Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
First embodiment
It is the flow chart of e-mail sending method provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, this method can be applied to
First terminal, as shown in Figure 1, including the following steps:
Step 101 obtains targeted mails to be sent.
Step 101 can obtain user to have edited, and targeted mails to be sent, such as:Postal is will include in the mail
Part title, Mail Contents, recipient mailbox and sender's mailbox.Or step 101 is it is to be understood that obtain postal to be sent
When part, i.e. certain mail need to send, step 101 is executed.
It should be noted that in the embodiment of the present invention, the type of above-mentioned targeted mails is not limited, which can be
Any mail that can be sent in mailing system, and the addressee of the mail can be one or more mailbox.
Step 102, the addressee that the corresponding recipient mailbox of the targeted mails is obtained from the block chain obtained in advance
Certificate.
Wherein, the above-mentioned block chain obtained in advance can be understood as the block chain obtained before executing step 102, example
Such as:Above-mentioned block chain can be locally stored in first terminal, i.e. mail sending device, or after executing step 101, is holding
Before row step 102, above-mentioned block chain can be obtained from network, or can be obtained from the equipment for being stored with above-mentioned block chain
's.In addition, above-mentioned block chain can be made of multiple blocks, each block includes the card of one or more mailbox
Book, interior each certificate includes the public key for corresponding to mailbox.
Since block chain has the features such as Distributed Storage and common recognition mechanism, wherein common recognition mechanism is block chain
The mathematical algorithm of equity is trusted and is obtained in foundation between realizing different nodes in system, is may be implemented in this way when sending mail,
Addressee's certificate of recipient mailbox can be directly got from block chain.
Due to being encrypted using the public key of recipient mailbox, the private key solution of recipient mailbox can only be used in this way
It is close, and the private key of recipient mailbox will not be transmitted in mail transmission process, to will not be by during mail transmission
Snooping, and then improve the security performance of mail.
Step 103, the public key for obtaining recipient mailbox described in addressee's certificate.
After receiving above-mentioned addressee's certificate, so that it may to obtain the public key of recipient mailbox from the certificate.
Step 104 is based on the public key, and the targeted mails are encrypted.
Wherein, the public key of above-mentioned recipient mailbox is got, so that it may targeted mails are encrypted with being based on the public key,
In, encryption here can be that the mail header and Mail Contents of targeted mails are encrypted, wherein Mail Contents can wrap
Message body is included, and can also include Email attachment.Certainly, in some scenes can only Email attachment be encrypted,
Can also be can only Mail Contents be encrypted.
Step 105 sends the encrypted targeted mails to the recipient mailbox.
Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox, decrypts the mesh
Mark mail.
After having encrypted above-mentioned targeted mails, so that it may to send encrypted targeted mails to recipient mailbox.Work as mail
When receiving device receives the privacy enhanced mail, so that it may to use the private key of recipient mailbox to be decrypted.
In the embodiment of the present invention, by realizing using public-key cryptography in the certificate of recipient mailbox come privacy enhanced mail, use
Even if mail service is not supported to can guarantee the safe transmission of mail TLS yet, while ensureing not spied upon by mail service quotient.
It it should be noted that in the embodiment of the present invention, can be applicable on TLS secure communication protocols, it can also be applied to
The transport protocols such as his agreement such as HTTP, FTP or XMPP.
In the embodiment of the present invention, the above method can be applied to any terminal for having and sending mail function, which can
To be referred to as first terminal, such as:Computer, self-aided terminal or mobile terminal etc., wherein mobile terminal can be mobile phone, put down
Plate computer (Tablet Personal Computer), laptop computer (Laptop Computer), personal digital assistant
(personal digital assistant, abbreviation PDA), mobile Internet access device (Mobile Internet Device, MID)
Or the mobile devices such as wearable device (Wearable Device).
In e-mail transmission method provided in an embodiment of the present invention, targeted mails to be sent are obtained;From the area obtained in advance
Addressee's certificate of the corresponding recipient mailbox of the targeted mails is obtained in block chain;It obtains and is received described in addressee's certificate
The public key of part people's mailbox;Based on the public key, the targeted mails are encrypted;After encryption being sent to the recipient mailbox
The targeted mails;Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox, solution
The close targeted mails.Since mail is can only to use addressee in this way using the public key encryption of addressee's mail in block chain
The private key of people's mailbox is decrypted, and the private key of recipient mailbox will not be transmitted in mail transmission process, to be passed in mail
It will not be spied upon during defeated, and then improve the security performance of mail.
Second embodiment
It is the flow chart of e-mail transmission method provided in an embodiment of the present invention referring to Fig. 2, Fig. 2, this method can be applied to
First terminal, as shown in Fig. 2, including the following steps:
Step 201 passes through proof of work mechanism, generation first object block.
Wherein, above-mentioned proof of work mechanism can be the proof of work algorithm of calculation block chain, the amount of calculation
Prove that algorithm can be understood as Mathematical Problem, such as:One system is carried out to Hash (HASH) value for having existed block of block chain
The correlation computations of row.I.e. step 201 can be the proof of work algorithm of calculation block chain, and when calculating passes through, i.e., mail is sent
Device authentication is legal, then can generate the target block of the block chain.
Or step 201 is by calculation amount it can be appreciated that obtain certificate granting qualification, when workload meet it is above-mentioned
Proof of work mechanism then obtains the qualification for generating target area, to obtain the public key and certificate of mailbox.
Since first object block is generated by proof of work mechanism, it can ensure the legitimacy of block in this way, with
And the legitimacy of the public key in the certificate and certificate in block, to further increase the security performance of mail.
Step 202, obtained from the block chain targeted mails sender's mailbox public key.
