CN113381852A - E-mail safety transmission method and system - Google Patents

E-mail safety transmission method and system Download PDF

Info

Publication number
CN113381852A
CN113381852A CN202010157057.8A CN202010157057A CN113381852A CN 113381852 A CN113381852 A CN 113381852A CN 202010157057 A CN202010157057 A CN 202010157057A CN 113381852 A CN113381852 A CN 113381852A
Authority
CN
China
Prior art keywords
mail
pki
ibc
receiver
digital certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010157057.8A
Other languages
Chinese (zh)
Inventor
王聪丽
王锦华
薛伟佳
任永攀
王渭清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202010157057.8A priority Critical patent/CN113381852A/en
Publication of CN113381852A publication Critical patent/CN113381852A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present disclosure provides a method and system for securely transmitting an email. A mail sender logs in a mail server by using a PKI digital certificate of the mail sender, and after the login is successful, the mail receiver address of the mail is used as an IBC public key to encrypt the content of the mail, and a PKI private key is called to sign the mail, and the processed mail is sent to a mail receiver through the mail server; after receiving the mail, the mail receiver verifies the signature of the received mail by using a Public Key Infrastructure (PKI) public key; and after the signature verification is successful, the mail receiver acquires a corresponding IBC private key from the third-party authentication platform, and decrypts the received mail by using the IBC private key to obtain a mail plaintext. According to the method and the system, the authenticity of the user is verified by utilizing the PKI certificate, and the safe transmission of the key is realized by utilizing an IBC (identity based password) system, so that the safe transmission of the mail can be effectively realized.

