System and method for secure message key caching in a mobile communication device

US 9,628,269 B2
Filed: 07/10/2002
Issued: 04/18/2017
Est. Priority Date: 07/10/2001
Status: Active Grant

First Claim

Patent Images

1. A method for processing encrypted e-mail messages at a communication device, the method comprising:

receiving at the communication device an encrypted e-mail message comprising at least one encrypted session key and encrypted content, the at least one encrypted session key comprising an individual encrypted session key associated with the communication device, the individual encrypted session key encrypted with a public key and usable, when decrypted using a private key associated with the public key, to decrypt the encrypted content of the encrypted e-mail message;

accessing the encrypted e-mail message;

identifying the individual encrypted session key associated with the communication device;

decrypting the individual encrypted session key to obtain a decrypted session key that is unique to the encrypted e-mail message; and

storing the decrypted session key to memory;

wherein, when the encrypted content of the encrypted e-mail message is accessed multiple times, the stored decrypted session key is used each of the multiple times to decrypt the encrypted content of the encrypted e-mail message, andwherein the decrypted session key is removed from the memory based upon a sensitivity level of the encrypted e-mail message.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided for processing encrypted messages at a mobile device. A mobile device receives an encrypted message that comprises encrypted content as well as encryption information for accessing the encrypted content. At the mobile device, the encryption accessing information is obtained and stored to memory. The encryption accessing information is retrieved from memory in order to decrypt the encrypted content when the encrypted message is subsequently accessed.

144 Citations

45 Claims

1. A method for processing encrypted e-mail messages at a communication device, the method comprising:
- receiving at the communication device an encrypted e-mail message comprising at least one encrypted session key and encrypted content, the at least one encrypted session key comprising an individual encrypted session key associated with the communication device, the individual encrypted session key encrypted with a public key and usable, when decrypted using a private key associated with the public key, to decrypt the encrypted content of the encrypted e-mail message;
  
  accessing the encrypted e-mail message;
  
  identifying the individual encrypted session key associated with the communication device;
  
  decrypting the individual encrypted session key to obtain a decrypted session key that is unique to the encrypted e-mail message; and
  
  storing the decrypted session key to memory;
  
  wherein, when the encrypted content of the encrypted e-mail message is accessed multiple times, the stored decrypted session key is used each of the multiple times to decrypt the encrypted content of the encrypted e-mail message, andwherein the decrypted session key is removed from the memory based upon a sensitivity level of the encrypted e-mail message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1, wherein the encrypted e-mail message is received by the communication device through a wireless infrastructure and a wireless network.
  - 3. The method of claim 2, wherein a message server transmits the encrypted e-mail message through the wireless infrastructure and the wireless network to the communication device.
  - 4. The method of claim 3, wherein the message server receives the encrypted e-mail message from a message sender.
  - 5. The method of claim 4, wherein the communication device requests in a pull message access scheme that stored e-mail messages be forwarded by the message server to the communication device.
  - 6. The method of claim 4, wherein the message server routes the encrypted e-mail message to the communication device when the encrypted e-mail message is received at the message server, and wherein the encrypted e-mail message is addressed by the message sender using a specific e-mail address associated with the communication device.
  - 7. The method of claim 4, wherein the message server redirects the encrypted e-mail message to the communication device.
  - 8. The method of claim 7, wherein, before the encrypted e-mail message is redirected to the communication device, a redirection program re-envelopes the encrypted e-mail message so as to maintain addressing information of the encrypted e-mail message.
  - 9. The method of claim 8, wherein the redirection program re-envelopes the encrypted e-mail message so as to allow a reply message generated by the communication device to reach the message sender.
  - 10. The method of claim 1, further comprising, after the step of identifying, the steps of:
    - determining whether the encrypted session key has been decrypted and stored to the memory; and
      