Wherein, after mail device generates block by above-mentioned proof of work mechanism, block chain can be to distribute for it
One public key, the distribution can be that the system of block chain is distributed, that is, distribute the public key of sender's mailbox.Such as:In block chain
Node for being successfully generated block obtains the reward for authorizing a public key by reward mechanism, obtains so that new certificate is added to
In block link, and reward mechanism can permanently effectively.
Step 203, according to the public key of the sender, generate the outbox testimony of a witness for the public key for including sender's mailbox
Book, and sender's certificate is added in the first object block.
After the public key that first terminal gets sender's mailbox, so that it may to generate the public key for including sender's mailbox
Sender's certificate, and its certificate is added to first object block.It should be noted that in the embodiment of the present invention, the first mesh
The certificate that can also include or not include other mailboxes is marked in block, this is not construed as limiting.
Step 204, the authorization message for obtaining sender's certificate.
Wherein, authorization message can have certificate in above-mentioned block chain to believe the mandate of above-mentioned sender's certificate here
Breath, such as:The certificate of mailbox A can authorize the certificate of mailbox Aa.Because passing through proof of work machine by step 201
The legitimacy of the bright mail device of accreditation, to which the existing certificate in block chain can authorize sender's certificate.
The authorization message and the first object block are added in the block chain by step 205.
Authorization message is added in block chain by step 205, so that it may ensure that the authorization message one in block chain
Cause property and safety, i.e. all terminals of block chain or node all approve above-mentioned sender's certificate, are legal.And step
205 are added to first object block in block chain, then, all nodes can get the block in block chain, to
These nodes to above-mentioned sender's mailbox when sending mail, so that it may to obtain the public affairs of above-mentioned sender's mailbox from the block
Key, and the mail for being sent to sender's mailbox is encrypted, to ensure to the safety of the mail of sender's mailbox.
It should be noted that step 201 is optional for the embodiment of the present invention to step 205, i.e. first terminal can be with
Above-mentioned steps are not executed, such as:The certificate of above-mentioned sender's mailbox is already present in above-mentioned block chain, because, a mailbox
It can be logged in multiple mail devices, and a mailbox only exists a certificate.It is i.e. not all to log in setting for mailbox
Standby to be required for generating in block, and addition block to block chain, some mail devices directly can use block chain to carry out postal
Part is encrypted.
Step 206 obtains targeted mails to be sent.
Step 206 can obtain user to have edited, and targeted mails to be sent, such as:Postal is will include in the mail
Part title, Mail Contents, recipient mailbox and sender's mailbox.Or step 206 is it is to be understood that obtain postal to be sent
When part, i.e. certain mail need to send, step 206 is executed.
It should be noted that in the embodiment of the present invention, the type of above-mentioned targeted mails is not limited, which can be
Any mail that can be sent in mailing system, and the addressee of the mail can be one or more mailbox.
Step 207, the addressee that the corresponding recipient mailbox of the targeted mails is obtained from the block chain obtained in advance
Certificate.
Optionally, in the embodiment of the present invention, above-mentioned block chain includes at least one block, and each block in the block chain
Include an at least certificate, and the block chain includes unique root certificate, unique root certificate can authorize at least one
Certificate is opened, all certificates can authorize sub- certificate in the block chain, and certificate and mailbox correspond in the block chain,
Each certificate includes the public key of respectively corresponding mailbox.
Such as:As shown in figure 3, block chain includes multiple blocks, and the block chain is that these blocks are orderly from back to front
The data structure being chained up includes an at least certificate in each block, and first block includes unique root certificate, only
One root certificate can authorize the certificates such as A, B, C, D and F, and A, B, C, D and F these certificates can authorize sub- certificate.Certainly,
This sub- certificate can authorize other certificates, and in the embodiment of the present invention, all certificates can authorize out sub- certificate.Wherein, respectively
The certificate granting relationship of mailbox may refer to Fig. 4, as shown in figure 4, unique root certificate can authorize the certificate of multiple mailboxes, and this
The certificate of a little mailboxes can authorize the certificate of other mailboxes again.
Since in the embodiment of the present invention, the root certificate of all certificates is all above-mentioned unique root certificate, can ensure area in this way
So the mandate of certificate is all based on unique root certificate mandate in block chain, to ensure the legitimacy of all certificates, more added with
It ensure that effect the security performance of mail.
In addition, in the embodiment of the present invention, first block of block chain can be a certain node device application program from
Dynamic establishment, one can be created while creating first block to key, including public key and private key, and can also use
The private key of generation to public key from authorizing, obtain unique root certificate, first block is recorded.
Table 1
And in the embodiment of the present invention, X.509 reference format may be used in certificate, and main information is Email Accounts, each
Email Accounts corresponds to a certificate, and certificate is added in a block after mandate, can not repeat the other of addition Email Accounts
The root certificate of certificate, all certificates is all unique root certificate, and all certificates can authorize one or more sub- certificate.Due to
Each Email Accounts only corresponds to a certificate, and can ensure in this way will not mistake when being decrypted using the private key of mailbox.
In addition, in the embodiment of the present invention, the structure of each block can be as shown in table 1 in block chain, and the embodiment of the present invention
In, X.509 reference format may be used in certificate, and main information is Email Accounts, each Email Accounts corresponds to a certificate, card
Book is added to other certificates that addition Email Accounts after mandate, can not be repeated in a block, and the root certificate of all certificates is all
It is unique root certificate, all certificates can authorize one or more sub- certificate.Since each Email Accounts only corresponds to one
Certificate, can ensure in this way will not mistake when being decrypted using the private key of mailbox.
In addition, in the embodiment of the present invention, the structure of each block can be as shown in table 1 in block chain, passes through each area known to table 1
The size of block will not malfunction so as to accurately read the information that block includes.And include by each block known to table 1
Certificate, so as to effectively get the certificate of recipient mailbox.
