回信息, 如密码取回问题、 保密邮箱地址等并存储 该密码取回信息。 在步骤 S101之后的任意时刻还可以包括下述步骤: 当用户丢失上述加密文件夹的加密密码时, 依据上述密码取回信息 取回该加密文件夹的加密密码。  In order to achieve a better password protection effect, in step S101, the embodiment of the present invention receives the encrypted password input by the user and the folder information in the mailbox selected by the user, and receives the password retrieval information input by the user, such as the password. Go back to the question, keep the email address, etc. and store the password to retrieve the information. At any time after step S101, the following steps may be further included: When the user loses the encrypted password of the encrypted folder, the encrypted password of the encrypted folder is retrieved according to the password retrieval information.
具体来说, 用户向邮件服务器发送一条密码取回请求。 邮件服务器 要求用户输入密码取回信息, 如果用户输入的信息与存储的密码取回信 息一致, 邮件服务器将第一密码发送给用户。 例如用户设置的密码取回 信息为保密邮箱地址, 邮件服务器会要求用户输入正确的保密邮箱地 址, 并将用户输入的保密邮箱地址与密码取回信息中的保密邮箱地址进 行比较, 如果两者一致, 邮件服务器将第一密码发送给用户。 Specifically, the user sends a password retrieval request to the mail server. The mail server requires the user to input the password retrieval information. If the information input by the user is consistent with the stored password retrieval information, the mail server sends the first password to the user. For example, the password set by the user is retrieved. The information is a secret email address, and the mail server will ask the user to enter the correct secret email address, and compare the secret email address entered by the user with the secret email address in the password retrieval information. If the two are consistent, the mail server will use the first password. Send to the user.
当需要加密保护的电子邮件未包含在该加密文件夹中时, 为了实现 对该需要保护的电子邮件进行加密保护, 该电子邮件加密方法还可以包 括下述步骤:  When an email requiring encryption protection is not included in the encrypted folder, in order to encrypt and protect the email to be protected, the email encryption method may further include the following steps:
接收该加密文件夹以外的需要加密保护的电子邮件转移指令, 并根 据该转移指令将该需要加密保护的电子邮件转移至加密文件夹。  Receiving an email transfer instruction other than the encrypted folder that requires encryption protection, and transferring the encrypted-protected email to the encrypted folder according to the transfer instruction.
为了避免因用户登录邮箱并在浏览加密文件夹的过程中暂时离开 或者因用户退出登录, 而导致加密文件夹中的电子邮件数据被非法用户 窃取, 在本发明实施例中, 还可以包括下述步骤:  In the embodiment of the present invention, the following may be included in the embodiment of the present invention, in order to prevent the user from logging in to the mailbox and temporarily leaving during the browsing of the encrypted folder, or the user is logged out, and the email data in the encrypted folder is stolen by the user. Steps:
当用户停止浏览该加密文件夹一段时间 (如 2分钟)后, 或者用户 退出邮箱的登录后, 自动根据步骤 S101 中接收的加密密码将该加密文 件夹锁定。 当用户重新登录邮箱或者重新浏览和操作邮箱中该加密文件 夹中的电子邮件时, 需要重新输入该加密文件夹的加密密码。  After the user stops browsing the encrypted folder for a period of time (such as 2 minutes), or after the user logs out of the mailbox, the encrypted folder is automatically locked according to the encrypted password received in step S101. When the user logs back in to the mailbox or revisits and manipulates the email in the encrypted folder in the mailbox, the encrypted password for the encrypted folder needs to be re-entered.
