CN112994899A - Safe mail receiving and sending method for mobile terminal - Google Patents
Safe mail receiving and sending method for mobile terminal Download PDFInfo
- Publication number
- CN112994899A CN112994899A CN202110387563.0A CN202110387563A CN112994899A CN 112994899 A CN112994899 A CN 112994899A CN 202110387563 A CN202110387563 A CN 202110387563A CN 112994899 A CN112994899 A CN 112994899A
- Authority
- CN
- China
- Prior art keywords
- signature
- verification
- certificate
- server
- digital envelope
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012795 verification Methods 0.000 claims abstract description 90
- 101000759879 Homo sapiens Tetraspanin-10 Proteins 0.000 claims description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 3
- 102100024990 Tetraspanin-10 Human genes 0.000 claims description 3
- 238000011161 development Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a mobile terminal safety mail receiving and sending method, which comprises the following steps: when a sender sends a mail, an ActiveX control of a browser calls an interface for making a digital envelope with a signature, and submits an information original text, an encryption algorithm, an encryption certificate DN and a signature certificate DN to a signature server, the server makes an Attached signature on the original text first, then makes a digital envelope on a signature result, forms the digital envelope with the signature and returns the digital envelope to the control, and the sender sends a receiver through a sending system; when a receiver opens the mail, the browser calls a decryption digital envelope interface with the signature, the digital envelope with the signature is sent to the signature server, the server decrypts the envelope data to obtain an Attached signature packet, then the Attached signature packet is verified, and a verification result and an original text in the Attached signature packet are returned to the receiver. The invention effectively ensures the confidentiality, the integrity and the non-repudiation of the information of the mail.
Description
Technical Field
The invention belongs to the technical field of digital content security, and particularly relates to a mobile terminal security mail receiving and sending method.
Background
In the current internet environment in china, along with the increasing development of social networks and social software, the importance of electronic mailboxes to ordinary individual users has been greatly reduced. However, for enterprise users, email boxes are still the most important "office supplies" for network offices. For some enterprises with higher IT degree, the electronic mailbox of the enterprise user often undertakes the following important office functions:
identity identification in enterprise intranet authority management.
The communication channel of important office information in the enterprise is provided with certain confidentiality.
The formal platform for communication between the enterprise and the outside has certain legal effectiveness for information interaction.
Therefore, once the mailbox of the enterprise user is attacked, the content of the mail is stolen, the account is counterfeited, and the computer is infected with viruses, so that the threat is not only a certain employee individual or individual terminal device of the enterprise, but also the whole intranet system of the enterprise and various external business cooperation of the enterprise can be endangered.
Currently, most mailbox systems are developed and applied based on Linux, Unix and Windows platforms, and in consideration of the security problem of Windows operating systems, most mailbox systems in practical application are installed in Linux and Unix operating systems, but the attack of hackers on the mailbox systems cannot be avoided. The enterprise mailbox is the first way for hackers to launch network attacks on enterprises, and the business cooperation and property security of the enterprises are endangered. An attacker only needs to try 10 times, and about 1097.6 ten thousand enterprise mailboxes can be successfully cracked nationwide. The enterprise mailbox contains a large amount of business secrets and important data information, and once the business secrets are broken and lost, immeasurable influence and loss are brought to the development of the enterprise, so the enterprise mailbox system is also often called a 'life-death line' of the enterprise.
