System and method for sending secure messages

US 8,074,066 B2
Filed: 01/24/2005
Issued: 12/06/2011
Est. Priority Date: 05/05/2004
Status: Active Grant

First Claim

Patent Images

1. A method for sending a secure e-mail message to recipient using a sender system comprising a communication device, the communication device comprising a key store and being operative to execute a messaging application for composing and encoding an e-mail message, the method comprising:

upon initiation of a message sending sequence of the messaging application to send a composed and addressed e-mail message securely to a recipient from the communication device, said message sending sequence being initiated by selection of a send option of the messaging application, and prior to sending said e-mail message,upon determining at the communication device that no valid security certificate associated with the recipient is stored in the key store,obtaining, by the communication device from a certificate service, a first security certificate associated with the recipient;

determining at the communication device whether said first security certificate thus obtained is valid using a validity status of said first security certificate obtained from a certificate status provider;

when said first security certificate thus obtained is determined not to be valid, the communication device repeating said obtaining to obtain a further security certificate associated with the recipient and repeating said determining to determine a validity status of said further security certificate until one of the further security certificates obtained by said repetition is determined to be valid; and

storing said valid further security certificate in the key store; and

encoding, by the communication device, the e-mail message using information contained in said valid further security certificate to provide a secure e-mail message; and

sending the secure e-mail message from the communication device to the recipient.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Electronic messages are sent from a sending system to an identified recipient and are encoded using information contained in a certificate. A key store is accessed by a messaging application to determine if a certificate associated with the recipient is present. If no certificate is present in the key store the messaging application accesses one or more certificate services to obtain a certificate. Where validation of the retrieved certificate is required, the messaging application invokes a certificate validation process. One or more further certificates are obtained by the messaging application where the retrieved certificate is invalid.

28 Citations

View as Search Results

30 Claims

1. A method for sending a secure e-mail message to recipient using a sender system comprising a communication device, the communication device comprising a key store and being operative to execute a messaging application for composing and encoding an e-mail message, the method comprising:
- upon initiation of a message sending sequence of the messaging application to send a composed and addressed e-mail message securely to a recipient from the communication device, said message sending sequence being initiated by selection of a send option of the messaging application, and prior to sending said e-mail message,upon determining at the communication device that no valid security certificate associated with the recipient is stored in the key store,obtaining, by the communication device from a certificate service, a first security certificate associated with the recipient;
  
  determining at the communication device whether said first security certificate thus obtained is valid using a validity status of said first security certificate obtained from a certificate status provider;
  
  when said first security certificate thus obtained is determined not to be valid, the communication device repeating said obtaining to obtain a further security certificate associated with the recipient and repeating said determining to determine a validity status of said further security certificate until one of the further security certificates obtained by said repetition is determined to be valid; and
  
  storing said valid further security certificate in the key store; and
  
  encoding, by the communication device, the e-mail message using information contained in said valid further security certificate to provide a secure e-mail message; and
  
  sending the secure e-mail message from the communication device to the recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 30)
- - 2. The method of claim 1, wherein determining whether said first security certificate thus obtained is valid comprises determining whether the status of said first security certificate has not been checked within a period defined by a periodicity value set by a security policy implemented at the communication device.
  - 3. The method of claim 1, wherein the certificate service is the certificate status provider.
  - 4. The method of claim 1, wherein obtaining said first security certificate from the certificate service comprises accessing a list of certificate services and selecting at least one certificate services to access from the list.
  - 5. The method of claim 4, wherein the list of certificate services is ranked in order of trustworthiness and the selection of the at least one certificate service from the list is determined by the said ranking.
  - 6. The method of claim 1, wherein the method is executed by a data communication module at the communication device.
  - 7. The method of claim 1, wherein determining that no valid security certificate associated with the recipient is stored in the key store comprises determining that no security certificate associated with the recipient stored in key store is both valid according to said security certificate'"'"'s status and validated according to a security policy implemented at the communication device.
  - 8. The method of claim 7, wherein determining that no security certificate associated with the recipient stored in the key store is both valid according to said security certificate'"'"'s status and validated according to the security policy implemented at the communication device comprises determining that any security certificate associated with the recipient stored in the key store has not been validated for a predetermined period of time defined in the security policy.
  - 9. The method of claim 1 wherein the valid further security certificate thus obtained comprises a public key and wherein encoding the e-mail message comprises encrypting the e-mail message using the public key.
  - 10. The method of claim 1, further comprising the initial step of accepting a request to send the e-mail message to the recipient.
  - 11. The method of claim 1, further comprising determining that the e-mail message is to be sent securely by accessing security policy information on the communication device for e-mail messages composed on the device.
  - 30. The method of claim 1, wherein encoding the e-mail message comprises encrypting the e-mail message, and the secure e-mail message comprises the encrypted e-mail message.

12. A communication device configured to generate a secure e-mail message addressed to a recipient, the communication device comprising:
- a key store configured to store at least one security certificate;
  
  a transceiver configured to communicate over a network with at least one certificate service;
  
  a processor configured to;
  
  upon initiation of a message sending sequence of a messaging application executing at the communication device to send a composed and addressed e-mail message securely to the recipient from the communication device, said message sending sequence being initiated by selection of a send option of the messaging application, and prior to sending said e-mail message,upon determining that no valid security certificate associated with the recipient is stored in the key store,obtain a security certificate associated with the recipient from the at least one certificate service via the transceiver;
  
  determine whether said first security certificate thus obtained is valid using a validity status of said first security certificate obtained from a certificate status provider; and
  
  when said first security certificate thus obtained is determined not to be valid, repeat said obtaining to obtain a further security certificate associated with the recipient and repeat said determining to determine a validity status of said different security certificate until one of the further security certificates obtained by said repetition is determined to be valid; and
  
  store said security certificate in the key store; and
  
  encode the e-mail message using information contained in the valid further security certificate thus obtained, to provide a secure e-mail message; and
  
  send the secure e-mail message to the recipient via the transceiver.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The communication device of claim 12, wherein determining whether said first security certificate thus obtained is valid comprises determining whether the status of said first security certificate has not been checked within a period defined by a periodicity value set by a security policy implemented at the communication device.
  - 14. The communication device of claim 12, wherein the at least one certificate service is selected from a list of certificate services ranked in order of trustworthiness, the selection of said at least one certificate service being determined by said ranking.
  - 15. The communication device of claim 12 wherein the processor is configured to determine that no valid security certificate associated with the recipient is stored in the key store by determining that no security certificate associated with the recipient stored in key store is both valid according to said security certificate'"'"'s status and validated according to a security policy implemented at the communication device.
  - 16. The communication device of claim 12 wherein the valid further security certificate comprises a public key and wherein the processor is further configured to cause the system to encrypt the e-mail message using the public key.
  - 17. The communication device of claim 12 wherein the communication device comprises a wireless handheld device.
  - 18. The communication device of claim 15 wherein determining that no security certificate associated with the recipient stored in the key store is both valid according to said security certificate'"'"'s status and validated according to the security policy implemented at the communication device comprises determining that any security certificate associated with the recipient stored in the key store has not been validated for a predetermined period of time defined in the security policy.
  - 19. The communication device of claim 12, wherein the processor is further configured to determine that the e-mail message is to be sent securely by accessing security policy information on the communication device for e-mail messages composed on the device.

20. A non-transitory computing device-readable medium storing messaging application program code which, when executed by a communication device, causes the communication device to:
- upon initiation of a message sending sequence of the messaging application to send a composed and addressed e-mail message securely to a recipient from the communication device, said message sending sequence being initiated by selection of a send option of the messaging application, and prior to sending said e-mail message,upon determining at the communication device that no valid security certificate associated with the recipient is stored in the key store;
  
  obtaining, by the communication device from a certificate service, a first security certificate associated with the recipient;
  
  determining at the communication device whether said first security certificate thus obtained is valid using a validity status of said first security certificate obtained from a certificate status provider;
  
