WO2008151542A1 - Procédé de contrôle d'accès à un courrier électronique et serveur de courrier électronique - Google Patents

Procédé de contrôle d'accès à un courrier électronique et serveur de courrier électronique Download PDF

Info

Publication number
WO2008151542A1
WO2008151542A1 PCT/CN2008/071120 CN2008071120W WO2008151542A1 WO 2008151542 A1 WO2008151542 A1 WO 2008151542A1 CN 2008071120 W CN2008071120 W CN 2008071120W WO 2008151542 A1 WO2008151542 A1 WO 2008151542A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
folder
encrypted
key
same
Prior art date
Application number
PCT/CN2008/071120
Other languages
English (en)
Chinese (zh)
Inventor
Mingqiang Li
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2008151542A1 publication Critical patent/WO2008151542A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the invention belongs to the field of communication security, and in particular relates to an access control method for an email and a mail server. Background of the invention
  • the security of the email is guaranteed by the login password of the email.
  • the email is stored in the plaintext (unencrypted) on the mail server.
  • the email includes the sent email. All mail information, such as received mail, will be displayed at a glance, making the security of user emails more vulnerable.
  • the login password of the user's mailbox is easily stolen.
  • An object of the embodiments of the present invention is to provide an email access control method and a mail server, which are intended to provide better security protection for emails in an email mailbox.
  • An embodiment of the present invention provides an access control method for an email, comprising the steps of: receiving an encryption selection of at least one folder in an email box, and receiving the input first password, using the first password pair to select the selected The folder is encrypted. Receiving an access request to the encrypted folder, and receiving the input second password, determining whether the second password and the first password are the same, and if the same, allowing access to the encrypted folder.
  • the embodiment of the invention further provides a mail server, which comprises the following components:
  • An interface unit configured to receive an encryption selection of at least one folder in the email when encrypting, and receive the input first password, receive an access request to the encrypted folder, and receive the input second when accessing password.
  • the control unit is configured to encrypt the selected folder by using the first password, determine whether the second password and the first password are the same, and if the same, allow access to the encrypted folder.
  • an encryption key is generated according to the input encryption password, and the folder in the mailbox selected by the user is encrypted, and the email in the encrypted folder is provided with two passwords other than the email login password.
  • the second password protection ensures the security of the email in the mailbox, especially the important security data of the user.
  • FIG. 1 is a flowchart of an implementation of an email access control method according to an embodiment of the present invention.
  • 2 is a flow chart of accessing an encrypted folder according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of implementing an email decryption method according to an embodiment of the present invention.
  • FIG. 4 is a structural diagram of a mail server according to an embodiment of the present invention.
  • FIG. 5 is a structural diagram of an extended mail server according to an embodiment of the present invention. Mode for carrying out the invention
  • the encrypted password input by the user that is, the first password is received, according to
  • the encrypted password generates an encryption key to encrypt the folder selected by the user in the mailbox, thereby realizing the secondary password protection of the email in the encrypted folder in the mailbox, thereby ensuring the security of the user's email.
  • FIG. 1 is a flowchart showing an implementation process of an access control method for an email provided by an embodiment of the present invention, which is described in detail as follows:
  • step S101 an encryption selection of at least one folder in the electronic mailbox is received, and the input first password is received, and the selected folder is encrypted using the first password.
  • Step S101 can be performed by: receiving an encrypted password input by the user and folder information in a mailbox selected by the user, such as an ID of the folder.
  • the folder in the mailbox selected by the user may contain email information that the user needs to encrypt and protect, or an empty folder.
  • a corresponding encryption algorithm is used to generate an encryption key, and the folder in the mailbox selected by the user is encrypted.
  • the corresponding encryption algorithm may be a public key algorithm (such as RSA encryption algorithm), a data encryption standard (DES) algorithm, a digital signature algorithm (such as ElGamal encryption algorithm, DSA encryption). Algorithm), MD5 encryption algorithm or FLOWFISH encryption algorithm.
  • the access control attribute can be set to whether the folder needs to be accessed with a password.
  • the mail server is sent a selection of the folder to be encrypted and an encrypted password.
  • the mail server sets the access control attribute to be accessed by the password, and the received encrypted password, that is, the first password, generates an encryption key, that is, the first key, by the encryption algorithm, and stores the first key. Further, the mail server stores the first key corresponding to the first key. Password.