Disclosure of Invention
The invention provides a method for sending and receiving a mobile terminal safe mail for solving the technical problem.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the first technical scheme is as follows:
a mobile terminal safe mail receiving and sending method comprises a digital signature and a digital signature verification;
the digital signature specifically comprises: when a sender sends a mail, an ActiveX control system of a browser calls a signature interface of a signature server, information including a data original text and a signature certificate theme is sent to the signature server, the signature server searches a corresponding private key certificate or a certificate chain in a signature certificate configured by the signature service according to the signature certificate theme information after receiving a signature request, and after finding the signature certificate, the ActiveX control system performs summary operation on the data original text according to a specified summary algorithm, uses a signature private key to sign a summary value according to the specified signature algorithm, and finally returns a signature result to the ActiveX control system, and the sender sends a receiver through a mail sending system;
the types of the digital signature comprise common signature verification and post signature verification;
the common verification tag specifically comprises the following steps: when a receiver opens or downloads a mail, an ActiveX control system of the browser calls a verification signature interface of a signature server and sends signature information to be verified to the signature server, and the signature server firstly verifies the validity of a signature certificate and comprises the following steps: (1) searching a corresponding trust domain in a trust domain configured by a signature verification service according to the information of an issuer of a signature certificate; (2) verifying the validity period of the signature certificate; (3) verifying whether the signature of the signature certificate is legal or not by using the found trust domain; (4) and verifying whether the state of the signature certificate is normal through the downloaded CRL file or the OCSP server. On the premise that the signature certificate passes verification, the signature server verifies the signature result, firstly, a public key of the signature certificate is utilized to solve the abstract of the original text from the signature result, meanwhile, the ActiveX control system regenerates the abstract of the original text according to a specified abstract algorithm, the two abstract values are compared, and if the results are consistent, the original text is not tampered, and the verification is passed; if any verification link fails in the verification process, the verification fails, and the verification result is returned to the receiver;
the post-affair signature specifically comprises the following steps: and verifying the signature certificate through the trust chain, and considering that the transaction certificate is legal and valid as long as the signature result is verified to be legal.
Further, the specified summarization algorithm comprises any one of SHA1, SHA224, SHA256, SHA384, SHA512 and SM 3;
the designated signature algorithm adopts RSA asymmetric key algorithm or SM2 signature algorithm; if the RSA asymmetric key algorithm is adopted, PKCS1Padding is needed during signing.
Furthermore, the types of the digital signature also comprise bar code verification, PDF signature verification and XML verification.
Further, the bar code verification specifically comprises: the browser control system of the receiver needs to take out the original signature result from the database, call the signature server to check the signature after affairs, calculate the abstract value in the signature result after verification is passed, and compare the abstract value with the bar code data to verify whether the bar code data on the medium is correct.
The PDF verification tag specifically comprises the following steps: PDF signature verification is carried out by adopting an Adobe Reader tool.
The XML verification specifically comprises the following steps: and the ActiveX control system of the browser can automatically judge the signature type of the browser according to the received signature information, perform corresponding verification operation according to the requested verification mode and return a verification result.
Further, the digital envelope and the decrypted digital envelope are also included;
the digital envelope specifically comprises: when a sender sends a mail, an ActiveX control system of a browser calls a digital envelope interface of a signature server, information such as an information original text, an encryption certificate theme, a symmetric encryption algorithm and the like is sent to the signature server, the signature server randomly generates a symmetric key, the key is used for encrypting the original text according to a specified encryption algorithm, the specified encryption certificate is used for encrypting the symmetric key, the digital envelope is finally formed and returned to an ActiveX control system of the browser, and the sender sends a receiver through a mail sending system; when the DN of the encryption certificate is not specified in the interface calling, the first encryption certificate configured in the digital envelope service is used by default;
the decrypted digital envelope specifically comprises: when a receiver opens or downloads the mail, the ActiveX control system of the browser calls a decryption digital envelope interface of the signature server to send the content of the digital envelope to the signature server, the signature server searches a corresponding private key in the digital envelope service according to the certificate identification in the digital envelope, if the private key is found, the private key is used for decryption to obtain a symmetric key, then the symmetric key is used for decrypting the original text according to a specified encryption algorithm, and the original text is returned to the receiver.
Furthermore, the digital signature and the digital envelope are carried out in a mode of including a digital envelope with a signature, and the digital signature verification and the decryption of the digital envelope are carried out in a mode of decrypting the digital envelope with the signature;
the digital envelope with the signature specifically comprises: when a sender sends a mail, the ActiveX control system of the browser calls a digital envelope interface with a signature of a signature server, information text, an encryption algorithm, an encryption certificate DN and a signature certificate DN are submitted to the signature server, the server firstly signs the text in an Attached manner, then the server makes a digital envelope for a signature result, the digital envelope with the signature is formed and returned to the ActiveX control system of the browser, and the sender sends a receiver through the mail sending system.
The digital envelope with the signature is decrypted specifically as follows: when a receiver opens or downloads the mail, the ActiveX control system of the browser calls a digital envelope interface with a signature for decryption of the signature server, the digital envelope with the signature is sent to the signature server, the server decrypts the envelope data to obtain an Attached signature packet therein, then the signature packet is verified, and the verification result and the original text in the Attached signature packet are returned to the receiver.
The second technical scheme is as follows:
a mobile terminal safe mail receiving and sending system comprises a signature server and a client based on a browser ActiveX control.
When a sender sends a mail, a client of an ActiveX control based on a browser calls a signature interface of a signature server, information including a data original text and a signature certificate theme is sent to the signature server, the signature server searches a corresponding private key certificate or a certificate chain in a signature certificate configured by the signature service according to the signature certificate theme information after receiving a signature request, and after finding the signature certificate, an ActiveX control system performs summary operation on the data original text according to a specified summary algorithm, signs a summary value by using a signature private key according to the specified signature algorithm, and finally returns a signature result to the client, and the sender sends a receiver through a mail sending system.
Further, the running platform of the signature server is a national embedded platform of million-core + Chinese Koidede, dragon-core + Nakaokylin, Feiteng + Galaxy kylin.
Compared with the prior art, the invention has the following beneficial effects:
the invention adopts a system architecture based on PKI and an electronic signature solution which supports the complete and independent operation of different applications, thereby ensuring the information confidentiality, the information integrity, the non-repudiation and the post traceability in the mail receiving and sending application.
Drawings
FIG. 1 is a flowchart illustrating a secure mailing method for a mobile station according to an embodiment of the present invention;
Detailed Description
The present invention will be described in further detail with reference to examples.
The invention discloses an embodiment of a mobile terminal safety mail receiving and sending method, which comprises a digital signature and a digital signature verification;
the digital signature specifically comprises: when a sender sends a mail, an ActiveX control system of a browser calls a signature interface of a signature server, information including a data original text and a signature certificate theme is sent to the signature server, the signature server searches a corresponding private key certificate or a certificate chain in a signature certificate configured by the signature service according to the signature certificate theme information after receiving a signature request, and after finding the signature certificate, the ActiveX control system performs summary operation on the data original text according to a specified summary algorithm, uses a signature private key to sign a summary value according to the specified signature algorithm, and finally returns a signature result to the ActiveX control system, and the sender sends a receiver through a mail sending system;
the signature server provides various types of signature interfaces,
the types of the digital signature comprise common signature verification and post signature verification;
the signature server provides common signature checking interfaces for the Attached signature, the Detached signature, the RAW signature and the XML signature.
The common verification tag specifically comprises the following steps: when a receiver opens or downloads a mail, an ActiveX control system of the browser calls a verification signature interface of a signature server and sends signature information to be verified to the signature server, and the signature server firstly verifies the validity of a signature certificate and comprises the following steps: (1) searching a corresponding trust domain in a trust domain configured by a signature verification service according to the information of an issuer of a signature certificate; (2) verifying the validity period of the signature certificate; (3) verifying whether the signature of the signature certificate is legal or not by using the found trust domain; (4) and verifying whether the state of the signature certificate is normal through the downloaded CRL file or the OCSP server. On the premise that the signature certificate passes verification, the signature server verifies the signature result, firstly, a public key of the signature certificate is utilized to solve the abstract of the original text from the signature result, meanwhile, the ActiveX control system regenerates the abstract of the original text according to a specified abstract algorithm, the two abstract values are compared, and if the results are consistent, the original text is not tampered, and the verification is passed; if any verification link fails in the verification process, the verification fails, and the verification result is returned to the receiver;
the post-affair signature specifically comprises the following steps: verifying the signature certificate through a trust chain, and considering that the transaction certificate is legal and valid as long as the signature result is verified to be legal;
as the name implies, post-transaction signature verification is a way to verify the transaction credential post-transaction, with a lag in time. Therefore, the mode is different from the common label checking mode in that: it does not verify the validity period and validity status of the certificate. Therefore, as long as the signature certificate passes the trust chain verification and the signature result is verified to be legal, the transaction certificate can be considered to be legal and valid.
