System and method for securing data for redirecting and transporting over a wireless network

US 8,761,396 B2
Filed: 01/20/2012
Issued: 06/24/2014
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method performed within a protected network for redirecting electronic messages for transporting over a wireless network to a wireless device, the method comprises:

determining when an electronic message that is protected with a first encryption algorithm is to be redirected over the wireless network to the wireless device based on information within the electronic message, the wireless network being external to the protected network;

when the electronic message is to be redirected over the wireless network, the method comprises;

converting the protected electronic message to a data structure that is recognizable by the wireless device;

encrypting the data structure with a second encryption algorithm using a random session key, the second encryption algorithm having a stronger security than the first encryption algorithm;

encrypting the random session key with a public key; and

transmitting packets that comprise the encrypted data structure and the encrypted random session key to the wireless device over the wireless network, andwhen the electronic message is not to be redirected over the wireless network, the method comprises;

refraining from converting the protected electronic message, refraining from encrypting the data structure, refraining from encrypting the random session key and refraining from transmitting the packets over the wireless network; and

sending the protected electronic message to a destination within the protected network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securing data for redirecting and transporting over a wireless network are generally described herein. In accordance with some embodiments, when it is determined that an electronic message that is protected with a first encryption algorithm is to be transported over a wireless network to a wireless device, the electronic message is converted to a data structure that is recognizable by the wireless device and the data structure is encrypted with a second encryption algorithm using a random session key. The second encryption algorithm has a stronger security than the first encryption algorithm. The random session key is encrypted with a public key and packets that comprise the encrypted data structure and the encrypted random session key are transmitted to the wireless device over the wireless network.

Citations

21 Claims

1. A method performed within a protected network for redirecting electronic messages for transporting over a wireless network to a wireless device, the method comprises:
- determining when an electronic message that is protected with a first encryption algorithm is to be redirected over the wireless network to the wireless device based on information within the electronic message, the wireless network being external to the protected network;
  
  when the electronic message is to be redirected over the wireless network, the method comprises;
  
  converting the protected electronic message to a data structure that is recognizable by the wireless device;
  
  encrypting the data structure with a second encryption algorithm using a random session key, the second encryption algorithm having a stronger security than the first encryption algorithm;
  
  encrypting the random session key with a public key; and
  
  transmitting packets that comprise the encrypted data structure and the encrypted random session key to the wireless device over the wireless network, andwhen the electronic message is not to be redirected over the wireless network, the method comprises;
  
  refraining from converting the protected electronic message, refraining from encrypting the data structure, refraining from encrypting the random session key and refraining from transmitting the packets over the wireless network; and
  
  sending the protected electronic message to a destination within the protected network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the electronic message is protected with the first encryption algorithm by at least one of a digital signature and encryption.
  - 3. The method of claim 2 further comprising determining wireless device identification information associated with the wireless device from the electronic message,wherein the electronic message is converted to the data structure based at least in part on the wireless device identification information to be recognizable by the wireless device.
  - 4. The method of claim 3 further comprising retrieving the public key from a public key look-up database that is associated with the wireless device and generating the random session key.
  - 5. The method of claim 4 further comprising encapsulating the encrypted data structure and the encrypted random session key into one or more data packets along with the wireless identification information for transmission to the wireless device over the wireless network.
  - 6. The method of claim 5 wherein transmitting comprises communicating with the wireless device using a higher-level connection with a wireless gateway that provides an interface with the wireless network.
  - 7. The method of claim 6 further comprising receiving the electronic message by an enterprise server from an electronic messaging server, the electronic message being addressed to a message recipient in a wired local area network, the message recipient having an associated wireless device operable in the wireless network,wherein the enterprise server has the wireless device identification information of the associated wireless device stored therein for use in communicating with the wireless device using the higher-level connection with a wireless gateway that provides an interface with the wireless network.
  - 8. The method of claim 6 wherein the second encryption algorithm is a symmetric algorithm, andwherein the gateway is configured to utilize the wireless device identification information to transmit the data packets containing the electronic message over the wireless network to the associated wireless device.

9. A system arranged to operate within a protected network to redirect electronic messages over a wireless network to a wireless device, the system comprising:
- a wireless network interface to provide connectivity to the wireless network; and
  
  processing circuitry to;
  
  determining when an electronic message that is protected with a first encryption algorithm is to be redirected over the wireless network to the wireless device based on information within the electronic message, the wireless network being external to the protected network; and
  
  when the electronic message is to be redirected over the wireless network, the processing circuitry is arranged to;
  
  convert the electronic message to a data structure that is recognizable by the wireless device;
  
  encrypt the data structure with a second encryption algorithm using a random session key, the second encryption algorithm having a stronger security than the first encryption algorithm; and
  
  encrypt the random session key with a public key,wherein the network interface is configured by the processing circuitry to transmit packets that comprise the encrypted data structure and the encrypted random session key to the wireless device over the wireless network, andwhen the electronic message is not to be redirected over the wireless network, the processing circuitry is arranged to;
  