具体来说, 邮件服务器可以对应已加密的文件夹设置一个定时器, 当邮件服务器未接收到对已加密的文件夹进行操作的信息时启动定时 器。 在定时器超时前, 如果接收到用户对已加密的文件夹进行操作的信 息, 定时器重置; 在定时器超时后, 拒绝用户对文件夹的操作。 定时器 的时间可以由用户设定, 也可以由邮件服务器设定。 当邮件服务器接收 到用户退出登录的消息后, 同样将已加密文件夹锁定。  Specifically, the mail server can set a timer corresponding to the encrypted folder, and the timer is started when the mail server does not receive information on the operation of the encrypted folder. Before the timer expires, if the user receives information on the operation of the encrypted folder, the timer is reset; after the timer expires, the user's operation on the folder is rejected. The time of the timer can be set by the user or by the mail server. When the mail server receives the message that the user has logged out, the encrypted folder is also locked.
可以理解, 用户可以采用上述电子邮件加密方法有选择性的对邮箱 中的文件夹或者电子邮件进行加密, 同时可以为不同的加密文件夹设置 不同的密码, 从而为用户的重要私密数据提供了充分的安全保障。  It can be understood that the user can selectively encrypt the folder or email in the mailbox by using the above-mentioned email encryption method, and can set different passwords for different encrypted folders, thereby providing sufficient important data for the user. Security.
采用上述方法对选定的邮箱中的文件夹进行加密后, 用户在不知道 该文件夹的加密密码时, 无法对该加密文件夹中的任何电子邮件进行任 何操作,如浏览等。在用户通过加密密码打开并浏览该电子邮件过程中, 如果用户暂时离开, 通过对该加密文件夹进行锁定, 保证了电子邮件的 安全性。 After encrypting the folder in the selected mailbox by the above method, the user does not know When the folder is encrypted, you cannot perform any operations on any email in the encrypted folder, such as browsing. In the process of the user opening and browsing the email through the encrypted password, if the user temporarily leaves, the security of the email is ensured by locking the encrypted folder.
在实际应用过程中, 用户可以通过邮箱的文件夹管理页面, 选择需 要加密的文件夹, 按要求(如两次输入密码)输入加密密码后可对选定 的邮箱的文件夹进行加密。  In the actual application process, the user can select the folder to be encrypted through the folder management page of the mailbox, and input the encrypted password according to the requirements (such as entering the password twice) to encrypt the folder of the selected mailbox.
图 3示出了本发明实施例提供的电子邮件的解密方法的实现流程, 详述如下:  FIG. 3 is a flowchart showing an implementation process of a method for decrypting an email provided by an embodiment of the present invention, which is described in detail as follows:
在步骤 S301 中, 接收用户输入的解密密码以及用户选定的邮箱中 的加密文件夹信息。 在实际应用过程中, 用户通过邮箱中的文件夹管理 页面, 选择已加密的文件夹, 并输入解密密码, 该解密密码为对该文件 夹进行加密时, 用户输入的加密密码。  In step S301, the decryption password input by the user and the encrypted folder information in the mailbox selected by the user are received. In the actual application process, the user selects the encrypted folder through the folder management page in the mailbox, and inputs a decryption password, which is the encrypted password input by the user when the folder is encrypted.
本步骤的过程与访问已加密文件夹的具体过程相类似, 在此不再赘 述。  The process of this step is similar to the specific process of accessing an encrypted folder, and will not be described here.
在步骤 S302 中, 根据该加密密码对选定的加密文件夹进行解密。 对该加密文件夹进行解密后, 该加密文件夹的状态与加密前一致, 邮箱 用户可以随意的浏览或者操作该邮箱中被解密后的文件夹中的任何电 子邮件。  In step S302, the selected encrypted folder is decrypted based on the encrypted password. After the encrypted folder is decrypted, the state of the encrypted folder is the same as before the encryption, and the mailbox user can browse or manipulate any email in the decrypted folder in the mailbox.
具体来说, 解密可以是将访问控制属性设置为不通过密码进行访 问, 并删除存储的第一密钥。 更进一步的, 删除存储的密码取回信息以 及加密密码。  Specifically, the decryption may be to set the access control attribute to be accessed without a password and delete the stored first key. Further, the stored password retrieval information and the encrypted password are deleted.