Further, the specified summarization algorithm comprises any one of SHA1, SHA224, SHA256, SHA384, SHA512 and SM 3;
further, the specified signature algorithm adopts RSA asymmetric key algorithm or SM2 signature algorithm; if the RSA asymmetric key algorithm is adopted, PKCS1Padding is needed during signing.
Furthermore, the types of the digital signature also comprise bar code verification, PDF signature verification and XML verification.
The bar code verification specifically comprises the following steps: the signature server does not support direct verification of the bar code symbol, and a receiver needs to read the bar code data on the medium by using a code scanning device and select a proper mode to verify the bar code data. The browser control system of the receiver needs to take out the original signature result from the database, call the signature server to check the signature after affairs, calculate the abstract value in the signature result after verification is passed, and compare the abstract value with the bar code data to verify whether the bar code data on the medium is correct.
The PDF verification tag specifically comprises the following steps: PDF signature verification is carried out by adopting an Adobe Reader tool.
The Adobe Reader tool supports PDF signature verification. When a user opens a signed PDF file using Adobe Reader, all signatures in the document are automatically verified by default.
The XML verification specifically comprises the following steps: and the ActiveX control system of the browser can automatically judge the signature type of the browser according to the received signature information, perform corresponding verification operation according to the requested verification mode and return a verification result.
The signature server provides a uniform signature verification interface (divided into a common signature verification interface and a post signature verification interface) for the XML signature. The system can automatically judge the signature type according to the received signature information, carry out corresponding verification operation according to the requested verification mode and return a verification result.
The system supports the normalized XML verification, namely, the signature result is normalized before verification, and under the normal condition, if the XML original text is selected to be normalized during signature, the normalized XML verification is also selected during signature verification.
The digital signature realizes the identity authentication of the user, and ensures the integrity of data in the transmission process and the non-repudiation of transaction; however, any person who possesses the sender's public key can verify the correctness of the digital signature, and thus the confidentiality of the data cannot be guaranteed.
In order to ensure the confidentiality of data, the invention discloses another embodiment of a mobile terminal safety mail receiving and sending method, which comprises a digital envelope and a decrypted digital envelope;
the digital envelope specifically comprises: the signature server provides a uniform digital envelope interface, when a sender sends a mail, an ActiveX control system of the browser calls the digital envelope interface of the signature server to send information such as an information original text, an encryption certificate theme and a symmetric encryption algorithm to the signature server, the signature server randomly generates a symmetric key, encrypts the original text by the key according to a specified encryption algorithm, encrypts the symmetric key by using a specified encryption certificate, finally forms a digital envelope and returns the digital envelope to the ActiveX control system of the browser, and the sender sends a receiver through the mail sending system; when the DN of the encryption certificate is not specified in the interface calling, the first encryption certificate configured in the digital envelope service is used by default;
the decrypted digital envelope specifically comprises: the signature server provides a uniform decryption digital envelope interface, when a receiver opens or downloads a mail, an ActiveX control system of the browser calls the decryption digital envelope interface of the signature server to send the content of the digital envelope to the signature server, the signature server searches a corresponding private key in the digital envelope service according to a certificate mark in the digital envelope, if the private key is found, the private key is used for decryption to obtain a symmetric key, then the symmetric key is used for decrypting an original text according to a specified encryption algorithm, and the original text is returned to the receiver.
The digital envelope is a typical application of PKI, the inner layer of the digital envelope applies a symmetric encryption technology, the outer layer of the digital envelope applies a public key encryption technology, and the efficiency of encryption and decryption operation is improved to the maximum while the flexibility of the public key encryption technology is enjoyed; it still does not address "who is you? "i.e. the sender cannot be authenticated, and the integrity of the data and the non-repudiation of the transaction cannot be guaranteed.
