WO2018145357A1 - 邮件加密的方法及系统 - Google Patents
邮件加密的方法及系统 Download PDFInfo
- Publication number
- WO2018145357A1 WO2018145357A1 PCT/CN2017/079219 CN2017079219W WO2018145357A1 WO 2018145357 A1 WO2018145357 A1 WO 2018145357A1 CN 2017079219 W CN2017079219 W CN 2017079219W WO 2018145357 A1 WO2018145357 A1 WO 2018145357A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- private key
- mail client
- key
- certificate
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Definitions
- the present invention relates to the field of communication security technologies, and in particular, to a method and system for encrypting mail.
- e-mail has been widely used. Since e-mail is transmitted in plain text on the Internet, it is impossible to guarantee the security of personal and commercial confidential information. Therefore, it is solved by e-mail encryption technology, among which are widely used: S/MIME and OpenPGP, the S/MIME-enabled e-mail client software includes Microsoft Outlook, Mozilla's Thunderbird and Apple's iPhone mail client software, while the OpenPGP-enabled e-mail client software has PGP.
- Desktop Email The certificate that is summarized as the former for mail encryption is issued by a third-party CA, and the latter certificate is issued by itself.
- both parties must have an email encryption certificate (public key and private key). If the S/MIME method is used, it takes a lot of time and money to apply for a certificate from a third-party CA. (If the certificate is charged); second, both parties must exchange the public key certificate in advance through a clear text email. Further, both parties must also use email client software that supports unified encryption. In this way, email encryption becomes very complicated and cumbersome, and the current method of personal privacy and commercial secrets that need encryption protection is not widely used.
- the main object of the present invention is to provide a method and system for encrypting mail, which aims to improve the convenience and security of e-mail use.
- the present invention provides a method for encrypting a mail, and the method for encrypting mail includes the following steps:
- the third-party certificate server stores the public key of the key pair of multiple mail clients,
- the public key of the mail client requesting to obtain the receipt from the third-party certificate server is the public key of the mail client requesting to obtain the receipt from the third-party certificate server.
- the sending mail client encrypts the sent mail by public key and completes sending the mail.
- determining whether the third party certificate server stores the public key of the mail client of the receipt further comprises the following steps:
- the third-party certificate server If not, the third-party certificate server generates a key pair from the certificate, returns the public key of the key pair to the mail client of the sender, and the third-party certificate server sends a reminder mail to the mail client of the recipient.
- the login mail client further comprises the following steps:
- the private key of the key pair is split to form a first private key and a second private key
- the third party certificate server stores the first private key of the mail client
- the mail client stores the second private key
- the mail client obtains the first private key and encrypts the first private key.
- the reminder mail includes a link to explain and download the mail client.
- the private key of the key pair is split to form a first private key and a second private key
- the third party certificate server stores the first private key of the mail client
- the mail client stores the second private key, including the following steps. :
- determining whether a full certificate exists further comprises the following steps:
- determining whether the key pair of the self-signed certificate exists further comprises the following steps:
- the method further comprises the steps of:
- the mail client of the recipient gets the mail
- the receiving mail client of the receiving mail further comprises the following steps:
- the present invention further provides a system for encrypting a mail, comprising at least two mail clients, a third-party certificate server connected to at least two of the mail clients, each mail client including a login unit and a sending unit.
- the obtaining unit, and the encrypting unit, the third-party certificate server includes a judging unit and a storage unit,
- the storage unit stores a public key of a key pair of a plurality of mail clients
- the login unit logging in to the mail client
- the sending unit requests to send an email to at least one mail client of the receiving device,
- the obtaining unit requests to obtain a public key of the mail client of the receiving party from the third-party certificate server,
- the determining unit determines whether the third party certificate server stores the public key of the mail client of the receiving, and if yes, the sending mail client obtains the public key,
- the encryption unit sends a mail by using a public key to encrypt the sent mail, and completes sending the mail.
- the technical solution of the invention stores the public key of the key pair of the plurality of mail clients through the third-party certificate server, logs in to the mail client, requests to send the mail to the mail client of the at least one recipient, and requests to obtain the receipt from the third-party certificate server.
- the public key of the mail client of the piece determines whether the third party certificate server stores the public key of the mail client of the receiving, and if so, the mail client of the sending obtains the public key, and the mail client of the sending is encrypted by the public key Sending an email and completing the sending of the email can improve the convenience and security of email encryption by directly obtaining the public key from the third-party certificate server.
- FIG. 1 is a schematic diagram of the principle of an embodiment of a method for encrypting a mail according to the present invention
- FIG. 2 is a schematic diagram showing the principle of a mail encryption method of the present invention for logging in to a mail client;
- step S21 is a schematic diagram of the principle of step S21 of the method for encrypting mail according to the present invention
- step S90 in FIG. 3 is a schematic diagram showing the principle of another embodiment of step S90 in FIG. 3;
- FIG. 5 is a schematic diagram of another embodiment of a method for encrypting a mail according to the present invention.
- FIG. 6 is a schematic diagram of another embodiment of a method for encrypting a mail according to the present invention.
- FIG. 7 is a schematic structural diagram of a mail client of a mail encryption system according to the present invention.
- FIG. 8 is a schematic structural diagram of a third-party certificate server of the mail encryption system of the present invention.
- the terms "connected”, “fixed” and the like should be understood broadly, unless otherwise clearly defined and limited.
- “fixed” may be a fixed connection, or may be a detachable connection, or may be integrated; It may be a mechanical connection or an electrical connection; it may be directly connected or indirectly connected through an intermediate medium, and may be an internal connection of two elements or an interaction relationship of two elements unless explicitly defined otherwise.
- the specific meanings of the above terms in the present invention can be understood on a case-by-case basis.
- first, second, and the like in the present invention are used for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated.
- features defining “first” or “second” may include at least one of the features, either explicitly or implicitly.
- the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. It is also within the scope of protection required by the present invention.
- the invention provides a system for encrypting mail
- the mail encryption system includes at least two mail clients 10 and a third-party certificate server 20 electrically connected to at least two mail clients 10 .
- Each mail client includes a login unit 11, a sending unit 12, an obtaining unit 13, and an encryption unit 14, and the third-party certificate server 20 includes a judging unit 21 and a storage unit 22,
- the storage unit 22 stores the public key of the key pair of the plurality of mail clients 10,
- the login unit 11 logs in to the mail client 10,
- the sending unit 12 requests to send an email to the mail client 10 of the at least one recipient,
- the obtaining unit 13 requests to obtain the public key of the mail client 10 of the recipient from the third-party certificate server 20,
- the determining unit 21 determines whether the third party certificate server 20 stores the public key of the mail client 10 of the receipt, and if so, the mail client 10 of the sender acquires the public key.
- the encryption unit 14 sends the mail to the mail client 10 by the public key to complete the sending of the mail.
- the above-mentioned mail client 10 has the function of sending and receiving mails at the same time, and is defined as the mail client 10 of the sender when the mail is sent, and the mail client 10 defined as the recipient when the mail is received, and the mail client 10 is a mobile phone, a computer, etc.
- the device having the processor is a carrier, and the mail client 10 may further include a communication interface, a human-machine interaction interface or a display screen, a decryption unit, a receiving unit 15, a communication interface, and the like.
- the human-computer interaction interface provides an operation interface for the user, and the user can view the mail and create a new mail through the interface to implement interaction with the mail server.
- the receiving unit 15 is configured to obtain a new mail from the mail server.
- the decryption unit is configured to decrypt the received mail and process the user certificate information and related information obtained by the third party certificate server 20.
- the certificate communication interface is used to implement data interaction between the mail client 10 and the third party certificate server 20.
- the third-party certificate server 20 can adopt CA (Certificate) Authority) A certificate service system in the cloud that provides users with services such as issuing certificates and querying certificates.
- the third-party certificate server 20 includes a memory, a certificate processing module, a communication port, and the like, wherein the memory can be used to store a plurality of public keys of the mail client 10, a certificate information record issued by the certificate service system, and a request record of the user.
- the communication interface is used for certificate data interaction with the mail client 10.
- the certificate processing module is used to process user requests and generate new certificates.
- the mail client 10 is electrically connected to the communication port of the third-party certificate server 20 through the communication interface, and can obtain the public key or other request service stored by the third-party certificate server 20.
- the mail server described above may include a communication interface and a memory.
- the communication interface is used for mail data interaction with the mail client 10.
- the memory is used to store the mail data sent and received.
- the mail client 10 also connects to the mail server's communication port through the transmitting unit 12 and the receiving unit 15, and the mail client 10 sends mail and mails to the mail server. In this way, the public key is directly obtained from the obtaining unit 13 to the third-party certificate server 20, thereby improving the convenience and security of the use of the email encryption.
- the invention also proposes a method of mail encryption.
- a method for encrypting a mail includes the following steps:
- the third party certificate server stores the public key of the key pair of the plurality of mail clients,
- S50 determining whether the third party certificate server stores the public key of the mail client of the receipt, and if so, S51: the mail client of the sender obtains the public key, and the mail client of the sending mail encrypts the mail sent by the public key. Finish sending mail.
- An embodiment is: a third-party certificate server collects and stores a public key of a plurality of mail clients in advance, and collects a public key and related information of the mail client when the third-party certificate server is used, and an account of the mail client only corresponds to In a public key, to improve the security of use, firstly after successfully logging in to a mail client, the user interface is used to edit the mail content and the recipient, and then the request is sent, and then the mail client can automatically or manually request the The third-party certificate server obtains the public key of the mail client of the recipient, and the third-party certificate server responds, searches for the public key of the mail client of the receipt stored in the memory, and sends it to the mail client of the sender, and then sends the mail client.
- the mail client After receiving the public key, the mail client automatically or manually selects and encrypts the mail to be sent, and finally sends the mail to the mail server to complete the encrypted mail transmission.
- the above mail client automatically obtains the public key and encryption, and can realize one-click encryption to send an email.
- the user does not need to care about where to apply for the encryption certificate, how to apply for the encryption certificate, and the sender and the mail do not need to exchange the certificate public key file in advance.
- the email encryption application is more convenient and fast, ensuring the security of user email confidential information.
- the technical solution of the present invention stores a public key of a plurality of mail clients through a third-party certificate server, logs in to the mail client, requests to send an email to at least one mail client of the recipient, and requests the mail client to obtain the receipt from the third-party certificate server.
- the public key of the terminal determines whether the third party certificate server stores the public key of the mail client of the receipt, and if so, the mail client of the sender obtains the public key, and the mail client of the sender encrypts the mail sent by the public key.
- the mail is sent to improve the convenience and security of email encryption by directly obtaining the public key from the third-party certificate server.
- step S50 determining whether the third party certificate server stores the public key of the mail client of the recipient further includes the following steps:
- the third-party certificate server If not, the third-party certificate server generates a key pair from the certificate, returns the public key of the key pair to the mail client of the sender, and the third-party certificate server sends the prompt mail to the mail client of the recipient. .
- the key pair of the self-signed certificate includes the public key and the private key of the self-signed certificate.
- the third-party certificate server When the third-party certificate server does not store the public key of the mail client of the receipt, the third-party certificate server generates the secret of the self-signed certificate.
- the key pair returns the public key of the key pair to the mail client of the sender.
- the prompt email may include a link for explaining and downloading the mail client. Specifically, the prompt email may be a clear text email, and the user is prompted to have an encrypted email. Install the mail client or the corresponding plug-in, such as a mail client or plug-in with S/MIME, to view the mail.
- step S20 the login mail client further includes the following steps:
- the private key of the key pair is split to form a first private key and a second private key
- the third party certificate server stores the first private key of the mail client
- the mail client stores the second private key
- S24 determining whether the verification is successful, if yes, S241: the mail client obtains the first private key, and encrypts the first private key,
- S25 Determine whether to exit the mail client, and if yes, S251: delete the obtained first private key.
- the private key of the certificate is split into the first private key and the second private key.
- the mail client After receiving the response from the third-party certificate server, the mail client automatically uses the decryption unit to automatically save the certificate configuration.
- the private key returned by the third-party certificate server can be encrypted by an encryption algorithm and then saved in the local data file of the mail client.
- the mail client when the mail client is re-entered after logging in or logging in, the mail client needs the user to verify his identity in order to obtain the first private key that the user is missing.
- the mail client 12 is started, and the client determines whether the user has logged in. If the client is not logged in, the user must log in to the mail client first. After confirming that the user logs in, the mail client displays the authentication user identity interface, and the user uses the authentication method set by himself before authentication. The mail client determines whether the user is authenticated successfully. Authentication can be set 3 to 5 attempts. If the authentication fails, the client locks the program and the user cannot use it. If the identity authentication is successful, the mail client sends the first private key to the third-party certificate server.
- the mail client determines whether the mail client succeeds in obtaining the first private key. If the first private key is successfully obtained, the first private key is encrypted by an algorithm and saved in the device memory. When the mail client is successfully logged out, the mail client automatically deletes the obtained first private key to ensure the security of sending and receiving the encrypted mail. Further, when the user certificate private key needs to be used, the obtained first private key and the second private key in the mail client memory are merged into a complete private key. The mail client will never save the user certificate's full private key to keep the user information secure. After the network client or other factors cause the mail client to fail to obtain the first private key, the user can complete the authentication to enter the mail client, but cannot use the mail decryption function that requires the full private key.
- step S21 the private key of the key pair is split to form a first private key and a second private key, and the third party certificate server stores the first private key of the mail client, and the mail client stores the first
- the second private key includes the following steps:
- S80 Apply for a certificate to a third-party certificate server.
- S90 Determine whether a complete certificate exists, and if yes, S91: obtain the first private key and the complete certificate of the third-party certificate server.
- step S90 determining whether a full certificate exists further includes the following steps:
- S92 judging whether there is a key pair of the self-signed certificate, and if so, S921: generating a complete certificate according to the key pair of the self-signed certificate, and performing the step of judging whether a complete certificate exists.
- step S92 determining whether there is a key pair of the self-signed certificate further comprises the following steps:
- S922 Generate a new complete certificate and perform the step of judging whether a full certificate exists.
- An embodiment is as follows: after the initial installation of the mail client is successful, the user first inputs an email account and a password, and after successful verification, logs in to the mail client.
- the mail client displays the user identity authentication setting interface, and the user selects an authentication method, such as a fingerprint, a gesture pattern, or other manners, so that the mail client authenticates the user.
- the mail client After the identity authentication mode is set, the mail client automatically requests the encrypted full certificate of the mail client from the third-party certificate server.
- the third-party certificate server receives the request from the mail client, and performs verification and analysis on the request information in the third-party certificate server. According to the user's email account, it is determined whether a complete certificate of the user's email encryption has been generated in the third-party certificate server.
- the email encryption certificate is directly sent to the mail client. To enable users to use different devices with one account information or identity information, only one certificate can be used to ensure security. If the email client certificate does not exist in the third-party certificate server, it is determined whether there is a self-signed certificate for the user. Key pair. If there is no self-signed certificate key pair, the third-party certificate server directly generates a new email encryption certificate for the user and saves it. If there is a self-signed certificate key pair, the third-party certificate server generates a complete email encryption certificate based on the existing key pair. The third-party certificate server feeds the certificate back to the mail client, and the mail client can also obtain the first private key of the third-party certificate server.
- the user first needs to log in to the mail client through the above authentication method, and complete the login mail client and the user identity verification. Write a message through the human-computer interface, and then click the Send command to request the message to be sent.
- the mail client requests the third party certificate server to receive the public key of the mail client.
- the third-party certificate server determines whether there is a complete certificate for the mail client of the recipient. If the third party certificate server has the complete certificate of the mail client of the recipient, the public key of the mail client of the recipient is directly sent to the mail client of the sender.
- the third party certificate server pre-generates the key pair for the mail client to be received, including the public key and the private key.
- the third-party certificate server can send a clear text message to the mail client of the recipient, indicating that the mail client of the recipient has an encrypted mail, and can prompt to install the mail client system to view the mail.
- the third-party certificate server feeds back the self-signed public key of the mail client of the recipient to the mail client of the sender.
- the sending mail client After receiving the response from the third-party certificate server, the sending mail client encrypts the mail to be sent using the public key.
- the sending unit sends the encrypted mail to the mail server.
- the method further includes the following steps:
- S120 Determine whether the mail is encrypted by the public key, and if so, S121: the first private key is merged with the second private key.
- S131 parsing using the combined private key to display the content of the mail. If not, S132: displaying the mail fails.
- the login mail client is first performed through the above steps, including user identity verification, etc., and the mail client receives the new mail or the old mail from the mail server through the receiving unit.
- the decryption unit parses the mail that needs to be viewed. It is then determined whether the mail is encrypted by the certificate public key of its own mail client. If the message is not encrypted, the message content is displayed directly. If the message is encrypted, the decryption unit may attempt to algorithmically decrypt the private key in the local data file and the private key in the memory, and merge the two pieces of data into the user's complete private key.
- the merge client it is judged whether the merge is successful, and if some of the first private key and the second private key are missing or the algorithm fails to decrypt, the merged private key data fails. If the first private key and the second private key are successfully combined, the mail client can decrypt the email using the full private key, and the mail client displays the specific content after the email is decrypted. If the private key fails to merge and you cannot view the message, you can also prompt. This improves the convenience and security of email encryption.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开一种邮件加密的方法及系统,其中该邮件加密的方法包括以下步骤:第三方证书服务端存储多个邮件客户端的密钥对的公钥,登录邮件客户端,请求发送邮件给至少一个收件的邮件客户端,请求向第三方证书服务端获取收件的邮件客户端的公钥,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件。本发明的邮件加密的方法及系统的电子邮件使用的便利性及安全性高。
Description
技术领域
本发明涉及通讯安全技术领域,特别涉及一种邮件加密的方法及系统。
背景技术
目前电子邮件已经得到广泛应用,由于电子邮件在互联网上是明文传输的,以至于无法保证个人隐私信息和商业机密信息的安全,所以,通过电子邮件加密技术进行解决,其中被广泛使用的有:S/MIME和OpenPGP,支持S/MIME的电子邮件客户端软件有微软的Outlook、Mozilla的Thunderbird和苹果的iPhone邮件客户端软件等,而支持OpenPGP的电子邮件客户端软件有PGP
Desktop Email。概括为前者用于邮件加密的证书是第三方CA签发的,而后者证书是自己签发的。
以上两种邮件加密技术的前提是发件方必须有收件方的公钥证书,双方必须先发邮件进行交换公钥证书后,才能发送加密邮件。即发送加密邮件必须有两个前提:一是双方都必须有电子邮件加密证书(公钥和私钥),如果是采用S/MIME方式,向第三方CA申请证书还需要花费大量的时间和金钱(如果证书收费);二是双方都必须通过明文电子邮件事先交换公钥证书。进一步地,双方还必须使用支持采用统一加密技术的电子邮件客户端软件。以此使电子邮件加密变得非常复杂和麻烦,造成目前的个人隐私和商业机密急需加密保护的方式并没有得到广泛的应用。
同时,目前的邮件客户端软件在安装电子邮件加密证书时,大多会将证书的私钥也完整的保存在设备本地。当设备(特别是移动设备)被盗或者系统被破解时,非常容易导致证书私钥泄露,危害用户邮件信息安全。
发明内容
本发明的主要目的是提供一种邮件加密的方法及系统,旨在提高电子邮件使用的便利性及安全性。
为实现上述目的,本发明提出一种邮件加密的方法,该邮件加密的方法包括以下步骤:
第三方证书服务端存储多个邮件客户端的密钥对的公钥,
登录邮件客户端,
请求发送邮件给至少一个收件的邮件客户端,
请求向第三方证书服务端获取收件的邮件客户端的公钥,
判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,
发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件。
优选地,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥还包括以下步骤:
若否,第三方证书服务端生成自签证书的密钥对,返回该密钥对的公钥给发件的邮件客户端,第三方证书服务端向收件的邮件客户端发送提示邮件。
优选地,登录邮件客户端还包括以下步骤:
密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,
请求登录邮件客户端,
验证身份信息,
判断是否验证成功,若是,邮件客户端获取第一私钥,并对第一私钥加密,
判断是否退出该邮件客户端,
若是,删除获取的第一私钥。
优选地,所述提示邮件包括说明和下载该邮件客户端的链接。
优选地,密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,包括以下步骤:
在一个设备或其它设备初次请求登录邮件客户端,
设置身份认证方式,
向第三方证书服务端申请证书,
判断是否存在完整证书,若是,获取第三方证书服务端的第一私钥和完整证书。
优选地,判断是否存在完整证书还包括以下步骤:
若否,判断是否存在自签证书的密钥对,若是,根据自签证书的密钥对生成完整证书,再次执行判断是否存在完整证书的步骤。
优选地,判断是否存在自签证书的密钥对还包括以下步骤:
若否,生成新的完整证书,再次执行判断是否存在完整证书的步骤。
优选地,还包括以下步骤:
收件的邮件客户端获取邮件,
请求解析邮件,
判断邮件是否通过公钥加密,若是,第一私钥与第二私钥进行合并。
优选地,所述收件的邮件客户端获取邮件还包括以下步骤:
判断第一私钥与第二私钥是否合并成功,
若是,使用合并后的私钥进行解析,显示邮件内容,若否,显示邮件失败。
本发明还提出一种邮件加密的系统,包括至少两个邮件客户端、与至少两个所述邮件客户端电性连接的第三方证书服务端,每一邮件客户端均包括登录单元、发送单元、获取单元、及加密单元,第三方证书服务端包括判断单元和存储单元,
所述存储单元,存储多个邮件客户端的密钥对的公钥,
所述登录单元,登录邮件客户端,
所述发送单元,请求发送邮件给至少一个收件的邮件客户端,
所述获取单元,请求向第三方证书服务端获取收件的邮件客户端的公钥,
所述判断单元,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,
所述加密单元,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件。
本发明技术方案通过第三方证书服务端存储多个邮件客户端的密钥对的公钥,登录邮件客户端,请求发送邮件给至少一个收件的邮件客户端,请求向第三方证书服务端获取收件的邮件客户端的公钥,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件,以此通过直接向第三方证书服务端获取公钥,提高电子邮件加密使用的便利性及安全性。
附图说明
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图示出的结构获得其他的附图。
图1为本发明邮件加密的方法一实施例的原理示意图;
图2为本发明邮件加密的方法登录邮件客户端的原理示意图;
图3为本发明邮件加密的方法的步骤S21的原理示意图;
图4为图3中步骤S90的另一实施例原理示意图;
图5为本发明邮件加密的方法的另一实施例的原理示意图;
图6为本发明邮件加密的方法的又一实施例的原理示意图;
图7为本发明邮件加密的系统的邮件客户端的结构示意图;
图8为本发明邮件加密的系统的第三方证书服务端的结构示意图。
附图标号说明:
标号 | 名称 | 标号 | 名称 |
10 | 邮件客户端 | 15 | 接收单元 |
11 | 登录单元 | 20 | 第三方证书服务端 |
12 | 发送单元 | 21 | 判断单元 |
13 | 获取单元 | 22 | 存储单元 |
14 | 加密单元 |
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。
具体实施方式
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
需要说明,本发明实施例中所有方向性指示(诸如上、下、左、右、前、后……)仅用于解释在某一特定姿态(如附图所示)下各部件之间的相对位置关系、运动情况等,如果该特定姿态发生改变时,则该方向性指示也相应地随之改变。
在本发明中,除非另有明确的规定和限定,术语“连接”、“固定”等应做广义理解,例如,“固定”可以是固定连接,也可以是可拆卸连接,或成一体;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通或两个元件的相互作用关系,除非另有明确的限定。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。
另外,在本发明中如涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本发明要求的保护范围之内。
本发明提出一种邮件加密的系统,
参照图1、图7及图8,在本发明一实施例中,该邮件加密的系统包括至少两个邮件客户端10、与至少两个邮件客户端10电性连接的第三方证书服务端20,每一邮件客户端均包括登录单元11、发送单元12、获取单元13、及加密单元14,第三方证书服务端20包括判断单元21和存储单元22,
存储单元22,存储多个邮件客户端10的密钥对的公钥,
登录单元11,登录邮件客户端10,
发送单元12,请求发送邮件给至少一个收件的邮件客户端10,
获取单元13,请求向第三方证书服务端20获取收件的邮件客户端10的公钥,
判断单元21,判断第三方证书服务端20是否存储有该收件的邮件客户端10的公钥,若是,发件的邮件客户端10获取该公钥,
加密单元14,发件的邮件客户端10通过公钥加密发送的邮件,完成发送邮件。
上述的邮件客户端10同时具有收发邮件功能,当进行发送邮件时定义为发件的邮件客户端10,进行收取邮件时定义为收件的邮件客户端10,邮件客户端10以手机、电脑等具有处理器的装置为载体,该邮件客户端10还可包括通讯接口、人机交互界面或显示屏、解密单元、接收单元15、通讯接口等。其中的人机交互界面为用户提供操作界面,用户可以通过该界面查看邮件和创建新邮件,实现与邮件服务器的交互。接收单元15用于实现从邮件服务器获取新邮件。解密单元用于对接收的邮件进行解密、及处理第三方证书服务端20获取的用户证书信息及相关信息。证书通讯接口用于实现邮件客户端10和第三方证书服务端20的数据交互。
其中的第三方证书服务端20可采用CA (Certificate
Authority)云端的证书服务系统,为用户提供签发证书和查询证书等服务。第三方证书服务端20包括有存储器、证书处理模块、通讯端口等,其中存储器可用于存储多个邮件客户端10的公钥、保存证书服务系统颁发的证书信息记录、及用户的请求记录。通讯接口用于与邮件客户端10进行证书数据交互。证书处理模块用于处理用户请求、生成新证书功能。邮件客户端10通过通讯接口与第三方证书服务端20的通讯端口进行电性连接,可获取第三方证书服务端20存储的公钥或其他请求服务等。
上述的邮件服务器可包括通讯接口和存储器。通讯接口用于与邮件客户端10进行邮件数据交互。存储器用于保存收发的邮件数据。邮件客户端10还通过发送单元12和接收单元15与邮件服务器的通讯端口进行连接,邮件客户端10向邮件服务器发送邮件和获取邮件。以此通过获取单元13直接向第三方证书服务端20获取公钥,提高电子邮件加密使用的便利性及安全性。
本发明还提出一种邮件加密的方法。
参照图1,在本发明一实施例中,该邮件加密的方法,包括以下步骤:
S10:第三方证书服务端存储多个邮件客户端的密钥对的公钥,
S20:登录邮件客户端,
S30:请求发送邮件给至少一个收件的邮件客户端,
S40:请求向第三方证书服务端获取收件的邮件客户端的公钥,
S50:判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,S51:发件的邮件客户端获取该公钥,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件。
一实施例为:第三方证书服务端预先收集存储多个邮件客户端的公钥,并且在使用该第三方证书服务端时,进行收集邮件客户端的公钥及相关信息,邮件客户端的一个账号仅对应于一个公钥,提高使用安全性,首先在成功登录一邮件客户端后,通过人机交互界面进行编辑邮件内容及收件人等信息后进行请求发送,然后邮件客户端可自动或手动请求向第三方证书服务端获取收件的邮件客户端的公钥,第三方证书服务端进行响应,查找存储器中存储的该收件的邮件客户端的公钥,并发送给发件的邮件客户端,接着发件的邮件客户端接收该公钥后进行自动或手动选择加密待发送的邮件,最后发送邮件给邮件服务器,完成邮件加密发送。以上的邮件客户端自动的获取公钥和加密,可实现一键加密发送电子邮件,用户无需关心从哪里申请加密证书、如何申请加密证书,收发邮件双方也无需事先交换证书公钥文件,从而使电子邮件加密应用更方便快捷,确保用户电子邮件机密信息安全。
本发明技术方案通过第三方证书服务端存储多个邮件客户端的公钥,登录邮件客户端,请求发送邮件给至少一个收件的邮件客户端,请求向第三方证书服务端获取收件的邮件客户端的公钥,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件,以此通过直接向第三方证书服务端获取公钥,提高电子邮件加密使用的便利性及安全性。
参照图1,进一步地,步骤S50:判断第三方证书服务端是否存储有该收件的邮件客户端的公钥还包括以下步骤:
S52:若否,第三方证书服务端生成自签证书的密钥对,返回该密钥对的公钥给发件的邮件客户端,第三方证书服务端向收件的邮件客户端发送提示邮件。
其中自签证书的密钥对包括自签证书的公钥和私钥,当第三方证书服务端未存储有该收件的邮件客户端的公钥时,第三方证书服务端生成自签证书的密钥对,返回该密钥对的公钥给发件的邮件客户端,其中的提示邮件可包括说明和下载该邮件客户端的链接,具体地提示邮件可为明文邮件,提示用户有加密邮件,请安装该邮件客户端或者相应的插件,如具有S/MIME的邮件客户端或插件等,进行查看该邮件。
参照图2,优选地,步骤S20:登录邮件客户端还包括以下步骤:
S21:密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,
S22:请求登录邮件客户端,
S23:验证身份信息,
S24:判断是否验证成功,若是,S241:邮件客户端获取第一私钥,并对第一私钥加密,
S25:判断是否退出该邮件客户端,若是,S251:删除获取的第一私钥。
上述为保证用户证书私钥的安全,将证书私钥拆分成第一私钥和第二私钥,邮件客户端收到第三方证书服务端的响应后,使用解密单元自动对证书解析配置保存,并可通过加密算法将第三方证书服务端返回的私钥进行加密,然后保存在邮件客户端本地数据文件中。
具体地,在刚登录或登录后退出邮件客户端再次进入时,邮件客户端需要用户验证自己身份以便获取用户缺失的第一私钥。启动邮件客户端12,客户端判断用户是否已经登录。如果客户端没有登录,用户必须先登录邮件客户端,确认用户登录之后,邮件客户端显示认证用户身份界面,用户使用之前自己设置的认证方法进行身份认证。邮件客户端判断用户是否认证成功。身份认证可设置3到5次尝试机会,如果身份认证失败,客户端锁定程序,用户无法使用。如果身份认证成功,邮件客户端向第三方证书服务端第一私钥。接着判断邮件客户端是否获取第一私钥成功。如果第一私钥获取成功,通过算法加密第一私钥,并保存在设备内存中。当成功退出该邮件客户端时,邮件客户端进行自动删除获取的第一私钥,以便保证邮件加密发送及接收的安全。进一步地,当需要使用用户证书私钥时,将获取的第一私钥和邮件客户端内存中的第二私钥合并成完整的私钥。邮件客户端始终不会保存用户证书完整私钥,以保证用户信息安全。由于网络问题或其他因素导致邮件客户端获取第一私钥失败后,此时用户已经完成身份验证可以进入该邮件客户端,但是不能使用需要完整私钥的邮件解密功能。
参照图3,优选地,步骤S21:密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,包括以下步骤:
S60:在一个设备或其它设备初次请求登录邮件客户端,
S70:设置身份认证方式,
S80:向第三方证书服务端申请证书,
S90:判断是否存在完整证书,若是,S91:获取第三方证书服务端的第一私钥和完整证书。
参照图4,进一步地,步骤S90:判断是否存在完整证书还包括以下步骤:
若否,S92:判断是否存在自签证书的密钥对,若是,S921:根据自签证书的密钥对生成完整证书,再次执行判断是否存在完整证书的步骤。
更进一步地,步骤S92:判断是否存在自签证书的密钥对还包括以下步骤:
若否,S922:生成新的完整证书,再次执行判断是否存在完整证书的步骤。
一实施例为:在邮件客户端初次安装成功后,用户首先输入邮箱账号和密码,验证成功后登录邮件客户端。邮件客户端显示用户身份认证设置界面,用户选择身份认证方式,如指纹,手势图案或其他方式进行设置,以便邮件客户端对使用者的身份认证。身份认证方式设置完成之后,邮件客户端向第三方证书服务端自动请求邮件客户端的加密的完整证书。第三方证书服务端接收到邮件客户端的请求,在第三方证书服务端中对请求信息进行验证和分析。根据用户邮箱账号,判断第三方证书服务端中是否已经生成了该用户的电子邮件加密的完整证书。
如果第三方证书服务端已经存在该邮件客户端的证书,直接将电子邮件加密证书发送给邮件客户端。使用户使用不同设备用一个账号信息或身份信息只能对应一个证书,保证安全性,如果第三方证书服务端中不存在该邮件客户端证书,判断是否存在为该用户预生成的自签证书密钥对。如果也不存在自签证书密钥对,第三方证书服务端直接为该用户生成一张新的电子邮件加密证书并保存。如果存在自签证书密钥对,第三方证书服务端根据已经存在的密钥对生成完整的电子邮件加密证书。第三方证书服务端将该证书反馈给邮件客户端,邮件客户端也可进行获取第三方证书服务端的第一私钥。
进一步地,在邮件客户端发送加密的邮件过程一具体实施例为:用户首先要通过上述的认证方式登录邮件客户端,完成登录邮件客户端以及用户身份验证。通过人机交互界面编写邮件,然后点击发送命令进行请求发送该邮件。此时邮件客户端向第三方证书服务端请求收件的邮件客户端的公钥。第三方证书服务端判断是否存在该收件的邮件客户端的完整证书。如果第三方证书服务端存在收件的邮件客户端的完整证书,直接将收件的邮件客户端的公钥发给发件的邮件客户端。如果第三方证书服务端不存在邮件客户端的完整证书,第三方证书服务端为收件的邮件客户端预生成密钥对,包括公钥和私钥。同时第三方证书服务端可向收件的邮件客户端发送一封明文邮件,提示收件的邮件客户端有加密邮件,可提示安装该邮件客户端系统进行查看该邮件。第三方证书服务端将收件的邮件客户端的自签证书公钥反馈给发件的邮件客户端。发件的邮件客户端收到第三方证书服务端的响应后,使用该公钥对待发送的邮件进行加密。发送单元将该加密邮件发送到邮件服务器。
参照图5,优选地,还包括以下步骤:
S100:收件的邮件客户端获取邮件,
S110:请求解析邮件,
S120:判断邮件是否通过公钥加密,若是,S121:第一私钥与第二私钥进行合并。
参照图6,进一步地,还包括以下步骤:
S130:判断第一私钥与第二私钥是否合并成功,
若是,S131:使用合并后的私钥进行解析,显示邮件内容,若否,S132:显示邮件失败。
一实施例为:在解析邮件过程中,首先通过上述的步骤进行登录邮件客户端,包括用户身份验证等,邮件客户端通过接收单元向邮件服务器收取新邮件或者查看旧邮件。解密单元对需要查看的邮件进行解析。接着进行判断邮件是否被自己的邮件客户端的证书公钥加密。如果邮件没有被加密,直接显示邮件内容。如果邮件被加密,解密单元可尝试将本地数据文件中的私钥和内存中的私钥进行算法解密,并将两部分数据合并成用户完整私钥。然后进行判断是否合并成功,如果第一私钥和第二私钥中有一部分缺失或者算法解密失败会导致合并私钥数据失败。如果第一私钥和第二私钥合并成功,该邮件客户端可使用完整私钥对电子邮件进行解密,邮件客户端显示电子邮件解密后的具体内容。如果私钥合并失败不能查看邮件,还可进行提示。以此提高电子邮件加密使用的便利性及安全性。
以上所述仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是在本发明的发明构思下,利用本发明说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本发明的专利保护范围内。
Claims (16)
- 一种邮件加密的方法,其特征在于,包括以下步骤:第三方证书服务端存储多个邮件客户端的密钥对的公钥,登录邮件客户端,请求发送邮件给至少一个收件的邮件客户端,请求向第三方证书服务端获取收件的邮件客户端的公钥,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件。
- 如权利要求1所述的邮件加密的方法,其特征在于,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥还包括以下步骤:若否,第三方证书服务端生成自签证书的密钥对,返回该密钥对的公钥给发件的邮件客户端,第三方证书服务端向收件的邮件客户端发送提示邮件。
- 如权利要求1所述的邮件加密的方法,其特征在于,登录邮件客户端还包括以下步骤:密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,请求登录邮件客户端,验证身份信息,判断是否验证成功,若是,邮件客户端获取第一私钥,并对第一私钥加密,判断是否退出该邮件客户端,若是,删除获取的第一私钥。
- 如权利要求2述的邮件加密的方法,其特征在于,登录邮件客户端还包括以下步骤:密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,请求登录邮件客户端,验证身份信息,判断是否验证成功,若是,邮件客户端获取第一私钥,并对第一私钥加密,判断是否退出该邮件客户端,若是,删除获取的第一私钥。
- 如权利要求2所述的邮件加密的方法,其特征在于,所述提示邮件包括说明和下载该邮件客户端的链接。
- 如权利要求3所述的邮件加密的方法,其特征在于,密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,包括以下步骤:在一个设备或其它设备初次请求登录邮件客户端,设置身份认证方式,向第三方证书服务端申请证书,判断是否存在完整证书,若是,获取第三方证书服务端的第一私钥和完整证书。
- 如权利要求4所述的邮件加密的方法,其特征在于,密钥对的私钥拆分形成第一私钥和第二私钥,第三方证书服务端存储有邮件客户端的第一私钥,邮件客户端存储有第二私钥,包括以下步骤:在一个设备或其它设备初次请求登录邮件客户端,设置身份认证方式,向第三方证书服务端申请证书,判断是否存在完整证书,若是,获取第三方证书服务端的第一私钥和完整证书。
- 如权利要求6所述的邮件加密的方法,其特征在于,判断是否存在完整证书还包括以下步骤:若否,判断是否存在自签证书的密钥对,若是,根据自签证书的密钥对生成完整证书,再次执行判断是否存在完整证书的步骤。
- 如权利要求7所述的邮件加密的方法,其特征在于,判断是否存在完整证书还包括以下步骤:若否,判断是否存在自签证书的密钥对,若是,根据自签证书的密钥对生成完整证书,再次执行判断是否存在完整证书的步骤。
- 如权利要求8所述的邮件加密的方法,其特征在于,判断是否存在自签证书的密钥对还包括以下步骤:若否,生成新的完整证书,再次执行判断是否存在完整证书的步骤。
- 如权利要求9所述的邮件加密的方法,其特征在于,判断是否存在自签证书的密钥对还包括以下步骤:若否,生成新的完整证书,再次执行判断是否存在完整证书的步骤。
- 如权利要求3所述的邮件加密的方法,其特征在于,还包括以下步骤:收件的邮件客户端获取邮件,请求解析邮件,判断邮件是否通过公钥加密,若是,第一私钥与第二私钥进行合并。
- 如权利要求4所述的邮件加密的方法,其特征在于,还包括以下步骤:收件的邮件客户端获取邮件,请求解析邮件,判断邮件是否通过公钥加密,若是,第一私钥与第二私钥进行合并。
- 如权利要求12所述的邮件加密的方法,其特征在于,所述收件的邮件客户端获取邮件还包括以下步骤:判断第一私钥与第二私钥是否合并成功,若是,使用合并后的私钥进行解析,显示邮件内容,若否,显示邮件失败。