In addition, in the embodiment of the present invention, the block head of each block can be as shown in table 2:
Table 2
Wherein, above-mentioned father's block can be the previous block of block, because block chain is by multiple blocks according to from rear
The data structure being orderly chained up forward.
The cryptographic Hash of father's block of each block is clear that by above-mentioned table 2, to carry out proof of work
When algorithm, the cryptographic Hash of father's block can be used to calculate, to realize the Kazakhstan by proof of work proof of algorithm father's block
The legitimacy of uncommon value, it is legal when father's block, so as to which new block will be added behind father's block.
Step 208, the public key for obtaining recipient mailbox described in addressee's certificate.
Optionally, the addressee testimony of a witness of the recipient mailbox that the targeted mails are obtained from the block chain obtained in advance
After the step of book, before described the step of obtaining the public key of recipient mailbox described in addressee's certificate, the method
Further include:Whether legal verify addressee's certificate;If verification result is that addressee's certificate is legal, obtained described in execution
The step of taking the public key of recipient mailbox described in addressee's certificate.
Wherein, illegal if verifying addressee's certificate, it can abandon using the certificate.In addition, above-mentioned addressee
Whether certificate legal can be verification include addressee's certificate block it is whether legal, can be true if the block is legal
Certificate in the fixed block is legal.Such as:Can be verified to the authorization message of block, or pass through block chain
Whether other node verification blocks or certificate are legal etc., are not construed as limiting to this embodiment of the present invention.
Due to only to verify addressee's certificate legal, just obtaining the addressee that addressee's certificate includes
The public key of people's mailbox, can ensure that mail is encrypted in this way is encrypted using legal public key, without using
Public key in illegal certificate is encrypted, the security performance of the mail to further ensure.
Step 209 is based on the public key, and the targeted mails are encrypted.
Optionally, described to be based on the public key, the step of the targeted mails are encrypted, including:Pass through the public affairs
At least one in the Mail Contents and mail header of the targeted mails is encrypted in key;Wherein, the Mail Contents packet
Include message body and attachment.
In this way when second terminal (can be referred to as mail reception equipment) receives encrypted targeted mails, so that it may with direct
It is decrypted by the private key of recipient mailbox, to obtain Mail Contents.Due to directly being added using the public key of recipient mailbox
It is close, the security performance of mail can be further improved in this way, because often information content is prodigious for the public key in block chain, this
Sample is in large information capacity privacy enhanced mail, so as to further increase the security performance of mail.In addition, can be only in some scenes
Email attachment is encrypted, and can be that message body or message body and Email attachment are encrypted in other scenes.
Optionally, described to be based on the public key, the step of the targeted mails are encrypted, including:Getting
After stating addressee's certificate, the first session key is generated according to preset rules;By first session key, to the target postal
At least one in the Mail Contents and mail header of part is encrypted;By the public key, to first session key into
Row encryption, generates the second session key;Second session key is added to the mail head of the targeted mails;Wherein, institute
It includes message body and attachment to state Mail Contents.
Wherein, above-mentioned first session key can be the random number generated at random according to preset rules.Such as:It is above-mentioned random
Key can be set of number either letter or number and alphabetical combination.
By then passing through the first session key privacy enhanced mail, calculation amount can be reduced in this way, to improve mail transmission
Efficiency, while safety will not be reduced.Because the information content of the first session key is far smaller than the public key of recipient mailbox, this
The calculation amount that sample is encrypted mail using the first session key will be less than the public key using recipient mailbox to mail into
The encrypted calculation amount of row;Although mail is encrypted compared to using the public key of recipient mailbox, increases and use the public key
The step of first session key is encrypted, the second session key is generated, but using the public key to first meeting
The calculation amount that words key is encrypted is less than the calculation amount that even mail is encrypted in the far smaller than described public key, because of mail
Information content be less than even far smaller than the first session key information content.In addition, can be only to mail in some scenes
Attachment is encrypted, and can be that message body or message body and Email attachment are encrypted in other scenes.
Step 2010 sends the encrypted targeted mails to the recipient mailbox.
Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox, decrypts the mesh
Mark mail.
Optionally, before described the step of sending the encrypted targeted mails to the recipient mailbox, the base
In the public key, after the step of targeted mails are encrypted, the method further includes:Increase in the targeted mails
Encryption identification, the encryption identification is added to use block chain certificate to encrypt for identifying the targeted mails.
It may be implemented to add above-mentioned encryption identification on privacy enhanced mail through the above steps, thus can by the encryption identification
To allow second terminal, i.e. mail reception equipment, when receiving the mail, judge whether encryption identification is to add using block chain certificate
Close encryption identification.Only it is to be marked using the encrypted encryption of block chain certificate in encryption identification for second terminal
When knowledge, just mail is decrypted in the private key based on recipient mailbox, to successfully obtain Mail Contents.Not to avoid mail
When being encrypted using block chain certificate, mail reception equipment is decrypted using the private key of recipient mailbox, and leads to decryption error
The power wastage of generation, to achieve the purpose that save equipment power dissipation.
