Abstract: Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, encrypt and sign the composite message. Conveniently, security considerations are maintained even in view of bandwidth optimization measures.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion.

Abstract: Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for confidentiality or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, construct a cryptographic message syntax message.

Abstract: Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key.

Abstract: A system and method of forwarding an e-mail from a wireless device is provided. The wireless device receives the e-mail message in portions as needed, the portions having the attachments contained therein. The portions of the e-mail message containing only a subset of attachments associated with the e-mail message in the user mailbox. When a wireless device forwards the e-mail message to one or more recipients a message identifier and an attachment indicator is provided for identifying the number of attachments in the e-mail message to be forwarded. The identified e-mail message is retrieved and the attachments are extracted from the retrieved e-mail message based on the attachment indicator. The e-mail message is forwarded to the one or more recipients and the extracted attachments.

Abstract: A method can output content of interest of a structured electronic document from a computer or distributed computer system having a processor and memory. The method includes loading a common expression and a data structure definition into memory, the common expression identifying a content element in a first structured electronic document, the data structure definition defined according to the common expression; creating in memory an instance of a data structure defined by the data structure definition; applying with the processor the common expression to a second structured electronic document to extract a content element from the second structured electronic document; storing the extracted content element in the instance of the data structure; and populating a template structured electronic document using the instance of the data structure to produce an output structured electronic document.

Abstract: A method of identifying content of interest in a structured electronic document by an electronic device having a processor, an input device, and a display device, includes rendering a structured electronic document to the display device; receiving through the input device at least two separate indications of content elements within the rendered structured electronic document; and identifying with the processor a common characteristic of the indicated content elements, and identifying any further content element within the rendered structured electronic document sharing the common characteristic with the indicated content elements.

Abstract: A method can extract content of interest from a structured electronic document with an electronic device having a processor, an input device, and a display device. The method includes receiving through the input device an indication of a plurality of content elements within a first structured electronic document; determining with the processor a portion of the first structured electronic document associated with each indicated content element; and forming with the processor a common expression based on the determined portions, the common expression being common to all of the determined portions, wherein when the common expression is applied to a second structured electronic document, another content element is extracted from the second structured electronic document.

Abstract: Provided is a method and apparatus for sharing information from a communication device. The communication device is to send first information to a first apparatus and second information to a second apparatus. In accordance with an embodiment of the application, the communication device combines the first information and the second information in a single message and then sends the message to a network node. In accordance with another embodiment of the application, the network node separates the first information from the second information and sends the first information and the second information to the first apparatus and the second apparatus, respectively. Note that the communication device did not have to send separate messages to the apparatuses and therefore there is a reduction in number of messages sent by the communication device. This reduction has an effect of reducing network utilization by the communication device.

Abstract: In one illustrative example, a method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP) involves setting, at the communication device, an HTTP cookie which includes a user identification of a user of the communication device and a message portion which is signed with a digital signature of the user. The communication device sends, to an application server site via the communication network, a request message which includes the HTTP cookie. If verification of the digital signature at the application server site is successful, the communication device will receive access to an application service of the application server site. In one variation, the HTTP cookie is alternatively set with a group identification of a group with which the user is associated, and the message portion is signed with a digital signature of the group.

Abstract: A mobile communication device operates in a wireless communication network with use of a communication service provided by a service provider (e.g. a wireless carrier for voice telephony, or data service provider for data synchronization). An application server receives, via the wireless network, a message from the mobile device. The message has a field for inclusion of a token having a digital signature corresponding to the service provider. The application server performs token validation of the message, which includes a verification step for verifying the digital signature of the token with a public key corresponding to the service provider. The application server then grants or denies access to an application service depending on the outcome of the token validation. In one embodiment, the application service is an e-commerce transaction service, wherein a proof-of-work (POW) test (e.g. a Captcha test) otherwise utilized for the service is bypassed or excluded.

Abstract: Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle.

Abstract: Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission.

Abstract: Methods and systems for secure channel initialization transaction security between a client network element and a server network element are disclosed.

Abstract: Methods and systems for secure channel initialization between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: sending a secure channel initialization request from the client network element to the server network element; receiving the secure channel initialization request at the server network element; creating a server credential and a client credential at the server network element; and sending a secure channel initialization response from the server network element to the client network element, the secure channel initialization response including the server credential and the client credential, wherein said server credential and said client credential are used to establish a secure session.

Abstract: A method and apparatus for secure record protocol in a system with a server and a client, the method having the steps of: utilizing a mobile user credential as an input to a key generator, the mobile user credential being known to both the server and the client; generating one or two public key-private key pairs based on the mobile user credential input; and sending a message signed with a private key.

Abstract: A method and apparatus for client credential based authentication of messages between a client and a server, the client and server both knowing the client credential, the method comprising the steps of: utilizing the client credential to create a key; and using the key to authenticate messages between the client and the server.

Abstract: A secure correlation identifier (SCID) for authentically correlating notifications received from event sources with subscriptions, a SCID authentication system and method of filtering unsolicited messages are provided. The SCID comprises a correlation identifier for making the SCID unique, a sequence of bits concatenated with the correlation identifier and a secure tag concatenated with the concatenation of the correlation identifier and the sequence of bits. The system comprises a SCID generator for generating a SCID to be used in a message and a SCID authenticator for authenticating the SCID. The method comprises the steps of receiving a notification message having a SCID, verifying that that SCID is authentic, accepting the message if the SCID is authentic and rejecting the message if the SCID is not authentic.

Abstract: A method and system for establishing a secure over-the-air (OTA) connection between a connection owner and a server, the connection owner being associated with a wireless device connected to the server via a communications network. A secure session is instantiated on behalf of the connection owner, the secure session being maintained by the server and defining a context for the secure OTA connection. A registration key and a reset key are defined, and stored in association with the secure session on both the server and the wireless device. Access to the secure session is controlled using at least the registration key, and the secure session is maintained on the server only as long as the connection owner has a valid registration key.

Abstract: An application that was not internationalized when coded may be internationalized through the addition of interception and localization logic and tables without modification of the original application logic. The interception logic may be configured to intercept calls to an application component and invoke localization logic in response to an intercepted call to the application component. The interception logic may use dynamic proxies to intercept method calls from a client component to an application component both before and after the execution of the method. The interception logic may use JAVA reflection to determine whether input parameters or return values associated with the method call are localizable. The application component logic may operate on data stored in a primary database table in which the data is represented in the system default locale.