Automated key management system and method

US 8,135,951 B2
Filed: 01/08/2009
Issued: 03/13/2012
Est. Priority Date: 08/09/2004
Status: Active Grant

First Claim

Patent Images

1. A system for processing electronic messages, the system comprisinga base computer, the base computer comprising:

a first memory for storing one or more digital certificates issued by a certificate authority for use in at least one of decrypting secure electronic messages, encrypting secure electronic messages, or signing secure electronic messages; and

program logic operable to automatically identify at least one digital certificate of the one or more digital certificates in the first memory for downloading to a second memory at a mobile communications device,wherein the at least one digital certificate is identified based on detection of new cryptographic keys at the base computer, and digital certificates stored in the first memory that correspond to the new cryptographic keys;

wherein said new cryptographic keys are determined by comparing a history list, stored at the base computer, of previously available cryptographic keys with a current list, stored at the base computer, of cryptographic keys;

wherein said program logic is configured to automatically download said identified at least one digital certificate to said second memory at the mobile communications device; and

wherein said program logic is invoked via a cryptographic key synchronization utility running on said base computer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user.

37 Citations

View as Search Results

16 Claims

1. A system for processing electronic messages, the system comprisinga base computer, the base computer comprising:
- a first memory for storing one or more digital certificates issued by a certificate authority for use in at least one of decrypting secure electronic messages, encrypting secure electronic messages, or signing secure electronic messages; and
  
  program logic operable to automatically identify at least one digital certificate of the one or more digital certificates in the first memory for downloading to a second memory at a mobile communications device,wherein the at least one digital certificate is identified based on detection of new cryptographic keys at the base computer, and digital certificates stored in the first memory that correspond to the new cryptographic keys;
  
  wherein said new cryptographic keys are determined by comparing a history list, stored at the base computer, of previously available cryptographic keys with a current list, stored at the base computer, of cryptographic keys;
  
  wherein said program logic is configured to automatically download said identified at least one digital certificate to said second memory at the mobile communications device; and
  
  wherein said program logic is invoked via a cryptographic key synchronization utility running on said base computer.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein said mobile communications device comprises a wireless device.
  - 3. The system of claim 1, wherein said base computer comprises a desktop computer.
  - 4. The system of claim 1, further comprising a device that receives said mobile communications device and provides a hard wired interface enabling communication between said base computer and said mobile communications device.
  - 5. The system of claim 1, further comprising a device that receives said mobile communications device and provides a wireless interface enabling communication between said base computer and said mobile communications device.

6. A method of facilitating an update of a cryptographic digital certificate store of a mobile communications device, wherein the method is performed at a base computer, and wherein the method comprises:
- detecting one or more new cryptographic keys by comparing a history list, stored at the base computer, of previously available cryptographic keys with a current list, stored at the base computer, of cryptographic keys;
  
  for each of the one or more new cryptographic keys, determining whether a digital certificate issued by a certificate authority and stored in a first memory of the base computer corresponds to the new cryptographic key; and
  
  for each of the one or more new cryptographic keys, automatically downloading, to a second memory at the mobile communications device, the digital certificate corresponding to the new cryptographic key if it is determined that the digital certificate is stored in the first memory of the base computer and corresponds to the new cryptographic key;
  
  wherein said method is accomplished using a digital certificate synchronization utility executing on the base computer.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein said mobile communications device comprises a wireless device.
  - 8. The method of claim 6, wherein said base computer comprises a desktop computer.
  - 9. The method of claim 6, wherein the base computer and the mobile communications device are coupled via a hard wired connection.
  - 10. The method of claim 6, wherein the base computer and the mobile communications device are coupled via a wireless connection.
  - 11. The method of claim 6, further comprising updating the list of previously available cryptographic keys to include the new cryptographic keys.

12. A computing device for processing electronic messages, the computing device comprising:
- a first memory for storing one or more digital certificates issued by a certificate authority for use in at least one of decrypting secure electronic messages, encrypting secure electronic messages, or signing secure electronic messages;
  
  an interface provided for communication with a second memory at a mobile communications device; and
  
  program logic operable to automatically identify at least one digital certificate of the one or more digital certificates in the first memory for downloading to the second memory,wherein the at least one digital certificate is identified based on detection of new cryptographic keys at the computing device, and digital certificates stored in the first memory that correspond to the new cryptographic keys;
  
  wherein said new cryptographic keys are determined by comparing a history list, stored at the computing device, of previously available cryptographic keys with a current list, stored at the computing device, of cryptographic keys;
  
  wherein said program logic is configured to automatically download said identified at least one digital certificate to said second memory at the mobile communications device; and
  
  wherein said program logic is invoked via a cryptographic key synchronization utility running on said computing device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computing device of claim 12, wherein said mobile communications device comprises a wireless device.
  - 14. The computing device of claim 12, wherein said computing device comprises a desktop computer.
  - 15. The computing device of claim 12, wherein the interface comprises a hard wired interface.
  - 16. The computing device of claim 12, wherein the interface comprises a wireless interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil P., Brown, Michael S., Little, Herbert A.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
RAHMAN, MOHAMMAD L

Application Number

US12/350,452
Publication Number

US 20090119511A1
Time in Patent Office

1,160 Days
Field of Search

380/260, 380277-286, 380 44- 45, 380/30, 713156-158, 713171-172, 713/175, 713/180, 713/185, 726/2, 726/10
US Class Current

713/158
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0891   Revocation or update of sec...

H04L 9/3263   involving certificates, e.g...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

Automated key management system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Automated key management system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links