Description

E-mail safety transmission method and system
Technical Field
The present disclosure relates to the field of information security, and in particular, to a method and system for securely transmitting an email.
Background
In recent years, foreign institutions have a high tendency to steal information such as politics, economy, military affairs, science and technology and the like of China through mail systems. For example, a certain unit mail server may be overseas and long-term controlled, which may cause a great risk to information security.
The currently adopted mail sending mode is as follows: the mail sender encrypts the mail by using the key, and the mail receiver decrypts the mail by using the corresponding symmetric password or asymmetric key.
Disclosure of Invention
The inventor finds out through research that the existing mail sending scheme cannot solve the problems of authenticity of user identity, sender repudiation and secret key transmission safety.
Accordingly, the present disclosure provides a secure email transmission scheme, which verifies user authenticity by means of a PKI (Public Key Infrastructure) certificate, and realizes secure email transmission by means of an Identity-Based Cryptograph (IBC).
According to a first aspect of the embodiments of the present disclosure, there is provided a method for securely transmitting an email, including: the method comprises the steps that a mail sender logs in a mail server by using a PKI digital certificate of the mail sender, after the login is successful, the mail sender encrypts the content of the mail by using the address of a mail receiver of the mail as an IBC public key, calls a PKI private key to sign the mail, and sends the processed mail to the mail receiver through the mail server; after receiving the mail, the mail receiver verifies the signature of the received mail by using a Public Key Infrastructure (PKI) public key; and after the signature verification is successful, the mail receiver acquires a corresponding IBC private key from the third-party authentication platform, and decrypts the received mail by using the IBC private key to obtain a mail plaintext.
In some embodiments, the mail recipient obtaining the corresponding IBC private key from the third party authentication platform comprises: the mail receiver acquires a PKI digital certificate of the mail receiver from a PKI certificate authentication module of a third-party authentication platform and sends the acquired PKI digital certificate to an IBC key generation module of the third-party authentication platform; the IBC key generation module extracts a mail address of the mail receiver from the PKI digital certificate of the mail receiver after receiving the PKI digital certificate of the mail receiver, generates an IBC private key by using the mail address of the mail receiver, encrypts the IBC private key by using a PKI public key in the PKI digital certificate to generate an encryption key, and sends the encryption key to the mail receiver; the mail receiving party decrypts the encrypted key using the corresponding PKI private key to generate the IBC private key.
In some embodiments, the IBC key generation module, after receiving the PKI digital certificate of the mail recipient, further comprises: the IBC key generation module utilizes a PKI certificate authentication module to verify a PKI digital certificate of a mail receiver; after the PKI digital certificate of the mail receiver passes the verification, the IBC key generation module extracts the mail address of the mail receiver from the PKI digital certificate of the mail receiver.
In some embodiments, the mail address of the mail recipient is included in the public name CN field in the PKI digital certificate of the mail recipient.
In some embodiments, the PKI public key used by the mail recipient in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
In some embodiments, the mailer obtains a corresponding PKI digital certificate from a PKI certificate authentication module of the third party authentication platform.
According to a second aspect of the embodiments of the present disclosure, there is provided an email secure transmission system, including: the mail sender is configured to log in a mail server by using a PKI digital certificate of the mail sender, encrypt the content of the mail by using the address of a mail receiver of the mail as an IBC public key after the login is successful, call a PKI private key to sign the mail, and send the processed mail to the mail server; a mail server configured to transmit a mail transmitted by a mail transmitting side to a mail receiving side; the mail receiver is configured to verify the signature of the received mail by using a Public Key Infrastructure (PKI) after receiving the mail, and after the signature is successfully verified, the mail receiver acquires a corresponding Intermediate Bulk Carrier (IBC) private key from a third-party authentication platform and decrypts the received mail by using the IBC private key to obtain a mail plaintext; and the third party authentication platform is configured to provide the corresponding IBC private key for the mail receiving party.
In some embodiments, the third party authentication platform comprises a PKI certificate authentication module and an IBC key generation module, wherein: the mail receiver is configured to acquire a PKI digital certificate of the mail receiver from a PKI certificate authentication module of the third-party authentication platform and send the acquired PKI digital certificate to an IBC key generation module of the third-party authentication platform; after receiving the encryption key sent by the IBC key generation module, decrypting the encryption key by using a corresponding PKI private key to generate an IBC private key; the IBC key generation module is configured to extract a mail address of the mail receiver from the PKI digital certificate of the mail receiver after receiving the PKI digital certificate of the mail receiver, generate an IBC private key by using the mail address of the mail receiver, encrypt the IBC private key by using a PKI public key in the PKI digital certificate to generate an encryption key, and send the encryption key to the mail receiver.
In some embodiments, the IBC key generation module is configured to verify the PKI digital certificate of the mail recipient using the PKI certificate authentication module after receiving the PKI digital certificate of the mail recipient, and extract the mail address of the mail recipient from the PKI digital certificate of the mail recipient after the PKI digital certificate of the mail recipient is verified.
