Method and apparatus for processing digitally signed messages to determine address mismatches

US 20070038719A1
Filed: 07/29/2005
Published: 02/15/2007
Est. Priority Date: 07/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of processing signed messages received at a computing device, the method comprising the steps of:

a) receiving a message comprising a header identifying at least a sender address, at least one portion of signed data, a digital signature corresponding to each portion of signed data, and at least one message separator;

b) determining whether a first message separator appears within a portion of signed data;

c) if the first message separator does not appear within a portion of signed data, performing at least one pre-determined action for each of the digital signatures in the message that appears after the first message separator; and

d) if the first message separator appears within a portion of signed data, verifying that the sender address matches the address associated with a key used to generate the one digital signature that appears after the first message separator and that corresponds to the portion of signed data within which the first message separator appears, and performing at least one pre-determined action for each of the other digital signatures in the message that appears after the first message separator.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for processing digitally signed messages in which address mismatch errors are detected. In at least one aspect, the number of address mismatch errors reported to a user for a message may be minimized for messages that properly incorporate message portions signed by someone other than the sender of the message, as may be the case where the message contains a conversation thread for example, by performing at least one predetermined action for digital signatures corresponding to signed data appearing after a message separator. The message separator may indicate that the message contains data from an older forwarded message or from an older message that has been replied to, for example. The at least one-predetermined action may comprise bypassing verification of address matches for those digital signatures, or verifying address matches for those digital signatures but suppressing user notification of any address mismatch errors, for example.

51 Citations

View as Search Results

26 Claims

1. A method of processing signed messages received at a computing device, the method comprising the steps of:
- a) receiving a message comprising a header identifying at least a sender address, at least one portion of signed data, a digital signature corresponding to each portion of signed data, and at least one message separator;
  
  b) determining whether a first message separator appears within a portion of signed data;
  
  c) if the first message separator does not appear within a portion of signed data, performing at least one pre-determined action for each of the digital signatures in the message that appears after the first message separator; and
  
  d) if the first message separator appears within a portion of signed data, verifying that the sender address matches the address associated with a key used to generate the one digital signature that appears after the first message separator and that corresponds to the portion of signed data within which the first message separator appears, and performing at least one pre-determined action for each of the other digital signatures in the message that appears after the first message separator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, further comprising the step of notifying a user of the computing device of an address mismatch when the sender address does not match the address associated with the key used to generate the one digital signature that appears after the first message separator and that corresponds to the portion of signed data within which the first message separator appears, if the first message separator appears within a portion of signed data.
  - 3. The method of claim 2, wherein the notifying step is performed only when permitted by a security policy governing use of the computing device.
  - 4. The method of claim 1, wherein the at least one pre-determined action for a digital signature that appears after the first message separator comprises bypassing verification that the sender address matches the address associated with a key used to generate said digital signature.
  - 5. The method of claim 1, wherein the at least one pre-determined action for a digital signature that appears after the first message separator comprises:
    - verifying that the sender address matches the address associated with a key used to generate said digital signature; and
      
      suppressing notification of a user of the computing device of an address mismatch if the sender address does not match the address associated with the key used to generate said digital signature.
  - 6. The method of claim 5, wherein notification of the user of an address mismatch is suppressed only when permitted by a security policy governing use of the computing device.
  - 7. The method of claim 1, wherein the at least one pre-determined action for a digital signature that appears after the first message separator comprises:
    - verifying that the sender address matches the address associated with a key used to generate said digital signature; and
      
      suppressing display of at least a part of the message to a user of the computing device if the sender address does not match the address associated with the key used to generate said digital signature.
  - 8. The method of claim 7, wherein the display of at least a part of the message to the user is suppressed only when permitted by a security policy governing use of the computing device.
  - 9. The method of claim 1, wherein the at least one pre-determined action for a digital signature that appears after the first message separator comprises:
    - determining a portion-specific address associated with the portion of signed data to which said digital signature corresponds;
      
      verifying that the portion-specific address matches the address associated with the key used to generate said digital signature; and
      
      notifying a user of the computing device of an address mismatch if the portion-specific address does not match the address associated with the key used to generate said digital signature.
  - 10. The method of claim 9, wherein the user is notified of an address mismatch only when permitted by a security policy governing use of the computing device.
  - 11. The method of claim 9, wherein the at least one pre-determined action for a digital signature that appears after the first message separator further comprises suppressing display of at least a part of the message to a user of the computing device if the portion-specific address does not match the address associated with the key used to generate said digital signature.
  - 12. The method of claim 11, wherein the display of at least a part of the message to the user is suppressed only when permitted by a security policy governing use of the computing device.
  - 13. The method of claim 9, wherein the determining of a portion-specific address comprises extracting an address for a previous sender from text in the message appearing between the message separator that most closely precedes the portion of signed data to which the digital signature corresponds and said portion.
  - 14. The method of claim 9, wherein the determining of a portion-specific address comprises:
    - extracting a name for a previous sender from text in the message appearing between the message separator that most closely precedes the portion of signed data to which the digital signature corresponds and said portion; and
      
      retrieving, from an address book, an address for the previous sender associated with the name.
  - 15. The method of claim 1, further comprising for each digital signature in the message that appears before the first message separator, the steps of:
    - verifying that the sender address matches the address associated with the key used to generate said respective digital signature; and
      
      notifying a user of the computing device of an address mismatch if the sender address does not match the address associated with the key used to generate said respective digital signature.
  - 16. The method of claim 15, wherein the notifying step is performed only when permitted by a security policy governing use of the computing device.
  - 17. The method of claim 1, further comprising for each digital signature in the message that appears before the first message separator, the steps of:
    - verifying that the sender address matches the address associated with the key used to generate said respective digital signature; and
      
      suppressing display of at least a part of the message to a user of the computing device if the sender address does not match the address associated with the key used to generate said digital signature.
  - 18. The method of claim 17, wherein the display of at least a part of the message to the user is suppressed only when permitted by a security policy governing use of the computing device.
  - 19. The method of claim 1, further comprising the step of determining the address associated with a key used to generate a digital signature by retrieving key holder information associated with said key from a key store.
  - 20. The method of claim 1, wherein the at least one message separator comprises one or more of the following message separators selected from the following group:
    - a line separator, an original message separator, a forwarded message separator, an author wrote separator, a subsequent begin message header within a portion of signed data defined in part by a first begin message header, and a predefined separator.
  - 21. The method of claim 1, wherein each of the at least one portion of signed data has been signed using a PGP key, and wherein each of the at least one portion of signed data is defined by a PGP begin message header and a corresponding PGP begin signature header in the message.
  - 22. The method of claim 1, wherein each of the at least one portion of signed data has been signed using S/MIME.
  - 23. The method of claim 1, wherein the computing device is a mobile device.
  - 24. A computer-readable medium upon which a plurality of instructions are stored, the instructions for performing the steps of the method as claimed in claim 1.
  - 25. An apparatus adapted to perform the steps of the method as claimed in claim 1.
  - 26. The apparatus of claim 25, wherein the apparatus is a mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael, Kirkup, Michael

Granted Patent

US 7,653,696 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/207
CPC Class Codes

H04L 51/48   Message addressing, e.g. ad...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

H04W 12/106   Packet or message integrity

Method and apparatus for processing digitally signed messages to determine address mismatches

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for processing digitally signed messages to determine address mismatches

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links