Abstract: A system and method for retrieving certificates and/or verifying the revocation status of certificates. In one embodiment, when a user opens a digitally signed message, a certificate that is required to verify the digital signature on the message may be automatically retrieved if it is not stored on the user's computing device (e.g. a mobile device), eliminating the need for users to initiate the task manually. Verification of the digital signature may also be automatically performed by the application after the certificate is retrieved. Verification of the revocation status of a certificate may also be automatically performed if it is determined that the time that has elapsed since the status was last updated exceeds a pre-specified limit.

Abstract: A method carried out by a first system for establishing a secure bidirectional communication path between the first system and a second system for an exchange of one or more messages is described. A first key pair having a first public key and a first private key is generated, and a second key pair having a second public key and a second private key is generated. The second public key is generated based upon a shared secret known to the first system and the second system. The second public key and the first public key are sent to the second system. A third public key and a fourth public key generated by the second system are received, wherein the fourth public key is generated based upon the shared secret. A master key is calculated based upon the first private key, the second private key, the third public key and the fourth public key, wherein the master key is configured to be used in encryption of one or more messages.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch. This mismatch resolution is preferably transparent to the user and occurs automatically. The canonical or generic domain and/or user names that are available to the device may be typically controlled by IT policy that is in place on the system for the device.

Abstract: An embodiment relates to a novel apparatus and method for changing modes of notification in an electronic device. An electronic device includes a calendar application and a variety of other applications such as the message reader application or the daily alarm application. The device is configured to use the calendar application to track whether and how the user is notified of the receipt of an electronic. In one embodiment, the user specifically associates a profile behavior to the calendar entry when the calendar entry is first created.

Abstract: A system and method for converting an initial message residing in a mobile computer device, which is capable of wireless access to a computer network, into a processed message. The system includes a menu option module that prompts a user of the mobile computer device to select a processing option for the initial message. When the user selects an encryption option, text is wirelessly sent to at least one server on the computer network for encryption.

Abstract: An embodiment relates to a novel apparatus and method for changing modes of notification in an electronic device. An electronic device includes a calendar application and a variety of other applications such as the message reader application or the daily alarm application. The device is configured to use the calendar application to track whether and how the user is notified of the receipt of an electronic. In one embodiment, the user specifically associates a profile behavior to the calendar entry when the calendar entry is first created.

Abstract: A portable adaptor for using a smart card of a first configuration with a smart card reader of a second configuration. For instance, the adaptor may enable use of a contactless smart card with a contact smart card reader, or vice versa. The adaptor is provided with a casing that is configured to engage a contact smart card or a contactless smart card, and where intended for use with a contact smart card reader is provided with an exterior portion that physically cooperates via a contact pad with a contact smart card reader. The adaptor is provided with an interface passing signals between a smart card of a first configuration and a smart card reader, of a second configuration. For instance, an interface for passing signals between a contact smart card and a contactless smart card reader or vice versa.

Abstract: A method and apparatus for providing intelligent error messaging is disclosed wherein a user of a mobile communications device is provided with descriptive error messaging information to assist the user in overcoming errors associated with the processing of electronic messages and data. For example, when the mobile device is being used to decrypt a cryptographically secured electronic message, and a problem is encountered, program logic of the device provides the user with (1) an indication of exactly what problem is preventing opening of the message, for example, a required cryptographic key is not available; (2) an indication of exactly what may be done to overcome the problem, for example, what utilities should be run on the device; and (3) exactly what data, if any, needs to be downloaded to the device, for example, what cryptographic keys should be downloaded.

Abstract: A portable adapter for using a contact smart card with a contactless smart card reader and a contactless smart card with a contact smart card reader. The adaptor is provided with a casing that is configured to engage a contact smart card or a contactless smart card, and is provided with an exterior portion that physically cooperates via a contact pad with a contact smart card reader. The adapter is provided with an interface passing signals between a contactless smart card and a contact smart card reader, and an interface for passing signals between a contact smart card and a contactless smart card reader.

Abstract: A method and system for providing e-mail messages to a receiving e-mail application. The e-mail messages as sent from a sending e-mail application being secure and in opaque signed format. The opaque signed e-mail messages being converted to clear signed e-mail messages by decoding extracting message content and digital signatures. The clear signed e-mails being sent to a receiving e-mail application.

Abstract: A mobile communications device for the display of an incrementally received message includes a message viewer application for scanning the received portions of the message. On determination that the received portion of the message includes a first displayable portion of the message content, the system signals to a message server to halt the message server from forwarding further portions of the message content. The system provides a mechanism for the user of the mobile communications device to cause the mobile communications device to further signal the message server to recommence the forwarding of further portions of the secure message content to permit the verification of the e-mail based on the further portions of the secure message content.

Abstract: Systems and methods for updating status of digital certificate subkeys. A request is made to a key server to verify if a given key is revoked. If it is not, then the key with its subkeys is acquired from the key server. If one or more subkeys or signatures of the subkeys are different in the acquired key, then the key is replaced.

Abstract: A system and method for processing messages being composed by a user of a computing device (e.g. a mobile device). Embodiments are described in which the performance of certain tasks is initiated before a direction is received from a user to send a message being composed by the user. This may involve, for example, “pre-fetching” security-related data that will be required in order to send a message that is in the process of being composed by the user securely. Such data may include security policy data, certificate data, and/or certificate status data, for example.

Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.

Abstract: A displayed string of emails is effectively compressed for improved readability by deleting some or all headers and/or by skipping the cursor from one message body to another in response to “hot” key actuation(s) by a user.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch. This mismatch resolution is preferably transparent to the user and occurs automatically. The canonical or generic domain and/or user names that are available to the device may be typically controlled by IT policy that is in place on the system for the device.

Abstract: A method and system for authorization of applications executing on a device having a key store. Applications obtain an application-level ticket to permit access to one or more key values located in the key store. Each ticket is securely associated with an application and being generated on the determination that the application is a trusted application. Tickets are potentially associated with one key value in the key store, with a subset of key values in the key store, or with all key values in the key store. Access to key values by an application is possible independently of a user providing a password for each such access.

Abstract: A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

Abstract: A system includes a wireless-enabled smart card reader able to be connected concurrently to at least two devices and a mobile device able to be connected wireles sly to the smart card reader and to control connections of the smart card reader.

Abstract: A method and apparatus for providing intelligent error messaging is disclosed wherein a user of a mobile communications device is provided with descriptive error messaging information to assist the user in overcoming errors associated with the processing of electronic messages and data. For example, when the mobile device is being used to decrypt a cryptographically secured electronic message, and a problem is encountered, program logic of the device provides the user with (1) an indication of exactly what problem is preventing opening of the message, for example, a required cryptographic key is not available; (2) an indication of exactly what may be done to overcome the problem, for example, what utilities should be run on the device; and (3) exactly what data, if any, needs to be downloaded to the device, for example, what cryptographic keys should be downloaded.