System and method for supporting multiple certificate authorities on a mobile communication device

US 7,046,991 B2
Filed: 07/16/2002
Issued: 05/16/2006
Est. Priority Date: 07/16/2001
Status: Expired due to Term

First Claim

Patent Images

1. A system for supporting multiple certificate authorities (CAs) on a mobile communication device, comprising:

a common CA interface;

an application communication link configured to exchange data between the common CA interface and at least one software application that operates on the communication device; and

a plurality of CA provider components, each associated with a respective CA and having an interface to a radio function in order to communicate wirelessy with its respective CA,whereinthe common CA interface is configured to receive a security-related request from the at least one software application, and to send the security-related request to one of the plurality of CA provider components; and

each of the plurality of CA provider components is configured to send via the radio function a security-related request received from the common CA interface to its respective associated CA.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for supporting operations with multiple certification authorities (CAs) on a communication device. A common CA interface is provided between a plurality of secure communication applications and a plurality of CA-specific components, each of which interacts with a particular CA. A further common interface may also be provided for operatively coupling the secure communication applications to cryptographic components in the device.

93 Citations

View as Search Results

32 Claims

1. A system for supporting multiple certificate authorities (CAs) on a mobile communication device, comprising:
- a common CA interface;
  
  an application communication link configured to exchange data between the common CA interface and at least one software application that operates on the communication device; and
  
  a plurality of CA provider components, each associated with a respective CA and having an interface to a radio function in order to communicate wirelessy with its respective CA,whereinthe common CA interface is configured to receive a security-related request from the at least one software application, and to send the security-related request to one of the plurality of CA provider components; and
  
  each of the plurality of CA provider components is configured to send via the radio function a security-related request received from the common CA interface to its respective associated CA.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The system of claim 1, wherein the at least one software application includes an m-commerce application.
  - 3. The system of claim 1, wherein the at least one software application includes an e-commerce application.
  - 4. The system of claim 1, wherein the at least one software application includes a secure communication application.
  - 5. The system of claim 4, wherein a second common interface operatively couples the secure communication application to cryptographic components in the communication device.
  - 6. The system of claim 1, wherein:
    - a plurality of software applications resides on the communication device;
      
      at least several of the software applications use different CAs;
      
      the plurality of CA provider components includes CA provider components respectively associated with the different CAs; and
      
      the common CA interface sends security-related requests from the software applications to the CA provider components that are associated with the CAs respectively used by the software applications.
  - 7. The system of claim 6, wherein the common CA interface sends security-related requests from an application to a different CA provider component based upon a configuration change.
  - 8. The system of claim 6, wherein:
    - a first software application and a second software application of the plurality of software applications use a first CA; and
      
      the common CA interface sends security-related requests from the first software application and the second software application to the CA provider component associated with the first CA.
  - 9. The system of claim 1, wherein the security-related request includes an encryption-related request.
  - 10. The system of claim 1, wherein the security-related request includes a digital signature-related request.
  - 11. The system of claim 1, wherein the security-related request includes a request for a public key from a CA associated with one of the plurality of CA provider components.
  - 12. The system of claim 1, wherein the security-related request includes a request to register a public key with a CA associated with one of the plurality of CA provider components.
  - 13. The system of claim 1, wherein the respective CAs associated with the plurality of CA provider components utilize different protocols to respond to security-related requests from the communication device.
  - 14. The system of claim 1, wherein the respective CAs associated with the plurality of CA provider components utilize different data formats in handling security-related requests from the communication device.
  - 15. The system of claim 1, wherein one of the plurality of CA provider components provides a public key associated with the communication device key to the CA associated with the one of the CA provider components.
  - 16. The system of claim 1, wherein each CA provider component sends the security-related request to its respective associated CA through radio interface means.
  - 17. The system of claim 1, wherein a second common interface is disposed between the CA provider components and device cryptographic components and is configured to provide crypto-related requests from the CA provider components to the device crypto components.
  - 18. The system of claim 17, wherein the device crypto components are shared among the plurality of CA provider components.
  - 19. The system of claim 1, wherein the CA provider components use cryptographic components in order to perform a cryptographic function.
  - 20. The system of claim 19, wherein the cryptographic components perform an encryption function.
  - 21. The system of claim 19, wherein the cryptographic components perform a decryption function.
  - 22. The system of claim 19, wherein the cryptographic components perform a digital signature generation function.
  - 23. The system of claim 19, wherein the cryptographic components perform a digital signature verification function.
  - 24. The system of claim 1, wherein:
    - the plurality of CA provider components are further associated with respective cryptographic interfaces;
      
      the at least one software application includes a plurality of secure communication applications; and
      