In e-mail transmission method provided in an embodiment of the present invention, by proof of work mechanism, first object block is generated;
The public key of sender's mailbox of the targeted mails is obtained from the block chain;According to the public key of the sender, packet is generated
Sender's certificate of the public key of sender's mailbox is included, and sender's certificate is added to the first object block
In;Obtain the authorization message of sender's certificate;The authorization message and the first object block are added to the area
In block chain;Obtain targeted mails to be sent;The corresponding addressee of the targeted mails is obtained from the block chain obtained in advance
Addressee's certificate of mailbox;Obtain the public key of recipient mailbox described in addressee's certificate;Based on the public key, to described
Targeted mails are encrypted;The encrypted targeted mails are sent to the recipient mailbox;Wherein, the targeted mails are used
In:Private key of the mail reception equipment based on the recipient mailbox, decrypts the targeted mails.Since mail is to use block chain
The public key encryption of middle addressee's mail, the private key of recipient mailbox can only be used to decrypt in this way, and the private key of recipient mailbox
It will not be transmitted in mail transmission process, to be spied upon during mail transmission, and then improve the peace of mail
Full performance.And since the block of the certificate including mailbox is to be generated and be added in block chain by proof of work mechanism, this
Sample can ensure the legitimacy of each certificate in block chain, to further increase the security performance of mail.
3rd embodiment
It is the flow chart of mail receiving method provided in an embodiment of the present invention referring to Fig. 5, Fig. 5, can be applied to second eventually
End, as shown in figure 5, including the following steps:
Step 501 receives the encrypted targeted mails that sender's mailbox is sent.
Wherein, targeted mails may refer to the related description of first embodiment and second embodiment, not repeat herein, and
Identical advantageous effect can be reached.
Step 502, the private key based on the corresponding recipient mailbox of the targeted mails obtained in advance, decrypt the target
Mail.
Wherein, the encrypted targeted mails are the corresponding mail sending device of sender's mailbox of the targeted mails,
Based on the public key of the recipient mailbox, the targeted mails are encrypted, and the public key of the recipient mailbox is institute
State what mail sending device was obtained from the block chain obtained in advance.
Wherein, the public key of above-mentioned recipient mailbox and encryption may refer to mutually speaking on somebody's behalf for first embodiment and second embodiment
It is bright, it does not repeat herein, and identical advantageous effect can be reached.
Optionally, the private key based on the corresponding recipient mailbox of the targeted mails obtained in advance, described in decryption
The step of targeted mails, including:By the private key of the corresponding recipient mailbox of the targeted mails obtained in advance, described in decryption
At least one of in the Mail Contents and mail header of targeted mails;Wherein, the Mail Contents include message body and attachment.
Wherein, it is decrypted that may refer to first embodiment related to second embodiment using the private key of recipient mailbox
Illustrate, do not repeat herein, and identical advantageous effect can be reached.
Optionally, the private key based on the corresponding recipient mailbox of the targeted mails obtained in advance, described in decryption
The step of targeted mails, including:By the private key of the recipient mailbox of the targeted mails obtained in advance, the target is decrypted
The second session key in the mail head of mail, obtains the first session key;By first session key, the mesh is decrypted
Mark at least one in the Mail Contents and mail header of mail;Wherein, the Mail Contents include message body and attachment.
Wherein, above-mentioned session key may refer to the related description of first embodiment and second embodiment, not go to live in the household of one's in-laws on getting married herein
It states, and identical advantageous effect can be reached.
Optionally, described based on the target postal obtained in advance after the step of reception encrypted targeted mails
The private key of the recipient mailbox of part, before the step of decrypting the targeted mails, the method further includes:From the block chain
Obtain sender's certificate of sender's mailbox of the targeted mails;Whether legal verify sender's certificate;If verification knot
Fruit is that sender's certificate is legal, then executes the private of the recipient mailbox based on the targeted mails obtained in advance
Key, the step of decrypting the targeted mails.
Wherein, the explanation about above-mentioned verification sender certificate may refer in first embodiment and second embodiment about
The related description that the addressee testimony of a witness is received is verified, is not repeated herein, and identical advantageous effect can be reached.
Optionally, described based on the target postal obtained in advance after the step of reception encrypted targeted mails
The private key of the recipient mailbox of part, before the step of decrypting the targeted mails, the method further includes:Obtain the target postal
The encryption identification of part;Judge whether the encryption identification is using the encrypted encryption identification of block chain certificate;If judging result is
The encryption identification is then to be executed described based on the target postal obtained in advance using the encrypted encryption identification of block chain certificate
The private key of the recipient mailbox of part, the step of decrypting the targeted mails.
Wherein, above-mentioned encryption identification may refer to the related description of first embodiment and second embodiment, not go to live in the household of one's in-laws on getting married herein
It states, and identical advantageous effect can be reached.
Optionally, before the step of reception encrypted targeted mails, the method further includes:Pass through proof of work
Mechanism generates the second target block;The public key of the recipient mailbox is obtained from the block chain;According to addressee's postal
The public key of case, generates the addressee's certificate for the public key for including the recipient mailbox, and addressee's certificate is added to institute
It states in the second target block;Obtain the authorization message of addressee's certificate;By the authorization message and second target area
Block is added in the block chain.
Wherein, the embodiment about the second target block may refer to the correlation of first object block in second embodiment
Illustrate, do not repeat herein, and identical advantageous effect can be reached.
Optionally, the block chain includes at least one block, and each block includes at least one in the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize an at least certificate, the block
All certificates can authorize sub- certificate in chain, and certificate and mailbox correspond in the block chain, and each certificate includes
The respectively public key of corresponding mailbox.
Wherein, block chain may refer to the related description of first object block in second embodiment, not repeat herein, and
Identical advantageous effect can be reached.
In the embodiment of the present invention, the above method can be applied to any mail reception equipment for having and receiving mail function,
Such as:Computer, self-aided terminal or mobile terminal etc., wherein mobile terminal can be mobile phone, tablet computer (Tablet
Personal Computer), laptop computer (Laptop Computer), PDA, MID or wearable device (Wearable
The mobile devices such as Device).
