Abstract: A mobile wireless communication device also has at least one wired communication port. Enhanced security is achieved by permitting the device to automatically disable one or more wireless ports when connected to a wired port. Specific combinations/permutations of such automatic control may be effected by use of an IT Policy also resident on the device.

Abstract: A system and method for processing messages being composed by a user of a computing device (e.g. a mobile device). Embodiments are described in which the performance of certain tasks is initiated before a direction is received from a user to send a message being composed by the user. This may involve, for example, “pre-fetching” security-related data that will be required in order to send a message that is in the process of being composed by the user securely. Such data may include security policy data, certificate data, and/or certificate status data, for example.

Abstract: A method and apparatus for processing digitally signed messages in which address mismatch errors are detected. In at least one aspect, the number of address mismatch errors reported to a user for a message may be minimized for messages that properly incorporate message portions signed by someone other than the sender of the message, as may be the case where the message contains a conversation thread for example, by performing at least one pre-determined action for digital signatures corresponding to signed data appearing after a message separator. The message separator may indicate that the message contains data from an older forwarded message or from an older message that has been replied to, for example. The at least one-predetermined action may comprise bypassing verification of address matches for those digital signatures, or verifying address matches for those digital signatures but suppressing user notification of any address mismatch errors, for example.

Abstract: A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password.

Abstract: Electronic messages are sent from a sending system to an identified recipient and are encoded using information contained in a certificate. A key store is accessed by a messaging application to determine if a certificate associated with the recipient is present. If no certificate is present in the key store the messaging application accesses one or more certificate services to obtain a certificate. Where validation of the retrieved certificate is required, the messaging application invokes a certificate validation process. One or more further certificates are obtained by the messaging application where the retrieved certificate is invalid.

Abstract: A device and method for generating user notifications associated with tasks that are pending completion on a mobile device. When additional input is required from a user of the mobile device to complete performance of a task and is not being received from the user within a predefined time period, at least one form of user notification is generated. The particular form or forms of user notification are defined by a user profile associated with the user. User notifications may comprise visual, audible, and/or vibratory alerts, and different forms of these user notifications may be generated in a sequence. The volume of audible alerts or the period between periodic user notifications may vary over time.

Abstract: Embodiments of a system and method for providing additional security for data being transmitted across a wireless connection that has been established using a known wireless protocol (e.g. Bluetooth) are described. An encryption key is exchanged between a computing device (e.g. a mobile device) and a wireless peripheral device (e.g. a keyboard, a printer). In exemplary embodiments, the encryption key is generated at one of the two devices. Data associated with the encryption key is output at the one device, which can be input by the user at the other device. The encryption key is then recovered at the other device from the input, thereby completing the key exchange. The encryption key can then be used to encrypt and decrypt data transmitted over the established wireless connection, providing additional security.

Abstract: Systems and methods for establishing a security-related mode of operation for computing devices. A policy data store contains security mode configuration data related to the computing devices. Security mode configuration data is used in establishing a security-related mode of operation for the computing devices.

Abstract: A system and method of storing in a computer device digital certificate data from a digital certificate are provided. When a digital certificate is received at the computer device, it is determined whether the digital certificate data in the digital certificate is stored in a first memory store in the computer device. The digital certificate data is stored in the first memory store upon determining that the digital certificate data is not stored in the first memory store.

Abstract: A system and method for processing messages being composed by a user of a computing device (e.g. a mobile device). Embodiments are described in which the performance of certain tasks is initiated before a direction is received from a user to send a message being composed by the user. This may involve, for example, “pre-fetching” security-related data that will be required in order to send a message that is in the process of being composed by the user securely. Such data may include security policy data, certificate data, and/or certificate status data, for example.

Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.

Abstract: A method and system for Certificate management and transfer between messaging clients are disclosed. When communications are established between a first messaging client and a second messaging client, one or more Certificates stored on the first messaging client may be selected and transferred to the second messaging client. Messaging clients may thereby share Certificates. Certificate management functions such as Certificate deletions, Certificate updates and Certificate status checks may also be provided.

Abstract: A device and method for generating user notifications associated with tasks that are pending completion on a mobile device. When additional input is required from a user of the mobile device to complete performance of a task and is not being received from the user within a predefined time period, at least one form of user notification is generated. The particular form or forms of user notification are defined by a user profile associated with the user. User notifications may comprise visual, audible, and/or vibratory alerts, and different forms of these user notifications may be generated in a sequence. The volume of audible alerts or the period between periodic user notifications may vary over time.

Abstract: Systems and methods for establishing a security-related mode of operation for computing devices. A security-related mode of operation is established through security mode configuration data. The security mode configuration data specifies the proper security mode or modes for operation of the computing devices.

Abstract: Embodiments of a system and method for providing additional security for data being transmitted across a wireless connection that has been established using a known wireless protocol (e.g. Bluetooth) are described. An encryption key is exchanged between a computing device (e.g. a mobile device) and a wireless peripheral device (e.g. a keyboard, a printer). In exemplary embodiments, the encryption key is generated at one of the two devices. Data associated with the encryption key is output at the one device, which can be input by the user at the other device. The encryption key is then recovered at the other device from the input, thereby completing the key exchange. The encryption key can then be used to encrypt and decrypt data transmitted over the established wireless connection, providing additional security.

Abstract: Systems and methods for managing data transfers between a secure location and a less secure location. A data transfer checker operating on a mobile device determines whether an attempted data transfer between two locations is permitted. If it is not permitted, then the data transfer is prevented and the user may be notified of the data transfer prevention.

Abstract: A system and method for processing attachments to messages sent to a mobile device is described herein. Embodiments described herein apply to encrypted messages comprising multiple message parts, in which different encryption keys (e.g. session keys) have been used to encrypt the different message parts. In at least one example embodiment, the encrypted session keys for every message content part comprising an attachment is received at the mobile device. In one embodiment, all of the encrypted session keys are stored together in a main message header. The mobile device may then decrypt the encrypted session key associated with a user requested attachment, and transmits the decrypted session key to one or more remote servers in an attachment request for use in decrypting the requested attachment. Data associated with the requested attachment, in decrypted form, is returned to the mobile device.

Abstract: A method and apparatus for providing intelligent error messaging is disclosed wherein a user of a mobile communications device is provided with descriptive error messaging information to assist the user in overcoming errors associated with the processing of electronic messages and data.

Abstract: A wireless communication device (and its related method of operation) includes, if invoked, password protected access to data stored therewithin and/or to normal device operations and further includes duress password checking logic that automatically causes a duress message to be sent if a duress password has been entered. The duress message is preferably sent without maintaining any user accessible indication of such sending. It is also preferred that the password checking logic automatically cause an end-of-duress message to be sent if a normal password is entered after a duress password has been entered. A plurality of different duress passwords may be entered into a duress password portion of data memory in the device.

Abstract: Systems and methods for handling restoration operations for a mobile device. A mobile device receives a kill pill command, wherein the command causes some or all data on the mobile device to be wiped. An indicator is stored to indicate that the kill pill command was sent to the mobile device. The indicator is used to determine whether a program should be wiped from the mobile device.