Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberWO2000031931 A1
Publication typeApplication
Application numberPCT/SE1999/002021
Publication date2 Jun 2000
Filing date8 Nov 1999
Priority date24 Nov 1998
Also published asCN1328735A, EP1133854A1
Publication numberPCT/1999/2021, PCT/SE/1999/002021, PCT/SE/1999/02021, PCT/SE/99/002021, PCT/SE/99/02021, PCT/SE1999/002021, PCT/SE1999/02021, PCT/SE1999002021, PCT/SE199902021, PCT/SE99/002021, PCT/SE99/02021, PCT/SE99002021, PCT/SE9902021, WO 0031931 A1, WO 0031931A1, WO 2000/031931 A1, WO 2000031931 A1, WO 2000031931A1, WO-A1-0031931, WO-A1-2000031931, WO0031931 A1, WO0031931A1, WO2000/031931A1, WO2000031931 A1, WO2000031931A1
InventorsChristian Gehrmann
ApplicantTelefonaktiebolaget Lm Ericsson (Publ)
Export CitationBiBTeX, EndNote, RefMan
External Links: Patentscope, Espacenet
Method and system for securing data objects
WO 2000031931 A1
Abstract
A method and system are disclosed for securing primarily private e-mail that can be conveyed to and from a user via an open network such as the Internet. Essentially, the e-mail messages are encrypted with a secure digital envelope type protocol which can be based on the use of digital certificates. An example of such a digital envelope encryption protocol is the S/MIME protocol. As such, a domain-to-user security relationship is used instead of a user-to-user or domain-to-domain security relationship. For example, a mobile radiotelephone user of a corporate network (22) can have certain incoming e-mail forwarded to an external mail server (16) (e.g., in the Internet). The mail to be forwarded is first encrypted into a secure digital envelope format (e.g., S/MIME format) with the user's secret key. Consequently, the protected e-mail from the corporate network (22) can be forwarded to the user via the external mail server (16) (e.g., in the Internet) without compromising security.
Claims  (OCR text may contain errors)
WHNT IS CLAIMED IS:
1. A system for protecting a data object to be delivered to a user of a private network via an open network, comprising: a first server associated with said private network; an encryption unit coupled to said first server, for encrypting said data object intended for said user; and a second server associated with said open network, said second server coupled to said encryption unit and said first server, said second server including means for delivering said encrypted data object to said user.
2. The system of Claim 1 , wherein said data object comprises an e-mail message.
3. The system of Claim 1 , wherein said first server comprises a first mail server.
4. The system of Claim 3, wherein said second server comprises a second mail server.
5. The system of Claim 1, wherein said private network comprises a coφorate LAN.
6. The system of Claim 1, wherein said open network comprises the Internet.
7. The system of Claim 1 , wherein said encryption unit includes means for encrypting said data object to an S/MEVIE format.
8. The system of Claim 7, wherein said data object is encrypted with a secret symmetric key associated with said user.
9. The system of Claim 1, wherein said encryption unit includes means for encrypting said data object using a packet or digital envelope cryptographic protocol.
10. The system of Claim 1 , further comprising: a decryption unit coupled to said first server, for decrypting a data object received from said user.
11. The system of Claim 10, wherein said data object comprises an e-mail message.
12. The system of Claim 11 , wherein said decryption unit includes means for decrypting said e-mail message from an S/MIME format to a MEVIE format.
13. The system of Claim 11, wherein said e-mail message is decrypted using a secret key associated with said first mail server.
14. The system of Claim 1, further comprising means for formulating a policy for forwarding an e-mail message from said first server to said second server.
15. The system of Claim 1 , wherein said first server comprises a mailing list server.
16. A method for protecting a data object to be delivered to a user of a private network via an open network, comprising the steps of: in said private network, encrypting said data obj ect with a secret key associated with said user; in accordance with a predetermined forwarding policy, forwarding said encrypted data object to a server in said open network; said server delivering said encrypted data object to said user; and decrypting said encrypted data object using said secret key.
17. The method of Claim 16, wherein said data object comprises an e-mail message.
18. The method of Claim 16, wherein said server comprises a mail server.
19. The method of Claim 16, wherein said private network comprises a coφorate LAN.
20. The method of Claim 16, wherein said open network comprises the Internet.
21. The method of Claim 16, wherein said encrypting step comprises encrypting said data object to an S/MEVIE format.
22. The method of Claim 16, wherein said encrypting step comprises encrypting said data object using a packet or digital envelope cryptographic protocol.
23. The method of Claim 16, further comprising the step of decrypting a data object received from said user.
24. The method of Claim 23, wherein said data object comprises an e-mail message.
25. The method of Claim 24, wherein said decrypting step comprises decrypting said e-mail message from an S/MEVIE format to a MEVIE format.
26. The method of Claim 25, wherein said decrypting step comprises decrypting said e-mail message with a secret key associated with a mail server in said private network.
27. The method of Claim 16, further comprising the step of formulating a policy for forwarding said data object from a first mail server in said private network to a second mail server in said open network.
28. The method of Claim 16, wherein said private network comprises a mailing list server.
29. A system for providing secure access to a data object intended for a user of a private network via an open network, said system comprising: a gateway associated with said private network, said gateway configured to forward said data object intended for said user in accordance with a forwarding policy of said user; an encryption unit coupled to said gateway for encrypting said data object to be forwarded; and an external server associated with said open network for storing said encrypted data object forwarded from said private network, said external server enabling access to said encrypted data object by said user via said open network.
Description  (OCR text may contain errors)