In mail receiving method provided in an embodiment of the present invention, the encrypted target postal that sender's mailbox is sent is received
Part;Based on the private key of the corresponding recipient mailbox of the targeted mails obtained in advance, the targeted mails are decrypted;Wherein, institute
The corresponding mail sending device of sender's mailbox that encrypted targeted mails are the targeted mails is stated, addressee's postal is based on
The targeted mails are encrypted in the public key of case, and the public key of the recipient mailbox be the mail sending device from
It is obtained in the block chain obtained in advance.Since mail is using the public key encryption of addressee's mail in block chain, so only
The private key of recipient mailbox can be used to decrypt, and the private key of recipient mailbox will not be transmitted in mail transmission process, from
And will not be spied upon during mail transmission, and then improve the security performance of mail.
Fourth embodiment
It is the structure chart of first terminal provided in an embodiment of the present invention referring to Fig. 6, Fig. 6, which can realize first
The details of e-mail sending method in embodiment to second embodiment, and reach identical effect.As shown in fig. 6, first terminal
600 further include:Mail acquisition module 601, addressee's certificate acquisition module 602, the first public key acquisition module 603, encrypting module
604 and mail sending module 605, wherein mail acquisition module 601 and addressee's certificate acquisition module 602 connect, the addressee testimony of a witness
Book acquisition module 602 is also connect with the first public key acquisition module 603, and the first public key acquisition module 603 also connects with encrypting module 604
It connecing, the first public key acquisition module 603 is also connect with mail sending module 605, wherein:
Mail acquisition module 601, for obtaining targeted mails to be sent;
Addressee's certificate acquisition module 602, for obtaining the mail acquisition module 601 from the block chain obtained in advance
Addressee's certificate of the recipient mailbox of the targeted mails obtained;
First public key acquisition module 603, the addressee obtained for obtaining addressee's certificate acquisition module 602
The public key of recipient mailbox described in certificate;
Encrypting module 604, the public key for being obtained based on the first public key acquisition module 603, to the target
Mail is encrypted;
Mail sending module 605, for sending the encrypted mesh of encrypting module 604 to the recipient mailbox
Mark mail;
Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox, decrypts the mesh
Mark mail.
Optionally, the encrypting module 604 is used for the Mail Contents and mail to the targeted mails by the public key
At least one in title is encrypted;Wherein, the Mail Contents include message body and attachment.
Optionally, as shown in fig. 7, encrypting module 604 includes:
Key generating unit 6041, for after getting addressee's certificate, the first meeting to be generated according to preset rules
Talk about key;
Secret key encryption unit 6042, first session key for being generated by the Key generating unit 6041,
At least one in the Mail Contents and mail header of the targeted mails is encrypted;
Public key encryption unit 6043, the public key for being obtained by the first public key acquisition module 603, to described
First session key is encrypted, and generates the second session key;
Mail head's adding device 6044, second session key for generating the public key encryption unit 6043 add
Add to the mail head of the targeted mails;Wherein, the Mail Contents include message body and attachment.
Optionally, as shown in figure 8, the first terminal 600 further includes:
First authentication module 606, the addressee's certificate obtained for verifying addressee's certificate acquisition module 602
It is whether legal;
The verification result that the first public key acquisition module 603 is used to verify in first authentication module 606 is described
Addressee's certificate is legal, obtains recipient mailbox described in addressee's certificate that addressee's certificate acquisition module obtains
Public key.
Optionally, as shown in figure 9, the first terminal 600 further includes:
Identify add module 607, for increasing encryption identification in the encrypted targeted mails of the encrypting module, institute
It states encryption identification and has used block chain certificate to encrypt for identifying the targeted mails.
Optionally, as shown in Figure 10, the first terminal 600 further includes:
First block generation module 608, for by proof of work mechanism, generating first object block;
Second public key acquisition module 609, sender's postal for obtaining the targeted mails from the block catenary system
The public key of case;
First Certificate generation module 6010, for generates include the second public key acquisition module 609 acquisition the hair
Sender's certificate of the public key of part people's mailbox, and sender's certificate is added in the first object block;
First authorization message acquisition module 6011, the authorization message for obtaining sender's certificate;
First block add module 6012, the mandate for obtaining the first authorization message acquisition module 6011
Information and the first object block of the First Certificate generation module 6010 addition are added in the block chain.
Optionally, the block chain includes at least one block, and each block includes at least one in the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize an at least certificate, the block
All certificates can authorize sub- certificate in chain, and certificate and mailbox correspond in the block chain, and each certificate includes
The respectively public key of corresponding mailbox.
In mail sending device provided in an embodiment of the present invention, targeted mails to be sent are obtained;From the area obtained in advance
Addressee's certificate of the corresponding recipient mailbox of the targeted mails is obtained in block chain;It obtains and is received described in addressee's certificate
The public key of part people's mailbox;Based on the public key, the targeted mails are encrypted;After encryption being sent to the recipient mailbox
The targeted mails;Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox, solution
The close targeted mails.Since mail is can only to use addressee in this way using the public key encryption of addressee's mail in block chain
The private key of people's mailbox is decrypted, and the private key of recipient mailbox will not be transmitted in mail transmission process, to be passed in mail
It will not be spied upon during defeated, and then improve the security performance of mail.
5th embodiment
It is the structure chart of second terminal provided in an embodiment of the present invention referring to Figure 11, Figure 11, which can realize
The details of mail receiving method in three embodiments, and reach identical effect.As shown in figure 11, second terminal 1100 is also wrapped
It includes:Mail reception module 1101 and deciphering module 1102, mail reception module 1101 and deciphering module 1102 connect, wherein:
Mail reception module 1101, the encrypted targeted mails for receiving the transmission of sender's mailbox;
Deciphering module 1102, for the private key based on the corresponding recipient mailbox of the targeted mails obtained in advance, solution
The targeted mails that the close mail reception module 1101 receives;
Wherein, the encrypted targeted mails are the corresponding mail sending device of sender's mailbox of the targeted mails,
Based on the public key of the recipient mailbox, the targeted mails are encrypted, and the public key of the recipient mailbox is institute
State what mail sending device was obtained from the block chain obtained in advance.
