System and method for secure message key caching in a mobile communication device

US 20040205248A1
Filed: 01/08/2004
Published: 10/14/2004
Est. Priority Date: 07/10/2001
Status: Active Grant

First Claim

Patent Images

1. A method for processing encrypted messages at a wireless mobile communication device, comprising the steps of:

receiving at the wireless mobile communication device an encrypted message comprising at least one encrypted session key and encrypted content;

accessing the encrypted message;

identifying an individual encrypted session key associated with the wireless mobile communication device;

decrypting the individual encrypted session key; and

storing the decrypted session key to memory;

wherein the stored decrypted session key is used to decrypt the encrypted content of the encrypted message where the encrypted content is subsequently accessed.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided for processing encrypted messages at a mobile device. A mobile device receives an encrypted message that comprises encrypted content as well as encryption information for accessing the encrypted content. At the mobile device, the encryption accessing information is obtained and stored to memory. The encryption accessing information is retrieved from memory in order to decrypt the encrypted content when the encrypted message is subsequently accessed.

Citations

49 Claims

1. A method for processing encrypted messages at a wireless mobile communication device, comprising the steps of:
- receiving at the wireless mobile communication device an encrypted message comprising at least one encrypted session key and encrypted content;
  
  accessing the encrypted message;
  
  identifying an individual encrypted session key associated with the wireless mobile communication device;
  
  decrypting the individual encrypted session key; and
  
  storing the decrypted session key to memory;
  
  wherein the stored decrypted session key is used to decrypt the encrypted content of the encrypted message where the encrypted content is subsequently accessed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 2. The method of claim 1, wherein the encrypted message is received by the wireless mobile communication device through a wireless infrastructure and a wireless network.
  - 3. The method of claim 2, wherein a message server transmits the encrypted message through the wireless infrastructure and the wireless network to the wireless mobile communication device.
  - 4. The method of claim 3, wherein the message server receives the encrypted message from a message sender.
  - 5. The method of claim 4, wherein the wireless mobile communication device requests in a pull message access scheme that stored messages be forwarded by the message server to the wireless mobile communication device.
  - 6. The method of claim 4, wherein the message server routes the encrypted message to the wireless mobile communication device when the encrypted message is received at the message server, and wherein the encrypted message is addressed by the message sender using a specific e-mail address associated with the wireless mobile communication device.
  - 7. The method of claim 4, wherein the message server redirects the encrypted message to the wireless mobile communication device.
  - 8. The method of claim 7, wherein, before the encrypted message is redirected to the wireless mobile communication device, a redirection program re-envelopes the encrypted message so as to maintain the addressing information of the encrypted message.
  - 9. The method of claim 8, wherein the redirection program re-envelopes the encrypted message so as to allow a reply message generated by the wireless mobile communication device to reach the message sender.
  - 10. The method of claim 1, further comprising, after the step of identifying, the steps of:
    - determining whether the encrypted session key has been decrypted and stored to the memory; and
      
