CN102055685A - Method for encrypting webmail information - Google Patents

Abstract

The invention discloses a method for encrypting webpage mail information, adopts encryption and decryption protection based on passwords, is embedded in the webpage mail system, can be seamlessly combined with the webpage mail system, does not rely on complex password systems, and is not limited to The patented cryptographic algorithm does not require complex key exchange and management and does not rely on third-party certification agencies, and has the advantages of simple operation and convenient use.

Description

Method of Encrypting Web Mail Information

technical field

The invention relates to a method for encrypting webpage mail information.

Background technique

Email (Email) is currently the most widely used application on the Internet. People not only use it for communication, but also often store some important personal information or materials in their personal mailboxes. At present, the webpage-based email (Webmail, referred to as webmail) implements its access control service through account/password authentication on the client side. Once the user account/password information is leaked, all email information in the user mailbox will be completely exposed to illegal users, including some important personal information.

As shown in Figure 1, the existing email encryption system mainly considers the confidentiality of information during email transmission, that is, the sender encrypts email information when sending emails in email communication, and the recipient decrypts emails after receiving them. . This method not only requires the system to support standard email security communication protocols (such as S/MIME, OpenPGP), but also uses a hybrid cryptographic system that combines symmetric cryptography, public key cryptography and hash cryptography. Therefore, not only will it be limited by the patent rights of some cryptographic algorithms, but it also has the disadvantages of complex and difficult implementation; second, the email encryption and decryption operations of the existing email encryption system are completed by the sending end and the receiving end respectively , that is, they operate separately. Therefore, when encrypting emails in the system, the sender needs to obtain the correct public key information used by the receiver. Therefore, key exchange and management are required, which has the disadvantage of inconvenient operation and use. Third, its key exchange uses a PKI/CA-based authentication system, which must rely on a third-party organization, so it has the disadvantage of low versatility. Fourth, since the email encryption operation of the existing email encryption system is performed at the sending end, the emails received at the receiving end cannot be encrypted and protected by the existing email encryption system. Fifth, the encryption system is mainly supported in the mail client (Outlook S/MIME, PGP for Outlook, Gnupg with ThunderBird), the existing web mail system itself does not have encryption support in this regard, that is, no web mail system itself provides The encryption service in this aspect is just that some third-party developers provide some encryption plug-ins (such as Gmail S/MIME; FireGPG) for specific webmail systems or browsers, which have the disadvantage of low system security, because this will affect webmail The security of the system itself. Sixth, in the existing web mail, it is also impossible to encrypt and protect the mail information displayed on the user's own web page.

There are two main methods for encrypting existing web mail information:

1) Account/password authentication method

As the first line of defense for information security, identity authentication usually uses various authentication technologies to identify the identities of all parties involved in information operations and prevent illegal users from illegally operating data information. Identity authentication is mainly realized through one or a combination of the following three basic approaches: ①User knowledge, that is, knowledge known or mastered by individuals, such as account/password. ②Owned by users, that is, things owned by individuals, such as various smart cards such as magnetic cards, barcode cards, IC cards, or smart tokens. ③User personal characteristics, that is, the personal biological characteristics of the user, such as fingerprints, palmprints, voiceprints, face shapes, DNA, retina, etc. Among them, the identity authentication technology based on account/password has been widely used because of its simplicity and ease of use. It is a verification method based on "what you know". The account/password information of each user is set by the user, and only the user knows it. As long as the account/password can be entered correctly, the system considers the operator to be a legitimate user and allows him to operate system resources. Figure 2 shows the basic principle of account/password-based identity authentication.

It can be seen from Figure 2 that during the identity authentication process, when the computer system receives the account/password information entered by the user, the computer system will query the password corresponding to the account from the account/password information table of the system according to the account. information. The password information is then compared with the password information entered by the user. If they are consistent, the user is considered to be a legitimate user, and the identity authentication is passed. If they are inconsistent, the user is deemed not to be a legitimate user and cannot be authenticated.

(2) Secure mail communication protocol

Two commonly used end-to-end security technologies are PGP (Pretty Good Privacy) and S/MIME (Secure Multi-Part Intermail Mail Extension). Their main functions are identity authentication and encryption of transmitted data. Among them, PGP is the scheme proposed by Hil Zimmermann in the mid-1980s. PGP (Pretty Good Privacy) Invented by Phil Zimmermann in the United States, it was originally a software encryption program that users could use to create secure messages and communications over insecure communication links, such as e-mail. PGP uses various forms of encryption methods. It combines messages in a simple packet format to provide a simple and efficient security mechanism, enabling messages to be transmitted securely on the Internet or other networks. One of the characteristics of the PGP application program is its fast speed and high efficiency; another notable feature is its excellent portability, it can run on a variety of operating platforms, etc., so PGP has become the current popular email public key encryption software package .

S/MIME is a new mail security communication protocol, which is developed from PEM (Privacy Enhanced Mail) and MIME (Internet mail attachment standard). Like PGP, S/MIME also uses a one-way hash algorithm and an encryption system of public and private keys. However, it differs from PGP in two main points: its authentication mechanism relies on a hierarchical certificate certification authority, and the certificates of all lower-level organizations and individuals are certified by the upper-level organization, while the upper-level organization (root Certificates) are mutually authenticated, and the entire trust relationship is basically a tree, which is the so-called Treeof Trust. In addition, S/MIME encrypts and signs the content of the letter and sends it as a special attachment. Its certificate format adopts X.509, but it is different from the SSL certificate used by general browsers on the Internet. Many certification agencies in China basically provide a service called "secure e-mail certificate". Its technology corresponds to S/MIME technology, and the platform used is basically Versign in the United States. The main providers are Beijing Tianwei Chengxin (http://www.itrus.com.cn/) and TrustAsia Shanghai (http://www.trustasia.com.cn/), one of them is Versign's partner in China , one is Versign Asia-Pacific branch.

At present, the confidentiality protection of webpage emails is mainly handled through the following methods: (1) S/MIME protocol and third-party PKI/CA public key authentication system with tree structure to realize the encryption and signature of sent emails; (2) PGP protocol It realizes the encryption and signature of sent emails through peer-to-peer authentication with mesh structure; (3) Increases the encryption protection of email content when sending/receiving web emails through third-party plug-ins/modules. However, the above methods have different disadvantages: method (1) requires the public key of S/MIME to be stored in the digital certificate, and a third-party recognized organization CA center is responsible for generating and issuing it, and the authentication mechanism depends on the hierarchical certificate certification authority. The certificates of all lower-level organizations and individuals are certified by the upper-level organization, and the top-level organizations (root certificates) are mutually authenticated. The entire trust relationship is basically a tree, which is the so-called Tree of Trust. , as a key certification authority, the CA center not only requires users to submit personal identification certificates such as ID cards and phone numbers, but also charges digital certificate usage fees according to a time limit, which is undoubtedly a huge obstacle for ordinary users. Every time you use a certificate, you must go to the CA center for verification, which also adversely affects the user experience. In addition, the management of a large number of certificates (public keys) has also become a headache for the CA center. At the same time, the mail system based on S/MIME only It can protect the sent e-mail information, but cannot encrypt and protect the received e-mail; the method (2) is different from the public key management mechanism of S/MIME, and PGP has developed a model of mutual trust between people The means of transferring public keys, this kind of private key referral, can better reflect people's natural social interactions, and people can freely choose trusted people to introduce, but because the object of trust is an individual person, It is not a public authority, so the security of its public key is lower than that of S/MIME. In addition, PGP also has complex operational problems such as key exchange and management. At the same time, like S/MIME, PGP only supports mail protection at the sending end of the mail system. , does not support the mail at the receiving end; method (3) using a third-party plug-in on the web mail has security problems in the web mail system itself.

Contents of the invention

The object of the present invention is to provide a method for encrypting web mail information with high security.