Optionally, deciphering module 1102 is used for the private of the corresponding recipient mailbox of the targeted mails by obtaining in advance
Key decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include mail
Text and attachment.
Optionally, as shown in figure 12, deciphering module 1102 includes:
Cipher key decryption unit 11021, for the private key of the recipient mailbox by the targeted mails obtained in advance, solution
The second session key in the mail head for the targeted mails that the close mail reception module receives, it is close to obtain the first session
Key;
Mail decryption unit 11022, first session key for being obtained by the cipher key decryption unit 11021
Decryption decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include postal
Part text and attachment.
Optionally, as shown in figure 13, second terminal 1100 further includes:
Sender's certificate acquisition module 1103, sender's mailbox for obtaining the targeted mails from the block chain
Sender's certificate;
Second authentication module 1104, the outbox testimony of a witness obtained for verifying sender's certificate acquisition module 1103
Whether book is legal;
If the deciphering module 1102 is sender's certificate for the verification result of second authentication module 1104
Legal, the private key of the recipient mailbox based on the targeted mails obtained in advance decrypts the targeted mails.
Optionally, as shown in figure 14, second terminal 1100 further includes:
Encryption identification acquisition module 1105, the encryption identification for obtaining the targeted mails;
Judgment module 1106, for judging whether the encryption identification is using the encrypted encryption identification of block chain certificate;
If it is using area that the deciphering module 1102, which is the encryption identification for 1106 judging result of the judgment module,
The encrypted encryption identification of block chain certificate, the private key of the recipient mailbox based on the targeted mails obtained in advance, described in decryption
Targeted mails.
Optionally, as shown in figure 15, second terminal 1100 further includes:
Second block generation module 1107, for by proof of work mechanism, generating the second target block;
Third public key acquisition module 1108, the public key for obtaining the recipient mailbox from the block catenary system;
Second certificates constructing module 1109, generation include the addressee that the third public key acquisition module 1108 obtains
Addressee's certificate of the public key of mailbox, and addressee's certificate is added in second target block;
Second authorization message acquisition module 11010, the authorization message for obtaining addressee's certificate;
Second block add module 11011, for awarding described in obtaining the second authorization message acquisition module 11010
Power information and second target block of the second certificates constructing module 1109 addition are added in the block chain.
Optionally, the block chain includes at least one block, and each block of block chain is demonstrate,proved including at least one
Book, and the block chain includes unique root certificate, unique root certificate can authorize an at least certificate, the block chain
In all certificates can authorize sub- certificate, and certificate and mailbox correspond in the block chain, and each certificate includes each
From the public key of corresponding mailbox.
In mail reception equipment provided in an embodiment of the present invention, the encrypted target postal that sender's mailbox is sent is received
Part;Based on the private key of the corresponding recipient mailbox of the targeted mails obtained in advance, the targeted mails are decrypted;Wherein, institute
The corresponding mail sending device of sender's mailbox that encrypted targeted mails are the targeted mails is stated, addressee's postal is based on
The targeted mails are encrypted in the public key of case, and the public key of the recipient mailbox be the mail sending device from
It is obtained in the block chain obtained in advance.Since mail is using the public key encryption of addressee's mail in block chain, so only
The private key of recipient mailbox can be used to decrypt, and the private key of recipient mailbox will not be transmitted in mail transmission process, from
And will not be spied upon during mail transmission, and then improve the security performance of mail.
Sixth embodiment
It is the structure chart of the first terminal of application of the embodiment of the present invention referring to Figure 16, Figure 16, can realizes first embodiment
To the details of the e-mail sending method in second embodiment, and reach identical effect.As shown in figure 16, first terminal 1600 wraps
It includes:At least one processor 1601, memory 1602, at least one network interface 1604 and user interface 1603.First terminal
Various components in 1600 are coupled by bus system 1605.It is understood that bus system 1605 is for realizing these groups
Connection communication between part.Bus system 1605 further includes power bus, controlling bus and state in addition to including data/address bus
Signal bus.But for the sake of clear explanation, various buses are all designated as bus system 1605 in figure 16.
Wherein, user interface 1603 may include display, keyboard or pointing device (for example, mouse, trace ball
(track ball), touch-sensitive plate or touch screen etc..
It is appreciated that the memory 1602 in the embodiment of the present invention can be volatile memory or non-volatile memories
Both device, or may include volatile and non-volatile memory.Wherein, nonvolatile memory can be read-only memory
(Read-Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), erasable programmable are only
Read memory (Erasable PROM, EPROM), electrically erasable programmable read-only memory (Electrically EPROM,
) or flash memory EEPROM.Volatile memory can be random access memory (Random Access Memory, RAM), use
Make External Cache.By exemplary but be not restricted explanation, the RAM of many forms is available, such as static random-access
Memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random-access
Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data
Rate SDRAM, DDRSDRAM), it is enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronous
Connect dynamic random access memory (Synchlink DRAM, SLDRAM) and direct rambus random access memory
(Direct Rambus RAM, DRRAM).The memory 1602 of system and method described herein be intended to including but not limited to this
A little and any other suitable type memory.
In some embodiments, memory 1602 stores following element, executable modules or data structures, or
Their subset of person or their superset:Operating system 16021 and application program 16022.
Wherein, operating system 16021, including various system programs, such as ccf layer, core library layer, driving layer etc., are used for
Realize various basic businesses and the hardware based task of processing.Application program 16022, including various application programs, such as matchmaker
Body player (Media Player), browser (Browser) etc., for realizing various applied business.Realize that the present invention is implemented
The program of example method may be embodied in application program 16022.
