Securing private key access for cross-component message processing

US 9,166,794 B2
Filed: 11/15/2011
Issued: 10/20/2015
Est. Priority Date: 11/15/2010
Status: Active Grant

First Claim

Patent Images

1. At a mobile wireless communication device, a method of processing an electronic message, said method comprising:

detecting receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device;

generating an access key;

inserting a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key;

transmitting a processing request to said server associated with said mobile wireless communication device, said processing request including said new message portion, a reference to said original message, and said access key;

receiving a signing request from said server, said signing request including a received access key and a hash of said composite message;

locating in said table, the record with the access key that matches said received access key;

extracting, from said record, said secondary value;

obtaining said private cryptographic key by using said secondary value;

employing said private cryptographic key to sign said hash to form a digital signature; and

transmitting said digital signature to said server.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver'"'"'s end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key.

Citations

20 Claims

1. At a mobile wireless communication device, a method of processing an electronic message, said method comprising:
- detecting receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device;
  
  generating an access key;
  
  inserting a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key;
  
  transmitting a processing request to said server associated with said mobile wireless communication device, said processing request including said new message portion, a reference to said original message, and said access key;
  
  receiving a signing request from said server, said signing request including a received access key and a hash of said composite message;
  
  locating in said table, the record with the access key that matches said received access key;
  
  extracting, from said record, said secondary value;
  
  obtaining said private cryptographic key by using said secondary value;
  
  employing said private cryptographic key to sign said hash to form a digital signature; and
  
  transmitting said digital signature to said server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising removing said record from said table after said extracting.
  - 3. The method of claim 1 wherein said record further comprises an associated creation time stamp.
  - 4. The method of claim 1 further comprising:
    - generating a mask;
      
      employing said mask for generation of said secondary value; and
      
      deleting said mask after said employing;
      
      wherein said processing request includes said mask and said signing request includes said mask for use with said received access key for obtaining said private cryptographic key.
  - 5. The method of claim 1 wherein said secondary value comprises a key store password.
  - 6. The method of claim 1 further comprising obtaining a Personal Identification Number (PIN) for use in obtaining data stored on a smart card, where said private cryptographic key is among said data stored on said smart card, wherein said secondary value comprises said PIN.
  - 7. The method of claim 1 wherein said secondary value comprises a private cryptographic key file formatted according to a Private-Key Information Syntax Standard.
  - 8. The method of claim 1 wherein said access key comprises a concatenation of an integer and a random 256-bit sequence.

9. A mobile wireless communication device comprising a processor and a communication subsystem, said communication subsystem including a receiver and a transmitter, said processor adapted to:
- detect receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device;
  
  generate an access key;
  
  insert a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key;
  
  transmit, via said transmitter, a processing request to a server associated with said mobile wireless communication device, said request including said new message portion, a reference to said original message and said access key;
  
  receive, via said receiver, a signing request from said server, said signing request including a received access key and a hash of said composite message;
  
  locate in said table, the record with the access key that matches said received access key;
  
  extract, from said record, said secondary value;
  
  obtain said private cryptographic key by using said secondary value;
  
  employ said private cryptographic key to sign said hash to form a digital signature; and
  
  transmit, via said transmitter, said digital signature to said server.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The mobile wireless communication device of claim 9 wherein said processor is further adapted to remove said record from said table after said extracting.
  - 11. The mobile wireless communication device of claim 9 wherein said record further comprises an associated creation time stamp.
  - 12. The mobile wireless communication device of claim 9 wherein said secondary value comprises a key store password.
  - 13. The mobile wireless communication device of claim 9 wherein said processor is further adapted to obtain a Personal Identification Number (PIN) for use in obtaining data stored on a smart card, where said private cryptographic key is among said data stored on said smart card, wherein said secondary value comprises said PIN.
  - 14. The mobile wireless communication device of claim 9 wherein said access key comprises a concatenation of an integer and a random 256-bit sequence.

15. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a mobile wireless communication device, cause said processor to:
- detect receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device;
  
  generate an access key;
  
  insert a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key;
  
  transmit a processing request to a server associated with said mobile wireless communication device, said request including said new message portion, a reference to said original message and said access key;
  
  receive a signing request from said server, said signing request including a received access key and a hash of said composite message;
  
  locate in said table, the record with the access key that matches said received access key;
  
  extract said secondary value;
  
  obtain said private cryptographic key by using said secondary value;
  
  employ said private cryptographic key to sign said hash to form a digital signature; and
  
  transmit said digital signature to said server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15 wherein the instructions further cause said processor to remove said record from said table after said extracting.
  - 17. The non-transitory computer-readable medium of claim 15 wherein said record further comprises an associated creation time stamp.
  - 18. The non-transitory computer-readable medium of claim 15 wherein said secondary value comprises a key store password.
  - 19. The non-transitory computer-readable medium of claim 15 wherein the instructions further cause said processor to obtain a Personal Identification Number (PIN) for use in obtaining data stored on a smart card, where said private cryptographic key is among said data stored on said smart card, wherein said secondary value comprises said PIN.
  - 20. The non-transitory computer-readable medium of claim 15 wherein said access key comprises a concatenation of an integer and a random 256-bit sequence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Sherkin, Alexander, Singh, Ravi, Vats, Nikhil, Adams, Neil Patrick
Primary Examiner(s)
Davis, Zachary A

Application Number

US13/296,514
Publication Number

US 20120131346A1
Time in Patent Office

1,435 Days
Field of Search

713/176, 713/180, 713/181, 380/277, 380/286
US Class Current

1/1
CPC Class Codes

H04L 51/58   Message adaptation for wire...

H04L 63/067   using one-time keys cryptog...

H04L 63/068   using time-dependent keys, ...

H04L 63/12   Applying verification of th...

H04L 9/3247   involving digital signatures

H04W 12/041   Key generation or derivation

H04W 12/106   Packet or message integrity

H04W 12/108   Source integrity

Securing private key access for cross-component message processing

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing private key access for cross-component message processing

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links