  refrain from converting the protected electronic message, refrain from encrypting the data structure, refrain from encrypting the random session key and refrain from transmitting the packets over the wireless network; and
  
  send the protected electronic message to a destination within the protected network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9 wherein the electronic message is protected with the first encryption algorithm by at least one of a digital signature and encryption.
  - 11. The system of claim 10 wherein the processing circuitry is configured to determine wireless device identification information associated with the wireless device from the electronic message,wherein the electronic message is converted to the data structure based at least in part on the wireless device identification information to be recognizable by the wireless device.
  - 12. The system of claim 11 wherein the system is configured to retrieve the public key from a public key look-up database that is associated with the wireless device and generate the random session key.
  - 13. The system of claim 12 wherein the processing circuitry is configured to encapsulate the encrypted data structure and the encrypted random session key into one or more data packets along with the wireless identification information for transmission to the wireless device over the wireless network.
  - 14. The system of claim 13 wherein the wireless network interface is configured for communicating with the wireless device using a higher-level connection with a wireless gateway that provides an interface with the wireless network.
  - 15. The system of claim 14 further comprising a wireless local area network interface configured to receive the electronic message from an electronic messaging server, the electronic message being addressed to a message recipient in a wired local area network, the message recipient having an associated wireless device operable in the wireless network,wherein the system includes an enterprise server that has the wireless device identification information of the associated wireless device stored therein for use in communicating with the wireless device using the higher-level connection with a wireless gateway that provides an interface with the wireless network.
  - 16. The system of claim 14 wherein the second encryption algorithm is a symmetric algorithm, andwherein the gateway is configured to utilize the wireless device identification information to transmit the data packets containing the electronic message over the wireless network to the associated wireless device.

17. A server system comprising:
- a wireless network interface that operates behind a firewall within a protected network and provides connectivity to a wireless network;
  
  a local-area network interface that provides connectivity to a local area network, the local-area network interface to receive an electronic message that is protected with a first encryption algorithm for transporting over the wireless network to a wireless device; and
  
  processing circuitry arranged to;
  
  determine when the electronic message is to be redirected over the wireless network to the wireless device based on information within the electronic message, the wireless network being external to the protected network; and
  
  when the electronic message is to be redirected over the wireless network, the processing circuitry is arranged to;
  
  convert the protected electronic message to a data structure that is recognizable by the wireless device when it is determined that the electronic message is to be transported over the wireless network to the wireless device, encrypt the data structure with a second encryption algorithm using a random session key, the second encryption algorithm having a stronger security than the first encryption algorithm, and encrypt the random session key with a public key,wherein the wireless network interface is configured by the processing circuitry to transmit packets that comprise the encrypted data structure and the encrypted random session key to the wireless device over the wireless network, andwhen the electronic message is not to be redirected over the wireless network, the processing circuitry is arranged to;
  
  refrain from converting the protected electronic message, refrain from encrypting the data structure, refrain from encrypting the random session key and refrain from transmitting the packets over the wireless network; and
  
  send the protected electronic message to a destination within the protected network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The server system of claim 17 wherein the wireless network interface is configured for communicating with the wireless device using a higher-level connection with a wireless gateway that provides an interface with the wireless network.
  - 19. The server system of claim 18 wherein the processing circuitry is configured to determine wireless device identification information associated with the wireless device from the electronic message, andwherein the electronic message is converted to the data structure based at least in part on the wireless device identification information to be recognizable by the wireless device.
  - 20. The server system of claim 19 wherein the second encryption algorithm is a symmetric algorithm, andwherein the gateway is configured to utilize the wireless device identification information to transmit the data packets containing the electronic message over the wireless network to the associated wireless device.
  - 21. The server system of claim 20 wherein the system is configured to retrieve the public key from a public key look-up database that is associated with the wireless device and generate the random session key, andwherein the processing circuitry is configured to encapsulate the encrypted data structure and the encrypted random session key into one or more data packets along with the wireless identification information for transmission to the wireless device over the wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Little, Herbert A., Brown, Michael K., Hammell, Jonathan F., Brown, Michael S., Kirkup, Michael G., Adams, Neil P.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US13/355,228
Publication Number

US 20120191978A1
Time in Patent Office

886 Days
Field of Search

713/176, 713/166, 713/171, 713/169, 713/170, 713/153, 726/11, 726/12, 726/13, 380/270, 380/282, 380/277, 380/278, 380/247, 380/273
US Class Current

380/270
CPC Class Codes

G06F 16/81   Indexing, e.g. XML tags; Da...

H04L 51/066   Format adaptation, e.g. for...

H04L 51/58   Message adaptation for wire...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0478   applying multiple layers of...

H04L 63/105   Multiple levels of security

H04W 12/033   of the user plane, e.g. use...

System and method for securing data for redirecting and transporting over a wireless network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing data for redirecting and transporting over a wireless network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links