In embodiments of the present invention, by the program for calling memory 1602 to store or instruction, specifically, can be application
The program stored in program 16022 or instruction, processor 1601 are used for:Obtain targeted mails to be sent;From what is obtained in advance
Addressee's certificate of the corresponding recipient mailbox of the targeted mails is obtained in block chain;It obtains described in addressee's certificate
The public key of recipient mailbox;Based on the public key, the targeted mails are encrypted;It sends and encrypts to the recipient mailbox
The targeted mails afterwards;Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox,
Decrypt the targeted mails.
The method that the embodiments of the present invention disclose can be applied in processor 1601, or real by processor 1601
It is existing.Processor 1601 may be a kind of IC chip, the processing capacity with signal.During realization, the above method
Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1601 or software form.Above-mentioned
Processor 1601 can be general processor, digital signal processor (Digital Signal Processor, DSP), special
Integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components.It may be implemented or execute disclosed each method, step and the logic diagram in the embodiment of the present invention.It is general
Processor can be microprocessor or the processor can also be any conventional processor etc..In conjunction with institute of the embodiment of the present invention
The step of disclosed method, can be embodied directly in hardware decoding processor and execute completion, or with the hardware in decoding processor
And software module combination executes completion.Software module can be located at random access memory, and flash memory, read-only memory may be programmed read-only
In the storage medium of this fields such as memory or electrically erasable programmable memory, register maturation.The storage medium is located at
The step of memory 1602, processor 1601 reads the information in memory 1602, the above method is completed in conjunction with its hardware.
It is understood that embodiments described herein can use hardware, software, firmware, middleware, microcode or its
It combines to realize.For hardware realization, processing unit may be implemented in one or more application-specific integrated circuit (Application
Specific Integrated Circuits, ASIC), digital signal processor (Digital Signal Processing,
DSP), digital signal processing appts (DSP Device, DSPD), programmable logic device (Programmable Logic
Device, PLD), field programmable gate array (Field-Programmable Gate Array, FPGA), general processor,
In controller, microcontroller, microprocessor, other electronic units for executing herein described function or combinations thereof.
For software implementations, it can be realized herein by executing the module (such as process, function etc.) of function described herein
The technology.Software code is storable in memory and is executed by processor.Memory can in the processor or
It is realized outside processor.
Optionally, processor 1601 is additionally operable to:By the public key, the Mail Contents to the targeted mails and mail mark
At least one in topic is encrypted;Wherein, the Mail Contents include message body and attachment.
Optionally, processor 1601 is additionally operable to:After getting addressee's certificate, first is generated according to preset rules
Session key;By first session key, at least one in the Mail Contents and mail header of the targeted mails
It is encrypted;By the public key, first session key is encrypted, generates the second session key;By described second
Session key is added to the mail head of the targeted mails;Wherein, the Mail Contents include message body and attachment.
Optionally, processor 1601 is additionally operable to:Whether legal verify addressee's certificate;If verification result is the receipts
Part testimony of a witness book is legal, then executes described the step of obtaining the public key of recipient mailbox described in addressee's certificate.
Optionally, processor 1601 is additionally operable to:Increase encryption identification in the targeted mails, the encryption identification is used for
Identifying the targeted mails has used block chain certificate to encrypt.
Optionally, processor 1601 is additionally operable to:By proof of work mechanism, first object block is generated;From the area
The public key of sender's mailbox of the targeted mails is obtained in block chain;According to the public key of the sender, generation includes the hair
Sender's certificate of the public key of part people's mailbox, and sender's certificate is added in the first object block;Obtain institute
State the authorization message of sender's certificate;The authorization message and the first object block are added in the block chain.
Optionally, the block chain includes at least one block, and each block includes at least one in the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize an at least certificate, the block
All certificates can authorize sub- certificate in chain, and certificate and mailbox correspond in the block chain, and each certificate includes
The respectively public key of corresponding mailbox.
In first terminal provided in an embodiment of the present invention, targeted mails to be sent are obtained;From the block chain obtained in advance
The middle addressee's certificate for obtaining the corresponding recipient mailbox of the targeted mails;Obtain addressee described in addressee's certificate
The public key of mailbox;Based on the public key, the targeted mails are encrypted;Encrypted institute is sent to the recipient mailbox
State targeted mails;Wherein, the targeted mails are used for:Private key of the mail reception equipment based on the recipient mailbox decrypts institute
State targeted mails.Since mail is can only to use addressee's postal in this way using the public key encryption of addressee's mail in block chain
The private key of case is decrypted, and the private key of recipient mailbox will not be transmitted in mail transmission process, in mail transmission mistake
It will not be spied upon in journey, and then improve the security performance of mail.
7th embodiment
The structure chart that 7, Figure 17 is the second terminal of application of the embodiment of the present invention is please referred to Fig.1, can realize that third is implemented
The details of mail receiving method in example, and reach identical effect.As shown in figure 17, second terminal 1700 includes radio frequency
(Radio Frequency, RF) circuit 1710, memory 1720, input unit 1730, display unit 1740, processor 1750,
Voicefrequency circuit 1760, communication module 1770 and power supply 1780.