  • step S102 an access request to the encrypted folder is received, and the input second password is received, and it is determined whether the second password and the first password are the same. If the same, the access to the encrypted folder is allowed.
  • FIG. 2 shows a processing flow for accessing an encrypted folder according to an embodiment of the present invention.
  • the user selects the folder to be accessed. If the folder is not encrypted, the user can browse or operate the email normally. If the folder is encrypted, the user is prompted to input an encrypted password; verify the encryption input by the user. If the password is correct, go to the error handling process, such as prompting the user for a wrong password. If it is correct, the user can browse or operate the email normally.
  • the mail server receives the access request sent by the user, determines whether the folder needs to be accessed by the password, and if necessary, requires the user to input the correct encrypted password.
  • the mail server receives the password entered by the user, that is, the second password, and generates an encryption key, that is, the second key, by the encryption algorithm used when encrypting. Compare the second key with the stored first key, and if the two are the same, allow the user to access the folder.
  • step S101 the embodiment of the present invention receives the encrypted password input by the user and the folder information in the mailbox selected by the user, and receives the password retrieval information input by the user, such as the password. Go back to the question, keep the email address, etc. and store the password to retrieve the information.
  • the following steps may be further included: When the user loses the encrypted password of the encrypted folder, the encrypted password of the encrypted folder is retrieved according to the password retrieval information.
  • the user sends a password retrieval request to the mail server.
  • the mail server requires the user to input the password retrieval information. If the information input by the user is consistent with the stored password retrieval information, the mail server sends the first password to the user. For example, the password set by the user is retrieved.
  • the information is a secret email address, and the mail server will ask the user to enter the correct secret email address, and compare the secret email address entered by the user with the secret email address in the password retrieval information. If the two are consistent, the mail server will use the first password. Send to the user.
  • the email encryption method may further include the following steps:
  • the following may be included in the embodiment of the present invention, in order to prevent the user from logging in to the mailbox and temporarily leaving during the browsing of the encrypted folder, or the user is logged out, and the email data in the encrypted folder is stolen by the user. Steps:
  • the encrypted folder After the user stops browsing the encrypted folder for a period of time (such as 2 minutes), or after the user logs out of the mailbox, the encrypted folder is automatically locked according to the encrypted password received in step S101.
  • the encrypted password for the encrypted folder needs to be re-entered.
  • the mail server can set a timer corresponding to the encrypted folder, and the timer is started when the mail server does not receive information on the operation of the encrypted folder. Before the timer expires, if the user receives information on the operation of the encrypted folder, the timer is reset; after the timer expires, the user's operation on the folder is rejected.
  • the time of the timer can be set by the user or by the mail server. When the mail server receives the message that the user has logged out, the encrypted folder is also locked.
  • the user can selectively encrypt the folder or email in the mailbox by using the above-mentioned email encryption method, and can set different passwords for different encrypted folders, thereby providing sufficient important data for the user. Security.
  • the user After encrypting the folder in the selected mailbox by the above method, the user does not know When the folder is encrypted, you cannot perform any operations on any email in the encrypted folder, such as browsing. In the process of the user opening and browsing the email through the encrypted password, if the user temporarily leaves, the security of the email is ensured by locking the encrypted folder.
  • the user can select the folder to be encrypted through the folder management page of the mailbox, and input the encrypted password according to the requirements (such as entering the password twice) to encrypt the folder of the selected mailbox.
  • FIG. 3 is a flowchart showing an implementation process of a method for decrypting an email provided by an embodiment of the present invention, which is described in detail as follows:
  • step S301 the decryption password input by the user and the encrypted folder information in the mailbox selected by the user are received.
  • the user selects the encrypted folder through the folder management page in the mailbox, and inputs a decryption password, which is the encrypted password input by the user when the folder is encrypted.
  • step S302 the selected encrypted folder is decrypted based on the encrypted password.
  • the state of the encrypted folder is the same as before the encryption, and the mailbox user can browse or manipulate any email in the decrypted folder in the mailbox.
  • the decryption may be to set the access control attribute to be accessed without a password and delete the stored first key. Further, the stored password retrieval information and the encrypted password are deleted.
  • FIG. 4 shows the structure of a mail server according to an embodiment of the present invention. For better description, only parts related to the embodiment of the present invention are shown.
