Abstract: A certificate enrolment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrolment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password.

Abstract: A method and system for establishing a secure over-the-air (OTA) connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network. A secure session is instantiated on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA connection. A registration key and a reset key are defined, and stored in association with the secure session on both the server and the wireless device. Access to the secure session is controlled using at least the registration key, and the secure session is maintained on the server only as long as the connection owner has a valid registration key.

Abstract: Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.

Abstract: A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination.

Abstract: A method can output content of interest of a structured electronic document from a computer or distributed computer system having a processor and memory. The method includes loading a common expression and a data structure definition into memory, the common expression identifying a content element in a first structured electronic document, the data structure definition defined according to the common expression; creating in memory an instance of a data structure defined by the data structure definition; applying with the processor the common expression to a second structured electronic document to extract a content element from the second structured electronic document; storing the extracted content element in the instance of the data structure; and populating a template structured electronic document using the instance of the data structure to produce an output structured electronic document.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion.

Abstract: A certificate enrollment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrollment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password.

Abstract: Methods and systems for secure channel initialization between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: sending a secure channel initialization request from the client network element to the server network element; receiving the secure channel initialization request at the server network element; creating a server credential and a client credential at the server network element; and sending a secure channel initialization response from the server network element to the client network element, the secure channel initialization response including the server credential and the client credential, wherein said server credential and said client credential are used to establish a secure session.

Abstract: A secure correlation identifier (SCID) for authentically correlating notifications received from event sources with subscriptions, a SCID authentication system and method of filtering unsolicited messages are provided. The SCID comprises a correlation identifier for making the SCID unique, a sequence of bits concatenated with the correlation identifier and a secure tag concatenated with the concatenation of the correlation identifier and the sequence of bits. The system comprises a SCID generator for generating a SCID to be used in a message and a SCID authenticator for authenticating the SCID. The method comprises the steps of receiving a notification message having a SCID, verifying that that SCID is authentic, accepting the message if the SCID is authentic and rejecting the message if the SCID is not authentic.

Abstract: Methods and systems for secure channel initialization transaction security between a client network element and a server network element are disclosed.

Abstract: Provided is a method and apparatus for sharing information from a communication device. The communication device is to send first information to a first apparatus and second information to a second apparatus. In accordance with an embodiment of the application, the communication device combines the first information and the second information in a single message and then sends the message to a network node. In accordance with another embodiment of the application, the network node separates the first information from the second information and sends the first information and the second information to the first apparatus and the second apparatus, respectively. Note that the communication device did not have to send separate messages to the apparatuses and therefore there is a reduction in number of messages sent by the communication device. This reduction has an effect of reducing network utilization by the communication device.

Abstract: A method and apparatus for client credential based authentication of messages between a client and a server, the client and server both knowing the client credential, the method comprising the steps of: utilizing the client credential to create a key; and using the key to authenticate messages between the client and the server.

Abstract: A certificate enrollment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrollment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password.

Abstract: A mobile communication device operates in a wireless communication network with use of a communication service provided by a service provider (e.g. a wireless carrier for voice telephony, or data service provider for data synchronization). An application server receives, via the wireless network, a message from the mobile device. The message has a field for inclusion of a token having a digital signature corresponding to the service provider. The application server performs token validation of the message, which includes a verification step for verifying the digital signature of the token with a public key corresponding to the service provider. The application server then grants or denies access to an application service depending on the outcome of the token validation. In one embodiment, the application service is an e-commerce transaction service, wherein a proof-of-work (POW) test (e.g. a Captcha test) otherwise utilized for the service is bypassed or excluded.

Abstract: Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission.

Abstract: A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients.

Abstract: A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination.

Abstract: Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.

Abstract: By automatically obtaining the entirety of a received message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. In both the above contexts, handling message receipts when message processing ahead of message transmission involved more than one component may be facilitated by storing appropriate expected receipt content during the message processing, either on the device or the server. Validation of the receipt can then be accomplished through use of the stored expected receipt content in a manner that retains the benefits of message processing ahead of message transmission that involves more than one component.

Abstract: Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.