In order to achieve the above object, the present invention adopts the following technical solutions: a method for encrypting webpage mail information, the encryption step comprising:

S1 After the user passes the user login authentication in the web mail system, obtain all the mails of the user in the mail server;

S2 reads the local encrypted email records;

S3 Next, the web mail system compares each mail read from the mail server with the encrypted mail record, and if it is found that a certain mail is in the encrypted mail record, the information displayed on the "mail list" web page of the mail The content is encrypted; otherwise, the content of the information displayed in the "mailing list" web page of the email will not be processed;

S4 Then, the webmail system generates a static "mailing list" web page according to the data of the processed "mailing list", and passes the page to the user's browser for display; for unencrypted mail, its "mailing list" will be displayed ”; for encrypted emails, the ciphertext information of “mailing list” will be displayed;

S5 If the user needs to encrypt the plaintext mail in the "mailing list", click the corresponding encryption operation control in the "mailing list" web page, and set the encryption password;

S6 web mail system records the feature value of encrypted mail selected by the user and the encrypted password of setting, i.e. "encrypted mail record", and returns to step S1 to refresh the "mail list" of web mail system to display the web page, to show the encrypted "mail list" mailing list" information.

Advantage of the present invention is:

The method proposed by the invention can realize the encrypted protection of the mail information displayed on the user's webpage, and solve the confidentiality problem of the received mail. Implementing password-based encryption and decryption protection in the web mail encryption system does not rely on complex cryptographic systems, is not limited to cryptographic algorithm patents, does not require complex key exchange and management, and does not rely on third-party certification agencies. Because important information often does not need to be accessed or browsed frequently, the encrypted protection with password has the advantages of simple operation and convenient use, and can prevent illegal users from decrypting and reading mail information. At the same time, the mail encryption and decryption operations are all completed by the recipient, which has the advantage of convenient operation. In addition, the present invention adopts a dynamic encryption and decryption mechanism, which has the characteristics of fast encryption and decryption speed, and by embedding the encryption system in the web mail system, it can be seamlessly combined with the web mail system, so that the integrity and security of the system are greatly improved .

Description of drawings

The present invention will be further described below in conjunction with accompanying drawing and embodiment:

Figure 1 is a topological diagram of the web mail system.

Fig. 2 is a flow chart of existing email encryption and decryption.

Fig. 3 is a flowchart of the encryption steps of the present invention.

Fig. 4 is a flowchart of the decryption steps of the present invention.

Detailed ways

Embodiment: the present invention provides a kind of specific embodiment that the mail content of web mail (Webmail) is encrypted and protected, and it is used to solve the information confidentiality problem that the mail content of web mail is shown with clear text and occurs, and its method is specifically as follows:

1. Encryption steps

From Figure 3, we can see that the encryption process of webmail and its display execution steps are as follows:

S1 After the user passes the user login authentication in the web mail system, first the web mail system (MUA) reads the mail information, that is, from the mail server through the mail communication protocol, such as POP3, IMAP and other communication protocols, but not limited to this, to obtain the mail All mails of users in the server, where the mail server is any third-party independent mail server.

S2 reads the local encrypted mail record, that is, reads the characteristic value (ID) of the encrypted mail from the database or file. The characteristic value can be/include the "X-ID" in the mail header conforming to the RFC822/MIME specification, or " X-Message" and other fields, or user-defined feature value mail header information fields. Encrypted email records are stored and read in the webmail system using methods such as databases or files, but not limited thereto, that is, they can be stored and read in various ways. At the same time, encrypted email records can be stored in an encrypted manner to improve security. Encrypted mail records are implemented in the web mail system, which is local to the mail server.

S3 Next, the webmail system compares the characteristic value of each mail read from the mail server with the encrypted mail record, if it is found that the characteristic value of the mail is in the encrypted mail record, the mail will be listed in the "mail list" The information content displayed on the page is encrypted, and the encryption method can be simple replacement or replacement, such as user "*" replacement, or modern cryptographic algorithms for encryption protection. Otherwise, do not process the mailing list display content of the mail, wherein the "mailing list" includes at least the subject name of the mail, the source of the mail, the arrival time of the mail and other items.