In some embodiments, the mail address of the mail recipient is included in the public name CN field in the PKI digital certificate of the mail recipient.
In some embodiments, the PKI public key used by the mail recipient in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
In some embodiments, the mailer is configured to obtain its PKI digital certificate from a PKI certificate authentication module of the third party authentication platform.
According to a third aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, in which computer instructions are stored, and when executed by a processor, the computer-readable storage medium implements the method according to any of the embodiments described above.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
FIG. 1 is a flow diagram of a secure method of delivery of an email according to one embodiment of the present disclosure;
FIG. 2 is a flow diagram of a secure method of delivery of email according to another embodiment of the disclosure;
FIG. 3 is a schematic block diagram of an email secure delivery system according to one embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an e-mail secure delivery system according to another embodiment of the present disclosure.
It should be understood that the dimensions of the various parts shown in the figures are not drawn to scale. Further, the same or similar reference numerals denote the same or similar components.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. The description of the exemplary embodiments is merely illustrative and is in no way intended to limit the disclosure, its application, or uses. The present disclosure may be embodied in many different forms and is not limited to the embodiments described herein. These embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. It should be noted that: the relative arrangement of parts and steps, the composition of materials and values set forth in these embodiments are to be construed as illustrative only and not as limiting unless otherwise specifically stated.
The use of the word "comprising" or "comprises" and the like in this disclosure means that the elements listed before the word encompass the elements listed after the word and do not exclude the possibility that other elements may also be encompassed.
All terms (including technical or scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs unless specifically defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
Fig. 1 is a flow diagram of a secure method of email delivery, according to one embodiment of the present disclosure.
In step 101, the sender of the mail logs on to the mail server using his own PKI digital certificate.
In some embodiments, the mailer obtains a corresponding PKI digital certificate from a PKI certificate authentication module of the third party authentication platform.
In step 102, after the login is successful, the mail sender encrypts the content of the mail by using the address of the mail receiver as the IBC public key, calls the PKI private key to sign the mail, and sends the processed mail to the mail receiver through the mail server.
In step 103, after receiving the mail, the mail receiver verifies the signature of the received mail by using the PKI public key.
In some embodiments, the PKI public key used by the mail recipient in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
In step 104, after the signature verification is successful, the mail receiver acquires a corresponding IBC private key from the third party authentication platform, and decrypts the received mail using the IBC private key to obtain a mail plaintext.
In some embodiments, the mail receiver acquires the PKI digital certificate of itself from the PKI certificate authentication module of the third party authentication platform, and sends the acquired PKI digital certificate to the IBC key generation module of the third party authentication platform. The IBC key generation module extracts the mail address of the mail receiver from the PKI digital certificate of the mail receiver after receiving the PKI digital certificate of the mail receiver, generates an IBC private key by using the mail address of the mail receiver, encrypts the IBC private key by using the PKI public key in the PKI digital certificate to generate an encryption key, and sends the encryption key to the mail receiver. The mail receiving party decrypts the encrypted key using the corresponding PKI private key to generate the IBC private key.
In some embodiments, after the IBC key generation module receives the PKI digital certificate of the mail recipient, the IBC key generation module verifies the PKI digital certificate of the mail recipient using the PKI certificate authentication module. After the PKI digital certificate of the mail receiver passes the verification, the IBC key generation module extracts the mail address of the mail receiver from the PKI digital certificate of the mail receiver.
In some embodiments, the mail address of the mail recipient is included in a CN (Common Name) field in the PKI digital certificate of the mail recipient.
In the secure transmission method of the e-mail provided by the above embodiment of the present disclosure, the PKI certificate is used to verify the authenticity of the user, and the IBC cryptosystem is used to ensure the security of the secret key, thereby effectively realizing the secure transmission of the e-mail.
Fig. 2 is a flow diagram of a secure method of email delivery, according to another embodiment of the disclosure.
In step 201, the mail sender sends a certificate acquisition request to a PKI certificate authentication module of the third party authentication platform.
At step 202, the PKI certificate authentication module sends the corresponding PKI digital certificate to the mail sender.
In step 203, the mail transmitter transmits a login request to the mail server.
At step 204, the mail server verifies the PKI digital certificate of the mail sender.
After the verification is successful, the mail server sends an indication of successful verification to the sender of the mail, step 205.
In step 206, after the mail sender successfully verifies and logs in the mail server, the mail receiver address of the mail is used as the IBC public key to encrypt the content of the mail, and the PKI private key is called to sign the mail.
In step 207, the mail sender sends the processed mail to the mail server.
In step 208, the mail server sends the received mail to the mail recipient.