图 4示出了本发明实施例提供的邮件服务器的结构, 为了更好的说 明, 仅示出了与本发明实施例相关的部分。  FIG. 4 shows the structure of a mail server according to an embodiment of the present invention. For better description, only parts related to the embodiment of the present invention are shown.
如图 4所示, 接口单元 410用于在加密时接收对电子邮箱中至少一 个文件夹的加密选定, 并接收输入的第一密码。 在访问控制时, 接收对 已加密文件夹的访问请求, 并接收输入的第二密码。 控制单元 420用于 使用第一密码对所选定的文件夹进行加密, 判断第二密码和第一密码是 否相同, 如果相同, 允许对已加密文件夹进行访问。 As shown in FIG. 4, the interface unit 410 is configured to receive at least one of the email addresses when encrypting. The encryption of the folders is selected and the first password entered is received. At the time of access control, an access request to the encrypted folder is received, and the entered second password is received. The control unit 420 is configured to encrypt the selected folder by using the first password, determine whether the second password and the first password are the same, and if the same, allow access to the encrypted folder.
图 5是扩展后的邮件服务器的结构示意图。  FIG. 5 is a schematic structural diagram of an extended mail server.
如图 5所示, 控制单元 420包括以下模块: 属性设置模块 421用于 设置所选定的文件夹的访问控制属性为通过密码访问; 密钥生成模块 422用于将接口单元 410接收到的第一密码通过加密算法生成第一密钥。 服务器进一步包括存储单元 430, 用于存储密钥生成模块 422生成的第 一密钥。  As shown in FIG. 5, the control unit 420 includes the following modules: The attribute setting module 421 is configured to set an access control attribute of the selected folder to be accessed by a password; and the key generation module 422 is configured to receive the interface unit 410. A password is generated by an encryption algorithm to generate a first key. The server further includes a storage unit 430 for storing the first key generated by the key generation module 422.
密钥生成模块 422进一步用于将 410接口单元接收到的访问请求中 携带的第二密码通过加密算法生成第二密钥。 控制单元 420进一步包括 访问控制模块 423 , 用于判断密钥生成模块 422生成的第二密钥和存储 单元 430存储的第一密钥是否相同, 如果相同, 允许对该文件夹进行操 作。  The key generation module 422 is further configured to generate a second key by using an encryption algorithm for the second password carried in the access request received by the 410 interface unit. The control unit 420 further includes an access control module 423 for determining whether the second key generated by the key generation module 422 and the first key stored by the storage unit 430 are the same, and if the same, the folder is allowed to operate.
接口单元 410进一步用于接收密码取回信息。 存储单元 430进一步 用于存储接口单元 410接收到的密码取回信息。 接口单元 410进一步用 于接收密码取回请求。 服务器进一步包括密码取回单元 440, 用于要求 输入密码取回信息, 判断输入的密码取回信息与存储单元 430存储的密 码取回信息是否相同, 如果相同, 发送存储单元 430存储的第一密码。  The interface unit 410 is further configured to receive password retrieval information. The storage unit 430 is further configured to store the password retrieval information received by the interface unit 410. Interface unit 410 is further operative to receive a password retrieval request. The server further includes a password retrieval unit 440, configured to request input of password retrieval information, and determine whether the input password retrieval information is the same as the password retrieval information stored by the storage unit 430. If the same, the first password stored by the storage unit 430 is sent. .