S4 Then, the webmail generates a static "mailing list" webpage (Web) page according to the processed "mailing list" data, and transmits the page to the user's browser for display. At this time, the user will see the following content on the "mailing list" web page: for unencrypted mail, the plaintext information of the list will be displayed; for encrypted mail, the ciphertext information of the list will be displayed. Users can view emails through any browser, such as IE, Firefox, etc., but not limited thereto.

S5 If the user needs to encrypt the plaintext emails in the "mailing list", click the corresponding encryption operation control on the "mailing list" webpage, and set an encryption password.

The S6 web mail system records the encrypted feature value selected by the user and the encrypted password set, that is, "encrypted mail record". "Encrypted email records" can be stored and read in the webmail system, such as databases or files, but not limited to this, that is, they can be stored in various ways, and "encrypted email records" can be stored in an encrypted manner , improve security. For security considerations, the encrypted password information may also be encrypted, for example, using a hash function MD5 or SHA1 for encryption, but not limited thereto. Then, go back to step S1 to refresh the "mailing list" webpage display page of the webmail, and then the encrypted mailing list information can be displayed.

S7 If the user needs to display the specific content of the mail, click the link of the mail in the "mail list" web page to enter the "mail content" web page of the mail, wherein the "mail content" includes all items in the "mail list", and mail specific body items or attachment items.

The S8 web mail system reads the mail selected by the user from the mail server, that is, when the user enters the "mail content" web page of the mail, the web mail system will read the content of the mail from the mail server, and the communication method can be POP3/ IMAP protocol, but not limited to it.

The S9 webmail system reads encrypted email records, where the "encrypted email record" information read by webmail refers to the characteristic value of encrypted emails, which can be/include the "X-ID" in the mail header that complies with the RFC822/MIME specification ", or "X-Message" and other fields, and can also be user-defined feature value mail header information fields. In addition, the "encrypted email record" can be stored and read in a web mail system such as a database or a file, but it is not limited thereto, that is, it can be stored and read in various ways. In addition, "encrypted email records" can be stored in an encrypted manner to improve security.

S10 then compares the feature value of the mail selected by the user with the encrypted mail record, if it is found that the feature value of the mail is in the encrypted mail record, then step S11 is performed; if the mail selected by the user is not in the encrypted mail record, Then step S12 is executed.

The S11 web mail system generates a static "email content" web page based on the encrypted mail content information, and transmits the web page to the user's browser for display; the user will only see the encrypted content in the "email content" web page The email information of the email; the information displayed in the "mail content" page of the email is encrypted. The encryption method can be simple replacement or replacement, such as user "*" replacement, or encryption using modern cryptographic algorithms. The web mail system will dynamically encrypt the mail content information of the mail whose feature value is "encrypted" according to the judgment result.

S12 does not process the "mail content" of the email, and executes step S13;

S13 The web mail system generates a static "email content" web page according to the plain text content information of the mail, and transmits the web page to the user's browser for display, and the user will see the plain text mail information in the "mail content" web page; The browsing can be viewed through any browser, such as IE, Firefox, etc., but not limited thereto.

S14 If the user needs to encrypt the plaintext mail seen on the "mail content" web page, click the corresponding encryption operation control in the "mail content" web page, and set an encryption password;

The S15 web mail system records the characteristic value of the encrypted mail selected by the user and the encrypted password set. For security considerations, the password information may also be encrypted, for example, using a hash function MD5 or SHA1 for encryption, but not limited thereto. Users can view emails through any browser, such as IE, Firefox, etc., but not limited thereto. When a user encrypts a plaintext email through the "Mail Content" webpage, it needs to record the characteristic value of the encrypted email and the encrypted password information set by the user, that is, the encrypted email record. Encrypted email records can be stored and read in webmails such as databases or files, but not limited thereto, that is, can be stored in various ways. In addition, encrypted email records can be stored in an encrypted manner to improve security. After the encryption operation is completed, the encrypted mail content information can be displayed by refreshing the "Mail Content" web page.