In step 209, the mail receiver verifies the signature of the received mail using the PKI public key after receiving the mail.
In some embodiments, the PKI public key used by the mail recipient in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
In step 210, after the signature verification is successful, the mail receiver sends a certificate acquisition request to a PKI certificate authentication module of the third party authentication platform.
In step 211, the PKI certificate authentication module of the third party authentication platform sends the corresponding PKI digital certificate to the mail receiver.
At step 212, the mail recipient sends the PKI digital certificate to the IBC key generation module of the third party certification platform.
In step 213, the IBC key generation module verifies the PKI digital certificate of the mail recipient using the PKI certificate authentication module.
In step 214, after the PKI digital certificate of the mail receiver passes the verification, the IBC key generation module extracts the mail address of the mail receiver from the CN field in the PKI digital certificate of the mail receiver, generates an IBC private key by using the mail address of the mail receiver, and encrypts the IBC private key by using the PKI public key in the PKI digital certificate to generate an encryption key.
In step 215, the IBC key generation module sends the encryption key to the mail recipient.
At step 216, the mail recipient decrypts the encrypted key using the corresponding PKI private key to generate the IBC private key.
In step 217, the mail receiver decrypts the received mail using the IBC private key to obtain the mail plaintext.
Fig. 3 is a schematic structural diagram of an e-mail secure delivery system according to one embodiment of the present disclosure. As shown in fig. 3, the e-mail secure transmission system includes a mail sender 31, a mail server 32, a mail receiver 33, and a third party authentication platform 34.
The mail sender 31 is configured to log in the mail server by using its PKI digital certificate, encrypt the contents of the mail by using the mail receiver address of the mail as the IBC public key after the login is successful, perform signature processing on the mail by calling the PKI private key, and send the processed mail to the mail server 32.
The mail server 32 is configured to transmit the received mail to the mail recipient 33.
The mail receiver 33 is configured to verify the signature of the received mail by using the PKI public key after receiving the mail, and after the signature verification is successful, the mail receiver obtains the corresponding IBC private key from the third party authentication platform and decrypts the received mail by using the IBC private key to obtain the mail plaintext.
In some embodiments, the PKI public key used by the mail recipient in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
The third party authentication platform 34 is configured to provide the mail recipient with the corresponding IBC private key.
Fig. 4 is a schematic structural diagram of an e-mail secure delivery system according to another embodiment of the present disclosure. Fig. 4 differs from fig. 3 in that, in the embodiment shown in fig. 4, the third party authentication platform 34 includes a PKI certificate authentication module 341 and an IBC key generation module 342.
As shown in fig. 4, the mail receiver 33 is configured to acquire the PKI digital certificate of itself from the PKI certificate authentication module 341 of the third party authentication platform 34 and transmit the acquired PKI digital certificate to the IBC key generation module of the third party authentication platform.
The PKI certificate authentication module 341 is configured to provide the mail recipient 33 with a PKI digital certificate.
The IBC key generation module 342 is configured to, after receiving the PKI digital certificate of the mail receiver 33, extract the mail address of the mail receiver 33 from the PKI digital certificate of the mail receiver 33, generate an IBC private key using the mail address of the mail receiver 33, encrypt the IBC private key using the PKI public key in the PKI digital certificate to generate an encryption key, and send the encryption key to the mail receiver 33.
In some embodiments, the IBC key generation module 342 is configured to verify the PKI digital certificate of the mail receiver 33 by using the PKI certificate authentication module after receiving the PKI digital certificate of the mail receiver 33, and extract the mail address of the mail receiver from the PKI digital certificate of the mail receiver 33 after the PKI digital certificate of the mail receiver 33 is verified.
In some embodiments, the mailing address of the mailing recipient is included in a CN field in the PKI digital certificate of the mailing recipient.
After receiving the encryption key sent by the IBC key generation module 342, the mail receiver 33 decrypts the encryption key by using the corresponding PKI private key to generate the IBC private key.
In some embodiments, the mailer 31 obtains the corresponding PKI digital certificate from the PKI certificate authentication module 341 of the third party authentication platform 34.
It should be noted that, in a scenario where the user a sends a mail to the user B, the user a is a mail sender, and the user B is a mail receiver. In the case where the user B replies a mail to the user a, the user B changes to a mail sender, and the user a changes to a mail receiver. The above-described embodiment is applicable to both the user a and the user B regardless of which party is the mail sender and which party is the mail receiver.
The present disclosure also provides a computer-readable storage medium. The computer-readable storage medium stores computer instructions, which when executed by the processor implement the method according to any one of the embodiments of fig. 1-4.
In some embodiments, the functional modules may be implemented as a general purpose Processor, a Programmable Logic Controller (PLC), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable Logic device, discrete Gate or transistor Logic, discrete hardware components, or any suitable combination thereof, for performing the functions described in this disclosure.
So far, embodiments of the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be understood by those skilled in the art that various changes may be made in the above embodiments or equivalents may be substituted for elements thereof without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (13)