- 如权利要求13所述的邮件加密的方法,其特征在于,所述收件的邮件客户端获取邮件还包括以下步骤:判断第一私钥与第二私钥是否合并成功,若是,使用合并后的私钥进行解析,显示邮件内容,若否,显示邮件失败。
- 一种邮件加密的系统,其特征在于,包括至少两个邮件客户端、与至少两个所述邮件客户端电性连接的第三方证书服务端,每一邮件客户端均包括登录单元、发送单元、获取单元、及加密单元,第三方证书服务端包括判断单元和存储单元,所述存储单元,存储多个邮件客户端的密钥对的公钥,所述登录单元,登录邮件客户端,所述发送单元,请求发送邮件给至少一个收件的邮件客户端,所述获取单元,请求向第三方证书服务端获取收件的邮件客户端的公钥,所述判断单元,判断第三方证书服务端是否存储有该收件的邮件客户端的公钥,若是,发件的邮件客户端获取该公钥,所述加密单元,发件的邮件客户端通过公钥加密发送的邮件,完成发送邮件。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710077214.2 | 2017-02-13 | ||
CN201710077214.2A CN106603577A (zh) | 2017-02-13 | 2017-02-13 | 邮件加密的方法及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018145357A1 true WO2018145357A1 (zh) | 2018-08-16 |
Family
ID=58587690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/079219 WO2018145357A1 (zh) | 2017-02-13 | 2017-04-01 | 邮件加密的方法及系统 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106603577A (zh) |
WO (1) | WO2018145357A1 (zh) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111641552A (zh) * | 2020-05-29 | 2020-09-08 | 长城计算机软件与系统有限公司 | 一种基于自主安全的邮件传输系统及方法 |
CN112667929A (zh) * | 2020-12-11 | 2021-04-16 | 北京中数创新科技股份有限公司 | 基于Handle系统的前缀及标识数据安全推送方法和系统 |
US11126593B2 (en) | 2019-06-15 | 2021-09-21 | Facebook, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
CN113839927A (zh) * | 2021-09-01 | 2021-12-24 | 北京天融信网络安全技术有限公司 | 一种基于第三方进行双向认证的方法及系统 |
US11249985B2 (en) | 2019-06-15 | 2022-02-15 | Facebook, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
US11249947B2 (en) | 2019-06-15 | 2022-02-15 | Facebook, Inc. | Distributed digital ledger transaction network for flexible, lazy deletion of data stored within an authenticated data structure |
CN114338222A (zh) * | 2022-01-11 | 2022-04-12 | 杭州弗兰科信息安全科技有限公司 | 一种密钥申请方法、系统、装置及服务端 |
CN114553506A (zh) * | 2022-02-10 | 2022-05-27 | 零信技术(深圳)有限公司 | 基于云服务的邮件加密方法、系统、设备及存储介质 |
US11405204B2 (en) * | 2019-06-15 | 2022-08-02 | Meta Platforms, Inc | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110784395B (zh) * | 2019-11-04 | 2023-02-21 | 航天信息股份有限公司 | 一种基于fido认证的邮件安全登录方法及系统 |
CN110912924A (zh) * | 2019-12-04 | 2020-03-24 | 楚天龙股份有限公司 | 一种实现pgp加解密的系统和方法 |
CN111953675B (zh) * | 2020-08-10 | 2022-10-25 | 四川阵风科技有限公司 | 一种基于硬件设备的密钥管理方法 |
CN113726807B (zh) * | 2021-09-03 | 2023-07-14 | 烟台艾睿光电科技有限公司 | 一种网络摄像机访问方法、设备、系统及存储介质 |
CN115348233A (zh) * | 2022-08-25 | 2022-11-15 | 浙江启明量子信息技术有限公司 | 一种标准邮件系统透明加密方法、介质及计算机设备 |
CN115314226A (zh) * | 2022-09-13 | 2022-11-08 | 深圳市丛文安全电子有限公司 | 一种基于证书队列的低成本非对称加密证书管理方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1665188A (zh) * | 2005-03-03 | 2005-09-07 | 武汉大学 | 具有收发双向不可否认机制的安全电子邮件系统实现方法 |
US20090235069A1 (en) * | 2006-04-10 | 2009-09-17 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission |
CN103036684A (zh) * | 2012-12-28 | 2013-04-10 | 武汉理工大学 | 降低主密钥破解和泄露危害的ibe数据加密系统及方法 |
CN103532704A (zh) * | 2013-10-08 | 2014-01-22 | 武汉理工大学 | 一种针对owa的电子邮件ibe加密系统 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8978091B2 (en) * | 2009-01-20 | 2015-03-10 | Microsoft Technology Licensing, Llc | Protecting content from third party using client-side security protection |
CN102045709B (zh) * | 2009-10-13 | 2013-11-06 | 中兴通讯股份有限公司 | 移动终端应用数据的下载方法、系统及移动终端 |
US8776249B1 (en) * | 2011-04-11 | 2014-07-08 | Google Inc. | Privacy-protective data transfer |
CN103002417B (zh) * | 2012-12-17 | 2015-04-08 | 中国联合网络通信集团有限公司 | 短信加密处理方法及装置 |
CN103973713A (zh) * | 2014-05-29 | 2014-08-06 | 华翔腾数码科技有限公司 | 电子邮件信息传递方法、提取方法及处理系统 |
-
2017
- 2017-02-13 CN CN201710077214.2A patent/CN106603577A/zh active Pending