接口单元 410进一步用于接收对已加密文件夹的解密请求。 属性设 置模块 421进一步用于设置已加密文件夹的访问控制属性为不通过密码 进行访问。 存储单元 422进一步用于删除存储的第一密钥。  The interface unit 410 is further for receiving a decryption request for the encrypted folder. The attribute setting module 421 is further configured to set the access control attribute of the encrypted folder to be accessed without a password. The storage unit 422 is further configured to delete the stored first key.
以上所述的服务器进一步包括定时器 450, 用于设置定时时间, 接 口单元 410未接收到对已加密的文件夹进行操作的信息, 定时器 450开 始计时, 如果在定时器 450超时前, 接收到对已加密的文件夹进行操作 的信息, 定时器 450重新开始计时。 服务器还进一步包括锁定单元 460, 用于当定时器 450超时后, 用于当定时器超时后, 拒绝对已加密文件夹 的操作。 The server described above further includes a timer 450 for setting a timing time, and the interface unit 410 does not receive information for operating the encrypted folder, and the timer 450 is opened. At the beginning, if information about the operation of the encrypted folder is received before the timer 450 times out, the timer 450 restarts timing. The server further includes a locking unit 460, configured to reject the operation of the encrypted folder when the timer expires after the timer 450 times out.
从上面的技术方案可以看出, 通过对邮箱中的文件夹进行加密, 从 而使用户邮箱中的电子邮件得到二次加密保护, 保证了该加密文件夹中 的电子邮件的安全性。 同时, 由于用户没有邮件服务器的管理权限, 邮 件服务器的运行不受用户控制, 因此也增加了加密文件夹中电子邮件的 安全性。  As can be seen from the above technical solution, by encrypting the folder in the mailbox, the email in the user mailbox is twice encrypted, and the security of the email in the encrypted folder is ensured. At the same time, since the user does not have the management authority of the mail server, the operation of the mail server is not controlled by the user, so the security of the email in the encrypted folder is also increased.
综上所述, 在本发明实施例中, 根据用户输入的加密密码生成加密 密匙, 对用户选定的邮箱中的文件夹加密, 从而使该加密文件夹中的电 子邮件被二次加密, 同时可以将需要加密保护的电子邮件转移至该加密 文件夹, 使用户邮箱中的电子邮件的安全性得到保护, 同时当用户停止 浏览或操作该加密文件夹一段时间后, 或者用户退出邮箱登录时, 自动 根据用户输入的加密密码重新对该加密文件夹加密, 当用户重新浏览或 者重新登录邮箱时, 需要重新输入密码, 使得用户在离开一段时间后, 电子邮件也不会被窃取, 进一步保证了用户电子邮件的安全性。 另外, 当用户忘记加密文件夹的密码时, 用户可以通过输入的密码取回信息取 回该加密密码。 当用户不需要对电子邮件加密时, 通过本发明实施例提 供的电子邮件解密方法可以解除该电子邮件的密码, 应用方便、 自如。  In summary, in the embodiment of the present invention, an encryption key is generated according to an encrypted password input by a user, and a folder in a mailbox selected by the user is encrypted, so that the email in the encrypted folder is secondarily encrypted. At the same time, the email that needs to be encrypted and protected can be transferred to the encrypted folder, so that the security of the email in the user's mailbox is protected, and when the user stops browsing or operating the encrypted folder for a period of time, or when the user logs out of the mailbox, The encrypted folder is automatically re-encrypted according to the encrypted password input by the user. When the user re-browss or re-login to the mailbox, the password needs to be re-entered, so that the user will not be stolen after leaving the user for a certain period of time, further ensuring that the email is not stolen. User email security. In addition, when the user forgets the password of the encrypted folder, the user can retrieve the encrypted password by using the entered password retrieval information. When the user does not need to encrypt the email, the email decryption method provided by the embodiment of the present invention can cancel the password of the email, and the application is convenient and free.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡 在本发明的精神和原则之内所作的任何修改、 等同替换和改进等, 均应 包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

