|Publication number||WO2000031931 A1|
|Publication date||2 Jun 2000|
|Filing date||8 Nov 1999|
|Priority date||24 Nov 1998|
|Also published as||CN1328735A, EP1133854A1|
|Publication number||PCT/1999/2021, PCT/SE/1999/002021, PCT/SE/1999/02021, PCT/SE/99/002021, PCT/SE/99/02021, PCT/SE1999/002021, PCT/SE1999/02021, PCT/SE1999002021, PCT/SE199902021, PCT/SE99/002021, PCT/SE99/02021, PCT/SE99002021, PCT/SE9902021, WO 0031931 A1, WO 0031931A1, WO 2000/031931 A1, WO 2000031931 A1, WO 2000031931A1, WO-A1-0031931, WO-A1-2000031931, WO0031931 A1, WO0031931A1, WO2000/031931A1, WO2000031931 A1, WO2000031931A1|
|Applicant||Telefonaktiebolaget Lm Ericsson (Publ)|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (4), Non-Patent Citations (3), Referenced by (49), Classifications (11), Legal Events (9)|
|External Links: Patentscope, Espacenet|
METHOD AND SYSTEM FOR SECURING DATA OBJECTS
BACKGROUND OF THE INVENTION Technical Field of the Invention
The present invention relates generally to the telecommunications field and, in particular, to a method and system for securing data objects such as electronic mail (e-mail).
Description of Related Art Mobile radiotelephone users have a significant problem gaining access to corporate information when they are on travel or at home. Today, most remote access solutions for gaining access to corporate information for such mobile users are based on the use of dial-up connections to dedicated modem pools. Another solution for obtaining the desired coφorate information is to route the information to or from the user using an arbitrary Internet connection and an encrypted "tunnel" to a gateway at the border between the Internet and the coφorate Local Area Network (LAN). However, the problem with such a solution is that the user's equipment is located outside the coφorate network, and consequently, that equipment can be quite vulnerable to security attacks and breaches. It is expected that, in the near future, numerous high-speed Internet connections will become available. Consequently, it is currently desirable to design solutions for gaining access to coφorate network information that will work for any Internet Protocol (IP) connection. In particular, it is currently desirable to provide a secure and flexible solution for a specific type of coφorate information service: e-mail.
There are numerous ways to provide secure access to coφorate information over an IP connection. As such, different protocols for providing secure access to such information have been, or are being, standardized by the Internet Engineering Task Force (IETF). The security protection can be placed at a number of different levels in the communications stack. However, there are essentially two basic protection approaches that can be used: application protection and transport protection. The Secure Multi-puφose Internet Mail Extension (S/MIME) Standard currently being developed in the IETF is an example of an application protection approach, while the Transport Layer Security (TLS), SSH, and Internet Protocol Security (IPSEC) protocols are for transport protection.
Low level information protection can be beneficial because the services can be provided without requiring any changes to the applications involved. On the other hand, low level protection protocols (e.g., IPSEC protocol) require substantial modifications to the operating systems involved. Furthermore, information that is protected only during transport requires additional protection when the information is ultimately stored at the clients' locations and servers.
In that regard, the S/MIME Standard should be able to provide adequate protection for e-mail messages while they are stored at a user's terminal and/or mail server. For example, the S/MIME protection approach should make it possible to provide e-mail services that are totally open at the Internet and extremely easy to access. As such, it is expected that this model of open but protected information will be one of the more important security models in the future.
The standard Netscape® and Microsoft® e-mail tools support the S/MIME protocol. As such, the S/MIME Standard should provide a way to encrypt MIME information in a way that is flexible and secure. The S/MIME standard will be a combination of public key encryption and symmetric encryption. The symmetric key encryption will be used to encrypt the actual information content in the MIME messages, and the public keys will be used to encrypt the symmetric key used for encryption of the MIME content, or for digitally signing the MIME message. The
S/MBVIE approach will use digital certificates to check the validity of the public keys used.
Secure e-mail approaches such as S/MIME, are based on a point-to-point communication model. In other words, an arbitrary user in a network communicates with another user in the network, and the communication between the two users is secure. Unfortunately, however, such a point-to-point security model does not fit well in a conventional coφorate network architecture. Typically, a coφorate network (e.g., LAN) is an IP-based private network, and its only access to the Internet is through a firewall. Consequently, it is intentionally made difficult to access information in the coφorate network from the other side of the firewall. Furthermore, many users of the coφorate network are not interested in maintaining encryption key information, or to have to look up such key information every time an e-mail message is to be sent to another user in the network. Simply put, it is a relatively difficult problem to implement a point-to- point security model for protecting e-mail in such large organizations as coφorations. However, as described in detail below, the present invention successfully resolves the above-described problems.
SUMMARY OF THE INVENTION
In accordance with the present invention, a method and system are provided for securing private e-mail that can be conveyed to and from a user via an open network such as the Internet. Essentially, the e-mail messages are encrypted with a secure digital envelope type protocol which can be based on the use of digital certificates. An example of such a digital envelope encryption protocol is the S/MIME protocol. As such, a domain-to-user security relationship is used instead of a user-to-user or domain-to-domain security relationship. For example, in a preferred embodiment of the present invention, a mobile radiotelephone user of a coφorate network can have certain incoming e-mail forwarded to an external mail server (e.g., in the Internet). The mail to be forwarded is first encrypted into a secure digital envelope format (e.g.,S/MIME format) with the user's secret key. Consequently, the protected e-mail from the coφorate network can be forwarded to the user via the external mail server (e.g., in the Internet) without compromising security.
An important technical advantage of the present invention is that a mobile user can receive and view secure e-mail via an open network such as the Internet.
Another important technical advantage of the present invention is that a coφorate network user's e-mail can be secured with a maximum of two digital certificates required to obtain such protection.
Still another important technical advantage of the present invention is that the security of a user's e-mail is independent of the mail server used.
BRIEF DESCRIPTION OF THE DRAWINGS A more complete understanding of the method and apparatus of the present invention may be had by reference to the following detailed description when taken in conjunction with the accompanying drawings wherein:
FIGURE 1 is a diagram that illustrates a secure e-mail system and method that can be implemented in accordance with a preferred embodiment of the present invention; and
FIGURE 2 is a flow diagram of a method that can be used for encryption and decryption of e-mail using the S/MEVIE standard in accordance with the preferred embodiment of the present invention.
DETAILED DESCRIPTION OF THE DRAWINGS The preferred embodiment of the present invention and its advantages are best understood by referring to FIGURES 1 -2 of the drawings, like numerals being used for like and corresponding parts of the various drawings. Essentially, in accordance with the present invention, a method and system are provided for securing private e-mail that can be conveyed to and from a user via an open network such as the Internet. The e-mail messages are encrypted with a secure digital envelope type protocol which can be based on the use of digital certificates. An example of such a digital envelope encryption protocol is the S/MIME protocol. As such, a domain-to-user security relationship is used instead of a user-to-user or domain-to-domain security relationship. For example, in a preferred embodiment of the present invention, a mobile radiotelephone user of a coφorate network can have certain incoming e-mail forwarded to an external mail server (e.g., in the Internet). The mail to be forwarded is first encrypted into a secure digital envelope format (e.g., S/MIME format) with the user's secret key. Consequently, the protected e-mail from the coφorate network can be forwarded to the user via the external mail server (e.g., in the Internet) without compromising security. As such, although the present invention is described herein primarily with respect to the protection of e-mail, the present invention can also apply to the protection of any data object, such as, for example, data programs, JAVA programs, or mobile code. Specifically, FIGURE 1 is a diagram that illustrates a secure e-mail system and method that can be implemented in accordance with a preferred embodiment of the present invention. For this embodiment, an exemplary system 10 includes an open or public-access network (e.g., the Internet) and a private network (e.g., a coφorate intranet or LAN). The two networks are typically separated by a firewall 12, which functions primarily to protect and maintain the confidentiality of the information stored in the private network.