  when said first security certificate thus obtained is determined not to be valid, the communication device repeating said obtaining to obtain a further security certificate associated with the recipient and repeating said determining to determine a validity status of said further security certificate until one of the further security certificates obtained by said repetition is determined to be valid; and
  
  storing said valid further security certificate in the key store; and
  
  encoding, by the communication device, the e-mail message using information contained in the valid further security certificate thus obtained, to provide a secure e-mail message; and
  
  sending the secure e-mail message from the communication device to the recipient.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The non-transitory computing device-readable medium of claim 20, wherein determining whether said first security certificate thus obtained is valid comprises determining whether the status of said first security certificate has not been checked within a period defined by a periodicity value set by a security policy implemented at the communication device.
  - 22. The non-transitory computing device-readable medium of claim 20, wherein obtaining said first security certificate associated with the recipient from the certificate service comprises accessing a list of certificate services and selecting at least one certificate service to access from the list.
  - 23. The non-transitory computing device-readable medium of claim 20, wherein determining that no valid security certificate associated with the recipient is stored in the key store comprises determining that no security certificate associated with the recipient stored in key store is both valid according to said security certificate'"'"'s status and validated according to a security policy implemented at the communication device.
  - 24. The non-transitory computing device-readable medium of claim 20, wherein the valid further security certificate comprises a public key and wherein encoding the e-mail message comprises encrypting the e-mail message using the public key.
  - 25. The non-transitory computing device-readable medium of claim 22, wherein the list of certificate services is ranked in order of trustworthiness, and the selection of the at least one certificate service from the list is determined by the said ranking.
  - 26. The non-transitory computing device-readable medium of claim 23, wherein determining that no security certificate associated with the recipient stored in the key store is both valid according to said security certificate'"'"'s status and validated according to the security policy implemented at the communication device comprises determining that any security certificate associated with the recipient stored in the key store has not been validated for a predetermined period of time defined in the security policy.

27. A wireless handheld device comprising a memory for storing a key store and a memory for storing messaging application program code configured to cause the wireless handheld device to send an e-mail message to a recipient, the device comprising messaging application program code configured, when executed by the wireless handheld device, to cause the device to implement the method of:
- upon initiation of a message sending sequence to send a composed and addressed e-mail message securely to a recipient from the communication device, said message sending sequence being initiated by selection of a send option of the messaging application, and prior to sending said e-mail message,upon determining at the communication device that no valid security certificate associated with the recipient is stored in the key store;
  
  obtaining, by the communication device from a certificate service, a first security certificate associated with the recipient;
  
  determining at the communication device whether said first security certificate thus obtained is valid using a validity status of said first security certificate obtained from a certificate status provider;
  
  when said first security certificate thus obtained is determined not to be valid, repeating said obtaining to obtain a further security certificate associated with the recipient and repeating said determining to determine a validity status of said further security certificate until one of the further security certificates obtained by said repetition is determined to be valid; and
  
  storing said valid further security certificate in the key store; and
  
  encoding, by the communication device, the e-mail message using information contained in the valid further security certificate thus obtained, to provide a secure e-mail message; and
  
  sending the secure e-mail message from the communication device to the recipient.
- View Dependent Claims (28, 29)
- - 28. The wireless handheld device of claim 27, wherein determining that no valid security certificate associated with the recipient is stored in the key store comprises determining that no security certificate associated with the recipient stored in key store is both valid according to said security certificate'"'"'s status and validated according to a security policy implemented at the communication device.
  - 29. The wireless handheld device of claim 28, wherein determining that no security certificate associated with the recipient stored in the key store is both valid according to said security certificate'"'"'s status and validated according to the security policy implemented at the wireless handheld device comprises determining that any security certificate associated with the recipient stored in the key store has not been validated for a predetermined period of time defined in the security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael S., Kirkup, Michael G., Little, Herb
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US11/039,789
Publication Number

US 20050262552A1
Time in Patent Office

2,507 Days
Field of Search

713/156
US Class Current

713/156
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 51/00   User-to-user messaging in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

System and method for sending secure messages

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for sending secure messages

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links