1. An e-mail secure transmission method, comprising:
a mail sender logs in a mail server by using a PKI digital certificate of the mail sender;
after the login is successful, the mail sender encrypts the content of the mail by using the address of the mail receiver of the mail as an IBC public key, calls a PKI private key to sign the mail, and sends the processed mail to the mail receiver through a mail server;
after receiving the mail, the mail receiver verifies the signature of the received mail by using a Public Key Infrastructure (PKI) public key;
and after the signature verification is successful, the mail receiver acquires a corresponding IBC private key from the third-party authentication platform, and decrypts the received mail by using the IBC private key to obtain a mail plaintext.
2. The method of claim 1, wherein the mail recipient obtaining the corresponding IBC private key from the third party authentication platform comprises:
the mail receiver acquires a PKI digital certificate of the mail receiver from a PKI certificate authentication module of a third-party authentication platform and sends the acquired PKI digital certificate to an IBC key generation module of the third-party authentication platform;
the IBC key generation module extracts a mail address of the mail receiver from the PKI digital certificate of the mail receiver after receiving the PKI digital certificate of the mail receiver, generates an IBC private key by using the mail address of the mail receiver, encrypts the IBC private key by using a PKI public key in the PKI digital certificate to generate an encryption key, and sends the encryption key to the mail receiver;
the mail receiving party decrypts the encrypted key using the corresponding PKI private key to generate the IBC private key.
3. The method of claim 2, wherein the IBC key generation module, upon receiving the PKI digital certificate of the mail recipient, further comprises:
the IBC key generation module utilizes a PKI certificate authentication module to verify a PKI digital certificate of a mail receiver;
after the PKI digital certificate of the mail receiver passes the verification, the IBC key generation module extracts the mail address of the mail receiver from the PKI digital certificate of the mail receiver.
4. The method of claim 2, wherein,
the mail address of the mail recipient is included in the public name CN field in the PKI digital certificate of the mail recipient.
5. The method of claim 1, wherein,
the PKI public key used by the mail receiver in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
6. The method of claims 1-5, further comprising:
and the mail sender acquires a corresponding PKI digital certificate from a PKI certificate authentication module of the third-party authentication platform.
7. An e-mail secure delivery system comprising:
the mail sender is configured to log in a mail server by using a PKI digital certificate of the mail sender, encrypt the content of the mail by using the address of a mail receiver of the mail as an IBC public key after the login is successful, call a PKI private key to sign the mail, and send the processed mail to the mail server;
a mail server configured to transmit a mail transmitted by a mail transmitting side to a mail receiving side;
the mail receiver is configured to verify the signature of the received mail by using a Public Key Infrastructure (PKI) after receiving the mail, and after the signature is successfully verified, the mail receiver acquires a corresponding Intermediate Bulk Carrier (IBC) private key from a third-party authentication platform and decrypts the received mail by using the IBC private key to obtain a mail plaintext;
and the third party authentication platform is configured to provide the corresponding IBC private key for the mail receiving party.
8. The system of claim 7, the third party certification platform comprising a PKI certificate certification module and an IBC key generation module, wherein:
the mail receiver is configured to acquire a PKI digital certificate of the mail receiver from a PKI certificate authentication module of the third-party authentication platform and send the acquired PKI digital certificate to an IBC key generation module of the third-party authentication platform; and after receiving the encryption key sent by the IBC key generation module, decrypting the encryption key by using a corresponding PKI private key to generate an IBC private key.
The IBC key generation module is configured to extract a mail address of the mail receiver from the PKI digital certificate of the mail receiver after receiving the PKI digital certificate of the mail receiver, generate an IBC private key by using the mail address of the mail receiver, encrypt the IBC private key by using a PKI public key in the PKI digital certificate to generate an encryption key, and send the encryption key to the mail receiver.
9. The system of claim 8, wherein,
the IBC key generation module is configured to verify the PKI digital certificate of the mail receiver by using the PKI certificate authentication module after receiving the PKI digital certificate of the mail receiver, and extract the mail address of the mail receiver from the PKI digital certificate of the mail receiver after the PKI digital certificate of the mail receiver passes the verification.
10. The system of claim 8, wherein,
the mail address of the mail recipient is included in the public name CN field in the PKI digital certificate of the mail recipient.
11. The system of claim 7, wherein,
the PKI public key used by the mail receiver in verifying the signature of the received mail is the PKI digital certificate of the mail sender.
12. The system of claim 8, wherein,
the mail sender is configured to obtain a PKI digital certificate of the mail sender from a PKI certificate authentication module of the third-party authentication platform.
13. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions which, when executed by a processor, implement the method of any one of claims 1-6.
CN202010157057.8A 2020-03-09 2020-03-09 E-mail safety transmission method and system Pending CN113381852A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010157057.8A CN113381852A (en) 2020-03-09 2020-03-09 E-mail safety transmission method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010157057.8A CN113381852A (en) 2020-03-09 2020-03-09 E-mail safety transmission method and system