2. Decryption steps

From Figure 4, we can see that the decryption process of webmail and its display execution steps are as follows:

S16 After the user passes the user login authentication in the web mail system, the web mail system obtains all mails of the user from the mail server, that is, from the mail server through mail communication protocols, such as POP3, IMAP, etc., and store them in a temporary variable;

S17 reads the encrypted mail record, that is, reads the characteristic value of the encrypted mail from the database or the file; the "encrypted mail record" information read by the webmail system in this step refers to the characteristic value of the encrypted mail, and this characteristic value can include The "X-ID" or "X-Message" field in the mail header conforming to the RFC822/MIME specification can also be a user-defined characteristic value mail header information field. In addition, the "encrypted email record" can be stored and read in the webmail system by means such as database or file, but it is not limited thereto, that is, it can be stored and read in various ways. In addition, "encrypted email records" can be stored in an encrypted manner to improve security.

S18 then compares each mail that is read from the mail server with the encrypted mail record, if it is found that the mail is not in the encrypted mail record, then the mailing list display content of the mail is not processed; otherwise, if it is found that the mail has In the encrypted mail record, read the temporarily decrypted mail record, and judge whether the mail belongs to the temporarily decrypted mail; if the mail belongs to the "temporarily decrypted" mail, the content displayed in the mail list of the mail will not be processed; otherwise , to encrypt the content of the email displayed on the "mailing list" webpage; the encryption method can be simple replacement/replacement, such as user "*" replacement, or encryption using modern cryptographic algorithms. The web mail system will extract the characteristic value of each mail from the mail obtained from the mail server, and compare the characteristic value of each mail with the "encrypted mail record", so as to determine whether the mail belongs to encrypted mail. The "temporary decrypted mail record" information read by the web mail system refers to the characteristic value of the temporary mail, which can be/include the "X-ID" or "X-Message" in the mail header that conforms to the RFC822/MIME specification, etc. field, or a user-defined characteristic value mail header information field. In addition, the "temporarily decrypted email record" can be stored and read in the web mail using methods such as Session, but it is not limited thereto, that is, it can be stored and read in various ways. In addition, the "temporary decryption mail record" can be stored in an encrypted manner to improve security. The webmail system will extract the characteristic value of the email from the encrypted email, and compare its characteristic value with the "temporary email record", so as to determine whether the email is a temporary decrypted email. The web mail system will perform "dynamic" encryption processing on the list information of the mail whose attributes are "encrypted" and "non-temporary decryption" according to the judgment result.

S19 Then, the webmail system generates a static "mailing list" web page according to the data of the processed "mailing list", and passes the page to the user's browser to display: for unencrypted mail, the plaintext of the mailing list will be displayed information; for encrypted mail, if the mail is temporarily decrypted, the plaintext information of the mailing list will be displayed, otherwise the ciphertext information of the mailing list will be displayed; the user can view the mail through any browser, such as IE, Firefox, etc. But not limited to this. The web mail system will generate a static "mailing list" web page according to the processing results, and transmit this page to the user's browser for display.

S20 If the user needs to decrypt the ciphertext mail in the "mailing list", the user clicks the corresponding decryption operation control on the "mailing list" web page, and enters the decryption password and selects the decryption method, wherein the decryption method includes: There are two types of "temporary decryption" and "permanent decryption"; users can decrypt arbitrary encrypted emails in the "mailing list" web page. When users decrypt encrypted emails on the "mailing list" web page, they need to enter the decryption password and choose a decryption method: "temporary decryption" or "permanent decryption".