权利要求书 Claim
1、 一种电子邮件的访问控制方法, 其特征在于, 包括: An access control method for an email, comprising:
接收对电子邮箱中至少一个文件夹的加密选定, 并接收输入的第一 密码, 使用所述第一密码对所选定的文件夹进行加密:  Receiving an encryption selection of at least one folder in the email box, and receiving the input first password, and encrypting the selected folder using the first password:
接收对已加密文件夹的访问请求, 并接收输入的第二密码, 判断所 述第二密码和所述第一密码是否相同, 如果相同, 允许对所述已加密文 件夹进行访问。  Receiving an access request to the encrypted folder, and receiving the input second password, determining whether the second password and the first password are the same, and if the same, allowing access to the encrypted folder.
2、 根据权利要求 1 所述的方法, 其特征在于, 所述使用第一密码 对所选定的文件夹进行加密包括:  2. The method according to claim 1, wherein the encrypting the selected folder by using the first password comprises:
设置所选定的文件夹的访问控制属性为通过密码访问;  Set the access control attribute of the selected folder to be accessed by password;
将所述第一密码通过加密算法生成第一密钥;  Generating the first password by using an encryption algorithm to generate a first key;
存储所述第一密钥。  Storing the first key.
3、 根据权利要求 2所述的方法, 其特征在于, 所述判断第二密码 和所述第一密码是否相同包括:  The method according to claim 2, wherein the determining whether the second password and the first password are the same comprises:
将所述第二密码通过所述加密算法生成第二密钥;  Generating the second password by using the encryption algorithm to generate a second key;
判断所述第一密钥和第二密钥是否相同。  Determining whether the first key and the second key are the same.
4、 根据权利要求 1 所述的方法, 其特征在于, 进一步接收密码取 回信息;  4. The method according to claim 1, wherein the password retrieval information is further received;
对应存储所述第一密码和密码取回信息;  Corresponding to storing the first password and password retrieval information;
接收密码取回请求;  Receiving a password retrieval request;
要求输入密码取回信息;  Require password input to retrieve information;
判断输入的信息与所述存储的密码取回信息是否相同, 如果相同, 发送所述存储的第一密码。  Determining whether the input information is the same as the stored password retrieval information, and if the same, transmitting the stored first password.
5、 根据权利要求 2所述的方法, 其特征在于; 进一步包括: 接收对已加密文件夹的解密请求; 5. The method according to claim 2, further comprising: Receiving a decryption request for an encrypted folder;
设置所述已加密文件夹的访问控制属性为不通过密码进行访问; 删除存储的第一密钥。  Setting the access control attribute of the encrypted folder to be accessed without a password; deleting the stored first key.
6、 根据权利要求 1至 5所述的任一方法, 其特征在于,  6. A method according to any one of claims 1 to 5, characterized in that
设置定时时间;  Set the timing time;
当未接收到对已加密的文件夹进行操作的信息时, 开始计时; 在定时时间超时前, 如果接收到对所述已加密的文件夹进行操作的 信息, 重新开始计时;  When the information about the operation of the encrypted folder is not received, the timing is started; before the timeout period expires, if the information about the operation of the encrypted folder is received, the timing is restarted;
在定时时间超时后, 拒绝对所述已加密文件夹的操作。  After the timeout expires, the operation of the encrypted folder is denied.
7、 一种邮件服务器, 其特征在于, 包括: 接口单元, 用于在加密时接收对电子邮箱中至少一个文件夹的加密 选定, 并接收输入的第一密码, 在访问时, 接收对已加密文件夹的访问 请求, 并接收输入的第二密码; 7. A mail server, characterized by comprising: an interface unit for receiving the encrypted electronic mail to the selected at least one file folder at the time of encryption, and receiving a first input of a password when accessing, have been received Encrypting the access request of the folder and receiving the entered second password;