METHOD AND SYSTEM FOR SECURING DATA OBJECTS

BACKGROUND OF THE INVENTION Technical Field of the Invention

The present invention relates generally to the telecommunications field and, in particular, to a method and system for securing data objects such as electronic mail (e-mail).

Description of Related Art Mobile radiotelephone users have a significant problem gaining access to corporate information when they are on travel or at home. Today, most remote access solutions for gaining access to corporate information for such mobile users are based on the use of dial-up connections to dedicated modem pools. Another solution for obtaining the desired coφorate information is to route the information to or from the user using an arbitrary Internet connection and an encrypted "tunnel" to a gateway at the border between the Internet and the coφorate Local Area Network (LAN). However, the problem with such a solution is that the user's equipment is located outside the coφorate network, and consequently, that equipment can be quite vulnerable to security attacks and breaches. It is expected that, in the near future, numerous high-speed Internet connections will become available. Consequently, it is currently desirable to design solutions for gaining access to coφorate network information that will work for any Internet Protocol (IP) connection. In particular, it is currently desirable to provide a secure and flexible solution for a specific type of coφorate information service: e-mail.

There are numerous ways to provide secure access to coφorate information over an IP connection. As such, different protocols for providing secure access to such information have been, or are being, standardized by the Internet Engineering Task Force (IETF). The security protection can be placed at a number of different levels in the communications stack. However, there are essentially two basic protection approaches that can be used: application protection and transport protection. The Secure Multi-puφose Internet Mail Extension (S/MIME) Standard currently being developed in the IETF is an example of an application protection approach, while the Transport Layer Security (TLS), SSH, and Internet Protocol Security (IPSEC) protocols are for transport protection.

Low level information protection can be beneficial because the services can be provided without requiring any changes to the applications involved. On the other hand, low level protection protocols (e.g., IPSEC protocol) require substantial modifications to the operating systems involved. Furthermore, information that is protected only during transport requires additional protection when the information is ultimately stored at the clients' locations and servers.

In that regard, the S/MIME Standard should be able to provide adequate protection for e-mail messages while they are stored at a user's terminal and/or mail server. For example, the S/MIME protection approach should make it possible to provide e-mail services that are totally open at the Internet and extremely easy to access. As such, it is expected that this model of open but protected information will be one of the more important security models in the future.

The standard Netscape and Microsoft e-mail tools support the S/MIME protocol. As such, the S/MIME Standard should provide a way to encrypt MIME information in a way that is flexible and secure. The S/MIME standard will be a combination of public key encryption and symmetric encryption. The symmetric key encryption will be used to encrypt the actual information content in the MIME messages, and the public keys will be used to encrypt the symmetric key used for encryption of the MIME content, or for digitally signing the MIME message. The

S/MBVIE approach will use digital certificates to check the validity of the public keys used.

