Communication system and method for securely communicating a message between correspondents through an intermediary terminal

US 9,003,182 B2
Filed: 07/13/2012
Issued: 04/07/2015
Est. Priority Date: 10/05/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method, performed at an intermediary terminal, of communicating a message between correspondents in a communication system through the intermediary terminal, the method comprising:

registering a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit;

receiving from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent;

receiving, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent;

verifying said signature component;

recovering, when the signature component is verified, said identifier from said signature component;

retrieving the certificate of the public key of said first correspondent from the table using the recovered identifier;

signing the certificate with a private key of the intermediary terminal;

attaching to said secure communication said signed certificate; and

forwarding said secure communication and said signed certificate to a second correspondentwherein registering comprises;

transferring by the intermediary terminal a public key of said intermediary terminal to said first correspondent; and

receiving at the intermediary terminal from said first correspondent, said public key of said first correspondent,wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party,wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, andwherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless communication system includes a pager or similar device that communicates to a home terminal. The home terminal confirms the identity of the pager and attaches a certificate to the message for ongoing transmission. Where the recipient is also a pager, an associated home terminal verifies the transmission and forwards it in a trusted manner without the certificate to the recipient.

34 Citations

View as Search Results

17 Claims

1. A method, performed at an intermediary terminal, of communicating a message between correspondents in a communication system through the intermediary terminal, the method comprising:
- registering a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit;
  
  receiving from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent;
  
  receiving, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent;
  
  verifying said signature component;
  
  recovering, when the signature component is verified, said identifier from said signature component;
  
  retrieving the certificate of the public key of said first correspondent from the table using the recovered identifier;
  
  signing the certificate with a private key of the intermediary terminal;
  
  attaching to said secure communication said signed certificate; and
  
  forwarding said secure communication and said signed certificate to a second correspondentwherein registering comprises;
  
  transferring by the intermediary terminal a public key of said intermediary terminal to said first correspondent; and
  
  receiving at the intermediary terminal from said first correspondent, said public key of said first correspondent,wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party,wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, andwherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1 wherein said nonce is unique to each communication.
  - 3. The method according to claim 1 wherein said identifier is unique to said first correspondent and is associated with said first correspondent.
  - 4. The method according to claim 1 wherein said second correspondent is a second intermediary terminal, which utilizes said certificate to determine the public key of said first correspondent.
  - 5. The method according to claim 4 wherein said second intermediary terminal signs another message including said public key of said first correspondent to generate a signature of said another message, and forwards said secure communication and said signature of said another message to said recipient.
  - 6. The method according to claim 5 wherein said recipient retrieves said public key of said first correspondent using said signature of said another message, and extracts said message from said secure communication.
  - 7. The method according to claim 1 wherein said first correspondent forwards authorization information to said intermediary terminal during registration and said intermediary terminal verifies that said first correspondent is not prior registered with a certifying authority.
  - 8. The method according to claim 7 wherein said authorization information includes an address particular to said first correspondent for identification by said certifying authority.
  - 9. The method according to claim 1 wherein said identifier is transferred from said intermediary terminal to said first correspondent upon verification by a certifying authority.
  - 10. The method according to claim 9 wherein transfer of said identifier is secured by the public key of said first correspondent and said private key of said intermediary terminal.

11. An intermediary terminal arranged for communicating a message between correspondents, the intermediary terminal comprising processing circuitry and memory arranged to:
- register a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit;
  
  receive from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent;
  
  receive, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent;
  
  verify said signature component;
  
  recover, when the signature component is verified, said identifier from said signature component;
  
  retrieve the certificate of the public key of said first correspondent from the table using the recovered identifier;
  
  sign the certificate with a private key of the intermediary terminal;
  
  attach to said secure communication said signed certificate; and
  
  forward said secure communication and said signed certificate to a second of said correspondents,wherein to register the certificate, the intermediary terminal is arranged to;
  
  transfer a public key of said intermediary terminal to said first correspondent; and
  
  receive from said first correspondent, said public key of said first correspondent,wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party,wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, andwherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The intermediary terminal according to claim 11 wherein said a nonce is unique to each communication.
  - 13. The intermediary terminal according to claim 11 wherein said identifier is unique to said first correspondent and is associated with said one of said correspondents.
  - 14. The intermediary terminal according to claim 11 wherein said second correspondent is a second intermediary terminal, which utilizes said certificate to determine the public key of said first correspondent.
  - 15. The intermediary terminal according to claim 14 wherein said second intermediary terminal is configured to sign another message including said public key of said first correspondent to generate a signature of said another message, and forward said secure communication and said signature of said another message to said recipient.
  - 16. The intermediary terminal according to claim 15 wherein said recipient is configured to retrieve said public key of said first correspondent using said signature of said another message, and extract said message from said secure communication.

17. A non-transitory computer-readable storage medium that stores instructions for execution by one or more processors to perform operations at an intermediary terminal for communicating a message between correspondents in a communication system through the intermediary terminal, the operations comprising:
- registering a certificate of a public key of a first correspondent in a table in the intermediary terminal, the first correspondent being a wireless subscriber unit;
  
  receiving from the first correspondent, subsequent to registering the certificate, a secure communication including said message, the message being a signed encrypted message comprising ciphertext encrypted under a public key of a recipient and a signature of the first correspondent on the message using a private key of the first correspondent;
  
  receiving, along with the secure communication, a signature component comprising a hash of the signed encrypted message concatenated with a nonce and an identifier of the first correspondent, signed by the first correspondent using the private key of the first correspondent;
  
  verifying said signature component;
  
  recovering, when the signature component is verified, said identifier from said signature component;
  
  retrieving the certificate of the public key of said first correspondent from the table using the recovered identifier;
  
  signing the certificate with a private key of the intermediary terminal;
  
  attaching to said secure communication said signed certificate; and
  
  forwarding said secure communication and said signed certificate to a second correspondent,wherein registering comprises;
  
  transferring by the intermediary terminal a public key of said intermediary terminal to said first correspondent; and
  
  receiving at the intermediary terminal from said first correspondent, said public key of said first correspondent,wherein said first correspondent has stored in memory a public key of a trusted party and said intermediary terminal has a certificate of said public key of said intermediary terminal signed by said trusted party,wherein said first correspondent is arranged to verify said public key of said intermediary terminal with said public key of said trusted party, andwherein said public key of said intermediary terminal is used by said first correspondent to sign said public key of said first correspondent for secure transfer to said intermediary terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited), Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Davis, Walter Lee, Ayerst, Douglas I., Vanstone, Scott Alexander
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US13/549,176
Publication Number

US 20120284509A1
Time in Patent Office

998 Days
Field of Search

713156-160
US Class Current

713/156
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04W 12/069   using certificates or pre-s...

H04W 12/106   Packet or message integrity

Communication system and method for securely communicating a message between correspondents through an intermediary terminal

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Communication system and method for securely communicating a message between correspondents through an intermediary terminal

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links