The open network includes a mail server 16 (external to the private network). A user (e.g., user of the private network) can access the mail server 16 to receive and view e-mail with a personal computer (PC) or Personal Digital Assistant (PDA) 14. For this exemplary embodiment, the user is preferably a mobile radiotelephone user who can gain access to the mail server 16 over a conventional wireless connection 18. For example, the user's PC (or PDA) 14 can include a speech/data connection to a mobile radiotelephone, such as, for example, a cellular phone. The user's PC (or PDA) 14 can utilize a conventional e-mail application such as Netscape® mail or Microsoft Outlook Express® to forward or receive e-mail to or from the mail server 16 via the connection 18. Nevertheless, although a wireless connection 18 is shown, the scope of the present invention is not intended to be so limited, and can include the use of, for example, a wireline connection, fiber optic connection, etc. However, the use of a wireless connection 18 via a mobile phone is more convenient for a user who is periodically on the move (e.g., in an automobile, train, aircraft, etc.).
For this embodiment, the user's PC (or PDA) 14 is also connected to the coφorate network (generally denoted as 22) via a wireless (or any other appropriate) connection 20. For example, the user' s PC (or PDA) 14 can transfer data via a cellular phone over the wireless connection 20 to a dial-up modem at the coφorate network 22. Additionally, the user's PC 14 can be connected to the coφorate network's
World-Wide Web (WWW) interface 26 via a secure connection 32 (e.g., using the TLS protocol). The primary puφose for this secure connection 32 in the context of FIGURE 1 is to enable the user to formulate and convey an e-mail forwarding policy to the coφorate network 22.
For this exemplary embodiment, the coφorate network 22 includes a mail server 24 (e.g., on a coφorate LAN). The Web interface 26 can be a conventional
Web interface typically used for, among other things, maintaining e-mail forwarding policies responsive to users' directions. The coφorate network 22 also includes a decryption unit 28 for decrypting an incoming e-mail message that has been encrypted using a packet or digital envelope cryptographic protocol (e.g., S/MIME). In this embodiment, the decryption unit 28 preferably includes a software application that can decrypt a secure digital envelope-formatted (e.g., S/MIME-protected) e-mail message conveyed via the connection 20 from the user's PC 14. An encryption unit 30 preferably includes a software application that functions to encrypt an outgoing e-mail message with a secure digital envelope format (e.g., from a MIME format to S/MIME format). The encrypted e-mail messages are coupled from the coφorate network 22 to the external mail server 16 via a conventional data connection 34. For example, the coφorate network 22 can be connected to an Internet mail server (16) via a Public Switched Telephone Network (PSTN) Tl line (34).
In operation (referring to the exemplary embodiment illustrated in FIGURE 1 ), a mobile phone user employs the PC (or PDA) 14 to send a message including e-mail forwarding policy instructions to the Web interface 26. Preferably, the e-mail forwarding policy message is transported via a secure connection 32 (e.g., using TLS, IPSEC or any other appropriate secure transport protocol) to the Web interface 26. This mail forwarding policy predetermines which e-mail messages are to be transported from the coφorate network 22, and to what address (e.g., to the external mail server 16). For example, the user's e-mail forwarding policy can include instructions to forward all incoming e-mail messages from the coφorate LAN to the external mail server, or just to forward certain e-mail messages only (e.g., just those arriving from a specific set of addresses, or having a certain priority). As such, the user's e-mail forwarding policy actually selected can be a matter of personal (or coφorate) choice. At this point, it is useful to describe in general how a secure digital envelope format can be used to implement the present invention. A secure digital envelope is a message, or information string, packed into a certain format to provide confidentiality, and/or integrity, and/or non-repudiation. In order to transform any clear-text message into a protected digital envelope format, a combination of symmetric and asymmetric cryptographic functions can be used. Unlike most secure data transport protocols, a digital envelope can be used for off-line decryption and integrity-checking. Once transformed into a secure cryptographic envelope format, a secure message can be decrypted and checked at any time by anyone who possesses a correct secret key. As mentioned earlier, the S/MIME standard is an example of a secure digital envelope format.
As an exemplary type of secure digital envelope format that can be used to implement the present invention, the S/MIME standard can provide confidentiality and/or integrity and non-repudiation protection for MIME messages. Encrypting a MIME message with a secret symmetric key provides confidentiality for the message, while using a digital signature provides integrity and non-repudiation for the message. In accordance with the S/MEVIE standard, a message can just be encrypted, just signed, or both encrypted and signed. The following description illustrates an exemplary method that can be used with the S/MIME standard to provide confidentiality, integrity and non-repudiation protection for a MIME message to be sent from one user to another.