控制单元, 用于使用第一密码对所选定的文件夹进行加密, 判断所 述第二密码和所述第一密码是否相同, 如果相同, 允许对所述已加密文 件夹进行访问。  And a control unit, configured to encrypt the selected folder by using the first password, determine whether the second password and the first password are the same, and if the same, allow access to the encrypted folder.
8、 根据权利要求 7所述的服务器, 其特征在于, 所述控制单元包 括:  8. The server according to claim 7, wherein the control unit comprises:
属性设置模块, 用于设置所选定的文件夹的访问控制属性为通过密 码访问;  An attribute setting module, configured to set an access control attribute of the selected folder to be accessed through a password;
密钥生成模块, 用于将所述接口单元接收到的第一密码通过加密算 法生成第一密钥;  a key generation module, configured to generate a first key by using an encryption algorithm by using the first password received by the interface unit;
所述服务器进一步包括, 存储单元, 用于存储所述密钥生成模块生 成的所述第一密钥。  The server further includes a storage unit, configured to store the first key generated by the key generation module.
9、 根据权利要求 8所述的服务器, 其特征在于, 所述密钥生成模块进一步用于将所述接口单元接收到的访问请求 中携带的第二密码通过所述加密算法生成第二密钥; 9. The server of claim 8 wherein: The key generation module is further configured to generate a second key by using the encryption algorithm by using a second password carried in the access request received by the interface unit;
所述控制单元进一步包括:  The control unit further includes:
访问控制模块, 用于判断所述密钥生成模块生成的第二密钥和存储 单元存储的第一密钥是否相同, 若相同, 允许对所述文件夹进行操作。  The access control module is configured to determine whether the second key generated by the key generation module and the first key stored by the storage unit are the same. If they are the same, the folder is allowed to operate.
10、 根据权利要求 8所述的服务器, 其特征在于,  10. The server of claim 8 wherein:
所述服务器进一步包括密码取回单元, 用于要求输入密码取回信 息, 判断输入的密码取回信息与所述存储单元存储的密码取回信息是否 相同, 如果相同, 发送所述存储单元存储的第一密码。  The server further includes a password retrieval unit, configured to request input of password retrieval information, and determine whether the input password retrieval information is the same as the password retrieval information stored by the storage unit, and if the same, send the storage unit to store First password.
11、 根据权利要求 8所述的服务器, 其特征在于,  11. The server of claim 8 wherein:
所述接口单元进一步用于接收对已加密文件夹的解密请求; 所述属性设置模块进一步用于设置所述已加密文件夹的访问控制 属性为不通过密码进行访问;  The interface unit is further configured to receive a decryption request for the encrypted folder; the attribute setting module is further configured to set an access control attribute of the encrypted folder to be accessed without using a password;
所述存储单元进一步用于删除存储的第一密钥。  The storage unit is further configured to delete the stored first key.
12、 根据权利要求 7至 11所述的任一服务器, 其特征在于, 进一 步包括:  12. A server according to any of claims 7 to 11, further comprising:
定时器, 用于设置定时时间, 所述接口单元未接收到对已加密的文 件夹进行操作的信息, 所述定时器开始计时, 如果在定时器超时前, 接 收到对所述已加密的文件夹进行操作的信息, 所述定时器重新开始计 时。  a timer, configured to set a timing time, the interface unit does not receive information about operating an encrypted folder, and the timer starts timing, if the encrypted file is received before the timer expires The information on the operation of the clip, the timer restarts timing.
13、 根据权利要求 12所述的服务器, 其特征在于, 进一步包括: 锁定单元, 用于当所述定时器超时后, 拒绝对所述已加密文件夹的 操作。  The server according to claim 12, further comprising: a locking unit, configured to reject the operation of the encrypted folder when the timer expires.
PCT/CN2008/071120 2007-06-14 2008-05-28 Method for controlling accessing to an electronic mail and electronic mail server WO2008151542A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2007100750421A CN101083524A (en) 2007-06-14 2007-06-14 Method and system for encrypting and deciphering E-mail
CN200710075042.1 2007-06-14