      retrieving the decrypted session key from the memory and using the stored decrypted session key to decrypt the encrypted content of the encrypted content where the encrypted session key has been decrypted and stored to the memory.
  - 11. The method of claim 10, wherein the steps of decrypting and storing are performed where the encrypted session key has not been decrypted and stored to the memory.
  - 12. The method of claim 1, wherein certificate information of a user of the wireless mobile communication device is transferred to the wireless mobile communication device through a wireless communication module.
  - 13. The method of claim 1, wherein certificate revocation lists are transferred to the wireless mobile communication device through a wireless communication module.
  - 14. The method of claim 1, wherein a message server transmits the encrypted message through a wireless infrastructure and a wireless network to the wireless mobile communication device, wherein the encrypted message comprises a plurality of encrypted session keys, wherein the message server determines the encrypted session key associated with the wireless mobile communication device, and wherein the message server reorganizes the encrypted message such that the encrypted message is sent to the wireless mobile communication device without containing at least one encrypted session key that is not associated with the wireless mobile communication device.
  - 15. The method of claim 14, wherein encrypted message comprises a digital signature, and wherein the message server verifies the digital signature and sends to the wireless mobile communication device a result of the digital signature verification.
  - 16. The method of claim 1, wherein the encrypted message comprises a plurality of encrypted session keys, wherein the encrypted session keys are associated with different recipients, and wherein the encrypted message is reorganized prior to transmission to the wireless mobile communication device containing only the encrypted session key associated with the wireless mobile communication device.
  - 17. The method of claim 16, wherein the encrypted message comprises a digital signature, and wherein the message server verifies the digital signature and sends to the wireless mobile communication device the result of the digital signature verification.
  - 18. The method of claim 1, wherein the encrypted session key is a one-time session key that is generated and used for the encrypted message.
  - 19. The method of claim 18, wherein the session key was encrypted using a public key associated with the wireless mobile communication device.
  - 20. The method of claim 19, wherein the encrypted message was addressed to a plurality of recipients, and wherein the same session key is encrypted using a public key associated with each recipient.
  - 21. The method of claim 1, wherein the encrypted content was encrypted using a session key and encryption algorithm, and wherein a public key cryptographic algorithm was used to encrypt the session key to generate the encrypted session key.
  - 22. The method of claim 1, wherein the encrypted message was encrypted using Secure Multipurpose Internet Mail Extensions (S/MIME) techniques.
  - 23. The method of claim 1, wherein the encrypted message was encrypted using Pretty Good Privacy techniques.
  - 24. The method of claim 1, wherein the encrypted message was encrypted using OpenPGP techniques.
  - 25. The method of claim 1, wherein the encrypted message comprises a digital signature.
  - 26. The method of claim 1, wherein the encrypted message comprises an e-mail message.
  - 27. The method of claim 1, wherein the decrypted session key is removed from the memory after a preselected time has elapsed.
  - 28. The method of claim 27, wherein the preselected time is selected by the user.
  - 29. The method of claim 1, wherein the decrypted session key is removed from the memory based upon a characteristic associated with the encrypted message.
  - 30. The method of claim 29, wherein the decrypted session key is removed from the memory based upon electrical power being removed from the wireless mobile communication device.
  - 31. The method of claim 29, wherein the characteristics comprises the identity of a sender of the encrypted message.
  - 32. The method of claim 31, wherein the identity of the sender of the encrypted message comprises an e-mail address of the sender.
  - 33. The method of claim 1, wherein the decrypted session key is removed from the memory based upon a sensitivity level of the encrypted message.
  - 34. The method of claim 33, wherein the sensitivity level is determined based upon a subject line contained within the encrypted message.
  - 35. The method of claim 33, wherein the sensitivity level is determined based upon the encrypted content.
  - 36. The method of claim 1, further comprising the step of:
    - setting a disabling flag so that the decrypted session key is not continuously stored in the memory for use in additional accessed of the encrypted content.
  - 37. The method of claim 1, further comprising the step of:
    - setting a disabling flag so that the decrypted session key is removed from the memory after accessing the encrypted content.
  - 38. The method of claim 1, wherein the decrypted session key is stored to a volatile memory of the wireless mobile communication device.
  - 39. The method of claim 1, wherein the decrypted session key is started to a volatile and non-persistent memory of the wireless mobile communication device.
  - 40. The method of claim 1, wherein the decrypted session key is stored to a random access memory (RAM) of the wireless mobile communication device.
  - 41. The method of claim 1, wherein a user of the wireless mobile communication device enters security information in order to have the encrypted session key decrypted.
  - 42. The method of claim 41, wherein the security information comprises a password.

43. Computer software stored on a computer readable medium, the computer software comprising program code for carrying out a method that processes an encrypted message at a wireless mobile communication device when the encrypted message is accessed, said encrypted message containing at least one encrypted session key and encrypted content, said method comprising the steps of:
- identifying an individual encrypted session key associated with the wireless mobile communication device where the encrypted message is accessed by the means for accessing;
  
  decrypting the individual encrypted session key;
  
  storing the decrypted session key to memory; and
  
  using the stored decrypted session key to decrypt the encrypted content where the encrypted content is accessed multiple times.

44. An apparatus on a wireless mobile communication device for handling multiple accesses to encrypted content, wherein an encrypted message includes the encrypted content and further includes encryption accessing information that has an association with the encrypted message, and wherein the encrypted message is transmitted to the wireless mobile communication device, the apparatus comprising:
- a storage software module that stores the encryption accessing information in memory which is volatile and non-persistent, wherein the encryption accessing information allows access to the encrypted content; and
  
  an accessing software module that retrieves from the memory the encryption accessing information. wherein the retrieved encryption accessing information is used to decrypt the encrypted content where the encrypted content is accessed multiple times.
- View Dependent Claims (45, 46, 47, 48, 49)
- - 45. The apparatus of claim 44, wherein the encryption accessing information comprises a session key.
  - 46. The apparatus of claim 44, wherein the encrypted message further comprises a digital signature, wherein the storage software module is configured to store, in the memory, verification information about the digital signature, and wherein the accessing software module is configured to retrieve from the memory the verification information when the encrypted content is accessed multiple times.
  - 47. The apparatus of claim 46, further comprising a data structure stored in the memory for containing the verification information and the encryption accessing information.
  - 48. The apparatus of claim 47, wherein the data structure includes an association that is indicative of which encryption accessing information is associated with which of a plurality of encrypted messages.
  - 49. The apparatus of claim 48, wherein the data structure includes an association that is indicative of which verification information is associated with which of the plurality of encrypted messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Kirkup, Michael G, Little, Herbert A

Granted Patent

US 9,628,269 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/246
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 51/58   Message adaptation for wire...

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

H04W 12/033   of the user plane, e.g. use...

H04W 74/00   Wireless channel access

System and method for secure message key caching in a mobile communication device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure message key caching in a mobile communication device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links