System and method for securing data

US 8,130,957 B2
Filed: 11/09/2004
Issued: 03/06/2012
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. In an electronic messaging system operable to send and receive electronic messages over a wired local area network and also operable to redirect electronic messages over a wireless network to a wireless device, a method of encrypting electronic messages comprising:

an enterprise server receiving an electronic message from an electronic messaging server, wherein the electronic message is protected by a first encryption algorithm and addressed to a message recipient in the wired local area network, the message recipient having an associated wireless device operable in the wireless network, the enterprise server having wireless device identification information of the associated wireless device stored therein for use in communicating with the wireless device using a higher-level connection with a wireless gateway that provides an interface with the wireless network;

determining that the electronic message is to be transported across the wireless network to the wireless device; and

the enterprise server retrieving a public key from a public key look-up database that is associated with the wireless device and also generating a random session key,wherein in response to determining that the electronic message is to be transported across the wireless network to the wireless device, the method further comprises the enterprise server;

converting the protected electronic message to a data structure recognizable by the wireless device;

using the random session key to encrypt the data structure with a second encryption algorithm and using the public key to encrypt the random session key, the second encryption algorithm being a stronger security method than the first encryption algorithm;

encapsulating the encrypted data structure and the encrypted random session key into one or more data packets along with the wireless identification information; and

transmitting the data packets over the higher-level connection to the gateway,wherein the transmitted encapsulated data structure is protected with first encryption algorithm and encrypted with the second encryption algorithm.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with the teachings described herein, systems and methods are provided for securing data for transmission to a wireless device. The disclosed systems and methods may include an electronic messaging system used to send and receive data over a first network and also used to forward data to a wireless device operable in a second network. The electronic messaging system may receive an electronic message encrypted with a first encryption algorithm and addressed to a message recipient in the first network, the message recipient having an associated wireless device operable in the second network. The electronic messaging system may determine that the electronic message is to be transported across the second network to the wireless device, and in response to determining that the electronic message is to be transported across the second network, encrypt the electronic message using a second encryption algorithm and transmit the encrypted message over the second network to the wireless device, with the second encryption algorithm being a stronger encryption algorithm than the first encryption algorithm.

83 Citations

View as Search Results

12 Claims

1. In an electronic messaging system operable to send and receive electronic messages over a wired local area network and also operable to redirect electronic messages over a wireless network to a wireless device, a method of encrypting electronic messages comprising:
- an enterprise server receiving an electronic message from an electronic messaging server, wherein the electronic message is protected by a first encryption algorithm and addressed to a message recipient in the wired local area network, the message recipient having an associated wireless device operable in the wireless network, the enterprise server having wireless device identification information of the associated wireless device stored therein for use in communicating with the wireless device using a higher-level connection with a wireless gateway that provides an interface with the wireless network;
  
  determining that the electronic message is to be transported across the wireless network to the wireless device; and
  
  the enterprise server retrieving a public key from a public key look-up database that is associated with the wireless device and also generating a random session key,wherein in response to determining that the electronic message is to be transported across the wireless network to the wireless device, the method further comprises the enterprise server;
  
  converting the protected electronic message to a data structure recognizable by the wireless device;
  
  using the random session key to encrypt the data structure with a second encryption algorithm and using the public key to encrypt the random session key, the second encryption algorithm being a stronger security method than the first encryption algorithm;
  
  encapsulating the encrypted data structure and the encrypted random session key into one or more data packets along with the wireless identification information; and
  