For example, assume that a user, A, wants to send a MIME message, M, to an arbitrary user, B, using the S/MEVIE standard. Let "g" represent a public key encryption algorithm used for encryption so that for a public key pair, Kjpublic and K_secret, an arbitrary message, L, will be encrypted as, L'=g(K_public,L), and decrypted as, L=g'(K_secret,L'). Let "e" represent a public key algorithm used for signing so that for a public key pair, K_public and K_secret, a short message, L, will be signed as S=e(K_secret,L). Let S '=e'(K_public,S). As such, an arbitrary signature, S, for the message, L, is valid if and only if S '=S. Let "h" represent a one-way hash function so that for any message, M, the function h(M) equals a 128 bit value, and that given M and h(M), it is computationally infeasible to find any other message, M ' , such that h(M')=h(M). Given these exemplary conditions, a method that can be used for encryption and decryption using the S/MEVIE standard in accordance with the preferred embodiment of the present invention, is shown in FIGURE 2.
Referring to the assumptions and conditions described above and the exemplary method 200 shown in FIGURE 2, at step 201 , user A (e.g., A's terminal) searches for a public encryption key, K_publicB, for user B. For example, such a key can be contained in a digital certificate signed by a trusted third party. At step 202, user A generates a random value for a key, K_s. At step 203, user A encrypts the message, M, using the key, K_s, and a symmetric encryption algorithm f, as C=f(K_s,M). At step 104, user A encrypts the key, K_s as K'=g(K_publicB,K_s). At step 105, user A holds the public key pair, K_publicA,K_secretA, to be used for signing messages. User A then computes a digital hash for the cipher text C, as C ' =h(C), and uses the key, K_secretA, to sign C ' as, S=e(K_secretA,C')=e(K_secretA,h(C)). At step 206, user A (e.g., A's terminal) sends the message, (K',S,C), to user
B together with a digital certificate (e.g., signed by a trusted third party) which contains the key, K_publicA. At step 207, user B (e.g., B's terminal) receives the message, (K',S,C), together with a certificate which contains the public key, K_publicA. At step 208, user B checks the signature of the certificate with the key, K_publicA. At step 209, if user B determines that the signature is correct, user B accepts the key, K_publicA, as the public signing key of user A. Otherwise, if the signature is incorrect, then user B considers the message (K',S,C) as invalid and can disregard the communication.
At step 210, user B calculates S'=e'(K_publicA,h(C)). At step 211, if user B determines that S'=S, then user B accepts the message (K'S,C) as a valid message from A. Otherwise, user B considers the message as invalid. At step 212, user B calculates K_s=(K_secretB,K'). At step 213, user B decrypts C as M=f (K_s,C), and thus obtains the message, M, originally from user A.
Returning to FIGURE 1 , and in the context of the preferred embodiment of the present invention, the e-mail to be forwarded (in accordance with the user's predetermined mail forwarding policy) from the coφorate network (LAN) 22 to the external network's (Internet) mail server 16 is first encrypted. For example, in this exemplary embodiment, the e-mail messages stored in the coφorate network's mail server 24 are maintained in the MEVIE format. As such, using the exemplary method 200 described above, the encryption unit 30 can encrypt each e-mail message to be forwarded to the external mail server into an S/MEVIE format. If the user is employing a PDA (14) instead of a PC, the encryption unit 30 can encrypt the e-mail to be forwarded into the S/MEVIE format using symmetric keys shared between the network mail server 24 and the user's PDA 14. A digital certificate can be used to assure the integrity and non-repudiation of the message. The S/MEVIE encrypted e-mail messages are transmitted from the network 22 to the external mail server 16 via the conventional connection 34. The encrypted e- mail is then maintained in the user's mailbox at the external mail server, until the user requests the mail for delivery to the PC (or PDA) 14. Using a conventional mail tool (e.g., Netscape mail or Microsoft's Outlook Express), the user's PC (or PDA) 14 can retrieve the encrypted mail from the external mail server 16 via the connection 18.
