Automated key management system and method
First Claim
Patent Images
1. A system for processing electronic messages, the system comprisinga base computer, the base computer comprising:
- a first memory for storing one or more digital certificates issued by a certificate authority for use in at least one of decrypting secure electronic messages, encrypting secure electronic messages, or signing secure electronic messages; and
program logic operable to automatically identify at least one digital certificate of the one or more digital certificates in the first memory for downloading to a second memory at a mobile communications device,wherein the at least one digital certificate is identified based on detection of new cryptographic keys at the base computer, and digital certificates stored in the first memory that correspond to the new cryptographic keys;
wherein said new cryptographic keys are determined by comparing a history list, stored at the base computer, of previously available cryptographic keys with a current list, stored at the base computer, of cryptographic keys;
wherein said program logic is configured to automatically download said identified at least one digital certificate to said second memory at the mobile communications device; and
wherein said program logic is invoked via a cryptographic key synchronization utility running on said base computer.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user.
37 Citations
16 Claims
-
1. A system for processing electronic messages, the system comprising
a base computer, the base computer comprising: -
a first memory for storing one or more digital certificates issued by a certificate authority for use in at least one of decrypting secure electronic messages, encrypting secure electronic messages, or signing secure electronic messages; and program logic operable to automatically identify at least one digital certificate of the one or more digital certificates in the first memory for downloading to a second memory at a mobile communications device, wherein the at least one digital certificate is identified based on detection of new cryptographic keys at the base computer, and digital certificates stored in the first memory that correspond to the new cryptographic keys; wherein said new cryptographic keys are determined by comparing a history list, stored at the base computer, of previously available cryptographic keys with a current list, stored at the base computer, of cryptographic keys; wherein said program logic is configured to automatically download said identified at least one digital certificate to said second memory at the mobile communications device; and wherein said program logic is invoked via a cryptographic key synchronization utility running on said base computer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of facilitating an update of a cryptographic digital certificate store of a mobile communications device, wherein the method is performed at a base computer, and wherein the method comprises:
-
detecting one or more new cryptographic keys by comparing a history list, stored at the base computer, of previously available cryptographic keys with a current list, stored at the base computer, of cryptographic keys; for each of the one or more new cryptographic keys, determining whether a digital certificate issued by a certificate authority and stored in a first memory of the base computer corresponds to the new cryptographic key; and for each of the one or more new cryptographic keys, automatically downloading, to a second memory at the mobile communications device, the digital certificate corresponding to the new cryptographic key if it is determined that the digital certificate is stored in the first memory of the base computer and corresponds to the new cryptographic key; wherein said method is accomplished using a digital certificate synchronization utility executing on the base computer. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computing device for processing electronic messages, the computing device comprising:
-
a first memory for storing one or more digital certificates issued by a certificate authority for use in at least one of decrypting secure electronic messages, encrypting secure electronic messages, or signing secure electronic messages; an interface provided for communication with a second memory at a mobile communications device; and program logic operable to automatically identify at least one digital certificate of the one or more digital certificates in the first memory for downloading to the second memory, wherein the at least one digital certificate is identified based on detection of new cryptographic keys at the computing device, and digital certificates stored in the first memory that correspond to the new cryptographic keys; wherein said new cryptographic keys are determined by comparing a history list, stored at the computing device, of previously available cryptographic keys with a current list, stored at the computing device, of cryptographic keys; wherein said program logic is configured to automatically download said identified at least one digital certificate to said second memory at the mobile communications device; and wherein said program logic is invoked via a cryptographic key synchronization utility running on said computing device. - View Dependent Claims (13, 14, 15, 16)
-
Specification