- 2017-04-01 WO PCT/CN2017/079219 patent/WO2018145357A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1665188A (zh) * | 2005-03-03 | 2005-09-07 | 武汉大学 | 具有收发双向不可否认机制的安全电子邮件系统实现方法 |
US20090235069A1 (en) * | 2006-04-10 | 2009-09-17 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission |
CN103036684A (zh) * | 2012-12-28 | 2013-04-10 | 武汉理工大学 | 降低主密钥破解和泄露危害的ibe数据加密系统及方法 |
CN103532704A (zh) * | 2013-10-08 | 2014-01-22 | 武汉理工大学 | 一种针对owa的电子邮件ibe加密系统 |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11126593B2 (en) | 2019-06-15 | 2021-09-21 | Facebook, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
US11249985B2 (en) | 2019-06-15 | 2022-02-15 | Facebook, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
US11249947B2 (en) | 2019-06-15 | 2022-02-15 | Facebook, Inc. | Distributed digital ledger transaction network for flexible, lazy deletion of data stored within an authenticated data structure |
US11405204B2 (en) * | 2019-06-15 | 2022-08-02 | Meta Platforms, Inc | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
US11615055B2 (en) | 2019-06-15 | 2023-03-28 | Meta Platforms, Inc. | Scalable, secure, efficient, and adaptable distributed digital ledger transaction network |
CN111641552A (zh) * | 2020-05-29 | 2020-09-08 | 长城计算机软件与系统有限公司 | 一种基于自主安全的邮件传输系统及方法 |
CN112667929A (zh) * | 2020-12-11 | 2021-04-16 | 北京中数创新科技股份有限公司 | 基于Handle系统的前缀及标识数据安全推送方法和系统 |
CN112667929B (zh) * | 2020-12-11 | 2023-11-03 | 北京中数创新科技股份有限公司 | 基于Handle系统的前缀及标识数据安全推送方法和系统 |
CN113839927A (zh) * | 2021-09-01 | 2021-12-24 | 北京天融信网络安全技术有限公司 | 一种基于第三方进行双向认证的方法及系统 |
CN114338222A (zh) * | 2022-01-11 | 2022-04-12 | 杭州弗兰科信息安全科技有限公司 | 一种密钥申请方法、系统、装置及服务端 |
CN114338222B (zh) * | 2022-01-11 | 2024-02-06 | 杭州弗兰科信息安全科技有限公司 | 一种密钥申请方法、系统、装置及服务端 |
CN114553506A (zh) * | 2022-02-10 | 2022-05-27 | 零信技术(深圳)有限公司 | 基于云服务的邮件加密方法、系统、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN106603577A (zh) | 2017-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018145357A1 (zh) | 邮件加密的方法及系统 | |
WO2016101745A1 (zh) | 一种激活移动终端令牌的方法 | |
WO2013025085A2 (en) | Apparatus and method for supporting family cloud in cloud computing system | |
WO2021075867A1 (ko) | 블록체인 기반 시스템을 위한 키의 저장 및 복구 방법과 그 장치 | |
WO2018090481A1 (zh) | 用于移动终端应用程序的数字证书验证方法及系统 | |
WO2017096928A1 (zh) | 虚拟sim卡的多终端映射系统及方法 | |
WO2014044065A1 (zh) | 智能手机便携式热点安全接入的方法及系统 | |
EP3108613A1 (en) | Method and apparatus for authenticating client credentials | |
WO2014069783A1 (ko) | 패스워드 기반 인증 방법 및 이를 수행하기 위한 장치 | |
WO2015093734A1 (ko) | 빠른 응답 코드를 이용한 인증 시스템 및 방법 | |
WO2022102930A1 (ko) | 브라우저 기반 보안 pin 인증을 이용한 did 시스템 및 그것의 제어방법 | |
WO2020189926A1 (ko) | 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말 | |
WO2014198101A1 (zh) | 电子账户登录方法及智能终端、移动终端 | |
WO2017119548A1 (ko) | 보안성이 강화된 사용자 인증방법 | |
WO2013086758A1 (zh) | 以太网加密认证系统及加密认证方法 | |
WO2020189927A1 (ko) | 블록체인 네트워크를 이용하여 사용자의 아이덴티티를 관리하는 방법 및 서버, 그리고, 블록체인 네트워크 기반의 사용자 아이덴티티를 이용하여 사용자를 인증하는 방법 및 단말 | |
WO2020186775A1 (zh) | 业务数据提供方法、装置、设备及计算机可读存储介质 | |
WO2020091525A1 (ko) | 생체 인증을 이용한 결제 방법 및 그 전자 장치 | |
WO2021071116A1 (ko) | 브라우저의 웹스토리지를 이용한 간편인증 방법 및 시스템 | |
WO2019161598A1 (zh) | 即时通讯与邮件的交互方法、装置、设备和存储介质 | |
WO2019137193A1 (zh) | 硬件登录windows10以上系统的实现方法及装置 | |
WO2018120311A1 (zh) | 可验证电子邮件发送时间的方法及装置 | |
WO2018076842A1 (zh) | 一种数据备份方法、装置、系统、存储介质及电子设备 | |
WO2017016272A1 (zh) | 一种虚拟资源数据的处理方法、装置及系统 | |
WO2019161599A1 (zh) | Im信息保护方法、装置、设备和计算机存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17895946 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17895946 Country of ref document: EP Kind code of ref document: A1 |