Publications (1)

Publication Number Publication Date
CN113381852A true CN113381852A (en) 2021-09-10

Family

ID=77568376

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010157057.8A Pending CN113381852A (en) 2020-03-09 2020-03-09 E-mail safety transmission method and system

Country Status (1)

Country Link
CN (1) CN113381852A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650181A (en) * 2022-03-31 2022-06-21 西安电子科技大学 E-mail encryption and decryption method, system, equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060123476A1 (en) * 2004-02-12 2006-06-08 Karim Yaghmour System and method for warranting electronic mail using a hybrid public key encryption scheme
CN1968091A (en) * 2006-07-19 2007-05-23 王李琰 Email authentication and reliable sorted transmission method for identifier-based cryptographic technique
CN105407094A (en) * 2015-11-23 2016-03-16 广东数字证书认证中心有限公司 Method and device for improving safety of e-mail, safe e-mail agent system
CN108229188A (en) * 2017-12-29 2018-06-29 齐宇庆 It is a kind of to be signed documents with tagged keys and verification method
US20190141524A1 (en) * 2016-07-06 2019-05-09 Huawei Technologies Co., Ltd. Transmission Data Protection System, Method, and Apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060123476A1 (en) * 2004-02-12 2006-06-08 Karim Yaghmour System and method for warranting electronic mail using a hybrid public key encryption scheme
CN1968091A (en) * 2006-07-19 2007-05-23 王李琰 Email authentication and reliable sorted transmission method for identifier-based cryptographic technique
CN105407094A (en) * 2015-11-23 2016-03-16 广东数字证书认证中心有限公司 Method and device for improving safety of e-mail, safe e-mail agent system
US20190141524A1 (en) * 2016-07-06 2019-05-09 Huawei Technologies Co., Ltd. Transmission Data Protection System, Method, and Apparatus
CN108229188A (en) * 2017-12-29 2018-06-29 齐宇庆 It is a kind of to be signed documents with tagged keys and verification method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650181A (en) * 2022-03-31 2022-06-21 西安电子科技大学 E-mail encryption and decryption method, system, equipment and computer readable storage medium
CN114650181B (en) * 2022-03-31 2023-06-09 西安电子科技大学 E-mail encryption and decryption method, system, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
US8737624B2 (en) Secure email communication system
WO2008116060A1 (en) Secure electronic messaging system requiring key retrieval for deriving decryption key
CN101466079A (en) Method, system and WAPI terminal for transmitting e-mail
CN103428077B (en) A kind of method and system being safely receiving and sending mails
CN102740239B (en) The method and system of secure transmission of media information
US7660987B2 (en) Method of establishing a secure e-mail transmission link
CN102170419A (en) A secure mail client system and a method thereof
CN104662941A (en) Supporting the use of a secret key
CN113285803A (en) Mail transmission system and transmission method based on quantum security key
CN102006303A (en) Method and terminal for increasing data transmission safety by using multi-encryption method
CN103297230B (en) Information encipher-decipher method, Apparatus and system
CN113346995A (en) Quantum security key-based method and system for preventing mail from being tampered in transmission process
Nurhaida et al. Digital signature & encryption implementation for increasing authentication, integrity, security and data non-repudiation
CN103973713A (en) Transfer method, extraction method and processing system for electronic mail information
CN103973714A (en) E-mail account generating method and system
CN103078743A (en) E-mail IBE (Internet Booking Engine) encryption realizing method
JP3308561B2 (en) E-mail communication method and sender terminal
US20140181516A1 (en) Detection method for fraudulent mail, detection program therefor, and detection device therefor
CN113381852A (en) E-mail safety transmission method and system
CN102195782A (en) Two-way identity authentication method with integration of identity and password for mailing system
CN105743884A (en) Mail hiding method and mail hiding system
WO2009054807A1 (en) Secure messaging using outband mode authentication
CN103986724B (en) Email real name identification method and system
Al-Hammadi et al. Certified exchange of electronic mail (CEEM)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210910