S21 The web mail system reads the encrypted mail record and compares it with the password entered by the user. If the password is incorrect, the decryption operation is terminated; if the password is correct, it judges whether it belongs to "temporary decryption" or "permanent decryption". Decryption, store the characteristic value of this mail in the temporary decryption record; If it is permanent decryption, then delete the encrypted mail record, and get back to step S16 to refresh the "mail list" webpage display page of web mail; the user can browse the mail through any Browser viewing, such as IE, Firefox, etc., but not limited to this. When a user decrypts an encrypted email through the "mail list" web page, the webmail system needs to read the password information of the email selected by the user in the "encrypted email record" and compare it with the password information entered by the user. The web mail system determines whether to perform decryption according to the password comparison result. If the password is incorrect, the decryption operation is prohibited; if the password is correct, different operations will be performed according to the decryption method selected by the user: for "temporary decryption", the feature value information of the temporarily decrypted email needs to be recorded in the "temporary decrypted email record" , and the "temporary decrypted email record" can be stored and read in the webmail system by using methods such as Session, but it is not limited to this, that is, it can be stored in various ways, and the "temporary decrypted email record" can be encrypted For "permanent decryption", it is necessary to delete the characteristic value information of the decrypted email in the "encrypted email record". Storage and reading, but not limited to this, that is, it can be stored in various ways. In addition, "encrypted email records" can be stored in an encrypted way to improve security. After the webmail system completes the decryption operation, the decrypted mailing list information can be displayed by refreshing the "mailing list" web page.

S22 If the user needs to check the specific information content of the displayed email, click the link of the email in the "mail list" web page;

S23 web mail system reads the mail content of the mail selected by the user from the mail server. When the user enters the "mail content" web page of the mail, the web mail system will read the mail content of the mail from the mail server. The communication method can be POP3 /IMAP protocol, but not limited to this.

The S24 web mail system reads encrypted mail records; it mainly reads the characteristic value of encrypted mail, which can include "X-ID" or "X-Message" in the mail header conforming to the RFC822/MIME specification, etc. The field information in the field can also be a user-defined characteristic value mail header information field. In addition, the "encrypted email record" can be stored and read in a web mail system such as a database or a file, but it is not limited thereto, that is, it can be stored and read in various ways. In addition, "encrypted email records" can be stored in an encrypted manner to improve security.

S25 Then, the web mail system compares the mail selected by the user with the encrypted mail record, if the mail is not in the encrypted mail record, then the information content displayed in the "mail content" page of the mail is not processed, and the steps are executed S26, if the email is in the encrypted email record, execute step S27;

S26 The web mail system generates a statically decrypted "email content" web page based on the plain text content information of the mail, and sends the page to the user's browser for display until the end;

S27 first reads the temporarily decrypted email record, and judges whether the email belongs to the temporarily decrypted email; if the email belongs to the "temporarily decrypted" email, then the display content of the email is not processed, ", execute step S28; the webmail system will read the temporary decryption characteristic value of the mail whose attribute is "encrypted" according to the judgment result, and compare the temporary decryption characteristic value with the "temporary decryption mail record", thereby judging the Whether the message is a temporary decrypted message. The webmail system will not encrypt the email content information of the email whose attribute is "temporarily decrypted" according to the judgment result.

The S28 webmail system generates the static ciphertext "email content" web page according to the encrypted mail content information, and transmits the page to the user's browser for display, and the user will see the encrypted content in the "email content" web page. Encrypt the information/content displayed on the "Mail Content" page (the encryption method can be simple replacement or replacement, such as user "*" replacement, or use modern cryptographic algorithms to encrypt, but not limited to this). The webmail system performs "dynamic/real-time" encryption processing on the email content information of emails whose attributes are "encrypted" and "non-temporary decryption".

S29 When the user decrypts the ciphertext mail seen on the "Mail Content" web page, he clicks on the corresponding decryption operation control on the "Mail Content" web page, and enters the decryption password and selects the decryption method, where the decryption method is At least include "temporary decryption" and "permanent decryption"; users can decrypt the email in the encrypted "mail content" web page.