      retrieving the decrypted session key from the memory and using the stored decrypted session key to decrypt the encrypted content of the encrypted e-mail message when the encrypted session key has been decrypted and stored to the memory.
  - 11. The method of claim 10, wherein the steps of decrypting and storing are performed where the encrypted session key has not been decrypted and stored to the memory.
  - 12. The method of claim 1, wherein certificate information of a user of the communication device is transferred to the communication device through a wireless communication module.
  - 13. The method of claim 1, wherein certificate revocation lists are transferred to the communication device through a wireless communication module.
  - 14. The method of claim 1, wherein a message server transmits the encrypted e-mail message through a wireless infrastructure and a wireless network to the communication device, wherein the encrypted e-mail message comprises a plurality of encrypted session keys, wherein the message server determines the encrypted session key associated with the communication device, and wherein the message server reorganizes the encrypted e-mail message such that the encrypted e-mail message is sent to the communication device without containing at least one encrypted session key that is not associated with the communication device.
  - 15. The method of claim 14, wherein the encrypted e-mail message comprises a digital signature, and wherein the message server verifies the digital signature and sends to the communication device a result of the digital signature verification.
  - 16. The method of claim 1, wherein the encrypted e-mail message comprises a plurality of encrypted session keys, wherein the encrypted session keys are associated with different recipients, and wherein the encrypted e-mail message is reorganized prior to transmission to the communication device containing only the encrypted session key associated with the communication device.
  - 17. The method of claim 16, wherein the encrypted e-mail message comprises a digital signature, and wherein the message server verifies the digital signature and sends to the communication device a result of the digital signature verification.
  - 18. The method of claim 1, wherein the encrypted session key is a one-time session key that is generated and used for the encrypted e-mail message.
  - 19. The method of claim 18, wherein the session key was encrypted using a public key associated with the communication device.
  - 20. The method of claim 19, wherein the encrypted e-mail message was addressed to a plurality of recipients, and wherein the same session key is encrypted using a public key associated with each recipient.
  - 21. The method of claim 1, wherein the encrypted content was encrypted using a session key and encryption algorithm, and wherein a public key cryptographic algorithm was used to encrypt the session key to generate the encrypted session key.
  - 22. The method of claim 1, wherein the encrypted e-mail message was encrypted using Secure Multipurpose Internet Mail Extensions (S/MIME) techniques.
  - 23. The method of claim 1, wherein the encrypted e-mail message was encrypted using Pretty Good Privacy techniques.
  - 24. The method of claim 1, wherein the encrypted e-mail message was encrypted using OpenPGP techniques.
  - 25. The method of claim 1, wherein the encrypted e-mail message comprises a digital signature.
  - 26. The method of claim 1, wherein the decrypted session key is removed from the memory after a preselected time has elapsed.
  - 27. The method of claim 26, wherein the preselected time is selected by a user.
  - 28. The method of claim 1, wherein the decrypted session key is removed from the memory based upon electrical power being removed from the communication device.
  - 29. The method of claim 1, wherein the decrypted session key is removed from the memory based upon an identity of a sender of the encrypted e-mail message.
  - 30. The method of claim 29, wherein the identity of the sender of the encrypted e-mail message comprises an e-mail address of the sender.
  - 31. The method of claim 1, wherein the sensitivity level is determined based upon a subject line contained within the encrypted e-mail message.
  - 32. The method of claim 1, wherein the sensitivity level is determined based upon the encrypted content.
  - 33. The method of claim 1, further comprising the step of:
    - setting a disabling flag so that the decrypted session key is not continuously stored in the memory for use in additional accesses of the encrypted content.
  - 34. The method of claim 1, further comprising the step of:
    - setting a disabling flag so that the decrypted session key is removed from the memory after accessing the encrypted content.
  - 35. The method of claim 1, wherein the decrypted session key is stored to a volatile memory of the communication device.
  - 36. The method of claim 1, wherein the decrypted session key is stored to a volatile and non-persistent memory of the communication device.
  - 37. The method of claim 1, wherein the decrypted session key is stored to a random access memory (RAM) of the communication device.
  - 38. The method of claim 1, wherein a user interface of the communication receives security information in order to have the encrypted session key decrypted.
  - 39. The method of claim 38, wherein the security information comprises a password.

40. Non-transitory computer-readable memory encoded with program code for processing an encrypted e-mail message at a communication device when the encrypted e-mail message is accessed, wherein the encrypted e-mail message comprises at least one encrypted session key and encrypted content, the at least one encrypted session key comprising an individual encrypted session key associated with the communication device, the individual encrypted session key encrypted with a public key and usable, when decrypted using a private key associated with the public key, to decrypt the encrypted content of the encrypted e-mail message, wherein execution of the program code results in:
- identifying the individual encrypted session key associated with the communication device;
  
  decrypting the individual encrypted session key to obtain a decrypted session key that is unique to the encrypted e-mail message;
  
  storing the decrypted session key to memory; and
  
  when the encrypted content of the encrypted e-mail message is accessed multiple times, using the stored decrypted session key each of the multiple times to decrypt the encrypted content of the encrypted e-mail message,wherein the decrypted session key is removed from the memory based upon a sensitivity level of the encrypted e-mail message.

41. An apparatus on a communication device for handling multiple accesses to encrypted e-mail messages, wherein an encrypted e-mail message comprises at least one encrypted session key and encrypted content, wherein the at least one encrypted session key comprises an individual encrypted session key associated with the communication device, the individual encrypted session key encrypted with a public key and usable, when decrypted using a private key associated with the public key, to decrypt the encrypted content of the encrypted e-mail message, and wherein the encrypted e-mail message is transmitted to the communication device, the apparatus comprising:
- a storage software module that executes on a data processor of the communication device and that identifies the individual encrypted session key associated with the communication device, decrypts the individual encrypted session key to obtain a decrypted session key that is unique to the encrypted e-mail message, and stores the decrypted session key in memory which is volatile and non-persistent, wherein the stored decrypted session key allows access to the encrypted content; and
  
  an accessing software module that executes on the data processor of the communication device and that retrieves from the memory the stored decrypted session key,wherein, when the encrypted content of the encrypted e-mail message is accessed multiple times, the retrieved stored decrypted session key is used each of the multiple times to decrypt the encrypted content of the encrypted e-mail message,wherein the decrypted session key is removed from the memory based upon a sensitivity level of the encrypted e-mail message.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The apparatus of claim 41, wherein the encrypted e-mail message further comprises a digital signature, wherein the storage software module is configured to store, in the memory, verification information about the digital signature, and wherein the accessing software module is configured to retrieve from the memory the verification information when the encrypted content is accessed multiple times.
  - 43. The apparatus of claim 42, further comprising a data structure stored in the memory for containing the verification information and the at least one encrypted session key.
  - 44. The apparatus of claim 43, wherein the data structure includes an association that is indicative of which at least one encrypted session key is associated with which of a plurality of encrypted e-mail messages.
  - 45. The apparatus of claim 44, wherein the data structure includes an association that is indicative of which verification information is associated with which of the plurality of encrypted e-mail messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Little, Herbert A., Kirkup, Michael G.
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US10/483,282
Publication Number

US 20040205248A1
Time in Patent Office

5,396 Days
Field of Search

380270, 380277, 713153, 713155, 713156, 713160, 713163, 726 5
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 51/58   Message adaptation for wire...

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

H04W 12/033   of the user plane, e.g. use...

H04W 74/00   Wireless channel access

System and method for secure message key caching in a mobile communication device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

45 Claims

Specification

Use Cases

Quick Links

Others

System and method for secure message key caching in a mobile communication device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

45 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others