Wherein, input unit 1730 can be used for receiving number input by user or character information, and generate with second eventually
The related signal input of user setting and function control at end 1700.Specifically, in the embodiment of the present invention, the input unit
1730 may include touch panel 1731.Touch panel 1731, also referred to as touch screen collect user on it or neighbouring touch
Operation (for example user uses the operations of any suitable object or attachment on touch panel 1731 such as finger, stylus) is touched, and
Corresponding attachment device is driven according to preset formula.Optionally, touch panel 1731 may include touch detecting apparatus and
Two parts of touch controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect the letter that touch operation is brought
Number, transmit a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into
Contact coordinate, then give the processor 1750, and order that processor 1750 is sent can be received and executed.Furthermore, it is possible to
Touch panel 1731 is realized using multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves.In addition to touch panel
1731, input unit 1730 can also include other input equipments 1732, other input equipments 1732 can include but is not limited to
One kind or more in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operating lever etc.
Kind.
Wherein, display unit 1740 can be used for showing information input by user or be supplied to the information and second of user
The various menu interfaces of terminal 1700.Display unit 1740 may include display panel 1741, optionally, LCD may be used or have
The forms such as machine light emitting diode (Organic Light-Emitting Diode, OLED) configure display panel 1741.
It should be noted that touch panel 1731 can cover display panel 1741, touch display screen is formed, when the touch display screen
It detects and sends processor 1750 on it or after neighbouring touch operation to determine the type of touch event, be followed by subsequent processing
Device 1750 provides corresponding visual output according to the type of touch event in touch display screen.
Touch display screen includes Application Program Interface viewing area and common control viewing area.The Application Program Interface viewing area
And arrangement mode of the common control viewing area does not limit, can be arranged above and below, left-right situs etc. can distinguish two it is aobvious
Show the arrangement mode in area.The Application Program Interface viewing area is displayed for the interface of application program.Each interface can be with
Including the interface elements such as icon and/or widget desktop controls of at least one application program.The Application Program Interface viewing area
Or the empty interface not comprising any content.This commonly uses control viewing area for showing the higher control of utilization rate, for example,
Application icons such as button, interface number, scroll bar, phone directory icon etc. are set.
Wherein processor 1750 is the control centre of second terminal 1700, utilizes various interfaces and connection whole mobile phone
Various pieces, by running or execute the software program and/or module that are stored in first memory 1721, and call and deposit
The data in second memory 1722 are stored up, the various functions and processing data of second terminal 1700 are executed, thus eventually to second
End 1700 carries out integral monitoring.Optionally, processor 1750 may include one or more processing units.
In embodiments of the present invention, by calling store the first memory 1721 in software program and/or module and/
Or the data in the second memory 1722, processor 1750 are used for:Receive the encrypted target postal that sender's mailbox is sent
Part;Based on the private key of the corresponding recipient mailbox of the targeted mails obtained in advance, the targeted mails are decrypted;Wherein, institute
The corresponding mail sending device of sender's mailbox that encrypted targeted mails are the targeted mails is stated, addressee's postal is based on
The targeted mails are encrypted in the public key of case, and the public key of the recipient mailbox be the mail sending device from
It is obtained in the block chain obtained in advance.
Optionally, processor 1750 is additionally operable to:Pass through the corresponding recipient mailbox's of the targeted mails that obtains in advance
Private key decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include postal
Part text and attachment.
Optionally, processor 1750 is additionally operable to:By the private key of the recipient mailbox of the targeted mails obtained in advance,
The second session key in the mail head of the targeted mails is decrypted, the first session key is obtained;It is close by first session
Key decrypts at least one in the Mail Contents and mail header of the targeted mails;Wherein, the Mail Contents include mail
Text and attachment.
Optionally, processor 1750 is additionally operable to:Sender's mailbox of the targeted mails is obtained from the block chain
Sender's certificate;Whether legal verify sender's certificate;If verification result is that sender's certificate is legal, institute is executed
The private key for stating the recipient mailbox based on the targeted mails obtained in advance, the step of decrypting the targeted mails.
Optionally, processor 1750 is additionally operable to:Obtain the encryption identification of the targeted mails;Judging the encryption identification is
No is to use the encrypted encryption identification of block chain certificate;If it is to be encrypted using block chain certificate that judging result, which is the encryption identification,
Encryption identification, then execute the private key of the recipient mailbox based on the targeted mails obtained in advance, decrypt the mesh
The step of marking mail.
Optionally, processor 1750 is additionally operable to:By proof of work mechanism, the second target block is generated;From the area
The public key of the recipient mailbox is obtained in block chain;According to the public key of the recipient mailbox, generation includes addressee's postal
Addressee's certificate of the public key of case, and addressee's certificate is added in second target block;Obtain the addressee
The authorization message of testimony of a witness book;The authorization message and second target block are added in the block chain.
Optionally, the block chain includes at least one block, and each block includes at least one in the block chain
Certificate, and the block chain includes unique root certificate, unique root certificate can authorize an at least certificate, the block
All certificates can authorize sub- certificate in chain, and certificate and mailbox correspond in the block chain, and each certificate includes
The respectively public key of corresponding mailbox.
In second terminal provided in an embodiment of the present invention, the encrypted targeted mails that sender's mailbox is sent are received;Base
In the private key of the corresponding recipient mailbox of the targeted mails obtained in advance, the targeted mails are decrypted;Wherein, the encryption
Targeted mails be the targeted mails the corresponding mail sending device of sender's mailbox, the public affairs based on the recipient mailbox
The targeted mails are encrypted in key, and the public key of the recipient mailbox is that the mail sending device is obtained from advance
It is obtained in the block chain taken.Since mail can only be used in this way using the public key encryption of addressee's mail in block chain
The private key of recipient mailbox is decrypted, and the private key of recipient mailbox will not be transmitted in mail transmission process, in postal
It will not be spied upon in part transmission process, and then improve the security performance of mail.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In embodiment provided herein, it should be understood that disclosed device and method can pass through others
Mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
A kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, device or unit
It connects, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the embodiment of the present invention
Purpose.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, ROM, RAM, magnetic disc or CD etc. are various can to store program code
Medium.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.