  transmitting the data packets over the higher-level connection to the gateway,wherein the transmitted encapsulated data structure is protected with first encryption algorithm and encrypted with the second encryption algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the second encryption algorithm is a symmetric algorithm,wherein the gateway is configured to utilize the wireless device identification information to transmit the data packets containing the electronic message over the wireless network to the associated wireless device, andwherein the associated wireless device receiving the data packets is configured to refrain from decrypting the data structure until instructions to display the message are received.
  - 3. The method of claim 2, wherein the second encryption algorithm is an advanced encryption standard-256 (AES-256) encryption algorithm.
  - 4. The method of claim 1, wherein one of the first encryption algorithm is a triple data encryption standard (DES) encryption algorithm.
  - 5. The method of claim 1, wherein the public key is received from a certificate authority.
  - 6. The method of claim 1, further comprising:
    - decrypting the electronic message on the associated device using a private encryption key.
  - 7. The method of claim 1, wherein the encrypted data structure is stored on the wireless device in encrypted form, andwherein the wireless device is configured to refrain from decrypting the stored encrypted data structure until accessed by an electronic messaging application.
  - 8. The method of claim 1, further comprising:
    - determining if the electronic message received by the enterprise server is a classified message or an unclassified message; and
      
      encrypting the data structure using the second encryption algorithm only if the received electronic message is a classified message.

9. In an electronic messaging system having an electronic messaging server that is operable to send and receive data over a wired local area network (wired-LAN) and over a wired wide area network (wired-WAN), wherein the electronic messaging server and the wired-LAN are isolated from the wired-WAN by a firewall, a system for securing data for transmission to a wireless device, comprising:
- a public key look-up database for storing public encryption keys associated with a plurality of wireless devices;
  
  an enterprise server operable to forward electronic messages from the electronic messaging server over a wireless network to the wireless device, the wireless network being less secure when compared to transmissions within the wired-LAN;
  
  the enterprise server being further operable to;
  
  receive an electronic message from the electronic messaging system that is protected by a first encryption algorithm and addressed to a message recipient in the wired local area network, the message recipient having an associated wireless device operable in the wireless network, the enterprise server having wireless device identification information of the associated wireless device stored therein for use in communicating with the wireless device using a higher-level connection with a wireless gateway that provides an interface with the wireless network;
  
  determine that the electronic message is to be transported across the wireless network to the wireless device; and
  
  retrieve a public key from a public key look-up database that is associated with the wireless device and generate a random session key,wherein in response to a determination that the electronic message is to be transported across the wireless network to the wireless device, the enterprise server is further operable to;
  
  convert the protected electronic message to a data structure recognizable by the wireless device;
  
  using the random session key to encrypt the data structure with a second encryption algorithm and use the public key to encrypt the random session key, the second encryption algorithm being a stronger security method than the first encryption algorithm;
  
  encapsulate the encrypted data structure and the encrypted random session key into one or more data packets along with the wireless identification information; and
  
  forward the data packets for transmission over the higher-level connection to the gateway,wherein the transmitted encapsulated data structure is protected with the first encryption algorithm and encrypted with the second encryption algorithm.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein the second encryption algorithm is a symmetric algorithm.
  - 11. The system of claim 10, wherein the second encryption algorithm is an advanced encryption standard (AES-256) encryption algorithm.
  - 12. The system of claim 9, wherein the enterprise server is further operable to communicate with a certificate authority over the WAN to negotiate the public key for the wireless device and to store the public key in the public key look-up database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Little, Herbert A., Brown, Michael K., Hammell, Jonathan F., Brown, Michael S., Kirkup, Michael G., Adams, Neil P.
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US10/984,331
Publication Number

US 20050244007A1
Time in Patent Office

2,674 Days
Field of Search

380/270, 380/282, 380/277, 380/278, 380/247, 380/273, 713/166, 713/171, 713/169, 713/170, 713/153, 726/11, 726/12, 726/13
US Class Current

380/270
CPC Class Codes

G06F 16/81   Indexing, e.g. XML tags; Da...

H04L 51/066   Format adaptation, e.g. for...

H04L 51/58   Message adaptation for wire...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0478   applying multiple layers of...

H04L 63/105   Multiple levels of security

H04W 12/033   of the user plane, e.g. use...

System and method for securing data

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

System and method for securing data

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others