Therefore, in order to solve the problems of confidentiality of information and identity authentication of a sender, the integrity of data and non-repudiation of transaction cannot be guaranteed, as shown in fig. 1, the invention discloses a preferred embodiment of a mobile terminal secure mail receiving and sending method, which comprises a digital envelope with a signature and a digital envelope with a signature;
the digital envelope with the signature specifically comprises: the signature server provides a uniform digital envelope interface for making a signature, when a sender sends a mail, an ActiveX control system of the browser calls the digital envelope interface with the signature of the signature server, an information original text, an encryption algorithm, an encryption certificate DN and a signature certificate DN are submitted to the signature server, the server makes an ordered signature on the original text first, then makes a digital envelope on a signature result, forms the digital envelope with the signature and returns the digital envelope to the ActiveX control system of the browser, and the sender sends a receiver through the mail sending system;
the digital envelope with the signature is decrypted specifically as follows: the signature server provides a uniform interface for decrypting the digital envelope with the signature, when a receiver opens or downloads a mail, the ActiveX control system of the browser calls the digital envelope interface with the signature for decrypting the signature of the signature server and sends the digital envelope with the signature to the signature server, the server decrypts the envelope data to obtain an Attached signature packet therein, then verifies the signature packet, and returns the verification result and the original text in the Attached signature packet to the receiver.
In order to realize the method, the invention also discloses a mobile terminal safe mail receiving and sending system which comprises a signature server and a client terminal based on the browser ActiveX control. When a sender sends a mail, a client of an ActiveX control based on a browser calls a signature interface of a signature server, information including a data original text and a signature certificate theme is sent to the signature server, the signature server searches a corresponding private key certificate or a certificate chain in a signature certificate configured by the signature service according to the signature certificate theme information after receiving a signature request, and after finding the signature certificate, an ActiveX control system performs summary operation on the data original text according to a specified summary algorithm, signs a summary value by using a signature private key according to the specified signature algorithm, and finally returns a signature result to the client, and the sender sends a receiver through a mail sending system.
Further, the running platform of the signature server is a national embedded platform of million-core + Chinese Koidede, dragon-core + Nakaokylin, Feiteng + Galaxy kylin;
furthermore, the client provides development interfaces of JAVA and NET languages, and supports a universal Web application server. The ActiveX control system realizes the functions of signing/signature verification of original text data (files and form data), digital envelopes and the like by calling the function interfaces; the user can also sign the original text data (character string or separate data file) submitted in the transaction process by using the own certificate (private key) and can verify the signature from the server side.
The embodiments described above are only preferred embodiments of the invention and are not exhaustive of the possible implementations of the invention. Any obvious modifications to the above would be obvious to those of ordinary skill in the art, but would not bring the invention so modified beyond the spirit and scope of the present invention.
Claims (6)
1. A mobile terminal safe mail receiving and sending method is characterized by comprising a digital signature and a digital signature verification;
the digital signature specifically comprises: when a sender sends a mail, an ActiveX control system of a browser calls a signature interface of a signature server, information including a data original text and a signature certificate theme is sent to the signature server, the signature server searches a corresponding private key certificate or a certificate chain in a signature certificate configured by the signature service according to the signature certificate theme information after receiving a signature request, and after finding the signature certificate, the ActiveX control system performs summary operation on the data original text according to a specified summary algorithm, uses a signature private key to sign a summary value according to the specified signature algorithm, and finally returns a signature result to the ActiveX control system, and the sender sends a receiver through a mail sending system;
the types of the digital signature comprise common signature verification and post signature verification;
the common verification tag specifically comprises the following steps: when a receiver opens or downloads a mail, an ActiveX control system of the browser calls a verification signature interface of a signature server and sends signature information to be verified to the signature server, and the signature server firstly verifies the validity of a signature certificate and comprises the following steps: (1) searching a corresponding trust domain in a trust domain configured by a signature verification service according to the information of an issuer of a signature certificate; (2) verifying the validity period of the signature certificate; (3) verifying whether the signature of the signature certificate is legal or not by using the found trust domain; (4) and verifying whether the state of the signature certificate is normal through the downloaded CRL file or the OCSP server. On the premise that the signature certificate passes verification, the signature server verifies the signature result, firstly, a public key of the signature certificate is utilized to solve the abstract of the original text from the signature result, meanwhile, the ActiveX control system regenerates the abstract of the original text according to a specified abstract algorithm, the two abstract values are compared, and if the results are consistent, the original text is not tampered, and the verification is passed; if any verification link fails in the verification process, the verification fails, and the verification result is returned to the receiver;
the post-affair signature specifically comprises the following steps: and verifying the signature certificate through the trust chain, and considering that the transaction certificate is legal and valid as long as the signature result is verified to be legal.