The S30 web mail system reads the encrypted mail record and compares it with the password entered by the user. If the password is incorrect, the decryption operation is terminated; if the password is correct, it is judged whether it belongs to "temporary decryption" or "permanent decryption"; For temporary decryption, store the feature value of the email in the temporarily decrypted email record; if it is permanent decryption, delete the encrypted email record, and return to step 23 after decryption. Users can view emails through any browser, such as IE, Firefox, etc., but not limited thereto. When the user decrypts the encrypted email through the "Mail Content" web page, the webmail system needs to read the password information of the encrypted email in the "Encrypted Email Record" first, and compare the password information entered by the user with the password. The webmail system determines whether decryption is required according to the password comparison result, and if the password is incorrect, the decryption is prohibited. If the password is correct, perform different operations according to the decryption method selected by the user. For "temporary decryption", it is necessary to record the feature value information of the temporarily decrypted email in the "temporary decrypted email record". "Temporarily decrypted mail records" can be stored and read in the web mail system by means such as Session, but not limited thereto, that is, can be stored in various ways. In addition, the "temporary decrypted email record" can be stored in an encrypted manner to improve security; for "permanent decryption", the characteristic value information of the decrypted email needs to be deleted in the "encrypted email record". The "encrypted email record" can be stored and read in the webmail system, such as a database or a file, but it is not limited thereto, that is, it can be stored in various ways. In addition, "encrypted email records" can be stored in an encrypted manner to improve security. In addition, after the decryption operation is completed, the decrypted email content information can be displayed by refreshing the "mail content" web page.

The present invention realizes the encrypted display of mails in the web mail system according to the mails specified by the user, realizes the encrypted protection of mails, and realizes the decryption and authentication of encrypted mails through a password mechanism, thereby realizing the identity authentication of encrypted mails and preventing illegal users View the mailing list of encrypted messages and their message content.

Of course, the above-mentioned embodiments are only to illustrate the technical conception and characteristics of the present invention, and its purpose is to enable those skilled in the art to understand the content of the present invention and implement it accordingly, and not to limit the protection scope of the present invention. All equivalent changes or modifications made according to the spirit of the main technical solutions of the present invention shall fall within the protection scope of the present invention.

Claims (5)

