Securing private key access for cross-component message processing
First Claim
1. At a mobile wireless communication device, a method of processing an electronic message, said method comprising:
- detecting receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device;
generating an access key;
inserting a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key;
transmitting a processing request to said server associated with said mobile wireless communication device, said processing request including said new message portion, a reference to said original message, and said access key;
receiving a signing request from said server, said signing request including a received access key and a hash of said composite message;
locating in said table, the record with the access key that matches said received access key;
extracting, from said record, said secondary value;
obtaining said private cryptographic key by using said secondary value;
employing said private cryptographic key to sign said hash to form a digital signature; and
transmitting said digital signature to said server.
4 Assignments
0 Petitions
Accused Products
Abstract
Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver'"'"'s end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key.
-
Citations
20 Claims
-
1. At a mobile wireless communication device, a method of processing an electronic message, said method comprising:
-
detecting receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device; generating an access key; inserting a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key; transmitting a processing request to said server associated with said mobile wireless communication device, said processing request including said new message portion, a reference to said original message, and said access key; receiving a signing request from said server, said signing request including a received access key and a hash of said composite message; locating in said table, the record with the access key that matches said received access key; extracting, from said record, said secondary value; obtaining said private cryptographic key by using said secondary value; employing said private cryptographic key to sign said hash to form a digital signature; and transmitting said digital signature to said server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A mobile wireless communication device comprising a processor and a communication subsystem, said communication subsystem including a receiver and a transmitter, said processor adapted to:
-
detect receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device; generate an access key; insert a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key; transmit, via said transmitter, a processing request to a server associated with said mobile wireless communication device, said request including said new message portion, a reference to said original message and said access key; receive, via said receiver, a signing request from said server, said signing request including a received access key and a hash of said composite message; locate in said table, the record with the access key that matches said received access key; extract, from said record, said secondary value; obtain said private cryptographic key by using said secondary value; employ said private cryptographic key to sign said hash to form a digital signature; and transmit, via said transmitter, said digital signature to said server. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a mobile wireless communication device, cause said processor to:
-
detect receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device; generate an access key; insert a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key; transmit a processing request to a server associated with said mobile wireless communication device, said request including said new message portion, a reference to said original message and said access key; receive a signing request from said server, said signing request including a received access key and a hash of said composite message; locate in said table, the record with the access key that matches said received access key; extract said secondary value; obtain said private cryptographic key by using said secondary value; employ said private cryptographic key to sign said hash to form a digital signature; and transmit said digital signature to said server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification