Recherche Images Maps Play YouTube Actualités Gmail Drive Plus »
Recherche avancée dans les brevets | Images de page | Historique Web | Connexion

Brevets

  
[graphic][subsumed][graphic][graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]
[graphic]

| 23 /314 + OTA link j OTA Sync |_ _ _ _ + Backup | I 28 I \-I I _ _ _ _ _ _| _ _ _ _ F I ‘I 24 : l y I / | | . | I Key/Certificate /\’3I0 I User's Desktop | Store Base PC 304 I I I l I / ' | | Desktop Manager I l I <_ _ I 26 I I CertSync < I '3] I Private Key V| | Information I _ | Mobile Wireless | I Communication Device I _ _ _ _ _ I_ _ _ _ _ _ \ \\ \ 100

[graphic][subsumed][merged small][subsumed][merged small][subsumed][graphic][graphic][graphic][graphic][graphic][graphic][graphic][graphic][merged small][graphic][merged small][graphic][merged small][merged small][merged small][merged small][graphic][graphic][graphic][subsumed][subsumed][graphic][merged small][graphic][merged small][merged small][graphic][subsumed][graphic][subsumed][subsumed][subsumed][subsumed][graphic][graphic][graphic][merged small][merged small][graphic][graphic][graphic]
[graphic][graphic][graphic][graphic][graphic][merged small][subsumed][graphic][graphic][graphic][subsumed][subsumed][graphic][subsumed][subsumed][graphic][graphic][subsumed][merged small][graphic][merged small][merged small][subsumed][merged small][merged small][merged small][merged small][merged small][subsumed][graphic][graphic][merged small]
[graphic][merged small][graphic][graphic][graphic][subsumed][subsumed][graphic][merged small][graphic][subsumed][merged small][graphic][graphic][graphic][merged small]

AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application is a continuation of U.S. patent application Ser.No. 12/404,749, filed Mar. 16, 2009,whichis a continuation of U.S. patent application Ser. No. 10/ 9 1 3,499, filed Aug. 9, 2004. U.S. patent application Ser. No. 10/913, 499 issued to patent as U.S. Pat. No. 7,506,164. The entire contents of U.S. patent application Ser. Nos. 12/404,749, and 10/ 913,499, are hereby incorporated by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention relates generally to mobile wireless communications devices capable of processing cryptographically secure messages and information. In particular, the disclosure is directed to a mobile wireless communications device having cryptographic messaging capability in which automatic key detection and synchronization are

provided. [0004] 2. RelatedArt [0005] Exchanging cryptographically secured electronic

messages and data, such as, for example, e-mail messages, is well known. Cryptographically secured electronic messaging typically requires the use of cryptographic keys to perform various cryptographic functions relating to secured electronic messages. In order to ensure that a user is able to perform cryptographic functions, such as, for example, signing, verifying, encrypting, decrypting, etc., secure e-mail messages, users are typically required to transfer their cryptographic keys from, for example, a desktop PC or the like, to the mobile wireless communications device. This transfer is typically accomplished via a hard-wired serial connection that accommodates a mobile wireless communications device and provides an interface to the user’s desktop PC. When the mobile device is in communication with the user’s desktop, a utility, such as, for example, the Certificate Synchronization (sometimes referred to as “Cert Sync”) running on the user’s desktop is used to allow the user to choose which keys to synchronize to the mobile wireless communications device.

[0006] Periodically, users get issued new signing/decryption keys, for example, for use in secure e-mail messaging. This may be done fairly frequently in some systems, for example automatic key rollover systems such as that employed by EntrustTM, or less frequently if the users keys only expire every couple of years or so.

[0007] When a new key or keys are issued, the user must load these new keys onto the user’s mobile wireless communications devices in order to be able to sign and decrypt secured messages with the new keys. Typically, the process of updating the keys for the mobile wireless communications device involves running Cert Sync on the user’s desktop; manually identifying which keys are new; manually selecting keys to download; and synchronizing with the mobile wireless communications device. Users may not realize that new keys have been issued in which case they will not be able to read encrypted e-mail until they synchronize with their desktop and update the device key store.

[0008] This method of key management for mobile wireless communications devices is cumbersome, inefficient, subject to widespread inaccuracies and is difficult to imple

ment. As discussed above, it is difficult to identify which keys are new keys even when the user is aware of the issuance of new keys.

BRIEF SUMMARY OF THE INVENTION

[0009] In view of the foregoing, we have now identified an eflicient, accurate and easy to implement method for key management in devices that are capable of processing cryptographically secured electronic messages, such as, for example, mobile wireless communications devices.

[0010] According to a preferred embodiment of the present disclosure, a list of keys that have been used or seen in the past is generated. This list is referred to herein as the history list. Every time Cert Sync is started, the list of keys on the user’s desktop is compared with the history list. If new keys have been added to the system since the last update (or last cradling of the mobile wireless communications device), they will not appear on the history list. At this point, the user is informed of the detection of newly issued keys, and prompted to download the new keys, if desired.

[0011] If the user elects to download the new keys, the new keys are automatically marked for download. The new keys are then added to the history list so that the user is not prompted with respect to these keys in the future.

[0012] Of course, the first time a user starts Cert Sync with this automated key management feature, the history list is empty. Thus, the user will initially be prompted to mark all of the keys for download.

[0013] In an alternative embodiment, certificates may be synchronized automatically when the user puts his or her mobile wireless communications device in communication with a desktop without having the user start the Cert Sync utility. In this exemplary embodiment, when the device is put in communication with a desktop, new certificates are checked for by comparing the desktop keys to the history list. If new keys are present, the user is prompted to download keys, and if the user accepts, the new keys are downloaded automatically.

[0014] In a further alternative embodiment, automatic downloading of new keys that replace expired keys on the device is contemplated. In this embodiment, when the user puts his or her mobile wireless communications device in communication with a desktop, a check is automatically made for new keys. For each new key, if the corresponding certificate matches a certificate on the device, the new certificate is automatically downloaded without prompting the user. A matching certificate is one that appears to replace an existing certificate, as the old expired certificate has the same common name and issuer name as the new certificate. [0015] The advantages attendant with the various embodiments of the invention described above are provided by the method and system of automated key management disclosed and described herein with reference to the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0016] These and other objects and advantages of exemplary embodiments of the present invention will be better understood and appreciated in conjunction with the following detailed description of exemplary embodiments taken together with the accompanying drawings, in which:

[0017] FIG. 1 is an overall system wide schematic view of an exemplary wireless e-mail communication system incorporating a mobile wireless communications device with the

« PrécédentContinuer »