Communication system and method for securely communicating a message between correspondents through an intermediary terminal
First Claim
Patent Images
1. A method, performed at an intermediary terminal, of communicating a message between correspondents in a communication system through the intermediary terminal, the method comprising:
- registering a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit;
receiving from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent;
receiving, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent;
verifying said signature component;
recovering, when the signature component is verified, said identifier from said signature component;
retrieving the certificate of the public key of said first correspondent from the table using the recovered identifier;
signing the certificate with a private key of the intermediary terminal;
attaching to said secure communication said signed certificate; and
forwarding said secure communication and said signed certificate to a second correspondentwherein registering comprises;
transferring by the intermediary terminal a public key of said intermediary terminal to said first correspondent; and
receiving at the intermediary terminal from said first correspondent, said public key of said first correspondent,wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party,wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, andwherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal.
3 Assignments
0 Petitions
Accused Products
Abstract
A wireless communication system includes a pager or similar device that communicates to a home terminal. The home terminal confirms the identity of the pager and attaches a certificate to the message for ongoing transmission. Where the recipient is also a pager, an associated home terminal verifies the transmission and forwards it in a trusted manner without the certificate to the recipient.
34 Citations
17 Claims
-
1. A method, performed at an intermediary terminal, of communicating a message between correspondents in a communication system through the intermediary terminal, the method comprising:
-
registering a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit; receiving from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent; receiving, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent; verifying said signature component; recovering, when the signature component is verified, said identifier from said signature component; retrieving the certificate of the public key of said first correspondent from the table using the recovered identifier; signing the certificate with a private key of the intermediary terminal; attaching to said secure communication said signed certificate; and forwarding said secure communication and said signed certificate to a second correspondent wherein registering comprises; transferring by the intermediary terminal a public key of said intermediary terminal to said first correspondent; and receiving at the intermediary terminal from said first correspondent, said public key of said first correspondent, wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party, wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, and wherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An intermediary terminal arranged for communicating a message between correspondents, the intermediary terminal comprising processing circuitry and memory arranged to:
-
register a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit; receive from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent; receive, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent; verify said signature component; recover, when the signature component is verified, said identifier from said signature component; retrieve the certificate of the public key of said first correspondent from the table using the recovered identifier; sign the certificate with a private key of the intermediary terminal; attach to said secure communication said signed certificate; and forward said secure communication and said signed certificate to a second of said correspondents, wherein to register the certificate, the intermediary terminal is arranged to; transfer a public key of said intermediary terminal to said first correspondent; and receive from said first correspondent, said public key of said first correspondent, wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party, wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, and wherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations at an intermediary terminal for communicating a message between correspondents in a communication system through the intermediary terminal, the operations comprising:
-
registering a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit; receiving from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent; receiving, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent; verifying said signature component; recovering, when the signature component is verified, said identifier from said signature component; retrieving the certificate of the public key of said first correspondent from the table using the recovered identifier; signing the certificate with a private key of the intermediary terminal; attaching to said secure communication said signed certificate; and forwarding said secure communication and said signed certificate to a second correspondent, wherein registering comprises; transferring by the intermediary terminal a public key of said intermediary terminal to said first correspondent; and receiving at the intermediary terminal from said first correspondent, said public key of said first correspondent, wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party, wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, and wherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal.
-
Specification