This application claims priority of Taiwanese Application No. 094121191, filed on Jun. 24, 2005.
1. Field of the Invention
The invention relates to a method for encrypting and decrypting e-mail, and a module therefor, more particularly to a method for encrypting and decrypting e-mail, which can encrypt segments of text of an e-mail message that require different passwords for decryption, and to a storage medium and a module for implementing the method.
2. Description of the Related Art
With the popularity of the Internet, various Internet applications have been developed, and electronic mail (e-mail) for transmitting information between two places over the Internet is extensively used. During the transmission process, e-mail maybe stolen by a third party. The security of e-mail is therefore inquestion, particularly for e-mail with important content.
At present, e-mail can be encrypted and decrypted using asymmetric encryption/decryption techniques. For example, the e-mail is encrypted using a public key of the recipient, and the recipient can use a private key she/he keeps to decrypt the e-mail. Thus, only the recipient who has the private key can decrypt that particular e-mail. Even if the e-mail is lost or stolen during the transmission process, a third party cannot read the content of the e-mail (i.e., the text of the e-mail) . However, since it is necessary to apply for certification, and since the operating interfaces used are quite complicated, asymmetric encryption/ decryption techniques are not popular.
Further, one existing encryption technique is to encrypt the full text of an e-mail message using a password, such as a public key, even though some of the text of the e-mail message, e.g., the salutation at the beginning of the text, the complimentary closing, and the signature of the sender, etc., do not require encryption. Thus, once the password is broken, the entire content of the e-mail message will be decrypted. Moreover, in the case that one portion of the content of the text is to be disclosed to party A only, and the other portion thereof is to be revealed to party B only, the user needs to send the relevant contents in two e-mail messages, and cannot encrypt portions of the contents of the e-mail message with respect to different recipients, which is quite inconvenient to the user.
Therefore, an object of the present invention is to provide a method for encrypting/decrypting e-mail, which is more convenient to use, and a storage medium and a module for implementing the method.
Another object of the present invention is to provide a method for encrypting/decrypting e-mail, which permits encryption of text by segments requiring different passwords for decryption, and a storage medium and a module for implementing the method.
Still another object of the present invention is to provide a method for encrypting/decrypting e-mail, which provides enhanced security, and a storage medium and a module for implementing the method. Accordingly, a method for encrypting/decrypting e-mail of the present invention includes the following steps:
(A) providing an e-mail message including a header and text at a sending end, and requesting selection of at least one portion of the text and decision of a password set corresponding to the selected portion; and
(B) upon receipt of a sending request, encrypting the selected portion into an encrypted text region to be decrypted using the password set before sending the e-mail message to a receiving end.
Other features and advantages of the present invention will be come apparent in the followingdetailed description of the preferred embodiment with reference to the accompanying drawings, of which:
Referring to
An e-mail message 31 to be encrypted has a header 311, text 312, and a password set 313 that is set by the sender and that is to be used during encryption. The header 311 includes information related to the receiving end 2 and subject of the e-mail message 31. The text 312 is content of the e-mail message written by the sender to advise the receiving end 2 of relevant information. To facilitate description, the password set 313 in this embodiment includes only one password, and the password is required to be inputted when the user decides to encrypt a selected portion of the text 312 (to be described hereinafter).
To eliminate the inconvenience associated with the asymmetric encryption/decryption techniques of the prior art, the encryption/decryption module 3 of the preferred embodiment employs a symmetric encryption/decryption technique. Symmetric encryption/decryption algorithms and corresponding encryption key lengths of current symmetric encryption/decryption techniques are set forth as follows:
The encryption/decryption module 3 of this embodiment uses the AES encryption/decryption algorithm, and provides a low encryption strength with an encryption key length of 128 bits, a medium encryption strength of 192 bits, and a high encryption strength of 256 bits for the user's selection and setting, so as to eliminate the inconvenience associated with the conventional asymmetric encryption/decryption techniques that require applying for certification and that involve relatively complicated operating interfaces.