Secure e-mail approaches such as S/MIME, are based on a point-to-point communication model. In other words, an arbitrary user in a network communicates with another user in the network, and the communication between the two users is secure. Unfortunately, however, such a point-to-point security model does not fit well in a conventional coφorate network architecture. Typically, a coφorate network (e.g., LAN) is an IP-based private network, and its only access to the Internet is through a firewall. Consequently, it is intentionally made difficult to access information in the coφorate network from the other side of the firewall. Furthermore, many users of the coφorate network are not interested in maintaining encryption key information, or to have to look up such key information every time an e-mail message is to be sent to another user in the network. Simply put, it is a relatively difficult problem to implement a point-to- point security model for protecting e-mail in such large organizations as coφorations. However, as described in detail below, the present invention successfully resolves the above-described problems.

SUMMARY OF THE INVENTION

In accordance with the present invention, a method and system are provided for securing private e-mail that can be conveyed to and from a user via an open network such as the Internet. Essentially, the e-mail messages are encrypted with a secure digital envelope type protocol which can be based on the use of digital certificates. An example of such a digital envelope encryption protocol is the S/MIME protocol. As such, a domain-to-user security relationship is used instead of a user-to-user or domain-to-domain security relationship. For example, in a preferred embodiment of the present invention, a mobile radiotelephone user of a coφorate network can have certain incoming e-mail forwarded to an external mail server (e.g., in the Internet). The mail to be forwarded is first encrypted into a secure digital envelope format (e.g.,S/MIME format) with the user's secret key. Consequently, the protected e-mail from the coφorate network can be forwarded to the user via the external mail server (e.g., in the Internet) without compromising security.

An important technical advantage of the present invention is that a mobile user can receive and view secure e-mail via an open network such as the Internet.

Another important technical advantage of the present invention is that a coφorate network user's e-mail can be secured with a maximum of two digital certificates required to obtain such protection.

Still another important technical advantage of the present invention is that the security of a user's e-mail is independent of the mail server used.

BRIEF DESCRIPTION OF THE DRAWINGS A more complete understanding of the method and apparatus of the present invention may be had by reference to the following detailed description when taken in conjunction with the accompanying drawings wherein:

FIGURE 1 is a diagram that illustrates a secure e-mail system and method that can be implemented in accordance with a preferred embodiment of the present invention; and

FIGURE 2 is a flow diagram of a method that can be used for encryption and decryption of e-mail using the S/MEVIE standard in accordance with the preferred embodiment of the present invention.

DETAILED DESCRIPTION OF THE DRAWINGS The preferred embodiment of the present invention and its advantages are best understood by referring to FIGURES 1 -2 of the drawings, like numerals being used for like and corresponding parts of the various drawings. Essentially, in accordance with the present invention, a method and system are provided for securing private e-mail that can be conveyed to and from a user via an open network such as the Internet. The e-mail messages are encrypted with a secure digital envelope type protocol which can be based on the use of digital certificates. An example of such a digital envelope encryption protocol is the S/MIME protocol. As such, a domain-to-user security relationship is used instead of a user-to-user or domain-to-domain security relationship. For example, in a preferred embodiment of the present invention, a mobile radiotelephone user of a coφorate network can have certain incoming e-mail forwarded to an external mail server (e.g., in the Internet). The mail to be forwarded is first encrypted into a secure digital envelope format (e.g., S/MIME format) with the user's secret key. Consequently, the protected e-mail from the coφorate network can be forwarded to the user via the external mail server (e.g., in the Internet) without compromising security. As such, although the present invention is described herein primarily with respect to the protection of e-mail, the present invention can also apply to the protection of any data object, such as, for example, data programs, JAVA programs, or mobile code. Specifically, FIGURE 1 is a diagram that illustrates a secure e-mail system and method that can be implemented in accordance with a preferred embodiment of the present invention. For this embodiment, an exemplary system 10 includes an open or public-access network (e.g., the Internet) and a private network (e.g., a coφorate intranet or LAN). The two networks are typically separated by a firewall 12, which functions primarily to protect and maintain the confidentiality of the information stored in the private network.

The open network includes a mail server 16 (external to the private network). A user (e.g., user of the private network) can access the mail server 16 to receive and view e-mail with a personal computer (PC) or Personal Digital Assistant (PDA) 14. For this exemplary embodiment, the user is preferably a mobile radiotelephone user who can gain access to the mail server 16 over a conventional wireless connection 18. For example, the user's PC (or PDA) 14 can include a speech/data connection to a mobile radiotelephone, such as, for example, a cellular phone. The user's PC (or PDA) 14 can utilize a conventional e-mail application such as Netscape mail or Microsoft Outlook Express to forward or receive e-mail to or from the mail server 16 via the connection 18. Nevertheless, although a wireless connection 18 is shown, the scope of the present invention is not intended to be so limited, and can include the use of, for example, a wireline connection, fiber optic connection, etc. However, the use of a wireless connection 18 via a mobile phone is more convenient for a user who is periodically on the move (e.g., in an automobile, train, aircraft, etc.).

For this embodiment, the user's PC (or PDA) 14 is also connected to the coφorate network (generally denoted as 22) via a wireless (or any other appropriate) connection 20. For example, the user' s PC (or PDA) 14 can transfer data via a cellular phone over the wireless connection 20 to a dial-up modem at the coφorate network 22. Additionally, the user's PC 14 can be connected to the coφorate network's

World-Wide Web (WWW) interface 26 via a secure connection 32 (e.g., using the TLS protocol). The primary puφose for this secure connection 32 in the context of FIGURE 1 is to enable the user to formulate and convey an e-mail forwarding policy to the coφorate network 22.

For this exemplary embodiment, the coφorate network 22 includes a mail server 24 (e.g., on a coφorate LAN). The Web interface 26 can be a conventional

Web interface typically used for, among other things, maintaining e-mail forwarding policies responsive to users' directions. The coφorate network 22 also includes a decryption unit 28 for decrypting an incoming e-mail message that has been encrypted using a packet or digital envelope cryptographic protocol (e.g., S/MIME). In this embodiment, the decryption unit 28 preferably includes a software application that can decrypt a secure digital envelope-formatted (e.g., S/MIME-protected) e-mail message conveyed via the connection 20 from the user's PC 14. An encryption unit 30 preferably includes a software application that functions to encrypt an outgoing e-mail message with a secure digital envelope format (e.g., from a MIME format to S/MIME format). The encrypted e-mail messages are coupled from the coφorate network 22 to the external mail server 16 via a conventional data connection 34. For example, the coφorate network 22 can be connected to an Internet mail server (16) via a Public Switched Telephone Network (PSTN) Tl line (34).

In operation (referring to the exemplary embodiment illustrated in FIGURE 1 ), a mobile phone user employs the PC (or PDA) 14 to send a message including e-mail forwarding policy instructions to the Web interface 26. Preferably, the e-mail forwarding policy message is transported via a secure connection 32 (e.g., using TLS, IPSEC or any other appropriate secure transport protocol) to the Web interface 26. This mail forwarding policy predetermines which e-mail messages are to be transported from the coφorate network 22, and to what address (e.g., to the external mail server 16). For example, the user's e-mail forwarding policy can include instructions to forward all incoming e-mail messages from the coφorate LAN to the external mail server, or just to forward certain e-mail messages only (e.g., just those arriving from a specific set of addresses, or having a certain priority). As such, the user's e-mail forwarding policy actually selected can be a matter of personal (or coφorate) choice. At this point, it is useful to describe in general how a secure digital envelope format can be used to implement the present invention. A secure digital envelope is a message, or information string, packed into a certain format to provide confidentiality, and/or integrity, and/or non-repudiation. In order to transform any clear-text message into a protected digital envelope format, a combination of symmetric and asymmetric cryptographic functions can be used. Unlike most secure data transport protocols, a digital envelope can be used for off-line decryption and integrity-checking. Once transformed into a secure cryptographic envelope format, a secure message can be decrypted and checked at any time by anyone who possesses a correct secret key. As mentioned earlier, the S/MIME standard is an example of a secure digital envelope format.

As an exemplary type of secure digital envelope format that can be used to implement the present invention, the S/MIME standard can provide confidentiality and/or integrity and non-repudiation protection for MIME messages. Encrypting a MIME message with a secret symmetric key provides confidentiality for the message, while using a digital signature provides integrity and non-repudiation for the message. In accordance with the S/MEVIE standard, a message can just be encrypted, just signed, or both encrypted and signed. The following description illustrates an exemplary method that can be used with the S/MIME standard to provide confidentiality, integrity and non-repudiation protection for a MIME message to be sent from one user to another.

For example, assume that a user, A, wants to send a MIME message, M, to an arbitrary user, B, using the S/MEVIE standard. Let "g" represent a public key encryption algorithm used for encryption so that for a public key pair, Kjpublic and K_secret, an arbitrary message, L, will be encrypted as, L'=g(K_public,L), and decrypted as, L=g'(K_secret,L'). Let "e" represent a public key algorithm used for signing so that for a public key pair, K_public and K_secret, a short message, L, will be signed as S=e(K_secret,L). Let S '=e'(K_public,S). As such, an arbitrary signature, S, for the message, L, is valid if and only if S '=S. Let "h" represent a one-way hash function so that for any message, M, the function h(M) equals a 128 bit value, and that given M and h(M), it is computationally infeasible to find any other message, M ' , such that h(M')=h(M). Given these exemplary conditions, a method that can be used for encryption and decryption using the S/MEVIE standard in accordance with the preferred embodiment of the present invention, is shown in FIGURE 2.

Referring to the assumptions and conditions described above and the exemplary method 200 shown in FIGURE 2, at step 201 , user A (e.g., A's terminal) searches for a public encryption key, K_publicB, for user B. For example, such a key can be contained in a digital certificate signed by a trusted third party. At step 202, user A generates a random value for a key, K_s. At step 203, user A encrypts the message, M, using the key, K_s, and a symmetric encryption algorithm f, as C=f(K_s,M). At step 104, user A encrypts the key, K_s as K'=g(K_publicB,K_s). At step 105, user A holds the public key pair, K_publicA,K_secretA, to be used for signing messages. User A then computes a digital hash for the cipher text C, as C ' =h(C), and uses the key, K_secretA, to sign C ' as, S=e(K_secretA,C')=e(K_secretA,h(C)). At step 206, user A (e.g., A's terminal) sends the message, (K',S,C), to user

B together with a digital certificate (e.g., signed by a trusted third party) which contains the key, K_publicA. At step 207, user B (e.g., B's terminal) receives the message, (K',S,C), together with a certificate which contains the public key, K_publicA. At step 208, user B checks the signature of the certificate with the key, K_publicA. At step 209, if user B determines that the signature is correct, user B accepts the key, K_publicA, as the public signing key of user A. Otherwise, if the signature is incorrect, then user B considers the message (K',S,C) as invalid and can disregard the communication.

At step 210, user B calculates S'=e'(K_publicA,h(C)). At step 211, if user B determines that S'=S, then user B accepts the message (K'S,C) as a valid message from A. Otherwise, user B considers the message as invalid. At step 212, user B calculates K_s=(K_secretB,K'). At step 213, user B decrypts C as M=f (K_s,C), and thus obtains the message, M, originally from user A.

Returning to FIGURE 1 , and in the context of the preferred embodiment of the present invention, the e-mail to be forwarded (in accordance with the user's predetermined mail forwarding policy) from the coφorate network (LAN) 22 to the external network's (Internet) mail server 16 is first encrypted. For example, in this exemplary embodiment, the e-mail messages stored in the coφorate network's mail server 24 are maintained in the MEVIE format. As such, using the exemplary method 200 described above, the encryption unit 30 can encrypt each e-mail message to be forwarded to the external mail server into an S/MEVIE format. If the user is employing a PDA (14) instead of a PC, the encryption unit 30 can encrypt the e-mail to be forwarded into the S/MEVIE format using symmetric keys shared between the network mail server 24 and the user's PDA 14. A digital certificate can be used to assure the integrity and non-repudiation of the message. The S/MEVIE encrypted e-mail messages are transmitted from the network 22 to the external mail server 16 via the conventional connection 34. The encrypted e- mail is then maintained in the user's mailbox at the external mail server, until the user requests the mail for delivery to the PC (or PDA) 14. Using a conventional mail tool (e.g., Netscape mail or Microsoft's Outlook Express), the user's PC (or PDA) 14 can retrieve the encrypted mail from the external mail server 16 via the connection 18.

Using the exemplary method 200 described above, the user's PC 14 can check the signature of the certificate and decrypt the mail from the S/MEVIE format to the MIME format. If a PDA (14) is used, it decrypts the received mail.

The mobile user can also transmit encrypted e-mail messages from the PC (or PDA) 14 to the network 22. For this embodiment, using the same method 200, the user's PC (or PDA) 14 encrypts the e-mail to be forwarded to the network 22 from the MEVIE format to an S/MEVIE format, mail server 22. The encrypted e-mail message (and a digital certificate associated with the mail server 22) is transmitted from the PC 14 to the decryption unit 28 via connection 20. The decryption unit 28 checks the digital certificate and then decrypts the received e-mail message from the S/MEVIE format to the MEVIE format. Notably, as opposed to the S/MEVIE approaches now under consideration, the present invention requires the use of only two digital certificates for authentication: the user's certificate for encrypted mail forwarded to the external mail server; and the coφorate mail server's certificate for encrypted mail forwarded to the coφorate network's mail server. A conventional Certificate

Management System can be used in the coφorate network's mail server 24 to handle both the issuance of digital certificates and the publication of the revocation of such certificates, if so required.

In accordance with a second embodiment of the present invention, one or more e-mail mailing lists can be implemented and secured. For example, mailing lists currently are useful for large groups of people having some common interests in communicating by e-mail. In order to subscribe to a mailing list, a person can send certain subscription e-mail containing the e-mail messages intended for communication to a mailing list e-mail server. The subscription e-mail can contain the e-mail address where the subscriber desires to receive e-mail from the mailing list. All mail received by the mailing list server is forwarded to all mail addresses of subscribers to the list. At present, anyone who wishes to subscribe to an e-mail list may do so. As such, the only identity related to a subscriber is that subscriber's e-mail address. However, a problem is that e-mail address could be an anonymous address. In other words, it is currently not possible for a mailing list administrator to prevent malicious use of the list by certain subscribers. Moreover, all e-mail messages currently being sent to and from mailing list servers are sent in clear text. However, the secure e-mail gateway provided by the present invention can be used to prevent such problems.

For example, in accordance with the preferred embodiment of the present invention, the MEVIE to S/MEVIE (or S/MEVIE to MEVIE) e-mail gateway (e.g., units

24-30) can be used as a mailing list server. By requiring that all subscription messages be sent in S/MEVIE, for example, and be signed with a valid signature and certificate, the identity of the subscriber can be determined before allowing the subscriber to enter the mailing list in the server. By requiring that all messages sent to the mailing list server be encrypted with the gateway' s key and signed by the user, the confidentiality and integrity of the mail received by the gateway 22 can be ensured. Before forwarding mail, the gateway 22 can encrypt the e-mail by using the receiver's certificate. Consequently, all messages sent to and from the mailing list (server) will be protected. A preferred embodiment of the method and apparatus of the present invention has been illustrated in the accompanying Drawings and described in the foregoing Detailed Description, it will be understood that the invention is not limited to the embodiment disclosed, but is capable of numerous rearrangements, modifications and substitutions without departing from the spirit of the invention as set forth and defined by the following claims.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
WO1996013113A1 *12 Oct 19952 May 1996Secure Computing CorporationSystem and method for providing secure internetwork services
WO1997000471A2 *16 Jun 19963 Jan 1997Check Point Software Technologies Ltd.A system for securing the flow of and selectively modifying packets in a computer network
WO1997047106A1 *29 May 199711 Dec 1997Webtv Networks, Inc.A method and apparatus for using network address information to improve the performance of network transactions
GB2323757A * Title not available
Non-Patent Citations
Reference
1 *HERFERT M: "SECURITY-ENHANCED MAILING LISTS", IEEE NETWORK: THE MAGAZINE OF COMPUTER COMMUNICATIONS, vol. 11, no. 3, 1 May 1997 (1997-05-01), pages 30 - 33, XP000689787, ISSN: 0890-8044
2 *LEVIEN R: "PROTECTING INTERNET E-MAIL FROM PRYING EYES", DATA COMMUNICATIONS, vol. 25, no. 6, 1 May 1996 (1996-05-01), pages 117/118, 120, 122, XP000587586, ISSN: 0363-6399
3 *SMITH R E: "A SECURE EMAIL GATEWAY (BUILDING AN RCAS EXTERNAL INTERFACE)", PROCEEDINGS. ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 1994, XP002912413
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
WO2002093849A2 *15 May 200221 Nov 2002Kasten Chase Applied Research LimitedSystem for secure electronic information transmission
WO2002093849A3 *15 May 200223 Jan 2003Kasten Chase Applied Res LtdSystem for secure electronic information transmission
WO2003015367A2 *6 Aug 200220 Feb 2003Research In Motion LimitedSystem and method for processing encoded messages
WO2003015367A3 *6 Aug 200230 May 2003Research In Motion LtdSystem and method for processing encoded messages
WO2003036887A1 *24 Oct 20021 May 2003Research In Motion LimitedMultiple-stage system and method for processing encoded messages
WO2004021665A3 *29 Aug 200315 Apr 2004Sap AgEnterprise secure messaging architecture
WO2004039019A1 *23 Oct 20036 May 2004Sierra Wireless, Inc.Redirection of notifications to a wireless user device
WO2004056062A2 *17 Dec 20031 Jul 2004Sierra Wireless, Inc.Enterprise access configuration
WO2004056062A3 *17 Dec 200326 Aug 2004Sierra Wireless IncEnterprise access configuration
WO2005015862A1 *3 Aug 200417 Feb 2005Onaras AgMethod and devices for secure transmission of electronic messages
CN103428077A *22 Aug 20134 Dec 2013北京明朝万达科技有限公司Method and system for safely receiving and sending mails
EP1284570A2 *13 Aug 200219 Feb 2003Research In Motion LimitedSystem and method for pushing encrypted information between a host system and a mobile data communication device
EP1284570A3 *13 Aug 200226 Nov 2003Research In Motion LimitedSystem and method for pushing encrypted information between a host system and a mobile data communication device
EP1478143A1 *9 Sep 200317 Nov 2004Onaras AGMethod and device for secure e-mail transmission
EP1633094A1 *24 Oct 20028 Mar 2006Research In Motion LimitedMultiple-stage system and method for processing encoded messages
US694134911 Jun 20026 Sep 2005Research In Motion LimitedSystem and method for pushing calendar event messages from a host system to a mobile data communication device
US725182317 Dec 200231 Jul 2007Sierra Wireless, Inc.Enterprise access configuration
US727271612 Aug 200318 Sep 2007Sap AktiengesellschaftEnterprise secure messaging architecture
US754645312 Jun 20029 Jun 2009Research In Motion LimitedCertificate management and transfer system and method
US765381512 Jun 200226 Jan 2010Research In Motion LimitedSystem and method for processing encoded messages for exchange with a mobile data communication device
US782760430 Jul 20072 Nov 2010Sierra Wireless, Inc.Enterprise access configuration
US783613125 Oct 200216 Nov 2010Sierra Wireless, Inc.Redirection of notifications to a wireless user device
US783613825 Oct 200716 Nov 2010Sierra Wireless, Inc.Redirection of notifications to a wireless user device
US795397127 Oct 200531 May 2011Research In Motion LimitedSynchronizing certificates between a device and server
US795819814 Oct 20107 Jun 2011Sierra Wireless, Inc.Redirection of notifications to a wireless user device
US8019081 *6 Aug 200213 Sep 2011Research In Motion LimitedSystem and method for processing encoded messages
US809959521 Apr 201117 Jan 2012Research In Motion LimitedSynchronizing certificates between a device and server
US81356453 Mar 200613 Mar 2012Microsoft CorporationKey distribution for secure messaging
US819485724 Oct 20025 Jun 2012Research In Motion LimitedMultiple-stage system and method for processing encoded messages
US821906910 Sep 200910 Jul 2012Research In Motion LimitedAdvanced voice and data operations in a dual-mode mobile data communication device
US835570115 Nov 201015 Jan 2013Research In Motion LimitedDisplay of secure messages on a mobile communication device
US840638920 Jul 200626 Mar 2013Research In Motion LimitedAdvanced voice and data operations in a mobile data communication device
US84735618 Nov 201225 Jun 2013Research In Motion LimitedSystem and method for handling electronic mail mismatches
US85266182 May 20123 Sep 2013Research In Motion LimitedMultiple-stage system and method for processing encoded messages
US85392261 Sep 201117 Sep 2013Blackberry LimitedCertificate management and transfer system and method
US860623925 Jun 201210 Dec 2013Blackberry LimitedAdvanced voice and data operations in a dual-mode mobile data communication device
US861193614 Sep 201217 Dec 2013Blackberry LimitedDisplay of secure messages on a mobile communication device
US86456849 Dec 20114 Feb 2014Blackberry LimitedSynchronizing certificates between a device and server
US86612679 Sep 201125 Feb 2014Blackberry LimitedSystem and method for processing encoded messages
US869399616 Feb 20128 Apr 2014Blackberry LimitedWireless router system and method
US889847312 Sep 201225 Nov 2014Blackberry LimitedSystem and method for compressing secure E-mail for exchange with a mobile data communication device
US894315630 May 201327 Jan 2015Blackberry LimitedSystem and method for handling electronic mail mismatches
US897150420 Feb 20133 Mar 2015Blackberry LimitedAdvanced voice and data operations in a mobile data communication device
US909442910 Aug 200428 Jul 2015Blackberry LimitedServer verification of secure electronic messages
US91725402 Aug 201327 Oct 2015Blackberry LimitedSystem and method for processing encoded messages for exchange with a mobile data communication device
US92583726 Apr 20129 Feb 2016Blackberry LimitedWireless router system and method
US934483929 Jul 200217 May 2016Blackberry LimitedSystem and method for pushing information from a host system to a mobile communication device
US939802327 Jul 201519 Jul 2016Blackberry LimitedServer verification of secure electronic messages
US962826910 Jul 200218 Apr 2017Blackberry LimitedSystem and method for secure message key caching in a mobile communication device
Classifications
International ClassificationH04L12/58, H04L29/06
Cooperative ClassificationH04L63/0442, H04L63/0428, H04L51/14, H04L63/102, H04L51/38
European ClassificationH04L63/10B, H04L63/04B, H04L63/04B2, H04L12/58G
Legal Events
DateCodeEventDescription
2 Mar 2000ENPEntry into the national phase in:
Ref country code: AU
Ref document number: 2000 15909
Kind code of ref document: A
Format of ref document f/p: F
2 Jun 2000AKDesignated states
Kind code of ref document: A1
Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW
2 Jun 2000ALDesignated countries for regional patents
Kind code of ref document: A1
Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG
26 Jul 2000121Ep: the epo has been informed by wipo that ep was designated in this application
21 Sep 2000DFPERequest for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
30 May 2001WWEWipo information: entry into national phase
Ref document number: 1999958570
Country of ref document: EP
19 Sep 2001WWPWipo information: published in national office
Ref document number: 1999958570
Country of ref document: EP
11 Oct 2001REGReference to national code
Ref country code: DE
Ref legal event code: 8642
3 Feb 2007WWWWipo information: withdrawn in national office
Ref document number: 1999958570
Country of ref document: EP