Using the exemplary method 200 described above, the user's PC 14 can check the signature of the certificate and decrypt the mail from the S/MEVIE format to the MIME format. If a PDA (14) is used, it decrypts the received mail.
The mobile user can also transmit encrypted e-mail messages from the PC (or PDA) 14 to the network 22. For this embodiment, using the same method 200, the user's PC (or PDA) 14 encrypts the e-mail to be forwarded to the network 22 from the MEVIE format to an S/MEVIE format, mail server 22. The encrypted e-mail message (and a digital certificate associated with the mail server 22) is transmitted from the PC 14 to the decryption unit 28 via connection 20. The decryption unit 28 checks the digital certificate and then decrypts the received e-mail message from the S/MEVIE format to the MEVIE format. Notably, as opposed to the S/MEVIE approaches now under consideration, the present invention requires the use of only two digital certificates for authentication: the user's certificate for encrypted mail forwarded to the external mail server; and the coφorate mail server's certificate for encrypted mail forwarded to the coφorate network's mail server. A conventional Certificate
Management System can be used in the coφorate network's mail server 24 to handle both the issuance of digital certificates and the publication of the revocation of such certificates, if so required.
In accordance with a second embodiment of the present invention, one or more e-mail mailing lists can be implemented and secured. For example, mailing lists currently are useful for large groups of people having some common interests in communicating by e-mail. In order to subscribe to a mailing list, a person can send certain subscription e-mail containing the e-mail messages intended for communication to a mailing list e-mail server. The subscription e-mail can contain the e-mail address where the subscriber desires to receive e-mail from the mailing list. All mail received by the mailing list server is forwarded to all mail addresses of subscribers to the list. At present, anyone who wishes to subscribe to an e-mail list may do so. As such, the only identity related to a subscriber is that subscriber's e-mail address. However, a problem is that e-mail address could be an anonymous address. In other words, it is currently not possible for a mailing list administrator to prevent malicious use of the list by certain subscribers. Moreover, all e-mail messages currently being sent to and from mailing list servers are sent in clear text. However, the secure e-mail gateway provided by the present invention can be used to prevent such problems.
For example, in accordance with the preferred embodiment of the present invention, the MEVIE to S/MEVIE (or S/MEVIE to MEVIE) e-mail gateway (e.g., units
24-30) can be used as a mailing list server. By requiring that all subscription messages be sent in S/MEVIE, for example, and be signed with a valid signature and certificate, the identity of the subscriber can be determined before allowing the subscriber to enter the mailing list in the server. By requiring that all messages sent to the mailing list server be encrypted with the gateway' s key and signed by the user, the confidentiality and integrity of the mail received by the gateway 22 can be ensured. Before forwarding mail, the gateway 22 can encrypt the e-mail by using the receiver's certificate. Consequently, all messages sent to and from the mailing list (server) will be protected. A preferred embodiment of the method and apparatus of the present invention has been illustrated in the accompanying Drawings and described in the foregoing Detailed Description, it will be understood that the invention is not limited to the embodiment disclosed, but is capable of numerous rearrangements, modifications and substitutions without departing from the spirit of the invention as set forth and defined by the following claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|WO1996013113A1 *||12 Oct 1995||2 May 1996||Secure Computing Corporation||System and method for providing secure internetwork services|