Furthermore, to facilitate use, the text 312 of the e-mail message 31 in this embodiment allows the user to select to encrypt a portion of the text 312 and not to encrypt other portions of the text 312. Before the e-mail message 31 is sent, the encryption/decryption module 3 will randomly generate an encryption key 32 and use the encryption key 32 to encrypt the selected portion of the text 312 so as to form an encrypted text region 332, and will use the password 313 to encrypt the encryption key 32 into an encrypted key data block 334. Therefore, an encrypted e-mail message 33 generally has a header 331, an encrypted text region 332, a non-selected text portion 333, and an encryption key data block 334. The header 311 and the non-selected portion of the text 312 of the e-mail message 31 to be encrypted are respectively identical to the header 331 and the non-selected text portion 333 of the encrypted e-mail message 33. In addition, prior to encryption of the encryption key 32 using the password 313, the encryption/decryption module 3 extracts a message authentication code of the encryption key 32 according to a specified rule. The message authentication code is subsequently appended to the encryption key data block 334.
In order to facilitate understanding of the preferred embodiment, the e-mail encryption/decryption process will be described in the succeeding paragraphs with reference to
In step 41, an e-mail message 31 is edited. As shown in
In step 42, the encryption/decryption module 3 determines whether at least one portion of the text was selected and an encryption request was received. If it is determined to be yes in step 42, step 43 is performed. On the contrary, if it is determined to be no in step 42, the flow skips to step 45.
In step 43, the encryption/decryption module 3 will first request the user to input a password. In this preferred embodiment, a mail text encryption dialog window 92 such as that shown in
In step 44, as shown in
In step 45, it is determined whether the user has requested to send out the e-mail message. If it is determined to be yes in step 45, step 46 is executed. On the contrary, if it is determined to be no in step 45, the flow returns to step 41 to continue with the editing of the e-mail message. When the flow returns to step 41, in addition to continuing with editing of thee-mail message, the user can also perform encryption processing (steps 42-44) with respect to other segments in the text 312. Therefore, if the selected portion of the text 312 is to be divided into segments exclusively intended for a plurality of recipients, respectively, steps 41-45 need to be repeated several times to add encryption notations 913 before and after each of the segments for subsequent encryption with respect to the different segments in step 46.
In step 46, upon receipt of a command to send out the e-mail message, the encryption/decryption module 3 will randomly generate an encryption key 32 to encrypt the selected portion into an encrypted text region 332, is and use the password 313 to encrypt the encryption key 32 into an encrypted key data block 334. At the same time, since the portion selected for encryption may have more than one segment, each of the segments will be assigned a serial number in step 46 so as to facilitate selection at the receiving end 2. Furthermore, in step 46, the encryption/decryption module 3 of this embodiment will further add a decryption scheme message (to be described hereinafter) to the text 312 so as to notify the receiving end 2 of the scheme used for decryption. Certainly, if the user does not select any portion of the text 312 for encryption, step 46 can be skipped, and the flow goes to step 47. In addition, when the selected portion for encryption includes a plurality of segments, the encryption/decryption module 3 will randomly generate an encryption key 32 to correspond to each of the segments so as to encrypt the segments, extract a message authentication code of the encryption key 32, and encrypt the encryption key 32 with the corresponding password 313 so as to form an encrypted key data block 334 appended with the message authentication code of the encryption key 32. Therefore, the encrypted e-mail message 33 may contain a plurality of encrypted key data blocks 334, and the encrypted text region 332 may contain a plurality of encrypted segments.
Finally, in step 47, the mail software will send the encrypted e-mail message 33 to the receiving end 2 through the mail servers 12, 21 (see
Thus, the sender can select a portion of the content of the text 312 for encryption when editing the e-mail message 31, and unimportant portions, such as the salutation at the beginning of the text, the complimentary close, and the signature of the sender, etc., can also be shown. Besides, the selected portion can be divided into segments for encryption such that the encrypted segments require different passwords for decryption so as to ensure security of important data. At the same time, the same e-mail message may be edited into a plurality of encrypted segments for browsing by different recipients so as to achieve the effect of convenient use.
