Security measures for countering unauthorized decryption

US 9,112,732 B2
Filed: 05/12/2009
Issued: 08/18/2015
Est. Priority Date: 05/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method of managing a plurality of electronic messages, the method comprising:

receiving, at an electronic communication device, an electronic message and a session key, the electronic message encrypted with the session key, the session key being encrypted with an encryption passphrase;

receiving a request to access the electronic message;

receiving a candidate passphrase;

arranging an attempt to decrypt the session key with the candidate passphrase;

incrementing a count of failed decryption attempts responsive to determining that the attempt has resulted in a failure; and

locking the electronic communication device in response to determining that the count of failed decryption attempts exceeds a limit, wherein the locked electronic communication device can be unlocked responsive to successful authentication of a device unlocking passphrase, the device unlocking passphrase being different from the encryption passphrase.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

After a predetermined limit for decryption attempts has been exceeded by a user attempting to decrypt an encrypted electronic message or attempting to decrypt a encrypted electronic certificate associated with an electronic message, access to the electronic message may be restricted.

38 Citations

25 Claims

1. A method of managing a plurality of electronic messages, the method comprising:
- receiving, at an electronic communication device, an electronic message and a session key, the electronic message encrypted with the session key, the session key being encrypted with an encryption passphrase;
  
  receiving a request to access the electronic message;
  
  receiving a candidate passphrase;
  
  arranging an attempt to decrypt the session key with the candidate passphrase;
  
  incrementing a count of failed decryption attempts responsive to determining that the attempt has resulted in a failure; and
  
  locking the electronic communication device in response to determining that the count of failed decryption attempts exceeds a limit, wherein the locked electronic communication device can be unlocked responsive to successful authentication of a device unlocking passphrase, the device unlocking passphrase being different from the encryption passphrase.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising erasing the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.
  - 3. The method of claim 1, further comprising sending a notification to a sender of the electronic message in response to determining that the count of failed decryption attempts exceeds the limit, wherein the notification indicates that the encryption passphrase was not entered correctly.
  - 4. The method of claim 1, further comprising:
    - identifying a sender of the electronic message;
      
      identifying additional messages from the sender; and
      
      erasing the additional messages in response to determining that the count of failed decryption attempts exceeds the limit.
  - 5. The method of claim 4, wherein the additional messages are stored locally on the electronic communication device.
  - 6. The method of claim 1, further comprising:
    - identifying additional messages related to the electronic message; and
      
      erasing the additional messages in response to determining that the count of failed decryption attempts exceeds the limit.
  - 7. The method of claim 1, further comprising erasing the plurality of electronic messages in response to determining that the count of failed decryption attempts exceeds the limit.
  - 8. The method of claim 1, further comprising prohibiting forwarding of the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.
  - 9. The method of claim 1, further comprising prohibiting replying to the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.
  - 10. The method of claim 1, further comprising disallowing copying of any portion of the electronic message in response to determining that of failed decryption attempts exceeds the limit.
  - 11. The method of claim 1, further comprising disabling channels by which the electronic message may be copied from the electronic communication device in response to determining that the count of failed decryption attempts exceeds the limit.
  - 12. The method of claim 1, further comprising, after locking the electronic communication device:
    - receiving the device unlocking passphrase;
      
      successfully authenticating the device unlocking passphrase; and
      
      unlocking the electronic communication device responsive to successfully authenticating the device unlocking passphrase.
  - 13. The method of claim 12, the method further comprising setting to zero the count of failed decryption attempts responsive to unlocking the electronic communication device.
  - 14. The method of claim 1, wherein determining that the attempt has resulted in a failure comprises determining whether a result produced by the attempt has a predetermined format.

15. An electronic communication device comprising:
- a processor adapted to;
  
  receive an electronic message and a session key, the electronic message encrypted with the session key, the session key being encrypted with an encryption passphrase;
  
  receive a request to access the electronic message;
  
  receive a candidate passphrase;
  
  arrange an attempt to decrypt the session key with the candidate passphrase;
  
  increment a count of failed decryption attempts responsive to determining that the attempt has resulted in a failure; and
  
  lock the electronic communication device in response to determining that the count of failed decryption attempts exceeds a limit, wherein the locked electronic communication device can be unlocked responsive to successful authentication of a device unlocking passphrase, the device unlocking passphrase being different from the encryption passphrase.
- View Dependent Claims (16)
- - 16. The electronic communication device of claim 15, the processor further adapted to erase the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.

17. A non-transitory computer-readable storage device containing computer-executable instructions that, when performed by a processor in an electronic communication device, cause the processor to:
- receive an electronic message and a session key, the electronic message encrypted with the session key, the session key being encrypted with a passphrase;
  
  receive a request to access the electronic message;
  
  receive a candidate passphrase;
  
  arrange an attempt to decrypt the session key with the candidate passphrase;
  
  increment a count of failed decryption attempts responsive to determining that the attempt has resulted in a failure;
  
  lock the electronic communication device in response to determining that the count of failed decryption attempts exceeds a limit, wherein the locked electronic communication device can be unlocked responsive to successful authentication of a device unlocking passphrase, the device unlocking passphrase being different from the encryption passphrase.
- View Dependent Claims (18)
- - 18. The non-transitory computer-readable storage device of claim 17, wherein the instructions, when performed by the processor, further cause the processor to erase the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.

19. A method of managing a plurality of electronic messages, the method comprising:
- receiving an electronic message, an electronic certificate and a session key, the electronic certificate encrypted with the session key, the session key being encrypted with an encryption passphrase;
  
  receiving a request to access the electronic certificate;
  
  receiving a candidate passphrase;
  
  arranging an attempt to decrypt the session key with the candidate passphrase;
  
  incrementing a count of failed decryption attempts responsive to determining that the attempt has resulted in a failure; and
  
  locking the electronic communication device in response to determining that the count of failed decryption attempts exceeds a limit, wherein the locked electronic communication device can be unlocked responsive to successful authentication of a device unlocking passphrase, the device unlocking passphrase being different from the encryption passphrase.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, the method further comprising erasing the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.
  - 21. The method of claim 19, the method further comprising:
    - identifying additional messages related to the electronic message; and
      
      erasing the additional messages in response to determining that the count of failed decryption attempts exceeds the limit.
  - 22. The method of claim 19, the method further comprising prohibiting forwarding of the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.
  - 23. The method of claim 19, the method further comprising prohibiting replying to the electronic message in response to determining that the count of failed decryption attempts exceeds the limit.
  - 24. The method of claim 19, the method further comprising disallowing copying of any portion of the electronic message in response to determining the count of failed decryption attempts exceeds the limit.
  - 25. The method of claim 19, the method further comprising disabling channels by which the electronic message may be copied from the electronic communication device in response to determining that the count of failed decryption attempts exceeds the limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil Patrick, Jackson, Eli Omen, Gandhi, Shivangi Anantrupa, Bender, Christopher Lyle, Brown, Michael Kenneth, Manea, Alexandru-Radu, Manchur, Lee Willis
Primary Examiner(s)
Eskandarnia, Arvin
Assistant Examiner(s)
DESAI, MARGISHI V

Application Number

US12/464,279
Publication Number

US 20090313705A1
Time in Patent Office

2,289 Days
Field of Search

370/408, 713/182, 726/3
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 2463/101   applying security measures ...

H04L 51/58   Message adaptation for wire...

H04L 63/0435   wherein the sending and rec...

H04L 63/20   for managing network securi...

H04L 9/0822   using key encryption key

H04L 9/3247   involving digital signatures

Security measures for countering unauthorized decryption

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Security measures for countering unauthorized decryption

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links