  • the interface unit 410 is configured to receive at least one of the email addresses when encrypting.
  • the encryption of the folders is selected and the first password entered is received.
  • an access request to the encrypted folder is received, and the entered second password is received.
  • the control unit 420 is configured to encrypt the selected folder by using the first password, determine whether the second password and the first password are the same, and if the same, allow access to the encrypted folder.
  • FIG. 5 is a schematic structural diagram of an extended mail server.
  • control unit 420 includes the following modules:
  • the attribute setting module 421 is configured to set an access control attribute of the selected folder to be accessed by a password; and the key generation module 422 is configured to receive the interface unit 410.
  • a password is generated by an encryption algorithm to generate a first key.
  • the server further includes a storage unit 430 for storing the first key generated by the key generation module 422.
  • the key generation module 422 is further configured to generate a second key by using an encryption algorithm for the second password carried in the access request received by the 410 interface unit.
  • the control unit 420 further includes an access control module 423 for determining whether the second key generated by the key generation module 422 and the first key stored by the storage unit 430 are the same, and if the same, the folder is allowed to operate.
  • the interface unit 410 is further configured to receive password retrieval information.
  • the storage unit 430 is further configured to store the password retrieval information received by the interface unit 410.
  • Interface unit 410 is further operative to receive a password retrieval request.
  • the server further includes a password retrieval unit 440, configured to request input of password retrieval information, and determine whether the input password retrieval information is the same as the password retrieval information stored by the storage unit 430. If the same, the first password stored by the storage unit 430 is sent. .
  • the interface unit 410 is further for receiving a decryption request for the encrypted folder.
  • the attribute setting module 421 is further configured to set the access control attribute of the encrypted folder to be accessed without a password.
  • the storage unit 422 is further configured to delete the stored first key.
  • the server described above further includes a timer 450 for setting a timing time, and the interface unit 410 does not receive information for operating the encrypted folder, and the timer 450 is opened. At the beginning, if information about the operation of the encrypted folder is received before the timer 450 times out, the timer 450 restarts timing.
  • the server further includes a locking unit 460, configured to reject the operation of the encrypted folder when the timer expires after the timer 450 times out.
  • the email in the user mailbox is twice encrypted, and the security of the email in the encrypted folder is ensured.
  • the operation of the mail server is not controlled by the user, so the security of the email in the encrypted folder is also increased.
  • an encryption key is generated according to an encrypted password input by a user, and a folder in a mailbox selected by the user is encrypted, so that the email in the encrypted folder is secondarily encrypted.
  • the email that needs to be encrypted and protected can be transferred to the encrypted folder, so that the security of the email in the user's mailbox is protected, and when the user stops browsing or operating the encrypted folder for a period of time, or when the user logs out of the mailbox,
  • the encrypted folder is automatically re-encrypted according to the encrypted password input by the user.
  • the password needs to be re-entered, so that the user will not be stolen after leaving the user for a certain period of time, further ensuring that the email is not stolen.
  • User email security when the user forgets the password of the encrypted folder, the user can retrieve the encrypted password by using the entered password retrieval information.
  • the email decryption method provided by the embodiment of the present invention can cancel the password of the email, and the application is convenient and free.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un procédé de contrôle d'accès à un courrier électronique et un serveur de courrier électronique, le procédé comprenant les étapes suivantes : la réception d'une sélection pour chiffrer au moins un dossier dans une boîte aux lettres électronique, et la réception d'un premier mot de passe de chiffrement entré, le chiffrement du fichier au moyen du premier mot de passe de chiffrement (S101) ; la réception d'une demande d'accès au dossier chiffré, et la réception d'un second mot de passe entré, la détermination de l'identité entre le premier mot de passe de chiffrement et le second mot de passe de chiffrement, et dans l'affirmative, l'autorisation d'accès au dossier chiffré (S102). L'invention concerne également un serveur de courrier électronique correspondant au procédé selon l'invention. Le procédé réalise un nouveau chiffrement du dossier dans la boîte aux lettres électronique, et assure une protection du courrier électronique dans le dossier chiffré, garantissant ainsi la sécurité du courrier électronique.
PCT/CN2008/071120 2007-06-14 2008-05-28 Procédé de contrôle d'accès à un courrier électronique et serveur de courrier électronique WO2008151542A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710075042.1 2007-06-14
CNA2007100750421A CN101083524A (zh) 2007-06-14 2007-06-14 一种电子邮件的加密解密方法及系统