Reference is made to
Initially, in step 51, the encrypted e-mail message 33 is opened using e-mail related software. As shown in
Further, in step 52, it is determined whether a decryption request was received. If it is determined to be yes in step 52, the flow goes to step 53. On the contrary, if it is determined to be no in step 52, the flow skips to step 57.
In step 53, the encryption/decryption module 3 will display a mail text decryption dialog window 93 such as that shown in
Subsequently, in step 54, it is determined whether the inputted password has a match, i.e., whether the inputted password matches the password inputted at the sending end 1 during encryption. In step 54, the encryption/decryption module 3 will first decrypt the encryption key data block 334 using the inputted password, and then extract a message authentication code of the encrypted key data block 334 thus decrypted according to the same specified rule used at the sending end 1. Finally, the extracted message authentication code is compared with the message authentication code appended to the encrypted key data block 334 to determine whether the inputted password has a match. Specifically, if the inputted password has a match, the extracted message authentication code will be identical to the message authentication code appended to the encrypted key data block 334. On the contrary, if the inputted password does not have a match, the extracted message authentication code will be different from the message authentication code appended to the encrypted key data block 334. If it is determined to be yes in step 54, step 56 is executed to display the content of the selected segment as decrypted. On the contrary, if it is determined to be no in step 54, step 55 is executed to display a password error message, and the decryption operation is ended. After step 55 is ended, the flow skips to step 57 to determine whether the e-mail message 33 is to be closed.
In step 56, when it is confirmed that the password has a match, the selected segment of the encrypted text region 332 is decrypted, and the content of the selected segment is displayed. Specifically, the encryption/ decryption module 3 will use the encryption key 32 obtained in step 54 to decrypt the selected segment (i.e., the encrypted text region 332 in this example) into plain text. In this embodiment, for security's sake, as shown in
In step 57, it is determined whether closing of the e-mail message 33 was requested. If it is determined to be yes in step 57, the e-mail message 33 is closed, and the flow is ended. On the contrary, if it is determined to be no in step 57, the flow returns to step 52 to continue the determination of whether the recipient has submitted a decryption request so as to view other segments in the encrypted text region 332 or to review the previously decrypted segment. Thus, if the encrypted text region 332 has a plurality of segments, steps 52-57 can be repeated to decrypt the contents of the respective segments. If the segments are intended for different recipients, each recipient only needs to select to decrypt and view the respective segment.
Furthermore, although the preferred embodiment is illustrated hereinabove based on the text of the e-mail message, the encryption of important portions and the technical concept of encrypting different segments that require different passwords for decryption are also applicable to the editing of ordinary file contents, in which each file has a file name and a file content. For instance, portions of the content of a file written using word processing software, such as Word®, can be selected for encryption, and segments can also be selected for encryption such that the encrypted segments require different passwords for decryption so as to effectively secure the data contents of important files. Particularly, the security of the files can be ensured when they need to be sent from the sending end 1 to the receiving end 2.
As illustrated, the method and module for encrypting and decrypting e-mail according to the present invention employ a symmetric encryption/decryption technique to facilitate use. Besides, during encryption, the user is able to select aportion of the text 312 for encryption, and is also able to select several segments of the text 312 for encryption such that the encrypted segments require different passwords for decryption so as to achieve better encryption flexibility and more convenient use. In addition, during decryption, the decrypted content is displayed temporarily in the text segment content displaying window 94, and the encrypted e-mail message 33 still has the encrypted text region 332 so that, it the e-mail 33 is accidentally opened by a third party, the content of the encrypted text region 332 will remain incomprehensible without the password, thereby achieving the effect of enhanced security.
While the present invention has been described in connection with what is considered the most practical and preferred embodiment, it is understood that this invention is not limited to the disclosed embodiment but is intended to cover various arrangements included within the spirit and scope of the broadest interpretation so as to encompass all such modifications and equivalent arrangements.
Number | Date | Country | Kind |
---|---|---|---|
094121191 | Jun 2005 | TW | national |