|WO1997000471A2 *||16 Jun 1996||3 Jan 1997||Check Point Software Technologies Ltd.||A system for securing the flow of and selectively modifying packets in a computer network|
|WO1997047106A1 *||29 May 1997||11 Dec 1997||Webtv Networks, Inc.||A method and apparatus for using network address information to improve the performance of network transactions|
|GB2323757A *||Title not available|
|1||*||HERFERT M: "SECURITY-ENHANCED MAILING LISTS", IEEE NETWORK: THE MAGAZINE OF COMPUTER COMMUNICATIONS, vol. 11, no. 3, 1 May 1997 (1997-05-01), pages 30 - 33, XP000689787, ISSN: 0890-8044|
|2||*||LEVIEN R: "PROTECTING INTERNET E-MAIL FROM PRYING EYES", DATA COMMUNICATIONS, vol. 25, no. 6, 1 May 1996 (1996-05-01), pages 117/118, 120, 122, XP000587586, ISSN: 0363-6399|
|3||*||SMITH R E: "A SECURE EMAIL GATEWAY (BUILDING AN RCAS EXTERNAL INTERFACE)", PROCEEDINGS. ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 1994, XP002912413|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|WO2002093849A2 *||15 May 2002||21 Nov 2002||Kasten Chase Applied Research Limited||System for secure electronic information transmission|
|WO2002093849A3 *||15 May 2002||23 Jan 2003||Kasten Chase Applied Res Ltd||System for secure electronic information transmission|
|WO2003015367A2 *||6 Aug 2002||20 Feb 2003||Research In Motion Limited||System and method for processing encoded messages|
|WO2003015367A3 *||6 Aug 2002||30 May 2003||Research In Motion Ltd||System and method for processing encoded messages|
|WO2003036887A1 *||24 Oct 2002||1 May 2003||Research In Motion Limited||Multiple-stage system and method for processing encoded messages|
|WO2004021665A3 *||29 Aug 2003||15 Apr 2004||Sap Ag||Enterprise secure messaging architecture|
|WO2004039019A1 *||23 Oct 2003||6 May 2004||Sierra Wireless, Inc.||Redirection of notifications to a wireless user device|
|WO2004056062A2 *||17 Dec 2003||1 Jul 2004||Sierra Wireless, Inc.||Enterprise access configuration|
|WO2004056062A3 *||17 Dec 2003||26 Aug 2004||Sierra Wireless Inc||Enterprise access configuration|
|WO2005015862A1 *||3 Aug 2004||17 Feb 2005||Onaras Ag||Method and devices for secure transmission of electronic messages|
|CN103428077A *||22 Aug 2013||4 Dec 2013||北京明朝万达科技有限公司||Method and system for safely receiving and sending mails|
|EP1284570A2 *||13 Aug 2002||19 Feb 2003||Research In Motion Limited||System and method for pushing encrypted information between a host system and a mobile data communication device|
|EP1284570A3 *||13 Aug 2002||26 Nov 2003||Research In Motion Limited||System and method for pushing encrypted information between a host system and a mobile data communication device|
|EP1478143A1 *||9 Sep 2003||17 Nov 2004||Onaras AG||Method and device for secure e-mail transmission|
|EP1633094A1 *||24 Oct 2002||8 Mar 2006||Research In Motion Limited||Multiple-stage system and method for processing encoded messages|
|US6941349||11 Jun 2002||6 Sep 2005||Research In Motion Limited||System and method for pushing calendar event messages from a host system to a mobile data communication device|
|US7251823||17 Dec 2002||31 Jul 2007||Sierra Wireless, Inc.||Enterprise access configuration|
|US7272716||12 Aug 2003||18 Sep 2007||Sap Aktiengesellschaft||Enterprise secure messaging architecture|
|US7546453||12 Jun 2002||9 Jun 2009||Research In Motion Limited||Certificate management and transfer system and method|
|US7653815||12 Jun 2002||26 Jan 2010||Research In Motion Limited||System and method for processing encoded messages for exchange with a mobile data communication device|
|US7827604||30 Jul 2007||2 Nov 2010||Sierra Wireless, Inc.||Enterprise access configuration|
|US7836131||25 Oct 2002||16 Nov 2010||Sierra Wireless, Inc.||Redirection of notifications to a wireless user device|
|US7836138||25 Oct 2007||16 Nov 2010||Sierra Wireless, Inc.||Redirection of notifications to a wireless user device|
|US7953971||27 Oct 2005||31 May 2011||Research In Motion Limited||Synchronizing certificates between a device and server|
|US7958198||14 Oct 2010||7 Jun 2011||Sierra Wireless, Inc.||Redirection of notifications to a wireless user device|
|US8019081 *||6 Aug 2002||13 Sep 2011||Research In Motion Limited||System and method for processing encoded messages|
