MECHANISM AND METHOD FOR MANAGING CREDENTIALS ON IOS BASED OPERATING SYSTEM

US 20130024695A1
Filed: 07/18/2011
Published: 01/24/2013
Est. Priority Date: 07/18/2011
Status: Active Grant

First Claim

Patent Images

1. A mechanism for managing a user credential in a communication device configured for iOS operating system including a keychain, said mechanism comprising:

a certificate object under the iOS keychain, said certificate object being configured to store a certificate;

a password object under the iOS keychain, said password object being configured to store a private key;

said password object being configured to store a thumbprint, said thumbprint being configured to associate said private key with a corresponding certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism and method for managing credentials on an electronic device configured with an iOS based operating system. The iOS based device includes a “keychain” configured in device memory. According to an embodiment, the electronic device comprises an application configured to generate a public certificate object in the keychain and a password object in the keychain. The public certificate object is configured to store a public certificate, and the password object is configured to store a private key. The password object further includes a label or thumbprint for associating the private key with the corresponding public certificate. According to an embodiment, the application stores the private key in an encrypted container in the password object to provide an additional layer of security. The application is configured to unlock the encrypted container utilizing a password provided the user. According to a further aspect, the user password is not stored in memory on the device. According to an embodiment, the private key is generated and provided by a credential management system operatively coupled to the electronic device for digitally signing an email message.

85 Citations

17 Claims

1. A mechanism for managing a user credential in a communication device configured for iOS operating system including a keychain, said mechanism comprising:
- a certificate object under the iOS keychain, said certificate object being configured to store a certificate;
  
  a password object under the iOS keychain, said password object being configured to store a private key;
  
  said password object being configured to store a thumbprint, said thumbprint being configured to associate said private key with a corresponding certificate.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The mechanism as claimed in claim 1, said password object comprises an encrypted container for storing said private key, and said encrypted container being secured by a user password.
  - 3. The mechanism as claimed in claim 2, wherein said user password is located independently of the communication device.
  - 4. The mechanism as claimed in claim 2, wherein said encrypted container comprises a PFX container.
  - 5. The mechanism as claimed in claim 2, wherein said thumbprint is configured to be searchable under the iOS operating system for linking said encrypted container storing said private key with said associated certificate.
  - 6. The mechanism as claimed in claim 2, wherein said private key or said certificate is provided from a credential management system.

7. A communication device comprising an iOS operating system and including a keychain, said communication device comprising:
- an email module configured to receive email messages intended for a user of the communication device and to transmit email messages to a recipient;
  
  an application module configured to receive a certificate and a private key associated with the user;
  
  said application module being configured to store said certificate in a certificate object under the keychain and to store said private key in a password object under the keychain;
  
  said application module being configured to generate a thumbprint and store said thumbprint in said password object, and said thumbprint being configured to associate said private key stored in said password object with said corresponding certificate in said certificate object;
  
  said application module being configured to digitally sign an email message using said private key prior to transmitting said email message to said recipient; and
  
  said email module including a decryption facility configured to decrypt an encrypted email message received and intended for the user, said encrypted email message being decrypted utilizing said private key and said certificate.
- View Dependent Claims (8, 9, 10)
- - 8. The communication device as claimed in claim 7, wherein said password object comprises an encrypted container for storing said private key, and said encrypted container being secured by a user password.
  - 9. The communication device as claimed in claim 8, wherein said encrypted container comprises a PFX container.
  - 10. The communication device as claimed in claim 8, wherein said certificate and said private key are provided from a credential management system.

11. A method for managing credentials for a user on an electronic device comprising an iOS operating system with a keychain, said method comprising the steps of:
- providing a certificate object under the keychain, and storing a certificate in said certificate object;
  
  providing a password object under the keychain, and said password object comprising an encrypted container configured for storing a private key in said password object;
  
  providing a thumbprint and storing said thumbprint in said password object, said thumbprint being configured to link said private key to said associated certificate;
  
  securing said encrypted container with a password associated with the user.
- View Dependent Claims (12)
- - 12. The method as claimed in claim 11, wherein said certificate and/or said private key are provided by a credential management system operatively coupled to the communication device.

13. A method for encrypting an email message from a user on a communication device comprising an email utility and configured with an iOS operating system and including a keychain configured in memory of the communication device, said method comprising the steps of:
- inputting an encrypted container from a password object under the keychain in the iOS operating system, said encrypted container containing a private key associated with the user;
  
  inputting a thumbprint from said password object corresponding to said private key;
  
  using said thumbprint to search for a certificate associated with said private key;
  
  inputting said associated certificate from a certificate object, said certificate object being under the keychain in the iOS operating system;
  
  prompting the user to provide a password, and if correct, using said password to decrypt said encrypted container and retrieve said private key, and storing said retrieved private key in the device memory;
  
  using said private key to digitally sign the email message;
  
  making said email available to the email utility for transmission; and
  
  deleting the retrieved private key from the memory of the communication device.
- View Dependent Claims (14)
- - 14. The method as claimed in claim 13, wherein said private key is generated by a credential management system and downloaded to the communication device.

15. A method for decrypting an encrypted email message intended for a user and received at a communication device configured with an email application and comprising an iOS operating system with a keychain configured in memory of the communication device, said method comprising the steps of:
- inputting an encrypted container from a password object under the keychain in the iOS operating system, said encrypted container containing a private key associated with the user;
  
  inputting a thumbprint from said password object corresponding to said private key;
  
  using said thumbprint to search for a certificate associated with said private key;
  
  inputting said associated certificate from a certificate object, said certificate object being under the keychain in the iOS operating system;
  
  prompting the user to provide a password, and if correct, using said password to decrypt said encrypted container and retrieve said private key, and storing said private key in the device memory;
  
  using said private key and said certificate in a decryption operation to decrypt the email message;
  
  making said decrypted email message available in an inbox associated with the email application; and
  
  deleting the private key from the device memory.
- View Dependent Claims (16, 17)
- - 16. The method as claimed in claim 15, wherein said private key is generated by a credential management system and downloaded to the communication device.
  - 17. The method as claimed in claim 16, wherein said password is provided by the user independently of the communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ECHOWORX Corporation
Original Assignee
ECHOWORX Corporation
Inventors
KANDRASHEU, Yauheni, HAPPE, Sarah, PEEL, Christian

Granted Patent

US 8,898,472 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 9/006   involving public key infras...

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

MECHANISM AND METHOD FOR MANAGING CREDENTIALS ON IOS BASED OPERATING SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

MECHANISM AND METHOD FOR MANAGING CREDENTIALS ON IOS BASED OPERATING SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links