Publications (1)

Publication Number Publication Date
WO2008151542A1 true WO2008151542A1 (en) 2008-12-18

Family

ID=38912825

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/071120 WO2008151542A1 (en) 2007-06-14 2008-05-28 Method for controlling accessing to an electronic mail and electronic mail server

Country Status (2)

Country Link
CN (1) CN101083524A (en)
WO (1) WO2008151542A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929312A (en) * 2014-04-29 2014-07-16 深圳市中兴移动通信有限公司 Mobile terminal and method and system for protecting individual information of mobile terminal

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083524A (en) * 2007-06-14 2007-12-05 腾讯科技(深圳)有限公司 Method and system for encrypting and deciphering E-mail
CN101710879B (en) * 2009-01-14 2012-05-02 中国传媒大学 Novel identity-based privacy enhanced mail forwarding system
CN102361479A (en) * 2011-06-24 2012-02-22 上海合合信息科技发展有限公司 Method and system for obtaining designated information
CN102281140B (en) * 2011-06-24 2014-04-16 上海合合信息科技发展有限公司 Acquisition method and system thereof for designated information
CN102316051B (en) * 2011-09-14 2018-06-19 中兴通讯股份有限公司 A kind of method and system of off-line browsing history mail
WO2013097326A1 (en) * 2011-12-29 2013-07-04 盈世信息科技(北京)有限公司 Electronic mail encryption method, mail server, and system
CN103825999B (en) * 2012-11-19 2017-08-25 腾讯科技(深圳)有限公司 The function displaying method and device of application program
CN104065681B (en) * 2013-03-20 2018-06-15 腾讯科技(深圳)有限公司 The method and system of preview is carried out to the ciphered compressed packet in attachment
CN104732159B (en) * 2013-12-24 2019-01-25 北京慧眼智行科技有限公司 A kind of document handling method and device
CN105530331A (en) * 2015-12-16 2016-04-27 小米科技有限责任公司 Method for establishing name card file and method and device for registering or logging in website
CN107888475B (en) * 2016-09-30 2020-09-08 中国石油天然气股份有限公司 Mail decryption method and server
CN106874738B (en) * 2017-01-25 2020-03-17 Oppo广东移动通信有限公司 Response method for touch operation and mobile terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003152803A (en) * 2001-11-14 2003-05-23 Nec Corp System and method for mail reception substitute agent, server, and program
JP2005128996A (en) * 2003-09-30 2005-05-19 Dainippon Printing Co Ltd Information processing apparatus and system, and program
CN1713756A (en) * 2004-06-23 2005-12-28 华为技术有限公司 Security guarantee for memory data information of mobile terminal
CN101083524A (en) * 2007-06-14 2007-12-05 腾讯科技(深圳)有限公司 Method and system for encrypting and deciphering E-mail

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003152803A (en) * 2001-11-14 2003-05-23 Nec Corp System and method for mail reception substitute agent, server, and program
JP2005128996A (en) * 2003-09-30 2005-05-19 Dainippon Printing Co Ltd Information processing apparatus and system, and program
CN1713756A (en) * 2004-06-23 2005-12-28 华为技术有限公司 Security guarantee for memory data information of mobile terminal
CN101083524A (en) * 2007-06-14 2007-12-05 腾讯科技(深圳)有限公司 Method and system for encrypting and deciphering E-mail

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929312A (en) * 2014-04-29 2014-07-16 深圳市中兴移动通信有限公司 Mobile terminal and method and system for protecting individual information of mobile terminal

Also Published As

Publication number Publication date
CN101083524A (en) 2007-12-05

Similar Documents

Publication Publication Date Title
WO2008151542A1 (en) Method for controlling accessing to an electronic mail and electronic mail server
US9805210B2 (en) Encryption-based data access management
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
US8281135B2 (en) Enforcing use of chipset key management services for encrypted storage devices
US8489889B1 (en) Method and apparatus for restricting access to encrypted data
CN104137466B (en) Operate the method and computing device of computing device
CN102227734B (en) Client computer for protecting confidential file, server computer therefor, method therefor
US20080019530A1 (en) Message archival assurance for encrypted communications
US20110085664A1 (en) Systems and methods for managing multiple keys for file encryption and decryption
JP2011507414A (en) System and method for protecting data safety
CN104145446B (en) Operate method, computing device and the computer program of computing device
US11570155B2 (en) Enhanced secure encryption and decryption system
JP2006155554A (en) Database encryption and access control method, and security management device
WO2007058417A1 (en) Digital information storage system, digital information security system, method for storing digital information and method for service digital information
JP4471129B2 (en) Document management system, document management method, document management server, work terminal, and program
US10726104B2 (en) Secure document management
US11163892B2 (en) Buffering data until encrypted destination is unlocked
JP6778033B2 (en) Take-out file simple encryption system and take-out file simple encryption program
US20230205908A1 (en) Protected storage for decryption data
JP2007233983A (en) System for protecting cellular telephone mail, and cellular telephone server
JP2015018354A (en) File security ensuring system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08757532

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 7214/CHENP/2009

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 220410

122 Ep: pct application non-entry in european phase

Ref document number: 08757532

Country of ref document: EP

Kind code of ref document: A1