2. The method as claimed in claim 1, wherein the specified digest algorithm includes any one of SHA1, SHA224, SHA256, SHA384, SHA512 and SM 3;
the designated signature algorithm adopts RSA asymmetric key algorithm or SM2 signature algorithm; if the RSA asymmetric key algorithm is adopted, PKCS1Padding is needed during signing.
3. The method as claimed in claim 1, wherein the type of the digital signature further includes barcode verification, PDF signature verification, and XML verification.
4. The method as claimed in claim 3, wherein the mobile terminal sends the mail to the mobile terminal,
the bar code verification specifically comprises the following steps: the browser control system of the receiver needs to take out an original signature result from a database, call a signature server to check a signature after affairs, calculate a digest value in the signature result after verification is passed, and compare the digest value with the barcode data to verify whether the barcode data on the medium is correct or not;
the PDF verification tag specifically comprises the following steps: PDF signature verification is carried out by adopting an Adobe Reader tool;
the XML verification specifically comprises the following steps: and the ActiveX control system of the browser can automatically judge the signature type of the browser according to the received signature information, perform corresponding verification operation according to the requested verification mode and return a verification result.
5. The mobile-side secure mailing method of claim 1, further comprising a digital envelope and a decrypted digital envelope;
the digital envelope specifically comprises: when a sender sends a mail, an ActiveX control system of a browser calls a digital envelope interface of a signature server, information such as an information original text, an encryption certificate theme, a symmetric encryption algorithm and the like is sent to the signature server, the signature server randomly generates a symmetric key, the key is used for encrypting the original text according to a specified encryption algorithm, the specified encryption certificate is used for encrypting the symmetric key, the digital envelope is finally formed and returned to an ActiveX control system of the browser, and the sender sends a receiver through a mail sending system;
the decrypted digital envelope specifically comprises: when a receiver opens or downloads the mail, the ActiveX control system of the browser calls a decryption digital envelope interface of the signature server to send the content of the digital envelope to the signature server, the signature server searches a corresponding private key in the digital envelope service according to the certificate identification in the digital envelope, if the private key is found, the private key is used for decryption to obtain a symmetric key, then the symmetric key is used for decrypting the original text according to a specified encryption algorithm, and the original text is returned to the receiver.
6. The mobile-end secure mailing method according to claim 5, wherein the digital signature and the digital envelope are performed in a manner of including a digital envelope with a signature, and the digital signature verification and decryption of the digital envelope are performed in a manner of decrypting the digital envelope with the signature;
the digital envelope with the signature specifically comprises: when a sender sends a mail, an ActiveX control system of a browser calls a digital envelope interface with a signature of a signature server, an information original text, an encryption algorithm, an encryption certificate DN and a signature certificate DN are submitted to the signature server, the server firstly makes an Attached signature on the original text, then makes a digital envelope on a signature result, forms the digital envelope with the signature and returns the digital envelope to the ActiveX control system of the browser, and the sender sends a receiver through a mail sending system;
the digital envelope with the signature is decrypted specifically as follows: when a receiver opens or downloads the mail, the ActiveX control system of the browser calls a digital envelope interface with a signature for decryption of the signature server, the digital envelope with the signature is sent to the signature server, the server decrypts the envelope data to obtain an Attached signature packet therein, then the signature packet is verified, and the verification result and the original text in the Attached signature packet are returned to the receiver.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110387563.0A CN112994899A (en) | 2021-04-10 | 2021-04-10 | Safe mail receiving and sending method for mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110387563.0A CN112994899A (en) | 2021-04-10 | 2021-04-10 | Safe mail receiving and sending method for mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112994899A true CN112994899A (en) | 2021-06-18 |