1. A method for web mail information encryption, characterized in that: its encryption steps include: S1 After the user passes the user login authentication in the web mail system, obtain all the mails of the user in the mail server; S2 reads the local encrypted email records; S3 Next, the web mail system compares each mail read from the mail server with the encrypted mail record, and if it is found that a certain mail is in the encrypted mail record, the information displayed on the "mail list" web page of the mail The content is encrypted; otherwise, the content of the information displayed in the "mailing list" web page of the email will not be processed; S4 Then, the webmail system generates a static "mailing list" web page according to the data of the processed "mailing list", and passes the page to the user's browser for display; for unencrypted mail, its "mailing list" will be displayed ”; for encrypted emails, the ciphertext information of “mailing list” will be displayed; S5 If the user needs to encrypt the plaintext mail in the "mailing list", click the corresponding encryption operation control in the "mailing list" web page, and set the encryption password; S6 web mail system records the feature value of encrypted mail selected by the user and the encrypted password of setting, i.e. "encrypted mail record", and returns to step S1 to refresh the "mail list" of web mail system to display the web page, to show the encrypted "mail list" mailing list" information. 2. The method according to claim 1, characterized in that: its encryption step further comprises: S7 If the user needs to check the specific information content of the displayed mail, click the link of the mail in the "mail list" web page to enter the "mail content" web page of the mail; The S8 web mail system reads the mail selected by the user from the mail server, that is, when the user enters the "mail content" web page of the mail, the web mail system will read the content of the mail from the mail server; S9 The webmail system reads encrypted email records, wherein the "encrypted email record" information read by the webmail system refers to the characteristic value of encrypted emails; S10 then, comparing the mail selected and displayed by the user with the encrypted mail record, if it is found that the mail is in the encrypted mail record, then perform step S11; if the mail selected by the user is not in the encrypted mail record, then perform step S12; The S11 web mail system generates a static "email content" web page based on the encrypted mail content information, and transmits the web page to the user's browser for display; the user will only see the encrypted content in the "email content" web page email information; S12 does not process the "mail content" of the email, and executes step S13; S13 The web mail system generates a static "mail content" web page according to the plain text content information of the mail, and transmits the web page to the user's browser for display, and the user will see the plain text mail information in the "mail content" web page; S14 If the user needs to encrypt the plaintext mail seen on the "mail content" web page, click the corresponding encryption operation control in the "mail content" web page, and set an encryption password; The S15 web mail system records the characteristic value of encrypted mail selected by the user and the encrypted password set. 3. The method according to claim 1, characterized in that: its decryption step comprises: S16 After the user passes the user login authentication in the web mail system, the web mail system obtains all mails of the user from the mail server and stores them in a temporary variable; S17 reads the encrypted email record, that is, reads the characteristic value of the encrypted email from the database or file; S18 then compares each mail that is read from the mail server with the encrypted mail record, if it is found that the mail is not in the encrypted mail record, then the mailing list display content of the mail is not processed; otherwise, if it is found that the mail has In the encrypted mail record, read the temporarily decrypted mail record, and judge whether the mail belongs to the temporarily decrypted mail; if the mail belongs to the "temporarily decrypted" mail, the content displayed in the mail list of the mail will not be processed; otherwise , to encrypt the content of the message displayed on the "mailing list" web page; S19 Then, the webmail system generates a static "mailing list" web page according to the data of the processed "mailing list", and passes the page to the user's browser to display: for unencrypted mail, the plaintext of the mailing list will be displayed information; for encrypted emails, if the email is temporarily decrypted, the plaintext information of the mailing list will be displayed, otherwise the ciphertext information of the mailing list will be displayed; S20 If the user needs to decrypt the ciphertext mail in the "mailing list", the user clicks the corresponding decryption operation control on the "mailing list" web page, and enters the decryption password and selects the decryption method, wherein the decryption method includes: "Temporary decryption" and "permanent decryption"; S21 The web mail system reads the encrypted mail record and compares it with the password entered by the user. If the password is incorrect, the decryption operation is terminated; if the password is correct, it judges whether it belongs to "temporary decryption" or "permanent decryption". Decryption, store the characteristic value of this mail in the temporary decryption record; If it is permanent decryption, then delete the encrypted mail record, and get back to step S16 to refresh the "mail list" web page display page of web mail; 4. The method according to claim 1, characterized in that: its decryption step further comprises: S22 If the user needs to check the specific information content of the displayed email, click the link of the email in the "mail list" web page; S23 The web mail system reads the mail content of the mail selected by the user from the mail server; S24 web mail system reads encrypted mail records; S25 Then, the web mail system compares the mail selected by the user with the encrypted mail record, if the mail is not in the encrypted mail record, then the information content displayed in the "mail content" page of the mail is not processed, and the steps are executed S26, if the email is in the encrypted email record, execute step S27; S26 The web mail system generates a statically decrypted "email content" web page based on the plain text content information of the mail, and sends the page to the user's browser for display until the end; S27 first reads the temporarily decrypted email record, and judges whether the email belongs to the temporarily decrypted email; if the email belongs to the "temporarily decrypted" email, then the display content of the email is not processed, ", execute step S28; The S28 webmail system generates the static ciphertext "email content" web page according to the encrypted mail content information, and transmits the page to the user's browser for display, and the user will see the encrypted content in the "email content" web page. post mail message; S29 When the user decrypts the ciphertext mail seen on the "Mail Content" web page, he clicks on the corresponding decryption operation control on the "Mail Content" web page, and enters the decryption password and selects the decryption method, where the decryption method is At least include "temporary decryption" and "permanent decryption"; The S30 web mail system reads the encrypted mail record and compares it with the password entered by the user. If the password is incorrect, the decryption operation is terminated; if the password is correct, it is judged whether it belongs to "temporary decryption" or "permanent decryption"; For temporary decryption, store the feature value of the email in the temporarily decrypted email record; if it is permanent decryption, delete the encrypted email record, and return to step 23 after decryption. 5. The method according to claim 1, wherein the decryption step further comprises: said characteristic value at least includes the "X-ID" or "X-Message" field in the mail header conforming to the RFC822/MIME specification.

Images