MECHANISM AND METHOD FOR MANAGING CREDENTIALS ON IOS BASED OPERATING SYSTEM
First Claim
1. A mechanism for managing a user credential in a communication device configured for iOS operating system including a keychain, said mechanism comprising:
- a certificate object under the iOS keychain, said certificate object being configured to store a certificate;
a password object under the iOS keychain, said password object being configured to store a private key;
said password object being configured to store a thumbprint, said thumbprint being configured to associate said private key with a corresponding certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism and method for managing credentials on an electronic device configured with an iOS based operating system. The iOS based device includes a “keychain” configured in device memory. According to an embodiment, the electronic device comprises an application configured to generate a public certificate object in the keychain and a password object in the keychain. The public certificate object is configured to store a public certificate, and the password object is configured to store a private key. The password object further includes a label or thumbprint for associating the private key with the corresponding public certificate. According to an embodiment, the application stores the private key in an encrypted container in the password object to provide an additional layer of security. The application is configured to unlock the encrypted container utilizing a password provided the user. According to a further aspect, the user password is not stored in memory on the device. According to an embodiment, the private key is generated and provided by a credential management system operatively coupled to the electronic device for digitally signing an email message.
85 Citations
17 Claims
-
1. A mechanism for managing a user credential in a communication device configured for iOS operating system including a keychain, said mechanism comprising:
-
a certificate object under the iOS keychain, said certificate object being configured to store a certificate; a password object under the iOS keychain, said password object being configured to store a private key; said password object being configured to store a thumbprint, said thumbprint being configured to associate said private key with a corresponding certificate. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A communication device comprising an iOS operating system and including a keychain, said communication device comprising:
-
an email module configured to receive email messages intended for a user of the communication device and to transmit email messages to a recipient; an application module configured to receive a certificate and a private key associated with the user; said application module being configured to store said certificate in a certificate object under the keychain and to store said private key in a password object under the keychain; said application module being configured to generate a thumbprint and store said thumbprint in said password object, and said thumbprint being configured to associate said private key stored in said password object with said corresponding certificate in said certificate object; said application module being configured to digitally sign an email message using said private key prior to transmitting said email message to said recipient; and said email module including a decryption facility configured to decrypt an encrypted email message received and intended for the user, said encrypted email message being decrypted utilizing said private key and said certificate. - View Dependent Claims (8, 9, 10)
-
-
11. A method for managing credentials for a user on an electronic device comprising an iOS operating system with a keychain, said method comprising the steps of:
-
providing a certificate object under the keychain, and storing a certificate in said certificate object; providing a password object under the keychain, and said password object comprising an encrypted container configured for storing a private key in said password object; providing a thumbprint and storing said thumbprint in said password object, said thumbprint being configured to link said private key to said associated certificate; securing said encrypted container with a password associated with the user. - View Dependent Claims (12)
-
-
13. A method for encrypting an email message from a user on a communication device comprising an email utility and configured with an iOS operating system and including a keychain configured in memory of the communication device, said method comprising the steps of:
-
inputting an encrypted container from a password object under the keychain in the iOS operating system, said encrypted container containing a private key associated with the user; inputting a thumbprint from said password object corresponding to said private key; using said thumbprint to search for a certificate associated with said private key; inputting said associated certificate from a certificate object, said certificate object being under the keychain in the iOS operating system; prompting the user to provide a password, and if correct, using said password to decrypt said encrypted container and retrieve said private key, and storing said retrieved private key in the device memory; using said private key to digitally sign the email message; making said email available to the email utility for transmission; and deleting the retrieved private key from the memory of the communication device. - View Dependent Claims (14)
-
-
15. A method for decrypting an encrypted email message intended for a user and received at a communication device configured with an email application and comprising an iOS operating system with a keychain configured in memory of the communication device, said method comprising the steps of:
-
inputting an encrypted container from a password object under the keychain in the iOS operating system, said encrypted container containing a private key associated with the user; inputting a thumbprint from said password object corresponding to said private key; using said thumbprint to search for a certificate associated with said private key; inputting said associated certificate from a certificate object, said certificate object being under the keychain in the iOS operating system; prompting the user to provide a password, and if correct, using said password to decrypt said encrypted container and retrieve said private key, and storing said private key in the device memory; using said private key and said certificate in a decryption operation to decrypt the email message; making said decrypted email message available in an inbox associated with the email application; and deleting the private key from the device memory. - View Dependent Claims (16, 17)
-
Specification