Publications (1)

Publication Number Publication Date
WO2008151542A1 true WO2008151542A1 (fr) 2008-12-18

Family

ID=38912825

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/071120 WO2008151542A1 (fr) 2007-06-14 2008-05-28 Procédé de contrôle d'accès à un courrier électronique et serveur de courrier électronique

Country Status (2)

Country Link
CN (1) CN101083524A (fr)
WO (1) WO2008151542A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929312A (zh) * 2014-04-29 2014-07-16 深圳市中兴移动通信有限公司 一种移动终端及其个人信息保护方法和系统

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083524A (zh) * 2007-06-14 2007-12-05 腾讯科技(深圳)有限公司 一种电子邮件的加密解密方法及系统
CN101710879B (zh) * 2009-01-14 2012-05-02 中国传媒大学 一种新型的基于身份的保密邮件转发系统
CN102361479A (zh) * 2011-06-24 2012-02-22 上海合合信息科技发展有限公司 指定信息获取方法及系统
CN102281140B (zh) * 2011-06-24 2014-04-16 上海合合信息科技发展有限公司 指定信息获取方法及系统
CN102316051B (zh) * 2011-09-14 2018-06-19 中兴通讯股份有限公司 一种离线浏览历史邮件的方法及系统
WO2013097326A1 (fr) * 2011-12-29 2013-07-04 盈世信息科技(北京)有限公司 Procédé de chiffrement de courrier électronique, serveur de courrier et système
CN103825999B (zh) * 2012-11-19 2017-08-25 腾讯科技(深圳)有限公司 应用程序的功能显示方法和装置
CN104065681B (zh) * 2013-03-20 2018-06-15 腾讯科技(深圳)有限公司 对附件中的加密压缩包进行预览的方法和系统
CN104732159B (zh) * 2013-12-24 2019-01-25 北京慧眼智行科技有限公司 一种文件处理方法及装置
CN105530331A (zh) * 2015-12-16 2016-04-27 小米科技有限责任公司 名片文件的创建方法、注册或登录网站的方法及装置
CN107888475B (zh) * 2016-09-30 2020-09-08 中国石油天然气股份有限公司 邮件的解密方法和服务器
CN106874738B (zh) * 2017-01-25 2020-03-17 Oppo广东移动通信有限公司 一种触控操作的响应方法及移动终端

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003152803A (ja) * 2001-11-14 2003-05-23 Nec Corp メール受信代行エージェントシステムおよび方法、サーバ、プログラム
JP2005128996A (ja) * 2003-09-30 2005-05-19 Dainippon Printing Co Ltd 情報処理装置、情報処理システム及びプログラム
CN1713756A (zh) * 2004-06-23 2005-12-28 华为技术有限公司 一种移动终端内存储的资料信息的安全保障方法
CN101083524A (zh) * 2007-06-14 2007-12-05 腾讯科技(深圳)有限公司 一种电子邮件的加密解密方法及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003152803A (ja) * 2001-11-14 2003-05-23 Nec Corp メール受信代行エージェントシステムおよび方法、サーバ、プログラム
JP2005128996A (ja) * 2003-09-30 2005-05-19 Dainippon Printing Co Ltd 情報処理装置、情報処理システム及びプログラム
CN1713756A (zh) * 2004-06-23 2005-12-28 华为技术有限公司 一种移动终端内存储的资料信息的安全保障方法
CN101083524A (zh) * 2007-06-14 2007-12-05 腾讯科技(深圳)有限公司 一种电子邮件的加密解密方法及系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929312A (zh) * 2014-04-29 2014-07-16 深圳市中兴移动通信有限公司 一种移动终端及其个人信息保护方法和系统

Also Published As

Publication number Publication date
CN101083524A (zh) 2007-12-05

Similar Documents

Publication Publication Date Title
WO2008151542A1 (fr) Procédé de contrôle d'accès à un courrier électronique et serveur de courrier électronique
US9805210B2 (en) Encryption-based data access management
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
US8281135B2 (en) Enforcing use of chipset key management services for encrypted storage devices
US8489889B1 (en) Method and apparatus for restricting access to encrypted data
CN102227734B (zh) 用于保护机密文件的客户端计算机和其服务器计算机以及其方法
CN104137466B (zh) 操作计算设备的方法及计算设备
US20080019530A1 (en) Message archival assurance for encrypted communications
US20110085664A1 (en) Systems and methods for managing multiple keys for file encryption and decryption
JP2011507414A (ja) データの安全を保護するためのシステムおよび方法
CN104145446B (zh) 操作计算设备的方法、计算设备及计算机程序
US11570155B2 (en) Enhanced secure encryption and decryption system
JP2006155554A (ja) データベース暗号化及びアクセス制御方法、セキュリティ管理装置
WO2007058417A1 (fr) Systeme de stockage et de securite d’informations numeriques, procede de stockage et de service de ces informations
JP4471129B2 (ja) 文書管理システム及び文書管理方法、文書管理サーバ、作業端末、並びにプログラム
US10726104B2 (en) Secure document management
US11163892B2 (en) Buffering data until encrypted destination is unlocked
JP6778033B2 (ja) 持ち出しファイル簡易暗号化システムおよび持ち出しファイル簡易暗号化プログラム
US20230205908A1 (en) Protected storage for decryption data
JP2007233983A (ja) 携帯電話メールの防護システム及び携帯電話サーバ
JP2015018354A (ja) ファイルの安全確保システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08757532

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 7214/CHENP/2009

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 220410

122 Ep: pct application non-entry in european phase

Ref document number: 08757532

Country of ref document: EP

Kind code of ref document: A1