System and method for securing wireless data

US 8,205,091 B2
Filed: 08/25/2004
Issued: 06/19/2012
Est. Priority Date: 08/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for handling secure data stored on a device, wherein the device is configurable to communicate over a data channel with an external security information source associated with a user of the device, said method comprising:

receiving at the device, from a rules database, secure data for a specific recipient, the secure data having been encrypted at the rules database using an encryption key, wherein recipient user identification information associated with the specific recipient is stored on an external security information source, and the rules database contains a copy of the recipient user identification information;

upon receiving a request to access the secure data on the device, obtaining external user identification information from the external security information source, wherein the external security information source has a location proximate to the device;

obtaining at the device, a public key for the secure data from the rules database, wherein the public key is generated based on the copy of the recipient user identification information and the encryption key;

generating a decryption key at the device using the public key and the external user identification information;

decrypting at the device, the secure data using the decryption key; and

wherein the secure data is accessible when the external user identification information matches the recipient user identification information.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for operation upon a data processing device for handling secure data stored on the device. The device is configurable to communicate over a data channel with an external security information source. User identification information is received from the external security information source which identifies a user of the device. The device, based upon the received user identification information, determines whether the secure data stored on the device is to be accessed by a user of the device.

14 Citations

View as Search Results

20 Claims

1. A method for handling secure data stored on a device, wherein the device is configurable to communicate over a data channel with an external security information source associated with a user of the device, said method comprising:
- receiving at the device, from a rules database, secure data for a specific recipient, the secure data having been encrypted at the rules database using an encryption key, wherein recipient user identification information associated with the specific recipient is stored on an external security information source, and the rules database contains a copy of the recipient user identification information;
  
  upon receiving a request to access the secure data on the device, obtaining external user identification information from the external security information source, wherein the external security information source has a location proximate to the device;
  
  obtaining at the device, a public key for the secure data from the rules database, wherein the public key is generated based on the copy of the recipient user identification information and the encryption key;
  
  generating a decryption key at the device using the public key and the external user identification information;
  
  decrypting at the device, the secure data using the decryption key; and
  
  wherein the secure data is accessible when the external user identification information matches the recipient user identification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15)
- - 2. The method of claim 1, wherein the device is a wireless mobile communications device that receives email messages over a wireless communications network;
    - wherein the secure data includes an email message.
  - 3. The method of claim 1, wherein the data channel includes a wireless data link and wherein the external security information source has a location proximate such that the external security information source can communicate with the device over the wireless data link.
  - 4. The method of claim 1, wherein a first user of the device is the specific recipient of the secure data sent to the device;
    - wherein a second user of the device is not able to access the secure data if the device does not receive proper external user identification information associated with the first user.
  - 5. The method of claim 4, wherein the device does not receive proper external user identification information because the device does not receive any external user identification information from the external security information source.
  - 6. The method of claim 1, wherein the external security information source includes a security credentials tag or card associated with the specific recipient.
  - 7. The method of claim 6, wherein the external security credentials tag or card communicates to the device via a wireless communications channel.
  - 8. The method of claim 6, wherein the external security credentials tag or card communicates to the device via an external data link.
  - 9. The method of claim 1, wherein the secure data is secured on a per email or per file basis before the secure data is sent to the device.
  - 10. The method of claim 1, wherein the rules database is configured to determine whether an incoming email message received for the specific recipient is to be encrypted before sending said email message to the specific recipient.
  - 11. The method of claim 1, wherein the secure data is stored on the device with respect to a specific user of the device in order to prevent other users from accessing the secure data.
  - 12. The method of claim 1, wherein the secure data is encrypted for a specific device associated with the specific recipient.
  - 13. A non-transitory computer-readable storage medium capable of causing a computing device to perform the method of claim 1.
  - 15. The method of claim 1, wherein the rules database comprises one or more rules for determining what data for the specific recipient is to be encrypted.

14. A device configurable to communicate over a data channel with an external security information source, the device comprising:
- a processor;
  
  instructions configured to operate on the processor and to receive at the device, from a rules database, secure data for a specific recipient, the secure data having been encrypted at the rules database using an encryption key, wherein recipient user identification information associated with the specific recipient is stored on an external security information source, and the rules database contains a copy of the recipient user identification information;
  
  instructions configured to operate on the processor and to obtain, upon receiving a request to access the secure data on the device, external user identification information at the device from the external security information source, wherein the external security information source has a location proximate to the device;
  
  instructions configured to operate on the processor and to obtain at the device, a public key for the secure data from the rules database, wherein the public key is generated based on the copy of the recipient user identification information and the encryption key;
  
  instructions configured to operate on the processor and to generate a decryption key at the device using the public key and the external user identification information; and
  
  instructions configured to operate on the processor and to decrypt at the device, the secure data using the decryption key, wherein the secure data is accessible when the external user identification information matches the recipient user identification information.
- View Dependent Claims (16)
- - 16. The device of claim 14, further comprising:
    - a communication subsystem for communicating with the external security information source via a wireless or wired communication link.

17. A system for handling secure data sent to a device, said system comprising:
- an external security information source configured to provide user identification information to a device over an external data channel when the external security information source has a location proximate to the device, wherein the user identification information is associated with a specific user; and
  
  a rules database configured to encrypt secure data for a specific recipient using an encryption key and send the secure data to the device, wherein the rules database contains a copy of recipient user identification information associated with the specific recipient;
  
  wherein the rules database is configured to generate a public key for the secure data based on the copy of the recipient user identification information and the encryption key, and to send the public key to the device;
  
  the device configured, upon receiving a request to access the secure data, to obtain external user identification information from the external security information source and to generate a decryption key for accessing the secure data, the decryption key based on the public key and the received external user identification information; and
  
  wherein the secure data is accessible using the decryption key when the external user identification information matches the recipient user identification information.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the secure data comprises a data item to be sent to the device, and wherein when the rules database receives the data item, the rules database encrypts the data item to create the secure data prior to sending the secure data to the device.
  - 19. The system of claim 18, wherein the rules database is configured to determine which data items are to be encrypted based on one or more rules in the rules database.
  - 20. The system of claim 17, wherein the rules database contains user identification information, encryption keys and encryption algorithm for each specific user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Buckley, Adrian, Asthana, Atul
Primary Examiner(s)
Simitoski, Michael
Assistant Examiner(s)
WANG, HARRIS C

Application Number

US10/925,534
Publication Number

US 20050154876A1
Time in Patent Office

2,855 Days
Field of Search

380/277, 713/156, 713/182
US Class Current

713/182
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 21/78   to assure secure storage of...

G06F 2221/2117   User registration

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2153   Using hardware token as a s...

H04L 2209/80   Wireless network architectu...

H04L 51/214   using selective forwarding

H04L 51/58   Message adaptation for wire...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 9/3271   using challenge-response

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

System and method for securing wireless data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for securing wireless data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others