|US8099595||21 Apr 2011||17 Jan 2012||Research In Motion Limited||Synchronizing certificates between a device and server|
|US8135645||3 Mar 2006||13 Mar 2012||Microsoft Corporation||Key distribution for secure messaging|
|US8194857||24 Oct 2002||5 Jun 2012||Research In Motion Limited||Multiple-stage system and method for processing encoded messages|
|US8219069||10 Sep 2009||10 Jul 2012||Research In Motion Limited||Advanced voice and data operations in a dual-mode mobile data communication device|
|US8355701||15 Nov 2010||15 Jan 2013||Research In Motion Limited||Display of secure messages on a mobile communication device|
|US8406389||20 Jul 2006||26 Mar 2013||Research In Motion Limited||Advanced voice and data operations in a mobile data communication device|
|US8473561||8 Nov 2012||25 Jun 2013||Research In Motion Limited||System and method for handling electronic mail mismatches|
|US8526618||2 May 2012||3 Sep 2013||Research In Motion Limited||Multiple-stage system and method for processing encoded messages|
|US8539226||1 Sep 2011||17 Sep 2013||Blackberry Limited||Certificate management and transfer system and method|
|US8606239||25 Jun 2012||10 Dec 2013||Blackberry Limited||Advanced voice and data operations in a dual-mode mobile data communication device|
|US8611936||14 Sep 2012||17 Dec 2013||Blackberry Limited||Display of secure messages on a mobile communication device|
|US8645684||9 Dec 2011||4 Feb 2014||Blackberry Limited||Synchronizing certificates between a device and server|
|US8661267||9 Sep 2011||25 Feb 2014||Blackberry Limited||System and method for processing encoded messages|
|US8693996||16 Feb 2012||8 Apr 2014||Blackberry Limited||Wireless router system and method|
|US8898473||12 Sep 2012||25 Nov 2014||Blackberry Limited||System and method for compressing secure E-mail for exchange with a mobile data communication device|
|US8943156||30 May 2013||27 Jan 2015||Blackberry Limited||System and method for handling electronic mail mismatches|
|US8971504||20 Feb 2013||3 Mar 2015||Blackberry Limited||Advanced voice and data operations in a mobile data communication device|
|US9094429||10 Aug 2004||28 Jul 2015||Blackberry Limited||Server verification of secure electronic messages|
|US9172540||2 Aug 2013||27 Oct 2015||Blackberry Limited||System and method for processing encoded messages for exchange with a mobile data communication device|
|US9258372||6 Apr 2012||9 Feb 2016||Blackberry Limited||Wireless router system and method|
|US9344839||29 Jul 2002||17 May 2016||Blackberry Limited||System and method for pushing information from a host system to a mobile communication device|
|US9398023||27 Jul 2015||19 Jul 2016||Blackberry Limited||Server verification of secure electronic messages|
|US9628269||10 Jul 2002||18 Apr 2017||Blackberry Limited||System and method for secure message key caching in a mobile communication device|
|International Classification||H04L12/58, H04L29/06|
|Cooperative Classification||H04L63/0442, H04L63/0428, H04L51/14, H04L63/102, H04L51/38|
|European Classification||H04L63/10B, H04L63/04B, H04L63/04B2, H04L12/58G|
|2 Mar 2000||ENP||Entry into the national phase in:|
Ref country code: AU
Ref document number: 2000 15909
Kind code of ref document: A
Format of ref document f/p: F
|2 Jun 2000||AK||Designated states|
Kind code of ref document: A1
Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW
|2 Jun 2000||AL||Designated countries for regional patents|
Kind code of ref document: A1
Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG
|26 Jul 2000||121||Ep: the epo has been informed by wipo that ep was designated in this application|
|21 Sep 2000||DFPE||Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)|
|30 May 2001||WWE||Wipo information: entry into national phase|
Ref document number: 1999958570
Country of ref document: EP
|19 Sep 2001||WWP||Wipo information: published in national office|
Ref document number: 1999958570
Country of ref document: EP
|11 Oct 2001||REG||Reference to national code|
Ref country code: DE
Ref legal event code: 8642
|3 Feb 2007||WWW||Wipo information: withdrawn in national office|
Ref document number: 1999958570
Country of ref document: EP