Family
ID=76337921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110387563.0A Pending CN112994899A (en) | 2021-04-10 | 2021-04-10 | Safe mail receiving and sending method for mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112994899A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000042748A1 (en) * | 1999-01-14 | 2000-07-20 | Tumbleweed Communications Corp. | Web-based delivery of secure e-mail messages |
| US20020169954A1 (en) * | 1998-11-03 | 2002-11-14 | Bandini Jean-Christophe Denis | Method and system for e-mail message transmission |
| US20050033958A1 (en) * | 2003-08-07 | 2005-02-10 | Connell John M. | Method and system for secure transfer of electronic information |
| CN1665188A (en) * | 2005-03-03 | 2005-09-07 | 武汉大学 | Implementation method of secure e-mail system with two-way non-repudiation mechanism for sending and receiving |
| US20110040978A1 (en) * | 2009-08-14 | 2011-02-17 | Canon Kabushiki Kaisha | Sending signed e-mail messages from a device |
| CN102170419A (en) * | 2010-02-25 | 2011-08-31 | 北京邮电大学 | A secure mail client system and a method thereof |
| CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
| CN103188246A (en) * | 2011-12-31 | 2013-07-03 | 上海格尔软件股份有限公司 | Safe E-mail system |
| CN105323070A (en) * | 2015-02-09 | 2016-02-10 | 北京中油瑞飞信息技术有限责任公司 | Method for realizing security electronic mail based on digital envelope |
-
2021
- 2021-04-10 CN CN202110387563.0A patent/CN112994899A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020169954A1 (en) * | 1998-11-03 | 2002-11-14 | Bandini Jean-Christophe Denis | Method and system for e-mail message transmission |
| WO2000042748A1 (en) * | 1999-01-14 | 2000-07-20 | Tumbleweed Communications Corp. | Web-based delivery of secure e-mail messages |
| US20050033958A1 (en) * | 2003-08-07 | 2005-02-10 | Connell John M. | Method and system for secure transfer of electronic information |
| CN1665188A (en) * | 2005-03-03 | 2005-09-07 | 武汉大学 | Implementation method of secure e-mail system with two-way non-repudiation mechanism for sending and receiving |
| US20110040978A1 (en) * | 2009-08-14 | 2011-02-17 | Canon Kabushiki Kaisha | Sending signed e-mail messages from a device |
| CN102170419A (en) * | 2010-02-25 | 2011-08-31 | 北京邮电大学 | A secure mail client system and a method thereof |
| CN103188246A (en) * | 2011-12-31 | 2013-07-03 | 上海格尔软件股份有限公司 | Safe E-mail system |
| CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
| CN105323070A (en) * | 2015-02-09 | 2016-02-10 | 北京中油瑞飞信息技术有限责任公司 | Method for realizing security electronic mail based on digital envelope |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7644280B2 (en) | Method and system for linking certificates to signed files | |
| US7206936B2 (en) | Revocation and updating of tokens in a public key infrastructure system | |
| US7475250B2 (en) | Assignment of user certificates/private keys in token enabled public key infrastructure system | |
| EP1622301B1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
| US6189096B1 (en) | User authentification using a virtual private key | |
| US7913296B2 (en) | Encrypted communication method and system | |
| US20090240936A1 (en) | System and method for storing client-side certificate credentials | |
| CN109756343A (en) | Authentication method, device, computer equipment and the storage medium of digital signature | |
| US20030115455A1 (en) | Method and apparatus for centralized processing of hardware tokens for PKI solutions | |
| US20080046743A1 (en) | System and method for automatically signing electronic documents | |
| US20020124172A1 (en) | Method and apparatus for signing and validating web pages | |
| CN106888089A (en) | The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature | |
| CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
| CN111651745B (en) | Application authorization signature method based on password equipment | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| CN108322311B (en) | Method and device for generating digital certificate | |
| WO2008039227A1 (en) | System and method for facilitating secure online transactions | |
| CN118606918A (en) | Authentication method, device, electronic device, storage medium and program product | |
| EP2051469A1 (en) | Delegation of authentication | |
| CN112994899A (en) | Safe mail receiving and sending method for mobile terminal | |
| CN107947938A (en) | SM3 algorithms and the verification method and system of SM2 algorithm digital signature are used for PDF | |
| KR100750214B1 (en) | How to log in using a public certificate | |
| CN118054901B (en) | Network communication method and storage device based on key identification quick transfer | |
| CN119210741A (en) | Verification method and system for autonomous data master right container |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210618 |
|
| RJ01 | Rejection of invention patent application after publication |