System and method for securing wireless data

US 20050154876A1
Filed: 08/25/2004
Published: 07/14/2005
Est. Priority Date: 08/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for operation upon a data processing device for handling secure data stored on the device, wherein the device is configurable to communicate over a data channel with an external security information source, said method comprising:

receiving user identification information from the external security information source;

wherein the external security information source has a location proximate relative to the device;

wherein the user identification information identifies a predetermined user;

determining, based upon the received user identification information, whether the secure data stored on the device is to be accessed by a user of the device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for operation upon a data processing device for handling secure data stored on the device. The device is configurable to communicate over a data channel with an external security information source. User identification information is received from the external security information source which identifies a user of the device. The device, based upon the received user identification information, determines whether the secure data stored on the device is to be accessed by a user of the device.

21 Citations

View as Search Results

31 Claims

1. A method for operation upon a data processing device for handling secure data stored on the device, wherein the device is configurable to communicate over a data channel with an external security information source, said method comprising:
- receiving user identification information from the external security information source;
  
  wherein the external security information source has a location proximate relative to the device;
  
  wherein the user identification information identifies a predetermined user;
  
  determining, based upon the received user identification information, whether the secure data stored on the device is to be accessed by a user of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The method of claim 1, wherein the device is a wireless mobile communications device that receives email messages over a wireless communications network;
    - wherein the data includes an email message.
  - 3. The method of claim 1, wherein the external security information source has a location proximate such that the external security information source can communicate with the device;
    - wherein the data channel includes a wireless data link.
  - 4. The method of claim 1, wherein a first user of the device is an intended recipient of a message sent to the device;
    - wherein a second user is not able to access the sent message because the device does not receive proper user identification information from an external security information source.
  - 5. The method of claim 4, wherein the device not receiving proper user identification information includes the device not receiving any user identification information from the external security information source.
  - 6. The method of claim 4, wherein the external security information source includes a security credentials tag or card;
    - wherein the second user stole the device or the first user loaned the device to the second user;
      
      wherein the second user does not have the proper external security information source for providing the user identification information that corresponds to an intended recipient of the sent message.
  - 7. The method of claim 6, wherein security credentials are stored in the device that encrypts the data.
  - 8. The method of claim 6, wherein the external security credentials tag or card communicates to the device via a wireless communications channel.
  - 9. The method of claim 6, wherein the external security credentials tag or card communicates to the device via an external data link.
  - 10. The method of claim 1, wherein the data is secured on a per email or file basis before the data is sent to the device for ensuring that an intended recipient only has access to the secured data.
  - 11. The method of claim 1, wherein the data is encrypted by the device.
  - 12. The method of claim 1, wherein the data is in an encrypted form while stored on the wireless device.
  - 13. The method of claim 12, wherein a recipient or administrator stores rules in a rules database for determining what data for the device is to be encrypted.
  - 14. The method of claim 13, wherein the rules database is configured to check email received over a wireless communications network to determine whether the incoming email is to be encrypted for a specific recipient.
  - 15. The method of claim 13, wherein the rules database stores user identification information for each user, keys for encryption and an encryption algorithm.
  - 16. The method of claim 13, wherein the device receives a subscriber'"'"'s identification information from the external security information source and a public key from the rules database.
  - 17. The method of claim 16, wherein the device uses the received identification information and the received public key in conjunction with a decrypting algorithm in order to decrypt the stored data secured on the device.
  - 18. The method of claim 17, wherein a user'"'"'s attempted access of the secure data results in the device requesting subscriber'"'"'s identification information from the external security information source and results in requesting the public key from the rules database.
  - 19. The method of claim 18, wherein the user is able to view the secure data if the device determines, based upon the received user identification information, whether the secure data stored on the device is to be accessed by a user of the device.
  - 20. The method of claim 16, wherein the external security information source contains a subscriber'"'"'s identification information;
    - wherein the subscriber'"'"'s identification information is also contained in the rules database.
  - 21. The method of claim 13, wherein when a subscriber wishes to view the data on the device, the wireless device obtains the subscriber'"'"'s identification information from the external security information source and obtains a public key from the rules database for use by the device in determining whether to allow the subscriber to view the data.
  - 22. The method of claim 21, wherein the wireless device combines the public key with the identification information to obtain the private master key;
    - wherein the private master key is used to decrypt the data for access by the device'"'"'s user.
  - 23. The method of claim 1, wherein encryption of the data is performed to secure the data on the device in order to prevent it from being removed;
    - wherein the data is secured on the device with respect to a specific user in order to prevent other users from accessing the device if the device is loaned to another user, or is stolen or lost.
  - 24. The method of claim 1, wherein the incoming data received by a server over a wireless communications network is checked by a rules database to determine if the received data is to be encrypted for a specific data recipient and device combination.
  - 25. The method of claim 1, wherein when a user of the device wishes to view the data, the device obtains a decryption key from the external security information source so that the user can view the data.
  - 26. The method of claim 1, wherein a cryptographic key generated by the external security information source is secured to the device.
  - 27. The method of claim 1, wherein when the device'"'"'s user wants to view the data that is encrypted, the device sends an encrypted device identifier, a challenge and response to the external security information source;
    - wherein the external security information source determines if the request for a key is from a valid source based upon the received challenge and the encrypted device identifier;
      
      wherein, based upon the external security information source'"'"'s determination of validity, the external security information source computes the key using the challenge;
      
      wherein the key is sent to the device and is used by the device to view the data.
  - 28. A data signal that is transmitted using a network, wherein the data signal includes the secure data of claim 1.
  - 29. Computer-readable medium capable of causing a computing device to perform the method of claim 1.

30. An apparatus for operation upon a data processing device, wherein the device is configurable to communicate over a data channel with an external security information source, comprising:
- data processing instructions configured to receive user identification information from the external security information source;
  
  wherein the external security information source has a location proximate relative to the device;
  
  wherein the user identification information identifies a predetermined user;
  
  data processing instructions configured to determine whether the secure information stored on the device is to be accessed based upon the received user identification information.

31. A system for operation upon a wireless mobile communications device for handling encrypted email messages stored on the device, wherein the device is configurable to communicate over a data channel with an external security credentials information source, wherein the device receives email messages over a wireless communications network;
- said system comprising;
  
  means for receiving user identification information from the external security credentials information source;
  
  wherein the user identification information identifies a specific user;
  
  means for determining, based upon the received user identification information, whether a secure email message stored on the device is to be accessed and viewed by a user of the device;
  
  wherein the external security credentials information source has a location proximate relative to the device such that the external security credentials information source can communicate with the device;
  
  wherein the external security credentials information source includes a security credentials tag or card which communicates with the device over a wireless data link;
  
  wherein a first user of the device is an intended recipient of a message sent to the device;
  
  wherein a second user is not able to access the sent message because the device does not receive proper user identification information from the external security credentials information source;
  
  wherein the data is encrypted based upon the security rules stored in the rules database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Buckley, Adrian, Asthana, Atul

Granted Patent

US 8,205,091 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 21/78   to assure secure storage of...

G06F 2221/2117   User registration

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2153   Using hardware token as a s...

H04L 2209/80   Wireless network architectu...

H04L 51/214   using selective forwarding

H04L 51/58   Message adaptation for wire...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 9/3271   using challenge-response

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

System and method for securing wireless data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing wireless data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links