      the cryptographic interfaces perform digital certificate parsing in order to provide certificate and key information to a common cryptographic component that is shared among the secure communication applications.
  - 25. The system of claim 1, wherein the security-related request is sent to the CA associated with the one of the plurality of CA provider components over a wireless network.
  - 26. The system of claim 1, wherein the security-related request is sent to the CA associated with the one of the plurality of CA provider components over a wide area network.
  - 27. The system of claim 1, wherein the communication device is selected from the group consisting of:
    - a data communication device, a voice communication device, a dual-mode communication device enabled for both voice and data communications, a mobile telephone having data communications capabilities, a two-way pager, a personal digital assistant (PDA) enabled for communications, and a desktop, palmtop or laptop computer having a wireless modem.

28. A method for supporting multiple certificate authorties (CAs) for a plurality of software applications operating on a communication device, comprising the steps of:
- (a) receiving a first security-related request from a first software application;
  
  (b) determining which one of a plurality of CA provider components is to be used for the first security-related request;
  
  (c) routing the first security-related request to a first CA provider component based upon the determining step (b), wherein the first CA provider component handles the first security-related request so that the first security-related request is provided to a first CA associated with the first CA provider component, and wherein the first CA provider component has an interface to a radio function in order to communicate wirelessly with the first CA;
  
  (d) receiving a second security-related request from a second software application;
  
  (e) determining which one of the plurality of CA provider components is to be used for the second security-related request; and
  
  (f) routing the second security-related request to a second CA provider component based upon the determining step (e), wherein the second CA provider component handles the second security-related request so that the second security-related request is provided to a second CA associated with the second certificate authority provider component, and wherein the second CA provider component has an interface to a radio function in order to communicate wirelessly with the second CA.
- View Dependent Claims (29, 30)
- - 29. The method of claim 28 further comprising the steps of:
    - (g) receiving a third security-related request from a third software application;
      
      (h) determining which one of the plurality of CA provider components is to be used for the third security-related request; and
      
      (i) routing the third security-related request to the first CA provider component based upon the determining step (h), wherein the first CA provider component handles the third security-related request so that the third security-related request is provided to the CA associated with the first CA provider component.
  - 30. Computer software stored on a wireless mobile communication device, the computer software comprising program code for carrying out the method according to claim 28.

31. An apparatus for supporting multiple certificate authorities (CAs) for a plurality of software applications operating on a wireless mobile communication device, comprising:
- means for receiving a first security-related request from a first software application and for receiving a second security-related request from a second software application;
  
  means for determining which one of a plurality of CA provider components is to be used for the first security-related request and for determining which one of the plurality of CA provider components is to be used for the second security-related request; and
  
  means for routing the first security-related request to a first CA provider component and for routing the second security-related request to a second CA provider component responsive to the means for determining,whereinthe first CA provider component handles the first security-related request so that the first security-related request is provided to a first CA associated with the first CA provider component;
  
  the second CA provider component handles the second security-related request so that the second security-related request is provided to a second CA associated with the second certificate authority provider component; and
  
  the first and second CA provider components have an interface to a radio function in order to communicate wirelessly with the first CA and the second CA.

32. Computer software stored on a mobile device, the computer software comprising program code for carrying out a method comprising the steps of:
- (a) receiving a first security-related request from a first software application operating on the mobile device;
  
  (b) determining which one of a plurality of CA provider components is to be used for the first security-related request,(c) routing the first security-related request to a first CA provider component based upon the determining step (b), wherein the first CA provider component handles the first security-related request so that the first security-related request is provided to a first CA associated with the first CA provider component, and wherein the first CA provider component has an interface to a radio function in order to communicate wirelessly with the first CA;
  
  (d) receiving a second security-related request from a second software application operating on the mobile device;
  
  (e) determining which one of the plurality of CA provider components is to be used for the second security-related request; and
  
  (f) routing the second security-related request to a second CA provider component based upon the determining step (e), wherein the second CA provider component handles the second security-related request so that the second security-related request is provided to a second CA associated with the second certificate authority provider component, and wherein the second CA provider component has an interface to a radio function in order to communicate wirelessly with the second CA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael S., Little, Herbert A.
Primary Examiner(s)
WASHINGTON, ERIKA ALISE

Application Number

US10/484,278
Publication Number

US 20040171374A1
Time in Patent Office

1,400 Days
Field of Search

455/410, 455/411
US Class Current

455/410
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/102   applying security measure f...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

H04L 9/40   Network security protocols

System and method for supporting multiple certificate authorities on a mobile communication device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for supporting multiple certificate authorities on a mobile communication device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links